GCP Database
Analyzes Cloud SQL instances and Memorystore Redis instances, focusing on backup configuration, SSL enforcement, public access, and authentication settings.
Required Blueprints: GCP
Sightlines
| Sightline | Description |
|---|---|
| Cloud SQL Security | Highlights Cloud SQL instances lacking automated backups or SSL enforcement. |
Explorer Node Types
Use these node types in Explorer or KAI to query resources surfaced by this analyzer:
gcp.cloudsql.Instance, gcp.cloudsql.Settings, gcp.bigquery.Dataset, gcp.firestore.FirestoreDatabase, gcp.spanner.SpannerDatabase, gcp.bigtable.Cluster, gcp.memorystore.RedisInstance
Related Analyzers
- GCP IAM — Database authentication through IAM
- GCP Network — Database private IP and authorized networks
- Database — Cross-provider database schema and user analysis
Insight Feed Alerts
- Cloud SQL Instance Without Backup -- Instances without automated backups (CIS GCP 6.7).
- Cloud SQL Instance Without SSL -- Instances not enforcing SSL connections (CIS GCP 6.4).
- Cloud SQL Instance Publicly Accessible -- Authorized networks include 0.0.0.0/0 (CIS GCP 6.5).
- Cloud SQL Instance With Public IP -- Instances with public IP addresses enabled (CIS GCP 6.6).
- Memorystore Redis Instance Without AUTH -- Redis instances allowing unauthenticated connections.
- Memorystore Redis Instance Without Transit Encryption -- Redis instances transmitting data without TLS.