Other Articles
- Cloud SQL – Monitor CPU Utilization
- Cloud SQL – Enable Deletion Protection
- Cloud SQL – Enable Disk Encryption
- Cloud SQL – Enable Automated Backups
- Cloud SQL – Enable Log Export
- Cloud SQL – Enforce Password Validation
- Cloud SQL – Protect From Internet Access
- Cloud SQL – Enforce Secure Transport
- Compute Engine – Block Project-Wide SSH Keys
- Compute Engine – Disable IP Forwarding
- Compute Engine – Disable Public IP Addresses
- Compute Engine – Disable Serial Port Access
- Compute Engine – Enable Confidential Computing
- Compute Engine – Enable OS Login
- Compute Engine – Enable Shielded VM
- Compute Engine – Restrict Default Service Account
- General – Deny Public Access to KMS Keys
- General – Enforce Duties Separation
- General – Enforce KMS Key Rotation
- General – Restrict Admin Roles on Service Accounts
- Cloud Run – Configure Timeout Settings
- Cloud Storage – Enable Bucket Encryption
- Cloud Storage – Enable Bucket Logging
- Cloud Storage – Enable Bucket Versioning
- Cloud Storage – Enforce Uniform Bucket-Level Access
- Cloud Storage – Restrict Public Access
- IAM Users – Enforce GCP-Managed Keys
- IAM Users – Rotate External User-Managed Service Account Keys
Cloud SQL – Configure Private IP
This check ensures that Cloud SQL instances use private IP connectivity. Private IP restricts database access to internal networks, reducing exposure to the public internet and enhancing overall network security.
Check Details
- Resource: Cloud SQL
- Check: Configure private IP
- Risk: Without private IP connectivity, Cloud SQL instances may rely on public networking, increasing the risk of unauthorized access, data interception, and exposure to external threats.
Remediation via Google Cloud Console
-
Log in to the Google Cloud Console and navigate to
Cloud SQL.
- Click on the affected Cloud SQL instance.
-
Click Edit to modify the instance configuration.
- Scroll to the Connections section.
-
Enable Private IP and select the appropriate
VPC network.
- Click Save to apply the changes.
Remediation via Google Cloud CLI
-
Open the Google Cloud Console and launch
Cloud Shell.
-
Update the Cloud SQL instance to enable private IP connectivity:
gcloud sql instances patch <INSTANCE_NAME> \ --network <VPC_NETWORK> \ --no-assign-ip
Replace <INSTANCE_NAME> with your Cloud SQL instance name.
The <VPC_NETWORK> should be the full VPC network resource path.
Enabling private IP requires a configured private services access connection.
Default Value
By default, Cloud SQL instances do not use private IP connectivity unless explicitly configured. Public IP may be assigned, making the instance accessible over the internet.