Best practice rules for GCP Filestore
- Enable Deletion Protection for Filestore Instances
Ensure that Deletion Protection feature is enabled for Google Cloud Filestore instances.
- Restrict Client Access by IP Address or IP Range
Restrict Filestore client access to trusted IP addresses or IP address ranges only.
- Use Customer-Managed Encryption Keys for Filestore Data Encryption
Use Customer-Managed Encryption Keys (CMEKs) to encrypt data at rest within your Filestore instances.
- Use On-Demand Backup and Restore for Google Cloud Filestore Instances
Ensure that on-demand backup and restore functionality is in use for Google Cloud Filestore instances.
- Use VPC Service Controls for Filestore Instances
Ensure that VPC Service Controls perimeters are used to protect your Filestore instances from data exfiltration.