Pattern: Disabled lock wait logging for Google PostgreSQL
Issue: -
Lock waits are often an indication of poor performance and often an indicator of a potential denial of service vulnerability, therefore occurrences should be logged for analysis.
Resolution: Enable lock wait logging.
Example of incorrect code:
resource "google_sql_database_instance" "db" {
name = "db"
database_version = "POSTGRES_12"
region = "us-central1"
settings {
database_flags {
name = "log_lock_waits"
value = "off"
}
}
}Example of correct code:
resource "google_sql_database_instance" "db" {
name = "db"
database_version = "POSTGRES_12"
region = "us-central1"
settings {
database_flags {
name = "log_lock_waits"
value = "on"
}
}
}