GCP | How to access Cloud SQL private IP using Cloud SQL Auth Proxy and Identity-Aware Proxy (IAP)?

Поделиться
HTML-код
  • Опубликовано: 7 авг 2024
  • 🔴 #Cloud #SQL in #GCP is a great managed service that allows you to get rid of the tedious management tasks and work that is related to databases.
    By using Cloud SQL in GCP you will automate the maintenance activities, patching, and even high availability of your database instance without you actually configuring those.
    This is a great value to get from this service and with the right configuration and #security practices around it, you can just set it up and forget about it!
    Usually it is one of the easiest services to work with in GCP, however when it comes to connectivity and security many of us would start looking at workarounds or ways to get things done fast regardless of how secure and how good or bad they are…
    And when things go bad with Cloud SQL, they really really go bad…
    There are many options and ways you can fix this by only allowing certain public IP addresses to access the Cloud SQL instance (if you have it using public IP). But then what if you are using a home connection, or if you don’t have access to a static IP address?
    Well in this case you will need to keep updating the authorized networks rule to ensure only the correct IP addresses are added and remove any old/obsolete IPs.
    And again this is when things start to become annoying and cumbersome and the look for a workaround starts, regardless of how easy and secure it is.
    Of course there is always a better solution..
    This better solution is by using Cloud SQL Auth Proxy and combine it with #IAP (Identity-Aware Proxy).
    You see these 2 things are 2 awesome services that will save your day, brain, and most of all, your data from any disasters and problems… provided you configure them right of course… and that’s what I’m going to show you now.
    What is also awesome about Cloud SQL Auth Proxy is that it does work with all the Cloud SQL database types. #MySQL, #PostgreSQL, and #MSSQL!
    In this video I will quickly brief you about Cloud SQL Auth Proxy. What is it, how does it work, and how to install it. And then I will show you how you can connect to a Cloud SQL instance using that and IAP to ensure everything stays private without assigning any public IP on any resource…
    --------------------------------------
    --------------------------------------
    🔴🔴 Please don’t forget to like the video and subscribe as well! 🔴🔴
    --------------------------------------
    --------------------------------------
    🔴✅ Video timeline and chapters:
    - 00:00 - Introduction
    - 01:00 - What are the benefits and use cases of Google Cloud SQL?
    - 01:47 - Google Cloud SQL connectivity and configuration challenges
    - 04:20 - Google Cloud SQL connectivity options and solutions
    - 05:17 - How to enable connections to Google Cloud SQL using the private IP?
    - 06:04 - What is Cloud SQL Auth Proxy?
    - 06:43 - Why should you use Cloud SQL Auth Proxy to connect to Google Cloud SQL?
    - 07:15 - Permissions requirements for Cloud SQL Auth proxy to connect to Google Cloud SQL
    - 07:39 - How to download and install Cloud SQL Auth proxy
    - 09:13 - What are the prerequisites to configure Cloud SQL Auth proxy to connect to Google Cloud SQL over its private IP address?
    - 12:22 - How to configure Cloud SQL Auth proxy to connect to Google Cloud SQL over a private IP address from Google Compute Engine in GCP?
    - 15:34 - How to use IAP (Identity-Aware Proxy) to connect to Cloud SQL Auth proxy without a public IP from outside GCP to access Google Cloud SQL
    - 20:00 - Closing
    --------------------------------------
    --------------------------------------
    ✅ Links mentioned in the video:
    - About the Cloud SQL Auth proxy | Cloud SQL for MySQL | Google Cloud: cloud.google.com/sql/docs/mys...
    - Connect using the Cloud SQL Auth proxy | Cloud SQL for MySQL | Google Cloud: cloud.google.com/sql/docs/mys...
    - GitHub - priyankavergadia/google-cloud-4-words: The Google Cloud Developer's Cheat Sheet: github.com/priyankavergadia/g...
    --------------------------------------
    --------------------------------------
    📣✅ Other useful links:
    - Follow me on Twitter: / salehram87
    - Connect with me on LinkedIn: / salehram
    - Check my website and blog: www.salehram.com
    - Check out my Google Workspace Admin Course on Udemy and get it with a discounted price: www.salehram.com/gws-admin-tr...
    --------------------------------------
    --------------------------------------
    📣✅ Interesting channels to follow and subscribe:
    - Google Workspace - / googleworkspace
    - Google Cloud Tech - / googlecloudplatform
    - Google Cloud - / @googlecloud
    - Learn GCP with Mahesh - / learngcpwithmahesh
    - Saperis - Hands-on tutorials for Google Workspace apps - / saperis

Комментарии • 29

  • @JoelGreijer-ye9be
    @JoelGreijer-ye9be Год назад

    Thank you for clarifying these mysterious connection paths 🙂 Really helped me understand

  • @codeangler
    @codeangler 2 года назад +3

    this is excellent. explain why and what it does; plus how to do it. clear and concise.

  • @usuarioaleatorio336
    @usuarioaleatorio336 Год назад +2

    Thanks in advance. This video is perfect, it helped me as no other had done, and it is the most complete guide available here to face this problem propperly and without security gaps, thanks again!!

