The gcp:databasemigrationservice/connectionProfile:ConnectionProfile resource, part of the Pulumi GCP provider, defines connection profiles that store database credentials, SSL configuration, and connectivity settings for Database Migration Service jobs. This guide focuses on three capabilities: MySQL and PostgreSQL connections with SSL variants, Oracle static IP connectivity, and AlloyDB cluster provisioning and references.
Connection profiles reference existing Cloud SQL instances, AlloyDB clusters, VPC networks, and SSL certificates. The examples are intentionally small. Combine them with your own database infrastructure and migration jobs.
Connect to MySQL with SSL certificates
Migration workflows often begin by establishing a secure connection to a source MySQL database, storing credentials and SSL configuration for repeated use across migration jobs.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const cloudsqldb = new gcp.sql.DatabaseInstance("cloudsqldb", {
name: "my-database",
databaseVersion: "MYSQL_5_7",
settings: {
tier: "db-n1-standard-1",
deletionProtectionEnabled: false,
},
deletionProtection: false,
});
const sqlClientCert = new gcp.sql.SslCert("sql_client_cert", {
commonName: "my-cert",
instance: cloudsqldb.name,
}, {
dependsOn: [cloudsqldb],
});
const sqldbUser = new gcp.sql.User("sqldb_user", {
name: "my-username",
instance: cloudsqldb.name,
password: "my-password",
}, {
dependsOn: [sqlClientCert],
});
const cloudsqlprofile = new gcp.databasemigrationservice.ConnectionProfile("cloudsqlprofile", {
location: "us-central1",
connectionProfileId: "my-fromprofileid",
displayName: "my-fromprofileid_display",
labels: {
foo: "bar",
},
mysql: {
host: cloudsqldb.ipAddresses.apply(ipAddresses => ipAddresses[0].ipAddress),
port: 3306,
username: sqldbUser.name,
password: sqldbUser.password,
ssl: {
clientKey: sqlClientCert.privateKey,
clientCertificate: sqlClientCert.cert,
caCertificate: sqlClientCert.serverCaCert,
type: "SERVER_CLIENT",
},
cloudSqlId: "my-database",
},
}, {
dependsOn: [sqldbUser],
});
const cloudsqlprofileDestination = new gcp.databasemigrationservice.ConnectionProfile("cloudsqlprofile_destination", {
location: "us-central1",
connectionProfileId: "my-toprofileid",
displayName: "my-toprofileid_displayname",
labels: {
foo: "bar",
},
cloudsql: {
settings: {
databaseVersion: "MYSQL_5_7",
userLabels: {
cloudfoo: "cloudbar",
},
tier: "db-n1-standard-1",
edition: "ENTERPRISE",
storageAutoResizeLimit: "0",
activationPolicy: "ALWAYS",
ipConfig: {
enableIpv4: true,
requireSsl: true,
},
autoStorageIncrease: true,
dataDiskType: "PD_HDD",
dataDiskSizeGb: "11",
zone: "us-central1-b",
sourceId: project.then(project => `projects/${project.projectId}/locations/us-central1/connectionProfiles/my-fromprofileid`),
rootPassword: "testpasscloudsql",
},
},
}, {
dependsOn: [cloudsqlprofile],
});
import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
cloudsqldb = gcp.sql.DatabaseInstance("cloudsqldb",
name="my-database",
database_version="MYSQL_5_7",
settings={
"tier": "db-n1-standard-1",
"deletion_protection_enabled": False,
},
deletion_protection=False)
sql_client_cert = gcp.sql.SslCert("sql_client_cert",
common_name="my-cert",
instance=cloudsqldb.name,
opts = pulumi.ResourceOptions(depends_on=[cloudsqldb]))
sqldb_user = gcp.sql.User("sqldb_user",
name="my-username",
instance=cloudsqldb.name,
password="my-password",
opts = pulumi.ResourceOptions(depends_on=[sql_client_cert]))
cloudsqlprofile = gcp.databasemigrationservice.ConnectionProfile("cloudsqlprofile",
location="us-central1",
connection_profile_id="my-fromprofileid",
display_name="my-fromprofileid_display",
labels={
"foo": "bar",
},
mysql={
"host": cloudsqldb.ip_addresses[0].ip_address,
"port": 3306,
"username": sqldb_user.name,
"password": sqldb_user.password,
"ssl": {
"client_key": sql_client_cert.private_key,
"client_certificate": sql_client_cert.cert,
"ca_certificate": sql_client_cert.server_ca_cert,
"type": "SERVER_CLIENT",
},
"cloud_sql_id": "my-database",
},
opts = pulumi.ResourceOptions(depends_on=[sqldb_user]))
cloudsqlprofile_destination = gcp.databasemigrationservice.ConnectionProfile("cloudsqlprofile_destination",
location="us-central1",
connection_profile_id="my-toprofileid",
display_name="my-toprofileid_displayname",
labels={
"foo": "bar",
},
cloudsql={
"settings": {
"database_version": "MYSQL_5_7",
"user_labels": {
"cloudfoo": "cloudbar",
},
"tier": "db-n1-standard-1",
"edition": "ENTERPRISE",
"storage_auto_resize_limit": "0",
"activation_policy": "ALWAYS",
"ip_config": {
"enable_ipv4": True,
"require_ssl": True,
},
"auto_storage_increase": True,
"data_disk_type": "PD_HDD",
"data_disk_size_gb": "11",
"zone": "us-central1-b",
"source_id": f"projects/{project.project_id}/locations/us-central1/connectionProfiles/my-fromprofileid",
"root_password": "testpasscloudsql",
},
},
opts = pulumi.ResourceOptions(depends_on=[cloudsqlprofile]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/databasemigrationservice"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/sql"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
cloudsqldb, err := sql.NewDatabaseInstance(ctx, "cloudsqldb", &sql.DatabaseInstanceArgs{
Name: pulumi.String("my-database"),
DatabaseVersion: pulumi.String("MYSQL_5_7"),
Settings: &sql.DatabaseInstanceSettingsArgs{
Tier: pulumi.String("db-n1-standard-1"),
DeletionProtectionEnabled: pulumi.Bool(false),
},
DeletionProtection: pulumi.Bool(false),
})
if err != nil {
return err
}
sqlClientCert, err := sql.NewSslCert(ctx, "sql_client_cert", &sql.SslCertArgs{
CommonName: pulumi.String("my-cert"),
Instance: cloudsqldb.Name,
}, pulumi.DependsOn([]pulumi.Resource{
cloudsqldb,
}))
if err != nil {
return err
}
sqldbUser, err := sql.NewUser(ctx, "sqldb_user", &sql.UserArgs{
Name: pulumi.String("my-username"),
Instance: cloudsqldb.Name,
Password: pulumi.String("my-password"),
}, pulumi.DependsOn([]pulumi.Resource{
sqlClientCert,
}))
if err != nil {
return err
}
cloudsqlprofile, err := databasemigrationservice.NewConnectionProfile(ctx, "cloudsqlprofile", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("my-fromprofileid"),
DisplayName: pulumi.String("my-fromprofileid_display"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Mysql: &databasemigrationservice.ConnectionProfileMysqlArgs{
Host: cloudsqldb.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {
return &ipAddresses[0].IpAddress, nil
}).(pulumi.StringPtrOutput),
Port: pulumi.Int(3306),
Username: sqldbUser.Name,
Password: sqldbUser.Password,
Ssl: &databasemigrationservice.ConnectionProfileMysqlSslArgs{
ClientKey: sqlClientCert.PrivateKey,
ClientCertificate: sqlClientCert.Cert,
CaCertificate: sqlClientCert.ServerCaCert,
Type: pulumi.String("SERVER_CLIENT"),
},
CloudSqlId: pulumi.String("my-database"),
},
}, pulumi.DependsOn([]pulumi.Resource{
sqldbUser,
}))
if err != nil {
return err
}
_, err = databasemigrationservice.NewConnectionProfile(ctx, "cloudsqlprofile_destination", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("my-toprofileid"),
DisplayName: pulumi.String("my-toprofileid_displayname"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Cloudsql: &databasemigrationservice.ConnectionProfileCloudsqlArgs{
Settings: &databasemigrationservice.ConnectionProfileCloudsqlSettingsArgs{
DatabaseVersion: pulumi.String("MYSQL_5_7"),
UserLabels: pulumi.StringMap{
"cloudfoo": pulumi.String("cloudbar"),
},
Tier: pulumi.String("db-n1-standard-1"),
Edition: pulumi.String("ENTERPRISE"),
StorageAutoResizeLimit: pulumi.String("0"),
ActivationPolicy: pulumi.String("ALWAYS"),
IpConfig: &databasemigrationservice.ConnectionProfileCloudsqlSettingsIpConfigArgs{
EnableIpv4: pulumi.Bool(true),
RequireSsl: pulumi.Bool(true),
},
AutoStorageIncrease: pulumi.Bool(true),
DataDiskType: pulumi.String("PD_HDD"),
DataDiskSizeGb: pulumi.String("11"),
Zone: pulumi.String("us-central1-b"),
SourceId: pulumi.Sprintf("projects/%v/locations/us-central1/connectionProfiles/my-fromprofileid", project.ProjectId),
