Description:
Instance addresses can be public IP or private IP. Public IP means that the instance is accessible through the public internet. In contrast, instances using only private IP are not accessible through the public internet, but are accessible through a Virtual Private Cloud (VPC).
Limiting network access to your database will limit potential attacks.
Rationale:
Setting databases access only to private will reduce attack surface.
If you set a database IP to private, only host from the same network will have the ability to connect your database.
Configuring an existing Cloud SQL instance to use private IP causes the instance to restart.
From Google Cloud Console
From Google Cloud CLI
gcloud sql instances list --format="json" | jq '.[] | .connectionName,.ipAddresses'
Note the 'project name' of the instance you want to set to a private IP, this will be
Note the 'instance name' of the instance you want to set to a private IP, this will be
Example public instance output:
"my-project-123456:us-central1:my-instance"
[
{
"ipAddress": "0.0.0.0",
"type": "PRIMARY"
},
{
"ipAddress": "0.0.0.0",
"type": "OUTGOING"
}
gcloud compute networks list --format="json" | jq '.[].name'
Note the name of the VPC to use for the instance private IP, this will be
gcloud beta sql instances patch
--project=
--network=projects//global/networks/
--no-assign-ip