AlloyDB for PostgreSQL shared responsibility

This page describes what you, as an AlloyDB for PostgreSQL customer, are responsible for, and what Google is responsible for.

AlloyDB is a fully managed database service that simplifies deployment, maintenance, and management of relational databases in the Google Cloud. AlloyDB offers meaningful insights and manageability features, significantly reducing user toil.

As an AlloyDB customer, you are responsible for configuring and operating AlloyDB to ensure that your workloads get the most value from the service.

Google's responsibilities

  • Provision and maintain the underlying infrastructure, including hardware, firmware, kernel, OS, storage, network and more:
    • Secure the low-level infrastructure, which includes the physical premises, the hardware in Google data centers, and the low-level software stack running on the machines.
    • Encrypt data in an AlloyDB instance at rest by default and enable customer-managed encryption in transit.
  • Schedule maintenance window to apply the latest AlloyDB version:
    • Provide maintenance notifications.
    • Allow maintenance window configuration.
  • Provide configuration and tools to secure your AlloyDB instances:
    • Provide limited access to database-specific features available to customers using flags, stored procedures, and plugins.
    • Increase self-service cluster storage quota. If you need to store more than 16TiB of data in a cluster.
  • Provide monitoring telemetry for various instance components including but not limited to:
    • CPU
    • Storage
    • Network
    • Memory
    • User connections
  • Let you configure continuous backups that allows point-in-time (PITR) the cluster to restore to any point within your retention.
  • Provide disaster recovery capabilities in case of regional outages for instances configured with cross-region read replicas and instances configured with multi-region backups.
  • Provide high availability in case of zonal outages on instances configured for high availability (HA).
  • Provide workload introspection capabilities and insights with Query insights.
  • Provide Google Cloud integrations for Identity and Access Management (IAM), tags, Cloud Key Management Service and Network Intelligence Center.

Customer responsibilities

  • Create clusters and instances with appropriate major version, location, size, and database flags.
  • Create and administer databases and any user-created code on the instance.
  • Secure access, authentication, and authorization using appropriate controls.
  • Configure and troubleshoot connectivity from client-side tooling to the AlloyDB instance.
  • Configure the AlloyDB instance for high availability and zonal or regional disaster recovery.
  • Use the maintenance features to control the business impact from maintenance events.
  • Manage, tune, and optimize the database performance based on the workload and instance configuration.
  • Make sure you have storage quota approval to accommodate future growth necessary for critical database maintenance events.