Table: gcp_sql_database_instance - Query Google Cloud SQL Database Instances using SQL
Google Cloud SQL is a fully-managed database service that makes it easy to set up, maintain, manage, and administer your relational databases on Google Cloud Platform. It provides a cloud-based environment for running MySQL, PostgreSQL, and SQL Server databases. Google Cloud SQL offers high performance, scalability, and convenience for application developers.
Table Usage Guide
The gcp_sql_database_instance
table provides insights into the configuration and performance of Google Cloud SQL Database Instances. As a database administrator or developer, you can use this table to explore details about each instance, including its configuration, status, and performance metrics. This can help you optimize database performance, ensure proper configuration, and monitor the overall health of your databases.
Examples
Basic info
Explore which Google Cloud Platform SQL databases are currently active, their versions, and locations. This can help in understanding the distribution and usage of different databases across various regions.
select name, state, instance_type, database_version, machine_type, locationfrom gcp_sql_database_instance;
select name, state, instance_type, database_version, machine_type, locationfrom gcp_sql_database_instance;
List of users in the specified Cloud SQL instance.
Assess the elements within a specific Cloud SQL instance to identify all associated users. This is beneficial in managing access control and maintaining security protocols.
select name, instance_usersfrom gcp_sql_database_instancewhere name = 'my-sql-instance';
select name, instance_usersfrom gcp_sql_database_instancewhere name = 'my-sql-instance';
List of replica databases and their master instances
Discover the segments that utilize replica databases by identifying their corresponding master instances. This can be beneficial in understanding the structure and distribution of your database system, particularly in scenarios where redundancy or load balancing is a key concern.
select name, master_instance_name, replication_type, gce_zone as replica_database_zonefrom gcp_sql_database_instancewhere database_replication_enabled;
select name, master_instance_name, replication_type, gce_zone as replica_database_zonefrom gcp_sql_database_instancewhere database_replication_enabled = 1;
List of assigned IP addresses to the database instances
Explore which IP addresses have been assigned to your database instances. This can help you maintain a secure network and monitor potential unauthorized access.
select name, ip ->> 'ipAddress' as ip_address, ip ->> 'type' as typefrom gcp_sql_database_instance, jsonb_array_elements(ip_addresses) as ip;
select name, json_extract(ip.value, '$.ipAddress') as ip_address, json_extract(ip.value, '$.type') as typefrom gcp_sql_database_instance, json_each(ip_addresses) as ip;
List of external networks that can connect to the database instance
Explore which external networks have access to your database instance. This is useful to maintain security by ensuring only authorized networks can connect.
select name as instance_name, i ->> 'name' as authorized_network_name, i ->> 'value' as authorized_network_value, ip_configuration ->> 'ipv4Enabled' as ipv4_enabledfrom gcp_sql_database_instance, jsonb_array_elements(ip_configuration -> 'authorizedNetworks') as i;
select name as instance_name, json_extract(i.value, '$.name') as authorized_network_name, json_extract(i.value, '$.value') as authorized_network_value, json_extract(ip_configuration, '$.ipv4Enabled') as ipv4_enabledfrom gcp_sql_database_instance, json_each( json_extract(ip_configuration, '$.authorizedNetworks') ) as i;
List of database instances without application tag key
Identify instances where database instances lack an application tag key. This is useful in understanding and rectifying configurations that are missing vital tagging, thereby improving resource management and organization.
select name, tagsfrom gcp_sql_database_instancewhere not tags :: JSONB ? 'application';
select name, tagsfrom gcp_sql_database_instancewhere not json_valid(tags) or json_extract(tags, '$.application') is null;
Count of database instances per location
Explore which locations have the highest number of database instances. This can help in understanding the distribution of resources and potentially identifying areas for infrastructure optimization.
