The gcp:databasemigrationservice/connectionProfile:ConnectionProfile resource, part of the Pulumi GCP provider, defines connection profiles that store database credentials, SSL certificates, and network configuration for Database Migration Service jobs. This guide focuses on four capabilities: MySQL and PostgreSQL source connections with SSL, Oracle static IP connectivity, and AlloyDB destination provisioning and references.
Connection profiles reference existing Cloud SQL instances, VPC networks, SSL certificates, and database users. The examples are intentionally small. Combine them with your own migration jobs and network infrastructure.
Connect to MySQL with SSL certificates
Database migrations begin by establishing secure connections to source MySQL databases, storing credentials and SSL certificates for reuse across migration jobs.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const cloudsqldb = new gcp.sql.DatabaseInstance("cloudsqldb", {
name: "my-database",
databaseVersion: "MYSQL_5_7",
settings: {
tier: "db-n1-standard-1",
deletionProtectionEnabled: false,
},
deletionProtection: false,
});
const sqlClientCert = new gcp.sql.SslCert("sql_client_cert", {
commonName: "my-cert",
instance: cloudsqldb.name,
}, {
dependsOn: [cloudsqldb],
});
const sqldbUser = new gcp.sql.User("sqldb_user", {
name: "my-username",
instance: cloudsqldb.name,
password: "my-password",
}, {
dependsOn: [sqlClientCert],
});
const cloudsqlprofile = new gcp.databasemigrationservice.ConnectionProfile("cloudsqlprofile", {
location: "us-central1",
connectionProfileId: "my-fromprofileid",
displayName: "my-fromprofileid_display",
labels: {
foo: "bar",
},
mysql: {
host: cloudsqldb.ipAddresses.apply(ipAddresses => ipAddresses[0].ipAddress),
port: 3306,
username: sqldbUser.name,
password: sqldbUser.password,
ssl: {
clientKey: sqlClientCert.privateKey,
clientCertificate: sqlClientCert.cert,
caCertificate: sqlClientCert.serverCaCert,
type: "SERVER_CLIENT",
},
cloudSqlId: "my-database",
},
}, {
dependsOn: [sqldbUser],
});
const cloudsqlprofileDestination = new gcp.databasemigrationservice.ConnectionProfile("cloudsqlprofile_destination", {
location: "us-central1",
connectionProfileId: "my-toprofileid",
displayName: "my-toprofileid_displayname",
labels: {
foo: "bar",
},
cloudsql: {
settings: {
databaseVersion: "MYSQL_5_7",
userLabels: {
cloudfoo: "cloudbar",
},
tier: "db-n1-standard-1",
edition: "ENTERPRISE",
storageAutoResizeLimit: "0",
activationPolicy: "ALWAYS",
ipConfig: {
enableIpv4: true,
requireSsl: true,
},
autoStorageIncrease: true,
dataDiskType: "PD_HDD",
dataDiskSizeGb: "11",
zone: "us-central1-b",
sourceId: project.then(project => `projects/${project.projectId}/locations/us-central1/connectionProfiles/my-fromprofileid`),
rootPassword: "testpasscloudsql",
},
},
}, {
dependsOn: [cloudsqlprofile],
});
import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
cloudsqldb = gcp.sql.DatabaseInstance("cloudsqldb",
name="my-database",
database_version="MYSQL_5_7",
settings={
"tier": "db-n1-standard-1",
"deletion_protection_enabled": False,
},
deletion_protection=False)
sql_client_cert = gcp.sql.SslCert("sql_client_cert",
common_name="my-cert",
instance=cloudsqldb.name,
opts = pulumi.ResourceOptions(depends_on=[cloudsqldb]))
sqldb_user = gcp.sql.User("sqldb_user",
name="my-username",
instance=cloudsqldb.name,
password="my-password",
opts = pulumi.ResourceOptions(depends_on=[sql_client_cert]))
cloudsqlprofile = gcp.databasemigrationservice.ConnectionProfile("cloudsqlprofile",
location="us-central1",
connection_profile_id="my-fromprofileid",
display_name="my-fromprofileid_display",
labels={
"foo": "bar",
},
mysql={
"host": cloudsqldb.ip_addresses[0].ip_address,
"port": 3306,
"username": sqldb_user.name,
"password": sqldb_user.password,
"ssl": {
"client_key": sql_client_cert.private_key,
"client_certificate": sql_client_cert.cert,
"ca_certificate": sql_client_cert.server_ca_cert,
"type": "SERVER_CLIENT",
},
"cloud_sql_id": "my-database",
},
opts = pulumi.ResourceOptions(depends_on=[sqldb_user]))
cloudsqlprofile_destination = gcp.databasemigrationservice.ConnectionProfile("cloudsqlprofile_destination",
location="us-central1",
connection_profile_id="my-toprofileid",
display_name="my-toprofileid_displayname",
labels={
"foo": "bar",
},
cloudsql={
"settings": {
"database_version": "MYSQL_5_7",
"user_labels": {
"cloudfoo": "cloudbar",
},
"tier": "db-n1-standard-1",
"edition": "ENTERPRISE",
"storage_auto_resize_limit": "0",
"activation_policy": "ALWAYS",
"ip_config": {
"enable_ipv4": True,
"require_ssl": True,
},
"auto_storage_increase": True,
"data_disk_type": "PD_HDD",
"data_disk_size_gb": "11",
"zone": "us-central1-b",
"source_id": f"projects/{project.project_id}/locations/us-central1/connectionProfiles/my-fromprofileid",
"root_password": "testpasscloudsql",
},
},
opts = pulumi.ResourceOptions(depends_on=[cloudsqlprofile]))
package main
import (
"fmt"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/databasemigrationservice"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/sql"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
cloudsqldb, err := sql.NewDatabaseInstance(ctx, "cloudsqldb", &sql.DatabaseInstanceArgs{
Name: pulumi.String("my-database"),
DatabaseVersion: pulumi.String("MYSQL_5_7"),
Settings: &sql.DatabaseInstanceSettingsArgs{
Tier: pulumi.String("db-n1-standard-1"),
DeletionProtectionEnabled: pulumi.Bool(false),
},
DeletionProtection: pulumi.Bool(false),
})
if err != nil {
return err
}
sqlClientCert, err := sql.NewSslCert(ctx, "sql_client_cert", &sql.SslCertArgs{
CommonName: pulumi.String("my-cert"),
Instance: cloudsqldb.Name,
}, pulumi.DependsOn([]pulumi.Resource{
cloudsqldb,
}))
if err != nil {
return err
}
sqldbUser, err := sql.NewUser(ctx, "sqldb_user", &sql.UserArgs{
Name: pulumi.String("my-username"),
Instance: cloudsqldb.Name,
Password: pulumi.String("my-password"),
}, pulumi.DependsOn([]pulumi.Resource{
sqlClientCert,
}))
if err != nil {
return err
}
cloudsqlprofile, err := databasemigrationservice.NewConnectionProfile(ctx, "cloudsqlprofile", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("my-fromprofileid"),
DisplayName: pulumi.String("my-fromprofileid_display"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Mysql: &databasemigrationservice.ConnectionProfileMysqlArgs{
