Ensure that logging of checkpoints is enabled.
Default Severity: medium
Explanation
Logging checkpoints provides useful diagnostic data, which can identify performance issues in an application and potential DoS vectors.
Possible Impact
Insufficient diagnostic data.
Suggested Resolution
Enable checkpoints logging.
Insecure Example
The following example will fail the google-sql-pg-log-checkpoints check.
resource "google_sql_database_instance" "db" {
name = "db"
database_version = "POSTGRES_12"
region = "us-central1"
settings {
database_flags {
name = "log_checkpoints"
value = "off"
}
}
}
Secure Example
The following example will pass the google-sql-pg-log-checkpoints check.
resource "google_sql_database_instance" "db" {
name = "db"
database_version = "POSTGRES_12"
region = "us-central1"
settings {
database_flags {
name = "log_checkpoints"
value = "on"
}
}
}