RootPassword: pulumi.String("testpasscloudsql"),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
cloudsqlprofile,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var cloudsqldb = new Gcp.Sql.DatabaseInstance("cloudsqldb", new()
{
Name = "my-database",
DatabaseVersion = "MYSQL_5_7",
Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
{
Tier = "db-n1-standard-1",
DeletionProtectionEnabled = false,
},
DeletionProtection = false,
});
var sqlClientCert = new Gcp.Sql.SslCert("sql_client_cert", new()
{
CommonName = "my-cert",
Instance = cloudsqldb.Name,
}, new CustomResourceOptions
{
DependsOn =
{
cloudsqldb,
},
});
var sqldbUser = new Gcp.Sql.User("sqldb_user", new()
{
Name = "my-username",
Instance = cloudsqldb.Name,
Password = "my-password",
}, new CustomResourceOptions
{
DependsOn =
{
sqlClientCert,
},
});
var cloudsqlprofile = new Gcp.DatabaseMigrationService.ConnectionProfile("cloudsqlprofile", new()
{
Location = "us-central1",
ConnectionProfileId = "my-fromprofileid",
DisplayName = "my-fromprofileid_display",
Labels =
{
{ "foo", "bar" },
},
Mysql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlArgs
{
Host = cloudsqldb.IpAddresses.Apply(ipAddresses => ipAddresses[0].IpAddress),
Port = 3306,
Username = sqldbUser.Name,
Password = sqldbUser.Password,
Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlSslArgs
{
ClientKey = sqlClientCert.PrivateKey,
ClientCertificate = sqlClientCert.Cert,
CaCertificate = sqlClientCert.ServerCaCert,
Type = "SERVER_CLIENT",
},
CloudSqlId = "my-database",
},
}, new CustomResourceOptions
{
DependsOn =
{
sqldbUser,
},
});
var cloudsqlprofileDestination = new Gcp.DatabaseMigrationService.ConnectionProfile("cloudsqlprofile_destination", new()
{
Location = "us-central1",
ConnectionProfileId = "my-toprofileid",
DisplayName = "my-toprofileid_displayname",
Labels =
{
{ "foo", "bar" },
},
Cloudsql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileCloudsqlArgs
{
Settings = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileCloudsqlSettingsArgs
{
DatabaseVersion = "MYSQL_5_7",
UserLabels =
{
{ "cloudfoo", "cloudbar" },
},
Tier = "db-n1-standard-1",
Edition = "ENTERPRISE",
StorageAutoResizeLimit = "0",
ActivationPolicy = "ALWAYS",
IpConfig = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileCloudsqlSettingsIpConfigArgs
{
EnableIpv4 = true,
RequireSsl = true,
},
AutoStorageIncrease = true,
DataDiskType = "PD_HDD",
DataDiskSizeGb = "11",
Zone = "us-central1-b",
SourceId = $"projects/{project.Apply(getProjectResult => getProjectResult.ProjectId)}/locations/us-central1/connectionProfiles/my-fromprofileid",
RootPassword = "testpasscloudsql",
},
},
}, new CustomResourceOptions
{
DependsOn =
{
cloudsqlprofile,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.sql.DatabaseInstance;
import com.pulumi.gcp.sql.DatabaseInstanceArgs;
import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
import com.pulumi.gcp.sql.SslCert;
import com.pulumi.gcp.sql.SslCertArgs;
import com.pulumi.gcp.sql.User;
import com.pulumi.gcp.sql.UserArgs;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfile;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlSslArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileCloudsqlArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileCloudsqlSettingsArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileCloudsqlSettingsIpConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
var cloudsqldb = new DatabaseInstance("cloudsqldb", DatabaseInstanceArgs.builder()
.name("my-database")
.databaseVersion("MYSQL_5_7")
.settings(DatabaseInstanceSettingsArgs.builder()
.tier("db-n1-standard-1")
.deletionProtectionEnabled(false)
.build())
.deletionProtection(false)
.build());
var sqlClientCert = new SslCert("sqlClientCert", SslCertArgs.builder()
.commonName("my-cert")
.instance(cloudsqldb.name())
.build(), CustomResourceOptions.builder()
.dependsOn(cloudsqldb)
.build());
var sqldbUser = new User("sqldbUser", UserArgs.builder()
.name("my-username")
.instance(cloudsqldb.name())
.password("my-password")
.build(), CustomResourceOptions.builder()
.dependsOn(sqlClientCert)
.build());
var cloudsqlprofile = new ConnectionProfile("cloudsqlprofile", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("my-fromprofileid")
.displayName("my-fromprofileid_display")
.labels(Map.of("foo", "bar"))
.mysql(ConnectionProfileMysqlArgs.builder()
.host(cloudsqldb.ipAddresses().applyValue(_ipAddresses -> _ipAddresses[0].ipAddress()))
.port(3306)
.username(sqldbUser.name())
.password(sqldbUser.password())
.ssl(ConnectionProfileMysqlSslArgs.builder()
.clientKey(sqlClientCert.privateKey())
.clientCertificate(sqlClientCert.cert())
.caCertificate(sqlClientCert.serverCaCert())
.type("SERVER_CLIENT")
.build())
.cloudSqlId("my-database")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(sqldbUser)
.build());
var cloudsqlprofileDestination = new ConnectionProfile("cloudsqlprofileDestination", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("my-toprofileid")
.displayName("my-toprofileid_displayname")
.labels(Map.of("foo", "bar"))
.cloudsql(ConnectionProfileCloudsqlArgs.builder()
.settings(ConnectionProfileCloudsqlSettingsArgs.builder()
.databaseVersion("MYSQL_5_7")
.userLabels(Map.of("cloudfoo", "cloudbar"))
.tier("db-n1-standard-1")
.edition("ENTERPRISE")
.storageAutoResizeLimit("0")
.activationPolicy("ALWAYS")
.ipConfig(ConnectionProfileCloudsqlSettingsIpConfigArgs.builder()
.enableIpv4(true)
.requireSsl(true)
.build())
.autoStorageIncrease(true)
.dataDiskType("PD_HDD")
.dataDiskSizeGb("11")
.zone("us-central1-b")
.sourceId(String.format("projects/%s/locations/us-central1/connectionProfiles/my-fromprofileid", project.projectId()))
.rootPassword("testpasscloudsql")
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(cloudsqlprofile)
.build());
}
}
resources:
cloudsqldb:
type: gcp:sql:DatabaseInstance
properties:
name: my-database
databaseVersion: MYSQL_5_7
settings:
tier: db-n1-standard-1
deletionProtectionEnabled: false
deletionProtection: false
sqlClientCert:
type: gcp:sql:SslCert
name: sql_client_cert
properties:
commonName: my-cert
instance: ${cloudsqldb.name}
options:
dependsOn:
- ${cloudsqldb}
sqldbUser:
type: gcp:sql:User
name: sqldb_user
properties:
name: my-username
instance: ${cloudsqldb.name}
password: my-password
options:
dependsOn:
- ${sqlClientCert}
cloudsqlprofile:
type: gcp:databasemigrationservice:ConnectionProfile
properties:
location: us-central1
connectionProfileId: my-fromprofileid
displayName: my-fromprofileid_display
labels:
foo: bar
mysql:
host: ${cloudsqldb.ipAddresses[0].ipAddress}
port: 3306
username: ${sqldbUser.name}
password: ${sqldbUser.password}
ssl:
clientKey: ${sqlClientCert.privateKey}
clientCertificate: ${sqlClientCert.cert}
caCertificate: ${sqlClientCert.serverCaCert}
type: SERVER_CLIENT
cloudSqlId: my-database
options:
dependsOn:
- ${sqldbUser}
cloudsqlprofileDestination:
type: gcp:databasemigrationservice:ConnectionProfile
name: cloudsqlprofile_destination
properties:
location: us-central1
connectionProfileId: my-toprofileid
displayName: my-toprofileid_displayname
labels:
foo: bar
cloudsql:
settings:
databaseVersion: MYSQL_5_7
userLabels:
cloudfoo: cloudbar
tier: db-n1-standard-1
edition: ENTERPRISE
storageAutoResizeLimit: '0'
activationPolicy: ALWAYS
ipConfig:
enableIpv4: true
requireSsl: true
autoStorageIncrease: true
dataDiskType: PD_HDD
dataDiskSizeGb: '11'
zone: us-central1-b
sourceId: projects/${project.projectId}/locations/us-central1/connectionProfiles/my-fromprofileid
rootPassword: testpasscloudsql
options:
dependsOn:
- ${cloudsqlprofile}
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
The mysql block specifies connection parameters: host and port identify the database endpoint, while username and password provide authentication. The ssl block configures mutual TLS with clientKey, clientCertificate, and caCertificate for secure communication. The cloudSqlId ties this profile to a specific Cloud SQL instance.