Host: cloudsqldb.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {
return &ipAddresses[0].IpAddress, nil
}).(pulumi.StringPtrOutput),
Port: pulumi.Int(3306),
Username: sqldbUser.Name,
Password: sqldbUser.Password,
Ssl: &databasemigrationservice.ConnectionProfileMysqlSslArgs{
ClientKey: sqlClientCert.PrivateKey,
ClientCertificate: sqlClientCert.Cert,
CaCertificate: sqlClientCert.ServerCaCert,
Type: pulumi.String("SERVER_CLIENT"),
},
CloudSqlId: pulumi.String("my-database"),
},
}, pulumi.DependsOn([]pulumi.Resource{
sqldbUser,
}))
if err != nil {
return err
}
_, err = databasemigrationservice.NewConnectionProfile(ctx, "cloudsqlprofile_destination", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("my-toprofileid"),
DisplayName: pulumi.String("my-toprofileid_displayname"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Cloudsql: &databasemigrationservice.ConnectionProfileCloudsqlArgs{
Settings: &databasemigrationservice.ConnectionProfileCloudsqlSettingsArgs{
DatabaseVersion: pulumi.String("MYSQL_5_7"),
UserLabels: pulumi.StringMap{
"cloudfoo": pulumi.String("cloudbar"),
},
Tier: pulumi.String("db-n1-standard-1"),
Edition: pulumi.String("ENTERPRISE"),
StorageAutoResizeLimit: pulumi.String("0"),
ActivationPolicy: pulumi.String("ALWAYS"),
IpConfig: &databasemigrationservice.ConnectionProfileCloudsqlSettingsIpConfigArgs{
EnableIpv4: pulumi.Bool(true),
RequireSsl: pulumi.Bool(true),
},
AutoStorageIncrease: pulumi.Bool(true),
DataDiskType: pulumi.String("PD_HDD"),
DataDiskSizeGb: pulumi.String("11"),
Zone: pulumi.String("us-central1-b"),
SourceId: pulumi.Sprintf("projects/%v/locations/us-central1/connectionProfiles/my-fromprofileid", project.ProjectId),
RootPassword: pulumi.String("testpasscloudsql"),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
cloudsqlprofile,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var cloudsqldb = new Gcp.Sql.DatabaseInstance("cloudsqldb", new()
{
Name = "my-database",
DatabaseVersion = "MYSQL_5_7",
Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
{
Tier = "db-n1-standard-1",
DeletionProtectionEnabled = false,
},
DeletionProtection = false,
});
var sqlClientCert = new Gcp.Sql.SslCert("sql_client_cert", new()
{
CommonName = "my-cert",
Instance = cloudsqldb.Name,
}, new CustomResourceOptions
{
DependsOn =
{
cloudsqldb,
},
});
var sqldbUser = new Gcp.Sql.User("sqldb_user", new()
{
Name = "my-username",
Instance = cloudsqldb.Name,
Password = "my-password",
}, new CustomResourceOptions
{
DependsOn =
{
sqlClientCert,
},
});
var cloudsqlprofile = new Gcp.DatabaseMigrationService.ConnectionProfile("cloudsqlprofile", new()
{
Location = "us-central1",
ConnectionProfileId = "my-fromprofileid",
DisplayName = "my-fromprofileid_display",
Labels =
{
{ "foo", "bar" },
},
Mysql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlArgs
{
Host = cloudsqldb.IpAddresses.Apply(ipAddresses => ipAddresses[0].IpAddress),
Port = 3306,
Username = sqldbUser.Name,
Password = sqldbUser.Password,
Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlSslArgs
{
ClientKey = sqlClientCert.PrivateKey,
ClientCertificate = sqlClientCert.Cert,
CaCertificate = sqlClientCert.ServerCaCert,
Type = "SERVER_CLIENT",
},
CloudSqlId = "my-database",
},
}, new CustomResourceOptions
{
DependsOn =
{
sqldbUser,
},
});
var cloudsqlprofileDestination = new Gcp.DatabaseMigrationService.ConnectionProfile("cloudsqlprofile_destination", new()
{
Location = "us-central1",
ConnectionProfileId = "my-toprofileid",
DisplayName = "my-toprofileid_displayname",
Labels =
{
{ "foo", "bar" },
},
Cloudsql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileCloudsqlArgs
{
Settings = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileCloudsqlSettingsArgs
{
DatabaseVersion = "MYSQL_5_7",
UserLabels =
{
{ "cloudfoo", "cloudbar" },
},
Tier = "db-n1-standard-1",
Edition = "ENTERPRISE",
StorageAutoResizeLimit = "0",
ActivationPolicy = "ALWAYS",
IpConfig = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileCloudsqlSettingsIpConfigArgs
{
EnableIpv4 = true,
RequireSsl = true,
},
AutoStorageIncrease = true,
DataDiskType = "PD_HDD",
DataDiskSizeGb = "11",
Zone = "us-central1-b",
SourceId = $"projects/{project.Apply(getProjectResult => getProjectResult.ProjectId)}/locations/us-central1/connectionProfiles/my-fromprofileid",
RootPassword = "testpasscloudsql",
},
},
}, new CustomResourceOptions
{
DependsOn =
{
cloudsqlprofile,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.sql.DatabaseInstance;
import com.pulumi.gcp.sql.DatabaseInstanceArgs;
import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
import com.pulumi.gcp.sql.SslCert;
import com.pulumi.gcp.sql.SslCertArgs;
import com.pulumi.gcp.sql.User;
import com.pulumi.gcp.sql.UserArgs;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfile;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlSslArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileCloudsqlArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileCloudsqlSettingsArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileCloudsqlSettingsIpConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
var cloudsqldb = new DatabaseInstance("cloudsqldb", DatabaseInstanceArgs.builder()
.name("my-database")
.databaseVersion("MYSQL_5_7")
.settings(DatabaseInstanceSettingsArgs.builder()
.tier("db-n1-standard-1")
.deletionProtectionEnabled(false)
.build())
.deletionProtection(false)
.build());
var sqlClientCert = new SslCert("sqlClientCert", SslCertArgs.builder()
.commonName("my-cert")
.instance(cloudsqldb.name())
.build(), CustomResourceOptions.builder()
.dependsOn(cloudsqldb)
.build());
var sqldbUser = new User("sqldbUser", UserArgs.builder()
.name("my-username")
.instance(cloudsqldb.name())
.password("my-password")
.build(), CustomResourceOptions.builder()
.dependsOn(sqlClientCert)
.build());
var cloudsqlprofile = new ConnectionProfile("cloudsqlprofile", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("my-fromprofileid")
.displayName("my-fromprofileid_display")
.labels(Map.of("foo", "bar"))
.mysql(ConnectionProfileMysqlArgs.builder()
.host(cloudsqldb.ipAddresses().applyValue(_ipAddresses -> _ipAddresses[0].ipAddress()))
.port(3306)
