Cloud SQL Module
This module creates a Google Cloud SQL cluster. The cluster is managed by Google, automating backups, replication, patches, and updates.
How do you use this module?
See the examples folder for an example.
How do you configure this module?
This module allows you to configure a number of parameters, such as high availability, backup windows, maintenance window and replicas. For a list of all available variables and their descriptions, see variables.tf.
How do you connect to the database?
Cloud SQL instances are created in a producer network (a VPC network internal to Google). They are not created in your VPC network. See https://cloud.google.com/sql/docs/mysql/private-ip
You can use both public IP and private IP to connect to a Cloud SQL instance. Neither connection method affects the other; you must protect the public IP connection whether the instance is configured to use private IP or not.
You can also use the Cloud SQL Proxy for MySQL and Cloud SQL Proxy for PostgreSQL to connect to an instance that is also configured to use private IP. The proxy can connect using either the private IP address or a public IP address.
This module provides the connection details as Terraform output variables. Use the public / private addresses depending on your configuration:
- Master Public IP Address
master_public_ip_address: The public IPv4 address of the master instance.
- Master Private IP Address
master_private_ip_address: The private IPv4 address of the master instance.
- Master Proxy connection
master_proxy_connection: Instance path for connecting with Cloud SQL Proxy; see Connecting mysql Client Using the Cloud SQL Proxy.
- Read Replica Public IP Addresses
read_replica_public_ip_addresses: A list of read replica public IP addresses in the cluster. Use these addresses for reads (see "How do you scale this database?" below).
- Read Replica Private IP Addresses
read_replica_private_ip_addresses: A list of read replica private IP addresses in the cluster. Use these addresses for reads (see "How do you scale this database?" below).
- Read Replica Proxy Connections
read_replica_proxy_connections: A list of instance paths for connecting with Cloud SQL Proxy; see Connecting Using the Cloud SQL Proxy.
You can programmatically extract these variables in your Terraform templates and pass them to other resources.
You'll also see the variables at the end of each
terraform apply call or if you run
For full connectivity options and detailed documentation, see Connecting to Cloud SQL MySQL from External Applications and Connecting to Cloud SQL PostgreSQL from External Applications.
How do you configure High Availability?
You can enable High Availability using the
enable_failover_replica input variable.
High Availability for MySQL
The configuration is made up of a primary instance (master) in the primary zone (
master_zone input variable) and a failover replica in the secondary zone (
failover_replica_zone input variable).
The failover replica is configured with the same database flags, users and passwords, authorized applications and networks, and databases as the primary instance.
For full details about MySQL High Availability, see https://cloud.google.com/sql/docs/mysql/high-availability
High Availability for PostgreSQL
A Cloud SQL PostgreSQL instance configured for HA is also called a regional instance and is located in a primary and secondary zone within the configured region. Within a regional instance,
the configuration is made up of a primary instance (master) and a standby instance. You control the primary zone for the master instance
with input variable
master_zone and Google will automatically place the standby instance in another zone.
For full details about PostgreSQL High Availability, see https://cloud.google.com/sql/docs/postgres/high-availability
How do you secure this database?
Cloud SQL customer data is encrypted when stored in database tables, temporary files, and backups.
External connections can be encrypted by using SSL, or by using the Cloud SQL Proxy, which automatically encrypts traffic to and from the database.
If you do not use the proxy, you can enforce SSL for external connections using the
require_ssl input variable.
How do you scale this database?
- Storage: Cloud SQL manages storage for you, automatically growing cluster volume up to 10TB You can set the
initial disk size using the
- Vertical scaling: To scale vertically (i.e. bigger DB instances with more CPU and RAM), use the
machine_typeinput variable. For a list of Cloud SQL Machine Types, see Cloud SQL Pricing.
- Horizontal scaling: To scale horizontally, you can add more replicas using the
read_replica_zonesinput variables, and the module will automatically deploy the new instances, sync them to the master, and make them available as read replicas.
Due to limitations on the current
terraform provider for Google, it is not possible to restore backups with
Read Replica and IP Addresses Outputs
Retrieving and outputting distinct values from list of maps is not possible with resources using
count prior to
Instead we have to output the values JSON encoded - for example
read_replica_server_ca_certs. For full details of the outputs and
their format, see outputs.tf.