`AWSConfigRemediation-EnableRedshiftClusterAuditLogging`

Description

The AWSConfigRemediation-EnableRedshiftClusterAuditLogging runbook enables audit logging for the Amazon Redshift cluster you specify.

Document type

Automation

Owner

Amazon

Platforms

Databases

Parameters

AutomationAssumeRole

Type: String

Description: (Required) The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf.
BucketName

Type: String

Description: (Required) The name of the Amazon Simple Storage Service (Amazon S3) bucket you want to upload logs to.
ClusterIdentifier

Type: String

Description: (Required) The unique identifier of the cluster you want to enable audit logging on.
S3KeyPrefix

Type: String

Description: (Optional) The Amazon S3 key prefix (subfolder) you want to upload logs to.

Required IAM permissions

The AutomationAssumeRole parameter requires the following actions to use the runbook successfully.

Document Steps

aws:branch - Branches based on whether a value was specified for the S3KeyPrefix parameter.
aws:executeAwsApi - Enables audit logging on the cluster specified in the ClusterIdentifier parameter.
aws:assertAwsResourceProperty - Verifies audit logging was enabled on the cluster.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

AWSConfigRemediation-DisablePublicAccessToRedshiftCluster

AWSConfigRemediation-EnableRedshiftClusterAutomatedSnapshot