I have deployed a SQL instance on a shared VPC subnet to host a PostgreSQL database in GCP. Now I want to connect to this instance from a machine whose network is private and external to google cloud. I am using Cloud SQL Python connector to do that, but when I run the python script on the machine it gets stuck at "Requesting ephemeral certificate". Is this the right approach to establish such a connection?
More details on the setup:
The SQL instance deployment was done using Terraform
I reserved an internal IP address (Shared VPC subnet) for the Private Service Connect endpoint and I created a forwarding rule to point the PSC endpoint to the Cloud SQL service attachment, following the public documentation (https://cloud.google.com/sql/docs/mysql/configure-private-service-connect#create-cloud-sql-instance-psc-enabled)
I attempt the connection with IAM authentication after exporting the SQL instance credentials (service account)
In the /etc/hosts file of the machine I added a line with the IP of the SQL instance followed by its DNS name
I tested this setup and the python script on a Virtual Machine in google cloud hosted within the same subnetwork as the SQL instance and I successfully connected to the PostgreSQL database. The same exact script on the external machine cannot establish the connection. The firewalls between the machine and the SQL instance private IP have been opened. The connectivity to on-prem is interconnect/vlan attachment with BGP running on top and the reachability is fine, based on the firewall logs showing that the connections are allowed. So, I don’t see where the issue is if this is the right approach...
I have followed this connection issues checklist, and everything seems alright in my setup... (https://cloud.google.com/sql/docs/debugging-connectivity#connection_issues_checklist)
google-cloud-platform