  • @touchwithbabu
    @touchwithbabu 2 года назад +2

    Great explaination

  • @user-bo4lj2ok5x
    @user-bo4lj2ok5x Год назад

    great video, couldn't be more easier

  • @dazdotdev
    @dazdotdev Год назад

    Thanks so much for this, really the best resource online for configuring a production-grade proxy! I had to a do a little extra work setting up the IAM service account and extending the Firewall Rules for the IAM IAP connections, but you got me 90% of the way there.

    • @purvashaha4763
      @purvashaha4763 Год назад

      Hey, I am facing issue while creating fire wall rule, can you tell the description of firewall rule that you created?

    • @purvashaha4763
      @purvashaha4763 Год назад

      Also, do we need to create a separate iam service account for this or the default one works?

    • @dazdotdev
      @dazdotdev Год назад

      @@purvashaha4763 I created a separate one, with only Cloud SQL Access role for this specific use.

    • @dazdotdev
      @dazdotdev Год назад

      @@purvashaha4763 I followed the Docs IAP > Using TCP Forwarding > Create Firewall Rule, adding to my default network (can't paste link)

  • @princechaudhary9197
    @princechaudhary9197 5 месяцев назад

    Nice 👍👍👍

  • @anandankanagarajan1805
    @anandankanagarajan1805 8 месяцев назад

    Excellent step-by-step tutorial. First of all thanks for it. In a environment, if a developer needs to access multiple CloudSQL instances like, Dev, Test, and Prod, on the single GCP VM installed with CloudSQL Auth Proxy, can we defined multiple connections with their respective (CloudSQL instances) connection string. Is the way to do it? It's some sort of vague understanding to me or not sure I am missing something here.

  • @user-pq5df6lm9j
    @user-pq5df6lm9j Год назад

    it is excellent

  • @user-dh1sd8nf6g
    @user-dh1sd8nf6g 11 месяцев назад

    Great video! Do you know if there is a way to make this work with Cloud Run as well (having the API access the Data in the Cloud SQL database) without using Serverless VPC Connectors?

  • @greenworld5109
    @greenworld5109 Год назад

    thanks. the traffic from cloud sql auth proxy to cloud sql is through SSL...but from the local laptop to cloud sql auth proxy is not throgh SSL....how to secure also this path through SSL?

  • @luiseros1992
    @luiseros1992 Год назад

    I have a CI/CD pipeline outside google infrastructure.
    I need to connect to a SQL instance using the private IP.
    Can I set the SQL proxy in the CI/CD machine and connect to the DB without setting the IAP tunnel VM?

  • @AhmadShehanshah
    @AhmadShehanshah 4 месяца назад

    Can I connect that Cloud sql instance name with my cloud run?
    Basically, I have a backend deployed on cloud run for which I have environment variables inlcluding Host name which is Public IP of Sql insatnce
    I want to setup Cloud sql insatnce name everywhere its required and also give access to developer using Private IP connection only (maybe)
    So, what should be my next steps?
    Also, thanks a lot for tutorial

  • @heenagangrekar8337
    @heenagangrekar8337 2 месяца назад

    How can i connect to cloudsqladmin user who is by default a super user

  • @purvashaha4763
    @purvashaha4763 Год назад

    I am facing issue in authentication of cloud auth proxy in ssh. What is possibility going wrong? Also in cmd, the command is giving error. Is there anything else i need to setup which is not mentioned in this video?

  • @ErnestMicklei-nh7tq
    @ErnestMicklei-nh7tq Год назад

    Nice tutorial, too bad that we need an intermediate VM to get access

  • @marcw.5492
    @marcw.5492 Год назад

    Right off GCP ?? no idea

  • @user-gx1ol2lc5s
    @user-gx1ol2lc5s Год назад

    Where was the .json credentials come from, how can I get this file to my account?

    • @dazdotdev
      @dazdotdev Год назад

      IAM > Service Accounts > on your Key dropdown Actions menu > Manage Keys > Add Key > Download JSON

  • @bohdanilchuk8865
    @bohdanilchuk8865 Год назад

    Unfortunately, it is not clear to me. You skip a lot of configurations. I get [4003: 'failed to connect to backend']. (Failed to connect to port 5432)

    • @salehram
      @salehram  Год назад +1

      It seems you are trying connect to a non-mysql port?
      Have you tried the default port 3306?

  • @ahmedalthamari6995
    @ahmedalthamari6995 2 года назад

    Can you connect to the VM proxy without the root user?
    Can you connect the VM proxy without using IAP?

    • @salehram
      @salehram  2 года назад +2

      Yes you can if you setup a user on Cloud SQL that can connect to it. I only used the root because of the demo, however you can just create a user inside mysql and just use that normally...
      For the VM proxy and IAP, if you have the Cloud SQL behind a private IP only, meaning there is no public IP on that Cloud SQL instance, then your only option is to use a VM in GCP and use Cloud SQL Proxy and IAP - or you can ignore the IAP if you expose the VM to public IP address but it is not a good idea...

    • @nishitkumar7650
      @nishitkumar7650 Год назад

      @@salehram hi we use vpn to connect to the database instance, I have a question regarding cloud SQL auth proxy that I want to install it on my windows system with establish connection to my db , and need to access the db using heildi SQL client is possible.

    • @nishitkumar7650
      @nishitkumar7650 Год назад

      Also my cloud SQL instance is with MySQL & not postegre so does cloud SQL auth proxy work with MySQL cloud SQL.