Ensure 'user Connections' Database Flag for Cloud Sql Sql Server Instance Is Set to a Non-limiting Value

Risk Level: Medium
Cloud Entity: GCP CloudSql
CloudGuard Rule ID: D9.GCP.VLN.09
Covered by Spectral: Yes
Category: Database

GSL LOGIC

CloudSql where databaseVersion like 'SQLSERVER%' should have settings.databaseFlags contain [ name like 'user connections' and value length()>0]

REMEDIATION

From Portal

Navigate to the instance where the flag needs to be set: https://console.cloud.google.com/sql/instances
Click Edit Configurations
Under flags section, choose add flag, look for 'user connections' and set its value to your organization recommended value.
Save and review your changes

From TF
Set the flag 'user connections' with your organization recommended value:

resource 'google_sql_database_instance' 'default' {
	...
	settings {
		database_flags {
			name  = 'user connections'
			value = *your organization recommended value*
		}
	}
}

From Command Line

First retrieve all existing flags values:

gcloud sql instances describe INSTANCE_NAME

Add all existing flags and their value to the patch request - otherwise they will get set to their default value.

gcloud sql instances patch INSTANCE_NAME --database-flags (ExistingFlag1=Value1,ExistingFlag2=Value2,...),'user connections'= *your organization recommended value*

References

GCP CloudSql

Cloud SQL is a fully managed database service that makes it easy to set up, maintain, manage, and administer your relational PostgreSQL, MySQL, and SQL Server databases in the cloud.

Compliance Frameworks

CloudGuard GCP All Rules Ruleset
GCP CIS Controls V 8
GCP CIS Foundations v. 1.2.0
GCP CIS Foundations v. 1.3.0
GCP CIS Foundations v. 2.0
GCP CloudGuard Best Practices
GCP MITRE ATT&CK Framework v12.1
GCP NIST 800-53 Rev 5

Updated 7 months ago