SQL database instances should not permit access from 0.0.0.0/0¶
Description¶
SQL database instances permitting access from 0.0.0.0/0 are allowing access from anywhere in the world. To minimize its attack surface, a database server should only permit connections from trusted IP addresses.
Remediation Steps¶
Google Cloud Console¶
Navigate to Cloud SQL instances.
Click on the Cloud SQL database instance name to go to the Overview page.
Click Connections in the left navigation pane.
Scroll down to the Networking section.
Find any 0.0.0.0/0 in the Authorized networks section and hit the trash can icon to delete it.
Click Save.
gcloud CLI¶
Configure authorized networks for each Cloud SQL database instance, omitting the 0.0.0.0/0:
gcloud sql instances patch INSTANCE_NAME --authorized-networks=NETWORK_1, NETWORK_2...