Ensure Azure PostgreSQL database server with log checkpoints parameter is enabled

Error: Azure PostgreSQL database server with log checkpoints parameter is disabled

Bridgecrew Policy ID: BC_AZR_NETWORKING_11
Checkov Check ID: CKV_AZURE_30
Severity: MEDIUM

Azure PostgreSQL database server with log checkpoints parameter is disabled

Description

Enabling log_checkpoints helps the PostgreSQL Database to log each checkpoint and generate query and error logs. Access to transaction logs is not supported. Query and error logs can be used to identify, troubleshoot, repair configuration errors, and address sub-optimal performance issues.

We recommend you set log_checkpoints to On for PostgreSQL Server Databases.

Fix - Runtime

Azure Portal

To change the policy using the Azure Portal, follow these steps:

  1. Log in to the Azure Portal at https://portal.azure.com.
  2. Navigate to Azure Database for PostgreSQL server.
  3. For each database:
    a) Click Server parameters.
    b) Navigate to log_checkpoints.
    c) Click On.
    d) Click Save.

CLI Command

To update the log_checkpoints configuration, use the following command:

az postgres server configuration set 
--resource-group <resourceGroupName>
--server-name <serverName> 
--name log_checkpoints 
--value on

Fix - Buildtime

Terraform

  • Resource: azurerm_postgresql_configuration
  • Argument: name + value
- resource "azurerm_postgresql_configuration" "example" {
-    name                = "log_checkpoints"
-    resource_group_name = data.azurerm_resource_group.example.name
-    server_name         = azurerm_postgresql_server.example.name
-    value               = "off"
}

Did this page help you?