gcp,

GCP: Configure Cloud SQL Auth proxy

Mar 22, 2023 · 1 min read · Post a comment

Cloud SQL Auth proxy is a SQL connector that enables secure and proxy access to databases. This is the recommended way to connect to managed GCP DBs, including the minimum administrative effort, in a way. There are three ways you could start this app service: TCP sockets, Unix sockets and Docker. Although Docker sounds like the best option whatever you do these days, I’ve decided to go with the most basic, simple approach being TCP sockets.

Prerequisites

  • GCP account
  • Cloud SQL Auth proxy

Solution

Once you have installed Cloud SQL Auth proxy on your GCP VM instance, run the following command to connect to GCP managed database that doesn’t have public access:

nohup ./cloud-sql-proxy --address 0.0.0.0 --port 5432 --private-ip <GCP_project_name>:<gcp_db_instance_name> &

Few note(s):

  • As a good practice, make sure the managed DB is not accessible from outside. Configure Private Services Access.
  • Deploy the Cloud SQL Auth proxy VM in a private subnet too, and make sure you have Firewall configured in place.
  • If you get the following error: ./cloud-sql-proxy must set -dir: using a unix socket for [INSTANCE_NAME], ensure adding something as: -dir=/cloudsql.
  • Unlike the Docker setup, you must create a Linux service in case the VM restart, so you won’t have to start the above command manually. Or, create a Bash script and execute the script as a service, whatever rows your boat.

An example Linux service would look like:

[Unit]
Description=Enable Cloud SQL proxy access

[Service]
ExecStart=/root/cloud-sql-proxy --address 0.0.0.0 --port 5432 --private-ip <GCP_project_name>:<gcp_db_instance_name>

[Install]
WantedBy=multi-user.target

Conclusion

If you get stuck at some step, feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.