All Products
Search
Document Center

Cloud Config:rds-instance-enabled-auditing

Last Updated:Jun 08, 2026

Evaluates whether SQL explorer and audit is enabled for ApsaraDB RDS instances.

Scenarios

Enable this rule to record all DQL, DML, and DDL operations for security auditing and performance diagnostics on your databases.

Risk level

Default risk level: medium.

You can change this level when you apply the rule.

Compliance evaluation logic

  • An ApsaraDB RDS instance is compliant if SQL explorer and audit is enabled.
  • An ApsaraDB RDS instance is non-compliant if SQL explorer and audit is disabled.

Rule details

Item Description
Rule name rds-instance-enabled-auditing
Rule identifier rds-instance-enabled-auditing
Tag RDS, SQLAuditing, and AuditBaseline
Automatic remediation Supported
Trigger type Configuration change
Supported resource type ApsaraDB RDS instance
Input parameter None.