Terraform User Activity Logging Disabled
Description
Detects when AWS Redshift parameter groups have user activity logging disabled. This security misconfiguration reduces audit capabilities and makes it harder to track who is accessing or modifying the database, which is critical for security monitoring and compliance.
Detection Strategy
• Identifies AWS Redshift parameter group resources in Terraform configurations
• Checks if the parameter group has the user activity logging feature explicitly disabled
• Reports a vulnerability when user activity logging is turned off, as this reduces security visibility
Vulnerable code example
resource "aws_redshift_parameter_group" "vulnerable" {
name = "redshift-param-group"
family = "redshift-1.0"
parameter {
name = "enable_user_activity_logging" # Vulnerable: explicitly disables audit logging
value = "false"
}...✅ Secure code example
resource "aws_redshift_parameter_group" "secure" {
name = "redshift-param-group"
family = "redshift-1.0"
parameter {
name = "enable_user_activity_logging" # Enable logging for security audit and compliance
value = "true"
}...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.