I leave this here in case someone else struggles with the same issue.
Visual representation of what I am trying to reach from my MacBook
MacBook -> VPN -> On-Prem Firewall -> GCP Firewall -> Cloud SQL Instance NOT working - detailed workaround below
GCE VM -> GCP Firewall -> Cloud SQL Instance Working
I had the issues where I could connect to Google Cloud SQL from GCE VM instance, but not from my MacBook, although I had firewall allow rules in place(which were correctly written).
I determined the problem was happening because I was on a work VPN that goes thru an On-Prem network that had is own firewall rules, so I had 2 firewalls to go thru, 1 On-prem and 1 GCP. I can edit the GCP Firewall rules, but am not allowed to do anything to the On-prem Firewall.
The workaround I found is the below:
Steps to be done in Google Cloud GUI
- Enable SQl Admin Api for the project your instance is part of
- Give instance Public IP: Edit SQL instance > Connectivity > Public IP > Save
- Don't authorize any external networks
Steps to be done locally on your MacBook
Install gcloud SDK
, dont forget about running gcloud init
Install a mysql client
a.brew install mysql-client

b.echo 'export PATH="/usr/local/opt/mysql-client/bin:$PATH"' >> /Users/YOUR_USERNAME_HERE/.bash_profile
Download and install the SQL proxy(ignore the other steps 3,4,5 from the SQL Proxy article)
Disconnect from VPN
Run step 4 to start the SQL proxy
Connect to your instance from the mysql client(ex. mysql -u test_user --host 127.0.0.1 -p )
LE: The same approach can be done for windows users as well. Any suggestions for optimization are welcome.