select location, count(*) instance_countfrom gcp_sql_database_instancegroup by location;
select location, count(*) instance_countfrom gcp_sql_database_instancegroup by location;
Query examples
- compute_networks_for_sql_database_instance
- kms_keys_for_sql_database_instance
- primary_sql_database_instances_for_sql_database_instance
- replica_sql_database_instances_for_sql_database_instance
- sql_database_instance_backup_enabled
- sql_database_instance_backup_enabled_count
- sql_database_instance_by_database_version
- sql_database_instance_by_location
- sql_database_instance_by_project
- sql_database_instance_by_replica
- sql_database_instance_by_state
- sql_database_instance_connection
- sql_database_instance_count
- sql_database_instance_cpu_utilization
- sql_database_instance_data_disk_size
- sql_database_instance_database_version
- sql_database_instance_encryption
- sql_database_instance_encryption_count
- sql_database_instance_encryption_detail
- sql_database_instance_input
- sql_database_instance_is_public
- sql_database_instance_overview
- sql_database_instance_point_in_time_recovery_enable_count
- sql_database_instance_public_access_count
- sql_database_instance_ssl_enabled
- sql_database_instance_ssl_enabled_count
- sql_database_instance_tags
- sql_database_instances_for_compute_network
- sql_database_instances_for_kms_key
Control examples
- All Controls > SQL > Ensure 'log_duration' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- All Controls > SQL > Ensure 'log_executor_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
- All Controls > SQL > Ensure 'log_hostname' database flag for Cloud SQL PostgreSQL instance is set appropriately
- All Controls > SQL > Ensure 'log_parser_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
- All Controls > SQL > Ensure 'log_planner_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
- All Controls > SQL > Ensure 'log_statement_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
- All Controls > SQL > Ensure that 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance is Set to 'on' For Centralized Logging
- All Controls > SQL > Ensure that the 'log_checkpoints' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- All Controls > SQL > Ensure that the 'log_lock_waits' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- All Controls > SQL > Ensure that the 'log_temp_files' database flag for Cloud SQL PostgreSQL instance is set to '0'
- All Controls > SQL > MySql Instances should have binary log enabled
- All Controls > SQL > SQL Instances should have labels configured
- Check if Cloud SQL instances are world readable
- Check if Cloud SQL instances have SSL turned on
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.1 MySQL Database > 6.1.2 Ensure 'skip_show_database' database flag for Cloud SQL Mysql instance is set to 'on'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.1 MySQL Database > 6.1.3 Ensure that the 'local_infile' database flag for a Cloud SQL Mysql instance is set to 'off'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.1 Ensure that the 'log_checkpoints' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.10 Ensure 'log_planner_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.11 Ensure 'log_executor_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.12 Ensure 'log_statement_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.14 Ensure 'log_min_error_statement' database flag for Cloud SQL PostgreSQL instance is set to 'Error' or stricter
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.15 Ensure that the 'log_temp_files' database flag for Cloud SQL PostgreSQL instance is set to '0'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.16 Ensure that the 'log_min_duration_statement' database flag for Cloud SQL PostgreSQL instance is set to '-1' (disabled)
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.3 Ensure that the 'log_connections' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.4 Ensure that the 'log_disconnections' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.5 Ensure 'log_duration' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.6 Ensure that the 'log_lock_waits' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.8 Ensure 'log_hostname' database flag for Cloud SQL PostgreSQL instance is set appropriately
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.9 Ensure 'log_parser_stats' database flag for Cloud SQL PostgreSQL instance is set to 'off'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.1 Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.2 Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.3 Ensure 'user connections' database flag for Cloud SQL SQL Server instance is set as appropriate
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.4 Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.5 Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.6 Ensure '3625 (trace flag)' database flag for Cloud SQL SQL Server instance is set to 'off'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.7 Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.4 Ensure that the Cloud SQL database instance requires all incoming connections to use SSL
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.5 Ensure that Cloud SQL database instances are not open to the world
