Benchmark: 6 Cloud SQL Database Services

Overview

This section covers security recommendations to follow to secure Cloud SQL database services.

The recommendations in this section on setting up database flags are also present in the CIS Oracle MySQL Community Server 5.7 Benchmarks and in the CIS PostgreSQL 12 Benchmarks. We, nevertheless, include them here as well, the remediation instructions are different on Cloud SQL. Settings these flags require superuser privileges and can only be configured through GCP controls.

Learn more at: https://cloud.google.com/sql/docs/postgres/users and https://cloud.google.com/sql/docs/mysql/flags.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/steampipe-mod-gcp-compliance

Start the Powerpipe server:

steampipe service start
powerpipe server

Open http://localhost:9033 in your browser and select 6 Cloud SQL Database Services.

Run this benchmark in your terminal:

powerpipe benchmark run gcp_compliance.benchmark.cis_v300_6

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run gcp_compliance.benchmark.cis_v300_6 --share

Benchmarks

• 6.1 MySQL Database
• 6.2 PostgreSQL Database
• 6.3 SQL Server

Controls

• 6.4 Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL
• 6.5 Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses (
• 6.6 Ensure That Cloud SQL Database Instances Do Not Have Public IPs
• 6.7 Ensure That Cloud SQL Database Instances Are Configured With Automated Backups

Tags