.username(sqldbUser.name())
.password(sqldbUser.password())
.ssl(ConnectionProfileMysqlSslArgs.builder()
.clientKey(sqlClientCert.privateKey())
.clientCertificate(sqlClientCert.cert())
.caCertificate(sqlClientCert.serverCaCert())
.type("SERVER_CLIENT")
.build())
.cloudSqlId("my-database")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(sqldbUser)
.build());
var cloudsqlprofileDestination = new ConnectionProfile("cloudsqlprofileDestination", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("my-toprofileid")
.displayName("my-toprofileid_displayname")
.labels(Map.of("foo", "bar"))
.cloudsql(ConnectionProfileCloudsqlArgs.builder()
.settings(ConnectionProfileCloudsqlSettingsArgs.builder()
.databaseVersion("MYSQL_5_7")
.userLabels(Map.of("cloudfoo", "cloudbar"))
.tier("db-n1-standard-1")
.edition("ENTERPRISE")
.storageAutoResizeLimit("0")
.activationPolicy("ALWAYS")
.ipConfig(ConnectionProfileCloudsqlSettingsIpConfigArgs.builder()
.enableIpv4(true)
.requireSsl(true)
.build())
.autoStorageIncrease(true)
.dataDiskType("PD_HDD")
.dataDiskSizeGb("11")
.zone("us-central1-b")
.sourceId(String.format("projects/%s/locations/us-central1/connectionProfiles/my-fromprofileid", project.projectId()))
.rootPassword("testpasscloudsql")
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(cloudsqlprofile)
.build());
}
}
resources:
cloudsqldb:
type: gcp:sql:DatabaseInstance
properties:
name: my-database
databaseVersion: MYSQL_5_7
settings:
tier: db-n1-standard-1
deletionProtectionEnabled: false
deletionProtection: false
sqlClientCert:
type: gcp:sql:SslCert
name: sql_client_cert
properties:
commonName: my-cert
instance: ${cloudsqldb.name}
options:
dependsOn:
- ${cloudsqldb}
sqldbUser:
type: gcp:sql:User
name: sqldb_user
properties:
name: my-username
instance: ${cloudsqldb.name}
password: my-password
options:
dependsOn:
- ${sqlClientCert}
cloudsqlprofile:
type: gcp:databasemigrationservice:ConnectionProfile
properties:
location: us-central1
connectionProfileId: my-fromprofileid
displayName: my-fromprofileid_display
labels:
foo: bar
mysql:
host: ${cloudsqldb.ipAddresses[0].ipAddress}
port: 3306
username: ${sqldbUser.name}
password: ${sqldbUser.password}
ssl:
clientKey: ${sqlClientCert.privateKey}
clientCertificate: ${sqlClientCert.cert}
caCertificate: ${sqlClientCert.serverCaCert}
type: SERVER_CLIENT
cloudSqlId: my-database
options:
dependsOn:
- ${sqldbUser}
cloudsqlprofileDestination:
type: gcp:databasemigrationservice:ConnectionProfile
name: cloudsqlprofile_destination
properties:
location: us-central1
connectionProfileId: my-toprofileid
displayName: my-toprofileid_displayname
labels:
foo: bar
cloudsql:
settings:
databaseVersion: MYSQL_5_7
userLabels:
cloudfoo: cloudbar
tier: db-n1-standard-1
edition: ENTERPRISE
storageAutoResizeLimit: '0'
activationPolicy: ALWAYS
ipConfig:
enableIpv4: true
requireSsl: true
autoStorageIncrease: true
dataDiskType: PD_HDD
dataDiskSizeGb: '11'
zone: us-central1-b
sourceId: projects/${project.projectId}/locations/us-central1/connectionProfiles/my-fromprofileid
rootPassword: testpasscloudsql
options:
dependsOn:
- ${cloudsqlprofile}
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
The mysql block specifies connection details: host and port identify the database endpoint, while username and password provide authentication. The ssl block configures mutual TLS by providing clientKey, clientCertificate, and caCertificate from the SSL certificate resource. The cloudSqlId links this profile to the Cloud SQL instance name.
Connect to PostgreSQL with SSL certificates
PostgreSQL migrations require connection profiles with host, port, credentials, and SSL configuration for secure data transfer.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const postgresqldb = new gcp.sql.DatabaseInstance("postgresqldb", {
name: "my-database",
databaseVersion: "POSTGRES_12",
settings: {
tier: "db-custom-2-13312",
},
deletionProtection: false,
});
const sqlClientCert = new gcp.sql.SslCert("sql_client_cert", {
commonName: "my-cert",
instance: postgresqldb.name,
}, {
dependsOn: [postgresqldb],
});
const sqldbUser = new gcp.sql.User("sqldb_user", {
name: "my-username",
instance: postgresqldb.name,
password: "my-password",
}, {
dependsOn: [sqlClientCert],
});
const postgresprofile = new gcp.databasemigrationservice.ConnectionProfile("postgresprofile", {
location: "us-central1",
connectionProfileId: "my-profileid",
displayName: "my-profileid_display",
labels: {
foo: "bar",
},
postgresql: {
host: postgresqldb.ipAddresses.apply(ipAddresses => ipAddresses[0].ipAddress),
port: 5432,
username: sqldbUser.name,
password: sqldbUser.password,
ssl: {
clientKey: sqlClientCert.privateKey,
clientCertificate: sqlClientCert.cert,
caCertificate: sqlClientCert.serverCaCert,
type: "SERVER_CLIENT",
},
cloudSqlId: "my-database",
},
}, {
dependsOn: [sqldbUser],
});
import pulumi
import pulumi_gcp as gcp
postgresqldb = gcp.sql.DatabaseInstance("postgresqldb",
name="my-database",
database_version="POSTGRES_12",
settings={
"tier": "db-custom-2-13312",
},
deletion_protection=False)
sql_client_cert = gcp.sql.SslCert("sql_client_cert",
common_name="my-cert",
instance=postgresqldb.name,
opts = pulumi.ResourceOptions(depends_on=[postgresqldb]))
sqldb_user = gcp.sql.User("sqldb_user",
name="my-username",
instance=postgresqldb.name,
password="my-password",
opts = pulumi.ResourceOptions(depends_on=[sql_client_cert]))
postgresprofile = gcp.databasemigrationservice.ConnectionProfile("postgresprofile",
location="us-central1",
connection_profile_id="my-profileid",
display_name="my-profileid_display",
labels={
"foo": "bar",
},
postgresql={
"host": postgresqldb.ip_addresses[0].ip_address,
"port": 5432,
"username": sqldb_user.name,
"password": sqldb_user.password,
"ssl": {
"client_key": sql_client_cert.private_key,
"client_certificate": sql_client_cert.cert,
"ca_certificate": sql_client_cert.server_ca_cert,
"type": "SERVER_CLIENT",
},
"cloud_sql_id": "my-database",
},
opts = pulumi.ResourceOptions(depends_on=[sqldb_user]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/databasemigrationservice"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/sql"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
postgresqldb, err := sql.NewDatabaseInstance(ctx, "postgresqldb", &sql.DatabaseInstanceArgs{
