gcp-sql-ssl-off

Ensure all Cloud SQL database instance requires all incoming connections to use SSL

It is highly recommended that you enforce using SSL/TLS to connect your databases, especially if you plan on connecting across the Internet.

Examples

Insecure Example

resource "google_sql_database_instance" "main-db" {
  name = "main-db"
  database_version = "MYSQL_5_7"

  "settings" {
    tier = "db-n1-standard-1"
    disk_autoresize = true

    ip_configuration {
      require_ssl = false
    }
    backup_configuration {
      binary_log_enabled = true
      enabled = true
      start_time = "03:00"
    }
  }
}

Secure Example

resource "google_sql_database_instance" "main-db" {
  name = "main-db"
  database_version = "MYSQL_5_7"

  "settings" {
    tier = "db-n1-standard-1"
    disk_autoresize = true

    ip_configuration {
      require_ssl = true
    }
    backup_configuration {
      binary_log_enabled = true
      enabled = true
      start_time = "03:00"
    }
  }
}

More information

• GCP Docs
• Terraform Docs