GCP SQL
About
Monitor your GCP SQL resources for best practices.
Security
Any Host Root Access
Ensures SQL instances root user cannot be accessed from any host. Root access for SQL instance should only be allowed from whitelisted IPs to ensure secure access only from trusted entities.
Database SSL Enabled
Ensures SQL databases have SSL enabled. Enabling SSL ensures that the sensitive data being transferred from the database is encrypted.
DB Restorable
Ensures SQL instances can be restored to a recent point. GCP will maintain a point to which the database can be restored. This point should not drift too far into the past, or else the risk of irrecoverable data loss may occur.
DB Publicly Accessible
Ensures that SQL instances have a failover replica to be cross-AZ for high availability. Creating SQL instances in with a single AZ creates a single point of failure for all systems relying on that database. All SQL instances should be created in multiple AZs to ensure proper failover.
DB Automated Backups
Ensures automated backups are enabled for SQL instances. Google provides a simple method of backing up SQL instances at a regular interval. This should be enabled to provide an option for restoring data in the event of a database compromise or hardware failure.
SQL Configuration Logging
Ensures that logging and log alerts exist for SQL configuration changes. Project Ownership is the highest level of privilege on a project, any changes in SQL configurations should be heavily monitored to prevent unauthorized changes.
Reliability
DB Multiple AZ
Ensures that SQL instances have a failover replica to be cross-AZ for high availability. Creating SQL instances in with a single AZ creates a single point of failure for all systems relying on that database. All SQL instances should be created in multiple AZs to ensure proper failover.
Sources
https://www.cloudanix.com/recipelist/gcp/gcpsqlmonitoring
https://cloud.google.com/sql/docs/mysql/create-manage-users
https://cloud.google.com/sql/docs/mysql/instance-settings
https://cloud.google.com/sql/docs/mysql/instance-settings
https://cloud.google.com/sql/docs/mysql/instance-settings
https://cloud.google.com/sql/docs/mysql/instance-settings
https://cloud.google.com/sql/docs/mysql/instance-settings
https://cloud.google.com/logging/docs/logs-based-metrics
Help Us Improve!
If you have any suggestions to improve this checklist, please let us know by filling out
this form.