Name: pulumi.String("my-database"),
DatabaseVersion: pulumi.String("POSTGRES_12"),
Settings: &sql.DatabaseInstanceSettingsArgs{
Tier: pulumi.String("db-custom-2-13312"),
},
DeletionProtection: pulumi.Bool(false),
})
if err != nil {
return err
}
sqlClientCert, err := sql.NewSslCert(ctx, "sql_client_cert", &sql.SslCertArgs{
CommonName: pulumi.String("my-cert"),
Instance: postgresqldb.Name,
}, pulumi.DependsOn([]pulumi.Resource{
postgresqldb,
}))
if err != nil {
return err
}
sqldbUser, err := sql.NewUser(ctx, "sqldb_user", &sql.UserArgs{
Name: pulumi.String("my-username"),
Instance: postgresqldb.Name,
Password: pulumi.String("my-password"),
}, pulumi.DependsOn([]pulumi.Resource{
sqlClientCert,
}))
if err != nil {
return err
}
_, err = databasemigrationservice.NewConnectionProfile(ctx, "postgresprofile", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("my-profileid"),
DisplayName: pulumi.String("my-profileid_display"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Postgresql: &databasemigrationservice.ConnectionProfilePostgresqlArgs{
Host: postgresqldb.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {
return &ipAddresses[0].IpAddress, nil
}).(pulumi.StringPtrOutput),
Port: pulumi.Int(5432),
Username: sqldbUser.Name,
Password: sqldbUser.Password,
Ssl: &databasemigrationservice.ConnectionProfilePostgresqlSslArgs{
ClientKey: sqlClientCert.PrivateKey,
ClientCertificate: sqlClientCert.Cert,
CaCertificate: sqlClientCert.ServerCaCert,
Type: pulumi.String("SERVER_CLIENT"),
},
CloudSqlId: pulumi.String("my-database"),
},
}, pulumi.DependsOn([]pulumi.Resource{
sqldbUser,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var postgresqldb = new Gcp.Sql.DatabaseInstance("postgresqldb", new()
{
Name = "my-database",
DatabaseVersion = "POSTGRES_12",
Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
{
Tier = "db-custom-2-13312",
},
DeletionProtection = false,
});
var sqlClientCert = new Gcp.Sql.SslCert("sql_client_cert", new()
{
CommonName = "my-cert",
Instance = postgresqldb.Name,
}, new CustomResourceOptions
{
DependsOn =
{
postgresqldb,
},
});
var sqldbUser = new Gcp.Sql.User("sqldb_user", new()
{
Name = "my-username",
Instance = postgresqldb.Name,
Password = "my-password",
}, new CustomResourceOptions
{
DependsOn =
{
sqlClientCert,
},
});
var postgresprofile = new Gcp.DatabaseMigrationService.ConnectionProfile("postgresprofile", new()
{
Location = "us-central1",
ConnectionProfileId = "my-profileid",
DisplayName = "my-profileid_display",
Labels =
{
{ "foo", "bar" },
},
Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs
{
Host = postgresqldb.IpAddresses.Apply(ipAddresses => ipAddresses[0].IpAddress),
Port = 5432,
Username = sqldbUser.Name,
Password = sqldbUser.Password,
Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlSslArgs
{
ClientKey = sqlClientCert.PrivateKey,
ClientCertificate = sqlClientCert.Cert,
CaCertificate = sqlClientCert.ServerCaCert,
Type = "SERVER_CLIENT",
},
CloudSqlId = "my-database",
},
}, new CustomResourceOptions
{
DependsOn =
{
sqldbUser,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.sql.DatabaseInstance;
import com.pulumi.gcp.sql.DatabaseInstanceArgs;
import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
import com.pulumi.gcp.sql.SslCert;
import com.pulumi.gcp.sql.SslCertArgs;
import com.pulumi.gcp.sql.User;
import com.pulumi.gcp.sql.UserArgs;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfile;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlSslArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var postgresqldb = new DatabaseInstance("postgresqldb", DatabaseInstanceArgs.builder()
.name("my-database")
.databaseVersion("POSTGRES_12")
.settings(DatabaseInstanceSettingsArgs.builder()
.tier("db-custom-2-13312")
.build())
.deletionProtection(false)
.build());
var sqlClientCert = new SslCert("sqlClientCert", SslCertArgs.builder()
.commonName("my-cert")
.instance(postgresqldb.name())
.build(), CustomResourceOptions.builder()
.dependsOn(postgresqldb)
.build());
var sqldbUser = new User("sqldbUser", UserArgs.builder()
.name("my-username")
.instance(postgresqldb.name())
.password("my-password")
.build(), CustomResourceOptions.builder()
.dependsOn(sqlClientCert)
.build());
var postgresprofile = new ConnectionProfile("postgresprofile", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("my-profileid")
.displayName("my-profileid_display")
.labels(Map.of("foo", "bar"))
.postgresql(ConnectionProfilePostgresqlArgs.builder()
.host(postgresqldb.ipAddresses().applyValue(_ipAddresses -> _ipAddresses[0].ipAddress()))
.port(5432)
.username(sqldbUser.name())
.password(sqldbUser.password())
.ssl(ConnectionProfilePostgresqlSslArgs.builder()
.clientKey(sqlClientCert.privateKey())
.clientCertificate(sqlClientCert.cert())
.caCertificate(sqlClientCert.serverCaCert())
.type("SERVER_CLIENT")
.build())
.cloudSqlId("my-database")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(sqldbUser)
.build());
}
}
resources:
postgresqldb:
type: gcp:sql:DatabaseInstance
properties:
name: my-database
databaseVersion: POSTGRES_12
settings:
tier: db-custom-2-13312
deletionProtection: false
sqlClientCert:
type: gcp:sql:SslCert
name: sql_client_cert
properties:
commonName: my-cert
instance: ${postgresqldb.name}
options:
dependsOn:
- ${postgresqldb}
sqldbUser:
type: gcp:sql:User
name: sqldb_user
properties:
name: my-username
instance: ${postgresqldb.name}
password: my-password
options:
dependsOn:
- ${sqlClientCert}
postgresprofile:
type: gcp:databasemigrationservice:ConnectionProfile
properties:
location: us-central1
connectionProfileId: my-profileid
displayName: my-profileid_display
labels:
foo: bar
postgresql:
host: ${postgresqldb.ipAddresses[0].ipAddress}
port: 5432
username: ${sqldbUser.name}
password: ${sqldbUser.password}
ssl:
clientKey: ${sqlClientCert.privateKey}
clientCertificate: ${sqlClientCert.cert}
caCertificate: ${sqlClientCert.serverCaCert}
type: SERVER_CLIENT
cloudSqlId: my-database
options:
dependsOn:
- ${sqldbUser}
The postgresql block mirrors the MySQL structure but targets PostgreSQL instances. The ssl.type property set to “SERVER_CLIENT” enables mutual TLS authentication. The cloudSqlId property references the PostgreSQL instance name.
