GET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/recommenders/google.alloydb.instance.SecurityRecommender/recommendations?filter=recommenderSubtype=REQUIRE_SSL
다음을 바꿉니다.
PROJECT_ID: 프로젝트 ID입니다.
LOCATION: 인스턴스가 있는 리전(예: us-central1)
통계 및 자세한 권장사항 보기
Google Cloud 콘솔, gcloud CLI 또는 Recommender API를 사용하여 SSL 모드 적용이 필요한 인스턴스에 대한 통계와 자세한 추천을 볼 수 있습니다.
통계와 자세한 추천을 보려면 다음 단계를 따르세요.
콘솔
클러스터 페이지의 문제 열에서 인스턴스의 암호화되지 않은 직접 연결 허용 추천을 클릭합니다.
통계와 자세한 추천이 포함된 추천 패널이 표시됩니다.
GET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/insightTypes/google.alloydb.instance.SecurityInsight/insights?filter=insightSubtype=SSL_NOT_REQUIRED
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-09-04(UTC)"],[[["\u003cp\u003eThe AlloyDB enforce SSL mode recommender identifies production instances that do not enforce encryption for direct connections and suggests enabling SSL mode to prevent potential data loss.\u003c/p\u003e\n"],["\u003cp\u003eRecommendations to enforce SSL mode are generated daily based on the analysis of instance metadata and can be viewed through the Google Cloud console, \u003ccode\u003egcloud CLI\u003c/code\u003e, or the Recommender API.\u003c/p\u003e\n"],["\u003cp\u003eTo view and manage these recommendations, you need to enable the Recommender API and have the appropriate IAM roles, specifically \u003ccode\u003erecommender.alloydbViewer\u003c/code\u003e for viewing and \u003ccode\u003erecommender.alloydbAdmin\u003c/code\u003e or \u003ccode\u003ealloydb.admin\u003c/code\u003e for applying them.\u003c/p\u003e\n"],["\u003cp\u003eYou can implement the recommendation by enforcing SSL/TLS mode on your instance via the Google Cloud console or \u003ccode\u003egcloud CLI\u003c/code\u003e, to secure direct connections to your production instances.\u003c/p\u003e\n"],["\u003cp\u003eGemini in Databases is a pre-GA feature and will have limited support, and falls under the "Pre-GA Offerings Terms" as outlined in the General Service Terms.\u003c/p\u003e\n"]]],[],null,["# Improve instance security by enforcing SSL or TLS encryption\n\nThe AlloyDB enforce SSL mode [recommender](/recommender/docs/overview) helps you detect instances which are critical and have a risk of data loss.\n\nThis page describes the AlloyDB enforce SSL mode recommender, how this recommender works, and how to use it.\n\nThe AlloyDB enforce SSL mode recommender analyzes instance metadata.\nIf the instance is a production instance and does not enforce encryption requirements for direct connections,\nit is recommended to enable SSL mode.\n\nRecommendations are generated daily.\n\nBefore you begin\n----------------\n\nBefore you can view recommendations and insights, do the following:\n\n- Ensure that you [enable the Recommender API](/recommender/docs/enabling).\n\n- To get the permissions to view and work with insights and recommendations,\n ensure that you have the required [Identity and Access Management (IAM) roles](/iam/docs/understanding-roles#cloud-alloydb-roles).\n\n \u003cbr /\u003e\n\n See [Grant access to other users](/alloydb/docs/user-grant-access) for more information.\n\nList the recommendations\n------------------------\n\nYou can list the enforce SSL mode recommendations\nusing the Google Cloud console, `gcloud CLI`, or the Recommender API. \n\n### Console\n\n1. In the Google Cloud console, go to the **Clusters** page.\n\n [Go to Clusters](https://console.cloud.google.com/alloydb/clusters)\n\n For more information, see\n [Find recommendations with Recommendation Hub](/recommender/docs/recommendation-hub/identify-configuration-problems).\n2. In the **Security** card, click **Allows direct unencrypted connections**.\n\n A list of clusters with instances to which the **Allows direct unencrypted connections** recommendation applies is displayed.\n\n### gcloud CLI\n\nTo list the enforce SSL mode recommendations using gcloud CLI, run the [`gcloud recommender recommendations list`](/sdk/gcloud/reference/recommender/recommendations/list) command as follows: \n\n```\ngcloud recommender recommendations list \\\n--project=PROJECT_ID \\\n--location=LOCATION \\\n--recommender=google.alloydb.instance.SecurityRecommender \\\n--filter=recommenderSubtype=REQUIRE_SSL\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region where your instances are located, such as `us-central1`.\n\n### API\n\nTo list enforce SSL mode recommendations using the [Recommendations API](/recommender/docs/using-api), call the\n[`recommendations.list`](/recommender/docs/reference/rest/v1/projects.locations.recommenders.recommendations/list)\nmethod as follows: \n\n```\nGET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/recommenders/google.alloydb.instance.SecurityRecommender/recommendations?filter=recommenderSubtype=REQUIRE_SSL\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region where your istances are located, such as `us-central1`.\n\nView insights and detailed recommendations\n------------------------------------------\n\nYou can view insights and detailed recommendations about instances\nthat require enforcing SSL mode using the Google Cloud console,\n`gcloud CLI`, or the Recommender API.\n\nTo view insights and detailed recommendations, follow these steps: \n\n### Console\n\nOn the **Clusters** page, click the **Allows direct unencrypted connections** recommendation for an instance in the **Issues** column.\nThe recommendation panel appears, which contains insights and detailed recommendations.\n\n### gcloud CLI\n\nRun the [`gcloud recommender insights list`](/sdk/gcloud/reference/recommender/insights/list) command as follows: \n\n```\n\ngcloud recommender insights list \\\n--project=PROJECT_ID \\\n--location=LOCATION \\\n--insight-type=google.alloydb.instance.SecurityInsight \\\n--filter=insightSubtype=SSL_NOT_REQUIRED\n\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e : A region where your instances are located, such as `us-central1`.\n\n### API\n\nCall the [`insights.list`](/recommender/docs/reference/rest/v1/projects.locations.insightTypes.insights/list) method as follows: \n\n```\nGET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/insightTypes/google.alloydb.instance.SecurityInsight/insights?filter=insightSubtype=SSL_NOT_REQUIRED\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e : A region where your instances are located, such as `us-central1`.\n\nApply the recommendation\n------------------------\n\nEvaluate the recommendation carefully and do any of the following: \n\n### Console\n\nTo implement the recommendation, [enforce SSL/TLS mode](/alloydb/docs/instance-ssl#configure_the_ssl_enforcement_mode_on_an_instance) on your instance.\n\n### gcloud CLI\n\nTo implement the recommendation, [enforce SSL/TLS mode](/alloydb/docs/instance-ssl#configure_the_ssl_enforcement_mode_on_an_instance) on your instance.\n\nWhat's next\n-----------\n\n- [Google Cloud recommenders](/recommender/docs/recommenders)"]]