Secure CloudSQL Connectivity with Google Cloud SQL Auth Proxy as Systemd

sarath-pm

Sarath P M

Posted on January 21, 2024

Secure CloudSQL Connectivity with Google Cloud SQL Auth Proxy as Systemd

Tired of juggling database security and accessibility? Enter Google Cloud SQL Auth Proxy, your gateway to secure and effortless connections to your Google Cloud SQL instances, without exposing external IPs. This guide will guide you through installing and configuring Cloud SQL Auth Proxy as Systemd on Ubuntu in two ways.

Unfamiliar with Cloud SQL Proxy? No worries! Check out the official documentation here: https://cloud.google.com/sql/docs/mysql/sql-proxy.


1. One-Click Script Installation:

This method is perfect for speed and simplicity. Just grab the script, customize it with your details, and run it!

Git Repo: https://github.com/sarath-pm/gcp-cloudsqlproxy-systemd

Step 1: Preparing the Environment:

To kickstart the process, ensure your Ubuntu environment is up-to-date by running the following commands:

sudo apt update && sudo apt install wget && sudo apt install git
Enter fullscreen mode Exit fullscreen mode

Step 2: Clone the magic script:

git clone https://github.com/sarath-pm/gcp-cloudsqlproxy-systemd.git
Enter fullscreen mode Exit fullscreen mode

Step 3: Navigate and Run the script:

cd gcp-cloudsqlproxy-systemd
chmod +x cloudsqlproxy.sh
./cloudsqlproxy.sh INSTANCE_CONNECTION_NAME PORT
Enter fullscreen mode Exit fullscreen mode

Check for Permission Slips: Make Sure Your Service Account has required roles to Access Cloud SQL

That's it! If the cloudsqlproxy service is running, you've successfully installed Cloud SQL Auth Proxy.


2. Manual Installation for the Savvy:

Prefer to take the scenic route? This method gives you more control over the configuration.

Step 1: Preparing the Environment:

To kickstart the process, ensure your Ubuntu environment is up-to-date by running the following commands:

sudo apt update && sudo apt install wget
Enter fullscreen mode Exit fullscreen mode

Step 2: Downloading and Installing Cloud SQL Proxy:

Now, let's get the Google Cloud SQL Proxy and make it executable:

wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy
chmod +x cloud_sql_proxy
sudo cp ~/cloud_sql_proxy /usr/local/bin
Enter fullscreen mode Exit fullscreen mode

These commands fetch the proxy binary, make it executable, and place it in the /usr/local/bin directory for easy access.

Step 3: Creating the Systemd Service:

Next, we create a systemd service unit file for the Cloud SQL Proxy:

sudo vi /lib/systemd/system/cloudsqlproxy.service
Enter fullscreen mode Exit fullscreen mode

Add the following content, replacing the placeholders INSTANCE_CONNECTION_NAME and PORT with your actual values:

[Unit]
Description=Google Cloud SQL Auth Proxy

[Service]
Type=simple
WorkingDirectory=/usr/local/bin
ExecStart=/usr/local/bin/cloud_sql_proxy -instances=INSTANCE_CONNECTION_NAME=tcp:0.0.0.0:PORT
Restart=always
StandardOutput=journal
User=root

[Install]
WantedBy=multi-user.target
Enter fullscreen mode Exit fullscreen mode

Ensure your compute engine bears the necessary Service Account permissions to access Cloud SQL. Alternatively, append credential_file=/path/default-account.json & to the ExecStart line in the cloudsqlproxy.service file, as illustrated below:

ExecStart=/usr/local/bin/cloud_sql_proxy -instances=INSTANCE_CONNECTION_NAME=tcp:0.0.0.0:PORT -credential_file=/path/default-account.json &

This configuration specifies the service details, working directory, and the Cloud SQL instance connection parameters.

Step 4: Reloading and Starting the Service:

After creating the systemd service, reload the systemd manager configuration, start and enable the Cloud SQL Auth Proxy service:

sudo systemctl daemon-reload
sudo systemctl start cloudsqlproxy
sudo systemctl enable cloudsqlproxy
Enter fullscreen mode Exit fullscreen mode

Step 5: Verification:

To ensure everything is running smoothly, check the status of the service:

sudo systemctl status cloudsqlproxy
Enter fullscreen mode Exit fullscreen mode

If the service is active and running, congratulations! You've conquered manual installation!


Let's Connect!

Now, your applications can waltz effortlessly with your Google Cloud SQL database! Don't hesitate to leave questions or share your own adventures with Cloud SQL Auth Proxy in the comments below. Happy connecting! āœØ
ā€ƒšŸŒ LinkedIn
ā€ƒšŸš€ GitHub

šŸ’– šŸ’Ŗ šŸ™… šŸš©
sarath-pm
Sarath P M

Posted on January 21, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related