Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Google > Sql >

Enable Backup

MEDIUM
Source
Trivy/CSPM
CSPM ID
db-automated-backups
ID
AVD-GCP-0024
management_console terraform

Enable automated backups to recover from data-loss

Automated backups are not enabled by default. Backups are an easy way to restore data in a corruption or data-loss scenario.

Impact

Follow the appropriate remediation steps below to resolve the issue.

  1. Log into the Google Cloud Platform Console.

  2. Scroll down the left navigation panel and choose the “SQL” option under the “Storage.” Step

  3. On the “SQL” page , click on the “Instance ID” as a link option to select the “SQL” instance.Step

  4. On the “SQL” page, click on the “Backups” under the “MASTER INSTANCE.”Step

  5. On the “Backups” page, check whether “Automated backups” is showing enabled or disabled. If “Automated backups” is showing “Disabled” then the selected SQL instance cannot restore data in the event of a database compromise or hardware failure.Step

  6. Repeat steps number 2 - 5 to check other SQL instance in the account.

  7. Navigate to the “SQL” option under the “Storage”, choose the “SQL Instance” and click on the “Edit” button at the top.Step

  8. On the “Edit instance” page, scroll down and click on the “Auto backups and high availability” under the “Configuration options.”Step

  9. On the “db-automated-backups” tab, click on the checkbox next to “Automate backups.”Step

  10. Click on the “Save” button to make the changes.Step

  11. Repeat steps number 7 - 10 to ensure that all database instances are configured with automatic backups enabled.

Enable automated backups

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

resource "google_sql_database_instance" "db" {
  name             = "db"
  database_version = "POSTGRES_12"
  region           = "us-central1"
  settings {
    backup_configuration {
      enabled = true
    }
  }
}

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

resource "google_sql_database_instance" "new_instance_sql_replica" {
  name                 = "replica"
  region               = "europe-west3"
  database_version     = "POSTGRES_14"
  master_instance_name = google_sql_database_instance.instance[0].name
  deletion_protection  = terraform.workspace == "prod" ? true : false

  replica_configuration {
    connect_retry_interval  = 0
    failover_target         = false
    master_heartbeat_period = 0
  }
}
Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use