google-cloud-sql

Removing 0.0.0.0/0 as allowed IP from a Google SQL instance production


My PHP app is on a DigitalOcean droplet while my MySQL 8.0 database is on Google Cloud SQL.

I was testing for a while on localhost and hence gave 0.0.0.0/0, but now I don't want any server other than my droplet to connect to the Google Cloud SQL instance.

Can I now safely remove 0.0.0.0/0 ?

enter image description here


Solution

  • yes it should be safe, and is actually recommended to remove 0.0.0.0/0 from the allowlist.

    Once this is removed you will still be able to connect from external IPs not in the whitelist using either the CloudSQL auth proxy or with SSL/TLS certificates