RDS instance log disconnections disabled

Docs > Plateforme de sécurité Datadog > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > RDS instance log disconnections disabled

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

Id: d53f4123-f8d8-4224-8cb3-f920b151cc98

Cloud Provider: Alicloud

Platform: Terraform

Severity: Medium

Category: Observability

Learn More

Provider Reference

Description

The log_disconnections parameter must be set to ON for RDS instances. The rule inspects alicloud_db_instance resources and their parameters array for an entry where name is log_disconnections and value is ON.

If the parameter exists with value = OFF, the policy reports an IncorrectValue issue. If the parameters array is missing or the parameter is absent, the policy reports a MissingAttribute issue and suggests adding or updating the entry to set value = ON (for example, parameters = [{ name = "log_disconnections", value = "ON" }]).

Compliant Code Examples

resource "alicloud_db_instance" "default" {
    engine = "MySQL"
    engine_version = "5.6"
    db_instance_class = "rds.mysql.t1.small"
    db_instance_storage = "10"
    parameters = [{
        name = "innodb_large_prefix"
        value = "ON"
    },{
        name = "connect_timeout"
        value = "50"
    },{
        name = "log_disconnections"
        value = "ON"
    }]
}

Non-Compliant Code Examples

resource "alicloud_db_instance" "default" {
    engine = "MySQL"
    engine_version = "5.6"
    db_instance_class = "rds.mysql.t1.small"
    db_instance_storage = "10"
    parameters = [{
        name = "innodb_large_prefix"
        value = "ON"
    },{
        name = "connect_timeout"
        value = "50"
    }]
}

resource "alicloud_db_instance" "default" {
    engine = "MySQL"
    engine_version = "5.6"
    db_instance_class = "rds.mysql.t1.small"
    db_instance_storage = "10"
}

resource "alicloud_db_instance" "default" {
    engine = "MySQL"
    engine_version = "5.6"
    db_instance_class = "rds.mysql.t1.small"
    db_instance_storage = "10"
    parameters = [
        {
            name = "innodb_large_prefix"
            value = "ON"
        },{
            name = "connect_timeout"
            value = "50"
        },{
            name = "log_disconnections"
            value = "OFF"
        }
    ]
}