google-cloud-platform google-compute-engine google-cloud-sql

restrict connections to Cloud SQL MySQL instance

Is there a way to restrict which compute engine instance can connect to my Cloud SQL instance? It looks like as long as the compute engine is connecting to my Cloud SQL instance using private IP, it goes thru.

Is there a way to restrict it by saying only allow those compute engine instances to connect to my Cloud SQL instance that has specified service account attached?

Solution

Cloud SQL now supports IAM Conditions for MySQL, PostgreSQL, and SQL Server. You can use IAM conditions to specify in an IAM policy binding the specific instances by name for which a user has permissions, such as the cloudsql.instances.connect for authorizing the Cloud SQL Auth proxy. https://cloud.google.com/sql/docs/release-notes#August_21_2021

https://cloud.google.com/sql/docs/mysql/project-access-control#iam-conditions

How to make the server backend of a mobile app?
How to use GCP Backend Bucket with regional subnet using terraform
403 iam.serviceAccounts.actAs permission error trying to attach a service account to a resource in another project
Cloud Run: mounting volume timed out: The NFS server may not be reachable or may not exist
Migration from Container Registry to Artifact Registry for App Engine Standard Deployments
Google Cloud: Access to image has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource
Im creating a VM using terraform code in GCP. I would like to inject a script that runs when the vm is created upon startup
QUOTA_EXCEEDED : Exceeded daily quota for email sign-in in spite of using my SMTP settings
How do I add share drive access to a google service account
google.cloud namespace import error in __init__.py
difference between docker BRIDGE and HOST driver?
How can I connect an externally hosted MySQL database to BigQuery?
Issue when trying to register an app for consent screen in google oauth
Google Cloud Platform Trace from Cloud Function Invocation to Cloud Run HttpRequest
Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
Firebase Firestore timestamp not allowed inside array
Why am I not able to get the env var values from google secret manager?
changing image repository from Container Registry to Artifact Registry
ALS (Alternating Least Square) algorithm in multiple rankings for a user
Unable to connect to Gemini / Vertex AI
How can I get Firebase Authentication ID tokens to work with Google Cloud Identity Platform so they get validated?
How to identify the storage space left in a persistent volume claim?
Cloud Run container stops processing when running parallel FastAPI background tasks
GCP Cloud Storage - Golang aws sdk2 - Upload file with s3 INTEROPERABILITY Creds
Creating folders using GCP PHP Client Libraries
GKE Fluent bit partial logs
Data loading and transformation from gcs to bigquery
How to forcefully stop an operation on GKE cluster and thereby delete GKE cluster?
Apache Beam with Dataflow: flag 'ignore_unknown_columns' for WriteToBigQuery not working
Google Speech to Text - Not Getting the transcription | SOLVED