Connect to PostgreSQL with SSL certificates
PostgreSQL migrations require connection profiles that specify host, port, and SSL configuration for secure authentication.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const postgresqldb = new gcp.sql.DatabaseInstance("postgresqldb", {
name: "my-database",
databaseVersion: "POSTGRES_12",
settings: {
tier: "db-custom-2-13312",
},
deletionProtection: false,
});
const sqlClientCert = new gcp.sql.SslCert("sql_client_cert", {
commonName: "my-cert",
instance: postgresqldb.name,
}, {
dependsOn: [postgresqldb],
});
const sqldbUser = new gcp.sql.User("sqldb_user", {
name: "my-username",
instance: postgresqldb.name,
password: "my-password",
}, {
dependsOn: [sqlClientCert],
});
const postgresprofile = new gcp.databasemigrationservice.ConnectionProfile("postgresprofile", {
location: "us-central1",
connectionProfileId: "my-profileid",
displayName: "my-profileid_display",
labels: {
foo: "bar",
},
postgresql: {
host: postgresqldb.ipAddresses.apply(ipAddresses => ipAddresses[0].ipAddress),
port: 5432,
username: sqldbUser.name,
password: sqldbUser.password,
ssl: {
clientKey: sqlClientCert.privateKey,
clientCertificate: sqlClientCert.cert,
caCertificate: sqlClientCert.serverCaCert,
type: "SERVER_CLIENT",
},
cloudSqlId: "my-database",
},
}, {
dependsOn: [sqldbUser],
});
import pulumi
import pulumi_gcp as gcp
postgresqldb = gcp.sql.DatabaseInstance("postgresqldb",
name="my-database",
database_version="POSTGRES_12",
settings={
"tier": "db-custom-2-13312",
},
deletion_protection=False)
sql_client_cert = gcp.sql.SslCert("sql_client_cert",
common_name="my-cert",
instance=postgresqldb.name,
opts = pulumi.ResourceOptions(depends_on=[postgresqldb]))
sqldb_user = gcp.sql.User("sqldb_user",
name="my-username",
instance=postgresqldb.name,
password="my-password",
opts = pulumi.ResourceOptions(depends_on=[sql_client_cert]))
postgresprofile = gcp.databasemigrationservice.ConnectionProfile("postgresprofile",
location="us-central1",
connection_profile_id="my-profileid",
display_name="my-profileid_display",
labels={
"foo": "bar",
},
postgresql={
"host": postgresqldb.ip_addresses[0].ip_address,
"port": 5432,
"username": sqldb_user.name,
"password": sqldb_user.password,
"ssl": {
"client_key": sql_client_cert.private_key,
"client_certificate": sql_client_cert.cert,
"ca_certificate": sql_client_cert.server_ca_cert,
"type": "SERVER_CLIENT",
},
"cloud_sql_id": "my-database",
},
opts = pulumi.ResourceOptions(depends_on=[sqldb_user]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/databasemigrationservice"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/sql"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
postgresqldb, err := sql.NewDatabaseInstance(ctx, "postgresqldb", &sql.DatabaseInstanceArgs{
Name: pulumi.String("my-database"),
DatabaseVersion: pulumi.String("POSTGRES_12"),
Settings: &sql.DatabaseInstanceSettingsArgs{
Tier: pulumi.String("db-custom-2-13312"),
},
DeletionProtection: pulumi.Bool(false),
})
if err != nil {
return err
}
sqlClientCert, err := sql.NewSslCert(ctx, "sql_client_cert", &sql.SslCertArgs{
CommonName: pulumi.String("my-cert"),
Instance: postgresqldb.Name,
}, pulumi.DependsOn([]pulumi.Resource{
postgresqldb,
}))
if err != nil {
return err
}
sqldbUser, err := sql.NewUser(ctx, "sqldb_user", &sql.UserArgs{
Name: pulumi.String("my-username"),
Instance: postgresqldb.Name,
Password: pulumi.String("my-password"),
}, pulumi.DependsOn([]pulumi.Resource{
sqlClientCert,
}))
if err != nil {
return err
}
_, err = databasemigrationservice.NewConnectionProfile(ctx, "postgresprofile", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("my-profileid"),
DisplayName: pulumi.String("my-profileid_display"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Postgresql: &databasemigrationservice.ConnectionProfilePostgresqlArgs{
Host: postgresqldb.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {
return &ipAddresses[0].IpAddress, nil
}).(pulumi.StringPtrOutput),
Port: pulumi.Int(5432),
Username: sqldbUser.Name,
Password: sqldbUser.Password,
Ssl: &databasemigrationservice.ConnectionProfilePostgresqlSslArgs{
ClientKey: sqlClientCert.PrivateKey,
ClientCertificate: sqlClientCert.Cert,
CaCertificate: sqlClientCert.ServerCaCert,
Type: pulumi.String("SERVER_CLIENT"),
},
CloudSqlId: pulumi.String("my-database"),
},
}, pulumi.DependsOn([]pulumi.Resource{
sqldbUser,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var postgresqldb = new Gcp.Sql.DatabaseInstance("postgresqldb", new()
{
Name = "my-database",
DatabaseVersion = "POSTGRES_12",
Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
{
Tier = "db-custom-2-13312",
},
DeletionProtection = false,
});
var sqlClientCert = new Gcp.Sql.SslCert("sql_client_cert", new()
{
CommonName = "my-cert",
Instance = postgresqldb.Name,
}, new CustomResourceOptions
{
DependsOn =
{
postgresqldb,
},
});
var sqldbUser = new Gcp.Sql.User("sqldb_user", new()
{
Name = "my-username",
Instance = postgresqldb.Name,
Password = "my-password",
}, new CustomResourceOptions
{
DependsOn =
{
sqlClientCert,
},
});
var postgresprofile = new Gcp.DatabaseMigrationService.ConnectionProfile("postgresprofile", new()
{
Location = "us-central1",
ConnectionProfileId = "my-profileid",
DisplayName = "my-profileid_display",
Labels =
{
{ "foo", "bar" },
},
Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs
{
Host = postgresqldb.IpAddresses.Apply(ipAddresses => ipAddresses[0].IpAddress),
Port = 5432,
Username = sqldbUser.Name,
Password = sqldbUser.Password,
Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlSslArgs
{
ClientKey = sqlClientCert.PrivateKey,
ClientCertificate = sqlClientCert.Cert,
CaCertificate = sqlClientCert.ServerCaCert,
Type = "SERVER_CLIENT",
},
CloudSqlId = "my-database",
},
}, new CustomResourceOptions
{
DependsOn =
{
sqldbUser,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.sql.DatabaseInstance;
import com.pulumi.gcp.sql.DatabaseInstanceArgs;
import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
import com.pulumi.gcp.sql.SslCert;
import com.pulumi.gcp.sql.SslCertArgs;
import com.pulumi.gcp.sql.User;
import com.pulumi.gcp.sql.UserArgs;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfile;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlSslArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var postgresqldb = new DatabaseInstance("postgresqldb", DatabaseInstanceArgs.builder()
.name("my-database")
.databaseVersion("POSTGRES_12")
.settings(DatabaseInstanceSettingsArgs.builder()
.tier("db-custom-2-13312")
.build())
.deletionProtection(false)
.build());
var sqlClientCert = new SslCert("sqlClientCert", SslCertArgs.builder()
.commonName("my-cert")
.instance(postgresqldb.name())
.build(), CustomResourceOptions.builder()
.dependsOn(postgresqldb)
.build());
var sqldbUser = new User("sqldbUser", UserArgs.builder()
.name("my-username")
.instance(postgresqldb.name())
.password("my-password")
.build(), CustomResourceOptions.builder()
.dependsOn(sqlClientCert)
.build());
var postgresprofile = new ConnectionProfile("postgresprofile", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("my-profileid")
.displayName("my-profileid_display")
.labels(Map.of("foo", "bar"))
.postgresql(ConnectionProfilePostgresqlArgs.builder()
.host(postgresqldb.ipAddresses().applyValue(_ipAddresses -> _ipAddresses[0].ipAddress()))
.port(5432)
.username(sqldbUser.name())
.password(sqldbUser.password())
.ssl(ConnectionProfilePostgresqlSslArgs.builder()
.clientKey(sqlClientCert.privateKey())
.clientCertificate(sqlClientCert.cert())
.caCertificate(sqlClientCert.serverCaCert())
.type("SERVER_CLIENT")
.build())
.cloudSqlId("my-database")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(sqldbUser)
.build());
}
}
resources:
postgresqldb:
type: gcp:sql:DatabaseInstance
properties:
name: my-database
databaseVersion: POSTGRES_12
settings:
tier: db-custom-2-13312
deletionProtection: false
sqlClientCert:
type: gcp:sql:SslCert
name: sql_client_cert
properties:
commonName: my-cert
instance: ${postgresqldb.name}
options:
dependsOn:
- ${postgresqldb}
sqldbUser:
type: gcp:sql:User
name: sqldb_user
properties:
name: my-username
instance: ${postgresqldb.name}
password: my-password
options:
dependsOn:
- ${sqlClientCert}
postgresprofile:
type: gcp:databasemigrationservice:ConnectionProfile
properties:
location: us-central1
connectionProfileId: my-profileid
displayName: my-profileid_display
labels:
foo: bar
postgresql:
host: ${postgresqldb.ipAddresses[0].ipAddress}
port: 5432
username: ${sqldbUser.name}
password: ${sqldbUser.password}
ssl:
clientKey: ${sqlClientCert.privateKey}
clientCertificate: ${sqlClientCert.cert}
caCertificate: ${sqlClientCert.serverCaCert}
type: SERVER_CLIENT
cloudSqlId: my-database
options:
dependsOn:
- ${sqldbUser}
The postgresql block mirrors the MySQL structure with database-specific defaults. The ssl.type property set to “SERVER_CLIENT” enables mutual TLS authentication. This configuration extends the MySQL pattern to PostgreSQL workloads.
