New CloudGuard Dome9 Entity: GCP Cloud SQL
We added support for GCP Cloud SQL in the Dome9 Compliance Engine and Inventory.
Cloud SQL is a GCP managed database service that supports PostgreSQL, MySQL, and SQL Server.
It is now possible to reason on Cloud SQL configurations such as replications and disk sizes; networking configurations like IP addresses; and security settings such as certificates and user access rights.
- CloudSQL DB should not be publicly exposed
CloudSql should not have ipAddresses contain [ ipAddress isPublic() ]
- Make sure auto backup is enabled
CloudSqlshould have settings.backupConfiguration.enabled
Note: retrieving data on CloudSQL requires additional permissions. Check the Dome9 GCP Onboarding for new onboarding procedure, and Cloud Accounts page for missing permissions notifications.