GCP external ip address range

Question

I have few virtual machines on the cloud of Google.

My virtual machine running an application that connect to database server. The database server is protected with two types of authentications:

1. Password
2. IP addresses white-list

My problem is with - IP address. I need to define the allowed IPs manually on my database, in order to allow them to connect. Since I not controlling the external IP address (the changed dynamically), I looking to other solution.

Found this script to get the whole range of Google IPs. But as the script writer said - this range of IP is changing in high frequency. Which is big problem - I can't trust this kind of solution.

It sound like I facing common problem - What to do?

Answer 1

In addition, please note you get the following benefits using private IP to connect to Cloud SQL:

• Lower network latency: Private IP provides lower latency than public IP.
• Improved network security: Private services access traffic is never exposed to the public Internet.

Plus, you can follow these steps to configure Private IP connectivity in your CloudSQL instances. Along with VPC firewall rules and network tags in order to allow/deny specific traffic in/out your GCP project and VM instances.

Answer 2

You could in a more simple way use private ip in your CloudSQL.

This way your instances will be using their internal ip and not the external IP and as you should have defined a VPC you have full control over the range you should allow.