Ensure Cloud SQL instances have labels
A label is a key-value pair that helps you organize your Google Cloud Platform resources. Labels can be used to identify or search for instances and it is recommended to mark each instance with a label.
Risk Level: Low
Cloud Entity: GCP CloudSql
CloudGuard Rule ID: D9.GCP.AS.08
Covered by Spectral: Yes
Category: Database
GSL LOGIC
CloudSql should have settings.userLabels
REMEDIATION
From Portal
- Go to the SQL page in the Google Cloud Console.
- Click the instance name to open its Instance details page.
- Click Edit
- Scroll down and click on Labels
- Click Add Label and add your new key-value informational data about the instance.
- Save and review your changes
From TF
Set the label KEY:VALUE in the node 'labels':
resource 'google_sql_database_instance' 'postgres' {
..
settings{
user_labels = {
'label_key' = 'label_val'
}
..
}
..
}
From Command Line
Run
gcloud beta sql instances patch INSTANCE_NAME --update-labels KEY1=VALUE1,KEY2=VALUE2
References
- https://cloud.google.com/sql/docs/mysql/label-instance
- https://cloud.google.com/sdk/gcloud/reference/beta/sql/instances/patch#--update-labels
GCP CloudSql
Cloud SQL is a fully managed database service that makes it easy to set up, maintain, manage, and administer your relational PostgreSQL, MySQL, and SQL Server databases in the cloud.
Compliance Frameworks
- CloudGuard GCP All Rules Ruleset
- GCP CloudGuard Best Practices
- GCP NIST 800-53 Rev 5
Updated about 1 year ago