This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Access Private Cloud SQL hosted from AWS Service

Posted on 09-13-2024 04:48 AM
zoosk
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Everyone,

Here's an overview of my setup:

Problem Statement: An application hosted in AWS needs to connect to the Private Endpoint of Cloud SQL.

I’ve created a host project and two service projects (Sandbox and Production). In the host project, I set up a site-to-site VPN to AWS, three VPCs (one for the host project, and two shared to Sandbox and Production project), and a Cloud Router.

In the service projects (Sandbox and Production), I set up Private Access, Cloud SQL, and VMs within the shared VPCs from the host project.

The VM in Sandbox can connect to Cloud SQL in Sandbox.

The VM in Production can connect to Cloud SQL in Production.

I also created an NCC HUB and added both the Sandbox and Production VPNs.

The VM in Sandbox can connect to Cloud SQL in Production.

The VM in Production can connect to Cloud SQL in Sandbox.

Everything is working as expected so far. The next step is to extend this access to AWS. I added the AWS VPN as another spoke.

The instance in AWS can access the VMs in both Sandbox and Production, but it is unable to connect to Cloud SQL.

I’ve ensured that the proper IPs are added to the authorized network.

Any thoughts on this ?

 

0 1 162
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
ronnelg
Staff
Reply posted on --/--/---- --:-- AM

Hi @zoosk,

Welcome to Google Cloud Community!

I understand that you are hosting an application in AWS that needs to connect to Google Cloud SQL, but it sounds like that you are having a connectivity issue with it. To help you with this, May I know what specific error or behavior you are getting? Also, what VPN are you using to connect the Cloud SQL to AWS instances? Regarding with the information you’ve given, my thoughts are:

  1. Ensure that there is a firewall rule created in GCP that allow ingress traffic from AWS to Cloud SQL instance and also allow port 22 and 3306 for SSH and connection to SQL database respectively.
  2. Check the advertised routes on your Cloud Router, ensure that the Create custom routes is selected and select the Advertise all subnets visible to the Cloud Router checkbox to continue advertising the subnets available to the Cloud Router.
  3. Ensure that the Export custom routes is enabled under VPC network. For your reference, you can check this guide created by Sarthak. 

I hope the above information is helpful.

0 Likes
Top Labels in this Space
Top Solution Authors
View all