Profile Applicability:
Level 2
Description:
Establishing a log metric filter and alert for SQL instance configuration changes is recommended. This ensures that any changes, including critical misconfigurations, are monitored and addressed promptly.
Rationale:
Monitoring configuration changes in Cloud SQL instances can help mitigate security risks and maintain service reliability. Key configuration options, such as enabling auto-backups, high availability, and managing network authorizations, directly impact the security and performance of SQL instances. Detecting misconfigurations early ensures quick resolution and protects the organization’s data integrity.
Impact:
Enabling logging may incur additional costs for log storage and processing, particularly for organizations with high activity levels.
Default Value:
No log metric or alert policy is configured by default for SQL instance configuration changes.
Audit Steps:
Using Google Cloud Console:
Verify Log Metric Configuration:
Navigate to Logs-based Metrics.
- Under User-defined Metrics, ensure there is a metric with the filter:
protoPayload.methodName="cloudsql.instances.update"
Verify Alert Policy Configuration:
Navigate to Alerting.
Ensure an alert policy exists for the log metric with the following conditions:
Condition: Triggers for any configuration change.
Threshold: Greater than 0.
Verify notification channels are configured appropriately.
Using Google Cloud CLI:
Verify Log Metric Configuration:
- List all log metrics:
gcloud logging metrics list --format json
- Confirm there is a metric with the filter:
protoPayload.methodName="cloudsql.instances.update"
Verify Alert Policy Configuration:
- List alerting policies:
gcloud alpha monitoring policies list --format json
- Confirm a policy exists where:
Filter: Matches the metric.
Enabled: true.
Remediation Steps:
Using Google Cloud Console:
Create a Log Metric:
Navigate to Logs-based Metrics and click CREATE METRIC.
Configure the metric:
Filter:
protoPayload.methodName="cloudsql.instances.update"
Type: Counter.
Units: 1 (default).
Click Create Metric.
Create an Alert Policy:
Locate the new metric under User-defined Metrics.
Click the three-dot menu and select Create alert from Metric.
Configure the alert policy:
Condition:
Aggregator: Count.
Threshold: Greater than 0.
Configure notification channels as needed.
Save the policy.
Using Google Cloud CLI:
Create a Log Metric:
gcloud logging metrics create <metric-name> \
--description="Monitor SQL instance configuration changes" \
--log-filter="protoPayload.methodName='cloudsql.instances.update'"
Create an Alert Policy:
gcloud alpha monitoring policies create \
--display-name="<policy-name>" \
--conditions="<condition-config>" \
--notification-channels="<notification-channels>"