Ensure Alibaba RDS instance has log_connections enabled
Error: Alibaba RDS instance has log_connections disabled
Bridgecrew Policy ID: BC_ALI_GENERAL_16
Checkov Check ID: CKV_ALI_37
Severity: LOW
Alibaba RDS instance has log_connections disabled
Description
RDS does not log attempted connections by default. Enabling the log_connections setting creates log entries for each attempted connection to the server, along with the successful completion of client authentication. This information can be useful in troubleshooting issues and determining any unusual connection attempts to the server.
We recommend you set the log_connections database flag for Alibaba Cloud RDS instances to on.
Fix - Buildtime
Terraform
resource "alicloud_db_instance" "pass" {
engine = "MySQL"
engine_version = "5.6"
instance_type = "rds.mysql.t1.small"
instance_storage = "10"
tde_status = "Disabled"
auto_upgrade_minor_version = "Manual"
# ssl_action="Closed"
security_ips = [
"0.0.0.0",
"10.23.12.24/24"
]
parameters {
name = "log_duration"
value = "ON"
}
}
Updated 9 months ago