How to Store AWS RDS MySQL Transaction Logs to S3 Every 5 Minutes

Certainly, here’s a step-by-step guide on how to implement the solution for storing AWS RDS MySQL transaction logs to Amazon S3 using the AWS Command Line Interface (CLI) with detailed explanations of the parameters in each command:

Step 1: Create an S3 Bucket

In this step, you’ll create an S3 bucket to store the RDS transaction logs. Use the aws s3api create-bucket command:

aws s3api create-bucket --bucket your-bucket-name --region your-region
  • --bucket: Replace your-bucket-name with a unique name for your S3 bucket.
  • --region: Specify the AWS region where you want to create the bucket.

Step 2: Grant RDS Service Access to the S3 Bucket

To allow RDS access to your S3 bucket, you’ll create a bucket policy using the aws s3api put-bucket-policy command:

aws s3api put-bucket-policy --bucket your-bucket-name --policy '{
  "Version": "2012-10-17",
  "Statement": [
      "Sid": "AllowRDSToCopyToS3",
      "Effect": "Allow",
      "Principal": {
        "Service": ""
      "Action": "s3:PutObject",
      "Resource": "arn:aws:s3:::your-bucket-name/*"
  • --bucket: Replace your-bucket-name with your S3 bucket name.
  • --policy: Specify a JSON policy document granting RDS the necessary permissions.

Step 3: Enable RDS Binary Logging Feature

To enable binary logging for your RDS instance, use the aws rds modify-db-instance command:

aws rds modify-db-instance --db-instance-identifier your-db-instance-id --enable-iops false --apply-immediately
  • --db-instance-identifier: Replace your-db-instance-id with the identifier of your RDS instance.
  • --enable-iops: Set to false to disable Input/Output Operations Per Second (IOPS).
  • --apply-immediately: This flag ensures the changes take effect immediately.

Step 4: Configure RDS to Copy Transaction Logs to S3

Use the aws rds modify-db-instance command again to configure RDS to copy transaction logs to S3 every 5 minutes:

aws rds modify-db-instance --db-instance-identifier your-db-instance-id --enable-cloudwatch-logs-export true --cloudwatch-logs-export-configuration '{"enableLogTypes":["error"],"disableLogTypes":[]}'
  • --db-instance-identifier: Replace your-db-instance-id with your RDS instance identifier.
  • --enable-cloudwatch-logs-export: Set to true to enable exporting logs to CloudWatch.
  • --cloudwatch-logs-export-configuration: Specify the log types to export. In this example, we enable the "error" log type.

Once you’ve completed these steps, your RDS instance will automatically copy transaction logs to your specified S3 bucket. The CloudWatch logs can be accessed and managed from the S3 bucket, providing you with a secure and reliable way to store and analyze your database logs.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top