diff --git a/cloud_sql/postgres_instance_ssl_cert/main.tf b/cloud_sql/postgres_instance_ssl_cert/main.tf
index 30f1fb066..e88ab199a 100644
--- a/cloud_sql/postgres_instance_ssl_cert/main.tf
+++ b/cloud_sql/postgres_instance_ssl_cert/main.tf
@@ -18,11 +18,15 @@
 resource "google_sql_database_instance" "postgres_instance" {
   name             = "postgres-instance"
   region           = "asia-northeast1"
-  database_version = "postgres_14"
+  database_version = "POSTGRES_14"
   settings {
     tier = "db-custom-2-7680"
     ip_configuration {
+      # The following SSL enforcement options only allow connections encrypted with SSL/TLS and with
+      # valid client certificates. Please check the API reference for other SSL enforcement options:
+      # https://cloud.google.com/sql/docs/postgres/admin-api/rest/v1beta4/instances#ipconfiguration
       require_ssl = "true"
+      ssl_mode    = "TRUSTED_CLIENT_CERTIFICATE_REQUIRED"
     }
   }
   # set `deletion_protection` to true, will ensure that one cannot accidentally delete this instance by