How can I enable logs on an Aurora Serverless cluster so I can view and download the logs?

Last updated: 2021-03-10

I want to audit database activity to meet compliance requirements for my Amazon Aurora Serverless V1 clusters that run MySQL or PostgreSQL. Then I want to publish the logs to Amazon CloudWatch to view or download them. How can I do that?

Short description

For MySQL-compatible DB clusters, you can enable the slow query log, general log, or audit logs. For PostgreSQL-compatible DB clusters, you can control the level of logging by using the log_statements parameter.

By design, Aurora Serverless V1 connects to a proxy fleet of DB instances that scales automatically. There isn't a direct DB instance to access and host the log files. This means that you can't view the logs directly from the Amazon Relational Database Service (Amazon RDS) console. However, you can view and download logs that are sent to the CloudWatch console.

To enable Advanced Auditing, see How can I enable advanced auditing for my Amazon Aurora MySQL DB cluster and then publish the logs to CloudWatch?

Resolution

To enable logs, first modify the cluster parameter groups for an Aurora Serverless V1 cluster. Aurora Serverless V1 then automatically uploads the logs to CloudWatch. For MySQL-compatible DB clusters, use an Aurora MySQL 5.6/5.7 cluster parameter group family based on your cluster version. For PostgreSQL-compatible DB clusters, use an Aurora PostgreSQL 10 cluster parameter group family.

Enabling the logging for Aurora Serverless V1

  1. Create a custom DB cluster parameter group.
  2. Modify the DB cluster parameter group values. For MySQL-compatible clusters, the error log is enabled by default. To enable the slow query and general logs, modify the following parameters:
    general_log=1
    slow_query_log=1
    For PostgreSQL-compatible clusters, log_statement parameter controls which SQL statements are logged, and the default value is none. Modify the following parameter to log the query and error logs:
    log_statements=all
    Tip: It's a best practice to set log_statements to all to log all statements when you debug issues in your DB instance. To log all data definition language (DDL) statements (such as CREATE, ALTER, and DROP), set the parameter value to ddl. To log all DDL and data modification language (DML) statements (such as INSERT, UPDATE, and DELETE), set the parameter value to mod.
  3. Modify your DB cluster to use the custom DB parameter group that you created in step 2.

After you modify your DB cluster, Aurora Serverless V1 attempts to perform an automatic seamless scale to apply the parameter changes.

Note: Aurora Serverless V1 uses the ForceApplyCapacityChange timeout action when applying this change. This means that that if your Aurora Serverless V1 DB cluster can't find a scaling point before timing out, connections might be dropped.

Viewing the logs in CloudWatch

Because Aurora Serverless V1 automatically publishes these logs to CloudWatch, you can view and download the logs and view in the CloudWatch console:

  1. Open the CloudWatch console.
  2. Choose Log groups from the navigation pane.
  3. Select the appropriate log group from the list.

For more information, see Monitoring log events in Amazon CloudWatch.