google::database-instance

Creates a database instance.

Example

google::database-instance database-instance-example
    name: "gyro-db-test"

    settings
        activation-policy: "ALWAYS"
        availability-type: "REGIONAL"
        connector-enforcement: "NOT_REQUIRED"
        data-disk-size-gb: 20
        data-disk-type: 'PD_SSD'
        deletion-protection-enabled: false
        pricing-plan: "PER_USE"
        storage-auto-resize: true
        storage-auto-resize-limit: 100
        tier: "db-perf-optimized-N-2"
        edition: "ENTERPRISE_PLUS"

        data-cache-config
            data-cache-enabled: true
        end

        backup-configuration
            enabled: true
            start-time: "09:00"
            transaction-log-retention-days: 14
            binary-log-enabled: true

            backup-retention-settings
                retention-unit: "COUNT"
                retained-backups: 15
            end
        end

        user-labels: {
            "example": "example"
        }

        ip-configuration
            ipv4-enabled: true
            server-ca-mode: 'GOOGLE_MANAGED_INTERNAL_CA'
            ssl-mode: 'ALLOW_UNENCRYPTED_AND_ENCRYPTED'
            private-network: $(external-query google::compute-network { name: "test-db" })

            authorized-networks
                name: "example-QA-enviroment"
                value: "3.131.207.174/32"
            end
        end

        location-preference
            zone: 'us-central1-c'
            secondary-zone: 'us-central1-b'
        end

        password-validation-policy
            complexity: "COMPLEXITY_DEFAULT"
            disallow-username-substring: true
            enable-password-policy: true
            min-length: 8
            reuse-interval: 1
        end
    end

    database-version: "MYSQL_8_0_31"
    gce-zone: "us-central1-c"
    secondary-gce-zone: "us-central1-b"
    instance-type: "CLOUD_SQL_INSTANCE"
    region: "us-central1"
    backend-type: "SECOND_GEN"

    scheduled-maintenance
        can-reschedule: true
        schedule-deadline-time: "2025-02-31T23:59:59.00Z"
        start-time: "2024-12-31T23:59:59.00Z"
    end
end

google::database-instance database-instance-example-replica
    name: "gyro-db-test-replica"
    master-instance: $(google::database-instance database-instance-example)

    settings
        edition: "ENTERPRISE_PLUS"
        tier: "db-perf-optimized-N-2"

        ip-configuration
            ipv4-enabled: true
        end

        location-preference
            zone: 'us-central1-c'
            secondary-zone: 'us-central1-b'
        end
    end
end

Attributes

Attribute Description
backend-type The type of the backend that is used for this instance. Valid values are SECOND_GEN or EXTERNAL.
database-version The database version for this instance. Valid values are MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, MYSQL_8_0_18, MYSQL_8_0_26, MYSQL_8_0_27, MYSQL_8_0_28, MYSQL_8_0_29, MYSQL_8_0_30, MYSQL_8_0_31, MYSQL_8_0_32, MYSQL_8_0_33, MYSQL_8_0_34, MYSQL_8_0_35, MYSQL_8_0_36, MYSQL_8_0_37, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB, SQLSERVER_2019_STANDARD, SQLSERVER_2019_ENTERPRISE, SQLSERVER_2019_EXPRESS, SQLSERVER_2019_WEB, SQLSERVER_2022_STANDARD, SQLSERVER_2022_ENTERPRISE, SQLSERVER_2022_EXPRESS or SQLSERVER_2022_WEB.
disk-encryption-configuration subresource

The disk encryption configuration for this instance.

key
The KMS key for disk encryption (Required)
disk-encryption-status subresource

The disk encryption status for this instance.

key-version
The KMS key version used to encrypt the Cloud SQL instance resource (Required)
failover-replica subresource

The failover replica for this instance.

name
The name of the failover replica.
region The region for this instance. Defaults to us-central1.
gce-zone The GCE zone for this instance.
secondary-gce-zone The secondary GCE zone for this instance.
instance-type The type of the instance. Valid values are CLOUD_SQL_INSTANCE, ON_PREMISES_INSTANCE or READ_REPLICA_INSTANCE.
master-instance resource

