Control: Cloud SQL instances should not be publicly accessible
Description
This control checks whether Cloud SQL instances have public access enabled.
Usage
Run the control in your terminal:
powerpipe control run gcp_perimeter.control.cloud_sql_not_publicly_accessible
Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run gcp_perimeter.control.cloud_sql_not_publicly_accessible --share
Steampipe Tables
SQL
select self_link as resource, case when ip_configuration ->> 'ipv4Enabled' = 'true' then 'alarm' else 'ok' end as status, case when ip_configuration ->> 'ipv4Enabled' = 'true' then title || ' has public access enabled.' else title || ' does not have public access enabled.' end as reason , location, projectfrom gcp_sql_database_instance;