Use Amazon CloudWatch as a destination for Amazon Redshift Audit logs

{"value":"[Amazon Redshift](https://aws.amazon.com/redshift/) is a fast, scalable, secure, and fully-managed cloud data warehouse that makes it simple and cost-effective to analyze all of your data using standard SQL. [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) has comprehensive security capabilities to satisfy the most demanding requirements. To help you to monitor the database for security and troubleshooting purposes, [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) logs information about connections and user activities in your database. This process is called database auditing.\n\n[Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) Audit Logging is good for troubleshooting, monitoring, and security purposes, making it possible to determine suspicious queries by checking the connections and user logs to see who is connecting to the database. It gives information, such as the IP address of the user’s computer, the type of authentication used by the user, or the timestamp of the request. Audit logs make it easy to identify who modified the data. [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) logs all of the SQL operations, including connection attempts, queries, and changes to your data warehouse. These logs can be accessed via SQL queries against system tables, saved to a secure [Amazon Simple Storage Service(Amazon S3)](https://aws.amazon.com/s3/) Amazon location, or exported to [Amazon CloudWatch](https://aws.amazon.com/cloudwatch/). You can view your [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) cluster’s operational metrics [on the Amazon Redshift console](https://docs.aws.amazon.com/redshift/latest/mgmt/performance-metrics-console.html) , [use CloudWatch](), and [query Amazon Redshift system tables](https://docs.aws.amazon.com/redshift/latest/mgmt/metrics-listing.html) directly from your cluster.\n\nThis post will walk you through the process of configuring CloudWatch as an audit log destination. It will also show you that the latency of log delivery to either [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) or CloudWatch is reduced to less than a few minutes using enhanced [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) Audit Logging. You can enable audit logging to [Amazon CloudWatch](https://aws.amazon.com/cn/cloudwatch/?trk=cndc-detail) via the [AWS-Console](https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing-console.html) or AWS [CLI & Amazon Redshift API](https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing-cli-api.html).\n\n\n#### **Solution overview**\n\n\n[Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) logs information to two locations-system tables and log files.\n\n1. System tables: [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) logs data to system tables automatically, and history data is available for two to five days based on log usage and available disk space. To extend the log data retention period in system tables, use the [Amazon Redshift system object persistence utility](https://github.com/awslabs/amazon-redshift-utils/tree/master/src/SystemTablePersistence) from AWS Labs on GitHub. Analyzing logs through system tables requires [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) database access and compute resources.\n2. Log files: Audit logging to CloudWatch or to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) is an optional process. When you turn on logging on your cluster, you can choose to export audit logs to [Amazon CloudWatch](https://aws.amazon.com/cn/cloudwatch/?trk=cndc-detail) or [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail). Once logging is enabled, it captures data from the time audit logging is enabled to the present time. Each logging update is a continuation of the previous logging update. Access to audit log files doesn’t require access to the [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) database, and reviewing logs stored in [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) doesn’t require database computing resources. Audit log files are stored indefinitely in CloudWatch logs or [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) by default.\n\n[Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) logs information in the following log files:\n\n- Connection log – Provides information to monitor users connecting to the database and related connection information. This information might be their IP address.\n- User log – Logs information about changes to database user definitions.\n- User activity log – It tracks information about the types of queries that both the users and the system perform in the database. It’s useful primarily for troubleshooting purposes.