IpConfiguration

The name of the allocated ip range for the private ip Cloud SQL instance. For example: "google-managed-services-default". If set, the instance ip will be created in the allocated range. The range name must comply with RFC 1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])?.

The list of external networks that are allowed to connect to the instance using the IP. In 'CIDR' notation, also known as 'slash' notation (for example: 157.197.200.0/24).

Optional. Custom Subject Alternative Name(SAN)s for a Cloud SQL instance.

Controls connectivity to private IP instances from Google services, such as BigQuery.

Whether the instance is assigned a public IP address or not.

The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP. For example, /projects/myProject/global/networks/default. This setting can be updated, but it cannot be removed after it is set.

PSC settings for this instance.

Use ssl_mode instead. Whether SSL/TLS connections over IP are enforced. If set to false, then allow both non-SSL/non-TLS and SSL/TLS connections. For SSL/TLS connections, the client certificate won't be verified. If set to true, then only allow connections encrypted with SSL/TLS and with valid client certificates. If you want to enforce SSL/TLS without enforcing the requirement for valid client certificates, then use the ssl_mode flag instead of the require_ssl flag.

Specify what type of CA is used for the server certificate.

Optional. The resource name of the server CA pool for an instance with CUSTOMER_MANAGED_CAS_CA as the server_ca_mode. Format: projects/{PROJECT}/locations/{REGION}/caPools/{CA_POOL_ID}

Optional. Controls the automatic server certificate rotation feature. This feature is disabled by default. When enabled, the server certificate will be automatically rotated during Cloud SQL scheduled maintenance or self-service maintenance updates up to six months before it expires. This setting can only be set if server_ca_mode is either GOOGLE_MANAGED_CAS_CA or CUSTOMER_MANAGED_CAS_CA.

Specify how SSL/TLS is enforced in database connections. If you must use the require_ssl flag for backward compatibility, then only the following value pairs are valid: For PostgreSQL and MySQL: * ssl_mode=ALLOW_UNENCRYPTED_AND_ENCRYPTED and require_ssl=false * ssl_mode=ENCRYPTED_ONLY and require_ssl=false * ssl_mode=TRUSTED_CLIENT_CERTIFICATE_REQUIRED and require_ssl=true For SQL Server: * ssl_mode=ALLOW_UNENCRYPTED_AND_ENCRYPTED and require_ssl=false * ssl_mode=ENCRYPTED_ONLY and require_ssl=true The value of ssl_mode has priority over the value of require_ssl. For example, for the pair ssl_mode=ENCRYPTED_ONLY and require_ssl=false, ssl_mode=ENCRYPTED_ONLY means accept only SSL connections, while require_ssl=false means accept both non-SSL and SSL connections. In this case, MySQL and PostgreSQL databases respect ssl_mode and accepts only SSL connections.