Ensure that Postgres errors are logged

Explanation

Setting the minimum log severity too high will cause errors not to be logged

Possible Impact

Loss of error logging

Suggested Resolution

Set the minimum log severity to at least ERROR

Insecure Example

The following example will fail the google-sql-pg-log-errors check.

resource "google_sql_database_instance" "db" {
	name             = "db"
	database_version = "POSTGRES_12"
	region           = "us-central1"
	settings {
		database_flags {
			name  = "log_min_messages"
			value = "PANIC"
		}
	}
}
			

Secure Example

The following example will pass the google-sql-pg-log-errors check.

resource "google_sql_database_instance" "db" {
	name             = "db"
	database_version = "POSTGRES_12"
	region           = "us-central1"
	settings {
		database_flags {
			name  = "log_min_messages"
			value = "WARNING"
		}
	}
}
			

Getting Started
Provider Checks
Config
GitHub Actions