SQL database instances should not permit access from


SQL database instances permitting access from are allowing access from anywhere in the world. To minimize its attack surface, a database server should only permit connections from trusted IP addresses.

Remediation Steps

Google Cloud Console

  • Navigate to Cloud SQL instances.

  • Click on the Cloud SQL database instance name to go to the Overview page.

  • Click Connections in the left navigation pane.

  • Scroll down to the Networking section.

  • Find any in the Authorized networks section and hit the trash can icon to delete it.

  • Click Save.

gcloud CLI

  • Configure authorized networks for each Cloud SQL database instance, omitting the

    • gcloud sql instances patch INSTANCE_NAME --authorized-networks=NETWORK_1, NETWORK_2...