Shared responsibility

This page describes what you, as a Cloud SQL customer, are responsible for and what Google is responsible for.

Introduction

Cloud SQL is a fully managed database service that simplifies deployment, maintenance, and management of relational databases in the cloud. Cloud SQL offers meaningful insights and manageability features, significantly reducing user toil.

As a Cloud SQL customer, you are responsible for configuring and operating Cloud SQL for your workload needs to get the most value from the service.

Google's responsibilities

  • Provision and maintain the underlying infrastructure, including hardware, firmware, kernel, OS, storage, network and more:
    • Secure the low-level infrastructure, which includes the physical premises, the hardware in Google data centers, and the low-level software stack running on the machines.
    • Encrypt data in a Cloud SQL instance at rest by default and enable customer-managed encryption in transit.
  • Install and maintain the database software.
    • Provide configuration and tools to secure your Cloud SQL instance.
    • Provide limited access to database-specific functionality available to customers using flags, stored procedures, and plugins.
    • Increase instance storage capacity for instances configured to enable automatic storage increase.
    • Provide maintenance notifications, allow maintenance deferrals, and set maintenance denial periods.
    • Apply database vendor-provided fixes to instances as part of scheduled maintenance.
    • Make database vendor-provided fixes for known security vulnerabilities available for customers to apply proactively using self-service maintenance
  • Provide monitoring telemetry for various instance components including but not limited to:
    • CPU
    • Storage
    • Network
    • Memory
    • User connections
  • Provide disaster recovery in case of regional outages for instances configured with cross-region read replicas and instances configured with multi-region backups.
  • Provide high availability in case of zonal outages on instances configured for high availability (HA).
  • Provide workload introspection capabilities for select engines with Query insights.
  • Provide actionable insights into instance sizing and idleness for cost optimization with the Recommender service.
  • Provide Google Cloud integrations for Identity and Access Management (IAM), tags, Cloud Logging, Cloud Key Management Service and Network Intelligence Center.

Customer responsibilities

  • Create instances with the appropriate version, location, size and database flags.
  • Create and administer databases and any user-created code on the instance.
  • Secure access, authentication, and authorization using appropriate controls.
  • Configure and troubleshoot connectivity from client-side tooling to the Cloud SQL instance.
  • Configure the Cloud SQL instance for high availability and zonal/regional disaster recovery.
  • Use the maintenance features to control the business impact from maintenance events.
  • Manage, tune, and optimize the database performance based on the workload and instance configuration.
  • Configure storage capacity to accommodate future growth necessary for critical database maintenance events.