RDS Configuration
When you create a DB instance, the DB instance is associated with the default DB parameter group. Because you cannot modify this group, create a custom parameter group to modify the parameter group. When you change the DB instance parameter group (from default to a custom group), you must reboot the DB instance.
Enable Logging
Create a DB parameter group
- Open the Amazon RDS console, and then choose Parameter groups from the navigation pane.
- Choose Create parameter group.
- From the Parameter group family drop-down list, choose a DB parameter group family.
- For Type, choose DB Parameter Group.
- Enter the name in the Group name field.
- Enter a description in the Description field.
- Choose Create.
Modify the new parameter group
- Open the Amazon RDS console, and then choose Parameter groups that you just created in the previous steps from the navigation pane.
- Choose Edit parameters ( steps for mysql , postgres and aurora are given below separately)
MySql or Aurora-Mysql Database
- Choose the parameter that you want to modify, then choose Edit.
- set the following parameters to these values :
- General_log = 1 (default value is 0 or no logging)
- Similarly set Slow_query_log = 1 (default value is 0 or no logging)
- Long_query_time = 2 (to log queries that run longer than two seconds)
- log_output =TABLE (writes both the general and the slow query logs to a table so you can view these logs with a SQL query)
- Choose Save Changes. Note: You can't modify the parameter settings of a default DB parameter group. You can modify the parameter in a custom DB parameter group if Is Modifiable is set to true.
To test the logging, run the following command to query the log tables:
Select * from mysql.slow_log
Select * from mysql.general_log
Make a user 'vectoredgeRead' and Grant Read Access
- CREATE USER 'vectoredgeRead'@'%' IDENTIFIED BY 'password';
- GRANT SELECT on mysql.role_edges TO 'vectoredgeRead'@'%';
- GRANT SELECT on information_schema.tables TO 'vectoredgeRead'@'%';
- GRANT SELECT on mysql.user TO 'vectoredgeRead'@'%';
- GRANT SELECT on mysql.general_log TO 'vectoredgeRead'@'%';
- GRANT SELECT on mysql.tables_priv TO 'vectoredgeRead'@'%';
- GRANT SELECT on mysql.db TO 'vectoredgeRead'@'%';
Postgres and Aurora-Postgres
Enable query logging on PostreSQL
-
To enable query logging on PostgreSQL, follow these steps:
-
In the Filter parameters field, select the parameters related to logging and change their values as folows:
-
Enter log_statement and change the value to ddl.
- Enter log_min_duration_statement and change the value to 1000. (This value is in milliseconds, so 1000 equals one second).
- Choose Save changes. Note: These parameters are dynamic. If your DB instance already has a custom parameter group, you don't need to reboot the DB instance for these parameters to take effect.
Make a user 'vectoredgeRead' and Grant Read Access
-
CREATE USER vectoredgeRead WITH PASSWORD 'my_password';
-
The following queries need to be run in every individual database:
GRANT Select ON information_schema.tables to vectoredgeRead; GRANT Select ON information_schema.role_table_grants to vectoredgeRead;
-
GRANT Select ON pg_stat_activity to vectoredgeRead;
-
GRANT Select ON pg_user to vectoredgeRead;
-
GRANT Select ON pg_auth_members to vectoredgeRead;
-
GRANT Select ON pg_roles to vectoredgeRead;
Associate the instance with the DB parameter group
- Open the Amazon RDS console, and then choose Databases from the navigation pane.
- Choose the instance that you want to associate with the DB parameter group, and then choose Modify.
- From the Database options section, choose the DB parameter group that you want to associate with the DB instance.
- Choose Continue. Note: The parameter group name changes and applies immediately, but parameter group isn't applied until you manually reboot the instance. There is a momentary outage when you reboot a DB instance, and the instance status displays as rebooting.