google::database-instance¶

Creates a database instance.

Example¶

google::database-instance database-instance-example
    name: "gyro-db-test"

    settings
        activation-policy: "ALWAYS"
        availability-type: "REGIONAL"
        connector-enforcement: "NOT_REQUIRED"
        data-disk-size-gb: 20
        data-disk-type: 'PD_SSD'
        deletion-protection-enabled: false
        pricing-plan: "PER_USE"
        storage-auto-resize: true
        storage-auto-resize-limit: 100
        tier: "db-perf-optimized-N-2"
        edition: "ENTERPRISE_PLUS"

        data-cache-config
            data-cache-enabled: true
        end

        backup-configuration
            enabled: true
            start-time: "09:00"
            transaction-log-retention-days: 14
            binary-log-enabled: true

            backup-retention-settings
                retention-unit: "COUNT"
                retained-backups: 15
            end
        end

        user-labels: {
            "example": "example"
        }

        ip-configuration
            ipv4-enabled: true
            server-ca-mode: 'GOOGLE_MANAGED_INTERNAL_CA'
            ssl-mode: 'ALLOW_UNENCRYPTED_AND_ENCRYPTED'
            private-network: $(external-query google::compute-network { name: "test-db" })

            authorized-networks
                name: "example-QA-enviroment"
                value: "3.131.207.174/32"
            end
        end

        location-preference
            zone: 'us-central1-c'
            secondary-zone: 'us-central1-b'
        end

        password-validation-policy
            complexity: "COMPLEXITY_DEFAULT"
            disallow-username-substring: true
            enable-password-policy: true
            min-length: 8
            reuse-interval: 1
        end
    end

    database-version: "MYSQL_8_0_31"
    gce-zone: "us-central1-c"
    secondary-gce-zone: "us-central1-b"
    instance-type: "CLOUD_SQL_INSTANCE"
    region: "us-central1"
    backend-type: "SECOND_GEN"

    scheduled-maintenance
        can-reschedule: true
        schedule-deadline-time: "2025-02-31T23:59:59.00Z"
        start-time: "2024-12-31T23:59:59.00Z"
    end
end

google::database-instance database-instance-example-replica
    name: "gyro-db-test-replica"
    master-instance: $(google::database-instance database-instance-example)

    settings
        edition: "ENTERPRISE_PLUS"
        tier: "db-perf-optimized-N-2"

        ip-configuration
            ipv4-enabled: true
        end

        location-preference
            zone: 'us-central1-c'
            secondary-zone: 'us-central1-b'
        end
    end
end

