Topic 1 Question 3
You are planning to migrate a MySQL database to the managed Cloud SQL database for Google Cloud. You have Compute Engine virtual machine instances that will connect with this Cloud SQL instance. You do not want to whitelist IPs for the Compute Engine instances to be able to access Cloud SQL. What should you do?
Enable private IP for the Cloud SQL instance.
Whitelist a project to access Cloud SQL, and add Compute Engine instances in the whitelisted project.
Create a role in Cloud SQL that allows access to the database from external instances, and assign the Compute Engine instances to that role.
Create a CloudSQL instance on one project. Create Compute engine instances in a different project. Create a VPN between these two projects to allow internal access to CloudSQL.
ユーザの投票
コメント(13)
The proposed answer seems incorrect, as according to the question application running access to Cloud SQL is run on the Compute Engine and the are no roles in Cloud SQL itself to manage Instance-level access control. According to https://cloud.google.com/sql/docs/mysql/connect-compute-engine there are 3 possible ways to connect from Compute Engine: 'Private IP', 'Public IP', 'Cloud SQL Proxy'. There is no 'Cloud SQL Proxy' option in answers, 'Public IP' requires IP whitelisting what is unacceptable according to the question, so the only valid answer is 'Private IP'
👍 23emmet2020/05/25the answer is A.
👍 8peetzthanatip2020/11/19https://cloud.google.com/sql/docs/mysql/connect-compute-engine#connect-gce-private-ip
Answer is A given the options presented
👍 2syu31svc2021/06/19
シャッフルモード