--- title: PostgreSQL log checkpoints disabled description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Datadog Security > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > PostgreSQL log checkpoints disabled --- # PostgreSQL log checkpoints disabled {% callout %} # Important note for users on the following Datadog sites: app.ddog-gov.com {% alert level="danger" %} This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). (). {% /alert %} {% /callout %} ## Metadata{% #metadata %} **Id:** `7ab33ac0-e4a3-418f-a673-50da4e34df21` **Cloud Provider:** Azure **Platform:** Ansible **Severity:** Medium **Category:** Observability #### Learn More{% #learn-more %} - [Provider Reference](https://docs.ansible.com/ansible/latest/collections/azure/azcollection/azure_rm_postgresqlconfiguration_module.html) ### Description{% #description %} PostgreSQL's `log_checkpoints` should be enabled to record checkpoint activity. This improves visibility into I/O behavior and aids detection and troubleshooting of performance or recovery issues. In Ansible Azure PostgreSQL configuration resources (`azure.azcollection.azure_rm_postgresqlconfiguration` or `azure_rm_postgresqlconfiguration`), when the `name` property is `log_checkpoints`, the `value` property must be set to `ON` (case-insensitive). Resources missing this setting or with `value` not equal to `ON` are flagged as misconfigured. Secure configuration example: ```yaml - name: Ensure log_checkpoints is enabled azure.azcollection.azure_rm_postgresqlconfiguration: resource_group: my-rg server_name: my-pg-server name: log_checkpoints value: "ON" state: present ``` ## Compliant Code Examples{% #compliant-code-examples %} ```yaml - name: Update PostgreSQL Server setting azure.azcollection.azure_rm_postgresqlconfiguration: resource_group: myResourceGroup server_name: myServer name: log_checkpoints value: on - name: Update PostgreSQL Server setting2 azure.azcollection.azure_rm_postgresqlconfiguration: resource_group: myResourceGroup server_name: myServer name: log_checkpoints value: On - name: Update PostgreSQL Server setting3 azure.azcollection.azure_rm_postgresqlconfiguration: resource_group: myResourceGroup server_name: myServer name: log_checkpoints value: ON - name: Update PostgreSQL Server setting4 azure.azcollection.azure_rm_postgresqlconfiguration: resource_group: myResourceGroup server_name: myServer name: log_checkpoints value: on - name: Update PostgreSQL Server setting5 azure.azcollection.azure_rm_postgresqlconfiguration: resource_group: myResourceGroup server_name: myServer name: log_checkpoints value: On - name: Update PostgreSQL Server setting6 azure.azcollection.azure_rm_postgresqlconfiguration: resource_group: myResourceGroup server_name: myServer name: log_checkpoints value: ON ``` ## Non-Compliant Code Examples{% #non-compliant-code-examples %} ```yaml --- - name: Update PostgreSQL Server setting azure.azcollection.azure_rm_postgresqlconfiguration: resource_group: myResourceGroup server_name: myServer name: log_checkpoints value: off - name: Update PostgreSQL Server setting2 azure.azcollection.azure_rm_postgresqlconfiguration: resource_group: myResourceGroup server_name: myServer name: log_checkpoints value: Off - name: Update PostgreSQL Server setting3 azure.azcollection.azure_rm_postgresqlconfiguration: resource_group: myResourceGroup server_name: myServer name: log_checkpoints value: OFF - name: Update PostgreSQL Server setting4 azure.azcollection.azure_rm_postgresqlconfiguration: resource_group: myResourceGroup server_name: myServer name: log_checkpoints value: "off" - name: Update PostgreSQL Server setting5 azure.azcollection.azure_rm_postgresqlconfiguration: resource_group: myResourceGroup server_name: myServer name: log_checkpoints value: "Off" - name: Update PostgreSQL Server setting6 azure.azcollection.azure_rm_postgresqlconfiguration: resource_group: myResourceGroup server_name: myServer name: log_checkpoints value: "OFF" ```