\n\n\n\n#### **Benefits of enhanced audit logging**\n\n\nFor a better customer experience, the existing architecture of the audit logging solution has been improved to make audit logging more consistent across AWS services. This new enhancement will reduce log export latency from hours to minutes with a fine grain of access control. Enhanced audit logging improves the robustness of the existing delivery mechanism, thus reducing the risk of data loss. Enhanced audit logging will let you export logs either to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) or to CloudWatch.\n\nThe following section will show you how to configure audit logging using CloudWatch and its benefits.\n\n\n#### **Setting up CloudWatch as a log destination**\n\n\nUsing CloudWatch to view logs is a recommended alternative to storing log files in [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail). It’s simple to configure and it may suit your monitoring requirements, especially if you use it already to monitor other services and application.\n\nTo set up a CloudWatch as your log destination, complete the following steps:\n\n1. On the [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) console, choose Clusters in the navigation pane.\n This page lists the clusters in your account in the current Region. A subset of properties of each cluster is also displayed.\n2. Choose **cluster where you want to configure CloudWatch logs**.\n\n\n\n\n3. Select properties to edit audit logging.\n\n\n\n4. Choose Turn on configure audit logging, and CloudWatch under log export type.\n\n\n\n5. Select save changes.\n\n\n#### **Analyzing audit log in near real-time**\n\nTo run SQL commands, we use [redshift-query-editor-v2](https://aws.amazon.com/blogs/aws/amazon-redshift-query-editor-v2-web-query-authoring) , a web-based tool that you can use to explore, analyze, share, and collaborate on data stored on [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail). However, you can use any client tools of your choice to run SQL queries.\n\nNow we’ll run some simple SQLs and analyze the logs in CloudWatch in near real-time.\n\n1. Run test SQLs to create and drop user.\n\n\n\n2. On the AWS Console, choose CloudWatch under services, and then select Log groups from the right panel.\n\n\n\n3. Select the userlog – user logs created in near real-time in CloudWatch for the test user that we just created and dropped earlier.\n\n\n\n\n#### **Benefits of using CloudWatch as a log destination**\n\n\n- It’s easy to configure, as it doesn’t require you to modify bucket policies.\n- It’s easy to view logs and search through logs for specific errors, patterns, fields, etc.\n- You can have a centralized log solution across all AWS services.\n- No need to build a custom solution such as [AWS Lambda](https://aws.amazon.com/lambda/) or [Amazon Athena](https://aws.amazon.com/athena/) to analyze the logs.\n- Logs will appear in near real-time.\n- It has improved log latency from hours to just minutes.\n- By default, log groups are encrypted in CloudWatch and you also have the option to use your own custom key.\n- Fine-granular configuration of what log types to export based on your specific auditing requirements.\n- It lets you export log groups’ logs to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) if needed.\n\n\n#### **Setting up [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) as a log destination**\n\n\nAlthough using CloudWatch as a log destination is the recommended approach, you also have the option to use [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) as a log destination. When the log destination is set up to an Amzon S3 location, enhanced audit logging logs will be checked every 15 minutes and will be exported to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail). You can configure audit logging on [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) as a log destination from the console or through the AWS CLI.\n\n\n\nOnce you save the changes, the Bucket policy will be set as the following using the [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) service principal.\n\n\n\nFor additional details please refer to Amazon [Redshift audit logging](https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging).\n\nFor enabling logging through AWS CLI – [db-auditing-cli-api](https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing-cli-api.html).\n\n\n#### **Cost**\n\n\nExporting logs into [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) can be more cost-efficient, though considering all of the benefits which CloudWatch provides regarding search, real-time access to data, building dashboards from search results, etc., it can better suit those who perform log analysis.