Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server - azurerm_postgresql_configuration

MEDIUM

Description

Description:

Enable 'log_connections' on 'PostgreSQL Servers'.

Rationale:

Enabling 'log_connections' helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.

Remediation

From Azure Console

Login to Azure Portal using https://portal.azure.com
Go to 'Azure Database' for 'PostgreSQL server'
For each database, click on 'Server parameters'
Search for 'log_connections'.
Click 'ON' and save.

Using Azure Command Line Interface 2.0

Use the below command to update 'log_connections' configuration.

az postgres server configuration set --resource-group --server-name --name log_connections --value on
.

Policy Details

Rule Reference ID: AC_AZURE_0413

CSP: Azure

Remediation Available: Yes

Domain: Logging and Monitoring

Resource: azurerm_postgresql_configuration

Resource Category: Database

Resource Type: PostgreSQL

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
CIS Azure Foundations v1.3.0
NY-DFS
SOC2
CIS Azure Foundations v1.4.0 Level 1

Detections

Analytics