Restrict source IP connections

[cheekian yap]

Hi all,

I have CloudSQL MySQL8 created with only private ip. But I need to further control which machine can connect to cloudsql inside VPC. I see there is a way to do so with a VPC service control. Please correct me if I'm wrong.

My question is, without using VPC service control (not able to use it due to project not having organization), is there other way to achieve my goal mentioned above?

Thanks in advance.

[Elliott (Google Cloud Platform Support)]

Hello,

I was able to find some documentation here based on the information you provided.

From that document:

"Google Cloud and third parties (together known as service producers) can offer services with internal IP addresses that are hosted in a VPC network. Private services access enables you to reach those internal IP addresses. This is useful if you want your VM instances in your VPC network to use internal IP addresses instead of external IP addresses. Cloud SQL uses internal IP addresses for private IP."

[Elliott (Google Cloud Platform Support)]

Hello,

Additionally, I was able to find this document here.

"Connection organization policies provide centralized control of the public IP settings for Cloud SQL, to reduce the security attack surface of Cloud SQL instances from the Internet. An organization policy administrator can use a connection policy to restrict public IP configurations of Cloud SQL at the project, folder, or organization level."