I had AWS RDS enhanced monitoring turned on in our Production and UAT RDS databases. These are connected to an ERP instance.
I went to look for slow queries while debugging a user issue, and the Audit, General, and Slow Query logs have disappeared.
They were and are enabled. They used to be in CloudWatch. Not a one left, even though we > 1 year retention.
If I go through the control panel and click on the hyperlink from "Published Logs" CloudWatch says
There was an error filtering log events
The specified log group does not exist
The error logs do exist, and do not show any logging errors.
I also tried turning the other logs off, letting settings persist, then turning them on. The other logs (slow SQL, etc) still don't exist.
These logs for production are business critical - I mean, if your audit log suddenly disappears, it's hard to build alerts, right? I can't believe there isn't even an error about these logs disappearing.
I did see that "Enhanced Monitoring" was turned off, so I turned it on, and got this:
Amazon RDS has been unable to configure enhanced monitoring on your instance: uat and this feature has been disabled.This is likely due to the rds-monitoring-role not being present and configured correctly in your account. Please refer to the troubleshooting section in the Amazon RDS documentation for further details.
The role does exist and hasn't changed since 2019.
rds-monitoring-role, Trust Relationships:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "monitoring.rds.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
One other thing: I did install DataDog's AWS integration CloudWatch routine about two weeks ago. That might be roughly when all the logs disappeared, but I think that's more coincidental, or I'd open a ticket with them. I deleted their CloudWatch stack, and the logs have not come back.
This question mentions log parameters, but I checked and ours haven't changed.
