Ensure incoming connections to Cloud SQL database instances use SSL

Error: Incoming connections to Cloud SQL database instances do not use SSL

Bridgecrew Policy ID: BC_GCP_GENERAL_5
Checkov Check ID: CKV_GCP_6
Severity: HIGH

Incoming connections to Cloud SQL database instances do not use SSL

Description

Cloud SQL is a fully managed relational database service for MySQL, PostgreSQL and SQL Server. It offers data encryption at rest and in transit, Private connectivity with VPC and user-controlled network access with firewall protection. Cloud SQL creates a server certificate automatically when a new instance is created.

We recommend you enforce all connections to use SSL/TLS.

Fix - Buildtime

Terraform

resource "google_sql_database_instance" "main" {
  name             = "main-instance"
  database_version = "POSTGRES_14"
  region           = "us-central1"

  settings {
    # Second-generation instance tiers are based on the machine
    # type. See argument reference below.
    tier = "db-f1-micro"
    ip_configuration {
    	require_ssl = true
    }
  }
}