\n\nFor further details, refer to the following:\n\n- [https://aws.amazon.com/s3/pricing](https://aws.amazon.com/s3/pricing)\n- [https://aws.amazon.com/cloudwatch/pricing/](https://aws.amazon.com/cloudwatch/pricing/)\n\n\n#### **Best practices**\n\n\n[Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) uses the AWS security frameworks to implement industry-leading security in the areas of authentication, access control, auditing, logging, compliance, data protection, and network security. For more information, refer to [Security in Amazon Redshift](https://docs.aws.amazon.com/redshift/latest/mgmt/iam-redshift-user-mgmt.html).\n\nAudit logging to CloudWatch or to [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) is an optional process, but to have the complete picture of your [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) usage, we always recommend enabling audit logging, particularly in cases where there are compliance requirements.\n\nLog data is stored indefinitely in CloudWatch Logs or [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) by default. This may incur high, unexpected costs. We recommend that you configure how long to store log data in a log group or [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) to balance costs with compliance retention requirements. Apply the right compression to reduce the log file size.\n\n\n#### **Conclusion**\n\n\nThis post demonstrated how to get near real-time [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) logs using CloudWatch as a log destination using enhanced audit logging. This new functionality helps make [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) Audit logging easier than ever, without the need to implement a custom solution to analyze logs. We also demonstrated how the new enhanced audit logging reduces log latency significantly on [Amazon S3](https://aws.amazon.com/cn/s3/?trk=cndc-detail) with fine-grained access control compared to the previous version of audit logging.\n\nUnauthorized access is a serious problem for most systems. As an administrator, you can start exporting logs to prevent any future occurrence of things such as system failures, outages, corruption of information, and other security risks.\n\n\n#### **About the Authors**\n\n\n\n\n\n**Nita Shah** is an Analytics Specialist Solutions Architect at AWS based out of New York. She has been building data warehouse solutions for over 20 years and specializes in [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail). She is focused on helping customers design and build enterprise-scale well-architected analytics and decision support platforms.\n\n\n\n**Evgenii Rublev** is a Software Development Engineer on the [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) team. He has worked on building end-to-end applications for over 10 years. He is passionate about innovations in building high-availability and high-performance applications to drive a better customer experience. Outside of work, Evgenii enjoys spending time with his family, traveling, and reading books.\n\n\n\n**Yanzhu Ji** is a Product manager on the [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) team. She worked on [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) team as a Software Engineer before becoming a Product Manager, she has rich experience of how the customer facing [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) features are built from planning to launching, and always treat customers’ requirements as first priority. In personal life, Yanzhu likes painting, photography and playing tennis.\n\n\n\n**Ryan Liddle** is a Software Development Engineer on the [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) team. His current focus is on delivering new features and behind the scenes improvements to best service [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) customers. On the weekend he enjoys reading, exploring new running trails and discovering local restaurants.","render":"<p><a href=\\"https://aws.amazon.com/redshift/\\" target=\\"_blank\\">Amazon Redshift</a> is a fast, scalable, secure, and fully-managed cloud data warehouse that makes it simple and cost-effective to analyze all of your data using standard SQL. [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) has comprehensive security capabilities to satisfy the most demanding requirements. To help you to monitor the database for security and troubleshooting purposes, [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) logs information about connections and user activities in your database. This process is called database auditing.