Attributes¶

Attribute	Description
backend-type	The type of the backend that is used for this instance. Valid values are `SECOND_GEN` or `EXTERNAL`.
database-version	The database version for this instance. Valid values are `MYSQL_5_6`, `MYSQL_5_7`, `MYSQL_8_0`, `MYSQL_8_0_18`, `MYSQL_8_0_26`, `MYSQL_8_0_27`, `MYSQL_8_0_28`, `MYSQL_8_0_29`, `MYSQL_8_0_30`, `MYSQL_8_0_31`, `MYSQL_8_0_32`, `MYSQL_8_0_33`, `MYSQL_8_0_34`, `MYSQL_8_0_35`, `MYSQL_8_0_36`, `MYSQL_8_0_37`, `POSTGRES_9_6`, `POSTGRES_10`, `POSTGRES_11`, `POSTGRES_12`, `POSTGRES_13`, `POSTGRES_14`, `POSTGRES_15`, `SQLSERVER_2017_STANDARD`, `SQLSERVER_2017_ENTERPRISE`, `SQLSERVER_2017_EXPRESS`, `SQLSERVER_2017_WEB`, `SQLSERVER_2019_STANDARD`, `SQLSERVER_2019_ENTERPRISE`, `SQLSERVER_2019_EXPRESS`, `SQLSERVER_2019_WEB`, `SQLSERVER_2022_STANDARD`, `SQLSERVER_2022_ENTERPRISE`, `SQLSERVER_2022_EXPRESS` or `SQLSERVER_2022_WEB`.
disk-encryption-configuration subresource	The disk encryption configuration for this instance. key The KMS key for disk encryption (Required)
disk-encryption-status subresource	The disk encryption status for this instance. key-version The KMS key version used to encrypt the Cloud SQL instance resource (Required)
failover-replica subresource	The failover replica for this instance. name The name of the failover replica.
region	The region for this instance. Defaults to `us-central1`.
gce-zone	The GCE zone for this instance.
secondary-gce-zone	The secondary GCE zone for this instance.
instance-type	The type of the instance. Valid values are `CLOUD_SQL_INSTANCE`, `ON_PREMISES_INSTANCE` or `READ_REPLICA_INSTANCE`.
master-instance resource	google::database-instance resource The instance which will act as primary in the replication setup.
name	The name of the instance. (Required)
on-premises-configuration subresource	The on-premises configuration for this instance. ca-certificate The PEM representation of the trusted CA’s x509 certificate. client-certificate The PEM representation of the replica’s x509 certificate. client-key The PEM representation of the replica’s private key. dump-file-path The dump file to create the Cloud SQL replica. host-port The host and port of the on-premises instance in host:port format password The password for connecting to on-premises instance. source-instance The Cloud SQL instance if the source is Cloud SQL. username The username for connecting to on-premises instance.
replica-configuration subresource	The configuration specific to failover replicas and read replicas. cascadable-replica When set to `true`, the SQL Server replica is a cascadable replica. A cascadable replica is a SQL Server cross region replica that supports replica(s) under it. failover-target When set to `true`, the replica is the failover target. mysql-replica-configuration subresource The MySQL specific configuration when replicating from a MySQL on-premises primary instance. ca-certificate The PEM representation of the trusted CA’s x509 certificate. client-certificate The PEM representation of the replica’s x509 certificate. client-key The PEM representation of the replica’s private key. connect-retry-interval The seconds to wait between connect retries. dump-file-path The path to a SQL dump file in Google Cloud Storage from which the replica instance is to be created. master-heartbeat-period The Interval in milliseconds between replication heartbeats. password The password for the replication connection. ssl-cipher The list of permissible ciphers to use for SSL encryption. username The username for the replication connection. verify-server-certificate When set to `true`, checks if the primary instance’s Common Name value in the certificate that it sends during the SSL handshake.
replication-cluster subresource	The replication cluster for this instance. This field can not be set on creation. failover-dr-replica-name The disaster recovery (DR) replica for a primary instance. If the instance is a read replica, then the field is not set. Set this field to a replica name to designate a DR replica for a primary instance. Remove the replica name to remove the DR replica designation. Only for Enterprise Plus edition instances. (Required)
root-password	The initial root password for this instance.
scheduled-maintenance subresource	The scheduled maintenance period for this instance. can-reschedule When set to `true`, the scheduled maintenance can be rescheduled. schedule-deadline-time The deadline after which maintenance cannot be rescheduled. start-time The start time of the scheduled maintenance in RFC 3339 UTC “Zulu” format, for e.g. “2014-10-02T15:01:23Z”.
settings subresource	The settings for this instance. (Required) activation-policy The activation policy specifies when the instance is activated. Valid values are `ALWAYS` or `NEVER`. active-directory-config subresource The active Directory configuration, relevant only for Cloud SQL for SQL Server. domain The name of the domain. (Required) advanced-machine-features subresource The advanced machine configuration for the instances relevant only for SQL Server. threads-per-core The number of threads per physical core. (Required) availability-type The availability type of the given Cloud SQL instance. Valid values are `ZONAL` or `REGIONAL`. backup-configuration subresource The daily backup configuration for the instance. backup-retention-settings subresource The backup retention settings. retained-backups The number of backups to retain. retention-unit The unit that the retained backups represents. Currently the only supported value is `COUNT`. Can only be set if `retained-backups` is set. binary-log-enabled When set to `true`, binary log is enabled. enabled When set to `true`, the backup configuration is enabled. (Required) location The location of the backup. point-in-time-recovery-enabled When set to `true`, point in time recovery is enabled. start-time The start time for the daily backup configuration in UTC timezone in the 24 hour format - HH:MM. Valid values satisfy the regex: `[([01][0-9]\|2[0-3]):([0-5][0-9])]`. transaction-log-retention-days The number of days of transaction logs we retain for point in time restore, from 1-7. collation The name of server Instance collation. connector-enforcement Specifies if connections must use Cloud SQL