Description: 

Amazon Relational Database Service (Amazon RDS) is a web service that makes it easier to set up, operate, and scale a relational database in the AWS Cloud. It provides cost-efficient, resizable capacity for an industry-standard relational database and manages common database administration tasks. Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information. Encryption f RDS instances becomes very crucial as part of overall security posture.


Rationale: 

It is recommended that your RDS instance  is integrated with CloudWatch Logs in order to identify potential leak or misuse of sensitive data and security threats.


Remediation:

Amazon CloudWatch Events and Amazon EventBridge both enable you to automate AWS services and respond to system events such as application availability issues or resource changes. Events from AWS services are delivered to CloudWatch Events and EventBridge nearly in real time. You can write simple rules to indicate which events interest you and what automated actions to take when an event matches a rule. 


To create a rule that triggers on an event:

  1. Open the CloudWatch console at https://console.aws.amazon.com/cloudwatch/
  2. Under Events in the navigation pane, choose Rules.
  3. Choose Create rule.
  4. For Event Source, do the following:
    1. Choose Event Pattern.
    2. For Service Name, choose Relational Database Service (RDS).
    3. For Event Type, choose the type of Amazon RDS resource that triggers the event. For example, if a DB instance triggers the event, choose RDS DB Instance Event.
  5. For Targets, choose Add Target, then choose the CloudWatch log group.
  6. For Log Group, enter a name for the log group to store the events.
  7. Choose Configure details. For Rule definition, type a name and description for the rule.
  8. Choose Create rule.


References: 

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Welcome.html 

https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Monitoring.html