Public IP is assigned to SQL database instance Affecting Cloud SQL service in Google

Snyk CCSS

Network / Public Access

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CIS-Google CSA-CCM ISO-27001 NIST-800-53 SOC-2

Snyk ID SNYK-CC-00366
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

SQL database instances with public IP addresses may be directly accessible by hosts on the internet if configured incorrectly. To minimize its attack surface, a database server should be configured with private IP addresses. Private addresses provide better security because of intermediary firewall or NAT devices.

How to fix?

Set settings.ip_configuration.ipv4_enabled attribute to false.

Example Configuration

resource "google_sql_database_instance" "allowed_2" {
  name             = "db-instance"
  database_version = "POSTGRES_11"
  region           = "us-central1"
  settings {
    tier = "db-f1-micro"
    ip_configuration {
      ipv4_enabled = false
      private_network = google_compute_network.private_network.id
    }
  }
}

Terraform

Resource: google_sql_database_instance

Public IP is assigned to SQL database instance Affecting Cloud SQL service in Google

Severity

Description

How to fix?

Example Configuration

Terraform

References