SQL database instances should not permit access from 0.0.0.0/0

Description

SQL database instances permitting access from 0.0.0.0/0 are allowing access from anywhere in the world. To minimize its attack surface, a database server should only permit connections from trusted IP addresses.

Remediation Steps

Google Cloud Console

  • Navigate to Cloud SQL instances.

  • Click on the Cloud SQL database instance name to go to the Overview page.

  • Click Connections in the left navigation pane.

  • Scroll down to the Networking section.

  • Find any 0.0.0.0/0 in the Authorized networks section and hit the trash can icon to delete it.

  • Click Save.

gcloud CLI

  • Configure authorized networks for each Cloud SQL database instance, omitting the 0.0.0.0/0:

    • gcloud sql instances patch INSTANCE_NAME --authorized-networks=NETWORK_1, NETWORK_2...