id: gcloud-sql-backups-disabled info: name: Automated Backups Not Enabled for Cloud SQL Instances author: princechaddha severity: medium description: | Ensure that automated (scheduled) backups are created for all Cloud SQL database instances available within your Google Cloud Platform (GCP) account, in order to protect against data deletion and/or data corruption. impact: | If automated backups are not enabled, there is a risk of data loss or corruption with no way to recover the lost or damaged data, potentially affecting business continuity and compliance requirements. remediation: | Enable automated backups for all Cloud SQL database instances in your GCP account to ensure regular backups are taken to safeguard against data issues. reference: - https://cloud.google.com/sql/docs/mysql/backup-recovery/backups tags: cloud,devops,gcp,gcloud,google-cloud-sql,gcp-cloud-config flow: | code(1) for(let projectId of iterate(template.projectIds)){ set("projectId", projectId) code(2) for(let sqlInstance of iterate(template.sqlInstances)){ set("sqlInstance", sqlInstance) code(3) } } self-contained: true code: - engine: - sh - bash source: | gcloud projects list --format="json(projectId)" extractors: - type: json name: projectIds internal: true json: - '.[].projectId' - engine: - sh - bash source: | gcloud sql instances list --project $projectId --format="json(name)" extractors: - type: json name: sqlInstances internal: true json: - '.[].name' - engine: - sh - bash source: | gcloud sql instances describe $sqlInstance --format="value(settings.backupConfiguration.enabled)" matchers: - type: word words: - 'False' extractors: - type: dsl dsl: - '"Automated backups are not enabled for SQL Instance: " + sqlInstance + " in project: " + projectId' # digest: 4a0a00473045022045903971424b944ef4a306c915ccff4cdd35641fec7cb7a7757ea8e3f57eb813022100d8e5008193767daf63120bb731228c1d6f6ef9df8aac50e58085781f80971837:922c64590222798bb761d5b6d8e72950