Supported databases How RDS Protection uses RDS login activity monitoring

GuardDuty RDS Protection

RDS Protection in Amazon GuardDuty analyzes and profiles RDS login activity for potential access threats to your Amazon Aurora databases (Amazon Aurora MySQL-Compatible Edition and Aurora PostgreSQL-Compatible Edition) and Amazon RDS for PostgreSQL. This feature allows you to identify potentially suspicious login behavior. RDS Protection doesn't require additional infrastructure; it is designed so as not to affect the performance of your database instances.

When RDS Protection detects a potentially suspicious or anomalous login attempt that indicates a threat to your database, GuardDuty generates a new finding with details about the potentially compromised database.

You can enable or disable the RDS Protection feature for any account in any AWS Region where this feature is available within Amazon GuardDuty, at any time. An existing GuardDuty account can enable RDS Protection with a 30-day trial period. For a new GuardDuty account, RDS Protection is already enabled and included in the 30-day free trial period. For more information, see Estimating usage cost.

Note

When the RDS Protection feature is not enabled, GuardDuty neither collects your RDS login activity, nor detects anomalous or suspicious login behavior.

For information about the AWS Regions where GuardDuty doesn't yet support RDS Protection, see Region-specific feature availability.

Supported Amazon Aurora and Amazon RDS databases

The following table shows the supported Aurora and Amazon RDS database versions.

Amazon Aurora and Amazon RDS DB engine	Supported engine versions
Aurora MySQL	2.10.2 or later 3.02.1 or later
Aurora PostgreSQL	10.17 or later 11.12 or later 12.7 or later 13.3 or later 14.3 or later 15.2 or later 16.1 or later
RDS for PostgreSQL	14.5 or later 13.8 or later 12.12 or later 11.17 or later 10.22 or later RDS for PostgreSQL version 15 RDS for PostgreSQL version 16

How RDS Protection uses RDS login activity monitoring

RDS Protection in Amazon GuardDuty helps you protect the supported Amazon Aurora (Aurora) and RDS for PostgreSQL databases in your account. After you enable the RDS Protection feature, GuardDuty immediately starts monitoring RDS login activity from Aurora databases and Amazon RDS in your account. GuardDuty continuously monitors and profiles RDS login activity for suspicious activity, for example, unauthorized access to Aurora database in your account, from a previously unseen external actor. When you enable RDS Protection for the first time or you have a newly created database instance, a learning period is required to baseline normal behavior. For this reason, newly enabled or newly created database instances may not have an associated anomalous login finding for up to two weeks of time. For more information, see RDS login activity monitoring.

When RDS Protection detects a potential threat, such as an unusual pattern in a series of successful, failed, or incomplete login attempts, GuardDuty generates a new finding with details about the potentially compromised database instance. For more information, see RDS Protection finding types. If you disable RDS Protection, GuardDuty immediately stops monitoring RDS login activity and is unable to detect any potential threat to your supported database instances.

Note

GuardDuty doesn't manage your Supported databases or RDS login activity, or make RDS login activity available to you.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Quotas in Malware Protection for S3

Feature