Configuring public IP connectivity

This page describes how to configure public IP connectivity for a Cloud SQL instance.

Introduction

You can configure your Cloud SQL instance to have a public IPv4 address, and to accept connections from specific IP addresses or a range of addresses by adding authorized addresses to your instance.

For help with connecting an administration client to your instance over an IP connection, see Connecting mysql Client using IP addresses.

If you configure your instance to accept connections via its public IP address, you should also configure it to use SSL to keep your data secure. For more information, see Configure SSL for Instances.

To configure your instance with an IP address that is not exposed to the public internet, see Configuring Private IP Connectivity.

Enabling public IP and adding an authorized address or address range

To enable public IP and add an authorized address:

When you enable public IP for your instance, it is configured with a public, static IPv4 address.

Console

  1. Go to the Cloud SQL Instances page in the Google Cloud Console.

    Go to the Cloud SQL Instances page

  2. Click the instance name to open its Instance details page.
  3. Select the Connections tab.
  4. Select the Public IP checkbox.
  5. Click Add network.
  6. In the Network field, enter the IP address or address range you want to allow connections from.

    Use CIDR notation.

  7. Optionally, enter a name for this entry.
  8. Click Done.
  9. Click Save to update the instance.

gcloud

  1. If you haven't already, add an IPv4 address to the instance:
    gcloud sql instances patch [INSTANCE_NAME] --assign-ip
    
  2. Show all existing authorized addresses by describing the instance:
    gcloud sql instances describe [INSTANCE_NAME]
    

    Look for authorizedNetwork entries under ipConfiguration, and note any authorized addresses you want to keep.

  3. Update the authorized network list, including all addresses you want included.
    gcloud sql instances patch [INSTANCE_NAME] --authorized-networks=[IP_ADDR1],[IP_ADDR2]...
    

    Use CIDR notation.

  4. Confirm your changes:
    gcloud sql instances describe [INSTANCE_NAME]
    

REST

  1. Show all existing authorized addresses by describing the instance:

    Before using any of the request data below, make the following replacements:

    • project-id: The project ID
    • instance-id: The instance ID
    • machine-type The instance machine type
    • zone The instance zone

    HTTP method and URL:

    GET  https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id?fields=settings

    To send your request, expand one of these options:

    You should receive a JSON response similar to the following:

  2. Update the instance, including all addresses you want set on the instance:

    Before using any of the request data below, make the following replacements:

    • project-id: The project ID
    • instance-id: The instance ID
    • ip_addr_1 An authorized ip address
    • ip_addr_2 Another authorized ip address
    • operation-id The UUID of a queryable Operation object

    HTTP method and URL:

    PATCH https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id

    Request JSON body:

    {
      "settings" :
      {
        "ipConfiguration" :
        {
          "authorizedNetworks" :
            [{"value": "ip_addr_1"}, {"value": ip_addr_2"}]
        }
      }
    }
    

    To send your request, expand one of these options:

    You should receive a JSON response similar to the following:

    Use CIDR notation.

  3. Confirm your changes:

    Before using any of the request data below, make the following replacements:

    • project-id: The project ID
    • instance-id: The instance ID
    • ip-address1: The CIDR form of the first IP address
    • ip-address-name1: The name of the first IP address
    • ip-address2: The CIDR form of the second IP address
    • ip-address-name2: The name of the second IP address
    • machine-type The instance machine type
    • zone The instance zone

    HTTP method and URL:

    GET  https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id?fields=settings

    To send your request, expand one of these options:

    You should receive a JSON response similar to the following:

Removing an authorized address or address range

To remove an authorized address:

Console

  1. Go to the Cloud SQL Instances page in the Google Cloud Console.

    Go to the Cloud SQL Instances page

  2. Click the instance name to open its Instance details page.
  3. Select the Connections tab.
  4. Click the delete icon Delete. for the address you want to delete.
  5. Click Save to update the instance.

gcloud

  1. Show all existing authorized addresses by describing the instance:
    gcloud sql instances describe [INSTANCE_NAME]
    

    Look for authorizedNetwork entries under ipConfiguration, and note any authorized addresses you want to keep.

  2. Update the authorized network list, dropping off any addresses you want to remove.
    gcloud sql instances patch [INSTANCE_NAME] --authorized-networks=[IP_ADDR1],[IP_ADDR2]...
    
  3. Confirm your changes:
    gcloud sql instances describe [INSTANCE_NAME]
    

REST

  1. Show all existing authorized addresses by describing the instance:

    Before using any of the request data below, make the following replacements:

    • project-id: The project ID
    • instance-id: The instance ID
    • ip-address1: The CIDR form of the first IP address
    • ip-address-name1: The name of the first IP address
    • ip-address2: The CIDR form of the second IP address
    • ip-address-name2: The name of the second IP address
    • machine-type The instance machine type
    • zone The instance zone

    HTTP method and URL:

    GET  https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id?fields=settings

    To send your request, expand one of these options:

    You should receive a JSON response similar to the following:

  2. Update the instance, by including all the addresses you want to keep and dropping off any addresses you want to remove:

