Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration of Restricting Public IP Access for Cloud SQL Instances at Organization Level in GCP, follow these steps:
- Open the GCP console and select the organization that you want to remediate the misconfiguration for.
- Go to the Cloud SQL Instances page by clicking on the hamburger menu on the top left corner of the console and selecting SQL under the Storage section.
- Click on the instance that you want to remediate the misconfiguration for.
- Click on the Edit button at the top of the instance details page.
- Scroll down to the Connectivity section and click on the Private IP button.
- Under the Private IP section, select the checkbox for “Enable Private IP” to allow the instance to be accessed only through private IP addresses.
- Click on the Save button at the bottom of the page to apply the changes.
- Repeat steps 3-7 for all the Cloud SQL instances in the organization to ensure that they are only accessible through private IP addresses.
Using CLI
Using CLI
To remediate the misconfiguration of allowing public IP access for Cloud SQL instances at the organization level in GCP using GCP CLI, you can follow these steps:
- Open the Cloud Shell in the GCP console.
-
Run the following command to check if any Cloud SQL instances have public IP addresses:
- If any instances have public IP addresses, note down their names.
-
Run the following command to update the instances to not allow public IP access:
Replace INSTANCE_NAME with the name of the instance that you want to update.
- Repeat step 4 for all instances that have public IP addresses.
-
Verify that the instances no longer have public IP addresses by running the following command:
Replace INSTANCE_NAME with the name of the instance that you want to verify. If the output shows
ipAddress: <unset>, then the instance no longer has a public IP address. - Repeat step 6 for all instances that you updated.
Using Python
Using Python
To remediate the misconfiguration of Restricting Public IP Access for Cloud SQL Instances at the organization level in GCP using Python, you can follow the below steps:
-
First, you need to identify all the Cloud SQL instances that have public IP access enabled in your organization. You can use the Google Cloud SDK to list all the instances with public IP access enabled using the following command:
-
Once you have identified the instances that have public IP access enabled, you need to update their network configuration to restrict public IP access. You can use the Google Cloud Python SDK to update the network configuration of the instances using the following code:
- You can run the above code for all the instances that have public IP access enabled to update their network configuration and restrict public IP access.