Ensure a MySQL database instance does not allow anyone to connect with administrative privileges

Error: A MySQL database instance allows anyone to connect with administrative privileges

Bridgecrew Policy ID: BC_GCP_IAM_11
Checkov Check ID: CKV2_GCP_7
Severity: LOW

A MySQL database instance allows anyone to connect with administrative privileges

Description

It is recommended to set a password for the administrative user (root by default) to prevent unauthorized access to the SQL database instances.
This recommendation is applicable only for MySQL Instances. PostgreSQL does not offer any setting for No Password from the cloud console.
At the time of MySQL Instance creation, not providing an administrative password allows anyone to connect to the SQL database instance with administrative privileges. The root password should be set to ensure only authorized users have these privileges.

Fix - Buildtime

Terraform

  • Resource: google_sql_database_instance
  • Argument: google_sql_user
resource "google_sql_user" "root_with_password" {
  name     = "root"
  instance = google_sql_database_instance.db_instance.name
  host     = "me.com"
+ password = "1234"
}