I have a CLOUD SQL instance for MySQL in project A and I execute some select queries on DB from a compute engine in project B using public IP of SQL instance, is there any way to connect to my SQL using private IP from a different project.
Yes, you can connect to your Cloud SQL instance using a private IP address from a different project in Google Cloud. There are three primary solutions for this:
Private Service Connect (PSC):
VPC Peering:
Cloud SQL Auth Proxy:
Choosing the Best Solution:
Additional Considerations:
Peering Connection: I am using auto mode VPC in both projects and the resources are deployed in same region, therefore the Subnet CIDR is overlapping and we cannot setup peering connection, so this method removed in this scenario.
Private Service Connect: This connectivity type cannot be enable on an existing SQL instance, which I have, so this is also removed in this scenario.
For Cloud SQL auth proxy: can I setup it from a compute engine?
Given the constraints you've outlined, it seems that both VPC Peering and Private Service Connect are not viable options in your scenario due to overlapping subnet CIDRs in auto mode VPCs and the inability to enable Private Service Connect on an existing SQL instance.
However, the Cloud SQL Auth Proxy remains a feasible solution. Yes, you can set up the Cloud SQL Auth Proxy on a Compute Engine instance. Here's how you can do it:
Install the Cloud SQL Auth Proxy on Compute Engine:
Authentication:
Configuration:
project-id:region:instance-name
../cloud_sql_proxy -instances=myProject:us-central1:myInstance=tcp:3306
, which will listen on port 3306 on your Compute Engine instance.Connecting to Cloud SQL:
localhost
on the port you configured the proxy to listen to (e.g., 3306).Security Considerations:
Running the Proxy as a Service: