Risk Level: Low
Cloud Entity: GCP CloudSql
CloudGuard Rule ID: D9.GCP.AS.08
Covered by Spectral: Yes
Category: Database

GSL LOGIC

CloudSql should have settings.userLabels

REMEDIATION

From Portal

Go to the SQL page in the Google Cloud Console.
Click the instance name to open its Instance details page.
Click Edit
Scroll down and click on Labels
Click Add Label and add your new key-value informational data about the instance.
Save and review your changes

From TF
Set the label KEY:VALUE in the node 'labels':

resource 'google_sql_database_instance' 'postgres' {
	..
	settings{
		user_labels = {
			'label_key' = 'label_val'
		}
		..
	}
	..
}

From Command Line
Run

gcloud beta sql instances patch INSTANCE_NAME --update-labels KEY1=VALUE1,KEY2=VALUE2

References

GCP CloudSql

Cloud SQL is a fully managed database service that makes it easy to set up, maintain, manage, and administer your relational PostgreSQL, MySQL, and SQL Server databases in the cloud.

Compliance Frameworks

CloudGuard GCP All Rules Ruleset
GCP CloudGuard Best Practices
GCP NIST 800-53 Rev 5