CloudSQL - MySQL

GCP's fully-managed relational database service for MySQL

Overview

  • Reduce Over Privileges - Discover existing privileges to CloudSQL MySQL databases and convert them to on-demand access flows to reduce over-privileges.
  • Self Service Access - Empower your developers to gain self-servable access to databases using Slack.
  • Automated Approval Workflows - Create approval workflows to specific sensitive databases.
  • Restricted Third Party Access - Grant third-party (customer or vendor) time-based access to specific databases with MFA verification.
  • Review Access - View a detailed access audit of who was granted access to which databases with what permission level and why.

Step by step guide

Prerequisites

  • An Apono connector installed with network access to the MySQL databases
    • Minimal Apono connector version: 1.3.0 (visit the Connectors Page and update the connector if needed)
  • A user for Apono to your MySQL with the following permissions
  • A secret created in Google Secret Store with the following params:
    • Key username, Value MySQL USERNAME
    • Keypassword, Value USERNAME PASSWORD

📘

Why does Apono need secrets?

Apono does not store credentials. The Apono Connector uses the secret to communicate with services in your environment and separate the Apono web app from the environment for maximal security.

How To Integrate GCP CloudSQL - MySQL

  1. Click on Integrations Catalog
  2. Under GCP, look for CloudSQL - MySQL and click Connect

  1. Pick a connector with network access to the MySQL databases (see prerequisites)
  2. Click "Next"
  3. Fill in the Integration details
  • Type the Integration Name
  • Choose the Cloud Account from the dropdown list (list of Organization IDs)
  • Hostname – type the Private IP Address of the host
  • Project = the project ID
  1. Provide the secret (see prerequisites)
  2. Click "Connect"

👍

Hurray!

You've successfully integrated Apono with your CloudSQL Mysql. You should now see the new integration in your Connected Integrations

Use this integration in your existing or new Access Flow. Check this guide out for more information on creating your first Access Flow in Apono.