Google Cloud Platform - forward ports to multiple SQL instances

[Bas]

I am running multiple SQL instances in Google Cloud Platform (GCP). I have multiple masters with some read-replicas. Each instance has a private IP-address based on the region it is in, all instances use the same stock MySQL port (3306).

In the same VPC I have a few compute engines that can connect to each of the SQL instance without any problems. But I also have a couple (10~15) clients that need to connect from outside the VPC, through the internet so to say.

The question is how can I forward certain ports to the right internal IP-address in my VPC? IE:

<public-ip>:12345 -> 10.x.x.1:3306
<public-ip>:23456 -> 10.x.x.2:3306
<public-ip>:34567 -> 10.x.x.3:3306  

I want to use a single firewall for the public-ip. If I set a public IP for each SQL instance I will need to set network access for each instance for each client. That is going to ge a nightmare quite fast.

[George (Cloud Platform Support)]

 IP traffic using private services access is never exposed to the public Internet. Therefore, attack vectors are limited. Also, private IP can provide lower network latency than public IP. If you try to connect external clients to the VPC, you defy its primary purpose. In any case, you can connect external clients to you Cloud SQL instances directly, as detailed on the "Connecting to Cloud SQL from external applications" documentation page.