This page describes how to configure a PostgreSQL instance to use private IP. For information about how private IP works, including environment and management requirements, see Private IP.
Before you begin
Before configuring a Cloud SQL instance to use private IP, you must have the following items in place:
A VPC network at least one subnet in the same region as your Cloud SQL instances.
The GCP resources you will use to connect to your Cloud SQL instance must also be the same region as your Cloud SQL instance, and use a subnet of the VPC network in that region as well. These resources could be Compute Engine instances (VMs) or Google Kubernetes Engine instances.
The Service Networking API enabled for your project.
The Service Networking API is used to establish private services access.
Configuring an instance to use private IP at creation time
You can configure a Cloud SQL instance to use private IP when you create the instance. After you create the instance, you cannot remove private IP capability from the instance.
In the Creation wizard, under Configuration Options, expand the Set Connectivity section.
Select the Private IP checkbox.
A drop down list is displayed listing the available networks. If your project has a host project (using Shared VPC), the network can be in either your project or its host project.
Select the network where the resources you want to connect from are located.
If you previously established a private connection between this network and the Cloud SQL service, you are done; proceed with choosing instance settings and creating the instance.
If no allocated IP range exists for this network:
To let Cloud SQL allocate the range for you and create the private connection, click Allocate and connect. You are done; proceed with choosing instance settings and creating the instance.
Otherwise, allocate an IP range manually and return to this task.
If one or more allocated IP ranges exist for your network, and you haven’t yet selected the range you want to use to connect to the Cloud SQL service, select the range and click Connect. Proceed with choosing instance settings and creating the instance.
Configuring an existing instance to use private IP
You can configure an existing Cloud SQL instance to use private IP. After you configure an instance to use private IP, you cannot remove private IP capability from that instance.
Configuring an existing Cloud SQL instance to use private IP causes the instance to restart, resulting in downtime.
- Go to the Cloud SQL Instances page in the Google Cloud Platform Console.
Go to the Cloud SQL Instances page - Click the instance name to open its Overview page.
Select the Connections tab.
Select the Private IP checkbox.
A drop down list is displayed listing the available networks. If your project has a host project (using Shared VPC), the network can be in either your project or its host project.
Select the network where the resources you want to connect from are located.
If you previously established a private connection between this network and the Cloud SQL service, you are done; proceed with choosing instance settings and creating the instance.
If no allocated IP range exists for this network:
To let Cloud SQL allocate the range for you and create the private connection, click Allocate and connect. You are done; proceed with choosing instance settings and creating the instance.
Otherwise, allocate an IP range manually and return to this task.
If one or more allocated IP ranges exist for your network, and you haven’t yet selected the range you want to use to connect to the Cloud SQL service, select the range and click Connect. Proceed with choosing instance settings and creating the instance.
Configuring private services access for Cloud SQL without creating an instance
If you want to configure private services access for Cloud SQL without creating a Cloud SQL instance, see Configuring Private Services Access.
What's next
- Learn more about private IP.
- Learn more about private services access.
- See how to allocate an IP range for private services access.