connectors. Valid values are `NOT_REQUIRED` or `REQUIRED`. crash-safe-replication-enabled When set to `true`, database flags for crash- safe replication are enabled. data-cache-config subresource The configuration for data cache. data-cache-enabled When set to `true`, data cache is enabled. (Required) data-disk-size-gb The size of data disk, in GB. Valid values are between `10` to `65536`. data-disk-type The type of data disk. Valid values are `PD_SSD` or `PD_HDD`. database-flags list subresource The database flags passed to the instance at startup. name the name of the flag. (Required) value the value of the flag. database-replication-enabled When set to `true`, replication is enabled for databases. deletion-protection-enabled When set to `true`, protects against accidental instance deletion. deny-maintenance-periods list subresource The date ranges during when all CSA rollout will be denied. end-date The end date of the maintenance deny period. The date is in format yyyy-mm-dd or mm-dd. If the year is omitted, the period recurs every year. Can only be set if `start-date` is set. Valid values satisfy the regex: `[([0-9]{4}\\-)?[0-1][0-9]\\-[0-3][0-9]]`. start-date The start date of the maintenance deny period. The date is in format yyyy-mm-dd or mm-dd. If the year is omitted, the period recurs every year. Valid values satisfy the regex: `[([0-9]{4}\\-)?[0-1][0-9]\\-[0-3][0-9]]`. (Required) time The time of the maintenance deny period in UTC. The time is in format: HH:mm:SS Can only be set if `start-date` is set. Valid values satisfy the regex: `[[0-2][0-9]:[0-5][0-9]:[0-5][0-9]]`. edition The edition of the instance. Valid values are `ENTERPRISE_PLUS` or `ENTERPRISE`. enable-dataplex-integration When set to `true`, schema extraction for Dataplex on Cloud SQL instances is activated. enable-google-ml-integration When set to `true`, Cloud SQL instances can connect to Vertex AI to pass requests for real-time predictions and insights to the AI insights-config subresource The insights config. query-insights-enabled When set to `true` query insights in enabled. (Required) query-plans-per-minute The number of query execution plans captured by Insights per minute for all queries combined. Default is 5. query-string-length The maximum query length stored in bytes. Default value: 1024 bytes. Changing query length will restart the database. Valid values are between `256` to `4500`. record-application-tags When set to `true`, query Insights will record application tags from query. record-client-address When set to `true`, query Insights will record client address from query. ip-configuration subresource The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. allocated-ip-range The name of the allocated ip range for the private ip Cloud SQL instance. authorized-networks list subresource The list of external networks that are allowed to connect to the instance using the IP. expiration-time The time when this access control entry expires in RFC 3339 format, for example `2012-11-15T16:19:00.094Z` name The label to identify this entry. value The allowlisted value for the access control list. (Required) enable-private-path-for-google-cloud-services When set to `true`, allows connectivity to private IP instances from Google services, such as BigQuery. ipv4-enabled When set to `true`, the instance is assigned a public IP address. private-network The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP. psc-config subresource The PSC settings for this instance. allowed-consumer-projects list The list of consumer projects that are allow-listed for PSC connections to this instance. Can only be set if `psc-enabled` is set. psc-enabled When set to `true`, PSC is enabled. (Required) server-ca-mode The type of CA used for the server certificate. ssl-mode The SSL/TLS is enforced in database connections Valid values are `ALLOW_UNENCRYPTED_AND_ENCRYPTED`, `ENCRYPTED_ONLY` or `TRUSTED_CLIENT_CERTIFICATE_REQUIRED`. location-preference subresource The location preference settings. secondary-zone The preferred Compute Engine zone for the secondary/failover To disable this field, set it to `no_secondary_zone`. zone The preferred Compute Engine zone. Changing this might restart the instance. maintenance-window subresource The maintenance window for this instance. This specifies when the instance can be restarted for maintenance purposes. day The day of week in positive integers where 1 = Monday and 7 = Sunday. In the UTC timezone Valid values are between `1` to `7`. (Required) hour The hour of day from 0 to 23. Valid values are between `0` to `23`. (Required) update-track The maintenance timing settings. See also About maintenance on Cloud SQL instances. Valid values are `canary`, `stable` or `week5`. (Required) password-validation-policy subresource The local user password validation policy of the instance. complexity The complexity of the password. Valid values are `COMPLEXITY_DEFAULT` or `COMPLEXITY_UNSPECIFIED`. disallow-username-substring When set to `true`, disallows username as a part of the password. enable-password-policy When set to `true`, password policy is enabled. (Required) min-length The minimum number of characters allowed. password-change-interval The minimum interval after which the password can be changed. Only for PostgresSQL. reuse-interval The number of previous passwords that cannot be reused. pricing-plan The pricing plan for this instance. Valid values are `PER_USE` or `PACKAGE`. sql-server-audit-config subresource The configuration for SQL Server audit logging. bucket The destination bucket for the audit files. (Required) retention-interval The number of days for which to keep generated audit files. upload-interval The interval in minutes at which to upload generated audit files. storage-auto-resize When set to `true`, storage size increases automatically. storage-auto-resize-limit The maximum size to which storage capacity can be automatically increased. tier The tier (or machine type) for this instance. (Required) time-zone The server timezone of the instance. user-labels map The user labels for the instance.
switch-transaction-logs-to-cloud-storage-enabled	When set to `true`, the point-in-time recovery log files are switched from a sata disk to Cloud Storage.

