HIGH
Source
Trivy
ID
AVD-GCP-0015

SSL connections to a SQL database instance should be enforced.

In-transit data should be encrypted so that if traffic is intercepted data will not be exposed in plaintext to attackers.

Impact

Intercepted data can be read in transit

Follow the appropriate remediation steps below to resolve the issue.

Enforce SSL for all connections

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
 resource "google_sql_database_instance" "postgres" {
 	name             = "postgres-instance-a"
 	database_version = "POSTGRES_11"
 	
 	settings {
 		tier = "db-f1-micro"
 	
 		ip_configuration {
 			ipv4_enabled = false
 			authorized_networks {
 				value           = "108.12.12.0/24"
 				name            = "internal"
 			}
 			require_ssl = true
 		}
 	}
 }