Ensure Azure PostgreSQL database server with connection throttling parameter is enabled

Error: Azure PostgreSQL database server with connection throttling parameter is disabled

Bridgecrew Policy ID: BC_AZR_NETWORKING_13
Checkov Check ID: CKV_AZURE_32
Severity: MEDIUM

Azure PostgreSQL database server with connection throttling parameter is disabled

Description

Enabling connection_throttling allows the PostgreSQL Database to set the verbosity of logged messages. It generates query and error logs with respect to concurrent connections that could lead to a successful Denial of Service (DoS) attack by exhausting connection resources. A system can also fail or be degraded by an overload of legitimate users. Query and error logs can be used to identify, troubleshoot, repair configuration errors, and address sub-optimal performance issues.

We recommend you set connection_throttling to On for PostgreSQL Server Databases.

Fix - Runtime

Azure Portal

To change the policy using the Azure Portal, follow these steps:

  1. Log in to the Azure Portal at https://portal.azure.com.
  2. Navigate to Azure Database for PostgreSQL server.
  3. For each database:
    a) Click Server parameters.
    b) Navigate to connection_throttling.
    c) Click On.
    d) Click Save.

CLI Command

To update the connection_throttling configuration, use the following command:

az postgres server configuration set 
--resource-group <resourceGroupName> 
--server-name <serverName> 
--name connection_throttling 
--value on

Fix - Buildtime

Terraform

  • Resource: azurerm_postgresql_configuration
  • Arguments: name + value
- resource "azurerm_postgresql_configuration" "example" {
-    name                = "connection_throttling"
-    resource_group_name = data.azurerm_resource_group.example.name
-    server_name         = azurerm_postgresql_server.example.name
-    value               = "off"
}

Did this page help you?