This page describes how to edit an existing Cloud SQL instance.
After you create an instance, you can edit it while it's running to change its settings. For information about instance settings and how changing settings can impact an instance, see Instance Settings.
You can integrate Cloud SQL for SQL Server with Managed Service for Microsoft Active Directory (Managed Microsoft AD). This integration includes capabilities for joining and leaving a Managed Microsoft AD domain at the per-instance level. For more information, see the Overview of Managed Microsoft AD in Cloud SQL.
You also can enable or disable database auditing.
Edit an instance
Most edits can be applied to an instance only when it's running.
Console
-
In the Google Cloud console, go to the Cloud SQL Instances page.
- To open the Overview page of an instance, click the instance name.
- Click Edit.
- In the Customize your instance section, if the Show configuration options menu appears, then click it.
Update any editable settings for your instance.
Learn more about instance settings.
- Click Save.
gcloud
This command modifies the backup start time.
gcloud sql instances patch INSTANCE_NAME \ --backup-start-time 16:00
If a patch modifies a value that requires a restart, then you see a prompt to proceed with the change or cancel.
To learn more about instance configuration flags, see gcloud sql instances patch.
REST v1
By using this command, you can modify the backup start time.
Before using any of the request data, make the following replacements:
- PROJECT_ID: the project ID
- INSTANCE_ID: the instance ID
- PRIVATE_NETWORK: the network that you're adding or selecting to create a private connection
HTTP method and URL:
PATCH https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances/INSTANCE_ID
Request JSON body:
{
"settings": {
"backupConfiguration": {
"startTime": "16:00",
"enabled": true,
"binaryLogEnabled": true
}
}
"ipConfiguration": {
"privateNetwork": "PRIVATE_NETWORK",
"authorizedNetworks": [],
"ipv4Enabled": false,
}
}
To send your request, expand one of these options:
You should receive a JSON response similar to the following:
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances/INSTANCE_ID",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-16T02:32:12.281Z",
"operationType": "UPDATE",
"name": "OPERATION_ID",
"targetId": "INSTANCE_ID",
"selfLink": "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/operations/OPERATION_ID",
"targetProject": "PROJECT_ID"
}
If a patch modifies a value that requires a restart, you will see a prompt to proceed with the change or cancel.
To see how the underlying REST API request is constructed for this task, see the APIs Explorer on the instances:patch page.REST v1beta4
By using this command, you can modify the backup start time.
Before using any of the request data, make the following replacements:
- PROJECT_ID: the project ID
- INSTANCE_ID: the instance ID
- PRIVATE_NETWORK: the network that you're adding or selecting to create a private connection
HTTP method and URL:
PATCH https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/instances/INSTANCE_ID
Request JSON body:
{
"settings": {
"backupConfiguration": {
"startTime": "16:00",
"enabled": true,
"binaryLogEnabled": true
}
}
"ipConfiguration": {
"privateNetwork": "PRIVATE_NETWORK",
"authorizedNetworks": [],
"ipv4Enabled": false,
}
}To send your request, expand one of these options:
You should receive a JSON response similar to the following:
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/instances/INSTANCE_ID",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-16T02:32:12.281Z",
"operationType": "UPDATE",
"name": "OPERATION_ID",
"targetId": "INSTANCE_ID",
"selfLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/operations/OPERATION_ID",
"targetProject": "PROJECT_ID"
}
If the patch modifies a value that requires a restart, you will see a prompt to proceed with the change or cancel.
To see how the underlying REST API request is constructed for this task, see the APIs Explorer on the instances:patch page.Edit an instance with Private Service Connect enabled
You can update an instance with Private Service Connect enabled by using gcloud CLI or the API. For example, you can update projects associated with instances for the following purposes:
- To allow connections from Private Service Connect endpoints to the Cloud SQL instances.
- To remove projects from the list of allowed projects. For any project that's removed, connections to any existing Private Service Connect endpoints continue to work, but new endpoints aren't accepted.
gcloud
To update projects that can use Private Service Connect, use the gcloud sql instances patch command:
gcloud sql instances patch INSTANCE_NAME \ --project=PROJECT_ID \ --allowed-psc-projects=ALLOWED_PROJECTS
Make the following replacements:
- INSTANCE_NAME: the name of the Cloud SQL instance to which Private Service Connect endpoints in VPC networks can connect.
- PROJECT_ID: the ID or project number of the Google Cloud project that contains the instance to which Private Service Connect endpoints in VPC networks can connect.
- ALLOWED_PROJECTS: a list of allowed project IDs or numbers, separated by commas. These projects override projects that are already configured to use Private Service Connect. If a project isn't contained in this list, then you can't use it to create an instance and enable Private Service Connect for it.
The following example lets two projects (98765 and 87654) make connections from Private Service Connect endpoints to the myinstance Cloud SQL instance that's contained in the 12345 project:
gcloud sql instances patch myinstance \ --project=12345 \ --allowed-psc-projects='98765','87654'
To remove all allowed projects, use the gcloud sql instances patch command and the --clear-allowed-psc-projects flag:
gcloud sql instances patch INSTANCE_NAME \ --project=PROJECT_ID \ --clear-allowed-psc-projects
This flag ensures that no projects are allowed inadvertently.
REST v1
Before using any of the request data, make the following replacements:
- PROJECT_ID: the ID or project number of the Google Cloud project that contains the instance to which Private Service Connect endpoints in VPC networks can connect.
- INSTANCE_NAME: the name of the Cloud SQL instance to which Private Service Connect endpoints in VPC networks can connect.
- ALLOWED_PROJECTS: a list of allowed project IDs or numbers, separated by commas. These projects override projects that are already configured to use Private Service Connect. If a project isn't contained in this list, then you can't use it to create an instance and enable Private Service Connect for it.
HTTP method and URL:
PATCH https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances/INSTANCE_NAME
Request JSON body:
{
"kind": "sql#instance",
"name": "INSTANCE_NAME",
"project": "PROJECT_ID",
"settings": {
"ipConfiguration": {
"pscConfig": {
"allowedConsumerProjects": [ALLOWED_PROJECTS]
}
},
"kind": "sql#settings"
}
}
To send your request, expand one of these options:
You should receive a JSON response similar to the following:
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances/INSTANCE_NAME",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-16T02:32:12.281Z",
"operationType": "UPDATE",
"name": "OPERATION_ID",
"targetId": "INSTANCE_NAME",
"selfLink": "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/operations/OPERATION_ID",
"targetProject": "PROJECT_ID"
}
To remove all allowed projects, use the clear-allowed-psc-projects flag. This flag ensures that no projects are allowed inadvertently.
REST v1beta4
Before using any of the request data, make the following replacements:
- PROJECT_ID: the ID or project number of the Google Cloud project that contains the instance to which Private Service Connect endpoints in VPC networks can connect.
- INSTANCE_NAME: the name of the Cloud SQL instance to which Private Service Connect endpoints in VPC networks can connect.
- ALLOWED_PROJECTS: a list of allowed project IDs or numbers, separated by commas. These projects override projects that are already configured to use Private Service Connect. If a project isn't contained in this list, then you can't use it to create an instance and enable Private Service Connect for it.
HTTP method and URL:
PATCH https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/instances/INSTANCE_NAME
Request JSON body:
{
"kind": "sql#instance",
"name": "INSTANCE_NAME",
"project": "PROJECT_ID",
"settings": {
"ipConfiguration": {
"pscConfig": {
"allowedConsumerProjects": [ALLOWED_PROJECTS]
}
},
"kind": "sql#settings"
}
}
To send your request, expand one of these options:
You should receive a JSON response similar to the following:
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/instances/INSTANCE_NAME",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-16T02:32:12.281Z",
"operationType": "UPDATE",
"name": "OPERATION_ID",
"targetId": "INSTANCE_NAME",
"selfLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/operations/OPERATION_ID",
"targetProject": "PROJECT_ID"
}
To remove all allowed projects, use the clear-allowed-psc-projects flag. This flag ensures that no projects are allowed inadvertently.
