Control: 6.4 Ensure that the Cloud SQL database instance requires all incoming connections to use SSL
It is recommended to enforce all incoming connections to SQL database instance to use
SQL database connections if successfully trapped (MITM); can reveal sensitive data like credentials, database queries, query outputs etc. For security, it is recommended to always use SSL encryption when connecting to your instance.
This recommendation is applicable for PostgreSQL, MySQL generation 1, MySQL generation 2 and SQL Server 2017 instances.
- Login in to Cloud SQL Instances
- Click on an instance name to see its configuration overview.
- In the left-side panel, select
- In the
SSL encryptionsection, click Allow only SSL connections.
Manage server certificatesclick Create new certificate.
Manage client certificatesclick Create a client certificate.
- Follow the instructions shown to learn how to connect to your instance.
From Command Line
- To enforce SSL encryption for an instance run the command:
gcloud sql instances patch INSTANCE_NAME --require-ssl
steampipe check gcp_compliance.control.cis_v120_6_4
This control uses a named query:sql_instance_require_ssl_enabled