GCP PostgreSQL instance database flag log_parser_stats is not set to off
Description
This policy is checking to verify if the 'log_parser_stats' flag in the PostgreSQL database is set to 'off'. This flag, when turned on, logs statistical information about query parsing and rewriting. While this might be useful for debugging, it can generate a vast amount of log data significantly consuming disk space, and may potentially lead to performance degradation. Therefore, for optimal performance and saving resources, it is generally recommended to set the 'log_parser_stats' flag to 'off' in a production environment.
Code Example
hcl
resource "google_sql_database_instance" "default" {
name = "database"
region = "us-central1"
database_version = "POSTGRES_11"
settings {
database_flags {
name = "log_parser_stats"
value = "off"
}
}
}Remediation
Terraform
- Resource: google_sql_database_instance
- Arguments: settings.database_flags
To fix the issue, you should ensure that the 'log_parser_stats' flag for your PostgreSQL database is set to 'off'. Here is an example of how to do it in your Terraform file:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1000 |
| Severity | INFO |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_GCP_15 |