Connect to Oracle with static IP connectivity
Oracle database migrations specify the database service name and connectivity method for reaching on-premises or external Oracle instances.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const oracleprofile = new gcp.databasemigrationservice.ConnectionProfile("oracleprofile", {
location: "us-central1",
connectionProfileId: "my-profileid",
displayName: "my-profileid_display",
labels: {
foo: "bar",
},
oracle: {
host: "host",
port: 1521,
username: "username",
password: "password",
databaseService: "dbprovider",
staticServiceIpConnectivity: {},
},
});
import pulumi
import pulumi_gcp as gcp
oracleprofile = gcp.databasemigrationservice.ConnectionProfile("oracleprofile",
location="us-central1",
connection_profile_id="my-profileid",
display_name="my-profileid_display",
labels={
"foo": "bar",
},
oracle={
"host": "host",
"port": 1521,
"username": "username",
"password": "password",
"database_service": "dbprovider",
"static_service_ip_connectivity": {},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/databasemigrationservice"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := databasemigrationservice.NewConnectionProfile(ctx, "oracleprofile", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("my-profileid"),
DisplayName: pulumi.String("my-profileid_display"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Oracle: &databasemigrationservice.ConnectionProfileOracleArgs{
Host: pulumi.String("host"),
Port: pulumi.Int(1521),
Username: pulumi.String("username"),
Password: pulumi.String("password"),
DatabaseService: pulumi.String("dbprovider"),
StaticServiceIpConnectivity: &databasemigrationservice.ConnectionProfileOracleStaticServiceIpConnectivityArgs{},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var oracleprofile = new Gcp.DatabaseMigrationService.ConnectionProfile("oracleprofile", new()
{
Location = "us-central1",
ConnectionProfileId = "my-profileid",
DisplayName = "my-profileid_display",
Labels =
{
{ "foo", "bar" },
},
Oracle = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileOracleArgs
{
Host = "host",
Port = 1521,
Username = "username",
Password = "password",
DatabaseService = "dbprovider",
StaticServiceIpConnectivity = null,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfile;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileOracleArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileOracleStaticServiceIpConnectivityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var oracleprofile = new ConnectionProfile("oracleprofile", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("my-profileid")
.displayName("my-profileid_display")
.labels(Map.of("foo", "bar"))
.oracle(ConnectionProfileOracleArgs.builder()
.host("host")
.port(1521)
.username("username")
.password("password")
.databaseService("dbprovider")
.staticServiceIpConnectivity(ConnectionProfileOracleStaticServiceIpConnectivityArgs.builder()
.build())
.build())
.build());
}
}
resources:
oracleprofile:
type: gcp:databasemigrationservice:ConnectionProfile
properties:
location: us-central1
connectionProfileId: my-profileid
displayName: my-profileid_display
labels:
foo: bar
oracle:
host: host
port: 1521
username: username
password: password
databaseService: dbprovider
staticServiceIpConnectivity: {}
The oracle block requires host, port, username, password, and databaseService (the Oracle service name). The staticServiceIpConnectivity block enables direct IP connectivity without VPN or Interconnect. This configuration works for Oracle databases accessible over the internet or via private network routes.
Provision AlloyDB as a migration destination
When migrating to AlloyDB, the connection profile defines the destination cluster configuration, including VPC network, machine specs, and initial user credentials.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const _default = new gcp.compute.Network("default", {name: "vpc-network"});
const privateIpAlloc = new gcp.compute.GlobalAddress("private_ip_alloc", {
name: "private-ip-alloc",
addressType: "INTERNAL",
purpose: "VPC_PEERING",
prefixLength: 16,
network: _default.id,
});
const vpcConnection = new gcp.servicenetworking.Connection("vpc_connection", {
network: _default.id,
service: "servicenetworking.googleapis.com",
reservedPeeringRanges: [privateIpAlloc.name],
});
const alloydbprofile = new gcp.databasemigrationservice.ConnectionProfile("alloydbprofile", {
location: "us-central1",
connectionProfileId: "my-profileid",
displayName: "my-profileid_display",
labels: {
foo: "bar",
},
alloydb: {
clusterId: "tf-test-dbmsalloycluster_60302",
settings: {
initialUser: {
user: "alloyuser_22811",
password: "alloypass_91042",
},
vpcNetwork: _default.id,
labels: {
alloyfoo: "alloybar",
},
primaryInstanceSettings: {
id: "priminstid",
machineConfig: {
cpuCount: 2,
},
databaseFlags: {},
labels: {
alloysinstfoo: "allowinstbar",
},
},
},
},
}, {
dependsOn: [vpcConnection],
});
import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
default = gcp.compute.Network("default", name="vpc-network")
private_ip_alloc = gcp.compute.GlobalAddress("private_ip_alloc",
name="private-ip-alloc",
address_type="INTERNAL",
purpose="VPC_PEERING",
prefix_length=16,
network=default.id)
vpc_connection = gcp.servicenetworking.Connection("vpc_connection",
network=default.id,
service="servicenetworking.googleapis.com",
reserved_peering_ranges=[private_ip_alloc.name])
alloydbprofile = gcp.databasemigrationservice.ConnectionProfile("alloydbprofile",
location="us-central1",
connection_profile_id="my-profileid",
display_name="my-profileid_display",
labels={
"foo": "bar",
},
alloydb={
"cluster_id": "tf-test-dbmsalloycluster_60302",
"settings": {
"initial_user": {
"user": "alloyuser_22811",
"password": "alloypass_91042",
},
"vpc_network": default.id,
"labels": {
"alloyfoo": "alloybar",
},
"primary_instance_settings": {
"id": "priminstid",
"machine_config": {
"cpu_count": 2,
},
"database_flags": {},
"labels": {
"alloysinstfoo": "allowinstbar",
},
},
},
},
opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/databasemigrationservice"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/servicenetworking"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("vpc-network"),
})
if err != nil {
return err
}
privateIpAlloc, err := compute.NewGlobalAddress(ctx, "private_ip_alloc", &compute.GlobalAddressArgs{
Name: pulumi.String("private-ip-alloc"),
AddressType: pulumi.String("INTERNAL"),
Purpose: pulumi.String("VPC_PEERING"),
PrefixLength: pulumi.Int(16),
Network: _default.ID(),
})
if err != nil {
return err
}
vpcConnection, err := servicenetworking.NewConnection(ctx, "vpc_connection", &servicenetworking.ConnectionArgs{
Network: _default.ID(),
Service: pulumi.String("servicenetworking.googleapis.com"),
ReservedPeeringRanges: pulumi.StringArray{
privateIpAlloc.Name,
},
})
if err != nil {
return err
}
_, err = databasemigrationservice.NewConnectionProfile(ctx, "alloydbprofile", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("my-profileid"),
DisplayName: pulumi.String("my-profileid_display"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Alloydb: &databasemigrationservice.ConnectionProfileAlloydbArgs{
ClusterId: pulumi.String("tf-test-dbmsalloycluster_60302"),
Settings: &databasemigrationservice.ConnectionProfileAlloydbSettingsArgs{
InitialUser: &databasemigrationservice.ConnectionProfileAlloydbSettingsInitialUserArgs{
User: pulumi.String("alloyuser_22811"),
Password: pulumi.String("alloypass_91042"),
},
VpcNetwork: _default.ID(),
Labels: pulumi.StringMap{
"alloyfoo": pulumi.String("alloybar"),
},
PrimaryInstanceSettings: &databasemigrationservice.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs{
Id: pulumi.String("priminstid"),
MachineConfig: &databasemigrationservice.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs{
CpuCount: pulumi.Int(2),
},
DatabaseFlags: pulumi.StringMap{},
Labels: pulumi.StringMap{
"alloysinstfoo": pulumi.String("allowinstbar"),
},
},
},
},
}, pulumi.DependsOn([]pulumi.Resource{
vpcConnection,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var @default = new Gcp.Compute.Network("default", new()
{
Name = "vpc-network",
});
var privateIpAlloc = new Gcp.Compute.GlobalAddress("private_ip_alloc", new()
{
Name = "private-ip-alloc",
AddressType = "INTERNAL",
Purpose = "VPC_PEERING",
PrefixLength = 16,
Network = @default.Id,
});
var vpcConnection = new Gcp.ServiceNetworking.Connection("vpc_connection", new()
{
Network = @default.Id,
Service = "servicenetworking.googleapis.com",
ReservedPeeringRanges = new[]
{
privateIpAlloc.Name,
},
});
var alloydbprofile = new Gcp.DatabaseMigrationService.ConnectionProfile("alloydbprofile", new()
{
Location = "us-central1",
ConnectionProfileId = "my-profileid",
DisplayName = "my-profileid_display",
Labels =
{
{ "foo", "bar" },
