AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/amazon-rds-monitoring-alerting/audit-trails.md

Summary

Minor editorial updates including rephrasing for clarity, formatting adjustments (removing backticks from non-code terms), link text refinement, and consistency improvements in example descriptions.

Security assessment

Changes involve grammatical improvements and formatting consistency (e.g., changing 'access rights abuses' to 'abuse of access rights', removing backticks from non-code terms like 'configuration change'). No vulnerabilities, exploits, or security incidents are referenced. The audit trail documentation remains focused on existing security features without introducing new security capabilities or addressing specific vulnerabilities.

Diff

diff --git a/prescriptive-guidance/latest/amazon-rds-monitoring-alerting/audit-trails.md b/prescriptive-guidance/latest/amazon-rds-monitoring-alerting/audit-trails.md
index 06845b515..77b3f8e02 100644
--- a//prescriptive-guidance/latest/amazon-rds-monitoring-alerting/audit-trails.md
+++ b//prescriptive-guidance/latest/amazon-rds-monitoring-alerting/audit-trails.md
@@ -11 +11 @@ ExampleAdditional CloudTrail and CloudWatch Logs features
-The audit trail (or audit log) provides a security-relevant, chronological record of events in your AWS account. It includes events for Amazon RDS, which provide documentary evidence of the sequence of activities that have affected your database or your cloud environment. In Amazon RDS for MySQL or MariaDB, using the audit trail involves:
+The audit trail (or audit log) provides a security-relevant chronological record of events in your AWS account. It includes events for Amazon RDS, which provide documentary evidence of the sequence of activities that have affected your database or your cloud environment. In Amazon RDS for MySQL or MariaDB, using the audit trail involves:
@@ -32 +32 @@ For an Amazon RDS DB instance, the objectives of auditing typically include:
-  * Detection of authorization problems; for example, to identify access rights abuses by regular or privileged users
+  * Detection of authorization problems; for example, to identify abuse of access rights by regular or privileged users
@@ -39 +39 @@ The database audit trail tries to answer these typical questions: _Who viewed or
-Both MySQL and MariaDB implement the DB instance audit trail feature by using the MariaDB Audit Plugin. This plugin records database activity such as users logging on to the database and queries running against the database. The record of database activity is stored in a log file. To access the audit log, the DB instance must use a custom option group with the `MARIADB_AUDIT_PLUGIN` option. For more information, see [MariaDB Audit Plugin support for MySQL](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.MySQL.Options.AuditPlugin.html) in the Amazon RDS documentation. The records in the audit log are stored in a specific format, as defined by the plugin. You can find more details about the audit log format in the [MariaDB Server documentation](https://mariadb.com/kb/en/mariadb-audit-plugin-log-format/).
+Both MySQL and MariaDB implement the DB instance audit trail feature by using the MariaDB Audit Plugin. This plugin records database activity such as users logging on to the database and queries running against the database. The record of database activity is stored in a log file. To access the audit log, the DB instance must use a custom option group with the `MARIADB_AUDIT_PLUGIN` option. For more information, see [MariaDB Audit Plugin support](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.MySQL.Options.AuditPlugin.html) for MySQL in the Amazon RDS documentation. The records in the audit log are stored in a specific format, as defined by the plugin. You can find more details about the audit log format in the [MariaDB Server documentation](https://mariadb.com/kb/en/mariadb-audit-plugin-log-format/).
@@ -45 +45 @@ The AWS Cloud audit trail for your AWS account is provided by the [AWS CloudTrai
-In a typical audit scenario, you might need to combine AWS CloudTrail trails with the database audit log and Amazon RDS events monitoring. For example, you might have a scenario where the database parameters of your Amazon RDS DB instance (for example, `database-1`) have been modified and your task is to identify who did the modification, what was changed, and when the change happened.
+In a typical audit scenario, you might need to combine AWS CloudTrail trails with the database audit log and Amazon RDS events monitoring. For example, you might have a scenario where the database parameters of your Amazon RDS DB instance (for example, database-1) have been modified and your task is to identify who did the modification, what was changed, and when the change happened.
@@ -49 +49 @@ To accomplish the task, follow these steps:
-  1. List the Amazon RDS events that happened to the database instance `database-1` and determine whether there is an event in the category `configuration change` that has the message `Finished updating DB parameter group`.
+  1. List the Amazon RDS events that happened to the database instance `database-1` and determine whether there is an event in the category configuration change that has the message `Finished updating DB parameter group`.
@@ -140 +140 @@ To accomplish the task, follow these steps:
-The CloudTrail event reveals that `User1` with role `Role1` from AWS account 111122223333 modified the DB parameter group `mariadb10-6-test`, which was used by the DB instance `database-1` on `2022-12-01 at 09:18:19 h`. Two parameters were modified and set to the following values:
+The CloudTrail event reveals that _User1 with role Role1_ from AWS account 111122223333 modified the DB parameter group `mariadb10-6-test`, which was used by the DB instance `database-1` on _2022-12-01 at 09:18:19 h_. Two parameters were modified and set to the following values:
@@ -153 +153 @@ You can troubleshoot operational and security incidents over the past 90 days by
-To monitor your audit trails, set alarms, and get notifications when specific activity occurs, you need to [configure CloudTrail to send its trail records to CloudWatch Logs](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/monitor-cloudtrail-log-files-with-cloudwatch-logs.html). After the trail records are stored as CloudWatch Logs, you can define metric filters to evaluate log events to match terms, phrases, or values, and assign metrics to metric filters. Furthermore, you can create CloudWatch alarms that are generated according to thresholds and time periods that you specify. For example, you can configure alarms that send notifications to responsible teams, so they can take the appropriate action. You can also configure CloudWatch to automatically perform an action in response to an alarm.
+To monitor your audit trails, set alarms, and get notifications when specific activity occurs, you need to [configure CloudTrail to send its trail records to CloudWatch Logs](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/monitor-cloudtrail-log-files-with-cloudwatch-logs.html). After the trail records are stored as CloudWatch logs, you can define metric filters to evaluate log events to match terms, phrases, or values, and assign metrics to metric filters. Furthermore, you can create CloudWatch alarms that are generated according to thresholds and time periods that you specify. For example, you can configure alarms that send notifications to responsible teams, so they can take the appropriate action. You can also configure CloudWatch to automatically perform an action in response to an alarm.