    Before using any of the request data below, make the following replacements:

    • project-id: The project ID
    • instance-id: The instance ID
    • operation-id The UUID of a queryable Operation object

    HTTP method and URL:

    PATCH https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id

    Request JSON body:

    {
      "settings" :
      {
        "ipConfiguration" :
        {
          "authorizedNetworks" :
            [{"value": "ip_addr_1"}]
        }
      }
    }
    
    

    To send your request, expand one of these options:

    You should receive a JSON response similar to the following:

  3. Confirm your changes:

    Before using any of the request data below, make the following replacements:

    • project-id: The project ID
    • instance-id: The instance ID
    • ip-address: The CIDR form of the IP address
    • ip-address-name: The name of the IP address
    • machine-type The instance machine type
    • zone The instance zone

    HTTP method and URL:

    GET  https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id?fields=settings

    To send your request, expand one of these options:

    You should receive a JSON response similar to the following:

Configuring an instance to refuse all public IP connections

To configure an instance to refuse all public IP connections:

Console

  1. Go to the Cloud SQL Instances page in the Google Cloud Console.

    Go to the Cloud SQL Instances page

  2. Click the instance name to open its Instance details page.
  3. Select the Connections tab.
  4. Click the delete icon Delete. for all authorized addresses.
  5. Click Save to update the instance.

gcloud

  1. Clear the authorized address list:
    gcloud sql instances patch [INSTANCE_NAME] --clear-authorized-networks
    
  2. Confirm your changes:
    gcloud sql instances describe [INSTANCE_NAME]
    

REST

  1. Show all existing authorized addresses by describing the instance:

    Before using any of the request data below, make the following replacements:

    • project-id: The project ID
    • instance-id: The instance ID
    • ip-address1: The CIDR form of the first IP address
    • ip-address-name1: The name of the first IP address
    • ip-address2: The CIDR form of the second IP address
    • ip-address-name2: The name of the second IP address
    • machine-type The instance machine type
    • zone The instance zone

    HTTP method and URL:

    GET  https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id?fields=settings

    To send your request, expand one of these options:

    You should receive a JSON response similar to the following:

  2. Update the instance with an empty address list:

    Before using any of the request data below, make the following replacements:

    • project-id: The project ID
    • instance-id: The instance ID
    • operation-id The UUID of a queryable Operation object

    HTTP method and URL:

    PATCH https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id

    Request JSON body:

    {
      "settings" :
      {
        "ipConfiguration" :
        {
          "authorizedNetworks" : []
        }
      }
    }
    

    To send your request, expand one of these options:

    You should receive a JSON response similar to the following:

  3. Confirm your changes:

    Before using any of the request data below, make the following replacements:

    • project-id: The project ID
    • instance-id: The instance ID
    • machine-type The instance machine type
    • zone The instance zone

    HTTP method and URL:

    GET  https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id?fields=settings

    To send your request, expand one of these options:

    You should receive a JSON response similar to the following:

Disabling public IP

You can disable public IP, but only if your instance is also configured to use Private IP. To enable private IP, see Configuring an existing instance to use private IP.

To disable public IP:

Console

  1. Go to the Cloud SQL Instances page in the Google Cloud Console.

    Go to the Cloud SQL Instances page

  2. Click the instance name to open its Instance details page.
  3. Select the Connections tab.
  4. Deselect the Public IP checkbox.
  5. Click Save to update the instance.

gcloud

  1. Update the instance:
    gcloud sql instances patch [INSTANCE_NAME] --no-assign-ip
    
  2. Confirm your changes:
    gcloud sql instances describe [INSTANCE_NAME]
    

REST

  1. Show all existing authorized addresses by describing the instance:

    Before using any of the request data below, make the following replacements:

    • project-id: The project ID
    • instance-id: The instance ID
    • ip-address1: The CIDR form of the first IP address
    • ip-address-name1: The name of the first IP address
    • ip-address2: The CIDR form of the second IP address
    • ip-address-name2: The name of the second IP address
    • machine-type The instance machine type
    • zone The instance zone

    HTTP method and URL:

    GET  https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id?fields=settings

    To send your request, expand one of these options:

    You should receive a JSON response similar to the following:

  2. Update the instance:

    Before using any of the request data below, make the following replacements:

    • project-id: The project ID
    • instance-id: The instance ID
    • operation-id The UUID of a queryable Operation object

    HTTP method and URL:

    PATCH https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id

    Request JSON body:

    {
      "settings" :
      {
        "ipConfiguration" : {"ipv4Enabled": false}
      }
    }
    

    To send your request, expand one of these options:

    You should receive a JSON response similar to the following:

  3. Confirm your changes:

    Before using any of the request data below, make the following replacements:

    • project-id: The project ID
    • instance-id: The instance ID
    • machine-type The instance machine type
    • zone The instance zone

    HTTP method and URL:

    GET  https://www.googleapis.com/sql/v1beta4/projects/project-id/instances/instance-id?fields=settings

    To send your request, expand one of these options:

    You should receive a JSON response similar to the following:

What's next

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud SQL for MySQL
Need help? Visit our support page.