nerdexam
Google

PROFESSIONAL-CLOUD-DEVELOPER · Question #368

You have a Cloud Run service that needs to connect to a Cloud SQL instance in a different project. You provisioned the Cloud Run service account with the Cloud SQL Client IAM role on the project that

The correct answer is C. Enable the Cloud SQL Admin API in both projects.. When Cloud Run connects to Cloud SQL in a different project via the Cloud SQL Auth Proxy, the Auth Proxy calls the Cloud SQL Admin API in the project where the client is running. If the Cloud SQL Admin API is not enabled in the Cloud Run project, the proxy cannot complete the con

Implementing and Managing Application Connectivity

Question

You have a Cloud Run service that needs to connect to a Cloud SQL instance in a different project. You provisioned the Cloud Run service account with the Cloud SQL Client IAM role on the project that is hosting Cloud SQL. However, when you test the connection, the connection fails. You want to fix the connection failure while following Google-recommended practices. What should you do?

Options

  • AAdd the cloudsql.instances.connect IAM permission to the Cloud Run service account.
  • BRequest additional API quota for Cloud SQL Auth Proxy.
  • CEnable the Cloud SQL Admin API in both projects.
  • DMigrate the Cloud SQL instance into the same project as the Cloud Run service.

How the community answered

(38 responses)
  • A
    16% (6)
  • B
    5% (2)
  • C
    76% (29)
  • D
    3% (1)

Explanation

When Cloud Run connects to Cloud SQL in a different project via the Cloud SQL Auth Proxy, the Auth Proxy calls the Cloud SQL Admin API in the project where the client is running. If the Cloud SQL Admin API is not enabled in the Cloud Run project, the proxy cannot complete the connection setup, causing the failure. Enabling the API in both projects resolves this. Option A is wrong because cloudsql.instances.connect is already included in the Cloud SQL Client role. Option B is incorrect - Cloud SQL Auth Proxy uses API calls, not quota-limited connections. Option D (migrating instances) is not a recommended practice and is operationally costly.

Topics

#Cloud SQL#Cloud Run#Cross-Project Communication#API Management

Community Discussion

No community discussion yet for this question.

Full PROFESSIONAL-CLOUD-DEVELOPER Practice