RDS Proxy connection logging
For aws rds proxy, when users connect to the proxy and make requests, can we still dig down to which individual user is making requests via the proxy? i.e. user connects to aws rds proxy, makes a request to the db, can we see which user is making which request from the proxy or does it all show up as “this is coming from the proxy”, not per-user?
- 最新
- 投票最多
- 评论最多
have you tried the DB Audit log plugins, that might be the best place to dig into the individual users making the connections to the DB and what specific actions are being performed.
Hi, The RDS proxy logs contain entries with a field called "connection_id" that uniquely identifies the client connection. So by correlating the logs with the timing of requests, you can match specific queries back to the client user who issued them via the proxy. If IAM authentication is configured for the proxy on your env, the IAM user ID will be included in the logs and provide another way to identify the authenticated user behind each query. Also if you are using a database audit plugin or triggers, you may be able to extract client-specific values like IP/principal and record them along with the query.
相关内容
AWS 官方已更新 2 年前
