SQL Instance With SSL Disabled
ID |
gcp_sql_db_instance_with_ssl_disabled |
Severity |
high |
Vendor |
GCP |
Resource |
AIM |
Tags |
reachable |
Description
Google Cloud SQL instances should use SSL/TLS connections for your Cloud SQL instance to encrypt data in transit and prevent unauthorized access. SSL/TLS certificates also help to validate the identity of the client and server.
To fix it, you must configure the settings.ip_configuration.require_ssl property of the database instance with true.
Learn more about this topic at About Cloud SQL backups.
Examples
---
- name: create a instance
google.cloud.gcp_sql_instance:
name: test_object
settings:
tier: db-n1-standard-1
backup_configuration:
binary_log_enabled: true
enabled: false
ip_configuration:
ipv4_enabled: true
database_version: MYSQL_5_7
region: us-central1
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: presentMitigation / Fix
---
- name: create a instance
google.cloud.gcp_sql_instance:
name: test_object
settings:
tier: db-n1-standard-1
backup_configuration:
binary_log_enabled: true
enabled: true
start_time: 05:00
ip_configuration:
ipv4_enabled: true
require_ssl: true
database_version: MYSQL_5_7
region: us-central1
project: test_project
auth_kind: serviceaccount
service_account_file: "/tmp/auth.pem"
state: present
- name: create a read replica instance with backup file
google.cloud.gcp_sql_instance:
name: test_object_read_replica_with_backup_file
settings:
tier: db-n1-standard-1
activation_policy: ALWAYS
ip_configuration:
ipv4_enabled: true
require_ssl: true
database_version: MYSQL_5_7
region: us-central1a
master_instance_name : test_object # Master instance name.
project : test_project
auth_kind : serviceaccount
service_account_file : "/tmp/auth.pem"
state : present