GCP Introduction
GCP Pricing
GCP Threats
GCP Misconfigurations
- Getting Started with GCP Audit
- CloudSql Audit
- Cloud Tasks Monitoring
- Dataflow Monitoring
- Function Monitoring
- Monitoring Compliance
- PubSubLite Monitoring
- Spanner Monitoring
- NoSQL Monitoring
- Compute Audit
- IAM Audit
- BigQuery Monitoring
- CDN Monitoring
- DNS Monitoring
- KMS Monitoring
- Kubernetes Audit
- Load Balancer Monitoring
- Log Monitoring
- Storage Audit
- Pub/Sub Monitoring
- VPC Audit
- IAM Deep Dive
GCP Threats
Cloud Monitoring Should Monitor Database Up Check
More Info:
Ensure Cloud Monitoring monitors database up check.
Risk Level
Medium
Address
Operational Maturity, Performance Efficiency
Compliance Standards
CBP
Triage and Remediation
Remediation
To remediate the misconfiguration of not monitoring the database up check in GCP using GCP console, follow the below steps:
- Login to your GCP console.
- Navigate to the Monitoring page by clicking on the hamburger menu on the top left corner of the console and selecting “Monitoring” under the “Operations” section.
- Click on the “Uptime Checks” tab on the left-hand side of the Monitoring page.
- Click on the “Create Uptime Check” button on the top right corner of the Uptime Checks page.
- In the “Create Uptime Check” page, fill in the required details such as the name of the check, the resource type, and the resource name.
- In the “Check Type” section, select the “TCP” option.
- In the “TCP” section, enter the IP address of your database instance and the port number on which the database is running.
- In the “Advanced Settings” section, you can configure additional settings such as the check frequency, the notification settings, and the authentication settings.
- Once you have configured all the required settings, click on the “Create” button to create the uptime check.
With these steps, you have successfully remediated the misconfiguration of not monitoring the database up check in GCP using GCP console. Now you will receive notifications whenever your database is down, and you can take necessary actions to bring it back up.
To remediate the misconfiguration of not monitoring database up check in GCP using GCP CLI, you can follow these steps:
- Open the Google Cloud Console and navigate to the Cloud SQL instances page.
- Select the instance that you want to monitor and click on the “Edit” button.
- Scroll down to the “Monitoring” section and click on the “Configure monitoring” button.
- In the “Metrics” tab, select the “Database” category and check the “Database uptime” metric.
- In the “Alerting” tab, click on the “Add condition” button.
- Set the “Condition name”, “Condition trigger”, and “Condition threshold” according to your requirements.
- In the “Notification channels” section, add the email addresses or phone numbers of the people who should be notified in case of an alert.
- Click on the “Save” button to save the changes.
Once you have completed these steps, you will be notified if the database goes down or if it is unavailable for any reason. You can also customize the alerting settings further by adding additional conditions, notification channels, or by adjusting the thresholds for the existing conditions.
To remediate the misconfiguration “Cloud Monitoring should monitor database up check” for GCP using Python, follow these steps:
-
First, ensure that you have the necessary permissions to create a Cloud Monitoring uptime check. You will need the
monitoring.editorormonitoring.adminrole. -
Import the necessary libraries and authenticate to the GCP project:
from google.cloud import monitoring_v3
from google.oauth2 import service_account
credentials = service_account.Credentials.from_service_account_file('<path_to_service_account_file>')
client = monitoring_v3.UptimeCheckServiceClient(credentials=credentials)
project_name = 'projects/<project_id>'
- Next, create a new uptime check using the
create_uptime_check_configmethod. In this example, we will create an HTTP check for a database running on port 3306:
config = monitoring_v3.types.UptimeCheckConfig(
display_name='Database Up Check',
http_check=monitoring_v3.types.UptimeCheckHttpCheck(
port=3306,
path='/',
request_method='GET',
use_ssl=False,
),
timeout=5.0,
period=60,
content_matchers=[],
selected_regions=['us-central1'],
is_internal=False,
)
response = client.create_uptime_check_config(request={'parent': project_name, 'uptime_check_config': config})
print('Created uptime check: {}'.format(response.name))
- The
create_uptime_check_configmethod returns the name of the newly created uptime check. You can use this name to update or delete the check later.
That’s it! You have now remediated the misconfiguration by creating a Cloud Monitoring uptime check to monitor the database’s availability.