Connect to PostgreSQL without SSL
Development or internal environments may disable SSL for simplified connectivity, though this reduces security.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const postgresqldb = new gcp.sql.DatabaseInstance("postgresqldb", {
name: "my-database",
databaseVersion: "POSTGRES_12",
settings: {
tier: "db-custom-2-13312",
},
deletionProtection: false,
});
const sqlClientCert = new gcp.sql.SslCert("sql_client_cert", {
commonName: "my-cert",
instance: postgresqldb.name,
}, {
dependsOn: [postgresqldb],
});
const sqldbUser = new gcp.sql.User("sqldb_user", {
name: "my-username",
instance: postgresqldb.name,
password: "my-password",
}, {
dependsOn: [sqlClientCert],
});
const postgresprofile = new gcp.databasemigrationservice.ConnectionProfile("postgresprofile", {
location: "us-central1",
connectionProfileId: "my-profileid",
displayName: "my-profileid_display",
labels: {
foo: "bar",
},
postgresql: {
host: postgresqldb.ipAddresses.apply(ipAddresses => ipAddresses[0].ipAddress),
port: 5432,
username: sqldbUser.name,
password: sqldbUser.password,
ssl: {
type: "NONE",
},
cloudSqlId: "my-database",
},
}, {
dependsOn: [sqldbUser],
});
import pulumi
import pulumi_gcp as gcp
postgresqldb = gcp.sql.DatabaseInstance("postgresqldb",
name="my-database",
database_version="POSTGRES_12",
settings={
"tier": "db-custom-2-13312",
},
deletion_protection=False)
sql_client_cert = gcp.sql.SslCert("sql_client_cert",
common_name="my-cert",
instance=postgresqldb.name,
opts = pulumi.ResourceOptions(depends_on=[postgresqldb]))
sqldb_user = gcp.sql.User("sqldb_user",
name="my-username",
instance=postgresqldb.name,
password="my-password",
opts = pulumi.ResourceOptions(depends_on=[sql_client_cert]))
postgresprofile = gcp.databasemigrationservice.ConnectionProfile("postgresprofile",
location="us-central1",
connection_profile_id="my-profileid",
display_name="my-profileid_display",
labels={
"foo": "bar",
},
postgresql={
"host": postgresqldb.ip_addresses[0].ip_address,
"port": 5432,
"username": sqldb_user.name,
"password": sqldb_user.password,
"ssl": {
"type": "NONE",
},
"cloud_sql_id": "my-database",
},
opts = pulumi.ResourceOptions(depends_on=[sqldb_user]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/databasemigrationservice"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/sql"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
postgresqldb, err := sql.NewDatabaseInstance(ctx, "postgresqldb", &sql.DatabaseInstanceArgs{
Name: pulumi.String("my-database"),
DatabaseVersion: pulumi.String("POSTGRES_12"),
Settings: &sql.DatabaseInstanceSettingsArgs{
Tier: pulumi.String("db-custom-2-13312"),
},
DeletionProtection: pulumi.Bool(false),
})
if err != nil {
return err
}
sqlClientCert, err := sql.NewSslCert(ctx, "sql_client_cert", &sql.SslCertArgs{
CommonName: pulumi.String("my-cert"),
Instance: postgresqldb.Name,
}, pulumi.DependsOn([]pulumi.Resource{
postgresqldb,
}))
if err != nil {
return err
}
sqldbUser, err := sql.NewUser(ctx, "sqldb_user", &sql.UserArgs{
Name: pulumi.String("my-username"),
Instance: postgresqldb.Name,
Password: pulumi.String("my-password"),
}, pulumi.DependsOn([]pulumi.Resource{
sqlClientCert,
}))
if err != nil {
return err
}
_, err = databasemigrationservice.NewConnectionProfile(ctx, "postgresprofile", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("my-profileid"),
DisplayName: pulumi.String("my-profileid_display"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Postgresql: &databasemigrationservice.ConnectionProfilePostgresqlArgs{
Host: postgresqldb.IpAddresses.ApplyT(func(ipAddresses []sql.DatabaseInstanceIpAddress) (*string, error) {
return &ipAddresses[0].IpAddress, nil
}).(pulumi.StringPtrOutput),
Port: pulumi.Int(5432),
Username: sqldbUser.Name,
Password: sqldbUser.Password,
Ssl: &databasemigrationservice.ConnectionProfilePostgresqlSslArgs{
Type: pulumi.String("NONE"),
},
CloudSqlId: pulumi.String("my-database"),
},
}, pulumi.DependsOn([]pulumi.Resource{
sqldbUser,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var postgresqldb = new Gcp.Sql.DatabaseInstance("postgresqldb", new()
{
Name = "my-database",
DatabaseVersion = "POSTGRES_12",
Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
{
Tier = "db-custom-2-13312",
},
DeletionProtection = false,
});
var sqlClientCert = new Gcp.Sql.SslCert("sql_client_cert", new()
{
CommonName = "my-cert",
Instance = postgresqldb.Name,
}, new CustomResourceOptions
{
DependsOn =
{
postgresqldb,
},
});
var sqldbUser = new Gcp.Sql.User("sqldb_user", new()
{
Name = "my-username",
Instance = postgresqldb.Name,
Password = "my-password",
}, new CustomResourceOptions
{
DependsOn =
{
sqlClientCert,
},
});
var postgresprofile = new Gcp.DatabaseMigrationService.ConnectionProfile("postgresprofile", new()
{
Location = "us-central1",
ConnectionProfileId = "my-profileid",
DisplayName = "my-profileid_display",
Labels =
{
{ "foo", "bar" },
},
Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs
{
Host = postgresqldb.IpAddresses.Apply(ipAddresses => ipAddresses[0].IpAddress),
Port = 5432,
Username = sqldbUser.Name,
Password = sqldbUser.Password,
Ssl = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlSslArgs
{
Type = "NONE",
},
CloudSqlId = "my-database",
},
}, new CustomResourceOptions
{
DependsOn =
{
sqldbUser,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.sql.DatabaseInstance;
import com.pulumi.gcp.sql.DatabaseInstanceArgs;
import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
import com.pulumi.gcp.sql.SslCert;
import com.pulumi.gcp.sql.SslCertArgs;
import com.pulumi.gcp.sql.User;
import com.pulumi.gcp.sql.UserArgs;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfile;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlSslArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var postgresqldb = new DatabaseInstance("postgresqldb", DatabaseInstanceArgs.builder()
.name("my-database")
.databaseVersion("POSTGRES_12")
.settings(DatabaseInstanceSettingsArgs.builder()
.tier("db-custom-2-13312")
.build())
.deletionProtection(false)
.build());
var sqlClientCert = new SslCert("sqlClientCert", SslCertArgs.builder()
.commonName("my-cert")
.instance(postgresqldb.name())
.build(), CustomResourceOptions.builder()
.dependsOn(postgresqldb)
.build());
var sqldbUser = new User("sqldbUser", UserArgs.builder()
.name("my-username")
.instance(postgresqldb.name())
.password("my-password")
.build(), CustomResourceOptions.builder()
.dependsOn(sqlClientCert)
.build());
var postgresprofile = new ConnectionProfile("postgresprofile", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("my-profileid")
.displayName("my-profileid_display")
.labels(Map.of("foo", "bar"))
.postgresql(ConnectionProfilePostgresqlArgs.builder()
.host(postgresqldb.ipAddresses().applyValue(_ipAddresses -> _ipAddresses[0].ipAddress()))
.port(5432)
.username(sqldbUser.name())
.password(sqldbUser.password())
.ssl(ConnectionProfilePostgresqlSslArgs.builder()
.type("NONE")
.build())
.cloudSqlId("my-database")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(sqldbUser)
.build());
}
}
resources:
postgresqldb:
type: gcp:sql:DatabaseInstance
properties:
name: my-database
databaseVersion: POSTGRES_12
settings:
tier: db-custom-2-13312
deletionProtection: false
sqlClientCert:
type: gcp:sql:SslCert
name: sql_client_cert
properties:
commonName: my-cert
instance: ${postgresqldb.name}
options:
dependsOn:
- ${postgresqldb}
sqldbUser:
type: gcp:sql:User
name: sqldb_user
properties:
name: my-username
instance: ${postgresqldb.name}
password: my-password
options:
dependsOn:
- ${sqlClientCert}
postgresprofile:
type: gcp:databasemigrationservice:ConnectionProfile
properties:
location: us-central1
connectionProfileId: my-profileid
displayName: my-profileid_display
labels:
foo: bar
postgresql:
host: ${postgresqldb.ipAddresses[0].ipAddress}
port: 5432
username: ${sqldbUser.name}
password: ${sqldbUser.password}
ssl:
type: NONE
cloudSqlId: my-database
options:
dependsOn:
- ${sqldbUser}
Setting ssl.type to “NONE” disables SSL encryption entirely. This removes the need for certificate management but exposes credentials and data in transit. Use this only in trusted network environments.
