Configure Cloud SQL (PostgreSQL) in Application Design Center

Cloud SQL (PostgreSQL) is a fully-managed database service that helps you set up, maintain, manage, and administer your relational databases on Google Cloud. For more information, see the following:

This document describes the connections and parameters you can configure when using App Design Center to create a Cloud SQL (PostgreSQL) instance. The configuration parameters are based on the terraform-google-sql-db Terraform module.

Component connections

The following table includes the components that you can connect to a Cloud SQL (PostgreSQL) instance, and the resulting updates to your application and its generated Terraform code.

Connected component

Application updates

Background information

Compute Engine instance template
  • The Compute Engine instances can connect and read and write data to the Cloud SQL (PostgreSQL) instance.
  • The Cloud SQL connection metadata is added to the Compute Engine instance template.
  • The roles/cloudsql.instanceUser and roles/cloudsql.client roles are added to the Compute Engine instance template service account.
  • The Compute Engine service account is added as an IAM user to the Cloud SQL instance.
 Connect from Compute Engine
Secret Manager
  • The Secret Manager Secret Data field contains the password for the default user.
 Use Secret Manager to handle secrets in Cloud SQL

Service account
  • The service account can connect to the Cloud SQL (PostgreSQL) instance.
  • The roles/cloudsql.instanceUser and roles/cloudsql.client roles are added to the service account.
  • The service account IAM information is added to the Cloud SQL instance.
 Roles and permissions

Cloud Run
  • The Cloud Run service can read and write data to the Cloud SQL (PostgreSQL) instance.
  • The Cloud SQL connection metadata is added to the Cloud Run service.
  • The roles/cloudsql.instanceUser and roles/cloudsql.client roles are added to the Cloud Run service account.
  • The Cloud Run service account is added as an IAM user to the Cloud SQL instance.
 Connect from Cloud Run

Required configuration parameters

If your template includes a Cloud SQL (PostgreSQL) component, you must configure the following parameters before you deploy.

Parameter name

Description and constraint information

Background information

Project ID

The project where you want to deploy the Cloud SQL resource.

 Configure components

Name

 name Create a PostgreSQL instance

Database Version

 databaseVersion Create a PostgreSQL instance

Region

 region Manage instance locations

Optional configuration parameters

The following parameters are optional. To display advance parameters, in the Configuration area, select Show advanced fields.

Feature

Parameter name

Description and constraint information

Background information

Zone

 gceZone Manage instance locations

Edition

 edition edition

Availability Type

 availabilityType Availability in Cloud SQL

Enable Default Db

If selected, create a default database. In the Db Name field, enter the name of the default database.

 Create a database on the Cloud SQL instance

Enable Default User

If selected, create a default user. Enter a User Name and User Password for the default user.

 Default PostgreSQL users

Root Password

 rootPassword

Initial root password when the instance is created.

Database Deletion Policy

To allow the database to be abandoned rather than deleted, enter ABANDON.

PostgreSQL databases cannot be deleted if users other than cloudsqlsuperuser have access.

Data Cache Enabled

 Data cache Data cache overview

Machine

Select a machine series and type for your instance. The options that you select determine available storage type and configuration options. You can't change the machine series after you create your instance.

 Machine series overview

Disk Autoresize

Disk Autoresize

 storageAutoResize Enable automatic storage increases

Disk Autoresize Limit

 storageAutoResizeLimit Automatic storage increase limit

Disk Size

 dataDiskSizeGb Storage capacity

Disk Type

 dataDiskType Storage type

Pricing Plan

 pricingPlan SqlPricingPlan

Backup Configuration

Enabled

 enabled Create a PostgreSQL instance

Start Time

BackupConfiguration

 Create a PostgreSQL instance

Region

 location Custom backup locations

Zone

 location Custom backup locations

Point in Time Recovery Enabled

 pointInTimeRecoveryEnabled pointInTimeRecoveryEnabled

Transaction Log Retention Days

 BackupConfiguration Log retention period

Retained Backups

 transactionLogRetentionDays Logs and disk usage

Retention Unit

 retentionUnit retentionUnit

IP Configuration

Authorized Network Key

 authorizedNetworks[] Authorize with authorized networks

Authorized Network Value

 authorizedNetworks[] Authorize with authorized networks

IPv4 Enabled

 ipv4Enabled Configure Public IP

Private Network

 privateNetwork Configure Private IP

SSL Mode

 sslMode SSL mode

Allocate IP Range

 allocatedIpRange Allocated IP address ranges for services

Enable Private Path for Google Cloud Services

 Private path for Google Cloud services Create an instance that supports private services access and Private Service Connect