},
Alloydb = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbArgs
{
ClusterId = "tf-test-dbmsalloycluster_60302",
Settings = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsArgs
{
InitialUser = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsInitialUserArgs
{
User = "alloyuser_22811",
Password = "alloypass_91042",
},
VpcNetwork = @default.Id,
Labels =
{
{ "alloyfoo", "alloybar" },
},
PrimaryInstanceSettings = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs
{
Id = "priminstid",
MachineConfig = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs
{
CpuCount = 2,
},
DatabaseFlags = null,
Labels =
{
{ "alloysinstfoo", "allowinstbar" },
},
},
},
},
}, new CustomResourceOptions
{
DependsOn =
{
vpcConnection,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.servicenetworking.Connection;
import com.pulumi.gcp.servicenetworking.ConnectionArgs;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfile;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsInitialUserArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
var default_ = new Network("default", NetworkArgs.builder()
.name("vpc-network")
.build());
var privateIpAlloc = new GlobalAddress("privateIpAlloc", GlobalAddressArgs.builder()
.name("private-ip-alloc")
.addressType("INTERNAL")
.purpose("VPC_PEERING")
.prefixLength(16)
.network(default_.id())
.build());
var vpcConnection = new Connection("vpcConnection", ConnectionArgs.builder()
.network(default_.id())
.service("servicenetworking.googleapis.com")
.reservedPeeringRanges(privateIpAlloc.name())
.build());
var alloydbprofile = new ConnectionProfile("alloydbprofile", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("my-profileid")
.displayName("my-profileid_display")
.labels(Map.of("foo", "bar"))
.alloydb(ConnectionProfileAlloydbArgs.builder()
.clusterId("tf-test-dbmsalloycluster_60302")
.settings(ConnectionProfileAlloydbSettingsArgs.builder()
.initialUser(ConnectionProfileAlloydbSettingsInitialUserArgs.builder()
.user("alloyuser_22811")
.password("alloypass_91042")
.build())
.vpcNetwork(default_.id())
.labels(Map.of("alloyfoo", "alloybar"))
.primaryInstanceSettings(ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs.builder()
.id("priminstid")
.machineConfig(ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs.builder()
.cpuCount(2)
.build())
.databaseFlags(Map.ofEntries(
))
.labels(Map.of("alloysinstfoo", "allowinstbar"))
.build())
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(vpcConnection)
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: vpc-network
privateIpAlloc:
type: gcp:compute:GlobalAddress
name: private_ip_alloc
properties:
name: private-ip-alloc
addressType: INTERNAL
purpose: VPC_PEERING
prefixLength: 16
network: ${default.id}
vpcConnection:
type: gcp:servicenetworking:Connection
name: vpc_connection
properties:
network: ${default.id}
service: servicenetworking.googleapis.com
reservedPeeringRanges:
- ${privateIpAlloc.name}
alloydbprofile:
type: gcp:databasemigrationservice:ConnectionProfile
properties:
location: us-central1
connectionProfileId: my-profileid
displayName: my-profileid_display
labels:
foo: bar
alloydb:
clusterId: tf-test-dbmsalloycluster_60302
settings:
initialUser:
user: alloyuser_22811
password: alloypass_91042
vpcNetwork: ${default.id}
labels:
alloyfoo: alloybar
primaryInstanceSettings:
id: priminstid
machineConfig:
cpuCount: 2
databaseFlags: {}
labels:
alloysinstfoo: allowinstbar
options:
dependsOn:
- ${vpcConnection}
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
The alloydb block provisions a new cluster. The settings.initialUser block creates the first database user. The settings.vpcNetwork property places the cluster in your VPC. The settings.primaryInstanceSettings block configures the primary instance with machineConfig.cpuCount specifying CPU cores. This profile creates infrastructure rather than referencing existing resources.
Reference an existing Cloud SQL MySQL instance
For migrations between Cloud SQL instances, you can create lightweight connection profiles that reference existing databases by ID.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const destinationCsql = new gcp.sql.DatabaseInstance("destination_csql", {
name: "destination-csql",
databaseVersion: "MYSQL_5_7",
settings: {
tier: "db-n1-standard-1",
deletionProtectionEnabled: false,
},
deletionProtection: false,
});
const existing_mysql = new gcp.databasemigrationservice.ConnectionProfile("existing-mysql", {
location: "us-central1",
connectionProfileId: "destination-cp",
displayName: "destination-cp_display",
labels: {
foo: "bar",
},
mysql: {
cloudSqlId: "destination-csql",
},
}, {
dependsOn: [destinationCsql],
});
import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
destination_csql = gcp.sql.DatabaseInstance("destination_csql",
name="destination-csql",
database_version="MYSQL_5_7",
settings={
"tier": "db-n1-standard-1",
"deletion_protection_enabled": False,
},
deletion_protection=False)
existing_mysql = gcp.databasemigrationservice.ConnectionProfile("existing-mysql",
location="us-central1",
connection_profile_id="destination-cp",
display_name="destination-cp_display",
labels={
"foo": "bar",
},
mysql={
"cloud_sql_id": "destination-csql",
},
opts = pulumi.ResourceOptions(depends_on=[destination_csql]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/databasemigrationservice"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/sql"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
destinationCsql, err := sql.NewDatabaseInstance(ctx, "destination_csql", &sql.DatabaseInstanceArgs{
Name: pulumi.String("destination-csql"),
DatabaseVersion: pulumi.String("MYSQL_5_7"),
Settings: &sql.DatabaseInstanceSettingsArgs{
Tier: pulumi.String("db-n1-standard-1"),
DeletionProtectionEnabled: pulumi.Bool(false),
},
DeletionProtection: pulumi.Bool(false),
})
if err != nil {
return err
}
_, err = databasemigrationservice.NewConnectionProfile(ctx, "existing-mysql", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("destination-cp"),
DisplayName: pulumi.String("destination-cp_display"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Mysql: &databasemigrationservice.ConnectionProfileMysqlArgs{
CloudSqlId: pulumi.String("destination-csql"),
},
}, pulumi.DependsOn([]pulumi.Resource{
destinationCsql,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var destinationCsql = new Gcp.Sql.DatabaseInstance("destination_csql", new()
{
Name = "destination-csql",
DatabaseVersion = "MYSQL_5_7",
Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
{
Tier = "db-n1-standard-1",
DeletionProtectionEnabled = false,
},
DeletionProtection = false,
});
var existing_mysql = new Gcp.DatabaseMigrationService.ConnectionProfile("existing-mysql", new()
{
Location = "us-central1",
ConnectionProfileId = "destination-cp",
DisplayName = "destination-cp_display",
Labels =
{
{ "foo", "bar" },
},
Mysql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlArgs
{
CloudSqlId = "destination-csql",
},
}, new CustomResourceOptions
{
DependsOn =
{
destinationCsql,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.sql.DatabaseInstance;
import com.pulumi.gcp.sql.DatabaseInstanceArgs;
import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfile;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
var destinationCsql = new DatabaseInstance("destinationCsql", DatabaseInstanceArgs.builder()
.name("destination-csql")
.databaseVersion("MYSQL_5_7")
.settings(DatabaseInstanceSettingsArgs.builder()
.tier("db-n1-standard-1")
.deletionProtectionEnabled(false)
.build())
.deletionProtection(false)
.build());
var existing_mysql = new ConnectionProfile("existing-mysql", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("destination-cp")
.displayName("destination-cp_display")
.labels(Map.of("foo", "bar"))
.mysql(ConnectionProfileMysqlArgs.builder()
.cloudSqlId("destination-csql")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(destinationCsql)
.build());
}
}
resources:
destinationCsql:
type: gcp:sql:DatabaseInstance
name: destination_csql
properties:
name: destination-csql
databaseVersion: MYSQL_5_7
settings:
tier: db-n1-standard-1
deletionProtectionEnabled: false
deletionProtection: false
existing-mysql:
type: gcp:databasemigrationservice:ConnectionProfile
properties:
location: us-central1
connectionProfileId: destination-cp
displayName: destination-cp_display
labels:
foo: bar
mysql:
cloudSqlId: destination-csql
options:
dependsOn:
- ${destinationCsql}
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
The mysql.cloudSqlId property references an existing Cloud SQL instance by name. This profile omits host, port, username, password, and SSL configuration because the Database Migration Service retrieves connection details from the existing instance. Use this pattern for Cloud SQL to Cloud SQL migrations.
