Introducing private networking connection for Cloud SQL
Cloud SQL is a fully managed relational database service from Google Cloud Platform (GCP) that makes MySQL and PostgreSQL instances accessible from just about any application, anywhere. Today, we’re pleased to bring you the top-requested connection option for these instances: private networking. Now in beta availability, private networking, often called Virtual Private Cloud (VPC), makes connecting to Cloud SQL from applications in GCP easier and even more secure.
Exploring Cloud SQL connection options
Private IP networking joins public IP and the Cloud SQL Proxy to add more options to your instance connectivity needs. Here’s a brief comparison of some of the benefits of each:
Public IP address: Assigning a public IP address to a Cloud SQL instance lets you connect from nearly any application or location. It also makes access control paramount when managing these instances, given that any client could directly access the instance over the internet. To add security, Cloud SQL includes a network firewall, which blocks all traffic to the public IP address by default. To control access to your instance, you can authorize specific IP addresses that may connect through the firewall.
Cloud SQL Proxy: The Cloud SQL Proxy provides secure access to your instances without having to whitelist IP addresses or configure SSL. This is especially useful for clients with dynamic IP addresses, like those using laptops, because you won’t have to reference the instance with an IP address to connect. Instead, the proxy will reference your Cloud SQL instance using a local socket.
New: Private IP address: Private networking enables connectivity to your Cloud SQL instances from your GCP VPC. VPCs provide private communication between compute resources you create, and now you can use this environment to enable private communication to Cloud SQL.
Using private networking with Cloud SQL has several additional advantages over using public IP addresses:
Lower network latency: Private IP networking offers lower latency than public IP networking.
Improved network security: Service owners do not need to have their services exposed to the public internet and deal with its associated risks.
Getting started with private networking for Cloud SQL
When you’re ready, get started with private networking in your project by enabling it on new or existing Cloud SQL instances. Navigate to your instance’s connectivity settings and check the box for Private IP, as shown here:
Once checked, Private IP allows Cloud SQL to rely on GCP's VPC Network Peering, which is used to establish private communication between your compute resources on a VPC and Cloud SQL. In the example below, connecting Network-A to Cloud-SQL-network will allow connectivity between all of the Compute Engine VMs in Network-A and all of the Cloud SQL instances in Cloud-SQL-network.
Once you’ve created a private connection, connecting to a Google Cloud SQL database is the same as connecting to any MySQL or PostgreSQL database—you use standard connectors and standard tools, such as mysqldump and pg_dump, to migrate data.
For quick, hands-on experience with private networking, check out the Connecting to Cloud SQL code lab.