Best practice rules for GCP AlloyDB
- Enable Customer-Managed Encryption Keys (CMEK) for AlloyDB Clusters
Ensure that your Google Cloud AlloyDB clusters are encrypted with customer-managed encryption keys (CMEK) instead of Google-managed encryption keys.
- Enforce SSL/TLS Encryption for AlloyDB Instance Database Connections
Ensure that your Google Cloud AlloyDB instances are configured with SSL enforcement mode set to ENCRYPTED_ONLY to enforce SSL/TLS encryption for all database connections.