Triage and Remediation
Remediation
Using Console
Using Console
To remediate the misconfiguration “Cloud SQL data access audit logging should be enabled” for GCP using GCP console, please follow the below steps:
- Login to the Google Cloud Console.
- Navigate to the Cloud SQL instances page.
- Select the instance for which you want to enable audit logging.
- Click on the “Edit” button at the top of the page.
- Scroll down to the “Additional settings” section and click on it.
- Under the “Audit logging” section, select the checkbox next to “Audit logs” to enable audit logging.
- Choose the destination bucket where logs should be stored.
- Click on the “Save” button to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration “Cloud SQL Data Access Audit Logging Should Be Enabled” in GCP using GCP CLI, follow these steps:Replace This command should return the audit log configuration for your Cloud SQL instance.This will disable audit logging for your Cloud SQL instance.Note: Enabling audit logging for Cloud SQL can generate a significant amount of logs, which can impact performance and incur additional costs. It is recommended to configure log retention policies to manage the log data.
- Open the Cloud Shell in the GCP Console.
- Run the following command to enable audit logging for Cloud SQL:
[INSTANCE_NAME] with the name of your Cloud SQL instance.- Verify that audit logging is enabled by running the following command:
- If you want to disable audit logging for Cloud SQL, run the following command:
Using Python
Using Python
To remediate the misconfiguration “Cloud SQL data access audit logging should be enabled” for GCP using python, please follow the below steps:These steps will remediate the misconfiguration “Cloud SQL data access audit logging should be enabled” for GCP using python.
- Create a Cloud SQL instance object using the
google.cloud.sql_v1beta4library in python:
- Check if the audit logs are enabled for the Cloud SQL instance:
- If the audit logs are not enabled, enable them using the
patchmethod:
- Verify that the audit logs are enabled: