SQL database instances should have automated backups enabled

Description

All SQL database instances should have automated backups enabled.

Rationale

Backups provide a way to restore a Cloud SQL instance, to recover lost data, or to recover from a problem with that instance. Enable automated backups for any instance that contains data that should be protected from loss or damage. This recommendation is applicable for SQL Server, PostgreSql, MySql generation 1 and MySql generation 2 instances.

Impact

Automated backups increase the required storage size and may affect the costs associated with it.

Remediation

From the console

  1. Go to the Cloud SQL Instances page in the Google Cloud Console: https://console.cloud.google.com/sql/instances
  2. Select the instance where the backups need to be configured.
  3. Click Edit.
  4. In the Backups section, check ‘Enable automated backups’, and choose a backup window.
  5. Click Save.

From the command line

  1. List all Cloud SQL database instances using the following command:
    gcloud sql instances list
    
  2. Enable automated backups for a Cloud SQL database instance by running:
    gcloud sql instances patch <INSTANCE_NAME> --backup-start-time <[HH:MM]>
    

The backup-start-time parameter is specified in 24-hour time, in the UTC±00 time zone, and specifies the start of a 4-hour backup window. Backups can start any time during the backup window.

Default value

By default, automated backups are not configured for Cloud SQL instances. Data backup is not possible on any Cloud SQL instance unless Automated Backup is configured.

References

  1. https://cloud.google.com/sql/docs/mysql/backup-recovery/backups
  2. https://cloud.google.com/sql/docs/postgres/backup-recovery/backing-up

CIS controls

Version 8: 11.2 Perform Automated Backups. Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data.

PREVIEWING: mcretzman/DOCS-9337-add-cloud-info-byoti