Mysql instances should also have a private network
Managed mysql should have an internal ip address on the private network.
Cloud SQL launched GA support for private IP in 2018 for MySQL and PostgreSQL. Private IP is also supported or SQL Server.
To learn how to set up private IP, check out our documentation:
For more information, see our release notes:
Im trying to see if it is possible to justify using Cloud SQL as a DB for production, given that it seems fully open and unprotected from DDoS attack, sitting on a public IP. I hope Im missing something, and it can be pointed out to me. Thanks
It is a little terrifying that every mysql instance has a public ip, and thus can be targeted directly for a DDoS attack. Also it negates the value of a bastion host as a central place for external access and audit when all traffic to cloud sql is routed directly via a public ip.
Of course I'm just a small fish but this discovery abruptly halted my migration off AWS, but I would eagerly start again if this feature came around.
In the interim it would be great if there were some details of why Cloud SQL is the outlier, where most other services in regions around the world are on your private network...but not cloud sql.