</p>\\n<p>Amazon Redshift Audit Logging is good for troubleshooting, monitoring, and security purposes, making it possible to determine suspicious queries by checking the connections and user logs to see who is connecting to the database. It gives information, such as the IP address of the user’s computer, the type of authentication used by the user, or the timestamp of the request. Audit logs make it easy to identify who modified the data. Amazon Redshift logs all of the SQL operations, including connection attempts, queries, and changes to your data warehouse. These logs can be accessed via SQL queries against system tables, saved to a secure <a href=\\"https://aws.amazon.com/s3/\\" target=\\"_blank\\">Amazon Simple Storage Service(Amazon S3)</a> Amazon location, or exported to <a href=\\"https://aws.amazon.com/cloudwatch/\\" target=\\"_blank\\">Amazon CloudWatch</a>. You can view your [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) cluster’s operational metrics <a href=\\"https://docs.aws.amazon.com/redshift/latest/mgmt/performance-metrics-console.html\\" target=\\"_blank\\">on the Amazon Redshift console</a> , <a href=\\"\\" target=\\"_blank\\">use CloudWatch</a>, and <a href=\\"https://docs.aws.amazon.com/redshift/latest/mgmt/metrics-listing.html\\" target=\\"_blank\\">query Amazon Redshift system tables</a> directly from your cluster.</p>\\n<p>This post will walk you through the process of configuring CloudWatch as an audit log destination. It will also show you that the latency of log delivery to either Amazon S3 or CloudWatch is reduced to less than a few minutes using enhanced Amazon Redshift Audit Logging. You can enable audit logging to Amazon CloudWatch via the <a href=\\"https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing-console.html\\" target=\\"_blank\\">AWS-Console</a> or AWS <a href=\\"https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing-cli-api.html\\" target=\\"_blank\\">CLI &amp; Amazon Redshift API</a>.</p>\\n<h4><a id=\\"Solution_overview_7\\"></a><strong>Solution overview</strong></h4>\\n<p>Amazon Redshift logs information to two locations-system tables and log files.</p>\n<ol>\\n<li>System tables: Amazon Redshift logs data to system tables automatically, and history data is available for two to five days based on log usage and available disk space. To extend the log data retention period in system tables, use the <a href=\\"https://github.com/awslabs/amazon-redshift-utils/tree/master/src/SystemTablePersistence\\" target=\\"_blank\\">Amazon Redshift system object persistence utility</a> from AWS Labs on GitHub. Analyzing logs through system tables requires [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) database access and compute resources.</li>\\n<li>Log files: Audit logging to CloudWatch or to Amazon S3 is an optional process. When you turn on logging on your cluster, you can choose to export audit logs to Amazon CloudWatch or Amazon S3. Once logging is enabled, it captures data from the time audit logging is enabled to the present time. Each logging update is a continuation of the previous logging update. Access to audit log files doesn’t require access to the Amazon Redshift database, and reviewing logs stored in Amazon S3 doesn’t require database computing resources. Audit log files are stored indefinitely in CloudWatch logs or Amazon S3 by default.</li>\n</ol>\\n<p>Amazon Redshift logs information in the following log files:</p>\n<ul>\\n<li>Connection log – Provides information to monitor users connecting to the database and related connection information. This information might be their IP address.</li>\n<li>User log – Logs information about changes to database user definitions.</li>\n<li>User activity log – It tracks information about the types of queries that both the users and the system perform in the database. It’s useful primarily for troubleshooting purposes.</li>\n</ul>\\n<h4><a id=\\"Benefits_of_enhanced_audit_logging_23\\"></a><strong>Benefits of enhanced audit logging</strong></h4>\\n<p>For a better customer experience, the existing architecture of the audit logging solution has been improved to make audit logging more consistent across AWS services. This new enhancement will reduce log export latency from hours to minutes with a fine grain of access control. Enhanced audit logging improves the robustness of the existing delivery mechanism, thus reducing the risk of data loss. Enhanced audit logging will let you export logs either to Amazon S3 or to CloudWatch.</p>\n<p>The following section will show you how to configure audit logging using CloudWatch and its benefits.</p>\n<h4><a id=\\"Setting_up_CloudWatch_as_a_log_destination_31\\"></a><strong>Setting up CloudWatch as a log destination</strong></h4>\\n<p>Using CloudWatch to view logs is a recommended alternative to storing log files in Amazon S3. It’s simple to configure and it may suit your monitoring requirements, especially if you use it already to monitor other services and application.