Setup VPN for database instance on Google Cloud SQL

1
votes

I have a MySQL database instance on Google Cloud SQL. Currently it has over 10 authorized ip addresses since multiple teams are accessing it from various locations. I would like to know if I can setup a VPN to this database instance and authorize just this ip address, instead of 10 addresses.

If that's possible, I would also like to know how many user accounts I can create for one VPN. I could not understand the Google Cloud documentation about setting up VPN. Please provide links to websites/tutorials/documentation that can help me with setting up a VPN in Google Cloud Platform.

Thanks.

1
networkinggoogle-cloud-platformvpngoogle-cloud-sql

1 Answers

0
votes

Using cloud VPN and authorize only its external IP will not work for two reasons:

1) You can not specify in cloud SQL a private network (for example, 10.x.x.x) as an authorized network. as documented here.

2) Packets will arrive to cloud SQL after decapsulation which means that Cloud SQL get them as they come from different source IPs.

If you want more secure connection without IP white-listing, maybe using cloud SQL proxy.