CloudSQL Access Controls

Securing the development environment is a critical challenge for DevSecOps teams that must navigate multiple cloud environments and technologies. To improve collaboration between developers, security professionals, and IT operations staff, we need to provide secure access to physical networks and services—which often include providing elevated levels of permissions for databases such as CloudSQL. Ultimately, you should come away with an understanding of how to securely grant developers increased privileges in their public cloud CloudSQL environments without sacrificing any security posture or control.




Managing Permissions in CloudSQL

This blog post will explore how to efficiently manage secured elevated permissions to CloudSQL, an enterprise database service offered on Google Cloud Platform. With Apono strategies, you can make sure that only those who need it have access to the right information while minimizing both project overhead and organizational risk. Let’s dive in!




Using Apono To Provide Temporary Access to CloudSQL

Your first step in create an Apono account, you can start your journey here.

Follow the steps at our CloudSQL Integration Guide.

Now that Apono is set you can start creating Dynamic Access Flows:

  • Automatic Approval Access Flows – Using admin defined context and pre defined role to provide automatic access to CloudSQL resources.
  • Manual Approval Access Flows – Using admin defined context and pre defined role to provide automatic access to CloudSQL resources.



Using Apono declarative access flow creator you will be able to simply define:

  • Approvers
    • User Group (round-robin)
    • Single User
    • Automatic – Contextual
  • Requesters
    • User Group
    • Single User
  • Resource
    • Single Resource
    • Pre-Defined Resource Group
    • Partition of a resource
  • Duration
    • By Hours
    • By Days
    • Infinite

Example: CloudSQL Automatic Approval Access Flow:

Example: CloudSQL Manual Approval Workflow: