2015-10-23 14:10:41 +00:00
---
layout: "google"
page_title: "Google: google_sql_database_instance"
sidebar_current: "docs-google-sql-database-instance"
description: |-
Creates a new SQL database instance in Google Cloud SQL.
---
# google\_sql\_database\_instance
2017-08-10 20:28:52 +00:00
Creates a new Google SQL Database Instance. For more information, see the [official documentation ](https://cloud.google.com/sql/ ),
2018-05-21 21:57:50 +00:00
or the [JSON API ](https://cloud.google.com/sql/docs/admin-api/v1beta4/instances ).
2015-10-23 14:10:41 +00:00
2017-02-01 06:21:11 +00:00
~> **NOTE on `google_sql_database_instance`:** - Second-generation instances include a
default 'root'@'%' user with no password. This user will be deleted by Terraform on
2017-08-10 20:28:52 +00:00
instance creation. You should use `google_sql_user` to define a custom user with
2017-02-01 06:21:11 +00:00
a restricted host and strong password.
2015-10-23 14:10:41 +00:00
## Example Usage
2018-02-09 21:43:49 +00:00
### SQL First Generation
2015-10-23 14:10:41 +00:00
2017-04-17 10:17:54 +00:00
```hcl
2015-10-23 14:10:41 +00:00
resource "google_sql_database_instance" "master" {
2016-04-10 21:34:15 +00:00
name = "master-instance"
2018-02-09 21:43:49 +00:00
database_version = "MYSQL_5_6"
# First-generation instance regions are not the conventional
# Google Compute Engine regions. See argument reference below.
region = "us-central"
2015-10-23 14:10:41 +00:00
2016-04-10 21:34:15 +00:00
settings {
tier = "D0"
}
2015-10-23 14:10:41 +00:00
}
```
2018-02-09 21:43:49 +00:00
### SQL Second generation
```hcl
resource "google_sql_database_instance" "master" {
name = "master-instance"
database_version = "POSTGRES_9_6"
region = "us-central1"
settings {
# Second-generation instance tiers are based on the machine
# type. See argument reference below.
tier = "db-f1-micro"
}
}
```
2018-07-18 22:04:50 +00:00
### Granular restriction of network access
```hcl
resource "google_compute_instance" "apps" {
count = 8
name = "apps-${count.index + 1}"
machine_type = "f1-micro"
2019-01-02 18:27:48 +00:00
2018-07-18 22:04:50 +00:00
boot_disk {
initialize_params {
image = "ubuntu-os-cloud/ubuntu-1804-lts"
}
}
network_interface {
network = "default"
access_config {
// Ephemeral IP
}
}
}
data "null_data_source" "auth_netw_postgres_allowed_1" {
count = "${length(google_compute_instance.apps.*.self_link)}"
inputs = {
name = "apps-${count.index + 1}"
2018-10-02 23:07:28 +00:00
value = "${element(google_compute_instance.apps.*.network_interface.0.access_config.0.nat_ip, count.index)}"
2018-07-18 22:04:50 +00:00
}
}
data "null_data_source" "auth_netw_postgres_allowed_2" {
count = 2
inputs = {
name = "onprem-${count.index + 1}"
value = "${element(list("192.168.1.2", "192.168.2.3"), count.index)}"
}
}
resource "google_sql_database_instance" "postgres" {
name = "postgres-instance"
database_version = "POSTGRES_9_6"
settings {
tier = "db-f1-micro"
2019-01-02 18:27:48 +00:00
2018-07-18 22:04:50 +00:00
ip_configuration {
authorized_networks = [
"${data.null_data_source.auth_netw_postgres_allowed_1.*.outputs}",
"${data.null_data_source.auth_netw_postgres_allowed_2.*.outputs}",
]
}
}
}
```
2018-11-21 18:43:17 +00:00
### Private IP Instance
```hcl
resource "google_compute_network" "private_network" {
2019-01-02 18:27:48 +00:00
name = "private-network"
2018-11-21 18:43:17 +00:00
}
resource "google_compute_global_address" "private_ip_address" {
2019-01-02 18:27:48 +00:00
name = "private-ip-address"
2018-11-21 18:43:17 +00:00
purpose = "VPC_PEERING"
address_type = "INTERNAL"
prefix_length = 16
network = "${google_compute_network.private_network.self_link}"
}
resource "google_service_networking_connection" "private_vpc_connection" {
network = "${google_compute_network.private_network.self_link}"
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = ["${google_compute_global_address.private_ip_address.name}"]
}
resource "google_sql_database_instance" "instance" {
depends_on = ["google_service_networking_connection.private_vpc_connection"]
2019-01-02 18:27:48 +00:00
name = "private-instance"
2018-11-21 18:43:17 +00:00
region = "us-central1"
settings {
tier = "db-f1-micro"
ip_configuration {
ipv4_enabled = "false"
private_network = "${google_compute_network.private_network.self_link}"
}
}
}
```
2015-10-23 14:10:41 +00:00
## Argument Reference
The following arguments are supported:
2018-03-12 20:59:47 +00:00
* `region` - (Required) The region the instance will sit in. Note, first-generation Cloud SQL instance
regions do not line up with the Google Compute Engine (GCE) regions, and Cloud SQL is not
2017-10-05 18:17:05 +00:00
available in all regions - choose from one of the options listed [here ](https://cloud.google.com/sql/docs/mysql/instance-locations ).
2018-05-09 21:16:49 +00:00
A valid region must be provided to use this resource. If a region is not provided in the resource definition,
the provider region will be used instead, but this will be an apply-time error for all first-generation
instances *and* for second-generation instances if the provider region is not supported with Cloud SQL.
If you choose not to provide the `region` argument for this resource, make sure you understand this.
2015-10-23 14:10:41 +00:00
2016-04-10 21:34:15 +00:00
* `settings` - (Required) The settings to use for the database. The
configuration is detailed below.
- - -
2015-10-23 14:10:41 +00:00
2016-10-27 23:11:08 +00:00
* `database_version` - (Optional, Default: `MYSQL_5_6` ) The MySQL version to
2017-06-14 21:11:31 +00:00
use. Can be `MYSQL_5_6` , `MYSQL_5_7` or `POSTGRES_9_6` for second-generation
2016-10-28 12:41:03 +00:00
instances, or `MYSQL_5_5` or `MYSQL_5_6` for first-generation instances.
2017-08-10 20:28:52 +00:00
See [Second Generation Capabilities ](https://cloud.google.com/sql/docs/1st-2nd-gen-differences )
2019-01-28 23:00:16 +00:00
for more information.
2016-04-10 21:34:15 +00:00
* `name` - (Optional, Computed) The name of the instance. If the name is left
blank, Terraform will randomly generate one when the instance is first
created. This is done because after a name is used, it cannot be reused for
2017-02-17 23:37:58 +00:00
up to [one week ](https://cloud.google.com/sql/docs/delete-instance ).
2016-04-10 21:34:15 +00:00
* `master_instance_name` - (Optional) The name of the instance that will act as
the master in the replication setup. Note, this requires the master to have
`binary_log_enabled` set, as well as existing backups.
2018-03-12 20:59:47 +00:00
* `project` - (Optional) The ID of the project in which the resource belongs. If it
2016-04-10 21:34:15 +00:00
is not provided, the provider project is used.
* `replica_configuration` - (Optional) The configuration for replication. The
configuration is detailed below.
2015-10-23 14:10:41 +00:00
The required `settings` block supports:
2017-01-19 14:41:06 +00:00
* `tier` - (Required) The machine tier (First Generation) or type (Second Generation) to use. See
[tiers ](https://cloud.google.com/sql/docs/admin-api/v1beta4/tiers ) for more details and
2017-08-10 20:28:52 +00:00
supported versions. Postgres supports only shared-core machine types such as `db-f1-micro` , and custom
machine types such as `db-custom-2-13312` . See the
[Custom Machine Type Documentation ](https://cloud.google.com/compute/docs/instances/creating-instance-with-custom-machine-type#create )
to learn about specifying custom machine types.
