CloudSQL
Enable Teleskope to start scanning your CloudSQL instances.
Grant Teleskope Access to CloudSQL
Attach the following roles to the Teleskope service account you created:
- roles/cloudsql.client
- roles/cloudsql.instanceUser
- roles/cloudsql.viewer
- roles/cloudsql.admin (required to generate ssl certificates)
Terraform
| Variable | Description | Example |
|---|---|---|
| project_id | (Required) Your GCP Project ID | "my-project-id" |
resource "google_project_iam_member" "teleskope" {
for_each = toset([
"roles/cloudsql.client",
"roles/cloudsql.instanceUser",
"roles/cloudsql.viewer",
"roles/cloudsql.admin"
])
project = "project_id"
role = each.key
member = "serviceAccount:${google_service_account.teleskope.email}"
}
Teleskope Database User
For each CloudSQL instance you would like to scan using Teleskope, you will need to create or provide credentials for a database user, and grant that user read permissions.
Grant Read Access to Teleskope user
MySQL or MariaDB
GRANT SHOW DATABASES, SELECT ON *.* TO teleskope_ro
Postgres versions 14+
GRANT pg_read_all_data TO teleskope_ro
Postgres versions < 14
SELECT format('GRANT CONNECT ON DATABASE %I TO teleskope_ro;', datname) FROM pg_database \gexec
SELECT format('GRANT USAGE ON SCHEMA %I TO teleskope_ro;', nspname) FROM pg_namespace \gexec
SELECT format('GRANT SELECT ON ALL TABLES IN SCHEMA %I TO teleskope_ro;', nspname) FROM pg_namespace \gexec
Updated 11 months ago