Aumentar a segurança da instância ativando a auditoria de banco de dados
Mantenha tudo organizado com as coleções
Salve e categorize o conteúdo com base nas suas preferências.
Nesta página, descrevemos como ativar a auditoria de banco de dados no AlloyDB, como o recomendador de auditoria de banco de dados funciona e como usá-lo.
O recomendador de auditoria de banco de dados do AlloyDB ajuda a detectar instâncias de produção em que a auditoria não está ativada. Em seguida, ele fornece recomendações para ativar a auditoria do banco de dados.
Antes de começar
Antes de visualizar as recomendações e insights, faça o seguinte:
No card Segurança, clique em Auditoria não ativada.
Uma lista de clusters com instâncias a que a recomendação Auditoria não ativada se aplica é exibida.
CLI da gcloud
Para listar as recomendações de ativação da auditoria de banco de dados usando a gcloud CLI, execute o comando gcloud recommender recommendations list da seguinte maneira:
LOCATION: uma região em que suas instâncias estão localizadas, como us-central1.
API
Para listar as recomendações de ativação da auditoria de banco de dados usando a API Recommendations, chame o método
recommendations.list
da seguinte maneira:
GET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/recommenders/google.alloydb.instance.SecurityRecommender/recommendations?filter=recommenderSubtype=ENABLE_DATABASE_AUDITING
Substitua:
PROJECT_ID: o ID do projeto.
LOCATION: uma região em que suas instâncias estão localizadas, como us-central1.
Ver insights e recomendações detalhadas
É possível acessar insights e recomendações detalhadas sobre instâncias
que precisam ativar a auditoria de banco de dados usando o console Google Cloud ,
gcloud CLI ou a API Recommender.
Console
Na página Clusters, clique na recomendação de uma instância na coluna Problemas.
O painel de recomendações é exibido com insights e recomendações detalhadas.
GET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/insightTypes/google.alloydb.instance.SecurityInsight/insights?filter=insightSubtype=DATABASE_AUDITING_NOT_ENABLED
Substitua:
PROJECT_ID: o ID do projeto.
LOCATION: uma região em que suas instâncias estão localizadas, como us-central1.
Aplicar a recomendação
Avalie as recomendações com atenção e siga um destes procedimentos:
Console
Para implementar a recomendação, siga as instruções em Ativar o pgAudit.
CLI da gcloud
Para implementar a recomendação, siga as instruções em Ativar o pgAudit.
[[["Fácil de entender","easyToUnderstand","thumb-up"],["Meu problema foi resolvido","solvedMyProblem","thumb-up"],["Outro","otherUp","thumb-up"]],[["Difícil de entender","hardToUnderstand","thumb-down"],["Informações incorretas ou exemplo de código","incorrectInformationOrSampleCode","thumb-down"],["Não contém as informações/amostras de que eu preciso","missingTheInformationSamplesINeed","thumb-down"],["Problema na tradução","translationIssue","thumb-down"],["Outro","otherDown","thumb-down"]],["Última atualização 2025-09-05 UTC."],[[["\u003cp\u003eThis page provides information on how to use the AlloyDB database auditing recommender to identify and address instances where auditing is not enabled, enhancing security.\u003c/p\u003e\n"],["\u003cp\u003eThe database auditing recommender analyzes production instances daily to detect if auditing is disabled and offers suggestions to enable it.\u003c/p\u003e\n"],["\u003cp\u003eRecommendations can be viewed and managed through the Google Cloud console, \u003ccode\u003egcloud CLI\u003c/code\u003e, or the Recommender API by ensuring the Recommender API is enabled and appropriate IAM roles are in place.\u003c/p\u003e\n"],["\u003cp\u003eTo apply the recommendations, users must follow the steps in the \u003ca href=\"/alloydb/docs/pgaudit/enable-audit\"\u003eEnable pgAudit\u003c/a\u003e guide, which might impact pricing due to increased logging and will restart the instance.\u003c/p\u003e\n"],["\u003cp\u003eThe service may contain "Pre-GA" features that are available "as is" and may have limited support, and that the service is also subject to personal data processing terms.\u003c/p\u003e\n"]]],[],null,["# Improve instance security by enabling database auditing\n\nThis page describes how to enable database auditing in AlloyDB, how the database auditing [recommender](/recommender/docs/overview) works, and how you can use it.\n\nThe AlloyDB database auditing recommender helps you detect production instances whose auditing is not enabled. It then provides recommendations to enable database auditing.\n| **Note:** Recommendations are generated daily.\n\nBefore you begin\n----------------\n\nBefore you can view recommendations and insights, do the following:\n\n- Ensure that you [enable the Recommender API](/recommender/docs/enabling).\n\n- To get the permissions to view and work with insights and recommendations,\n ensure that you have the required [Identity and Access Management (IAM) roles](/iam/docs/understanding-roles#cloud-alloydb-roles).\n\n \u003cbr /\u003e\n\n See [Grant access to other users](/alloydb/docs/user-grant-access) for more information.\n\nList the recommendations\n------------------------\n\nYou can list the enable database auditing recommendations\nusing the Google Cloud console, `gcloud CLI`, or the Recommender API. \n\n### Console\n\n1. In the Google Cloud console, go to the **Clusters** page.\n\n [Go to Clusters](https://console.cloud.google.com/alloydb/clusters)\n\n For more information, see\n [Find recommendations with Recommendation Hub](/recommender/docs/recommendation-hub/identify-configuration-problems).\n2. In the **Security** card, click **Auditing not enabled**.\n\n A list of clusters with instances to which the **Auditing not enabled** recommendation applies is displayed.\n\n### gcloud CLI\n\nTo list the enable database auditing recommendations using gcloud CLI, run the [`gcloud recommender recommendations list`](/sdk/gcloud/reference/recommender/recommendations/list) command as follows: \n\n```\ngcloud recommender recommendations list \\\n--project=PROJECT_ID \\\n--location=LOCATION \\\n--recommender=google.alloydb.instance.SecurityRecommender \\\n--filter=recommenderSubtype=ENABLE_DATABASE_AUDITING\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region where your instances are located, such as `us-central1`.\n\n### API\n\nTo list enable database auditing recommendations using the [Recommendations API](/recommender/docs/using-api), call the\n[`recommendations.list`](/recommender/docs/reference/rest/v1/projects.locations.recommenders.recommendations/list)\nmethod as follows: \n\n```\nGET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/recommenders/google.alloydb.instance.SecurityRecommender/recommendations?filter=recommenderSubtype=ENABLE_DATABASE_AUDITING\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region where your instances are located, such as `us-central1`.\n\nView insights and detailed recommendations\n------------------------------------------\n\nYou can view insights and detailed recommendations about instances\nthat require enabling database auditing using the Google Cloud console,\n`gcloud CLI`, or the Recommender API. \n\n### Console\n\nOn the **Clusters** page, click the recommendation for an instance in the **Issues** column.\nThe recommendation panel appears, which contains insights and detailed recommendations.\n\n### gcloud CLI\n\nRun the [`gcloud recommender insights list`](/sdk/gcloud/reference/recommender/insights/list) command as follows: \n\n```\n\ngcloud recommender insights list \\\n--project=PROJECT_ID \\\n--location=LOCATION \\\n--insight-type=google.alloydb.instance.SecurityInsight \\\n--filter=insightSubtype=DATABASE_AUDITING_NOT_ENABLED\n\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e : A region where your instances are located, such as `us-central1`.\n\n### API\n\nCall the [`insights.list`](/recommender/docs/reference/rest/v1/projects.locations.insightTypes.insights/list) method as follows: \n\n```\nGET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/insightTypes/google.alloydb.instance.SecurityInsight/insights?filter=insightSubtype=DATABASE_AUDITING_NOT_ENABLED\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region where your instances are located, such as `us-central1`.\n\nApply the recommendation\n------------------------\n\nEvaluate the recommendation carefully and do any of the following: \n\n### Console\n\nTo implement the recommendation, follow instructions in [Enable pgAudit](/alloydb/docs/pgaudit/enable-audit).\n\n### gcloud CLI\n\nTo implement the recommendation, follow instructions in [Enable pgAudit](/alloydb/docs/pgaudit/enable-audit).\n| **Note:** AlloyDB automatically restarts the instance after you update this flag.\n| **Note:** You must carefully evaluate before you update the instance. Applying recommendations might impact your pricing due to more logging.\n\nWhat's next\n-----------\n\n- [Google Cloud recommenders](/recommender/docs/recommenders)"]]