GET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/recommenders/google.alloydb.instance.SecurityRecommender/recommendations?filter=recommenderSubtype=REQUIRE_SSL
更改下列內容:
PROJECT_ID:您的專案 ID。
LOCATION:執行個體所在的區域,例如 us-central1。
查看洞察資料和詳細建議
如要查看需要強制執行 SSL 模式的執行個體相關深入分析和詳細建議,請使用 Google Cloud 控制台、gcloud CLI 或 Recommender API。
GET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/insightTypes/google.alloydb.instance.SecurityInsight/insights?filter=insightSubtype=SSL_NOT_REQUIRED
[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["難以理解","hardToUnderstand","thumb-down"],["資訊或程式碼範例有誤","incorrectInformationOrSampleCode","thumb-down"],["缺少我需要的資訊/範例","missingTheInformationSamplesINeed","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-09-04 (世界標準時間)。"],[[["\u003cp\u003eThe AlloyDB enforce SSL mode recommender identifies production instances that do not enforce encryption for direct connections and suggests enabling SSL mode to prevent potential data loss.\u003c/p\u003e\n"],["\u003cp\u003eRecommendations to enforce SSL mode are generated daily based on the analysis of instance metadata and can be viewed through the Google Cloud console, \u003ccode\u003egcloud CLI\u003c/code\u003e, or the Recommender API.\u003c/p\u003e\n"],["\u003cp\u003eTo view and manage these recommendations, you need to enable the Recommender API and have the appropriate IAM roles, specifically \u003ccode\u003erecommender.alloydbViewer\u003c/code\u003e for viewing and \u003ccode\u003erecommender.alloydbAdmin\u003c/code\u003e or \u003ccode\u003ealloydb.admin\u003c/code\u003e for applying them.\u003c/p\u003e\n"],["\u003cp\u003eYou can implement the recommendation by enforcing SSL/TLS mode on your instance via the Google Cloud console or \u003ccode\u003egcloud CLI\u003c/code\u003e, to secure direct connections to your production instances.\u003c/p\u003e\n"],["\u003cp\u003eGemini in Databases is a pre-GA feature and will have limited support, and falls under the "Pre-GA Offerings Terms" as outlined in the General Service Terms.\u003c/p\u003e\n"]]],[],null,["# Improve instance security by enforcing SSL or TLS encryption\n\nThe AlloyDB enforce SSL mode [recommender](/recommender/docs/overview) helps you detect instances which are critical and have a risk of data loss.\n\nThis page describes the AlloyDB enforce SSL mode recommender, how this recommender works, and how to use it.\n\nThe AlloyDB enforce SSL mode recommender analyzes instance metadata.\nIf the instance is a production instance and does not enforce encryption requirements for direct connections,\nit is recommended to enable SSL mode.\n\nRecommendations are generated daily.\n\nBefore you begin\n----------------\n\nBefore you can view recommendations and insights, do the following:\n\n- Ensure that you [enable the Recommender API](/recommender/docs/enabling).\n\n- To get the permissions to view and work with insights and recommendations,\n ensure that you have the required [Identity and Access Management (IAM) roles](/iam/docs/understanding-roles#cloud-alloydb-roles).\n\n \u003cbr /\u003e\n\n See [Grant access to other users](/alloydb/docs/user-grant-access) for more information.\n\nList the recommendations\n------------------------\n\nYou can list the enforce SSL mode recommendations\nusing the Google Cloud console, `gcloud CLI`, or the Recommender API. \n\n### Console\n\n1. In the Google Cloud console, go to the **Clusters** page.\n\n [Go to Clusters](https://console.cloud.google.com/alloydb/clusters)\n\n For more information, see\n [Find recommendations with Recommendation Hub](/recommender/docs/recommendation-hub/identify-configuration-problems).\n2. In the **Security** card, click **Allows direct unencrypted connections**.\n\n A list of clusters with instances to which the **Allows direct unencrypted connections** recommendation applies is displayed.\n\n### gcloud CLI\n\nTo list the enforce SSL mode recommendations using gcloud CLI, run the [`gcloud recommender recommendations list`](/sdk/gcloud/reference/recommender/recommendations/list) command as follows: \n\n```\ngcloud recommender recommendations list \\\n--project=PROJECT_ID \\\n--location=LOCATION \\\n--recommender=google.alloydb.instance.SecurityRecommender \\\n--filter=recommenderSubtype=REQUIRE_SSL\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region where your instances are located, such as `us-central1`.\n\n### API\n\nTo list enforce SSL mode recommendations using the [Recommendations API](/recommender/docs/using-api), call the\n[`recommendations.list`](/recommender/docs/reference/rest/v1/projects.locations.recommenders.recommendations/list)\nmethod as follows: \n\n```\nGET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/recommenders/google.alloydb.instance.SecurityRecommender/recommendations?filter=recommenderSubtype=REQUIRE_SSL\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region where your istances are located, such as `us-central1`.\n\nView insights and detailed recommendations\n------------------------------------------\n\nYou can view insights and detailed recommendations about instances\nthat require enforcing SSL mode using the Google Cloud console,\n`gcloud CLI`, or the Recommender API.\n\nTo view insights and detailed recommendations, follow these steps: \n\n### Console\n\nOn the **Clusters** page, click the **Allows direct unencrypted connections** recommendation for an instance in the **Issues** column.\nThe recommendation panel appears, which contains insights and detailed recommendations.\n\n### gcloud CLI\n\nRun the [`gcloud recommender insights list`](/sdk/gcloud/reference/recommender/insights/list) command as follows: \n\n```\n\ngcloud recommender insights list \\\n--project=PROJECT_ID \\\n--location=LOCATION \\\n--insight-type=google.alloydb.instance.SecurityInsight \\\n--filter=insightSubtype=SSL_NOT_REQUIRED\n\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e : A region where your instances are located, such as `us-central1`.\n\n### API\n\nCall the [`insights.list`](/recommender/docs/reference/rest/v1/projects.locations.insightTypes.insights/list) method as follows: \n\n```\nGET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/insightTypes/google.alloydb.instance.SecurityInsight/insights?filter=insightSubtype=SSL_NOT_REQUIRED\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e : A region where your instances are located, such as `us-central1`.\n\nApply the recommendation\n------------------------\n\nEvaluate the recommendation carefully and do any of the following: \n\n### Console\n\nTo implement the recommendation, [enforce SSL/TLS mode](/alloydb/docs/instance-ssl#configure_the_ssl_enforcement_mode_on_an_instance) on your instance.\n\n### gcloud CLI\n\nTo implement the recommendation, [enforce SSL/TLS mode](/alloydb/docs/instance-ssl#configure_the_ssl_enforcement_mode_on_an_instance) on your instance.\n\nWhat's next\n-----------\n\n- [Google Cloud recommenders](/recommender/docs/recommenders)"]]
