Ensure that logging of lock waits is enabled.

Explanation

Lock waits are often an indication of poor performance and often an indicator of a potential denial of service vulnerability, therefore occurrences should be logged for analysis.

Possible Impact

Issues leading to denial of service may not be identified.

Suggested Resolution

Enable lock wait logging.

Insecure Example

The following example will fail the google-sql-pg-log-lock-waits check.

resource "google_sql_database_instance" "db" {
	name             = "db"
	database_version = "POSTGRES_12"
	region           = "us-central1"
	settings {
		database_flags {
			name  = "log_lock_waits"
			value = "off"
		}
	}
}
			

Secure Example

The following example will pass the google-sql-pg-log-lock-waits check.

resource "google_sql_database_instance" "db" {
	name             = "db"
	database_version = "POSTGRES_12"
	region           = "us-central1"
	settings {
		database_flags {
			name  = "log_lock_waits"
			value = "on"
		}
	}
}
			

Getting Started
Provider Checks
Config
GitHub Actions