Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server
Default Severity: medium
Explanation
Postgresql can generate logs for checkpoints to improve visibility for audit and configuration issue resolution.
Possible Impact
No error and query logs generated on checkpoint
Suggested Resolution
Enable checkpoint logging
Insecure Example
The following example will fail the azure-database-postgres-configuration-log-checkpoints check.
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_postgresql_server" "example" {
name = "example-psqlserver"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
administrator_login = "psqladminun"
administrator_login_password = "H@Sh1CoR3!"
sku_name = "GP_Gen5_4"
version = "9.6"
storage_mb = 640000
}
Secure Example
The following example will pass the azure-database-postgres-configuration-log-checkpoints check.
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_postgresql_server" "example" {
name = "example-psqlserver"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
administrator_login = "psqladminun"
administrator_login_password = "H@Sh1CoR3!"
sku_name = "GP_Gen5_4"
version = "9.6"
storage_mb = 640000
}
resource "azurerm_postgresql_configuration" "example" {
name = "log_checkpoints"
resource_group_name = azurerm_resource_group.example.name
server_name = azurerm_postgresql_server.example.name
value = "on"
}