Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Policy Packs
GCP CIS v2.0.0 - Section 6 - Cloud SQL Database Services
  • GCP > SQL > Instance > Approved
  • GCP > SQL > Instance > Approved > Custom
  • GCP > SQL > Instance > Authorized Network > Approved
  • GCP > SQL > Instance > Authorized Network > Approved > CIDR Ranges
  • GCP > SQL > Instance > Data Protection > Managed Backups
  • GCP > SQL > Instance > Data Protection > Managed Backups > Minimum Schedule
  • GCP > SQL > Instance > Data Protection > Managed Backups > Schedule
  • GCP > SQL > Instance > Database Flags
  • GCP > SQL > Instance > Database Flags > MySQL > Template
  • GCP > SQL > Instance > Database Flags > PostgreSQL > Template
  • GCP > SQL > Instance > Database Flags > SQL Server > Template
  • GCP > SQL > Instance > Encryption In Transit

Policy Settings

The GCP CIS v2.0.0 - Section 6 - Cloud SQL Database Services policy pack has 12 policy settings:

PolicySettingNote
GCP > SQL > Instance > ApprovedCheck: ApprovedGCP CIS v2.0.0 - Control: 6.2.9
GCP > SQL > Instance > Approved > CustomCalculatedGCP CIS v2.0.0 - Control: 6.2.9
GCP > SQL > Instance > Authorized Network > ApprovedCheck: ApprovedGCP CIS v2.0.0 - Control: 6.5
GCP > SQL > Instance > Authorized Network > Approved > CIDR Ranges- "10.2.1.2/24" - "172.141.23.22/26" GCP CIS v2.0.0 - Control: 6.5
GCP > SQL > Instance > Data Protection > Managed BackupsSkipGCP CIS v2.0.0 - Control: 6.7
GCP > SQL > Instance > Data Protection > Managed Backups > Minimum ScheduleEnforce: Daily for 30 daysGCP CIS v2.0.0 - Control: 6.7
GCP > SQL > Instance > Data Protection > Managed Backups > ScheduleEnforce: Daily for 30 daysGCP CIS v2.0.0 - Control: 6.7
GCP > SQL > Instance > Database FlagsCheck: Database flags are correctGCP CIS v2.0.0 - Control: 6.1.2, 6.1.3, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6 and 6.3.7
GCP > SQL > Instance > Database Flags > MySQL > Template{ "skip_show_database": "on", "local_infile": "off" } GCP CIS v2.0.0 - Control: 6.1.2 and 6.1.3
GCP > SQL > Instance > Database Flags > PostgreSQL > Template{ "log_error_verbosity": "default", "log_connections": "on", "log_disconnections": "on", "log_statement": "ddl", "log_min_messages": "log", "log_min_error_statement": "panic", "log_min_duration_statement": -1, "cloudsql.enable_pgaudit": "on" } GCP CIS v2.0.0 - Control: 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7 and 6.2.8
GCP > SQL > Instance > Database Flags > SQL Server > Template{ "3625": "on", "external scripts enabled": "off", "cross db ownership chaining": "off", "user connections": 10, "user options": 2, "remote access": "off", "contained database authentication": "off" } GCP CIS v2.0.0 - Control: 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6 and 6.3.7
GCP > SQL > Instance > Encryption In TransitCheck: EnabledGCP CIS v2.0.0 - Control: 6.4
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy