Detections
Analytics

Ensure audit log retention period is greater than 90 days for Azure PostgreSQL Server

LOW

Description

Audit log retention period is not set to at least 90 days for Azure PostgreSQL Server, this may make audit challenging.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Azure Database for PostgreSQL servers.
  2. Choose the PostgreSQL server you wish to edit.
  3. Under Server parameters, set retention_period_in_days greater than 90 days.
  4. Select save.

In Terraform -

  1. In the azurerm_postgresql_configuration resource, set retention_days greater than 90 days.

References:
https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/quickstart-create-server-portal
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/postgresql_server#retention_days

Policy Details

Rule Reference ID: AC_AZURE_0402
CSP: Azure
Remediation Available: Yes
Domain: Resilience
Resource: azurerm_postgresql_server
Resource Category: Database
Resource Type: PostgreSQL

Frameworks