Connect to Oracle with static IP connectivity
Oracle database migrations require connection profiles that specify the database service name and connectivity method for reaching on-premises or external databases.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const oracleprofile = new gcp.databasemigrationservice.ConnectionProfile("oracleprofile", {
location: "us-central1",
connectionProfileId: "my-profileid",
displayName: "my-profileid_display",
labels: {
foo: "bar",
},
oracle: {
host: "host",
port: 1521,
username: "username",
password: "password",
databaseService: "dbprovider",
staticServiceIpConnectivity: {},
},
});
import pulumi
import pulumi_gcp as gcp
oracleprofile = gcp.databasemigrationservice.ConnectionProfile("oracleprofile",
location="us-central1",
connection_profile_id="my-profileid",
display_name="my-profileid_display",
labels={
"foo": "bar",
},
oracle={
"host": "host",
"port": 1521,
"username": "username",
"password": "password",
"database_service": "dbprovider",
"static_service_ip_connectivity": {},
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/databasemigrationservice"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := databasemigrationservice.NewConnectionProfile(ctx, "oracleprofile", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("my-profileid"),
DisplayName: pulumi.String("my-profileid_display"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Oracle: &databasemigrationservice.ConnectionProfileOracleArgs{
Host: pulumi.String("host"),
Port: pulumi.Int(1521),
Username: pulumi.String("username"),
Password: pulumi.String("password"),
DatabaseService: pulumi.String("dbprovider"),
StaticServiceIpConnectivity: &databasemigrationservice.ConnectionProfileOracleStaticServiceIpConnectivityArgs{},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var oracleprofile = new Gcp.DatabaseMigrationService.ConnectionProfile("oracleprofile", new()
{
Location = "us-central1",
ConnectionProfileId = "my-profileid",
DisplayName = "my-profileid_display",
Labels =
{
{ "foo", "bar" },
},
Oracle = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileOracleArgs
{
Host = "host",
Port = 1521,
Username = "username",
Password = "password",
DatabaseService = "dbprovider",
StaticServiceIpConnectivity = null,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfile;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileOracleArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileOracleStaticServiceIpConnectivityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var oracleprofile = new ConnectionProfile("oracleprofile", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("my-profileid")
.displayName("my-profileid_display")
.labels(Map.of("foo", "bar"))
.oracle(ConnectionProfileOracleArgs.builder()
.host("host")
.port(1521)
.username("username")
.password("password")
.databaseService("dbprovider")
.staticServiceIpConnectivity(ConnectionProfileOracleStaticServiceIpConnectivityArgs.builder()
.build())
.build())
.build());
}
}
resources:
oracleprofile:
type: gcp:databasemigrationservice:ConnectionProfile
properties:
location: us-central1
connectionProfileId: my-profileid
displayName: my-profileid_display
labels:
foo: bar
oracle:
host: host
port: 1521
username: username
password: password
databaseService: dbprovider
staticServiceIpConnectivity: {}
The oracle block requires a databaseService property that identifies the Oracle service name. The staticServiceIpConnectivity block enables direct IP-based connectivity without VPC peering or SSH tunneling. This configuration suits databases accessible via public or private IP addresses.
Provision AlloyDB cluster as migration destination
When migrating to AlloyDB, the connection profile can provision a new cluster with specified machine configuration, VPC networking, and initial user credentials.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const _default = new gcp.compute.Network("default", {name: "vpc-network"});
const privateIpAlloc = new gcp.compute.GlobalAddress("private_ip_alloc", {
name: "private-ip-alloc",
addressType: "INTERNAL",
purpose: "VPC_PEERING",
prefixLength: 16,
network: _default.id,
});
const vpcConnection = new gcp.servicenetworking.Connection("vpc_connection", {
network: _default.id,
service: "servicenetworking.googleapis.com",
reservedPeeringRanges: [privateIpAlloc.name],
});
const alloydbprofile = new gcp.databasemigrationservice.ConnectionProfile("alloydbprofile", {
location: "us-central1",
connectionProfileId: "my-profileid",
displayName: "my-profileid_display",
labels: {
foo: "bar",
},
alloydb: {
clusterId: "tf-test-dbmsalloycluster_75125",
settings: {
initialUser: {
user: "alloyuser_88722",
password: "alloypass_39249",
},
vpcNetwork: _default.id,
labels: {
alloyfoo: "alloybar",
},
primaryInstanceSettings: {
id: "priminstid",
machineConfig: {
cpuCount: 2,
},
databaseFlags: {},
labels: {
alloysinstfoo: "allowinstbar",
},
},
},
},
}, {
dependsOn: [vpcConnection],
});
import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
default = gcp.compute.Network("default", name="vpc-network")
private_ip_alloc = gcp.compute.GlobalAddress("private_ip_alloc",
name="private-ip-alloc",
address_type="INTERNAL",
purpose="VPC_PEERING",
prefix_length=16,
network=default.id)
vpc_connection = gcp.servicenetworking.Connection("vpc_connection",
network=default.id,
service="servicenetworking.googleapis.com",
reserved_peering_ranges=[private_ip_alloc.name])
alloydbprofile = gcp.databasemigrationservice.ConnectionProfile("alloydbprofile",
location="us-central1",
connection_profile_id="my-profileid",
display_name="my-profileid_display",
labels={
"foo": "bar",
},
alloydb={
"cluster_id": "tf-test-dbmsalloycluster_75125",
"settings": {
"initial_user": {
"user": "alloyuser_88722",
"password": "alloypass_39249",
},
"vpc_network": default.id,
"labels": {
"alloyfoo": "alloybar",
},
"primary_instance_settings": {
"id": "priminstid",
"machine_config": {
"cpu_count": 2,
},
"database_flags": {},
"labels": {
"alloysinstfoo": "allowinstbar",
},
},
},
},
opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/databasemigrationservice"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/servicenetworking"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("vpc-network"),
})
if err != nil {
return err
}
privateIpAlloc, err := compute.NewGlobalAddress(ctx, "private_ip_alloc", &compute.GlobalAddressArgs{
