SQL database instances should require incoming connections to use SSL

Description

SQL database instances supporting plaintext connections are susceptible to man-in-the-middle attacks that can reveal sensitive data like credentials, queries, and datasets. It is therefore recommended to always use SSL encryption for database connections.

Remediation Steps

Google Cloud Console

  • Navigate to Cloud SQL instances.

  • Click on the Cloud SQL database instance name to go to the Overview page.

  • Click Connections in the left navigation pane.

  • Scroll down to the Security section.

  • Check the Allow only SSL connections box.

gcloud CLI

  • Enable the require-ssl flag for each Cloud SQL database instance:

    • gcloud sql instances patch INSTANCE_NAME --require-ssl