The instance which will act as primary in the replication setup.

name The name of the instance. (Required)
on-premises-configuration subresource

The on-premises configuration for this instance.

ca-certificate
The PEM representation of the trusted CA’s x509 certificate.
client-certificate
The PEM representation of the replica’s x509 certificate.
client-key
The PEM representation of the replica’s private key.
dump-file-path
The dump file to create the Cloud SQL replica.
host-port
The host and port of the on-premises instance in host:port format
password
The password for connecting to on-premises instance.
source-instance
The Cloud SQL instance if the source is Cloud SQL.
username
The username for connecting to on-premises instance.
replica-configuration subresource

The configuration specific to failover replicas and read replicas.

cascadable-replica

When set to true, the SQL Server replica is a cascadable replica. A cascadable replica is a SQL Server cross

region replica that supports replica(s) under it.

failover-target
When set to true, the replica is the failover target.
mysql-replica-configuration subresource

The MySQL specific configuration when replicating from a MySQL on-premises primary instance.

ca-certificate
The PEM representation of the trusted CA’s x509 certificate.
client-certificate
The PEM representation of the replica’s x509 certificate.
client-key
The PEM representation of the replica’s private key.
connect-retry-interval
The seconds to wait between connect retries.
dump-file-path
The path to a SQL dump file in Google Cloud Storage from which the replica instance is to be created.
master-heartbeat-period
The Interval in milliseconds between replication heartbeats.
password
The password for the replication connection.
ssl-cipher
The list of permissible ciphers to use for SSL encryption.
username
The username for the replication connection.
verify-server-certificate

When set to true, checks if the primary instance’s Common Name value in the certificate that it sends during

the SSL handshake.

replication-cluster subresource

The replication cluster for this instance.

This field can not be set on creation.

failover-dr-replica-name

The disaster recovery (DR) replica for a primary instance.

If the instance is a read replica, then the field is not set. Set this field to a replica name to designate a DR replica for a primary instance. Remove the replica name to remove the DR replica designation. Only for Enterprise Plus edition instances. (Required)

root-password The initial root password for this instance.
scheduled-maintenance subresource

The scheduled maintenance period for this instance.

can-reschedule
When set to true, the scheduled maintenance can be rescheduled.
schedule-deadline-time
The deadline after which maintenance cannot be rescheduled.
start-time
The start time of the scheduled maintenance in RFC 3339 UTC “Zulu” format, for e.g. “2014-10-02T15:01:23Z”.
settings subresource

The settings for this instance. (Required)

activation-policy
The activation policy specifies when the instance is activated. Valid values are ALWAYS or NEVER.
active-directory-config subresource

The active Directory configuration, relevant only for Cloud SQL for SQL Server.

domain
The name of the domain. (Required)
advanced-machine-features subresource

The advanced machine configuration for the instances relevant only for SQL Server.

threads-per-core
The number of threads per physical core. (Required)
availability-type
The availability type of the given Cloud SQL instance. Valid values are ZONAL or REGIONAL.
backup-configuration subresource

The daily backup configuration for the instance.

backup-retention-settings subresource

The backup retention settings.

retained-backups
The number of backups to retain.
retention-unit
The unit that the retained backups represents. Currently the only supported value is COUNT. Can only be set if retained-backups is set.
binary-log-enabled
When set to true, binary log is enabled.
enabled
When set to true, the backup configuration is enabled. (Required)
location
The location of the backup.
point-in-time-recovery-enabled
When set to true, point in time recovery is enabled.
start-time
The start time for the daily backup configuration in UTC timezone in the 24 hour format - HH:MM. Valid values satisfy the regex: [([01][0-9]|2[0-3]):([0-5][0-9])].
transaction-log-retention-days
The number of days of transaction logs we retain for point in time restore, from 1-7.
collation
The name of server Instance collation.
connector-enforcement
Specifies if connections must use Cloud SQL connectors. Valid values are NOT_REQUIRED or REQUIRED.
crash-safe-replication-enabled
When set to true, database flags for crash- safe replication are enabled.
data-cache-config subresource