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.6 Ensure that Cloud SQL database instances do not have public IPs
- CIS v1.2.0 > 6 Cloud SQL Database Services > 6.7 Ensure that Cloud SQL database instances are configured with automated backups
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.1 MySQL Database > 6.1.2 Ensure 'skip_show_database' database flag for Cloud SQL Mysql instance is set to 'on'
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.1 MySQL Database > 6.1.3 Ensure that the 'local_infile' database flag for a Cloud SQL Mysql instance is set to 'off'
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.2 Ensure that the 'log_connections' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.3 Ensure that the 'log_disconnections' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.5 Ensure 'log_hostname' database flag for Cloud SQL PostgreSQL instance is set appropriately
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.7 Ensure 'log_min_error_statement' database flag for Cloud SQL PostgreSQL instance is set to 'Error' or stricter
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.8 Ensure that the 'log_min_duration_statement' database flag for Cloud SQL PostgreSQL instance is set to '-1' (disabled)
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.9 Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.1 Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.2 Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.3 Ensure 'user connections' database flag for Cloud SQL SQL Server instance is set as appropriate
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.4 Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.5 Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.6 Ensure '3625 (trace flag)' database flag for Cloud SQL SQL Server instance is set to 'off'
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.7 Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.4 Ensure that the Cloud SQL database instance requires all incoming connections to use SSL
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.5 Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.6 Ensure that Cloud SQL database instances do not have public IPs
- CIS v1.3.0 > 6 Cloud SQL Database Services > 6.7 Ensure that Cloud SQL database instances are configured with automated backups
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.1 MySQL Database > 6.1.2 Ensure 'skip_show_database' database flag for Cloud SQL Mysql instance is set to 'on'
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.1 MySQL Database > 6.1.3 Ensure that the 'local_infile' database flag for a Cloud SQL Mysql instance is set to 'off'
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.1 Ensure 'log_error_verbosity' database flag for Cloud SQL PostgreSQL instance is set to 'DEFAULT' or stricter
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.2 Ensure that the 'log_connections' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.3 Ensure that the 'log_disconnections' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.4 Ensure 'log_statement' database flag for Cloud SQL PostgreSQL instance is set appropriately
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.5 Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.6 Ensure 'log_min_error_statement' database flag for Cloud SQL PostgreSQL instance is set to 'Error' or stricter
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.7 Ensure that the 'log_min_duration_statement' database flag for Cloud SQL PostgreSQL instance is set to '-1' (disabled)
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.8 Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.9 Ensure Instance IP assignment is set to private
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.1 Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.2 Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.3 Ensure 'user connections' database flag for Cloud SQL SQL Server instance is set as appropriate
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.4 Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.5 Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.6 Ensure '3625 (trace flag)' database flag for Cloud SQL SQL Server instance is set to 'off'
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.7 Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.4 Ensure that the Cloud SQL database instance requires all incoming connections to use SSL
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.5 Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.6 Ensure that Cloud SQL database instances do not have public IPs
- CIS v2.0.0 > 6 Cloud SQL Database Services > 6.7 Ensure that Cloud SQL database instances are configured with automated backups
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.1 MySQL Database > 6.1.2 Ensure 'Skip_show_database' Database Flag for Cloud SQL MySQL Instance Is Set to 'On'
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.1 MySQL Database > 6.1.3 Ensure That the 'Local_infile' Database Flag for a Cloud SQL MySQL Instance Is Set to 'Off'
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.1 Ensure 'Log_error_verbosity' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'DEFAULT' or Stricter
