0

We've got one of our projects using a Google CloudSQL Postgres DB. We really like the cloudsqlproxy and how it keeps access to the DB locked behind our google accounts (which have 2FA).

We've got another project using a DB on another managed service. Moving off that service is not an option, but we'd like to try and secure logins to it - right now it's just plain old psql user/pass credentials protecting it.

I'm thinking the solution might be to set up a container running a similar kind of proxy that does some smarter authentication before opening up a proxy port for our team members.

A simple idea be to setup a box in the middle that does SSH with port forwarding and then have the PSQL server whitelist only that box, but some of our team are not very technical, so we'd need to build some scripts around it and it doesn't feel like a great solution.

The ideal solution would be pretty close to cloudsqlproxy so it can leverage existing accounts rather than us have to create a new account and somehow tie it into some kind of 2FA.

I've googled, but struggling to find a good solution. Maybe the whole approach is wrong and there's some other way to achieve the goal of better securing the server.

ChrisJ
  • 295
  • 1
  • 10

1 Answers1

1

I think the best way to achieve what you want is through Cloud VPN or Cloud Interconnect.

More specifically:

Cloud VPN securely connects your peer network to your Google Cloud (GCP) Virtual Private Cloud (VPC) network through an IPsecVPNconnection. Traffic traveling between the two networks is encrypted by one VPN gateway, then decrypted by the other VPN gateway. This protects your data as it travels over the internet. You can also connect two instances of Cloud VPN to each other.

Cloud Interconnect extends your on-premises network to Google's network through a highly available, low latency connection. You can use Dedicated Interconnect to connect directly to Google or use Partner Interconnect to connect to Google through a supported service provider.

You may also find this article useful as it provides some basic examples

Community
  • 1
tzovourn
  • 138
  • 5