Outputs¶

Attribute	Description
suspension-reason list	The reason for suspension of this instance. Valid values are `BILLING_ISSUE`, `LEGAL_ISSUE`, `OPERATIONAL_ISSUE` and `KMS_KEY_ISSUE`.
self-link	The URI for this instance.
service-account-email-address	The service account email address for this instance.
server-ca-cert subresource	The server CA certificate for this instance. cert The PEM representation of the certificate. cert-serial-number The serial number, as extracted from the certificate. common-name The user supplied name of the cert. create-time The time when the certificate was created expiration-time The time when the certificate expires instance Name of the database instance. self-link The URI of this resource. sha1-fingerprint The Sha1 Fingerprint.
state	The state of this instance.
maintenance-version	The maintenance version for this instance.
available-maintenance-versions list	The list of available maintenance versions for this instance.
create-time	The current create time for this instance.
database-installed-version	The current database version running on the instance including minor version
dns-name	The DNS name for this instance.
psc-service-attachment-link	The link to the PSC service attachment for this instance.
upgradable-database-versions list subresource	The list of upgradable database versions for this instance. display-name The display name for the database version. major-version The major version of the database version. name The name of the database version.
write-endpoint	The write endpoint for this instance.
connection-name	The connection name of the instance to be used in connection strings.
gemini-config subresource	The Gemini instance configuration for this instance. active-query-enabled When set to `true`, active query is enabled. entitled When set to `true`, gemini is enabled. flag-recommender-enabled When set to `true`, flag recommender is enabled. google-vacuum-mgmt-enabled When set to `true`, google vacuum mgmt is enabled. index-advisor-enabled When set to `true`, index advisor is enabled. oom-session-cancel-enabled When set to `true`, oom session cancel is enabled.
out-of-disk-report subresource	The out of disk report for this instance. sql-min-recommended-increase-size-gb The minimum recommended increase size in GigaBytes. sql-out-of-disk-state The state generated by the proactive database wellness job for OutOfDisk issues.
replica-names list	The list of replica names for this instance.
satisfies-pzi	When set to `true`, the instance satisfies PZI.
satisfies-pzs	When set to `true`, the instance satisfies PZS.
sql-network-architecture	The SQL network architecture for this instance.
ip-addresses list subresource	The list of IP addresses for this instance.