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.2 Ensure That the 'Log_connections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.3 Ensure That the 'Log_disconnections' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'On'
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.4 Ensure 'Log_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set Appropriately
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.5 Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.6 Ensure 'Log_min_error_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to 'Error' or Stricter
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.7 Ensure That the 'Log_min_duration_statement' Database Flag for Cloud SQL PostgreSQL Instance Is Set to '-1'
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.2 PostgreSQL Database > 6.2.8 Ensure That 'cloudsql.enable_pgaudit' Database Flag for each Cloud Sql Postgresql Instance Is Set to 'on' For Centralized Logging
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.1 Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.2 Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.3 Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.4 Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.5 Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.6 Ensure '3625 (trace flag)' database flag for all Cloud SQL Server instances is set to 'on'
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.3 SQL Server > 6.3.7 Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is not set to 'on'
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.4 Ensure That the Cloud SQL Database Instance Requires All Incoming Connections To Use SSL
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.5 Ensure That Cloud SQL Database Instances Do Not Implicitly Whitelist All Public IP Addresses (
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.6 Ensure That Cloud SQL Database Instances Do Not Have Public IPs
- CIS v3.0.0 > 6 Cloud SQL Database Services > 6.7 Ensure That Cloud SQL Database Instances Are Configured With Automated Backups
- Ensure '3625 (trace flag)' database flag for Cloud SQL SQL Server instance is set to 'off'
- Ensure '3625 (trace flag)' database flag for Cloud SQL SQL Server instance is set to 'off'
- Ensure 'external scripts enabled' database flag for Cloud SQL SQL Server instance is set to 'off'
- Ensure 'log_error_verbosity' database flag for Cloud SQL PostgreSQL instance is set to 'DEFAULT' or stricter
- Ensure 'log_min_error_statement' database flag for Cloud SQL PostgreSQL instance is set to 'Error' or stricter
- Ensure 'log_statement' database flag for Cloud SQL PostgreSQL instance is set appropriately
- Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
- Ensure 'remote access' database flag for Cloud SQL SQL Server instance is set to 'off'
- Ensure 'skip_show_database' database flag for Cloud SQL Mysql instance is set to 'on'
- Ensure 'user options' database flag for Cloud SQL SQL Server instance is not configured
- Ensure Instance IP assignment is set to private
- Ensure that Cloud SQL database instances are configured with automated backups
- Ensure that the 'contained database authentication' database flag for Cloud SQL on the SQL Server instance is set to 'off'
- Ensure that the 'cross db ownership chaining' database flag for Cloud SQL SQL Server instance is set to 'off'
- Ensure that the 'local_infile' database flag for a Cloud SQL Mysql instance is set to 'off'
- Ensure that the 'log_connections' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- Ensure that the 'log_disconnections' database flag for Cloud SQL PostgreSQL instance is set to 'on'
- Ensure that the 'log_min_duration_statement' database flag for Cloud SQL PostgreSQL instance is set to '-1' (disabled)
- Ensure that the 'Log_min_messages' Flag for a Cloud SQL PostgreSQL Instance is set at minimum to 'Warning'
- Prevent a public IP from being assigned to a Cloud SQL instance
Schema for gcp_sql_database_instance
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
activation_policy | text | Describes the activation policy specifies when the instance is activated. | |
akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
authorized_gae_applications | jsonb | A list of App Engine app IDs, that can access this instance. | |
availability_type | text | Specifies the availability type of the instance. This field is used only for PostgreSQL and MySQL instances. | |
backend_type | text | !=, = | Specifies the backend type. Possible values are: FIRST_GEN, SECOND_GEN, EXTERNAL, and SQL_BACKEND_TYPE_UNSPECIFIED. |
backup_enabled | boolean | Indicates whether backup configuration is enabled, or not. | |
backup_location | text | Specifies the backup location. | |
backup_replication_log_archiving_enabled | boolean | Indicates whether backup replication log archiving is enabled, or not. | |
backup_start_time | text | Specifies the start time for the daily backup configuration. | |
binary_log_enabled | boolean | Indicates whether binary log is enabled, or not. | |
can_defer_maintenance | boolean | Indicates whether the scheduled maintenance can be deferred, or not. | |
can_reschedule_maintenance | boolean | Indicates whether the scheduled maintenance can be rescheduled, or not. | |
