Which approach will meet these requirements?
Use pg_audit to generate audit logs and send the logs to the Security team.
Use AWS CloudTrail to audit the DB cluster and the Security team will get data from Amazon S3.
Set up database activity streams and connect the data stream from Amazon Kinesis to consumer applications.
Turn on verbose logging and set up a schedule for the logs to be dumped out for the Security team.
Explanations:
While pg_audit can generate detailed audit logs, it does not natively support pushing logs as encrypted files to an external solution for real-time alerting and monitoring. This option does not meet the requirement for pushing data outside the Aurora DB cluster.
AWS CloudTrail records AWS account activity and API calls but does not provide detailed database auditing information for PostgreSQL. Additionally, CloudTrail does not natively push logs to external solutions in an encrypted format, making this option unsuitable for real-time alerting and monitoring.
Setting up database activity streams allows for the capture of database activity in real-time and can stream that data to Amazon Kinesis. This approach facilitates real-time alerting and monitoring while supporting encrypted data transfer, making it the best fit for the requirements.
Enabling verbose logging and scheduling logs to be dumped would result in logs being generated, but it does not provide a real-time or automated means to push logs outside the cluster. This method is not suitable for meeting the needs of the Security team for monitoring and alerting.