Control: Alloy DB clusters should use customer-managed encryption key (CMEK) for encryption
Usage
Run the control in your terminal:
powerpipe control run gcp_compliance.control.alloydb_cluster_encrypted_with_cmkSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run gcp_compliance.control.alloydb_cluster_encrypted_with_cmk --shareSQL
This control uses a named query:
select self_link resource, case when encryption_info ->> 'encryptionType' = 'CUSTOMER_MANAGED_ENCRYPTION' then 'ok' else 'alarm' end as status, case when encryption_info ->> 'encryptionType' = 'CUSTOMER_MANAGED_ENCRYPTION' then title || ' encrypted with customer-managed encryption keys.' else title || ' encrypted with Google-managed encryption keys.' end as reason , location as location, project as projectfrom gcp_alloydb_cluster;