SQL DB instance backup disabled

이 제품은 선택한 Datadog 사이트에서 지원되지 않습니다. ().
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: ansible-gcp-sql-db-instance-backup-disabled

Cloud Provider: GCP

Platform: Ansible

Severity: Medium

Category: Backup

Learn More

Description

Cloud SQL instances must have backups enabled so you can recover from accidental deletion, data corruption, or ransomware. Without backups, data loss can be permanent and service restoration time increases.

For Ansible resources using google.cloud.gcp_sql_instance or gcp_sql_instance, ensure the settings.backup_configuration.enabled property is present and set to true. Resources missing settings, settings.backup_configuration, or settings.backup_configuration.enabled, or where enabled is false, are flagged.

Secure configuration example:

- name: Create Cloud SQL instance with backups enabled
  google.cloud.gcp_sql_instance:
    name: my-instance
    settings:
      tier: db-f1-micro
      backup_configuration:
        enabled: true
        start_time: "03:00"

Compliant Code Examples

- name: create a instance
  google.cloud.gcp_sql_instance:
    name: '{{ resource_name }}-2'
    settings:
      backup_configuration:
        binary_log_enabled: yes
        enabled: yes
      tier: db-n1-standard-1
    region: us-central1
    project: test_project
    auth_kind: serviceaccount
    service_account_file: /tmp/auth.pem
    state: present

Non-Compliant Code Examples

---
- name: create a instance
  google.cloud.gcp_sql_instance:
    name: "{{ resource_name }}-2"
    region: us-central1
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
- name: create a second instance
  google.cloud.gcp_sql_instance:
    name: "{{ resource_name }}-2"
    settings:
      tier: db-n1-standard-1
    region: us-central1
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
- name: create a third instance
  google.cloud.gcp_sql_instance:
    name: "{{ resource_name }}-2"
    settings:
      backup_configuration:
        binary_log_enabled: yes
      tier: db-n1-standard-1
    region: us-central1
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present
- name: create a forth instance
  google.cloud.gcp_sql_instance:
    name: "{{ resource_name }}-2"
    settings:
      backup_configuration:
        binary_log_enabled: yes
        enabled: no
      tier: db-n1-standard-1
    region: us-central1
    project: test_project
    auth_kind: serviceaccount
    service_account_file: "/tmp/auth.pem"
    state: present