Name: pulumi.String("private-ip-alloc"),
AddressType: pulumi.String("INTERNAL"),
Purpose: pulumi.String("VPC_PEERING"),
PrefixLength: pulumi.Int(16),
Network: _default.ID(),
})
if err != nil {
return err
}
vpcConnection, err := servicenetworking.NewConnection(ctx, "vpc_connection", &servicenetworking.ConnectionArgs{
Network: _default.ID(),
Service: pulumi.String("servicenetworking.googleapis.com"),
ReservedPeeringRanges: pulumi.StringArray{
privateIpAlloc.Name,
},
})
if err != nil {
return err
}
_, err = databasemigrationservice.NewConnectionProfile(ctx, "alloydbprofile", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("my-profileid"),
DisplayName: pulumi.String("my-profileid_display"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Alloydb: &databasemigrationservice.ConnectionProfileAlloydbArgs{
ClusterId: pulumi.String("tf-test-dbmsalloycluster_75125"),
Settings: &databasemigrationservice.ConnectionProfileAlloydbSettingsArgs{
InitialUser: &databasemigrationservice.ConnectionProfileAlloydbSettingsInitialUserArgs{
User: pulumi.String("alloyuser_88722"),
Password: pulumi.String("alloypass_39249"),
},
VpcNetwork: _default.ID(),
Labels: pulumi.StringMap{
"alloyfoo": pulumi.String("alloybar"),
},
PrimaryInstanceSettings: &databasemigrationservice.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs{
Id: pulumi.String("priminstid"),
MachineConfig: &databasemigrationservice.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs{
CpuCount: pulumi.Int(2),
},
DatabaseFlags: pulumi.StringMap{},
Labels: pulumi.StringMap{
"alloysinstfoo": pulumi.String("allowinstbar"),
},
},
},
},
}, pulumi.DependsOn([]pulumi.Resource{
vpcConnection,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var @default = new Gcp.Compute.Network("default", new()
{
Name = "vpc-network",
});
var privateIpAlloc = new Gcp.Compute.GlobalAddress("private_ip_alloc", new()
{
Name = "private-ip-alloc",
AddressType = "INTERNAL",
Purpose = "VPC_PEERING",
PrefixLength = 16,
Network = @default.Id,
});
var vpcConnection = new Gcp.ServiceNetworking.Connection("vpc_connection", new()
{
Network = @default.Id,
Service = "servicenetworking.googleapis.com",
ReservedPeeringRanges = new[]
{
privateIpAlloc.Name,
},
});
var alloydbprofile = new Gcp.DatabaseMigrationService.ConnectionProfile("alloydbprofile", new()
{
Location = "us-central1",
ConnectionProfileId = "my-profileid",
DisplayName = "my-profileid_display",
Labels =
{
{ "foo", "bar" },
},
Alloydb = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbArgs
{
ClusterId = "tf-test-dbmsalloycluster_75125",
Settings = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsArgs
{
InitialUser = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsInitialUserArgs
{
User = "alloyuser_88722",
Password = "alloypass_39249",
},
VpcNetwork = @default.Id,
Labels =
{
{ "alloyfoo", "alloybar" },
},
PrimaryInstanceSettings = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs
{
Id = "priminstid",
MachineConfig = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs
{
CpuCount = 2,
},
DatabaseFlags = null,
Labels =
{
{ "alloysinstfoo", "allowinstbar" },
},
},
},
},
}, new CustomResourceOptions
{
DependsOn =
{
vpcConnection,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.servicenetworking.Connection;
import com.pulumi.gcp.servicenetworking.ConnectionArgs;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfile;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsInitialUserArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
var default_ = new Network("default", NetworkArgs.builder()
.name("vpc-network")
.build());
var privateIpAlloc = new GlobalAddress("privateIpAlloc", GlobalAddressArgs.builder()
.name("private-ip-alloc")
.addressType("INTERNAL")
.purpose("VPC_PEERING")
.prefixLength(16)
.network(default_.id())
.build());
var vpcConnection = new Connection("vpcConnection", ConnectionArgs.builder()
.network(default_.id())
.service("servicenetworking.googleapis.com")
.reservedPeeringRanges(privateIpAlloc.name())
.build());
var alloydbprofile = new ConnectionProfile("alloydbprofile", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("my-profileid")
.displayName("my-profileid_display")
.labels(Map.of("foo", "bar"))
.alloydb(ConnectionProfileAlloydbArgs.builder()
.clusterId("tf-test-dbmsalloycluster_75125")
.settings(ConnectionProfileAlloydbSettingsArgs.builder()
.initialUser(ConnectionProfileAlloydbSettingsInitialUserArgs.builder()
.user("alloyuser_88722")
.password("alloypass_39249")
.build())
.vpcNetwork(default_.id())
.labels(Map.of("alloyfoo", "alloybar"))
.primaryInstanceSettings(ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsArgs.builder()
.id("priminstid")
.machineConfig(ConnectionProfileAlloydbSettingsPrimaryInstanceSettingsMachineConfigArgs.builder()
.cpuCount(2)
.build())
.databaseFlags(Map.ofEntries(
))
.labels(Map.of("alloysinstfoo", "allowinstbar"))
.build())
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(vpcConnection)
.build());
}
}
resources:
default:
type: gcp:compute:Network
properties:
name: vpc-network
privateIpAlloc:
type: gcp:compute:GlobalAddress
name: private_ip_alloc
properties:
name: private-ip-alloc
addressType: INTERNAL
purpose: VPC_PEERING
prefixLength: 16
network: ${default.id}
vpcConnection:
type: gcp:servicenetworking:Connection
name: vpc_connection
properties:
network: ${default.id}
service: servicenetworking.googleapis.com
reservedPeeringRanges:
- ${privateIpAlloc.name}
alloydbprofile:
type: gcp:databasemigrationservice:ConnectionProfile
properties:
location: us-central1
connectionProfileId: my-profileid
displayName: my-profileid_display
labels:
foo: bar
alloydb:
clusterId: tf-test-dbmsalloycluster_75125
settings:
initialUser:
user: alloyuser_88722
password: alloypass_39249
vpcNetwork: ${default.id}
labels:
alloyfoo: alloybar
primaryInstanceSettings:
id: priminstid
machineConfig:
cpuCount: 2
databaseFlags: {}
labels:
alloysinstfoo: allowinstbar
options:
dependsOn:
- ${vpcConnection}
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
The alloydb block provisions a new cluster rather than connecting to an existing database. The settings.initialUser block creates the first database user, while settings.vpcNetwork places the cluster in your VPC. The primaryInstanceSettings block configures the primary instance’s CPU count and database flags. This pattern creates the destination infrastructure as part of the migration setup.
