Ensure Alibaba RDS instance has log_connections enabled

Error: Alibaba RDS instance has log_connections disabled

Bridgecrew Policy ID: BC_ALI_GENERAL_16
Checkov Check ID: CKV_ALI_37
Severity: LOW

Alibaba RDS instance has log_connections disabled

Description

RDS does not log attempted connections by default. Enabling the log_connections setting creates log entries for each attempted connection to the server, along with the successful completion of client authentication. This information can be useful in troubleshooting issues and determining any unusual connection attempts to the server.

We recommend you set the log_connections database flag for Alibaba Cloud RDS instances to on.

Fix - Buildtime

Terraform

resource "alicloud_db_instance" "pass" {
  engine           = "MySQL"
  engine_version   = "5.6"
  instance_type    = "rds.mysql.t1.small"
  instance_storage = "10"
  tde_status       = "Disabled"
  auto_upgrade_minor_version = "Manual"
  # ssl_action="Closed"
  security_ips = [
    "0.0.0.0",
    "10.23.12.24/24"
  ]
  parameters {
        name = "log_duration"
        value = "ON"
    }
}