2015-10-23 14:10:41 +00:00
* `activation_policy` - (Optional) This specifies when the instance should be
2016-04-10 21:34:15 +00:00
active. Can be either `ALWAYS` , `NEVER` or `ON_DEMAND` .
2015-10-23 14:10:41 +00:00
2016-04-10 21:34:15 +00:00
* `authorized_gae_applications` - (Optional) A list of Google App Engine (GAE)
project names that are allowed to access this instance.
2015-10-23 14:10:41 +00:00
2018-01-24 17:23:48 +00:00
* `availability_type` - (Optional) This specifies whether a PostgreSQL instance
should be set up for high availability (`REGIONAL`) or single zone (`ZONAL`).
2015-10-23 14:10:41 +00:00
* `crash_safe_replication` - (Optional) Specific to read instances, indicates
2016-04-10 21:34:15 +00:00
when crash-safe replication flags are enabled.
2015-10-23 14:10:41 +00:00
2017-05-18 20:10:52 +00:00
* `disk_autoresize` - (Optional, Second Generation, Default: `true` ) Configuration to increase storage size automatically.
2017-02-01 16:20:31 +00:00
* `disk_size` - (Optional, Second Generation, Default: `10` ) The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased.
* `disk_type` - (Optional, Second Generation, Default: `PD_SSD` ) The type of data disk: PD_SSD or PD_HDD.
2017-02-17 23:38:38 +00:00
* `pricing_plan` - (Optional, First Generation) Pricing plan for this instance, can be one of
2016-04-10 21:34:15 +00:00
`PER_USE` or `PACKAGE` .
2015-12-07 16:40:41 +00:00
2016-04-10 21:34:15 +00:00
* `replication_type` - (Optional) Replication type for this instance, can be one
of `ASYNCHRONOUS` or `SYNCHRONOUS` .
2015-12-07 16:40:41 +00:00
2018-05-30 22:32:11 +00:00
* `user_labels` - (Optional) A set of key/value user label pairs to assign to the instance.
2015-10-23 14:10:41 +00:00
The optional `settings.database_flags` sublist supports:
* `name` - (Optional) Name of the flag.
* `value` - (Optional) Value of the flag.
The optional `settings.backup_configuration` subblock supports:
2017-08-08 15:07:23 +00:00
* `binary_log_enabled` - (Optional) True if binary logging is enabled. If
2019-03-07 16:49:39 +00:00
`settings.backup_configuration.enabled` is false, this must be as well.
Cannot be used with Postgres.
2015-10-23 14:10:41 +00:00
2017-08-08 15:07:23 +00:00
* `enabled` - (Optional) True if backup configuration is enabled.
2015-10-23 14:10:41 +00:00
* `start_time` - (Optional) `HH:MM` format time indicating when backup
2016-04-10 21:34:15 +00:00
configuration starts.
2015-10-23 14:10:41 +00:00
The optional `settings.ip_configuration` subblock supports:
2019-02-20 22:26:34 +00:00
* `ipv4_enabled` - (Optional) Whether this Cloud SQL instance should be assigned
a public IPV4 address. Either `ipv4_enabled` must be enabled or a
`private_network` must be configured.
* `private_network` - (Optional) The VPC network from which the Cloud SQL
instance is accessible for private IP. Specifying a network enables private IP.
Either `ipv4_enabled` must be enabled or a `private_network` must be configured.
2017-08-08 15:07:23 +00:00
* `require_ssl` - (Optional) True if mysqld should default to `REQUIRE X509`
2016-04-10 21:34:15 +00:00
for users connecting over IP.
2015-10-23 14:10:41 +00:00
The optional `settings.ip_configuration.authorized_networks[]` sublist supports:
2016-04-10 21:34:15 +00:00
* `expiration_time` - (Optional) The [RFC 3339 ](https://tools.ietf.org/html/rfc3339 )
formatted date time string indicating when this whitelist expires.
