Ensure that your Google Cloud SQL database instances are configured to use private IP addresses instead of public IPs in order to protect against potential attacks.
This rule resolution is part of the Conformity Security & Compliance tool for GCP.
By default, each Google Cloud SQL database instance is configured with a public IP address. To reduce the application's attack surface, Cloud SQL databases should have only private IPs attached. Private IPs provide improved cloud network security and lower latency for your database applications.
Audit
To determine if your Cloud SQL database instances are using public IP addresses, perform the following actions:
Remediation / Resolution
To reconfigure your Google Cloud SQL database instances in order to use private IP addresses instead of public IPs, perform the following actions:
References
- Google Cloud Platform (GCP) Documentation
- Configure private IP
- Private services access
- Configure private services access
- CIS Security Documentation
- Google Cloud Computing Platform
- GCP Command Line Interface (CLI) Documentation
- gcloud projects list
- gcloud sql instances list
- gcloud sql instances describe
- gcloud beta sql instances patch
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check for Cloud SQL Database Instances with Public IPs
Risk Level: Medium