How to share a Google Cloud SQL instance between two projects using private IP?

0
votes

I have two projects in GCP, both are running App Engine Flexible environments with Node.js. One of the projects has an Cloud SQL instance attached, running with Private IPs. I want the App Engine in the other project to be able to use this Cloud SQL instance (PostgreSQL) as well, but it's not getting a connection.

  • All instances are running in the same region
  • I have peered both VPCs
  • Service Networking API is activated in both projects
  • Service account of the project that needs to be connected has "Cloud SQL Client" rights for the project that created the SQL instance

From my understanding the Cloud SQL instance lives in its own VPC that is peered by automatically created peer connections and routes to the project from which it has been created. But there does not seem to be a way to create those routes and peers for another VPC in order to connect it, right?

Or is there another possibility to connect both projects to the same Cloud SQL?

1
node.jsgoogle-app-enginegoogle-cloud-platformgoogle-cloud-sqlgoogle-appengine-node

1 Answers

2
votes

As per the first point in the Network requirements in the docs:

You can only access a Cloud SQL instance on its private IP addresses from a single VPC network.

This means that you can only connect from the project that has the Cloud SQL network peered.

This comes from the 6th restriction on the VPC peering docs:

Only directly peered networks can communicate. Transitive peering is not supported. In other words, if VPC network N1 is peered with N2 and N3, but N2 and N3 are not directly connected, VPC network N2 cannot communicate with VPC network N3 over VPC Network Peering.