Azure PostgreSQL database server with connection throttling parameter is disabled
Description
Enabling connection_throttling allows the PostgreSQL Database to set the verbosity of logged messages. It generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, repair configuration errors, and address sub-optimal performance issues. We recommend you set connection_throttling to On for PostgreSQL Server Databases.
Code Example
- resource "azurerm_postgresql_configuration" "example" {
- name = "connection_throttling"
- resource_group_name = data.azurerm_resource_group.example.name
- server_name = azurerm_postgresql_server.example.name
- value = "off"
}Remediation
- Azure Portal To change the policy using the Azure Portal, follow these steps:*
. Log in to the Azure Portal at https://portal.azure.com.
. Navigate to * Azure Database* for * PostgreSQL server*.
. For each database: a) Click * Server* parameters. + b) Navigate to * connection_throttling*. + c) Click * On*. + d) Click * Save*.
- CLI Command*
To update the * connection_throttling configuration*, use the following command:
az postgres server configuration set --resource-group & lt;resourceGroupName> --server-name & lt;serverName> --name connection_throttling --value on
=== Fix - Buildtime
Terraform
- Resource: azurerm_postgresql_configuration
- Arguments: name + value
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0543 |
| Severity | INFO |
| IaC Type | arm |
| Frameworks | ARM, |
| Checkov ID | CKV_AZURE_32 |