Evaluates whether SQL explorer and audit is enabled for ApsaraDB RDS instances.
Scenarios
Enable this rule to record all DQL, DML, and DDL operations for security auditing and performance diagnostics on your databases.
Risk level
Default risk level: medium.
You can change this level when you apply the rule.
Compliance evaluation logic
- An ApsaraDB RDS instance is compliant if SQL explorer and audit is enabled.
- An ApsaraDB RDS instance is non-compliant if SQL explorer and audit is disabled.
Rule details
| Item | Description |
| Rule name | rds-instance-enabled-auditing |
| Rule identifier | rds-instance-enabled-auditing |
| Tag | RDS, SQLAuditing, and AuditBaseline |
| Automatic remediation | Supported |
| Trigger type | Configuration change |
| Supported resource type | ApsaraDB RDS instance |
| Input parameter | None. |