Is it possible to connect via an Amazon Java Web Project (AWS EC2) to an Google Cloud SQL?
You can get a public IP address for your Google Cloud SQL instance, and that should allow you to connect from EC2. Although the latency might be unacceptable depending on the distance between the client and the database.
Related
My application deployed to our private server and I want to use some service from GCP like Bucket and Secret manager.
Suppose my application deployed in internal server and my applicate use GCP services. Is it possible or we should deploy our app to GCP also. My application is in JSP.
How to do this. Which is best practice for this.
You have more than one option. You can use Cloud VPN, as it securely connects your peer network to your Virtual Private Cloud (VPC) network through an IPsec VPN connection. Follow this GCP’s official documentation to set it up.
Another option is Google Cloud Hybrid Connectivity focused on Cloud Interconnect as it allows you to connect your infrastructure to Google Cloud. Visit the following link for the best practices and the set up guide.
Finally, see the following thread for more reference on your connection requirement.
I have 2 google cloud services:
Google Cloud Run Service (Node Js / Strapi)
Google Cloud SQL Service (Mysql)
I have added the Cloud SQL connection to the Google Cloud Run Service from the UI, and have a public IP for the Google Cloud SQL Service. On top of that I have added the Run Service IP to the Authorised networks of SQL Service.
If I try and connect from another server (external from Google cloud) I can easily connect to the Google Cloud SQL Service and execute queries.
But if I try and connect from inside the GCloud Run Service with exactly the same settings (Ip, database_name, etc) my connection hangs and I get a timeout error in the logs...
How to properly allow Gcloud SQL to accept connections from GCloud RUN?
I looked for other answers in here, but they all look very old (around 2015 )
You can use 3 modes to access to your database
Use the built-in feature. In this case, you don't need to specify the IP address, it's a linux socket that is open to communicate with the database as described in the documentation
Use Cloud SQL private IP. This time, no need to configure a connection in the Cloud Run service, you won't use it because you will use the IP, not the linux socket. This solution required 2 things
Firstly attach your database to your VPC and give it a private IP
Then, you need to route the private IP traffic of Cloud Run through your VPC. For this you have to create, and then to attach to the Cloud RUn service, a serverless VPC Connector
Use CLoud SQL public IP. This time again, no need to configure a connection in the Cloud Run service, you won't use it because you will use the IP, not the linux socket. To achieve this, you need more steps (and it's less secure)
You need to route all the egress traffic of Cloud Run through your VPC. For this you have to create, and then to attach to the Cloud RUn service, a serverless VPC Connector
Deploy your Cloud Run service with the Serverless VPC Connector and the egress connectivity param to "all"
Then create a Cloud NAT to route all the VPC Connector ip range traffic to a single IP (or set of IPs) (The link is the Cloud Functions documentation, but it works exactly in the same way)
Finally authorize the Cloud NAT IP(s) on Cloud SQL authorized networks.
In your case, you have whitelisted the Cloud Run IP, but it's a shared IP (other service can use the same!! Be careful) and it's not always the same, there is a pool of IP addresses used by Google cloud.
Is it possible to use an AWS RDS PostgreSQL database with a Django app hosted on Google App Engine standard (Python 3)?
Currently, any code that tries to connect to the RDS database hangs, but I can connect to the RDS database from my machine.
I would point out that that from the AWS RDS documentation it’s mentioned that you can to allow access to the specific subnet (VPC) with “publicly available” to an IP Range, and you can get the App Engine ranges by performing nslookups as shown here. Please keep into consideration that the IP ranges for the App Engine services change in a regular basis.
If you are not using VPCs then you should give a look to this AWS doc.
I would also suggest testing the connectivity to the GCP resources by using Compute Engine Virtual Machines, this can be performed also by using App Engine Flexible since you are able to ssh into the GCE VM instance.
I'm having two Projects in GCP with Cloud SQL & GKE
Project A
-> Cloud SQL
Project B
-> GKE Cluster
Now I want to access Cloud SQL from GKE Cluster for which I have two options.
1. IPv4 address to connect
2. Clous SQL Proxy as sidecar
But the problem is both of them connects via Public IP. And I'm worried about latency so I was thinking can we access via VPC ? or some kind of internal network ? so the read/write will be more faster.
Cloud SQL now supports private connections: https://cloud.google.com/sql/docs/mysql/private-ip
Unfortunately not, the Cloud SQL is not accessed via internal, only through external IP or the Cloud SQL proxy. For GKE, using Cloud SQL Proxy as a sidecar container.
Google Cloud SQL has a firewall feature that lets me input the IPs I allow to connect to cloud SQL. I was wondering, how would I allow access to an autoscaling webserver since I don't know their IPs?
Will enabling cloud sql api permissions on the server allow it to work without adding the IP on the cloud SQL UI?
You would use the Cloud SQL Proxy to connect which does not require IP whitelisting.