Posted On: Feb 15, 2023
Database Activity Streams (DAS) now supports Amazon RDS for SQL Server to provide a near real-time stream of database activities for auditing and compliance purposes. You can integrate DAS with your monitoring tools in order to monitor and set alarms for auditing the database activity. You can also connect Amazon Kinesis Data Stream to Amazon Kinesis Data Firehose to save stream logs in a user readable format to S3 . You can enable DAS with only a few clicks in the AWS Console to provide safeguards for your databases and help you meet compliance and regulatory requirements.
To get started, your Database Administrator specifies the audit policies on a server or a database using the provided DAS objects. Then your Security Administrator starts DAS on your Amazon RDS for SQL Server database instance and provides an AWS Key Management Service (KMS) key for encryption. The collection, transmission, storage and processing of database activity is managed outside your database, providing access control independent of your database users and admins. Your database activity is encrypted and then asynchronously sent to an Amazon Kinesis data stream provisioned on behalf of your Amazon RDS for SQL Server DB instance. You can use AWS Identity and Access Management (IAM) to enable, disable, and modify DAS permissions in order to achieve separation of duties between security administrators and DBAs.
You can learn more about Amazon RDS Database Activity Streams for SQL Server in this database blog. To use DAS, you need to pay for Amazon Kinesis Data Streams and Amazon KMS. Pricing for Amazon Kinesis Data Streams is available here. Pricing for Amazon KMS is available here.
Amazon RDS makes it easy to set up, operate, and scale SQL Server deployments in the cloud. See Amazon RDS for SQL Server Pricing for up-to-date pricing of instances, storage, data transfer and regional availability.