diff --git a/terraform/modules/postgres/main.tf b/terraform/modules/postgres/main.tf
index 29b6cc53..7b659d4e 100644
--- a/terraform/modules/postgres/main.tf
+++ b/terraform/modules/postgres/main.tf
@@ -35,3 +35,33 @@ resource "azurerm_postgresql_virtual_network_rule" "sql" {
   subnet_id                            = var.subnet_id
   ignore_missing_vnet_service_endpoint = true
 }
+
+resource "azurerm_postgresql_database" "db" {
+  name                = "${var.name}-${var.environment}-atat"
+  resource_group_name = azurerm_resource_group.sql.name
+  server_name         = azurerm_postgresql_server.sql.name
+  charset             = "UTF8"
+  collation           = "en-US"
+}
+
+resource "azurerm_monitor_diagnostic_setting" "postgresql_diagnostic" {
+  name                       = "${var.name}-${var.environment}-postgresql-diag"
+  target_resource_id         = azurerm_postgresql_server.sql.id
+  log_analytics_workspace_id = var.workspace_id
+
+  log {
+    category = "PostgreSQLLogs"
+    enabled  = true
+
+    retention_policy {
+      enabled = true
+    }
+  }
+  metric {
+    category = "AllMetrics"
+
+    retention_policy {
+      enabled = true
+    }
+  }
+}
diff --git a/terraform/modules/postgres/variables.tf b/terraform/modules/postgres/variables.tf
index f3366cdb..ea4a2dea 100644
--- a/terraform/modules/postgres/variables.tf
+++ b/terraform/modules/postgres/variables.tf
@@ -93,3 +93,8 @@ variable "ssl_enforcement" {
   description = "Enforce SSL (Enabled/Disable)"
   default     = "Enabled"
 }
+
+variable "workspace_id" {
+  description = "Log Analytics workspace for this resource to log to"
+  type        = string
+}
diff --git a/terraform/providers/dev/postgres.tf b/terraform/providers/dev/postgres.tf
index 53031f85..c2120012 100644
--- a/terraform/providers/dev/postgres.tf
+++ b/terraform/providers/dev/postgres.tf
@@ -14,7 +14,8 @@ module "sql" {
   owner                        = var.owner
   environment                  = var.environment
   region                       = var.region
-  subnet_id                    = module.vpc.subnets # FIXME - Should be a map of subnets and specify private
+  subnet_id                    = module.vpc.subnet_list["private"].id
   administrator_login          = data.azurerm_key_vault_secret.postgres_username.value
   administrator_login_password = data.azurerm_key_vault_secret.postgres_password.value
+  workspace_id                 = module.logs.workspace_id
 }