Turbot Guardrails Hub 
Hub
  • Mods
  • Policy Packs
  • Docs
  • Home
ModsPolicy PacksDocsHome
Policy Packs
GCP CIS v2.0.0 - Section 6 - Cloud SQL Database Services
  • GCP > SQL > Instance > Approved
  • GCP > SQL > Instance > Approved > Custom
  • GCP > SQL > Instance > Authorized Network > Approved
  • GCP > SQL > Instance > Authorized Network > Approved > CIDR Ranges
  • GCP > SQL > Instance > Data Protection > Managed Backups
  • GCP > SQL > Instance > Data Protection > Managed Backups > Minimum Schedule
  • GCP > SQL > Instance > Data Protection > Managed Backups > Schedule
  • GCP > SQL > Instance > Database Flags
  • GCP > SQL > Instance > Database Flags > MySQL > Template
  • GCP > SQL > Instance > Database Flags > PostgreSQL > Template
  • GCP > SQL > Instance > Database Flags > SQL Server > Template
  • GCP > SQL > Instance > Encryption In Transit
Get Involved
Discuss on Slack

Policy Setting: GCP > SQL > Instance > Approved > Custom

Policies

This policy setting is dependent on the following policy types:

  • GCP > SQL > Instance > Approved > Custom

Source

resource "turbot_policy_setting" "gcp_sql_instance_approved_custom" {
  resource       = turbot_policy_pack.main.id
  type           = "tmod:@turbot/gcp-sql#/policy/types/instanceApprovedCustom"
  note           = "GCP CIS v2.0.0 - Control: 6.2.9"
  template_input = <<-EOT
    {
      item: instance {
        ipAddresses: get(path: "ipAddresses")
      }
    }
  EOT
  template       = <<-EOT
    {%- set ipAddresses = $.item.ipAddresses -%}


    {%- set privateIpExists = false -%}


    {%- for obj in ipAddressesArr -%}


      {%- if not privateIpExists and obj.type == "PRIVATE" -%}


        {%- set privateIpExists = true -%}


      {%- endif -%}


    {%- endfor -%}


    {%- if ipAddresses | length == 0 or not privateIpExists -%}


      {%- set data = {
          "title": "Private IP Assignment",
          "result": "Not approved",
          "message": "IP assignment type is not private"
      } -%}


    {%- elif privateIpExists -%}


      {%- set data = {
          "title": "Private IP Assignment",
          "result": "Approved",
          "message": "IP assignment type is private"
      } -%}


    {%- else -%}


      {%- set data = {
          "title": "Private IP Assignment",
          "result": "Skip",
          "message": "No data for IP assignment yet"
      } -%}


    {%- endif -%}


    {{ data | json }}
  EOT
}
Guardrails
Guardrails Hub
  • Hub
  • Docs
  • Blog
  • Changelog
Products
  • GuardrailsGuardrails
  • PipesPipes
  • SteampipeSteampipe
  • PowerpipePowerpipe
  • FlowpipeFlowpipe
  • TailpipeTailpipe
Turbot
  • Home
  • About us
  • We're hiring!
  • Contact us
Community

Our community of practitioners love to discuss cloud governance & security.

Slack logoJoin us on Slack →

System StatusLegalSecurity
Terms of UseSecurityPrivacy