diff --git a/google/resource_sql_database_instance.go b/google/resource_sql_database_instance.go
index 1b425743..7dc2f553 100644
--- a/google/resource_sql_database_instance.go
+++ b/google/resource_sql_database_instance.go
@@ -16,6 +16,8 @@ import (
 	"google.golang.org/api/sqladmin/v1beta4"
 )
 
+const privateNetworkLinkRegex = "projects/(" + ProjectRegex + ")/global/networks/((?:[a-z](?:[-a-z0-9]*[a-z0-9])?))$"
+
 var sqlDatabaseAuthorizedNetWorkSchemaElem *schema.Resource = &schema.Resource{
 	Schema: map[string]*schema.Schema{
 		"expiration_time": &schema.Schema{
@@ -180,6 +182,12 @@ func resourceSqlDatabaseInstance() *schema.Resource {
 										Type:     schema.TypeBool,
 										Optional: true,
 									},
+									"private_network": &schema.Schema{
+										Type:             schema.TypeString,
+										Optional:         true,
+										ValidateFunc:     validateRegexp(privateNetworkLinkRegex),
+										DiffSuppressFunc: compareSelfLinkRelativePaths,
+									},
 								},
 							},
 						},
@@ -615,6 +623,7 @@ func expandIpConfiguration(configured []interface{}) *sqladmin.IpConfiguration {
 	return &sqladmin.IpConfiguration{
 		Ipv4Enabled:        _ipConfiguration["ipv4_enabled"].(bool),
 		RequireSsl:         _ipConfiguration["require_ssl"].(bool),
+		PrivateNetwork:     _ipConfiguration["private_network"].(string),
 		AuthorizedNetworks: expandAuthorizedNetworks(_ipConfiguration["authorized_networks"].(*schema.Set).List()),
 	}
 }
@@ -1121,8 +1130,9 @@ func flattenDatabaseFlags(databaseFlags []*sqladmin.DatabaseFlags) []map[string]
 
 func flattenIpConfiguration(ipConfiguration *sqladmin.IpConfiguration) interface{} {
 	data := map[string]interface{}{
-		"ipv4_enabled": ipConfiguration.Ipv4Enabled,
-		"require_ssl":  ipConfiguration.RequireSsl,
+		"ipv4_enabled":    ipConfiguration.Ipv4Enabled,
+		"private_network": ipConfiguration.PrivateNetwork,
+		"require_ssl":     ipConfiguration.RequireSsl,
 	}
 
 	if ipConfiguration.AuthorizedNetworks != nil {
diff --git a/website/docs/r/sql_database_instance.html.markdown b/website/docs/r/sql_database_instance.html.markdown
index 7a2a2a5d..07c83b03 100644
--- a/website/docs/r/sql_database_instance.html.markdown
+++ b/website/docs/r/sql_database_instance.html.markdown
@@ -205,6 +205,8 @@ The optional `settings.ip_configuration` subblock supports:
 * `require_ssl` - (Optional) True if mysqld should default to `REQUIRE X509`
     for users connecting over IP.
 
+* `private_network` - (Optional) The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP.
+
 The optional `settings.ip_configuration.authorized_networks[]` sublist supports:
 
 * `expiration_time` - (Optional) The [RFC 3339](https://tools.ietf.org/html/rfc3339)