SSL connections to a SQL database instance should be enforced.
In-transit data should be encrypted so that if traffic is intercepted data will not be exposed in plaintext to attackers.
Impact
Intercepted data can be read in transit
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Enforce SSL for all connections
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
resource "google_sql_database_instance" "postgres" {
name = "postgres-instance-a"
database_version = "POSTGRES_11"
settings {
tier = "db-f1-micro"
ip_configuration {
ipv4_enabled = false
authorized_networks {
value = "108.12.12.0/24"
name = "internal"
}
require_ssl = true
}
}
}
|
Links