Google Cloud Function access Cloud SQL PostgreSQL in another project

Question

My Cloud Function can't connect to my Cloud SQL PostgreSQL instance. I'm receiving the error:

psycopg2.OperationalError: could not connect to server: Connection timed out
Is the server running on host "my.private.db.ip" and accepting
TCP/IP connections on port 5432?

There are 2 projects(A and B), connected via VPC Peering.

• Project A - Cloud SQL PostgreSQL
• Project B - Cloud Function

Is there restrictions on using this architecture?

• I'm trying to connect to my DB using private IP.
• Already have other Cloud Functions on project B connecting with sucess to VM instances on Project A.

Note: I'm trying to not use public ip for this connection.

Answer 1

You can't access to the Cloud SQL instance because of VPC peering transitivity limitation. In fact, if you have a look to VPC peering limitation

Only directly peered networks can communicate. Transitive peering is not supported. In other words, if VPC network N1 is peered with N2 and N3, but N2 and N3 are not directly connected, VPC network N2 cannot communicate with VPC network N3 over VPC Network Peering.

In your case, you reach this limit. You have one peering from project A to Project B and another one from Cloud SQL to Project A.

Thus, you can't reach the Cloud SQL instance from Project B.

A workaround for this, is to create a VPN (and not a peering) between the project. Or to accept to have a public IP (without authorized network) on your Cloud SQL instance to accept Cloud SQL proxy connection.

I wrote an article on this recently.