Audit logging for Amazon Redshift Serverless - Amazon Redshift
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Audit logging for Amazon Redshift Serverless

You can configure Amazon Redshift Serverless to export connection, user, and user-activity log data to a log group in Amazon CloudWatch Logs. With Amazon CloudWatch Logs, you can perform real-time analysis of the log data and use CloudWatch to create alarms and view metrics. You can use CloudWatch Logs to store your log records in durable storage.

You can create CloudWatch alarms to track your metrics using the Amazon Redshift console. For more information on creating alarms, see Managing alarms.

To export generated log data to Amazon CloudWatch Logs, the respective logs must be selected for export in your Amazon Redshift Serverless configuration settings, on the console. You can do this by choosing the Namespace configuration settings, under Security and encryption.

Log events in CloudWatch

After selecting which Redshift logs to export, you can monitor events in Amazon CloudWatch Logs. A new log group is automatically created for Amazon Redshift Serverless, in which log_type represents the log type.

/aws/redshift/<namespace>/<log_type>

When you create your first workgroup and namespace, default is the namespace name. The log group name varies according to what you call the namespace.

For example, if you export the connection log, log data is stored in the following log group.

/aws/redshift/default/connectionlog

Log events are exported to a log group using the serverless log stream. The behavior depends on which of the following conditions are true:

  • A log group with the specified name exists. Redshift exports log data using the existing log group. To create log groups with predefined log-retention periods, metric filters, and customer access, you can use automated configuration, such as that provided by Amazon CloudFormation.

  • A log group with the specified name doesn't exist. When a matching log entry is detected in the log for the instance, Amazon Redshift Serverless creates a new log group in Amazon CloudWatch Logs automatically. The log group uses the default log-retention period of Never Expire. To change the log-retention period, use the Amazon CloudWatch Logs console, the Amazon CLI, or the Amazon CloudWatch Logs API. For more information about changing log-retention periods in CloudWatch Logs, see Change log data retention in Working with log groups and log streams.

To search for information within log events, use the Amazon CloudWatch Logs console, the Amazon CLI, or the Amazon CloudWatch Logs API. For more information about searching and filtering log data, see Searching and filtering log data.

CloudWatch metrics

Amazon Redshift Serverless metrics are divided into compute metrics and data and storage metrics, falling under the workgroup and namespace dimension sets, respectively. For more information about workgroups and namespaces, see Workgroups and namespaces.

CloudWatch compute metrics are the following:

Metric name Units Description Dimension sets
QueriesCompletedPerSecond Number of queries The number of queries completed each second. {Database, LatencyRange, Workgroup}, {LatencyRange, Workgroup}
QueryDuration Microseconds The average amount of time to complete a query. {Database, LatencyRange, Workgroup}, {LatencyRange, Workgroup}
QueriesRunning Number of queries The number of running queries at a point in time. {Database, QueryType, Workgroup}, {QueryType, Workgroup}
QueriesQueued Number of queries The number of queries in the queue at a point in time. {Database, QueryType, Workgroup}, {QueryType, Workgroup}
DatabaseConnections Number of connections The number of connections to a database at a point in time. {Database, Workgroup}, {Workgroup}
QueryRuntimeBreakdown Milliseconds The total time queries ran, by query stage. {Database, Stage, Workgroup}, {Stage, Workgroup}
ComputeCapacity RPU Average number of compute units allocated during the past 30 minutes, rounded up to the nearest integer. {Workgroup}
ComputeSeconds RPU-seconds Accumulated compute-unit seconds used in the last 30 minutes. {Workgroup}
QueriesSucceeded Number of queries The number of queries that succeeded in the last 5 minutes. {Database, QueryType, Workgroup}, {QueryType, Workgroup}
QueriesFailed Number of queries The number of queries that failed in the last 5 minutes. {Database, QueryType, Workgroup}, {QueryType, Workgroup}
UsageLimitAvailable RPU-hours or TBs

Depending on the UsageType, UsageLimitAvailable returns the following:

  • If the UsageType is SERVERLESS_COMPUTE, UsageLimitAvailable returns the remaining number of RPU-hours that the workgroup can query in the given limit.

  • If the UsageType is CROSS_REGION_DATASHARING, UsageLimitAvailable returns the remaining number of TBs that the customer can scan in the given limit.

{UsageLimitId, UsageType, Workgroup}
UsageLimitConsumed RPU-hours or TBs

Depending on the UsageType, UsageLimitConsumed returns the following:

  • If the UsageType is SERVERLESS_COMPUTE, UsageLimitConsumed returns the number of RPU-hours that the workgroup has already queried in the given limit.

  • If the UsageType is CROSS_REGION_DATASHARING, UsageLimitConsumed returns the number of TBs that the customer has already used to scan in the given limit.

{UsageLimitId, UsageType, Workgroup}

CloudWatch data and storage metrics are the following:

Metric name Units Description Dimension sets
TotalTableCount Number of tables The number of user tables existing at a point in time. This total doesn't include Amazon Redshift Spectrum tables. {Database, Namespace}
DataStorage Megabytes The number of megabytes used, in disk or storage space, for Redshift data. {Namespace}

The SnapshotStorage metric is namespace- and workgroup-agnostic. CloudWatch's SnapshotStorage metric is as follows:

Metric name Units Description Dimension sets
SnapshotStorage Megabytes The number of megabytes used, in disk or storage space, for Snapshots. {}

Dimension sets are the grouping dimensions applied to your metrics. You can use these dimension groups to specify how your statistics are retrieved.

The following table details dimensions and dimension values for specific metrics:

Dimension Description and values
DatabaseName The name of the database. A custom value.
Latency

Possible values are as follows:

  • Short – under 10 seconds

  • Medium – between 10 seconds and 10 minutes

  • Long – over 10 minutes

QueryType Possible values are INSERT, DELETE, UPDATE, UNLOAD, LOAD, SELECT, CTAS, and OTHER.
stage

The execution stages for a query. Possible values are as follows:

  • QueryPlanning: Time spent parsing and optimizing SQL statements.

  • QueryWaiting: Time spent waiting in the WLM queue.

  • QueryExecutingRead: Time spent executing read queries.

  • QueryExecutingInsert: Time spent executing insert queries.

  • QueryExecutingDelete: Time spent executing delete queries.

  • QueryExecutingUpdate: Time spent executing update queries.

  • QueryExecutingCtas: Time spent executing create table as queries.

  • QueryExecutingUnload: Time spent executing unload queries.

  • QueryExecutingCopy: Time spent executing copy queries.

  • QueryCommit: Time spent committing.

Namespace The name of the namespace. A custom value.
Workgroup The name of the workgroup. A custom value.
UsageLimitId The identifier of the usage limit.
UsageType

The Amazon Redshift Serverless feature being limited. Possible values are as follows:

  • SERVERLESS_COMPUTE

  • CROSS_REGION_DATASHARING