Pattern: Disabled checkpoint logging for Azure PostgreSQL database
Issue: -
PostgreSQL can generate logs for checkpoints to improve visibility for audit and configuration issue resolution.
Resolution: Enable checkpoint logging.
Example of incorrect code:
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_postgresql_server" "example" {
name = "example-psqlserver"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
administrator_login = "psqladminun"
administrator_login_password = "H@Sh1CoR3!"
sku_name = "GP_Gen5_4"
version = "9.6"
storage_mb = 640000
}Example of correct code:
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_postgresql_server" "example" {
name = "example-psqlserver"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
administrator_login = "psqladminun"
administrator_login_password = "H@Sh1CoR3!"
sku_name = "GP_Gen5_4"
version = "9.6"
storage_mb = 640000
}
resource "azurerm_postgresql_configuration" "example" {
name = "log_checkpoints"
resource_group_name = azurerm_resource_group.example.name
server_name = azurerm_postgresql_server.example.name
value = "on"
}