SQL database instances should not have public IPs¶
Description¶
SQL database instances with public IP addresses are directly accessible by hosts on the Internet. To minimize its attack surface, a database server should be configured with private IP addresses. Private addresses provide better security because of intermediary firewall or NAT devices.
Remediation Steps¶
Google Cloud Console¶
Navigate to Cloud SQL instances.
Click on the Cloud SQL database instance name to go to the Overview page.
Click Connections in the left navigation pane.
Scroll down to the Networking section.
Uncheck the Public IP checkbox.
Click Save.
gcloud CLI¶
Disable a public IP for each Cloud SQL database instance:
gcloud sql instances patch INSTANCE_NAME --no-assign-ip