Benchmark: AlloyDB
Description
This section contains recommendations for configuring Alloy DB resources.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-gcp-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select AlloyDB.
Run this benchmark in your terminal:
powerpipe benchmark run gcp_compliance.benchmark.all_controls_alloydbSnapshot and share results via Turbot Pipes:
powerpipe benchmark run gcp_compliance.benchmark.all_controls_alloydb --shareControls
- Alloy DB clusters should use customer-managed encryption key (CMEK) for encryption
- Ensure 'log_error_verbosity' database flag for Alloy DB instance is set to 'DEFAULT' or stricter
- Ensure 'log_min_error_statement' database flag for Alloy DB instance is set to 'Error' or stricter
- Ensure that the 'Log_min_messages' Flag for a Alloy DB Instance is set at minimum to 'Warning'