Skip to content

Ensure that logging of connections is enabled.

Default Severity: medium

Explanation

Logging connections provides useful diagnostic data such as session length, which can identify performance issues in an application and potential DoS vectors.

Possible Impact

Insufficient diagnostic data.

Suggested Resolution

Enable connection logging.

Insecure Example

The following example will fail the google-sql-pg-log-connections check.

 resource "google_sql_database_instance" "db" {
    name             = "db"
    database_version = "POSTGRES_12"
    region           = "us-central1"
    settings {
        database_flags {
            name  = "log_connections"
            value = "off"
        }
    }
 }

Secure Example

The following example will pass the google-sql-pg-log-connections check.

 resource "google_sql_database_instance" "db" {
    name             = "db"
    database_version = "POSTGRES_12"
    region           = "us-central1"
    settings {
        database_flags {
            name  = "log_connections"
            value = "on"
        }
    }
 }