Why my compute engine could not connect MySQL using public IP after I downloaded MySQL-client on my compute instance and I added compute instance's public IP onto CloudSQL authorized connection?
$ mysql -h <cloud-sql-host> -uroot -p
Enter password:
ERROR 1045 (28000): Access denied for user 'XXX'@<cloud_sql_host> (using password: YES)
There are several areas that you must set up to grant access.
1) Compute Engine Scopes
Go to the Google Cloud Console for Compute Engine. Double check the scopes that are permitted for the service account for Compute Engine. By default Cloud SQL is not permitted.
2) Service Account Permissions
Check is the role that you assigned to service account assigned to Compute Engine. You will need one of the Cloud SQL roles. Usually, you will need Cloud SQL Client. The scopes that I previously mentioned serve to reduce and not increase a service account's permissions. You still need to have the correct permissions granted to the service account.
https://cloud.google.com/sql/docs/mysql/connect-external-app
3) Google Cloud SQL database permissions
Verify that your MySQL login has been "granted" permission to login.
host is your public IP address or optionally use % to mean any host.Note: I recommend using the Cloud SQL Proxy to access Cloud SQL. This is secure and you do not need IP addresses for Cloud SQL.