Reference an existing AlloyDB cluster
When migrating to an existing AlloyDB cluster, the connection profile references the cluster by ID without provisioning new infrastructure.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const _default = new gcp.compute.Network("default", {name: "destination-alloydb"});
const destinationAlloydb = new gcp.alloydb.Cluster("destination_alloydb", {
clusterId: "destination-alloydb",
location: "us-central1",
networkConfig: {
network: _default.id,
},
databaseVersion: "POSTGRES_15",
initialUser: {
user: "destination-alloydb",
password: "destination-alloydb",
},
deletionProtection: false,
});
const privateIpAlloc = new gcp.compute.GlobalAddress("private_ip_alloc", {
name: "destination-alloydb",
addressType: "INTERNAL",
purpose: "VPC_PEERING",
prefixLength: 16,
network: _default.id,
});
const vpcConnection = new gcp.servicenetworking.Connection("vpc_connection", {
network: _default.id,
service: "servicenetworking.googleapis.com",
reservedPeeringRanges: [privateIpAlloc.name],
});
const destinationAlloydbPrimary = new gcp.alloydb.Instance("destination_alloydb_primary", {
cluster: destinationAlloydb.name,
instanceId: "destination-alloydb-primary",
instanceType: "PRIMARY",
}, {
dependsOn: [vpcConnection],
});
const existing_alloydb = new gcp.databasemigrationservice.ConnectionProfile("existing-alloydb", {
location: "us-central1",
connectionProfileId: "destination-cp",
displayName: "destination-cp_display",
labels: {
foo: "bar",
},
postgresql: {
alloydbClusterId: "destination-alloydb",
},
}, {
dependsOn: [
destinationAlloydb,
destinationAlloydbPrimary,
],
});
import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
default = gcp.compute.Network("default", name="destination-alloydb")
destination_alloydb = gcp.alloydb.Cluster("destination_alloydb",
cluster_id="destination-alloydb",
location="us-central1",
network_config={
"network": default.id,
},
database_version="POSTGRES_15",
initial_user={
"user": "destination-alloydb",
"password": "destination-alloydb",
},
deletion_protection=False)
private_ip_alloc = gcp.compute.GlobalAddress("private_ip_alloc",
name="destination-alloydb",
address_type="INTERNAL",
purpose="VPC_PEERING",
prefix_length=16,
network=default.id)
vpc_connection = gcp.servicenetworking.Connection("vpc_connection",
network=default.id,
service="servicenetworking.googleapis.com",
reserved_peering_ranges=[private_ip_alloc.name])
destination_alloydb_primary = gcp.alloydb.Instance("destination_alloydb_primary",
cluster=destination_alloydb.name,
instance_id="destination-alloydb-primary",
instance_type="PRIMARY",
opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))
existing_alloydb = gcp.databasemigrationservice.ConnectionProfile("existing-alloydb",
location="us-central1",
connection_profile_id="destination-cp",
display_name="destination-cp_display",
labels={
"foo": "bar",
},
postgresql={
"alloydb_cluster_id": "destination-alloydb",
},
opts = pulumi.ResourceOptions(depends_on=[
destination_alloydb,
destination_alloydb_primary,
]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/alloydb"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/databasemigrationservice"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/servicenetworking"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("destination-alloydb"),
})
if err != nil {
return err
}
destinationAlloydb, err := alloydb.NewCluster(ctx, "destination_alloydb", &alloydb.ClusterArgs{
ClusterId: pulumi.String("destination-alloydb"),
Location: pulumi.String("us-central1"),
NetworkConfig: &alloydb.ClusterNetworkConfigArgs{
Network: _default.ID(),
},
DatabaseVersion: pulumi.String("POSTGRES_15"),
InitialUser: &alloydb.ClusterInitialUserArgs{
User: pulumi.String("destination-alloydb"),
Password: pulumi.String("destination-alloydb"),
},
DeletionProtection: pulumi.Bool(false),
})
if err != nil {
return err
}
privateIpAlloc, err := compute.NewGlobalAddress(ctx, "private_ip_alloc", &compute.GlobalAddressArgs{
Name: pulumi.String("destination-alloydb"),
AddressType: pulumi.String("INTERNAL"),
Purpose: pulumi.String("VPC_PEERING"),
PrefixLength: pulumi.Int(16),
Network: _default.ID(),
})
if err != nil {
return err
}
vpcConnection, err := servicenetworking.NewConnection(ctx, "vpc_connection", &servicenetworking.ConnectionArgs{
Network: _default.ID(),
Service: pulumi.String("servicenetworking.googleapis.com"),
ReservedPeeringRanges: pulumi.StringArray{
privateIpAlloc.Name,
},
})
if err != nil {
return err
}
destinationAlloydbPrimary, err := alloydb.NewInstance(ctx, "destination_alloydb_primary", &alloydb.InstanceArgs{
Cluster: destinationAlloydb.Name,
InstanceId: pulumi.String("destination-alloydb-primary"),
InstanceType: pulumi.String("PRIMARY"),
}, pulumi.DependsOn([]pulumi.Resource{
vpcConnection,
}))
if err != nil {
return err
}
_, err = databasemigrationservice.NewConnectionProfile(ctx, "existing-alloydb", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("destination-cp"),
DisplayName: pulumi.String("destination-cp_display"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Postgresql: &databasemigrationservice.ConnectionProfilePostgresqlArgs{
AlloydbClusterId: pulumi.String("destination-alloydb"),
},
}, pulumi.DependsOn([]pulumi.Resource{
destinationAlloydb,
destinationAlloydbPrimary,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var @default = new Gcp.Compute.Network("default", new()
{
Name = "destination-alloydb",
});
var destinationAlloydb = new Gcp.Alloydb.Cluster("destination_alloydb", new()
{
ClusterId = "destination-alloydb",
Location = "us-central1",
NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs
{
Network = @default.Id,
},
DatabaseVersion = "POSTGRES_15",
InitialUser = new Gcp.Alloydb.Inputs.ClusterInitialUserArgs
{
User = "destination-alloydb",
Password = "destination-alloydb",
},
DeletionProtection = false,
});
var privateIpAlloc = new Gcp.Compute.GlobalAddress("private_ip_alloc", new()
{
Name = "destination-alloydb",
AddressType = "INTERNAL",
Purpose = "VPC_PEERING",
PrefixLength = 16,
Network = @default.Id,
});
var vpcConnection = new Gcp.ServiceNetworking.Connection("vpc_connection", new()
{
Network = @default.Id,
Service = "servicenetworking.googleapis.com",
ReservedPeeringRanges = new[]
{
privateIpAlloc.Name,
},
});
var destinationAlloydbPrimary = new Gcp.Alloydb.Instance("destination_alloydb_primary", new()
{
Cluster = destinationAlloydb.Name,
InstanceId = "destination-alloydb-primary",
InstanceType = "PRIMARY",
}, new CustomResourceOptions
{
DependsOn =
{
vpcConnection,
},
});
var existing_alloydb = new Gcp.DatabaseMigrationService.ConnectionProfile("existing-alloydb", new()
{
Location = "us-central1",
ConnectionProfileId = "destination-cp",
DisplayName = "destination-cp_display",
Labels =
{
{ "foo", "bar" },
},
Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs
