GCP Recommendations Report
CloudSpend's Recommendations Report offers tailored insights to fine-tune your cloud resources and provides recommendations to optimize costs, improve fault tolerance and performance.
GCP recommendations checks
The recommendation checks are grouped by the GCP services.
Cloud SQL
1. Enable Automated Backups (Priority: High)
Category:
Reliability
Baseline:
Automated backups ensure the protection of your valuable data by creating regular, scheduled backups of your Cloud SQL databases. In case of accidental data loss, database corruption, or other unforeseen issues, you can easily restore your data to the previous state.
Recommendation:
In the Backups section, check whether Automated Backups are enabled.
2. Enable Automatic Storage Increase(Priority: Moderate)
Category:
Cost
Baseline:
If Automated Backups are enabled, whenever your resource nears the full capacity, storage limit will be increased (permanently).
Recommendation:
In the Edit Configurations section check whether the automatic storage increase is enabled under Storage settings.
3. Check for MySQL Major Version (Priority: Moderate)
Category:
Performance
Baseline:
Ensure that your Google Cloud MySQL database instances are using the latest major version of MySQL database in order to receive the latest database features and benefit from enhanced performance and security.
Recommendation:
Upgrade the database version.
4. Check for PostgreSQL Major Version (Priority: Moderate)
Category:
Performance
Baseline:
Ensure that your Google Cloud PostgreSQL database instances are using the latest major version of PostgreSQL database in order to receive the latest database features and benefit from enhanced performance and security.
Recommendation:
Upgrade the database version.
Kubernetes Cluster
1. Enable Integrity Monitoring for Cluster Nodes (Priority: Moderate)
Category:
Security
Baseline:
In the Google Cloud console's Security section, check the Integrity monitoring feature status. Ensure that the Integrity Monitoring feature is enabled for your Google Kubernetes Engine (GKE) cluster nodes in order to monitor and automatically check the runtime boot integrity of your shielded cluster nodes using Google Cloud Monitoring service.
Recommendation:
Enable Integrity Monitoring for Cluster Nodes.
2. Restrict Network Access to GKE Clusters(Priority: Moderate)
Category:
Security
Baseline:
Adding master authorized networks can provide network level protection and additional security benefits for your Google Kubernetes Engine (GKE) cluster. Authorized networks grant access to a specific set of trusted IP addresses, such as those that originate from a secure network. This can help protect access to your GKE cluster in case of a vulnerability in the cluster's authentication or authorization mechanism.
Recommendation:
Check the Master authorized networks attribute value. If the Master authorized networks value is set to Disabled, anyone on the Internet can perform network connections to the cluster control plane.
3. Configure Shielded GKE Cluster Nodes(Priority: Moderate)
Category:
Security
Baseline:
Ensure that your Google Kubernetes Engine (GKE) cluster pool nodes are shielded in order to provide strong cryptographic identity. This limits the ability of an attacker to impersonate a node in your GKE cluster even if the attacker is able to extract the node credentials.
Recommendation:
Configure Shielded GKE Cluster Nodes. Check the Shielded GKE Nodes configuration attribute value.
Compute Engine - VM
1. Underutilized Compute instance (Priority: Moderate)
Baseline:
Checks the resource utilization of Google Compute Engine instances and labels them as underutilized, if the CPU usage is less than 2% for the past 48 hours.
Recommendation:
For Google Compute Engine, you are billed based on the instance type and the number of consumed hours. You can lower your costs by identifying and stopping under utilized instances. In addition, Site24x7's Guidance Report also shows the Current Machine Type and recommend the desired instance type (Suggested Machine Type) that you can downgrade to, for better cost cutting.
2. High utilized Compute instance (Priority: High)
Baseline:
Checks the performance counters for GCP Compute and identifies instances that appear to be highly utilized.
Description:
A Compute instance is deemed as overutilized if it meets the following criteria:
- The average daily CPU usage for the Compute instance is more than 90% for the last seven days.
- The average daily memory utilization for the Compute instance is more than 90% for the last seven days (applicable only if you've deployed our agent on the Compute instance).
Recommendation:
Consider changing the instance size or add the instance to an autoscaling group.
3. VM instance deletion protection (Priority: High)
Baseline:
Check the configuration of VM instances to see whether the Deletion protection option is enabled or not in the GCP console.
Description:
To protect your instance from accidental deletion, you can enable the Deletion protection option in the GCP console.
Recommendation:
The Deletion protection option is disabled by default. Enable this option to prevent unexpected instance termination.
Compute Engine - Disks
1. Unattached Disks (Priority: Moderate)
Baseline:
Check Compute Engine disk configuration for the associated instance ID.
Description:
Compute Engine disks can persist independently even after instance termination or after you explicitly unmount and detach the volume from the instance. As you may know, unattached volumes are still charged based on the provisioned storage and for input/output operations per second (IOPS).
Recommendation:
Associate the configured Compute Engine disks with an active instance or delete the disk.