PostgreSQL database instance should have a 'log_connections' flag with its value set to 'on'

gcp_postgresql_log_connections_disabled

Severity

low

Vendor

GCP

Resource

AIM

Description

The log_connections parameter is a configuration option for PostgreSQL databases that allows each attempted connection to the database server to be logged, including successful client authentication requests.

If Cloud SQL instance is configured to use SSL, it is needed to enable log_connections flag so that connection logs could be viewed in Cloud Logging. This can help to troubleshoot any SSL-related errors or warnings.

To fix it, you must configure the log_connections flag under settings.database_flags with on value.

Learn more about this topic at About Cloud SQL backups.

Examples

---
- name: create a instance
  google.cloud.gcp_sql_instance:
    name: GCP instance
    settings:
      database_flags:
        - name: log_connections
          value: off
      tier: db-n1-standard-1
    region: us-central1
    project: test_project
    database_version: POSTGRES_9_6
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present

Mitigation / Fix

---
- name: create a instance
  google.cloud.gcp_sql_instance:
    name: GCP instance
    settings:
      database_flags:
        - name: log_connections
          value: on
      tier: db-n1-standard-1
    region: us-central1
    project: test_project
    database_version: POSTGRES_9_6
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present