This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Datastream to Postgres with only allow ssl enabled.

Posted on 05-16-2023 02:10 PM
bgrove01
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I am trying to establish a datastream connection to our Cloud SQL postgres instance. The "Allow only SSL connections" box is enabled and unchecking that box is not an option.

I am unable to connect to the postgres instance via IP allowlisting, and I can't find any instructions on how to configure this over VPC peering with Private connectivity.

Both datastream and the cloudsql instance are in the same gcp project. Any guidance on this would be excellent.

0 1 831
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
ms4446
Staff
Reply posted on --/--/---- --:-- AM

Connecting to a Cloud SQL instance via VPC peering involves several steps. Here are general steps you may need to follow:

  1. Establish a VPC Network Peering connection: You must first set up a VPC Network Peering connection between your project's VPC network and the service producer's VPC network. Google Cloud's VPC Network Peering allows private RFC 1918 connectivity across two VPC networks regardless of whether they belong to the same project or the same organization.

  2. Set up Private Services Access: After you have set up a VPC Network Peering connection, you need to set up Private Services Access. This allows your VPC network to connect to Google services, such as Cloud SQL, that are available via Private Services Access.

  3. Create a private IP Cloud SQL instance: When you create a Cloud SQL instance, you can configure it to use private IP. The private IP address connects to your VPC network via Private Services Access.

  4. Update your application's connection strings: Update your application's connection strings to use the private IP address of the Cloud SQL instance.

  5. SSL/TLS Configuration: If "Allow only SSL connections" is enabled, then you would also need to ensure your client connection is set up with the necessary SSL/TLS certificates.

Here are more detailed steps:

  1. VPC Network Peering setup

    • Go to the VPC Network Peering page in the Google Cloud Console.
    • Click Create connection.
    • Under Your VPC network, select the network that you want to peer.
    • Under Peer VPC network, select In another project, and then enter the Project ID and VPC network name of the service producer network.
    • Click Create.

  2. Private Services Access setup

    • Go to the Private connection to Google services page in the Google Cloud Console.
    • Click Configure private connection and select the VPC network that you want to peer.
    • Click Continue, and then click Reserve.

  3. Cloud SQL instance setup

    • Go to the SQL Instances page in the Google Cloud Console.
    • Click Create instance.
    • Configure the instance as necessary, ensuring that you select Private IP.
    • Click Create.
0 Likes
Top Solution Authors
View all