SQL database instances should have automated backups enabled
Description
All SQL database instances should have automated backups enabled.
Rationale
Backups provide a way to restore a Cloud SQL instance, to recover lost data, or to recover from
a problem with that instance. Enable automated backups for any instance that
contains data that should be protected from loss or damage. This recommendation is
applicable for SQL Server, PostgreSql, MySql generation 1 and MySql generation 2
instances.
Impact
Automated backups increase the required storage size and may affect the costs associated with it.
From the console
- Go to the Cloud SQL Instances page in the Google Cloud Console:
https://console.cloud.google.com/sql/instances
- Select the instance where the backups need to be configured.
- Click
Edit
. - In the
Backups
section, check ‘Enable automated backups’, and choose a backup window. - Click
Save
.
From the command line
- List all Cloud SQL database instances using the following command:
gcloud sql instances list
- Enable automated backups for a Cloud SQL database instance by running:
gcloud sql instances patch <INSTANCE_NAME> --backup-start-time <[HH:MM]>
The backup-start-time
parameter is specified in 24-hour time, in the UTC±00 time zone,
and specifies the start of a 4-hour backup window. Backups can start any time during the
backup window.
Default value
By default, automated backups are not configured for Cloud SQL instances. Data backup is
not possible on any Cloud SQL instance unless Automated Backup is configured.
References
- https://cloud.google.com/sql/docs/mysql/backup-recovery/backups
- https://cloud.google.com/sql/docs/postgres/backup-recovery/backing-up
CIS controls
Version 8: 11.2 Perform Automated Backups. Perform automated backups of in-scope enterprise assets. Run backups weekly,
or more frequently, based on the sensitivity of the data.