You can create a connection profile on its own or in the context of creating a specific migration job. Either way, all connection profiles are available for review and modification on the Connection profiles page, and can be reused across migration jobs.
Creating a source connection profile on its own is useful if the
person who has the source access information is not the same person who creates
the migration job. You can also reuse a source connection profile
definition in multiple migration jobs. If you use the same profile for multiple migrations, you need to update the max_replication_slots
parameter
in the source database to account for the number of replicas you're creating.
To create a source connection profile, follow these steps:
- Go to the Connection profiles page in the Google Cloud Console.
- Click Create profile.
- On the Create a connection profile page, provide the following information required to connect to your source:
- From the Profile role list, select Source.
From the Database engine list, select your source database engine.
- Enter a Connection profile name. This is used in the connection profile list as well as when an existing connection profile is selected in the creation of a migration job.
- Keep the auto-generated Connection profile ID.
Enter a Hostname or IP address.
If the source database is hosted in Google Cloud or if a reverse SSH tunnel is used to connect the destination database to the source database, then specify the private (internal) IP address for the source database. This address will be accessible by the Cloud SQL destination. For more information, see Configure connectivity using VPC peering.
For other connectivity methods, such as IP allowlist, provide the public IP address.
- Enter the Port that's used to access the host. The default PostgreSQL port is 5432.
- Enter a username and password for the source database. The user must have these privileges.
In the Connection profile region section of the page, select the region where you want to save the connection profile.
Optional: If the connection is made over a public network (by using IP allowlists), then we recommend that you use SSL/TLS encryption for the connection between the source and destination databases.
In the Secure your connection section, from the Encryption type list, you can select one of the following SSL/TLS configuration options:
- None: The Cloud SQL destination instance connects to the source database without encryption. We recommend that you don't use this option if your database requires encrypted connections.
- Basic: The Cloud SQL destination instance connects to the source database with encryption but doesn't verify the certificate authority (CA).
TLS authentication: When the Cloud SQL destination instance connects to the source database, the instance authenticates the source, ensuring that the instance is connecting to the correct host securely. This prevents person-in-the-middle (PITM) attacks. For TLS authentication, the source doesn't authenticate the instance.
To use TLS authentication, you must provide the x509 PEM-encoded certificate of the CA that signed the external server's certificate.
- mTLS authentication: When the destination instance connects to the
source, the instance authenticates the source and the source
authenticates the instance.
mTLS authentication provides the strongest security. However, if you don't want to provide the client certificate and private key when you create the Cloud SQL destination instance, you can still use TLS authentication.
To use mTLS authentication, you must provide the following items when you create the destination connection profile:
- The certificate of the CA that signed the source database server's certificate (the CA certificate).
- The certificate used by the instance to authenticate against the source database server (the client certificate).
- The private key associated with the client certificate (the client key).
Click Create at the bottom of the page.
The Connection profiles page appears, and the newly created connection profile is displayed.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-01-23 UTC.