azure-psql-param-conn-throttling¶
Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
The "connection_throttling" parameter enables temporary connection throttling per IP address after too many invalid login failures. This logging data can be used to discover PostgreSQL database servers that get degraded by an overload of legitimate users or identify Distributed Denial of Service (DDoS) attacks that work by exhausting the network resources.
Examples¶
Insecure Example
resource "azurerm_postgresql_configuration" "example" {
name = "connection_throttling"
resource_group_name = azurerm_resource_group.example.name
server_name = azurerm_postgresql_server.example.name
value = "off"
}
Secure Example
resource "azurerm_postgresql_configuration" "example" {
name = "connection_throttling"
resource_group_name = azurerm_resource_group.example.name
server_name = azurerm_postgresql_server.example.name
value = "on"
}