Hi there,
I received the following email about my redshift cluster:
We are reaching out to inform you your Amazon Redshift cluster(s) may have been affected by an issue caused by a change introduced on October 13, 2021, where your password and/or your Secret_Access_Key may have been inadvertently written in plain text to your cluster's audit logs (stl_user_activity_log). We do not have any indication that these credentials have been accessed. We applied a patch on January 19, 2022, to fix the issue for all clusters in all AWS regions.
As a cautionary measure, we recommend that you:
(1) Review any access to your cluster(s) in your audit log files from October 13, 2021 through January 19, 2022, such as those by authorized applications, to ensure your access credentials and passwords were not accessed;
(2) Immediately change your cluster's password and/or generate a new Secret_Access_Key for use with COPY and UNLOAD commands for moving files between Amazon S3 and Amazon Redshift; and
(3) Scan and sanitize your audit log files, that were created between October 13, 2021 through January 19, 2022, both dates inclusive, to remove any occurrences of clear text passwords and security keys in them.
However, looking on my cluster I can't see a stl_user_activity_log
Select * from stl_user_activity_log;
SQL Error [42P01]: ERROR: relation "pg_catalog.stl_user_activity_log" does not exist
Was this email pointing out the wrong audit logs? or should I not be looking for these audit logs on the table? we have s3 audit logging enabled, but browsing through those I don't see anything either.
I have the same question.