Getting 403 when trying to connect to Cloud SQL instance

Question

I'm trying to create a connection from Data Fusion to Cloud SQL Postgres.

I'm stuck with connection error, and no idea how to solve it. Here's what I have done so far:

• Datacloud API enabled Data Fusion instance is created with private IP cluster.
• All permissions from Cloud SQL are granted to Data Fusion service accounts (SQL client, -manager, admin).
• In the Cloud SQL instance, the private networking is enabled.

This error arises, when I try to create a connection to our Cloud SQL (Postgres) instance:

Failed to create connection to database via connection string: jdbc:postgresql://google/"omitted project Id"&socketFactory=com.google.cloud.sql.postgres.SocketFactory&useSSL=true:5432/"omitted tablename" and arguments: {user="omitted"}.

Error: GoogleJsonResponseException: 403 Forbidden { "code" : 403, "errors" : [ { "domain" : "global", "message" : "The client is not authorized to make this request.", "reason" : "notAuthorized" } ], "message" : "The client is not authorized to make this request." }.

Make sure you specify the correct connection properties.

Answer 1

When connecting to cloud sql with a private Data fusion Instance you need to set up a cloud sql Auth proxy. Atleast this was how we managed it.

Answer 2

A 403 means you don't have permission. Make sure that whatever service account your service is using has the "Cloud SQL Client" role in the project the instance lives in, as well as that the Cloud SQL Admin API is enabled (in the project the service account belongs too).