Cloudsviewer
  • Home
  • Google Cloud
  • AWS Amazon
  • Azure
No Result
View All Result
  • Home
  • Google Cloud
  • AWS Amazon
  • Azure
No Result
View All Result
cloudsviewer.com
No Result
View All Result
Home Google Cloud

Cloud SQL IAM authentication from Kubernetes and Google Cloud provided connectors

February 8, 2023
Public Preview for Cloud SQL Auth Proxy Kubernetes Operator
Share on FacebookShare on Twitter


Hardening a posh software is a problem, extra so for functions that embrace a number of layers with completely different authentication schemes. One widespread query is “how you can combine Cloud SQL for PostgreSQL or MySQL inside your authentication circulation?” 

Cloud SQL has at all times supported password-based authentication. There are, nevertheless, many questions that include this method: 

  • The place do you have to retailer the password? 

  • How do you handle completely different passwords for various environments? 

  • Who audits password complexity?

Ideally, it will be preferable to not have to fret about passwords in any respect. Utilizing username and password authentication additionally breaks the identification chain. Whoever is aware of the password can impersonate a database function, successfully making it unattainable to ascribe actions on an audit file to a particular particular person (or service account). Furthermore, disabling an account requires discovering out all of the related database logins and disabling them as effectively. However how will you make sure nobody else shares the identical login? 

It’s clear that this method doesn’t scale effectively. As only one instance, managing a number of database cases with a number of functions can shortly change into a frightening job. To unravel these challenges, Cloud SQL for PostgreSQL and MySQL customers can use Cloud SQL Identification and Entry Administration (IAM)-mapped logins with Cloud SQL Proxy with Automated Authentication.

Cloud SQL IAM-mapped logins

Cloud SQL’s IAM Database Authentication function permits mapping preexisting Cloud IAM principals (customers or service accounts) to database native roles. This implies you possibly can ask the Google Cloud Platform to create logins that match the e-mail tackle of the IAM principal. 

GCP may also deal with the password for you (together with storage and rotation). However how will you use it?

In case your account has legitimate IAM credentials (cloudsql.cases.login), Google Cloud offers you the token that you need to use to authenticate. Mainly, Google Cloud will offer you the Cloud SQL password, you possibly can then use the password to attach on to Cloud SQL for PostgreSQL and MySQL.

Whereas you are able to do that your self (by way of handbook IAM database authentication), it will be greatest to have it dealt with routinely — resembling when issuing gcloud sql generate-login-token. Google Cloud offers connectors for a lot of languages that automate this job. (For an instance of this, you possibly can see the Golang driver for PostgreSQL in motion right here.) With these connectors, authenticating to Cloud SQL for PostgreSQL and MySQL could be safe and handy. 

Sadly, we don’t at all times have the luxurious of adjusting the applying code to utilize the brand new drivers. In that situation you need to use a Google Cloud-provided proxy, known as Cloud SQL Auth proxy. This proxy permits your software to utilize the brand new Automated IAM Database Authentication with none change to your codebase.

Cloud SQL Auth proxy 

The Cloud SQL Auth proxy has the Automated IAM Database authentication function. It permits functions oblivious to Cloud SQL IAM principals to authenticate as a IAM principal

For instance, if the Cloud SQL auth proxy runs within the context of a service account — possibly as a result of it had inherited it from the Compute Engine it runs on — each connection that connects to the proxy will be capable to authenticate as that service account. 

The next picture exhibits how your software, as a substitute of connecting to Cloud SQL straight, can connect with the Cloud SQL Auth Proxy course of operating in the identical Compute Engine occasion. The Proxy will in flip deal with authentication and connection to the Cloud SQL Occasion by way of a safe TLS connection.



Source link

Guest

Guest

Next Post
Microsoft named a Leader in the IDC MarketScape: Worldwide MLOps Platforms 2022 Vendor Assessment | Azure Blog and Updates

Automate your attack response with Azure DDoS Protection solution for Microsoft Sentinel | Azure Blog and Updates

Recommended.

Five Behaviors for Digital Diffusion in EMEA

Securing apps for Googlers using Anthos Service Mesh

August 14, 2022
Five Behaviors for Digital Diffusion in EMEA

How Ocado Technology delivers online grocery shopping securely with Google Cloud

July 11, 2022

Trending.

Complete list of Google Cloud blog links 2021

Complete list of Google Cloud blog links 2021

April 18, 2021
New for Amazon SageMaker – Perform Shadow Tests to Compare Inference Performance Between ML Model Variants

New for Amazon SageMaker – Perform Shadow Tests to Compare Inference Performance Between ML Model Variants

December 22, 2022
AWS Named as a Leader for the 11th Consecutive Year in 2021 Gartner Magic Quadrant for Cloud Infrastructure & Platform Services (CIPS)

AWS Named as a Leader for the 11th Consecutive Year in 2021 Gartner Magic Quadrant for Cloud Infrastructure & Platform Services (CIPS)

August 2, 2021
Introducing a Google Cloud architecture diagramming tool

Introducing a Google Cloud architecture diagramming tool

February 17, 2022
Automating income taxes with Document AI

Automating income taxes with Document AI

April 18, 2022
  • Advertise
  • Privacy & Policy

© 2022 Cloudsviewer - Cloud computing news. Quick and easy.

No Result
View All Result
  • Home

© 2022 Cloudsviewer - Cloud computing news. Quick and easy.