Other Articles
- Cloud SQL – Configure Private IP
- Cloud SQL – Monitor CPU Utilization
- Cloud SQL – Enable Deletion Protection
- Cloud SQL – Enable Disk Encryption
- Cloud SQL – Enable Log Export
- Cloud SQL – Enforce Password Validation
- Cloud SQL – Protect From Internet Access
- Cloud SQL – Enforce Secure Transport
- Compute Engine – Block Project-Wide SSH Keys
- Compute Engine – Disable IP Forwarding
- Compute Engine – Disable Public IP Addresses
- Compute Engine – Disable Serial Port Access
- Compute Engine – Enable Confidential Computing
- Compute Engine – Enable OS Login
- Compute Engine – Enable Shielded VM
- Compute Engine – Restrict Default Service Account
- General – Deny Public Access to KMS Keys
- General – Enforce Duties Separation
- General – Enforce KMS Key Rotation
- General – Restrict Admin Roles on Service Accounts
- Cloud Run – Configure Timeout Settings
- Cloud Storage – Enable Bucket Encryption
- Cloud Storage – Enable Bucket Logging
- Cloud Storage – Enable Bucket Versioning
- Cloud Storage – Enforce Uniform Bucket-Level Access
- Cloud Storage – Restrict Public Access
- IAM Users – Enforce GCP-Managed Keys
- IAM Users – Rotate External User-Managed Service Account Keys
Cloud SQL – Enable Automated Backups
This check ensures that automated backups are enabled for Cloud SQL instances. Automated backups protect databases from data loss, corruption, and accidental deletion.
Check Details
- Resource: Cloud SQL
- Check: Configure automated backups
- Risk: Without automated backups, database data cannot be recovered in the event of accidental deletion, corruption, or system failure, leading to data loss and service downtime.
Remediation via Google Cloud Console
-
Log in to the Google Cloud Console and navigate to
Cloud SQL.
- Click on the affected Cloud SQL instance.
-
Click Edit to modify the instance configuration.
-
Scroll to the Backups section under Storage tab.
- Enable Automated backups and select a preferred backup window.
- Click Save to apply the changes.
Remediation via Google Cloud CLI
-
Open the Google Cloud Console and launch
Cloud Shell.
-
List all Cloud SQL instances excluding read replicas:
gcloud sql instances list --format=json | \ jq '. | map(select(.instanceType != "READ_REPLICA_INSTANCE")) | .[].name' -
Enable automated backups for a Cloud SQL instance:
gcloud sql instances patch <INSTANCE_NAME> \ --backup-start-time <HH:MM>
Replace <INSTANCE_NAME> with the Cloud SQL instance name.
The --backup-start-time value must be specified in 24-hour format
(UTC) and defines the start of a 4-hour backup window.
Default Value
By default, automated backups are not enabled for Cloud SQL instances. Backup and point-in-time recovery are not available unless automated backups are configured.