Best practice rules for PostgreSQL
- Check for PostgreSQL Log Retention Period
Ensure that PostgreSQL database servers have a sufficient log retention period configured.
- Check for PostgreSQL Major Version
Ensure that PostgreSQL database servers are using the latest major version of PostgreSQL database.
- Disable "Allow access to Azure services" for PostgreSQL database servers
Ensure that any access from Azure services to Azure PostgreSQL database servers is disabled.
- Enable "CONNECTION_THROTTLING" Parameter for PostgreSQL Servers
Ensure that "connection_throttling" parameter is set to "ON" within your Azure PostgreSQL server settings.
- Enable "LOG_CHECKPOINTS" Parameter for PostgreSQL Servers
Enable "log_checkpoints" parameter for your Microsoft Azure PostgreSQL database servers.
- Enable "LOG_CONNECTIONS" Parameter for PostgreSQL Servers
Enable "log_connections" parameter for your Microsoft Azure PostgreSQL database servers.
- Enable "LOG_DISCONNECTIONS" Parameter for PostgreSQL Servers
Enable "log_disconnections" parameter for your Microsoft Azure PostgreSQL database servers.
- Enable "LOG_DURATION" Parameter for PostgreSQL Servers
Enable "log_duration" parameter on your Microsoft Azure PostgreSQL database servers.
- Enable "log_checkpoints" Parameter for PostgreSQL Flexible Servers
Enable "log_checkpoints" parameter for your Microsoft Azure PostgreSQL flexible database servers.
- Enable Geo-Redundant Backups
Ensure that geo-redundant backups are enabled for your Azure PostgreSQL database servers.
- Enable In-Transit Encryption for PostgreSQL Database Servers
Ensure that in-transit encryption is enabled for your Azure PostgreSQL database servers.
- Enable Infrastructure Double Encryption for Single Servers
Ensure that infrastructure double encryption is enabled for Single Server Azure PostgreSQL database servers.
- Enable Storage Auto-Growth
Ensure that storage auto-growth is enabled for your Microsoft Azure PostgreSQL database servers.
- Use Microsoft Entra Admin for PostgreSQL Authentication
Ensure that an Microsoft Entra admin is configured for PostgreSQL authentication.