Instance access control

This page discusses the two levels of access control for Cloud SQL instances. You must configure both levels of access control before you can manage your instance.

Levels of access control

Configuring access control for an instance is about controlling who or what can access the instance. Access control occurs on two levels:

Instance-level access
Instance-level access authorizes access to your Cloud SQL instance from an application or client (running on App Engine or externally) or another Google Cloud service, such as Compute Engine.
Database access
Database access uses PostgreSQL roles to control which PostgreSQL users have access to the data in your instance.

Instance-level access

How you configure instance-level access depends on where you are connecting from:

Connection source Access configuration options More information
Compute Engine
  • Cloud SQL Proxy
  • Authorize static IP address
  • Cloud SQL Proxy Docker image
App Engine standard environment Not supported
App Engine flexible environment
  • Same project: preconfigured
  • Between projects: provide credentials
psql client
  • Cloud SQL Proxy
  • Authorize client IP address
External applications
  • Cloud SQL Proxy
  • Authorize client IP address

Database access

After a connection to an instance has been negotiated, the user or application must log in to the database instance with a user account. You create and manage user accounts as part of managing your Cloud SQL instance.

For more information, see PostgreSQL Users and Creating and Managing PostgreSQL Users.

What's next

Was this page helpful? Let us know how we did:

Send feedback about...

Cloud SQL for PostgreSQL
Need help? Visit our support page.