Cloud SQL

Grant Teleskope Access to Cloud SQL

Attach the following roles to the Teleskope service account you created:

roles/cloudsql.client
roles/cloudsql.instanceUser
roles/cloudsql.viewer
roles/cloudsql.admin (required to generate ssl certificates)

Terraform

Variable

Description

Example

project_id

(Required) Your GCP Project ID

"my-project-id"

resource "google_project_iam_member" "teleskope" {
  for_each = toset([
    "roles/cloudsql.client",
    "roles/cloudsql.instanceUser",
    "roles/cloudsql.viewer",
    "roles/cloudsql.admin"
  ])
  project = "project_id"
  role    = each.key
  member = "serviceAccount:${google_service_account.teleskope.email}"
}

Teleskope Database User

For each CloudSQL instance you would like to scan using Teleskope, you will need to create or provide credentials for a database user, and grant that user read permissions.

Grant Read Access to Teleskope user

MySQL or MariaDB

GRANT SHOW DATABASES, SELECT ON *.* TO teleskope_ro

Postgres versions 14+

GRANT pg_read_all_data TO teleskope_ro

Postgres versions < 14

SELECT format('GRANT CONNECT ON DATABASE %I TO teleskope_ro;', datname) FROM pg_database \gexec
SELECT format('GRANT USAGE ON SCHEMA %I TO teleskope_ro;', nspname) FROM pg_namespace \gexec
SELECT format('GRANT SELECT ON ALL TABLES IN SCHEMA %I TO teleskope_ro;', nspname) FROM pg_namespace \gexec

PreviousCloud Storage NextCloud Logging

Last updated 4 months ago

Was this helpful?