Ensure GCP compute firewall ingress does not allow unrestricted MySQL access
Error: GCP Firewall rule allows all traffic on MySQL DB port (3306)
Bridgecrew Policy ID: BC_GCP_NETWORKING_15
Checkov Check ID: CKV_GCP_88
Severity: LOW
GCP Firewall rule allows all traffic on MySQL DB port (3306)
Description
It is a best practice to ensure that your firewall ingress rules do not allow unrestricted access to your MySQL database, as it can increase the risk of unauthorized access or attacks on your database. By restricting access to only specific IP addresses or ranges that you trust, you can help secure your database from potential threats. Additionally, you can use tools like SSL/TLS to encrypt the connection between your database and client, which can help protect against interception of sensitive data.
Fix - Runtime
Fix - Buildtime
Terraform
resource "google_compute_firewall" "restricted" {
name = "example"
network = "google_compute_network.vpc.name"
allow {
protocol = "tcp"
ports = ["3306"]
}
source_ranges = ["172.1.2.3/32"]
}
Updated 9 months ago