DocumentDB logs export should be enabled
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | documentdb |
| Provider | AWS |
| Vulnerability Type | omission |
Description#
AWS DocumentDB clusters without log export enabled lack built-in auditing, making it difficult to monitor or track access and configuration changes. The absence of exported audit or profiler logs limits visibility into potentially unauthorized or suspicious activities within the database.
Impact#
Without audit log exports, security incidents or unauthorized actions may go undetected, increasing the risk of data breaches and compliance violations. This lack of traceability can hinder investigations and make it harder to demonstrate security controls during audits.
Resolution#
Enable export logs