How to disable the Database flag remote access for Cloud SQL on the SQL Server instance in Google Cloud via CLI

Introduction

The remote access option controls the execution of stored procedures from local or remote servers on which instances of SQL Server are running. This default value for this option is 1. This grants permission to run local stored procedures from remote servers or remote stored procedures from the local server. To prevent local stored procedures from being run from a remote server or remote stored procedures from being run on the local server, this must be disabled.

The remote access option controls the execution of local stored procedures on remote servers or remote stored procedures on local server. remote access functionality can be abused to launch a Denial-of-Service (DoS) attack on remote servers by off-loading query processing to a target, hence this should be disabled.

Steps to disable the “remote access” flag using gcloud

1. List all Cloud SQL database Instances

   gcloud sql instances list

   

2. Configure the remote access database flag for every Cloud SQL SQL Server database instance using the below command:

   gcloud sql instances patch <instance_name> --database-flags "remote access=off"

   

Note : This command will overwrite all database flags previously set. To keep those and add new ones, include the values for all flags you want set on the instance; any flag not specifically included is set to its default value. For flags that do not take a value, specify the flag name followed by an equals sign (""="").

OR

• To modify only remote access database flag, configure the database flag by overriding the remote access. Include remote access flag and its value, and also keep all other flags you want to configure

  gcloud sql instances patch [INSTANCE_NAME] --database-flags [FLAG1=VALUE1,FLAG2=VALUE2]