Ensure that logging of disconnections is enabled.

Explanation

Logging disconnections provides useful diagnostic data such as session length, which can identify performance issues in an application and potential DoS vectors.

Possible Impact

Insufficient diagnostic data.

Suggested Resolution

Enable disconnection logging.

Insecure Example

The following example will fail the google-sql-pg-log-disconnections check.

resource "google_sql_database_instance" "db" {
	name             = "db"
	database_version = "POSTGRES_12"
	region           = "us-central1"
	settings {
		database_flags {
			name  = "log_disconnections"
			value = "off"
		}
	}
}
			

Secure Example

The following example will pass the google-sql-pg-log-disconnections check.

resource "google_sql_database_instance" "db" {
	name             = "db"
	database_version = "POSTGRES_12"
	region           = "us-central1"
	settings {
		database_flags {
			name  = "log_disconnections"
			value = "on"
		}
	}
}
			

Getting Started
Provider Checks
Config
GitHub Actions