2015-10-23 14:10:41 +00:00
* `name` - (Optional) A name for this whitelist entry.
* `value` - (Optional) A CIDR notation IPv4 or IPv6 address that is allowed to
2016-04-10 21:34:15 +00:00
access this instance. Must be set even if other two attributes are not for
the whitelist to become active.
2015-10-23 14:10:41 +00:00
The optional `settings.location_preference` subblock supports:
* `follow_gae_application` - (Optional) A GAE application whose zone to remain
2016-04-10 21:34:15 +00:00
in. Must be in the same region as this instance.
2015-10-23 14:10:41 +00:00
* `zone` - (Optional) The preferred compute engine
2016-04-10 21:34:15 +00:00
[zone ](https://cloud.google.com/compute/docs/zones?hl=en ).
2015-10-23 14:10:41 +00:00
2017-02-17 23:33:47 +00:00
The optional `settings.maintenance_window` subblock for Second Generation
instances declares a one-hour [maintenance window ](https://cloud.google.com/sql/docs/instance-settings?hl=en#maintenance-window-2ndgen )
2017-10-21 09:55:02 +00:00
when an Instance can automatically restart to apply updates. The maintenance window is specified in UTC time. It supports:
2017-02-17 23:33:47 +00:00
* `day` - (Optional) Day of week (`1-7`), starting on Monday
* `hour` - (Optional) Hour of day (`0-23`), ignored if `day` not set
2017-06-22 17:25:26 +00:00
* `update_track` - (Optional) Receive updates earlier (`canary`) or later
2017-02-17 23:33:47 +00:00
(`stable`)
2016-04-10 21:34:15 +00:00
The optional `replica_configuration` block must have `master_instance_name` set
to work, cannot be updated, and supports:
2015-10-23 14:10:41 +00:00
* `ca_certificate` - (Optional) PEM representation of the trusted CA's x509
2016-04-10 21:34:15 +00:00
certificate.
2015-10-23 14:10:41 +00:00
* `client_certificate` - (Optional) PEM representation of the slave's x509
2016-04-10 21:34:15 +00:00
certificate.
2015-10-23 14:10:41 +00:00
2016-04-10 21:34:15 +00:00
* `client_key` - (Optional) PEM representation of the slave's private key. The
corresponding public key in encoded in the `client_certificate` .
2015-10-23 14:10:41 +00:00
* `connect_retry_interval` - (Optional, Default: 60) The number of seconds
2016-04-10 21:34:15 +00:00
between connect retries.
2015-10-23 14:10:41 +00:00
* `dump_file_path` - (Optional) Path to a SQL file in GCS from which slave
2016-04-10 21:34:15 +00:00
instances are created. Format is `gs://bucket/filename` .
2015-10-23 14:10:41 +00:00
2017-05-22 20:44:25 +00:00
* `failover_target` - (Optional) Specifies if the replica is the failover target.
If the field is set to true the replica will be designated as a failover replica.
If the master instance fails, the replica instance will be promoted as
the new master instance.
2015-10-23 14:10:41 +00:00
* `master_heartbeat_period` - (Optional) Time in ms between replication
2016-04-10 21:34:15 +00:00
heartbeats.
2015-10-23 14:10:41 +00:00
* `password` - (Optional) Password for the replication connection.
* `sslCipher` - (Optional) Permissible ciphers for use in SSL encryption.
* `username` - (Optional) Username for replication connection.
2017-08-08 15:07:23 +00:00
* `verify_server_certificate` - (Optional) True if the master's common name
2016-04-10 21:34:15 +00:00
value is checked during the SSL handshake.
2015-10-23 14:10:41 +00:00
## Attributes Reference
2016-04-10 21:34:15 +00:00
In addition to the arguments listed above, the following computed attributes are
exported:
2015-10-23 14:10:41 +00:00
2019-02-20 19:06:20 +00:00
* `self_link` - The URI of the created resource.