PSC Enabled

 psc_enabled Private Service Connect overview

PSC Allowed Consumer Projects

 allowedConsumerProjects[] Create an instance that supports private services access and Private Service Connect

Maintenance Version

 maintenanceVersion Self-service maintenance

Deletion protection

 If selected, the Cloud SQL instance cannot be deleted. Prevent deletion of an instance

Database flags

Name

 databaseFlags Configure database flags

Value

 databaseFlags Configure database flags

User Deletion Policy

To allow the user to be abandoned rather than deleted, enter ABANDON.

PostgreSQL users cannot be deleted if they have been granted SQL roles.

Additional Users

Name

 name About PostgreSQL users and roles

Password

Enter a password, or select Random Password to generate a password.

 About PostgreSQL users and roles

Additional Databases

Name

 name Create and manage databases

Collation

 collation Create and manage databases

Master Instance Name

 masterInstanceName Create read replicas

Instance Type

 instanceType SqlInstanceType

Random Instance Name

Add a random suffix to the end of the instance name.

 random_instance_name

Secondary Zone

The preferred zone for the replica instance.

 secondaryZone

Follow GAE Application

The App Engine application to follow. Must be in the same region as the Cloud SQL instance.

 followGaeApplication

Activation Policy

 activationPolicy Activation Policy

Deletion Protection Enabled

 deletionProtectionEnabled Prevent deletion of an instance

Read Replica Deletion Protection Enabled

To block Terraform from deleting replica SQL Instances, select the checkbox.

 Considering deletion protection for read replicas

Maintenance Window

Maintenance Window Day

 day About maintenance on Cloud SQL instances

Maintenance Window Hour

 hour About maintenance on Cloud SQL instances

Maintenance Window Update Track

 updateTrack About maintenance on Cloud SQL instances

User Labels

Key

Key label for the Cloud SQL instance

 userLabels

Value

Value label for the Cloud SQL instance

 userLabels

Deny Maintenance Period

End Date

 endDate Configure a deny maintenance period

Start Date

 startDate Configure a deny maintenance period

Time

 time Configure a deny maintenance period

Insights Config

Query Plans Per Minute

 queryPlansPerMinute Use query insights to improve query performance

Query String Length

 queryStringLength Use query insights to improve query performance

Record Application Tags

 recordApplicationTags Enable query insights

Record Client Address

 recordClientAddress Enable query insights

Password Validation Policy Config

Min Length

 minLength Set password policy

Complexity

 complexity Set password policy

Reuse Interval

 reuseInterval Set password policy

Disallow Username Substring

 disallowUsernameSubstring Set password policy

Password Change Interval

 passwordChangeInterval Set password policy

Read Replicas

Name

 read_replicas Read replicas

Name Override

 A string to override the default read replica name. read_replicas

Read Replica Name Suffix

The optional suffix to add to the read instance name.

 Read replicas

DB Charset

 charset Create a database on the Cloud SQL instance

DB Collation

 collation Create a database on the Cloud SQL instance

IAM Users

ID

The IAM user's ID.

 IAM authentication

Email

The IAM user's email.

 Add an individual IAM user or service account to a Cloud SQL instance

Type

 type Add an individual IAM user or service account to a Cloud SQL instance

Create Timeout

The optional timeout that is applied to limit long database creates.

 create_timeout

Update Timeout

The optional timeout that is applied to limit long database updates.

 update_timeout

Delete Timeout

The optional timeout that is applied to limit long database deletes.

 delete_timeout

Encryption Key Name

 encryption_key_name About client-side encryption

Read Replica Deletion Protection

If selected, blocks Terraform from deleting replica SQL Instances.

 deletion_protection

Enable Random Password Special

If selected, enables special characters in generated random passwords.

 enable_random_password_special

Connector Enforcement

 connectorEnforcement Cloud SQL Language Connectors overview

Enable Google ML Integration

 enable_google_ml_integration Build generative AI applications using Cloud SQL

Database Integration Roles

The roles required by the default database instance service account for integration with Google Cloud services.

 Before you begin