Managed Database Auditing with Amazon RDS Database Activity Streams for Amazon RDS for Oracle
Database Activity Streams (DAS) for Amazon Relational Database Service (Amazon RDS) for Oracle provides a near real-time stream of all audited statements (SELECT, DML, DDL, DCL, TCL) executed in your DB instance. The audit data is collected from the unified database audit, while the storage and processing of database activity is managed outside your database. This prevents database users and administrators from modifying the audit stream.
As part of the deployment of DAS, your Database Administrator specifies the native Oracle Database unified audit policies on the given objects. Then your Security Administrator starts DAS on your Amazon RDS for Oracle DB instance and provides an AWS Key Management Service (KMS) key for encryption. Your database activity is encrypted and then asynchronously pushed to an Amazon Kinesis data stream provisioned on behalf of your Amazon RDS for Oracle DB instance. Permissions to enable and disable DAS can be managed by IAM, enabling separation of duties between security/compliance personnel and DBAs.
When integrated with third-party database activity monitoring tools, DAS can monitor and audit database activity to provide safeguards for your database and help you meet compliance and regulatory requirements. Integration of IBM Security Guardium with Amazon RDS Database Activity Streams for Oracle will be available shortly, enabling data activity monitoring to help uncover insider and external threats. In addition, integration of Imperva Data Security with Amazon RDS Database Activity Streams for Oracle is also coming soon, which can generate alerts and audit all activity in your Amazon RDS for Oracle DB instances.
You can enable DAS for the following use cases:
- Grant access to partner applications for Amazon Kinesis Data Stream and AWS KMS Key to monitor the database activity.
 
- Connect Amazon Kinesis Data Stream to Amazon Kinesis Data Firehose to save activities to S3 for long term retention.
- Connect to AWS Lambda to analyze or monitor your database activities.
Amazon RDS Database Activity Streams feature supports Amazon RDS for Oracle starting from version 19c for customers who use any Edition of Oracle Database with the License Included or Bring Your Own License models.
Amazon RDS makes it easy to set up, operate, and scale a relational database on AWS. You can learn more about Amazon RDS Database Activity Streams for Oracle in the documentation. See Amazon RDS for Oracle Pricing for up-to-date pricing of instances, storage, data transfer and regional availability.