Solved: Cannot Connect to Cloud SQL from App Engine Standa...

StatCap · 11-30-2022 07:33 PM

We have two separate projects, project A: has a Cloud SQL instance (has both public IP and private IP)

Now we have a new project B: It's a App Engine standard Java11 environment. For this project we have a requirement where we need to make a REST API call to a third party api, and it has to come from a specific GEO location. So we have setup on provisioning a static IP address explicitly in the geography where our app engine service is provisioned. We followed this documentation: Set up a static outbound IP address

When we deploy the App Engine after those changes, it is unable to reach the CLoudSQL anymore from project A, however when we remove from app.yaml the egress_setting: all-traffic and re-deploy, it connects to the Cloud Sql successfully but then we are unable to call our REST Api call, as third party api returns back 403 because of our IP address location.

Note that both Project A and Project B are in the same region.

Our app.yaml file looks like this: `

runtime: java11
instance_class: F2
env_variables:
  GAE_USE_SOCKETS_HTTPLIB : ''
vpc_access_connector:
  name: projects/<projectB-id>/locations/northamerica-northeast1/connectors/cb-connector
  egress_setting: all-traffic

This is the connection URL used for Cloud SQL (MySql), We have tried with the cloud SQL private IP as follow

spring:
  datasource:
    url: jdbc:mysql://<cloudSql-PrivateIp>:3306/_operations?user=<user>&password=<pass>&ipTypes=PRIVATE

Then we have also tried with cloud SQL public IP as follow:

spring:
  datasource:
    url: jdbc:mysql://_operations?cloudSqlInstance=<projectA-id>northamerica-northeast1:<sql-instanceName>&socketFactory=com.google.cloud.sql.mysql.SocketFactory&user=<user>&password=<pass>

We have followed these instructions here to connect from App-Engine to CloudSql: Connect from App Engine standard environment We tried with both option Public Ip and Private IP, but we kept on getting a Communication Link error. It seems to timeout after a while loading. That is when the egress_setting: all-traffic is set in app.yaml. If we remove that egress_setting: all-traffic, then connection works perfectly but we are unable to make our REST call to that third party api we need.

Not sure how we can set this up so we can still have connection to both the cloud Sql instance (project A) and still be able to reach our third party api from App engine (project B) using a static outbound IP. If someone can share some insight on what possible cause or solution that we can do?

EDIT We have also tried to make a peering vpc between project A and project B, but still not working when egress_setting: all-traffic is set in app.yaml file.

christianpaula

Hi @StatCap,

Welcome to Google Cloud Community!

If you are trying to connect to Cloud SQL from App Engine Standard using a VPC static egress setting and you are unable to connect, there are a few things you can try to troubleshoot the issue.

First, make sure that the App Engine service account has the correct permissions to access the Cloud SQL instance. The App Engine service account should have the cloudsql.instances.connect permission.

Next, check that the VPC static egress IP range that you have configured for the App Engine app is correct and allows traffic to the Cloud SQL instance. The IP range should be in the format xx.xx.xx.xx/xx and should include the IP address of the Cloud SQL instance.

If you are still unable to connect, try connecting to the Cloud SQL instance using the IP address instead of the instance name. This can help determine if the issue is with the VPC egress configuration or with the instance name resolution.

If you are still having trouble, you can try disabling the VPC egress setting and connecting to the Cloud SQL instance directly using its IP address. This can help determine if the issue is with the VPC egress configuration or with the network connectivity between the App Engine app and the Cloud SQL instance.

If you need further assistance, you can contact Google Cloud Support for help with troubleshooting the issue.

View solution in original post

christianpaula