GCPcloud~5 mins

Cloud SQL Proxy for secure connections in GCP - Commands & Configuration

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Connecting to a Cloud SQL database securely can be tricky because you want to keep your data safe and avoid exposing your database to the internet. Cloud SQL Proxy helps by creating a secure tunnel between your local machine or server and the Cloud SQL instance, so you can connect safely without opening up your database to the world.

When you want to connect to a Cloud SQL database from your local computer without exposing the database to the internet.

When your application runs outside Google Cloud but needs secure access to a Cloud SQL instance.

When you want to avoid managing IP whitelists or SSL certificates manually for your database connections.

When you want to simplify authentication by using Google Cloud IAM permissions instead of database user passwords.

When you need a secure and encrypted connection to Cloud SQL from a development environment or a CI/CD pipeline.

Commands

Download the Cloud SQL Proxy binary and make it executable so you can run it on your Linux machine.

Terminal

wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy && chmod +x cloud_sql_proxy

Expected OutputExpected

No output (command runs silently)

Start the Cloud SQL Proxy to create a secure tunnel to the Cloud SQL instance named 'my-instance' in the 'us-central1' region of your project. It listens locally on port 5432 for PostgreSQL connections.

Terminal

./cloud_sql_proxy -instances=project:us-central1:my-instance=tcp:5432

Expected OutputExpected

2024/06/01 12:00:00 Listening on 127.0.0.1:5432 for project:us-central1:my-instance 2024/06/01 12:00:00 Ready for new connections

→

-instances - Specifies the Cloud SQL instance connection name and local port mapping.

Connect to the Cloud SQL PostgreSQL database through the proxy using the local port 5432. This command uses the local tunnel created by the proxy to securely access the database.

Terminal

psql -h 127.0.0.1 -p 5432 -U myuser -d mydatabase

Expected OutputExpected

psql (14.5) Type "help" for help. mydatabase=>

→

-h - Host address, here the local proxy address.

→

-p - Port number where the proxy listens.

→

-U - Database user name.

Stop the Cloud SQL Proxy when you no longer need the secure connection.

Terminal

killall cloud_sql_proxy

Expected OutputExpected

No output (command runs silently)

Key Concept

If you remember nothing else from this pattern, remember: Cloud SQL Proxy creates a secure, encrypted tunnel so you can connect to your Cloud SQL database safely without exposing it to the internet.

Common Mistakes

Trying to connect directly to the Cloud SQL instance IP without using the proxy or proper IP whitelisting.

The database is not exposed publicly by default, so the connection will fail or be blocked for security reasons.

Use Cloud SQL Proxy to create a secure tunnel or configure authorized networks properly.

Not making the Cloud SQL Proxy binary executable before running it.

The proxy will not start and will show a permission denied error.

Run chmod +x on the downloaded proxy binary to make it executable.

Using the wrong instance connection name format or misspelling it.

The proxy cannot find the Cloud SQL instance and will fail to connect.

Use the exact instance connection name in the format project:region:instance.

Summary

Download and make the Cloud SQL Proxy executable to run it on your machine.

Start the proxy with the correct instance connection name to create a secure tunnel.

Connect to your Cloud SQL database locally through the proxy using standard database clients.

Stop the proxy when finished to close the secure connection.