The new Google Cloud SQL Engine creates its own VM instance to run a MySQL database, with an exposed public IP address. I was hoping that it would be possible to VPN into the Google Compute Cloud, then connect to the MySQL VM instance internally. Is this possible? The computer I am trying to connect from is a physical machine located outside of the cloud.
If it's not possible, what if I connect via VPN and use the public IP address to connect to the MySQL instance? Would it resolve to the internal network quickly and mimic the behavior of a local connection (no delay)? Or would it have the same performance as connected to the external IP address with no VPN in place?
Sorry, there's currently no VPN/private IP support for Cloud SQL. At the moment, you can use instance settings to control which IPs are allowed to connect. By default, the mysql server is locked down from all external connectivity.
Connecting through a VPN should not improve latency and may in fact hurt it depending on how things are setup. I would recommend doing your own test if that's something you wish to verify.
You can also use the Cloud SQL Proxy to connect externally which uses SSL certs to establish an SSL tunnel to MySQL.
Related
I don't understand why I got inconsistent connection from my local MySQL Workbench to Google Cloud SQL.
Something, I can connect to my database the first time, sometimes, I need to try multiples times before getting a connection. Sadly, most of the time, it's not working.
Because I can rarely connect to the database, what kind of configuration can cause this problem?
Here's some infos:
My application hosted on Google Compute Engine don't have any connection problem.
My public IP (personnal computer) is added to the Authorised networks in my Google Cloud SQL instance. See: Enabling public IP and adding an authorized address
I have added a Firewall rules to allow port 3306 in Google Cloud VPC network
SSL is currently disable for the testing purpose
I followed these instructions: How to connect to your Cloud SQL instance database with MySQL Workbench
For the benefit of future readers, the result of the comments above was:
The problem was that the client was alternating between two possible external IP addresses. One had been authorized to access Google Cloud, and the other one had not been authorized.
Enable all client IP addresses to connect, and that should fix it.
I have an application running on EC2 instances that store data in an RDS instance. All of these instances are in an AWS VPC with security groups configured to allow them to connect to each other.
For reporting purposes, I would like to connect to the RDS instance from my laptop (e.g. using SQLAlchemy) to run simple queries. Every time I try to connect using the connection string that the EC2 apps use, the connection times out.
For Google, one can use the Cloud SQL proxy for this, but I can't find an analogous product for AWS. Instead, it seems like what I am supposed to do is attach an internet gateway to the VPC and configure the security groups to allow connection from my machine. However, the documents are unclear on how to do this other than allowing all inbound connections or allowing a static IP. Unfortunately my laptop doesn't have a static IP, and I'm uncomfortable allowing all inbound connections as it seems insecure and an invitation to attacks. I also have not been able to find a way to configure a security group to allow connections based on IAM credentials for example using the AWS CLI. Since I will be routinely generating reports, a solution that involves updating a security group (i.e. allowing my current IP) every time I want to connect seems suboptimal.
I have tried following the following documents, but so far have had no success in finding a solution that does not allow all connections:
Allow users to connect to RDS using IAM*
Connecting to RDS instance from command line
Connecting to RDS on VPC from internet
*My RDS instance configuration does not allow me to enable IAM authentication, I'm not sure why
IAM Database Authentication is not supported for the configuration in the DB Instance db.
Modify your Db Instance to another instance class and try again.
(Service: AmazonRDS; Status Code: 400; Error Code: InvalidParameterCombination;
Request ID: a6194fb8-2ab9-4a6a-a2be-63835e6e0184)
Is there something I'm not understanding or overlooking? Is allowing connections from all IPs not a big deal since the DB instance is still secured by DB user credentials?
Select this connection as per screenshot. Then fill up all details use your nat instance .pem file to connect. Its like you are connecting to VPC through Nat gateway or Internet gateway bypassing this.
Another option to install VPN on VPC and connect.
How could connect to external MySQL server? On my localhost it can connect the server over the internet fine. However once deploy to google app engine, it fail to connect to the DB server.
p.s*: Not looking forward to migrate the database to google cloud sql.
As noted here, you can either configure your internal network and firewall to give the database a public IP address or connect using a VPN.
I'm trying to move my dynamic website and database from my own VM's to the Google cloud. For the DB, I'm using the Google Cloud SQL, and for the website I made a host under compute.
The problem is, I can't seem to connect to the DB from the VM using an internal IP address. Somehow my Cloud SQL DB only has an external IP address.
I also have phpMyAdmin running on a compute VM, this machine can also only connect to the external ip address (this works, but I'm guessing is not very secure)
What am I doing wrong? Must I use the app engine instead for my website? I've done the training exercise but, to be honest, I have no clue what I was doing.
CloudSQL does not currently support private networks. You either need to connect via external IP or use CloudSQL proxy.
In order to increase security make sure to connect via SSL when using external IP.
I have mysql server installed on my machine. I would like to connect to the same local mysql instance using Google app script's jdbc service. I am getting connection failed error. So, I would like to confirm:
1. is it possible to connect to mysql instance running on private machine(laptop) using jdbc service.
2. If not is it always mandatory to connect to public IP. What is the alternative to connect to mysql instance running on private machine.
This definitely works, but you need to permit Google's machines to connect to your machine. That means opening a hole in your firewall, possibly setting up port forwarding on your router, etc.
There is an alternative to poking a hole in your security arrangement, it is called Secure Data Connector, and it lets your machine initiate the connection to Google - https://developers.google.com/secure-data-connector/
Unfortunately, I don't believe that SDC supports JDBC yet (I believe it only supports HTTP based communication).
(P.S. One very simple work around is to mirror your local database to some kind of cloud service, and then permit access to that replica from Google).