Azure PostgreSQL database server with log connections parameter disabled
Description
Enabling log_connections allows a PostgreSQL Database to log attempted connections to the server in addition to logging the successful completion of client authentication. Log data can be used to identify, troubleshoot, repair configuration errors, and identify sub-optimal performance issues. We recommend you set log_connections to On for PostgreSQL Server Databases.
Code Example
go
- resource "azurerm_postgresql_configuration" "example" {
- name = "log_connections"
- resource_group_name = data.azurerm_resource_group.example.name
- server_name = azurerm_postgresql_server.example.name
- value = "off"
}Remediation
- Azure Portal To change the policy using the Azure Portal, follow these steps:*
. Log in to the Azure Portal at https://portal.azure.com.
. Navigate to * Azure Database* for * PostgreSQL server*.
. For each database: a) Click * Server* parameters. + b) Navigate to * log_connections*. + c) Click * On*. + d) Click * Save*.
- CLI Command*
To update the * log_connections* configuration, use the following command:
az postgres server configuration set --resource-group & lt;resourceGroupName> --server-name & lt;serverName> --name log_connections --value on
=== Fix - Buildtime
Terraform
- Resource: azurerm_postgresql_configuration
- Arguments: name + value
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0542 |
| Severity | INFO |
| IaC Type | arm |
| Frameworks | ARM, |
| Checkov ID | CKV_AZURE_31 |