Configuring connection organization policies

This page describes how to add connection organization policies on Cloud SQL instances, to put restrictions on public IP configurations of Cloud SQL at the project, folder, or organization level. For an overview, see Connection organization policies.

Before you begin

  1. Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
  2. In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

    Go to project selector

  3. Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.

  4. Install and initialize the Cloud SDK.
  5. Add the Organization Policy Administrator role (roles/ orgpolicy.policyAdmin) to your user or service account from the IAM & Admin page.

    Go to the IAM accounts page

  6. See Restrictions before performing this procedure.

Configuring the organization policy

To configure the organization policy:

  1. Go to the Organization policies page.

    Go to the Organization policies page

  2. Click projects dropdown menu in the top tab, and then select the project, folder, or organization that requires the organization policy. The Organization policies page displays a list of organization policy constraints that are available.

  3. Filter for the constraint name or display_name.

    Connection policy constraints:

    • To disable access to or from the Internet:

      name: "constraints/sql.restrictPublicIp"
      display_name: "Restrict Public IP access on Cloud SQL instances"
    • To disable access from the internet when IAM authentication is missing (this does not affect access using Private IP):

      name: "constraints/sql.restrictAuthorizedNetworks"
      display_name: "Restrict Authorized Networks on Cloud SQL instances"
  4. Select the policy Name from the list.

  5. Click Edit.

  6. Select Customize.

  7. Change Enforcement to On.

  8. Click Save. A message displays that says the constraint is updated.

What's next