{
AlloydbClusterId = "destination-alloydb",
},
}, new CustomResourceOptions
{
DependsOn =
{
destinationAlloydb,
destinationAlloydbPrimary,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.alloydb.Cluster;
import com.pulumi.gcp.alloydb.ClusterArgs;
import com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;
import com.pulumi.gcp.alloydb.inputs.ClusterInitialUserArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.servicenetworking.Connection;
import com.pulumi.gcp.servicenetworking.ConnectionArgs;
import com.pulumi.gcp.alloydb.Instance;
import com.pulumi.gcp.alloydb.InstanceArgs;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfile;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
var default_ = new Network("default", NetworkArgs.builder()
.name("destination-alloydb")
.build());
var destinationAlloydb = new Cluster("destinationAlloydb", ClusterArgs.builder()
.clusterId("destination-alloydb")
.location("us-central1")
.networkConfig(ClusterNetworkConfigArgs.builder()
.network(default_.id())
.build())
.databaseVersion("POSTGRES_15")
.initialUser(ClusterInitialUserArgs.builder()
.user("destination-alloydb")
.password("destination-alloydb")
.build())
.deletionProtection(false)
.build());
var privateIpAlloc = new GlobalAddress("privateIpAlloc", GlobalAddressArgs.builder()
.name("destination-alloydb")
.addressType("INTERNAL")
.purpose("VPC_PEERING")
.prefixLength(16)
.network(default_.id())
.build());
var vpcConnection = new Connection("vpcConnection", ConnectionArgs.builder()
.network(default_.id())
.service("servicenetworking.googleapis.com")
.reservedPeeringRanges(privateIpAlloc.name())
.build());
var destinationAlloydbPrimary = new Instance("destinationAlloydbPrimary", InstanceArgs.builder()
.cluster(destinationAlloydb.name())
.instanceId("destination-alloydb-primary")
.instanceType("PRIMARY")
.build(), CustomResourceOptions.builder()
.dependsOn(vpcConnection)
.build());
var existing_alloydb = new ConnectionProfile("existing-alloydb", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("destination-cp")
.displayName("destination-cp_display")
.labels(Map.of("foo", "bar"))
.postgresql(ConnectionProfilePostgresqlArgs.builder()
.alloydbClusterId("destination-alloydb")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
destinationAlloydb,
destinationAlloydbPrimary)
.build());
}
}
resources:
destinationAlloydb:
type: gcp:alloydb:Cluster
name: destination_alloydb
properties:
clusterId: destination-alloydb
location: us-central1
networkConfig:
network: ${default.id}
databaseVersion: POSTGRES_15
initialUser:
user: destination-alloydb
password: destination-alloydb
deletionProtection: false
destinationAlloydbPrimary:
type: gcp:alloydb:Instance
name: destination_alloydb_primary
properties:
cluster: ${destinationAlloydb.name}
instanceId: destination-alloydb-primary
instanceType: PRIMARY
options:
dependsOn:
- ${vpcConnection}
privateIpAlloc:
type: gcp:compute:GlobalAddress
name: private_ip_alloc
properties:
name: destination-alloydb
addressType: INTERNAL
purpose: VPC_PEERING
prefixLength: 16
network: ${default.id}
vpcConnection:
type: gcp:servicenetworking:Connection
name: vpc_connection
properties:
network: ${default.id}
service: servicenetworking.googleapis.com
reservedPeeringRanges:
- ${privateIpAlloc.name}
default:
type: gcp:compute:Network
properties:
name: destination-alloydb
existing-alloydb:
type: gcp:databasemigrationservice:ConnectionProfile
properties:
location: us-central1
connectionProfileId: destination-cp
displayName: destination-cp_display
labels:
foo: bar
postgresql:
alloydbClusterId: destination-alloydb
options:
dependsOn:
- ${destinationAlloydb}
- ${destinationAlloydbPrimary}
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
The postgresql.alloydbClusterId property references an existing AlloyDB cluster by name. This profile omits the alloydb.settings block because the cluster already exists. The Database Migration Service retrieves connection details from the existing cluster and primary instance.
Beyond these examples
These snippets focus on specific connection profile features: source and destination connection profiles, SSL certificate configuration, and AlloyDB cluster provisioning. They’re intentionally minimal rather than full migration workflows.
The examples may reference pre-existing infrastructure such as Cloud SQL instances, VPC networks and service networking connections, and SSL certificates and database users. They focus on configuring the connection profile rather than provisioning everything around it.
To keep things focused, common connection profile patterns are omitted, including:
- Connection profile updates and lifecycle management
- Private connectivity options (VPN, Interconnect)
- SSL type variations (NONE, REQUIRED vs SERVER_CLIENT)
- Oracle forward SSH tunnel connectivity
These omissions are intentional: the goal is to illustrate how each connection profile feature is wired, not provide drop-in migration modules. See the ConnectionProfile resource reference for all available configuration options.
Let's configure GCP Database Migration Service Connection Profiles
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Configuration & Immutability
What properties can't I change after creating a connection profile?
The
connectionProfileId, project, and location properties are immutable and cannot be changed after creation.What's the difference between labels and effectiveLabels?
The
labels field only manages labels in your configuration. Use effectiveLabels to see all labels on the resource, including those set by GCP services or other clients.Database Connections
Which database types can I use for connection profiles?
You can create connection profiles for MySQL, PostgreSQL, Oracle, AlloyDB, and Cloud SQL databases. Each database type has its own configuration block (
mysql, postgresql, oracle, alloydb, cloudsql).What SSL options are available for PostgreSQL and MySQL connections?
Three SSL types are supported:
- SERVER_CLIENT - Requires client certificates (
clientKey,clientCertificate,caCertificate) - REQUIRED - SSL required without client certificates
- NONE - No SSL encryption
How do I reference an existing Cloud SQL instance instead of providing connection details?
Specify only
cloudSqlId in the mysql or postgresql block without host, port, username, or password. This references an existing Cloud SQL instance rather than creating a new connection.How do I reference an existing AlloyDB cluster?
Use
alloydbClusterId in the postgresql block without other connection details like host or port.What's required for AlloyDB connection profiles?
AlloyDB profiles require VPC network configuration. The example shows a VPC peering connection must be established before creating the connection profile, using
dependsOn to ensure proper ordering.