</p>\n<p>To set up a CloudWatch as your log destination, complete the following steps:</p>\n<ol>\\n<li>On the Amazon Redshift console, choose Clusters in the navigation pane.<br />\\nThis page lists the clusters in your account in the current Region. A subset of properties of each cluster is also displayed.</li>\n<li>Choose <strong>cluster where you want to configure CloudWatch logs</strong>.</li>\\n</ol>\n<p><img src=\\"https://dev-media.amazoncloud.cn/0fa976ab5ac649f6a4d5524991d0a05b_image.png\\" alt=\\"image.png\\" /></p>\n<ol start=\\"3\\">\\n<li>Select properties to edit audit logging.</li>\n</ol>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/61db9f2dbde747d0b6bd650abc8dd886_image.png\\" alt=\\"image.png\\" /></p>\n<ol start=\\"4\\">\\n<li>Choose Turn on configure audit logging, and CloudWatch under log export type.</li>\n</ol>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/1adb509282f34a48bbab9381fd635236_image.png\\" alt=\\"image.png\\" /></p>\n<ol start=\\"5\\">\\n<li>Select save changes.</li>\n</ol>\\n<h4><a id=\\"Analyzing_audit_log_in_near_realtime_56\\"></a><strong>Analyzing audit log in near real-time</strong></h4>\\n<p>To run SQL commands, we use <a href=\\"https://aws.amazon.com/blogs/aws/amazon-redshift-query-editor-v2-web-query-authoring\\" target=\\"_blank\\">redshift-query-editor-v2</a> , a web-based tool that you can use to explore, analyze, share, and collaborate on data stored on [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail). However, you can use any client tools of your choice to run SQL queries.</p>\\n<p>Now we’ll run some simple SQLs and analyze the logs in CloudWatch in near real-time.</p>\n<ol>\\n<li>Run test SQLs to create and drop user.</li>\n</ol>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/32297d165ea74c9c98b11f21928a9f87_image.png\\" alt=\\"image.png\\" /></p>\n<ol start=\\"2\\">\\n<li>On the AWS Console, choose CloudWatch under services, and then select Log groups from the right panel.</li>\n</ol>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/00b418add6ca4d08969c44d2983a50bf_image.png\\" alt=\\"image.png\\" /></p>\n<ol start=\\"3\\">\\n<li>Select the userlog – user logs created in near real-time in CloudWatch for the test user that we just created and dropped earlier.</li>\n</ol>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/5f81d53f8f954e05a7ce418dc4289c8c_image.png\\" alt=\\"image.png\\" /></p>\n<h4><a id=\\"Benefits_of_using_CloudWatch_as_a_log_destination_75\\"></a><strong>Benefits of using CloudWatch as a log destination</strong></h4>\\n<ul>\\n<li>It’s easy to configure, as it doesn’t require you to modify bucket policies.</li>\n<li>It’s easy to view logs and search through logs for specific errors, patterns, fields, etc.</li>\n<li>You can have a centralized log solution across all AWS services.</li>\n<li>No need to build a custom solution such as <a href=\\"https://aws.amazon.com/lambda/\\" target=\\"_blank\\">AWS Lambda</a> or <a href=\\"https://aws.amazon.com/athena/\\" target=\\"_blank\\">Amazon Athena</a> to analyze the logs.</li>\\n<li>Logs will appear in near real-time.</li>\n<li>It has improved log latency from hours to just minutes.</li>\n<li>By default, log groups are encrypted in CloudWatch and you also have the option to use your own custom key.</li>\n<li>Fine-granular configuration of what log types to export based on your specific auditing requirements.</li>\n<li>It lets you export log groups’ logs to Amazon S3 if needed.</li>\n</ul>\\n<h4><a id=\\"Setting_up_Amazon_S3_as_a_log_destination_89\\"></a><strong>Setting up Amazon S3 as a log destination</strong></h4>\\n<p>Although using CloudWatch as a log destination is the recommended approach, you also have the option to use Amazon S3 as a log destination. When the log destination is set up to an Amzon S3 location, enhanced audit logging logs will be checked every 15 minutes and will be exported to Amazon S3. You can configure audit logging on Amazon S3 as a log destination from the console or through the AWS CLI.</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/b4e2eda142754f888dd9204368e77cf0_image.png\\" alt=\\"image.png\\" /></p>\n<p>Once you save the changes, the Bucket policy will be set as the following using the Amazon Redshift service principal.</p>\n<p><img src=\\"https://dev-media.amazoncloud.cn/caadd7c159694dd2ba35b3c0a2034e5a_image.png\\" alt=\\"image.png\\" /></p>\n<p>For additional details please refer to Amazon <a href=\\"https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging\\" target=\\"_blank\\">Redshift audit logging</a>.</p>\\n<p>For enabling logging through AWS CLI – <a href=\\"https://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing-cli-api.html\\" target=\\"_blank\\">db-auditing-cli-api</a>.