Ensure that SQL Server database instances have the appropriate configuration set for the 'user connections' flag

The 'user connections' flag defines the maximum concurrent user connections allowed on an SQL Server database instance.

Risk Level: High
Cloud Entity: GCP CloudSql
CloudGuard Rule ID: D9.GCP.AS.11
Covered by Spectral: No
Category: Database

GSL LOGIC

CloudSql where databaseVersion regexMatch /SQLSERVER.*/ should have settings.databaseFlags contain [ name='user connections' ]

REMEDIATION

From Portal

Go to Cloud SQL instances: https://console.cloud.google.com/sql/instances.
In the Filter box select 'Type', and then 'SQL Server' (with the versions of the SQL servers to remediate).
Click on the instance that you want to remediate.
In the Overview panel, under 'Configuration', click on 'Edit configuration'.
Scroll down and expand 'Flags and parameters'.
Click on 'ADD A DATABASE FLAG', choose the 'user connections' flag and enter the appropriate value in the 'Value' field.
Select 'Done' and Save the changes (the changes require a restart of the instance).
Repeat steps 3 - 7 for every SQL Server in the project.
Repeat steps 2 - 8 for every project in your GCP account.

From TF

Add the 'user connections' flag with the desired value to the SQL Server instance

resource 'google_sql_database_instance' 'EXAMPLE_SQL_SERVER_INSTANCE' {
	settings {
		database_flags{
			...
			name  = 'user connections'
			value = 'MAX_USER_CONNECTIONS_VALUE'  // Set your desired user connections value
			...
		}
	}
}

From Command Line
Run

gcloud sql instances patch EXAMPLE_SQL_SERVER_INSTANCE --database-flags 'user connections=MAX_USER_CONNECTIONS_VALUE'

Note: this command restarts automatically the SQL Server instance.

References

GCP CloudSql

Cloud SQL is a fully managed database service that makes it easy to set up, maintain, manage, and administer your relational PostgreSQL, MySQL, and SQL Server databases in the cloud.

Compliance Frameworks

CloudGuard GCP All Rules Ruleset

Updated over 1 year ago