pg-log-errors
Explanation
Setting the minimum log severity too high will cause errors not to be logged
Possible Impact
Loss of error logging
Suggested Resolution
Set the minimum log severity to at least ERROR
Insecure Example
The following example will fail the google-sql-pg-log-errors check.
resource "google_sql_database_instance" "db" {
name = "db"
database_version = "POSTGRES_12"
region = "us-central1"
settings {
database_flags {
name = "log_min_messages"
value = "PANIC"
}
}
}
Secure Example
The following example will pass the google-sql-pg-log-errors check.
resource "google_sql_database_instance" "db" {
name = "db"
database_version = "POSTGRES_12"
region = "us-central1"
settings {
database_flags {
name = "log_min_messages"
value = "WARNING"
}
}
}