</p>\\n<h4><a id=\\"Cost_105\\"></a><strong>Cost</strong></h4>\\n<p>Exporting logs into Amazon S3 can be more cost-efficient, though considering all of the benefits which CloudWatch provides regarding search, real-time access to data, building dashboards from search results, etc., it can better suit those who perform log analysis.</p>\n<p>For further details, refer to the following:</p>\n<ul>\\n<li><a href=\\"https://aws.amazon.com/s3/pricing\\" target=\\"_blank\\">https://aws.amazon.com/s3/pricing</a></li>\\n<li><a href=\\"https://aws.amazon.com/cloudwatch/pricing/\\" target=\\"_blank\\">https://aws.amazon.com/cloudwatch/pricing/</a></li>\\n</ul>\n<h4><a id=\\"Best_practices_116\\"></a><strong>Best practices</strong></h4>\\n<p>Amazon Redshift uses the AWS security frameworks to implement industry-leading security in the areas of authentication, access control, auditing, logging, compliance, data protection, and network security. For more information, refer to <a href=\\"https://docs.aws.amazon.com/redshift/latest/mgmt/iam-redshift-user-mgmt.html\\" target=\\"_blank\\">Security in Amazon Redshift</a>.</p>\\n<p>Audit logging to CloudWatch or to Amazon S3 is an optional process, but to have the complete picture of your Amazon Redshift usage, we always recommend enabling audit logging, particularly in cases where there are compliance requirements.</p>\n<p>Log data is stored indefinitely in CloudWatch Logs or Amazon S3 by default. This may incur high, unexpected costs. We recommend that you configure how long to store log data in a log group or Amazon S3 to balance costs with compliance retention requirements. Apply the right compression to reduce the log file size.</p>\n<h4><a id=\\"Conclusion_126\\"></a><strong>Conclusion</strong></h4>\\n<p>This post demonstrated how to get near real-time Amazon Redshift logs using CloudWatch as a log destination using enhanced audit logging. This new functionality helps make Amazon Redshift Audit logging easier than ever, without the need to implement a custom solution to analyze logs. We also demonstrated how the new enhanced audit logging reduces log latency significantly on Amazon S3 with fine-grained access control compared to the previous version of audit logging.</p>\n<p>Unauthorized access is a serious problem for most systems. As an administrator, you can start exporting logs to prevent any future occurrence of things such as system failures, outages, corruption of information, and other security risks.</p>\n<h4><a id=\\"About_the_Authors_134\\"></a><strong>About the Authors</strong></h4>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/536690c5595a422a8a5d90ceb5561182_image.png\\" alt=\\"image.png\\" /></p>\n<p><strong>Nita Shah</strong> is an Analytics Specialist Solutions Architect at AWS based out of New York. She has been building data warehouse solutions for over 20 years and specializes in [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail). She is focused on helping customers design and build enterprise-scale well-architected analytics and decision support platforms.</p>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/19a21a47b0ea4271a4f5956f0daf9148_image.png\\" alt=\\"image.png\\" /></p>\n<p><strong>Evgenii Rublev</strong> is a Software Development Engineer on the [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) team. He has worked on building end-to-end applications for over 10 years. He is passionate about innovations in building high-availability and high-performance applications to drive a better customer experience. Outside of work, Evgenii enjoys spending time with his family, traveling, and reading books.</p>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/ad4ada4528dc4d84b925fbd4f037a9e6_image.png\\" alt=\\"image.png\\" /></p>\n<p><strong>Yanzhu Ji</strong> is a Product manager on the [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) team. She worked on [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) team as a Software Engineer before becoming a Product Manager, she has rich experience of how the customer facing [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) features are built from planning to launching, and always treat customers’ requirements as first priority. In personal life, Yanzhu likes painting, photography and playing tennis.</p>\\n<p><img src=\\"https://dev-media.amazoncloud.cn/cbb1e5f2069c4d279f4a9a013257b287_image.png\\" alt=\\"image.png\\" /></p>\n<p><strong>Ryan Liddle</strong> is a Software Development Engineer on the [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) team. His current focus is on delivering new features and behind the scenes improvements to best service [Amazon Redshift](https://aws.amazon.com/cn/redshift/?trk=cndc-detail) customers. On the weekend he enjoys reading, exploring new running trails and discovering local restaurants.</p>\n"}