How to fix mysql access denied on google-cloud-platform compute instance

Question

Why my compute engine could not connect MySQL using public IP after I downloaded MySQL-client on my compute instance and I added compute instance's public IP onto CloudSQL authorized connection?

$ mysql -h <cloud-sql-host> -uroot -p
Enter password:
ERROR 1045 (28000): Access denied for user 'XXX'@<cloud_sql_host> (using password: YES)

Answer 1

Another reason could be that your instance is configured only to accept connections with valid client certificates. Fell into this trap several times myself.

Answer 2

So for the new Integration Connectors and MySQL I was getting this error:

[28000] Access denied for 'username'@'34.3.56.65'

The resolution was to add the ipaddress 34.3.56.65 to my whitelist list on MySQL Admin on my local control panel.

Answer 3

There are several areas that you must set up to grant access.

1) Compute Engine Scopes

Go to the Google Cloud Console for Compute Engine. Double check the scopes that are permitted for the service account for Compute Engine. By default Cloud SQL is not permitted.

2) Service Account Permissions

Check is the role that you assigned to service account assigned to Compute Engine. You will need one of the Cloud SQL roles. Usually, you will need Cloud SQL Client. The scopes that I previously mentioned serve to reduce and not increase a service account's permissions. You still need to have the correct permissions granted to the service account.

https://cloud.google.com/sql/docs/mysql/connect-external-app

3) Google Cloud SQL database permissions

Verify that your MySQL login has been "granted" permission to login.

1. Go to the Google Cloud SQL console.
2. Go to the Users tab.
3. Select your user name.
4. Verify that the host is your public IP address or optionally use % to mean any host.

Note: I recommend using the Cloud SQL Proxy to access Cloud SQL. This is secure and you do not need IP addresses for Cloud SQL.

Cloud SQL Proxy