PostgreSQL database secure connection using Cloud SQL Auth proxy
For the Google Cloud Platform (GCP), you can enable a secure connection between Unravel server and an external PostgreSQL database. This can be done using the Cloud SQL Auth proxy, which is a Cloud SQL connector that provides secure access to your instances without needing Authorized networks for configuring SSL.
Go to Cloud SQL instances and create a PostgreSQL instance. Refer to Creating a PostgreSQL instance.
Create a database on the PostgreSQL instance. Refer to Create a database on the Cloud SQL instance.
Add a user account for the PostgreSQL instance. Refer to Add a user account.
Go to the GCP instance, IAM & Admin > Service Accounts, and create a service account. Refer to Create a Service account. Ensure to add the following permissions to that service account:
Cloud SQL Client
Cloud SQL Editor
Cloud SQL Admin
Open the newly created Service Account, select a project, and create a new service account key. Refer to Create a service account key. Ensure to create a service account key with JSON key type. You can download the key file.
Download the Cloud SQL Auth proxy and provide the executable permissions. Refer to Download the Cloud SQL Auth proxy.
Use a command line to run the Cloud SQL Auth proxy in a separate process in the backend.
./cloud_sql_proxy -instances=
INSTANCE_CONNECTION_NAME
=tcp:PORT_NUMBER
-credential_file=PATH_TO_KEY_FILE
In the
INSTANCE_CONNECTION_NAME
, enter the Connection name listed for the PostgreSQL instance created in Step 1. This is the connection string to identify a Cloud SQL instance.In the
PORT_NUMBER
, enter the default port number, i.e., 5432.In the
PATH_TO_KEY_FILE
, enter the path to the JSON key file.For example:
./cloud_sql_proxy -instances=unravel-dataproc:us-central:xyz-doc-test=tcp:5432 -credential_file=/home/key/file/path
For example, the following result is shown:
Listening on 127.0.0.1:5432 for unravel-dataproc:us-centrall:xyz-doc-test Ready for new connections Generated RSA key in 287.212948ms
Verify if the cloud proxy is running in the background:
ps -ef | grep -i cloud
The following output is shown:
1776 1605 0 10:49 pts/0 00:00:00 ./cloud_sql_proxy -instances=unravel-dataproc:us-central1:xyz-doc-test=tcp:5432 -credential_file=/home/key/file/path/xyz_sql.json
Run the following command to verify the connection to the external PostgreSQL database. This command connects to the external PostgreSQL instance for GCP via the local host.
psql -u unravel -p -host 127.0.0.1