Alibaba Cloud RDS instance does not have log_duration enabled

Description

This policy ensures that the `log_duration` parameter is enabled for Alibaba Cloud RDS instances. Enabling this parameter helps log the duration of each completed statement, providing valuable insights into query performance and execution time. This data is critical for monitoring database performance and identifying slow queries.

Failing to enable this parameter can limit visibility into query execution metrics, making it difficult to diagnose performance issues and optimize database operations.

Code Example

resource "alicloud_rds_instance" "example" {
  ...

  parameter {
+    name  = "log_duration"
+    value = "on"
  }
}

Remediation

Terraform

Resource: alicloud_rds_instance
Arguments: log_duration

To mitigate this issue, ensure the `log_duration` parameter is set to `on` in the RDS instance configuration.

Example:

Rule Details

Field	Value
ID	IAC-0034
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_ALI_35

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Alibaba Cloud RDS instance does not have log_duration enabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Alibaba Cloud RDS instance does not have log_duration enabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Alibaba Cloud RDS instance does not have log_duration enabled

Description

Code Example

Remediation

Rule Details

References