Skip to content

azure-psql-param-conn-throttling

Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server

The "connection_throttling" parameter enables temporary connection throttling per IP address after too many invalid login failures. This logging data can be used to discover PostgreSQL database servers that get degraded by an overload of legitimate users or identify Distributed Denial of Service (DDoS) attacks that work by exhausting the network resources.

Examples

Insecure Example

resource "azurerm_postgresql_configuration" "example" {
  name                = "connection_throttling"
  resource_group_name = azurerm_resource_group.example.name
  server_name         = azurerm_postgresql_server.example.name
  value               = "off"
}

Secure Example

resource "azurerm_postgresql_configuration" "example" {
  name                = "connection_throttling"
  resource_group_name = azurerm_resource_group.example.name
  server_name         = azurerm_postgresql_server.example.name
  value               = "on"
}

More information