The configuration for data cache.

data-cache-enabled
When set to true, data cache is enabled. (Required)
data-disk-size-gb
The size of data disk, in GB. Valid values are between 10 to 65536.
data-disk-type
The type of data disk. Valid values are PD_SSD or PD_HDD.
database-flags list subresource

The database flags passed to the instance at startup.

name
the name of the flag. (Required)
value
the value of the flag.
database-replication-enabled
When set to true, replication is enabled for databases.
deletion-protection-enabled
When set to true, protects against accidental instance deletion.
deny-maintenance-periods list subresource

The date ranges during when all CSA rollout will be denied.

end-date

The end date of the maintenance deny period. The date is in format yyyy-mm-dd or mm-dd.

If the year is omitted, the period recurs every year. Can only be set if start-date is set. Valid values satisfy the regex: [([0-9]{4}\\-)?[0-1][0-9]\\-[0-3][0-9]].

start-date

The start date of the maintenance deny period. The date is in format yyyy-mm-dd or mm-dd.

If the year is omitted, the period recurs every year. Valid values satisfy the regex: [([0-9]{4}\\-)?[0-1][0-9]\\-[0-3][0-9]]. (Required)

time
The time of the maintenance deny period in UTC. The time is in format: HH:mm:SS Can only be set if start-date is set. Valid values satisfy the regex: [[0-2][0-9]:[0-5][0-9]:[0-5][0-9]].
edition
The edition of the instance. Valid values are ENTERPRISE_PLUS or ENTERPRISE.
enable-dataplex-integration
When set to true, schema extraction for Dataplex on Cloud SQL instances is activated.
enable-google-ml-integration

When set to true, Cloud SQL instances can connect to Vertex AI to pass requests for real-time predictions and

insights to the AI

insights-config subresource

The insights config.

query-insights-enabled
When set to true query insights in enabled. (Required)
query-plans-per-minute
The number of query execution plans captured by Insights per minute for all queries combined. Default is 5.
query-string-length

The maximum query length stored in bytes. Default value: 1024 bytes.

Changing query length will restart the database. Valid values are between 256 to 4500.

record-application-tags
When set to true, query Insights will record application tags from query.
record-client-address
When set to true, query Insights will record client address from query.
ip-configuration subresource

The settings for IP Management. This allows to enable or disable the instance IP and manage which external

networks can connect to the instance.

allocated-ip-range
The name of the allocated ip range for the private ip Cloud SQL instance.
authorized-networks list subresource

The list of external networks that are allowed to connect to the instance using the IP.

expiration-time
The time when this access control entry expires in RFC 3339 format, for example 2012-11-15T16:19:00.094Z
name
The label to identify this entry.
value
The allowlisted value for the access control list. (Required)
enable-private-path-for-google-cloud-services
When set to true, allows connectivity to private IP instances from Google services, such as BigQuery.
ipv4-enabled
When set to true, the instance is assigned a public IP address.
private-network
The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP.
psc-config subresource

The PSC settings for this instance.

allowed-consumer-projects list
The list of consumer projects that are allow-listed for PSC connections to this instance. Can only be set if psc-enabled is set.
psc-enabled
When set to true, PSC is enabled. (Required)
server-ca-mode
The type of CA used for the server certificate.
ssl-mode
The SSL/TLS is enforced in database connections Valid values are ALLOW_UNENCRYPTED_AND_ENCRYPTED, ENCRYPTED_ONLY or TRUSTED_CLIENT_CERTIFICATE_REQUIRED.
location-preference subresource

The location preference settings.

secondary-zone

The preferred Compute Engine zone for the secondary/failover

To disable this field, set it to no_secondary_zone.

zone

The preferred Compute Engine zone.

