| Plugin Title | Any Host Root Access |
| Cloud | |
| Category | SQL |
| Description | Ensures SQL instances root user cannot be accessed from any host |
| More Info | Root access for SQL instance should only be allowed from whitelisted IPs to ensure secure access only from trusted entities. |
| GOOGLE Link | https://cloud.google.com/sql/docs/mysql/create-manage-users |
| Recommended Action | Ensure that root access for SQL instances are not allowed from any host. |
- Log in to the Google Cloud Platform Console.
- Scroll down the left navigation panel and choose the "SQL" option under the "Storage."
- On the "SQL" page , click on the "Instance ID" as a link option to select the "SQL" instance.
- On the "SQL" page, click on the "Connections" under the "MASTER INSTANCE."
- On the "Conenctions" page, scroll down the Conenctivity and check whether any "Authorised Network" is configured or it's open to the "Public IP" to access for everyone.
- Repeat steps number 2 - 5 to check other "SQL Instances" in the account.
- Navigate to the "SQL" option under the "Storage", choose the "SQL Instance" and click on the "Edit" button at the top.
- On the "Edit instance" page, scroll down and click on the "Conenctivity" under the "Configuration options."
- On the "Conenctivity" tab, click on the "Add network" option under the "Public IP."
- On the "New Network" tab, enter the "Network Name" and "IP Details" as per the requirement and click on the "Done" button to make the changes.
- Click on the "Save" button at the bottom of the page to make the changes.
- Repeat steps number 7 - 11 to ensure that root access for SQL instances are not allowed from any host.
