Browse docs
--- title: "Compliance" description: "Configure audit immutability, data residency, PII logging policies, evidence export, and access review cadence for regulatory compliance." icon: "shield-check" ---
Overview
Enterprise compliance controls extend the audit logging system with regulatory-grade features for SOC 2, GDPR, HIPAA, and ISO 27001 frameworks. These controls are gated by the Enterprise compliance capability.
Configuration
Enable compliance controls in your Enterprise profile:
compliance:
enabled: true
audit_immutability: true
data_residency: "us"
pii_logging_policy: "redact"
evidence_retention_days: 365
access_review_cadence_days: 90
evidence_export_target: "s3://aurora-compliance-evidence"Environment Variables
COMPLIANCE_ENABLED=true
COMPLIANCE_AUDIT_IMMUTABILITY=true
COMPLIANCE_DATA_RESIDENCY=us
COMPLIANCE_PII_LOGGING_POLICY=redact
COMPLIANCE_EVIDENCE_RETENTION_DAYS=365
COMPLIANCE_ACCESS_REVIEW_CADENCE_DAYS=90
COMPLIANCE_EVIDENCE_EXPORT_TARGET=s3://aurora-compliance-evidenceSettings Reference
Audit Immutability
When audit_immutability: true, the system prevents:
- Deletion of audit log entries after they are persisted
- Modification of existing audit records
- Truncation of audit tables
This satisfies the "once written, never changed" requirement for SOC 2 and HIPAA audit controls.
PII Logging Policy
Controls how personally identifiable information is handled in log records:
The PII detection covers email addresses, phone numbers, social security numbers, and credit card patterns.
Data Residency
Declare the geographic region where data should be stored and processed. This is primarily a declarative control for compliance documentation. Combine with deployment-level controls (VPC region, database location, S3 bucket region) to enforce actual data residency.
Evidence Export
Configure periodic export of compliance evidence to an external storage target:
compliance:
evidence_export_target: "s3://aurora-compliance-evidence"Evidence exports include:
- Immutable audit log snapshots
- Compliance configuration attestations
- Access review records
The export format is JSON with integrity metadata for audit verification.
Access Reviews
The access_review_cadence_days setting establishes the recommended interval for reviewing user access permissions. This is a planning value used for compliance documentation and reporting.
Admin API
Feature status is available from the dashboard features endpoint:
curl -H "Authorization: Bearer $AURORA_MASTER_KEY" \
http://your-aurora-host/admin/api/v1/dashboard/featuresCompliance status is visible in the dashboard under Enterprise -> Compliance.