Secure CloudSQL Connectivity with Google Cloud SQL Auth Proxy as Systemd
Sarath P M
Posted on January 21, 2024
Tired of juggling database security and accessibility? Enter Google Cloud SQL Auth Proxy, your gateway to secure and effortless connections to your Google Cloud SQL instances, without exposing external IPs. This guide will guide you through installing and configuring Cloud SQL Auth Proxy as Systemd on Ubuntu in two ways.
Unfamiliar with Cloud SQL Proxy? No worries! Check out the official documentation here: https://cloud.google.com/sql/docs/mysql/sql-proxy.
1. One-Click Script Installation:
This method is perfect for speed and simplicity. Just grab the script, customize it with your details, and run it!
Git Repo: https://github.com/sarath-pm/gcp-cloudsqlproxy-systemd
Step 1: Preparing the Environment:
To kickstart the process, ensure your Ubuntu environment is up-to-date by running the following commands:
sudo apt update && sudo apt install wget && sudo apt install git
Step 2: Clone the magic script:
git clone https://github.com/sarath-pm/gcp-cloudsqlproxy-systemd.git
Step 3: Navigate and Run the script:
cd gcp-cloudsqlproxy-systemd
chmod +x cloudsqlproxy.sh
./cloudsqlproxy.sh INSTANCE_CONNECTION_NAME PORT
Check for Permission Slips: Make Sure Your Service Account has required roles to Access Cloud SQL
That's it! If the cloudsqlproxy service is running, you've successfully installed Cloud SQL Auth Proxy.
2. Manual Installation for the Savvy:
Prefer to take the scenic route? This method gives you more control over the configuration.
Step 1: Preparing the Environment:
To kickstart the process, ensure your Ubuntu environment is up-to-date by running the following commands:
sudo apt update && sudo apt install wget
Step 2: Downloading and Installing Cloud SQL Proxy:
Now, let's get the Google Cloud SQL Proxy and make it executable:
wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy
chmod +x cloud_sql_proxy
sudo cp ~/cloud_sql_proxy /usr/local/bin
These commands fetch the proxy binary, make it executable, and place it in the /usr/local/bin
directory for easy access.
Step 3: Creating the Systemd Service:
Next, we create a systemd service unit file for the Cloud SQL Proxy:
sudo vi /lib/systemd/system/cloudsqlproxy.service
Add the following content, replacing the placeholders INSTANCE_CONNECTION_NAME
and PORT
with your actual values:
[Unit]
Description=Google Cloud SQL Auth Proxy
[Service]
Type=simple
WorkingDirectory=/usr/local/bin
ExecStart=/usr/local/bin/cloud_sql_proxy -instances=INSTANCE_CONNECTION_NAME=tcp:0.0.0.0:PORT
Restart=always
StandardOutput=journal
User=root
[Install]
WantedBy=multi-user.target
Ensure your compute engine bears the necessary Service Account permissions to access Cloud SQL. Alternatively, append
credential_file=/path/default-account.json &
to theExecStart
line in thecloudsqlproxy.service
file, as illustrated below:ExecStart=/usr/local/bin/cloud_sql_proxy -instances=INSTANCE_CONNECTION_NAME=tcp:0.0.0.0:PORT -credential_file=/path/default-account.json &
This configuration specifies the service details, working directory, and the Cloud SQL instance connection parameters.
Step 4: Reloading and Starting the Service:
After creating the systemd service, reload the systemd manager configuration, start and enable the Cloud SQL Auth Proxy service:
sudo systemctl daemon-reload
sudo systemctl start cloudsqlproxy
sudo systemctl enable cloudsqlproxy
Step 5: Verification:
To ensure everything is running smoothly, check the status of the service:
sudo systemctl status cloudsqlproxy
If the service is active and running, congratulations! You've conquered manual installation!
Let's Connect!
Now, your applications can waltz effortlessly with your Google Cloud SQL database! Don't hesitate to leave questions or share your own adventures with Cloud SQL Auth Proxy in the comments below. Happy connecting! āØ
āš LinkedIn
āš GitHub
Posted on January 21, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
January 21, 2024