From 09fb5f927410503b0d6e7fc6cf6a2ba06cb5a281 Mon Sep 17 00:00:00 2001
From: Jamil <jamilbk@users.noreply.github.com>
Date: Fri, 14 Mar 2025 15:14:23 -0500
Subject: [PATCH] chore(infra): Enable pgaudit on master instance (#8434)

This is [step
1](https://cloud.google.com/sql/docs/postgres/pg-audit#set-pgaudit-flag-values)
of enabling `pgaudit` logs. We'll also need to `CREATE EXTENSION` which
will need to happen in a migration. I'll make a separate PR for that.

Supersedes: #5442
---
 terraform/modules/google-cloud/sql/main.tf | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/terraform/modules/google-cloud/sql/main.tf b/terraform/modules/google-cloud/sql/main.tf
index 26a70fb73..8b253a32b 100644
--- a/terraform/modules/google-cloud/sql/main.tf
+++ b/terraform/modules/google-cloud/sql/main.tf
@@ -126,6 +126,16 @@ resource "google_sql_database_instance" "master" {
       name  = "cloudsql.iam_authentication"
       value = "on"
     }
+
+    database_flags {
+      name  = "cloudsql.enable_pgaudit"
+      value = "on"
+    }
+
+    database_flags {
+      name  = "pgaudit.log"
+      value = "all"
+    }
   }
 
   lifecycle {