* `connection_name` - The connection name of the instance to be used in
connection strings. For example, when connecting with [Cloud SQL Proxy ](https://cloud.google.com/sql/docs/mysql/connect-admin-proxy ).
2018-03-02 03:47:47 +00:00
2019-02-20 19:06:20 +00:00
* `service_account_email_address` - The service account email address assigned to the
instance. This property is applicable only to Second Generation instances.
2018-06-13 20:19:08 +00:00
2017-01-29 16:36:57 +00:00
* `ip_address.0.ip_address` - The IPv4 address assigned.
2015-10-23 14:10:41 +00:00
2017-01-29 16:36:57 +00:00
* `ip_address.0.time_to_retire` - The time this IP address will be retired, in RFC
2016-04-10 21:34:15 +00:00
3339 format.
2015-10-23 14:10:41 +00:00
2019-02-20 19:06:20 +00:00
* `ip_address.0.type` - The type of this IP address.
2018-11-21 18:43:17 +00:00
2019-02-20 19:06:20 +00:00
* A `PRIMARY` address is an address that can accept incoming connections.
* An `OUTGOING` address is the source address of connections originating from the instance, if supported.
* A `PRIVATE` address is an address for an instance which has been configured to use private networking see: [Private IP ](https://cloud.google.com/sql/docs/mysql/private-ip ).
* `first_ip_address` - The first IPv4 address of any type assigned. This is to
support accessing the [first address in the list in a terraform output ](https://github.com/terraform-providers/terraform-provider-google/issues/912 )
when the resource is configured with a `count` .
* `public_ip_address` - The first public (`PRIMARY`) IPv4 address assigned. This is
a workaround for an [issue fixed in Terraform 0.12 ](https://github.com/hashicorp/terraform/issues/17048 )
but also provides a convenient way to access an IP of a specific type without
performing filtering in a Terraform config.
* `private_ip_address` - The first private (`PRIVATE`) IPv4 address assigned. This is
a workaround for an [issue fixed in Terraform 0.12 ](https://github.com/hashicorp/terraform/issues/17048 )
but also provides a convenient way to access an IP of a specific type without
performing filtering in a Terraform config.
2016-02-22 15:34:51 +00:00
2016-04-10 21:34:15 +00:00
* `settings.version` - Used to make sure changes to the `settings` block are
atomic.
2019-01-02 18:27:48 +00:00
2018-05-30 21:21:28 +00:00
* `server_ca_cert.0.cert` - The CA Certificate used to connect to the SQL Instance via SSL.
* `server_ca_cert.0.common_name` - The CN valid for the CA Cert.
* `server_ca_cert.0.create_time` - Creation time of the CA Cert.
* `server_ca_cert.0.expiration_time` - Expiration time of the CA Cert.
* `server_ca_cert.0.sha1_fingerprint` - SHA Fingerprint of the CA Cert.
2018-04-03 21:44:18 +00:00
## Timeouts
`google_sql_database_instance` provides the following
[Timeouts ](/docs/configuration/resources.html#timeouts ) configuration options:
- `create` - Default is 10 minutes.
- `update` - Default is 10 minutes.
- `delete` - Default is 10 minutes.
2017-06-22 17:25:26 +00:00
## Import
2018-08-28 23:51:37 +00:00
Database instances can be imported using one of any of these accepted formats:
2017-06-22 17:25:26 +00:00
```
2018-08-28 23:51:37 +00:00
$ terraform import google_sql_database_instance.master projects/{{project}}/instances/{{name}}
$ terraform import google_sql_database_instance.master {{project}}/{{name}}
$ terraform import google_sql_database_instance.master {{name}}
2018-09-12 21:37:07 +00:00
```
~> **NOTE:** Some fields (such as `replica_configuration` ) won't show a diff if they are unset in
config and set on the server.
When importing, double-check that your config has all the fields set that you expect- just seeing
no diff isn't sufficient to know that your config could reproduce the imported resource.