SQL Compliance Manager offers an improved architecture that allows registering RDS instances with its new RDS Cloud Agent Service. The SQL Compliance Manager Cloud RDS Agent runs under the SQL Compliance Manager Agent Service account on each registered SQL Server computer that hosts the audited instances and databases inside the AWS Cloud.
Pre-Requisites
An AWS Account
RDS Servers
S3 buckets to store, destination
Action groups / I AM Roles
Once an RDS instance is registered to audit events, the Collector service receives the audit data request from your registered RDS instance and invokes the RDS Cloud Agent Service to start auditing your RDS instance.
The audited RDS instance is based on the Option Group and S3 bucket Configuration, and after audit completion, the RDS instance transmits the audit file to the AWS S3 bucket. Then, the File processor downloads the new *.sqlaudit file from the AWS S3 bucket parses the file and transfers it to the File Shipper. Finally, the SQL Audited files are transferred to the Collector Service, where the files are processed, and the data is updated in the SQL Compliance repository.
Notes on RDS auditing
- RDS does not support the Middle East (Bahrain) region and works only with SQL Server versions 2012 and above.
- The Max File Size for SQL Audit on the RDS instance limit is 50 MB.
- Before and After Data is not supported on the RDS instance due to the limitation of creating trusted assemblies using sql script. BAD operations are removed from the properties, reports, alerts, and summary tabs.