Edit a custom SAN for an instance
If you want to use a custom DNS name to connect to a Cloud SQL instance instead of using an IP address, then configure the custom subject alternative name (SAN) setting while creating the instance. The custom DNS name that you insert into the custom SAN setting is added to the SAN field of the server certificate of the instance. This lets you use the custom DNS name with hostname validation securely.
You can perform the following operations with a custom SAN for a server certificate of an instance:
- Add DNS names to the instance: add a comma-separated list of up to three custom DNS names to the custom SAN setting. Cloud SQL adds these names to the SAN field of the server certificate. You can secure multiple DNS names with a single certificate.
- Modify DNS names for the instance: change the custom DNS names that you want to add to the SAN field of the server certificate of the instance.
- Remove DNS names from the instance: remove all custom DNS names from the SAN field of the server certificate of the instance.
You can edit a custom SAN for an instance by using gcloud CLI or the API.
gcloud
To edit a custom SAN for an instance, use the gcloud beta sql instances patch command:
gcloud beta sql instances patch INSTANCE_NAME \ --project=PROJECT_ID \ --custom-subject-alternative-names=DNS_NAMES
Make the following replacements:
- INSTANCE_NAME: the name of the Cloud SQL instance that has a server certificate to which you're adding, modifying, or removing DNS names
- PROJECT_ID: the ID or project number of the Google Cloud project that contains the instance
- DNS_NAMES: a comma-separated list of up to three DNS names that you're adding to the server certificate of your instance
To remove all DNS names from the server certificate of a Cloud SQL
instance, use the
gcloud beta sql instances patch command and the --clear-custom-subject-alternative-names flag:
gcloud beta sql instances patch INSTANCE_NAME \ --project=PROJECT_ID \ --clear-custom-subject-alternative-names
This flag ensures that no DNS names are added to the certificate inadvertently.
REST
Before using any of the request data, make the following replacements:
- PROJECT_ID: the ID or project number of your Google Cloud project. This project contains a Cloud SQL instance that has a server certificate to which you're adding, modifying, or removing DNS names.
- INSTANCE_NAME: the name of the instance.
DNS_NAMES: a comma-separated list of up to three DNS names that you're adding to the server certificate of your instance.
If you already have DNS names that you added to the certificate, and you use this parameter to specify different DNS names, then Cloud SQL removes the original DNS names from the certificate.
If you don't specify any DNS names for the
customSubjectAlternativeNamesparameter, but provide the null[]value instead, then Cloud SQL removes all DNS names from the server certificate of the instance. This ensures that no DNS names are added to the certificate inadvertently.
HTTP method and URL:
PATCH https://sqladmin.googleapis.com/sql/v1veta4/projects/PROJECT_ID/instances/INSTANCE_NAME
Request JSON body:
{
"kind": "sql#instance",
"name": "INSTANCE_NAME",
"project": "PROJECT_ID",
"settings": {
"ipConfiguration": {
"customSubjectAlternativeNames": "DNS_NAMES"
},
"kind": "sql#settings"
}
}
To send your request, expand one of these options:
You should receive a JSON response similar to the following:
{
"kind": "sql#operation",
"targetLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/instances/INSTANCE_NAME",
"status": "PENDING",
"user": "user@example.com",
"insertTime": "2020-01-16T02:32:12.281Z",
"operationType": "UPDATE",
"name": "OPERATION_ID",
"targetId": "INSTANCE_NAME",
"selfLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/operations/OPERATION_ID",
"targetProject": "PROJECT_ID"
}