Reference existing Cloud SQL MySQL instance
When the destination database already exists, connection profiles can reference it by Cloud SQL instance ID without specifying credentials or SSL configuration.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const destinationCsql = new gcp.sql.DatabaseInstance("destination_csql", {
name: "destination-csql",
databaseVersion: "MYSQL_5_7",
settings: {
tier: "db-n1-standard-1",
deletionProtectionEnabled: false,
},
deletionProtection: false,
});
const existing_mysql = new gcp.databasemigrationservice.ConnectionProfile("existing-mysql", {
location: "us-central1",
connectionProfileId: "destination-cp",
displayName: "destination-cp_display",
labels: {
foo: "bar",
},
mysql: {
cloudSqlId: "destination-csql",
},
}, {
dependsOn: [destinationCsql],
});
import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
destination_csql = gcp.sql.DatabaseInstance("destination_csql",
name="destination-csql",
database_version="MYSQL_5_7",
settings={
"tier": "db-n1-standard-1",
"deletion_protection_enabled": False,
},
deletion_protection=False)
existing_mysql = gcp.databasemigrationservice.ConnectionProfile("existing-mysql",
location="us-central1",
connection_profile_id="destination-cp",
display_name="destination-cp_display",
labels={
"foo": "bar",
},
mysql={
"cloud_sql_id": "destination-csql",
},
opts = pulumi.ResourceOptions(depends_on=[destination_csql]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/databasemigrationservice"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/sql"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
destinationCsql, err := sql.NewDatabaseInstance(ctx, "destination_csql", &sql.DatabaseInstanceArgs{
Name: pulumi.String("destination-csql"),
DatabaseVersion: pulumi.String("MYSQL_5_7"),
Settings: &sql.DatabaseInstanceSettingsArgs{
Tier: pulumi.String("db-n1-standard-1"),
DeletionProtectionEnabled: pulumi.Bool(false),
},
DeletionProtection: pulumi.Bool(false),
})
if err != nil {
return err
}
_, err = databasemigrationservice.NewConnectionProfile(ctx, "existing-mysql", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("destination-cp"),
DisplayName: pulumi.String("destination-cp_display"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Mysql: &databasemigrationservice.ConnectionProfileMysqlArgs{
CloudSqlId: pulumi.String("destination-csql"),
},
}, pulumi.DependsOn([]pulumi.Resource{
destinationCsql,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var destinationCsql = new Gcp.Sql.DatabaseInstance("destination_csql", new()
{
Name = "destination-csql",
DatabaseVersion = "MYSQL_5_7",
Settings = new Gcp.Sql.Inputs.DatabaseInstanceSettingsArgs
{
Tier = "db-n1-standard-1",
DeletionProtectionEnabled = false,
},
DeletionProtection = false,
});
var existing_mysql = new Gcp.DatabaseMigrationService.ConnectionProfile("existing-mysql", new()
{
Location = "us-central1",
ConnectionProfileId = "destination-cp",
DisplayName = "destination-cp_display",
Labels =
{
{ "foo", "bar" },
},
Mysql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfileMysqlArgs
{
CloudSqlId = "destination-csql",
},
}, new CustomResourceOptions
{
DependsOn =
{
destinationCsql,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.sql.DatabaseInstance;
import com.pulumi.gcp.sql.DatabaseInstanceArgs;
import com.pulumi.gcp.sql.inputs.DatabaseInstanceSettingsArgs;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfile;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfileMysqlArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
var destinationCsql = new DatabaseInstance("destinationCsql", DatabaseInstanceArgs.builder()
.name("destination-csql")
.databaseVersion("MYSQL_5_7")
.settings(DatabaseInstanceSettingsArgs.builder()
.tier("db-n1-standard-1")
.deletionProtectionEnabled(false)
.build())
.deletionProtection(false)
.build());
var existing_mysql = new ConnectionProfile("existing-mysql", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("destination-cp")
.displayName("destination-cp_display")
.labels(Map.of("foo", "bar"))
.mysql(ConnectionProfileMysqlArgs.builder()
.cloudSqlId("destination-csql")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(destinationCsql)
.build());
}
}
resources:
destinationCsql:
type: gcp:sql:DatabaseInstance
name: destination_csql
properties:
name: destination-csql
databaseVersion: MYSQL_5_7
settings:
tier: db-n1-standard-1
deletionProtectionEnabled: false
deletionProtection: false
existing-mysql:
type: gcp:databasemigrationservice:ConnectionProfile
properties:
location: us-central1
connectionProfileId: destination-cp
displayName: destination-cp_display
labels:
foo: bar
mysql:
cloudSqlId: destination-csql
options:
dependsOn:
- ${destinationCsql}
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
The mysql.cloudSqlId property alone identifies an existing Cloud SQL instance. This simplified configuration omits host, port, username, password, and SSL settings because the instance already exists with its own configuration. Use this pattern when migrating to pre-provisioned destinations.
Reference existing AlloyDB cluster
When migrating to an existing AlloyDB cluster, the connection profile references the cluster ID without provisioning new infrastructure.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const _default = new gcp.compute.Network("default", {name: "destination-alloydb"});
const destinationAlloydb = new gcp.alloydb.Cluster("destination_alloydb", {
clusterId: "destination-alloydb",
location: "us-central1",
networkConfig: {
network: _default.id,
},
databaseVersion: "POSTGRES_15",
initialUser: {
user: "destination-alloydb",
password: "destination-alloydb",
},
deletionProtection: false,
});
const privateIpAlloc = new gcp.compute.GlobalAddress("private_ip_alloc", {
name: "destination-alloydb",
addressType: "INTERNAL",
purpose: "VPC_PEERING",
prefixLength: 16,
network: _default.id,
});
const vpcConnection = new gcp.servicenetworking.Connection("vpc_connection", {
network: _default.id,
service: "servicenetworking.googleapis.com",
reservedPeeringRanges: [privateIpAlloc.name],
});
const destinationAlloydbPrimary = new gcp.alloydb.Instance("destination_alloydb_primary", {
cluster: destinationAlloydb.name,
instanceId: "destination-alloydb-primary",
instanceType: "PRIMARY",
}, {
dependsOn: [vpcConnection],
});
const existing_alloydb = new gcp.databasemigrationservice.ConnectionProfile("existing-alloydb", {
location: "us-central1",
connectionProfileId: "destination-cp",
displayName: "destination-cp_display",
labels: {
foo: "bar",
},
postgresql: {
alloydbClusterId: "destination-alloydb",
},
}, {
dependsOn: [
destinationAlloydb,
destinationAlloydbPrimary,
],
});
import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
default = gcp.compute.Network("default", name="destination-alloydb")
destination_alloydb = gcp.alloydb.Cluster("destination_alloydb",
cluster_id="destination-alloydb",
location="us-central1",
network_config={
"network": default.id,
},
database_version="POSTGRES_15",
initial_user={
"user": "destination-alloydb",
"password": "destination-alloydb",
},
deletion_protection=False)
private_ip_alloc = gcp.compute.GlobalAddress("private_ip_alloc",
name="destination-alloydb",
address_type="INTERNAL",
purpose="VPC_PEERING",
prefix_length=16,
network=default.id)
vpc_connection = gcp.servicenetworking.Connection("vpc_connection",
network=default.id,
service="servicenetworking.googleapis.com",
reserved_peering_ranges=[private_ip_alloc.name])
destination_alloydb_primary = gcp.alloydb.Instance("destination_alloydb_primary",
cluster=destination_alloydb.name,
instance_id="destination-alloydb-primary",
instance_type="PRIMARY",
opts = pulumi.ResourceOptions(depends_on=[vpc_connection]))
existing_alloydb = gcp.databasemigrationservice.ConnectionProfile("existing-alloydb",
location="us-central1",
connection_profile_id="destination-cp",
display_name="destination-cp_display",
labels={
"foo": "bar",
},
postgresql={
"alloydb_cluster_id": "destination-alloydb",
},
opts = pulumi.ResourceOptions(depends_on=[
destination_alloydb,
destination_alloydb_primary,
]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/alloydb"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/databasemigrationservice"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/organizations"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/servicenetworking"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("destination-alloydb"),
})
if err != nil {
return err
}
destinationAlloydb, err := alloydb.NewCluster(ctx, "destination_alloydb", &alloydb.ClusterArgs{
ClusterId: pulumi.String("destination-alloydb"),
Location: pulumi.String("us-central1"),
NetworkConfig: &alloydb.ClusterNetworkConfigArgs{
Network: _default.ID(),
},
DatabaseVersion: pulumi.String("POSTGRES_15"),
InitialUser: &alloydb.ClusterInitialUserArgs{
User: pulumi.String("destination-alloydb"),
Password: pulumi.String("destination-alloydb"),
},
DeletionProtection: pulumi.Bool(false),
})
if err != nil {
return err
}
privateIpAlloc, err := compute.NewGlobalAddress(ctx, "private_ip_alloc", &compute.GlobalAddressArgs{
Name: pulumi.String("destination-alloydb"),
AddressType: pulumi.String("INTERNAL"),
Purpose: pulumi.String("VPC_PEERING"),
PrefixLength: pulumi.Int(16),
Network: _default.ID(),
})
if err != nil {
return err
}
vpcConnection, err := servicenetworking.NewConnection(ctx, "vpc_connection", &servicenetworking.ConnectionArgs{
Network: _default.ID(),
Service: pulumi.String("servicenetworking.googleapis.com"),
ReservedPeeringRanges: pulumi.StringArray{
privateIpAlloc.Name,
},
})
if err != nil {
return err
}
destinationAlloydbPrimary, err := alloydb.NewInstance(ctx, "destination_alloydb_primary", &alloydb.InstanceArgs{
Cluster: destinationAlloydb.Name,
InstanceId: pulumi.String("destination-alloydb-primary"),
InstanceType: pulumi.String("PRIMARY"),
}, pulumi.DependsOn([]pulumi.Resource{
