Does AlloyDB support authenticating to Postgres databases with IAM service accounts like Cloud SQL does?
I'm really confused about how IAM login works with AlloyDB. I don't see anything in the docs about mapping postgres users to IAM service accounts.
With Cloud SQL Postgres I can do this: https://cloud.google.com/sql/docs/postgres/authentication
- I create a service account
- Create a cloud sql user of type
CLOUD_IAM_SERVICE_ACCOUNT, (gcloud sql users create <GSA> --type=CLOUD_IAM_SERVICE_ACCOUNT) - Log in to postgres and give that postgres user access to only its own database.
Applications auth to their own postgres DB through their IAM service account (via the proxy) and cannot access other DBs on the postgres server.
How do I do this with AlloyDB?
Looking at the docs I see some mention of CLOUD_IAM_USER https://cloud.google.com/alloydb/docs/database-users/about#view-list
But I cannot see how to create AlloyDB users via the API:
Does the sql users API also support AlloyDB? With Cloud SQL I can create IAM service account users via the Cloud SQL API.
Manual IAM authentication is now available.
https://cloud.google.com/alloydb/docs/manage-iam-authn
Automatic IAM Authentication (where the AlloyDB Proxy handles the OAuth2 token for you) isn't available yet, though.
- GCP Cloud Storage - Golang aws sdk2 - Upload file with s3 INTEROPERABILITY Creds
- Creating folders using GCP PHP Client Libraries
- GKE Fluent bit partial logs
- Apache Beam with Dataflow: flag 'ignore_unknown_columns' for WriteToBigQuery not working
- Google Speech to Text - Not Getting the transcription | SOLVED
- Why does Cloud Deploy not support multiple target types in one pipeline?
- CloudBuild pull status from latest run, from a specific build trigger using via CloudBuild API?
- Querying the Google Patent Data on Big Query processes way too much data
- Deleting a large folder from Google Cloud Storage
- Cannot create a service account with permissions for Google Play Android Developer API
- GCP - How do you create a URL Redirect path rule with gcloud url-maps?
- API [sqladmin.googleapis.com] not enabled on project [1234].
- Error uploading file to google cloud storage
- Custom Service Account with KFP pipelines in Vertex AI
- Not able to connect mysql with SSL enforced to app engine without connecting first in cloud shell
- If the GCP pub sub Subscription Expiration is same as Subscription Message Retention will the subscription not expire
- Cloud function is not triggered by pub/sub topic
- Java application unable to find ADC when Workload Identity is enabled on GKE cluster
- Service account with Workspace-authorized domain-wide delegation gets error "Not Authorized to access this resource/api" when running cloud function
- How to download a pushed Odoo release and upload to Github
- GCP authentication when testing a container in the local development environment
- VPCSC and Folder in GCP
- GAE: find project name by project number
- Google Cloud functions v2 eventarc - How to Track User Context for Deletions in Firebase Realtime Database
- Google Cloud Bigtable vs Google Cloud Datastore
- Batch job submission error "Failed to process all documents", uris seem correct?
- 401 Unauthorized when installing Python package from Artifacts registry for Google Build
- Google Cloud Storage request blocked by CORS: not allowed by Access-Control-Allow-Origin
- Accessing users account with service account
- Firestore exception occurred in retry method that was not classified as transient