GET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/recommenders/google.alloydb.instance.SecurityRecommender/recommendations?filter=recommenderSubtype=REQUIRE_SSL
替换以下内容:
PROJECT_ID:您的项目 ID。
LOCATION:实例所在的区域,例如 us-central1。
查看数据分析和详细建议
您可以使用 Google Cloud 控制台、gcloud CLI 或 Recommender API 查看有关需要强制执行 SSL 模式的实例的分析洞见和详细建议。
GET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/insightTypes/google.alloydb.instance.SecurityInsight/insights?filter=insightSubtype=SSL_NOT_REQUIRED
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],["最后更新时间 (UTC):2025-08-25。"],[[["\u003cp\u003eThe AlloyDB enforce SSL mode recommender identifies production instances that do not enforce encryption for direct connections and suggests enabling SSL mode to prevent potential data loss.\u003c/p\u003e\n"],["\u003cp\u003eRecommendations to enforce SSL mode are generated daily based on the analysis of instance metadata and can be viewed through the Google Cloud console, \u003ccode\u003egcloud CLI\u003c/code\u003e, or the Recommender API.\u003c/p\u003e\n"],["\u003cp\u003eTo view and manage these recommendations, you need to enable the Recommender API and have the appropriate IAM roles, specifically \u003ccode\u003erecommender.alloydbViewer\u003c/code\u003e for viewing and \u003ccode\u003erecommender.alloydbAdmin\u003c/code\u003e or \u003ccode\u003ealloydb.admin\u003c/code\u003e for applying them.\u003c/p\u003e\n"],["\u003cp\u003eYou can implement the recommendation by enforcing SSL/TLS mode on your instance via the Google Cloud console or \u003ccode\u003egcloud CLI\u003c/code\u003e, to secure direct connections to your production instances.\u003c/p\u003e\n"],["\u003cp\u003eGemini in Databases is a pre-GA feature and will have limited support, and falls under the "Pre-GA Offerings Terms" as outlined in the General Service Terms.\u003c/p\u003e\n"]]],[],null,["# Improve instance security by enforcing SSL or TLS encryption\n\nThe AlloyDB enforce SSL mode [recommender](/recommender/docs/overview) helps you detect instances which are critical and have a risk of data loss.\n\nThis page describes the AlloyDB enforce SSL mode recommender, how this recommender works, and how to use it.\n\nThe AlloyDB enforce SSL mode recommender analyzes instance metadata.\nIf the instance is a production instance and does not enforce encryption requirements for direct connections,\nit is recommended to enable SSL mode.\n\nRecommendations are generated daily.\n\nBefore you begin\n----------------\n\nBefore you can view recommendations and insights, do the following:\n\n- Ensure that you [enable the Recommender API](/recommender/docs/enabling).\n\n- To get the permissions to view and work with insights and recommendations,\n ensure that you have the required [Identity and Access Management (IAM) roles](/iam/docs/understanding-roles#cloud-alloydb-roles).\n\n \u003cbr /\u003e\n\n See [Grant access to other users](/alloydb/docs/user-grant-access) for more information.\n\nList the recommendations\n------------------------\n\nYou can list the enforce SSL mode recommendations\nusing the Google Cloud console, `gcloud CLI`, or the Recommender API. \n\n### Console\n\n1. In the Google Cloud console, go to the **Clusters** page.\n\n [Go to Clusters](https://console.cloud.google.com/alloydb/clusters)\n\n For more information, see\n [Find recommendations with Recommendation Hub](/recommender/docs/recommendation-hub/identify-configuration-problems).\n2. In the **Security** card, click **Allows direct unencrypted connections**.\n\n A list of clusters with instances to which the **Allows direct unencrypted connections** recommendation applies is displayed.\n\n### gcloud CLI\n\nTo list the enforce SSL mode recommendations using gcloud CLI, run the [`gcloud recommender recommendations list`](/sdk/gcloud/reference/recommender/recommendations/list) command as follows: \n\n```\ngcloud recommender recommendations list \\\n--project=PROJECT_ID \\\n--location=LOCATION \\\n--recommender=google.alloydb.instance.SecurityRecommender \\\n--filter=recommenderSubtype=REQUIRE_SSL\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region where your instances are located, such as `us-central1`.\n\n### API\n\nTo list enforce SSL mode recommendations using the [Recommendations API](/recommender/docs/using-api), call the\n[`recommendations.list`](/recommender/docs/reference/rest/v1/projects.locations.recommenders.recommendations/list)\nmethod as follows: \n\n```\nGET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/recommenders/google.alloydb.instance.SecurityRecommender/recommendations?filter=recommenderSubtype=REQUIRE_SSL\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e: A region where your istances are located, such as `us-central1`.\n\nView insights and detailed recommendations\n------------------------------------------\n\nYou can view insights and detailed recommendations about instances\nthat require enforcing SSL mode using the Google Cloud console,\n`gcloud CLI`, or the Recommender API.\n\nTo view insights and detailed recommendations, follow these steps: \n\n### Console\n\nOn the **Clusters** page, click the **Allows direct unencrypted connections** recommendation for an instance in the **Issues** column.\nThe recommendation panel appears, which contains insights and detailed recommendations.\n\n### gcloud CLI\n\nRun the [`gcloud recommender insights list`](/sdk/gcloud/reference/recommender/insights/list) command as follows: \n\n```\n\ngcloud recommender insights list \\\n--project=PROJECT_ID \\\n--location=LOCATION \\\n--insight-type=google.alloydb.instance.SecurityInsight \\\n--filter=insightSubtype=SSL_NOT_REQUIRED\n\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e : A region where your instances are located, such as `us-central1`.\n\n### API\n\nCall the [`insights.list`](/recommender/docs/reference/rest/v1/projects.locations.insightTypes.insights/list) method as follows: \n\n```\nGET https://recommender.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/insightTypes/google.alloydb.instance.SecurityInsight/insights?filter=insightSubtype=SSL_NOT_REQUIRED\n```\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003ePROJECT_ID\u003c/var\u003e: Your project ID.\n- \u003cvar translate=\"no\"\u003eLOCATION\u003c/var\u003e : A region where your instances are located, such as `us-central1`.\n\nApply the recommendation\n------------------------\n\nEvaluate the recommendation carefully and do any of the following: \n\n### Console\n\nTo implement the recommendation, [enforce SSL/TLS mode](/alloydb/docs/instance-ssl#configure_the_ssl_enforcement_mode_on_an_instance) on your instance.\n\n### gcloud CLI\n\nTo implement the recommendation, [enforce SSL/TLS mode](/alloydb/docs/instance-ssl#configure_the_ssl_enforcement_mode_on_an_instance) on your instance.\n\nWhat's next\n-----------\n\n- [Google Cloud recommenders](/recommender/docs/recommenders)"]]