vpcConnection,
}))
if err != nil {
return err
}
_, err = databasemigrationservice.NewConnectionProfile(ctx, "existing-alloydb", &databasemigrationservice.ConnectionProfileArgs{
Location: pulumi.String("us-central1"),
ConnectionProfileId: pulumi.String("destination-cp"),
DisplayName: pulumi.String("destination-cp_display"),
Labels: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
Postgresql: &databasemigrationservice.ConnectionProfilePostgresqlArgs{
AlloydbClusterId: pulumi.String("destination-alloydb"),
},
}, pulumi.DependsOn([]pulumi.Resource{
destinationAlloydb,
destinationAlloydbPrimary,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var @default = new Gcp.Compute.Network("default", new()
{
Name = "destination-alloydb",
});
var destinationAlloydb = new Gcp.Alloydb.Cluster("destination_alloydb", new()
{
ClusterId = "destination-alloydb",
Location = "us-central1",
NetworkConfig = new Gcp.Alloydb.Inputs.ClusterNetworkConfigArgs
{
Network = @default.Id,
},
DatabaseVersion = "POSTGRES_15",
InitialUser = new Gcp.Alloydb.Inputs.ClusterInitialUserArgs
{
User = "destination-alloydb",
Password = "destination-alloydb",
},
DeletionProtection = false,
});
var privateIpAlloc = new Gcp.Compute.GlobalAddress("private_ip_alloc", new()
{
Name = "destination-alloydb",
AddressType = "INTERNAL",
Purpose = "VPC_PEERING",
PrefixLength = 16,
Network = @default.Id,
});
var vpcConnection = new Gcp.ServiceNetworking.Connection("vpc_connection", new()
{
Network = @default.Id,
Service = "servicenetworking.googleapis.com",
ReservedPeeringRanges = new[]
{
privateIpAlloc.Name,
},
});
var destinationAlloydbPrimary = new Gcp.Alloydb.Instance("destination_alloydb_primary", new()
{
Cluster = destinationAlloydb.Name,
InstanceId = "destination-alloydb-primary",
InstanceType = "PRIMARY",
}, new CustomResourceOptions
{
DependsOn =
{
vpcConnection,
},
});
var existing_alloydb = new Gcp.DatabaseMigrationService.ConnectionProfile("existing-alloydb", new()
{
Location = "us-central1",
ConnectionProfileId = "destination-cp",
DisplayName = "destination-cp_display",
Labels =
{
{ "foo", "bar" },
},
Postgresql = new Gcp.DatabaseMigrationService.Inputs.ConnectionProfilePostgresqlArgs
{
AlloydbClusterId = "destination-alloydb",
},
}, new CustomResourceOptions
{
DependsOn =
{
destinationAlloydb,
destinationAlloydbPrimary,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.alloydb.Cluster;
import com.pulumi.gcp.alloydb.ClusterArgs;
import com.pulumi.gcp.alloydb.inputs.ClusterNetworkConfigArgs;
import com.pulumi.gcp.alloydb.inputs.ClusterInitialUserArgs;
import com.pulumi.gcp.compute.GlobalAddress;
import com.pulumi.gcp.compute.GlobalAddressArgs;
import com.pulumi.gcp.servicenetworking.Connection;
import com.pulumi.gcp.servicenetworking.ConnectionArgs;
import com.pulumi.gcp.alloydb.Instance;
import com.pulumi.gcp.alloydb.InstanceArgs;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfile;
import com.pulumi.gcp.databasemigrationservice.ConnectionProfileArgs;
import com.pulumi.gcp.databasemigrationservice.inputs.ConnectionProfilePostgresqlArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
var default_ = new Network("default", NetworkArgs.builder()
.name("destination-alloydb")
.build());
var destinationAlloydb = new Cluster("destinationAlloydb", ClusterArgs.builder()
.clusterId("destination-alloydb")
.location("us-central1")
.networkConfig(ClusterNetworkConfigArgs.builder()
.network(default_.id())
.build())
.databaseVersion("POSTGRES_15")
.initialUser(ClusterInitialUserArgs.builder()
.user("destination-alloydb")
.password("destination-alloydb")
.build())
.deletionProtection(false)
.build());
var privateIpAlloc = new GlobalAddress("privateIpAlloc", GlobalAddressArgs.builder()
.name("destination-alloydb")
.addressType("INTERNAL")
.purpose("VPC_PEERING")
.prefixLength(16)
.network(default_.id())
.build());
var vpcConnection = new Connection("vpcConnection", ConnectionArgs.builder()
.network(default_.id())
.service("servicenetworking.googleapis.com")
.reservedPeeringRanges(privateIpAlloc.name())
.build());
var destinationAlloydbPrimary = new Instance("destinationAlloydbPrimary", InstanceArgs.builder()
.cluster(destinationAlloydb.name())
.instanceId("destination-alloydb-primary")
.instanceType("PRIMARY")
.build(), CustomResourceOptions.builder()
.dependsOn(vpcConnection)
.build());
var existing_alloydb = new ConnectionProfile("existing-alloydb", ConnectionProfileArgs.builder()
.location("us-central1")
.connectionProfileId("destination-cp")
.displayName("destination-cp_display")
.labels(Map.of("foo", "bar"))
.postgresql(ConnectionProfilePostgresqlArgs.builder()
.alloydbClusterId("destination-alloydb")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
destinationAlloydb,
destinationAlloydbPrimary)
.build());
}
}
resources:
destinationAlloydb:
type: gcp:alloydb:Cluster
name: destination_alloydb
properties:
clusterId: destination-alloydb
location: us-central1
networkConfig:
network: ${default.id}
databaseVersion: POSTGRES_15
initialUser:
user: destination-alloydb
password: destination-alloydb
deletionProtection: false
destinationAlloydbPrimary:
type: gcp:alloydb:Instance
name: destination_alloydb_primary
properties:
cluster: ${destinationAlloydb.name}
instanceId: destination-alloydb-primary
instanceType: PRIMARY
options:
dependsOn:
- ${vpcConnection}
privateIpAlloc:
type: gcp:compute:GlobalAddress
name: private_ip_alloc
properties:
name: destination-alloydb
addressType: INTERNAL
purpose: VPC_PEERING
prefixLength: 16
network: ${default.id}
vpcConnection:
type: gcp:servicenetworking:Connection
name: vpc_connection
properties:
network: ${default.id}
service: servicenetworking.googleapis.com
reservedPeeringRanges:
- ${privateIpAlloc.name}
default:
type: gcp:compute:Network
properties:
name: destination-alloydb
existing-alloydb:
type: gcp:databasemigrationservice:ConnectionProfile
properties:
location: us-central1
connectionProfileId: destination-cp
displayName: destination-cp_display
labels:
foo: bar
postgresql:
alloydbClusterId: destination-alloydb
options:
dependsOn:
- ${destinationAlloydb}
- ${destinationAlloydbPrimary}
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
The postgresql.alloydbClusterId property identifies an existing AlloyDB cluster. Unlike the provisioning example, this omits the settings block entirely. The cluster and its primary instance must exist before creating this connection profile.
Beyond these examples
These snippets focus on specific connection profile features: MySQL and PostgreSQL source connections with SSL variants, Oracle connectivity with static IP, and AlloyDB provisioning and existing cluster references. They’re intentionally minimal rather than full migration configurations.
The examples reference pre-existing infrastructure such as Cloud SQL instances, AlloyDB clusters and primary instances, VPC networks and service networking connections, and SSL certificates and database users. They focus on configuring the connection profile rather than provisioning the surrounding database infrastructure.
To keep things focused, common connection profile patterns are omitted, including:
- Private connectivity and VPC peering configuration
- Forward SSH connectivity for tunneled connections
- Cloud SQL destination provisioning (cloudsql block)
- Connection profile state management and error handling
These omissions are intentional: the goal is to illustrate how each connection profile feature is wired, not provide drop-in migration modules. See the ConnectionProfile resource reference for all available configuration options.
Let's configure GCP Database Migration Service Connection Profiles
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Configuration & Setup
What database types are supported for connection profiles?
Connection profiles support MySQL, PostgreSQL, Oracle, AlloyDB, and Cloud SQL. Each database type has its own configuration block (
mysql, postgresql, oracle, alloydb, cloudsql).What SSL configuration options are available for PostgreSQL connections?
PostgreSQL supports three SSL types:
SERVER_CLIENT (requires clientKey, clientCertificate, and caCertificate), NONE (no SSL), and REQUIRED (SSL without client certificates).How do I reference an existing Cloud SQL instance?
For existing Cloud SQL instances, specify only the
cloudSqlId property in your mysql or postgresql configuration. Don’t include host, port, username, or password.How do I connect to an existing AlloyDB cluster?
Use the
alloydbClusterId property within the postgresql configuration block to reference an existing AlloyDB cluster.What's the difference between mysql and cloudsql properties?
The
mysql property defines connection parameters for MySQL databases (including Cloud SQL MySQL). The cloudsql property is used to create a new Cloud SQL destination instance with specific settings like tier, edition, and storage configuration.Dependencies & Networking
Why do I need VPC peering for AlloyDB connection profiles?
AlloyDB requires VPC peering to be established before creating the connection profile. The examples show
dependsOn: [vpcConnection] to ensure the VPC connection is created first.Immutability & Lifecycle
What properties can't be changed after creation?
The
connectionProfileId, project, and location properties are immutable and cannot be changed after the connection profile is created.Labels & Metadata
What does non-authoritative mean for the labels field?
The
labels field only manages labels present in your Pulumi configuration. It won’t remove labels set by other clients or services. Use effectiveLabels to see all labels on the resource.How can I import an existing connection profile?
You can import using three formats:
projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}, {{project}}/{{location}}/{{connection_profile_id}}, or {{location}}/{{connection_profile_id}}.