Alibaba RDS instance has log_connections disabled

Description

This policy ensures that the `log_connections` parameter is enabled for Alibaba Cloud RDS instances. Enabling this parameter logs connection attempts to the database, providing valuable information for monitoring, troubleshooting, and auditing. These logs can help detect unauthorized access attempts, investigate connection issues, and ensure better database management.

Failing to enable this parameter reduces visibility into connection activity, which may hinder security monitoring and operational diagnostics.

Code Example

resource "alicloud_rds_instance" "example" {
  ...
  parameter {
+    name  = "log_connections"
+    value = "on"
  }
}

Remediation

Resource: alicloud_rds_instance
Arguments: log_connections

To mitigate this issue, ensure the `log_connections` parameter is set to `on` in the RDS instance configuration.

Example:

Rule Details

Field	Value
ID	IAC-0036
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_ALI_37

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Alibaba RDS instance has log_connections disabled

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Alibaba RDS instance has log_connections disabled ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Alibaba RDS instance has log_connections disabled

Description

Code Example

Remediation

Rule Details

References