Risk Level: Low
Cloud Entity: GCP CloudSql
CloudGuard Rule ID: D9.GCP.DR.02
Covered by Spectral: Yes
Category: Database

GSL LOGIC

CloudSql where databaseVersion like 'mysql%' should have settings.backupConfiguration.binaryLogEnabled=true

REMEDIATION

From Portal

Go to the Cloud SQL Instances page in the Google Cloud Console.
Select the instance for which you want to configure Point-in-time backups.
Click Backups on left panel, then Edit
check 'Enable point-in-time recovery'
Save and review your changes.

From TF
Set the point_in_time_recovery_enabled to be equal to true:

resource 'google_sql_database_instance' 'instance' {
	..
	settings {
		backup_configuration {
			enabled                        = true
			binary_log_enabled             = true
			point_in_time_recovery_enabled = true
		}
	}
	..
}

From Command Line
Run

gcloud sql instances patch INSTANCE_NAME --enable-bin-log --retained-transaction-log-days=DAYS

References

GCP CloudSql

Cloud SQL is a fully managed database service that makes it easy to set up, maintain, manage, and administer your relational PostgreSQL, MySQL, and SQL Server databases in the cloud.

Compliance Frameworks

CloudGuard GCP All Rules Ruleset
GCP CloudGuard Best Practices
GCP MITRE ATT&CK Framework v12.1
GCP NIST 800-53 Rev 5