Top / Google Cloud Platform / Google Cloud SQL / User

Google Cloud SQL User

This page shows how to write Terraform for Cloud SQL User and write them securely.

Review your .tf file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

google_sql_user (Terraform)

The User in Cloud SQL can be configured in Terraform with the resource name google_sql_user. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

An example could not be found in GitHub.

Review your Terraform file for Google best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

deletion_policy optional - string

The deletion policy for the user. Setting ABANDON allows the resource to be abandoned rather than deleted. This is useful for Postgres, where users cannot be deleted from the API if they have been granted SQL roles. Possible values are: "ABANDON".

host optional - string

The host the user can connect from. This is only supported for MySQL instances. Don't set this field for PostgreSQL instances. Can be an IP address. Changing this forces a new resource to be created.

id optional computed - string
instance required - string

The name of the Cloud SQL instance. Changing this forces a new resource to be created.

name required - string

The name of the user. Changing this forces a new resource to be created.

password optional - string

The password for the user. Can be updated. For Postgres instances this is a Required field, unless type is set to either CLOUD_IAM_USER or CLOUD_IAM_SERVICE_ACCOUNT.

project optional computed - string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

type optional - string

The user type. It determines the method to authenticate the user during login. The default is the database's built-in user type. Flags include "BUILT_IN", "CLOUD_IAM_USER", or "CLOUD_IAM_SERVICE_ACCOUNT".

timeouts single block
- create optional - string
- delete optional - string
- update optional - string

>> from Terraform Registry

Explanation in Terraform Registry

Creates a new Google SQL User on a Google SQL User Instance. For more information, see the official documentation, or the JSON API.
Note: All arguments including the username and password will be stored in the raw state as plain-text. Read more about sensitive data in state. Passwords will not be retrieved when running "terraform import".

>> from Terraform Registry

Tips: Best Practices for The Other Google Cloud SQL Resources

In addition to the google_sql_database_instance, Google Cloud SQL has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.

google_sql_database_instance

Ensure to disable local_infile setting in MySQL

It is better to disable the local_infile setting in MySQL. If this is not disabled, arbitrary files might be readable.

Review your Google Cloud SQL settings

In addition to the above, there are other security points you should be aware of making sure that your .tf files are protected in Shisho Cloud.

The Other Related Google Cloud SQL Resources

Google Cloud SQL Database

Google Cloud SQL Database Instance

Google Cloud SQL Source Representation Instance

Google Cloud SQL SSL Cert

Frequently asked questions

What is Google Cloud SQL User?

Google Cloud SQL User is a resource for Cloud SQL of Google Cloud Platform. Settings can be wrote in Terraform.

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

google_sql_user
Frequently asked questions