connection_name | text | Specifies the connection name of the Cloud SQL instance used in connection strings. | |
crash_safe_replication_enabled | boolean | Specifies whether the database flags for crash-safe replication are enabled, or not. | |
create_time | timestamp with time zone | The time when the instance was created. | |
current_disk_size | bigint | Specifies the current disk usage of the instance in bytes. | |
data_disk_size_gb | bigint | Specifies the size of the data disk, in GB. Minimum size is 10GB. Not used for First Generation instances. | |
data_disk_type | text | Specifies the type of the data disk used for this instance. | |
database_flags | jsonb | A list of database flags passed to the instance at startup. | |
database_installed_version | text | Specifies the current database version running on the instance including minor version such as MYSQL_8_0_18. | |
database_replication_enabled | boolean | Specifies whether the replication of database is enabled, or not. | |
database_version | text | !=, = | Specifies the type and version of the database engine. |
enable_point_in_time_recovery | boolean | Allows user to recover data from a specific point in time, down to a fraction of a second. | |
failover_replica_available | boolean | The availability status of the failover replica. A false status indicates that the failover replica is out of sync. | |
failover_replica_name | text | The name of the failover replica. If specified at instance creation, a failover replica is created for the instance. | |
gce_zone | text | !=, = | Specifies the Compute Engine zone that the instance is currently serving from. |
instance_type | text | !=, = | Specifies the type of the instance. |
instance_users | jsonb | A list of users in the specified Cloud SQL instance. | |
ip_addresses | jsonb | A list of assigned IP addresses for the instance. | |
ip_configuration | jsonb | Describes the settings for IP management. It allows to enable or disable the instance IP and manage which external networks can connect to the instance. | |
ipv6_address | inet | Specifies the IPv6 address assigned to the instance. This property is applicable only to First Generation instances. | |
kind | text | The type of the resource. | |
kms_key_name | text | Specifies the resource name of KMS key used for disk encryption. | |
kms_key_version_name | text | Specifies the KMS key version used to encrypt the Cloud SQL instance. | |
labels | jsonb | A label is a key-value pair that helps you organize your Google Cloud instances. You can attach a label to each resource, then filter the resources based on their labels. | |
location | text | The GCP multi-region, region, or zone in which the resource is located. | |
location_preference | jsonb | Describes the location preference settings. This allows the instance to be located as near as possible to either an App Engine app or Compute Engine zone for better performance. | |
machine_type | text | Specifies the tier or machine type for this instance. | |
maintenance_start_time | timestamp with time zone | The start time of any upcoming scheduled maintenance for this instance. | |
maintenance_version | text | The current software version on the instance. | |
maintenance_window | jsonb | Describes the maintenance window for this instance. | |
master_instance_name | text | Specifies the name of the instance which will act as master in the replication setup. | |
max_disk_size | bigint | Specifies the maximum disk size of the instance in bytes. | |
name | text | = | A friendly name that identifies the resource. |
on_premises_configuration | jsonb | Describes the configurations specific to on-premises instances. | |
pricing_plan | text | Specifies the pricing plan for this instance. | |
project | text | =, !=, ~~, ~~*, !~~, !~~* | The GCP Project in which the resource is located. |
replica_names | jsonb | A list of replicas of the instance. | |
replication_configuration | jsonb | Describes the configurations specific to failover replicas and read replicas. | |
replication_type | text | Specifies the type of replication this instance uses. | |
self_link | text | The server-defined URL for the resource. | |
service_account_email_address | text | The service account email address assigned to the instance. This property is applicable only to Second Generation instances. | |
settings_version | bigint | Specifies the version of instance settings. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
ssl_configuration | jsonb | Describes the SSL configuration of the instance. | |
state | text | !=, = | Specifies the current serving state of the Cloud SQL instance. |
storage_auto_resize | boolean | Specifies whether the configuration for automatic increment of the the storage size is enabled, or not. | |
storage_auto_resize_limit | bigint | Specifies the maximum size to which storage capacity can be automatically increased. | |
suspension_reason | jsonb | A list of reasons for the suspension, if the instance state is SUSPENDED. | |
tags | jsonb | A map of tags for the resource. | |
title | text | Title of the resource. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- gcp
You can pass the configuration to the command with the --config
argument:
steampipe_export_gcp --config '<your_config>' gcp_sql_database_instance