Alibaba Cloud RDS instance has log_disconnections disabled
Description
This policy ensures that the `log_disconnections` parameter is enabled for Alibaba Cloud RDS instances. Enabling this parameter helps log disconnection events, which can be useful for monitoring, troubleshooting, and auditing purposes. Capturing these logs provides insights into connection behaviors and can help detect anomalies or potential issues with database connections.
Disabling this parameter may result in a lack of visibility into disconnection events, potentially hindering diagnostic and monitoring efforts.
Code Example
go
resource "alicloud_rds_instance" "example" {
...
parameter {
+ name = "log_disconnections"
+ value = "on"
}
}Remediation
Terraform
- Resource: alicloud_rds_instance
- Arguments: log_disconnections
To mitigate this issue, ensure the `log_disconnections` parameter is set to `on` in the RDS instance configuration.
Example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0035 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_ALI_36 |