Changing this might restart the instance.

maintenance-window subresource

The maintenance window for this instance. This specifies when the instance can be restarted for maintenance

purposes.

day

The day of week in positive integers where 1 = Monday and 7 = Sunday.

In the UTC timezone Valid values are between 1 to 7. (Required)

hour
The hour of day from 0 to 23. Valid values are between 0 to 23. (Required)
update-track

The maintenance timing settings.

See also About maintenance on Cloud SQL instances. Valid values are canary, stable or week5. (Required)

password-validation-policy subresource

The local user password validation policy of the instance.

complexity
The complexity of the password. Valid values are COMPLEXITY_DEFAULT or COMPLEXITY_UNSPECIFIED.
disallow-username-substring
When set to true, disallows username as a part of the password.
enable-password-policy
When set to true, password policy is enabled. (Required)
min-length
The minimum number of characters allowed.
password-change-interval

The minimum interval after which the password can be changed.

Only for PostgresSQL.

reuse-interval
The number of previous passwords that cannot be reused.
pricing-plan
The pricing plan for this instance. Valid values are PER_USE or PACKAGE.
sql-server-audit-config subresource

The configuration for SQL Server audit logging.

bucket
The destination bucket for the audit files. (Required)
retention-interval
The number of days for which to keep generated audit files.
upload-interval
The interval in minutes at which to upload generated audit files.
storage-auto-resize
When set to true, storage size increases automatically.
storage-auto-resize-limit
The maximum size to which storage capacity can be automatically increased.
tier
The tier (or machine type) for this instance. (Required)
time-zone
The server timezone of the instance.
user-labels map
The user labels for the instance.
switch-transaction-logs-to-cloud-storage-enabled When set to true, the point-in-time recovery log files are switched from a sata disk to Cloud Storage.

Outputs

Attribute Description
suspension-reason list The reason for suspension of this instance. Valid values are BILLING_ISSUE, LEGAL_ISSUE, OPERATIONAL_ISSUE and KMS_KEY_ISSUE.
self-link The URI for this instance.
service-account-email-address The service account email address for this instance.
server-ca-cert subresource

The server CA certificate for this instance.

cert
The PEM representation of the certificate.
cert-serial-number
The serial number, as extracted from the certificate.
common-name
The user supplied name of the cert.
create-time
The time when the certificate was created
expiration-time
The time when the certificate expires
instance
Name of the database instance.
self-link
The URI of this resource.
sha1-fingerprint
The Sha1 Fingerprint.
state The state of this instance.
maintenance-version The maintenance version for this instance.
available-maintenance-versions list The list of available maintenance versions for this instance.
create-time The current create time for this instance.
database-installed-version The current database version running on the instance including minor version
dns-name The DNS name for this instance.
psc-service-attachment-link The link to the PSC service attachment for this instance.
upgradable-database-versions list subresource

The list of upgradable database versions for this instance.

display-name
The display name for the database version.
major-version
The major version of the database version.
name
The name of the database version.
write-endpoint The write endpoint for this instance.
connection-name The connection name of the instance to be used in connection strings.
gemini-config subresource

The Gemini instance configuration for this instance.

active-query-enabled
When set to true, active query is enabled.
entitled
When set to true, gemini is enabled.
flag-recommender-enabled
When set to true, flag recommender is enabled.
google-vacuum-mgmt-enabled
When set to true, google vacuum mgmt is enabled.
index-advisor-enabled
When set to true, index advisor is enabled.
oom-session-cancel-enabled
When set to true, oom session cancel is enabled.
out-of-disk-report subresource

The out of disk report for this instance.

sql-min-recommended-increase-size-gb
The minimum recommended increase size in GigaBytes.
sql-out-of-disk-state
The state generated by the proactive database wellness job for OutOfDisk issues.
replica-names list The list of replica names for this instance.
satisfies-pzi When set to true, the instance satisfies PZI.
satisfies-pzs When set to true, the instance satisfies PZS.
sql-network-architecture The SQL network architecture for this instance.
ip-addresses list subresource The list of IP addresses for this instance.