Ensure that "log_lock_waits" database flag is enabled for all your Google Cloud PostgreSQL database instances.
The "deadlock_timeout" PostgreSQL configuration setting defines the time to wait on a lock before checking for any conditions. Frequent exceeding of the "deadlock_timeout" value (time) can be an indication of underlying security and performance issues. Logging such waits on locks by enabling the "log_lock_waits" database flag can be used to identify poor performance due to locking delays. This can also be used to determine if an SQL statement is attempting to starve resources through holding locks for excessive amounts of time.
Note: Some database flag settings can affect instance availability and/or stability, and eventually remove the PostgreSQL instance from the Google Cloud SQL Service Level Agreement (SLA).
To determine if "log_lock_waits" flag is enabled for your Google Cloud PostgreSQL database instances, perform the following actions:
Remediation / Resolution
To enable the "log_lock_waits" database flag for your Google Cloud Platform (GCP) PostgreSQL database instances, perform the following operations:
- Google Cloud Platform (GCP) Documentation
- Cloud SQL for PostgreSQL
- Configuring database flags
- Editing instances
- CIS Security Documentation
- Securing Google Cloud Computing Platform
- PostgreSQL Database Documentation
- 19.8. Error Reporting and Logging
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Enable "log_lock_waits" Flag for PostgreSQL Database Instances
Risk level: Medium