I am setting up a GCP Cloud SQL instance with postgreSQL and want to connect to it from my laptop using Python and a software called QGIS. I travel a lot and my IP changes all the time so using IP whitelisting is a pain. Is there a way to have something that is tied to the device? For example using certificates?
Asked
Active
Viewed 866 times
2 Answers
1
Install the Google Cloud SDK. The CLI gcloud can set up an IAP TCP tunnel that uses the instance name. Then you can connect with any software that uses TCP/IP addressing.
gcloud compute start-iap-tunnel INSTANCE_NAME INSTANCE_PORT --local-host-port=localhost:LOCAL_PORT
For more information consult this document:
John Hanley
- 4,754
- 1
- 11
- 21
-
As mentioned in the answer by @tranvu-xuannhat, this solution can work if your database is running on a simple Compute Engine instance. It does not work for the managed Cloud SQL service. – mj3c Apr 12 '22 at 10:23
1
Answer from John Hanley is perfect and recommended for GCE VM instance.
However, since the OP is mentioning about connecting to a Cloud SQL instance from QGIS software, I would say we could not do it that way.
I would recommend a solution that I haven't try but fairly possible.
We will only allow private IP connection to the Cloud SQL instance from the console. Then we can deploy the Cloud SQL Proxy on a VM in a same network and connect to CloudSQL using service account.
Anytime the OP want to use QGIS, he could just need to:
start the CloudSQL proxy in the VM, for example:
./cloud_sql_proxy -instances=myProject:us-central1:cloudSQLInstance=tcp:5432 &then create the General TCP Tunneling to connect from his machine to the CloudSQL proxy port.
gcloud compute start-iap-tunnel vmInstance 5432 \ --local-host-port=localhost:ANY_PORTpsql -h localhost -p ANY_PORT
Tranvu Xuannhat
- 146
- 2