Hi @jagkoth,

Welcome to the Google Cloud Community!

From what I understand, you’re looking to limit your service accounts’ connectivity on a CloudSQL Postgres database in a Kubernetes Config Connector (KCC) environment.

Can you tell me more about what you meant by limiting a connection, does this mean preventing your service account from connecting to your database or just restricting certain service accounts? I’d also like to know more about consuming external database resources in your use case. Are you trying to replicate an external database or something else?

In Google Cloud, there’s currently no method to directly configure a service account’s connection settings. However, we can attach a service account to a GCP resource, and then configure that resource’s connection settings instead. For CloudSQL, you can add a service account to a CloudSQL instance, and then manage the service account by adding the necessary roles.

If you’re looking to improve your CloudSQL database connections, check these resources:

• Manage database connections
• Diagnose connection issues
• Debug connectivity issues

You may also want to consider changing your CloudSQL connection options as a workaround.

For KCC, here are a few resources that provide additional guidance:

• Use IAM to configure your service accounts in KCC
• Troubleshooting Config Connector
• Best practices for Config Connector

I hope this helps!