PostgreSQL best practices

Best practice rules for PostgreSQL

• Check Log Files Retention Period for PostgreSQL Flexible Servers

  Ensure there is a sufficient log retention period configured for your Azure PostgreSQL flexible servers.

• Check for PostgreSQL Log Retention Period

  Ensure that PostgreSQL database servers have a sufficient log retention period configured.

• Check for PostgreSQL Major Version

  Ensure that PostgreSQL database servers are using the latest major version of PostgreSQL database.

• Disable "Allow access to Azure services" for PostgreSQL database servers

  Ensure that any access from Azure services to Azure PostgreSQL database servers is disabled.

• Disable Access from Azure Services to PostgreSQL Flexible Servers

  Ensure that any access from Azure services to your Azure PostgreSQL flexible servers is disabled.

• Enable "CONNECTION_THROTTLING" Parameter for PostgreSQL Servers

  Ensure that "connection_throttling" parameter is set to "ON" within your Azure PostgreSQL server settings.

• Enable "LOG_CHECKPOINTS" Parameter for PostgreSQL Servers

  Enable "log_checkpoints" parameter for your Microsoft Azure PostgreSQL database servers.

• Enable "LOG_CONNECTIONS" Parameter for PostgreSQL Servers

  Enable "log_connections" parameter for your Microsoft Azure PostgreSQL database servers.

• Enable "LOG_DISCONNECTIONS" Parameter for PostgreSQL Servers

  Enable "log_disconnections" parameter for your Microsoft Azure PostgreSQL database servers.

• Enable "LOG_DURATION" Parameter for PostgreSQL Servers

  Enable "log_duration" parameter on your Microsoft Azure PostgreSQL database servers.

• Enable "log_checkpoints" Parameter for PostgreSQL Flexible Servers

  Enable "log_checkpoints" parameter for your Microsoft Azure PostgreSQL flexible database servers.

• Enable Connection Throttling for PostgreSQL Flexible Servers

  Ensure that "connection_throttle.enable" parameter is set to "ON" for Azure PostgreSQL flexible servers.

• Enable Geo-Redundant Backups

  Ensure that geo-redundant backups are enabled for your Azure PostgreSQL database servers.

• Enable In-Transit Encryption for PostgreSQL Database Servers

  Ensure that in-transit encryption is enabled for your Azure PostgreSQL database servers.

• Enable Infrastructure Double Encryption for Single Servers

  Ensure that infrastructure double encryption is enabled for Single Server Azure PostgreSQL database servers.

• Enable Storage Auto-Growth

  Ensure that storage auto-growth is enabled for your Microsoft Azure PostgreSQL database servers.

• Enable Transport Encryption for PostgreSQL Flexible Servers

  Ensure that "require_secure_transport" parameter is enabled for Azure PostgreSQL flexible servers.

• Use Microsoft Entra Admin for PostgreSQL Authentication

  Ensure that an Microsoft Entra admin is configured for PostgreSQL authentication.