Ensure Alibaba Cloud RDS instance has log_disconnections enabled
Error: Alibaba Cloud RDS instance does not have log_disconnections enabled
Bridgecrew Policy ID: BC_ALI_GENERAL_13
Checkov Check ID: CKV_ALI_36
Severity: LOW
Alibaba Cloud RDS instance does not have log_disconnections enabled
Description
Enabling the log_disconnections database flag logs at the end of each session, including the session duration. RDS does not log session details by default, including duration and session end details. Enabling the log_disconnections database flag creates log entries at the end of each session, which is useful when troubleshooting issues and determining unusual activity across a period.
We recommended you set the log_disconnections flag for a PostgreSQL instance to On.
Fix - Runtime
Fix - Buildtime
Terraform
resource "alicloud_db_instance" "pass2" {
engine = "MySQL"
engine_version = "5.6"
instance_type = "rds.mysql.t1.small"
instance_storage = "10"
tde_status = "Disabled"
auto_upgrade_minor_version = "Manual"
# ssl_action="Closed"
security_ips = [
"0.0.0.0",
"10.23.12.24/24"
]
parameters {
name = "log_duration"
value = "on"
}
parameters {
name = "log_disconnections"
value = "on"
}
}
Updated 3 months ago