how can i enable Database active monitoring (DAM) on RDS postgresql


Hi All, i have multiple databases setup in my RDS(i.e postgresql) i have a requirement that i have to implement database active monitoring for my this databases , need some help on how can i implement it?

following kind of alerts we want from DAM,

a) Unauthorised database configuration changes; b) Unauthorised database account and access rights creation and changes; c) More than 5 consecutive failed connection attempts to the database; d) More than 5 consecutive occurrence of query errors from same source; e) Unauthorised database schema modifications; f) Queries of database schemas; g) Suspcious queries (e.g. Unauthorised source used to query database, New query statements, Specific records being accessed, Unexpected large dataset accsessed); h) Queries with multiple embedded queries; and i) Execution of operating system commands.

any kind of help will be appreciated, if anyother opensource or paid tool suggstion is there please feel free to recommend

1 Answer

Implementing database activity monitoring (DAM) for your RDS PostgreSQL databases can help you detect and respond to unauthorized or suspicious activities. Here's how you can implement DAM and address the specific alerts you mentioned:

1)Enable RDS Enhanced Monitoring:
    Amazon RDS offers Enhanced Monitoring, which provides detailed insights into the health of your RDS instances. It collects metrics in real-time and stores them in Amazon CloudWatch.
    You can enable Enhanced Monitoring for your RDS instances, which will help you monitor database activity and performance.

2) Utilize AWS CloudTrail: AWS CloudTrail logs API calls made on your AWS account, including calls made to RDS. Enable AWS CloudTrail for your AWS account and configure it to log RDS API calls. Set up CloudTrail alerts for specific events related to database configuration changes, account creations/changes, and unauthorized activities.

  1. Implement Database Auditing: PostgreSQL supports auditing functionalities that allow you to track and log database activity. Configure PostgreSQL to log relevant events such as schema modifications, query executions, and access attempts. You can set up audit triggers or use extensions like pgAudit to capture detailed audit logs.

  2. Use Third-party Database Security Solutions: Consider using third-party DAM solutions specifically designed for PostgreSQL databases. These solutions provide advanced features for monitoring, auditing, and alerting on database activities. Examples of such solutions include IBM Guardium, Imperva SecureSphere, and Trustwave DbProtect.

  3. Custom Monitoring Scripts: Develop custom scripts or utilities to monitor specific activities that are not covered by built-in or third-party solutions. For example, you can write scripts to parse PostgreSQL logs and detect suspicious patterns such as consecutive query errors or unauthorized schema modifications. Use scripting languages like Python or Bash to automate these monitoring tasks.

  4. Set Up Alerts and Notifications: Configure alerts and notifications based on the specific criteria you mentioned. Use CloudWatch alarms for monitoring metrics collected by Enhanced Monitoring. Set up alerts in CloudTrail for detecting unauthorized activities and configuration changes. Integrate with email/SMS notifications or incident response systems for timely alerts.

  5. Regularly Review and Analyze Logs: Establish a process for regularly reviewing and analyzing audit logs and monitoring alerts. Investigate any suspicious activities or security incidents promptly. Adjust alert thresholds and monitoring configurations based on analysis and feedback to optimize detection accuracy.

By combining these approaches, you can implement effective DAM for your RDS PostgreSQL databases and enhance your security posture by monitoring and responding to unauthorized or suspicious activities effectively.

profile picture
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions