How to log in to a DB using Google's cloud-sql-proxy (Cloud SQL Auth Proxy)

5 min

gcpクラウド
language: ja bn en es hi pt ru zh-cn zh-tw

Hello, I'm incompetent.
I stumbled for a moment trying to connect to the DB via cloud-sql-proxy, so I'll leave a note.

Required Binary Installation

Save the cloud-sql-proxy executable and set the path

First, you need the cloud-sql-proxy executable.
Since it doesn't exist in packages like brew, you need to get the executable built for each instruction set from Google's website.

curl -o cloud-sql-proxy https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v2.14.2/cloud-sql-proxy.darwin.arm64
chmod +x cloud-sql-proxy
sudo mv cloud-sql-proxy /usr/local/bin
which cloud-sql-proxy

Not many people do this, but executables installed with homebrew are placed under /opt/homebrew/bin/. However, since this is a unique binary installed by the user, for MacOS, which is a fork of FreeBSD, /usr/local/bin seemed better, so I placed it there.

Install MySQL Binaries

Apparently, if you run brew install mysql without specifying a version, you'll get an error during connection due to missing binaries or too low a version, so install it as follows.
This was solved in seconds thanks to my senior.

brew install mysql-client@8.4

And then,
if the path is not set, find it as follows and create a symbolic link.

find /opt/homebrew -name "mysql*"
ln -s /path/to/found/mysql/binary /opt/homebrew/bin/mysql

Obtaining DB Connection Information

Environment Check and Authentication

Assume that the login process has already been performed.

gcloud auth login
gcloud auth application-default login

Specify the project as follows:

gcloud config set project PROJECT_ID

You can check the project as follows:

gcloud config get-value project

Then, check the connection name to the DB as follows:

gcloud sql instances describe DB_INSTANCE_NAME | grep "^connectionName:" | awk '{print $2}'

Connect via cloud-sql-proxy

This is about the mechanism: this cloud-sql-proxy proxies the DB.
Conceptually, if you were to access a DB itself residing within a VM, you would first need to SSH into that OS and log into the DB server itself. However, by using this proxy, it makes the DB server existing in Cloud SQL Listen on localhost.
If the DB port were open, you might be able to connect directly to that DB server, but I don't think anyone would set up a DB server in such an insecure state.
Therefore, to connect as securely and easily as possible, it seems the solution was to proxy the DB.

Now, let's specify the DB connection name we just confirmed.

cloud-sql-proxy --port 3306 DB_CONNECTION_NAME

The above is for MySQL, so for PostgreSQL or similar, you would need to specify a different port, and the required binaries would also change, so this might need to be adjusted accordingly.

Once the connection is established, it's successfully proxied, so just leave it as is and connect to MySQL from another terminal.

mysql --user="DB_USER" --password="DB_USER_PASSWORD" -h 127.0.0.1

See you next time.
Best regards.

Related Posts