PROFESSIONAL-CLOUD-DEVELOPER · Question #368
You have a Cloud Run service that needs to connect to a Cloud SQL instance in a different project. You provisioned the Cloud Run service account with the Cloud SQL Client IAM role on the project that
The correct answer is C. Enable the Cloud SQL Admin API in both projects.. When Cloud Run connects to Cloud SQL in a different project via the Cloud SQL Auth Proxy, the Auth Proxy calls the Cloud SQL Admin API in the project where the client is running. If the Cloud SQL Admin API is not enabled in the Cloud Run project, the proxy cannot complete the con
Question
You have a Cloud Run service that needs to connect to a Cloud SQL instance in a different project. You provisioned the Cloud Run service account with the Cloud SQL Client IAM role on the project that is hosting Cloud SQL. However, when you test the connection, the connection fails. You want to fix the connection failure while following Google-recommended practices. What should you do?
Options
- AAdd the cloudsql.instances.connect IAM permission to the Cloud Run service account.
- BRequest additional API quota for Cloud SQL Auth Proxy.
- CEnable the Cloud SQL Admin API in both projects.
- DMigrate the Cloud SQL instance into the same project as the Cloud Run service.
How the community answered
(38 responses)- A16% (6)
- B5% (2)
- C76% (29)
- D3% (1)
Explanation
When Cloud Run connects to Cloud SQL in a different project via the Cloud SQL Auth Proxy, the Auth Proxy calls the Cloud SQL Admin API in the project where the client is running. If the Cloud SQL Admin API is not enabled in the Cloud Run project, the proxy cannot complete the connection setup, causing the failure. Enabling the API in both projects resolves this. Option A is wrong because cloudsql.instances.connect is already included in the Cloud SQL Client role. Option B is incorrect - Cloud SQL Auth Proxy uses API calls, not quota-limited connections. Option D (migrating instances) is not a recommended practice and is operationally costly.
Topics
Community Discussion
No community discussion yet for this question.