GCP SQL MySQL DB instance point-in-time recovery backup (Binary logs) is not enabled
Description
This policy is checking to ensure that a MySQL DB instance has a point-in-time recovery backup configured. Point-in-time recovery allows you to restore your database to any second during your retention period, up to the last five minutes. Not having this setup can be risky as it might result in data loss if there is an issue or outage. By not using point-in-time recovery backup, you are potentially putting your data at risk in the event of a disaster or data corruption issue. Therefore, it's crucial to have this backup configuration in place to safeguard your data.
Code Example
resource "google_sql_database_instance" "default" {
name = "mysql-instance"
region = "us-central1"
database_version = "MYSQL_5_6"
settings {
tier = "db-f1-micro"
backup_configuration {
enabled = true
+ binary_log_enabled = true
start_time = "05:00" // specify a convenient time
}
}
backup_window {
start_time = "05:00"
}
backup_retention_period = 30
}Remediation
Terraform
- Resource: google_sql_database_instance
- Arguments: database_version, settings.backup_configuration.binary_log_enabled
To fix this, you need to enable Point-In-Time Recovery (PITR) in your MySQL DB instance. Please ensure the `backup_window` and `backup_retention_period` attributes are configured optimally. Here's some example code:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-1005 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV2_GCP_20 |