feat(gcp sql): add a password policy to cloud sql instances

Using 15 minimum length as that is what the MoJ recommend https://security-guidance.service.justice.gov.uk/password-creation-and-authentication-guide/#introduction
oaknational · Dec 2, 2024 · a8a4c21 · a8a4c21
1 parent d7934de
commit a8a4c21
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/modules/gcp_sql/instance.tf b/modules/gcp_sql/instance.tf
@@ -38,5 +38,12 @@ resource "google_sql_database_instance" "this" {
       # We want lower availability databases upgrading before higher...
       update_track = var.high_availability ? "week5" : "stable" # Stable is week 2
     }
+
+    password_validation_policy {
+      min_length                  = 15 # Per MoJ guidelines for admin level access
+      complexity                  = "COMPLEXITY_DEFAULT"
+      disallow_username_substring = true
+      enable_password_policy      = true
+    }
   }
 }