Gcp

* Use groups to manage permissions
* https://www.youtube.com/watch?v=x4yQY8yhVJY



Stack driver



Admin logs

Data access logs



Object versioning 

Lien flag on to make sure no deletino



CLoud Armour - SQLI etc

Edge PoP



Captcha if X number of invalid login attempts reached



Cloud KMS



Where is the Cloud SQL Root Password ? 

Cloud SQL name should  be clear enough 

Backup should be configured 

Create failover replica must be ticked



Unix domain socker muct be used for connectivity with cloud SQL : https://cloud.google.com/sql/docs/mysql/connect-app-engine



No Cloud SQL Proxies (access to DB is within the project only)



Selarate DB user should be used for connectiveity

REVOKE should be used to remove unnecessary permissions, since GCP add all permissions by default to created users 



Cloud Build must be used for deployment