Hey everyone! We've recently set up IAM Authentication for our MySQL Aurora (Serverless v2) instance, but I'm hitting a wall trying to trace successful connection attempts. Currently, the only CloudWatch logs we have access to are the `iam-db-auth-error` logs, which only show failed attempts—great for catching issues, but not what we need for monitoring. I've also checked CloudTrail, but came up empty there too. It's pretty crucial for us to have visibility on who connects to our databases for compliance reasons. Does anyone have ideas, suggestions, or workarounds for tracking these successful connection attempts?
3 Answers
Have you checked out the advanced auditing options? It might provide the insights you’re looking for. You can find more about it in the AWS documentation on auditing for MySQL. It could help enhance your traceability efforts!
Quick question—does Alice have her own IAM role to generate the auth token, or is she using a common one? Knowing this might help in figuring out the traceability issue.
I understand your struggle! Here are a couple of resources that might assist you with monitoring successful IAM authentication connections: 1. [Link to resource 1](https://go.aws/44tOxPx) and 2. [Link to resource 2](https://go.aws/44svMvY). If you need deeper technical support, check out this article on other ways to get help: [Get Help](http://go.aws/get-help).
I appreciate the links! But like I told TechSavvyNerd87, they’ll mostly help if we had personalized logins. If we did have that, wouldn’t we just use the general log to see all the CONNECT activity? Am I right?
Thanks for the suggestion! But I’m not sure it’ll work for us since we don’t have personalized MySQL logins. It seems like it would only log a CONNECT event under a shared username like 'dev'. I was hoping we could directly tie the IAM auth process to those logins. Any idea why successful attempts wouldn’t get logged like failed ones?