GCP IAM access to postgres SQL in GCP

Question

I am trying to connect to GCP cloud sql(postgres) using pgadmin tool with IAM user but not able to login. I have connected through the Cloud sql proxy and getting authentication failed when I try to login.

Nothing much on GCP logs except the below message: 2021-12-29 11:11:04.854 UTC [1723]: [2-1] db=postgres,user=@.com DETAIL: The caller does not have permission Connection matched pg_hba.conf line 20: "local all +cloudsqliamuser cloudsql-iam-user"

Added these set of roles to IAM User

here is the running the cloud sql proxy successfully :

Here is the pg connection terminal error

In whole setup I have followed this document from GCP : https://cloud.google.com/sql/docs/postgres/authentication

Check that the instance flag (cloudsql.iam_authentication) to allow cloud SQL access with IAM users was correctly enabled,Check that the users were correctly created to login into the instance by using the command: `gcloud sql users list --instance=instance_name`,Verify that your Cloud SQL and Compute Engine instances are within the same private network,Verify that your Compute Engine has the API scopes required enabled (Cloud SQL),If your client machine has an outbound firewall policy, make sure it allows outgoing connections to port 3307 on your Cloud SQL instance's IP. — Priyashree Bhadra, Dec 30 '21 at 10:12
Check if you are using the VM that had the correct permissions by using `gcloud auth list` command — Priyashree Bhadra, Dec 30 '21 at 10:15
@A K Have you tried the above steps I suggested to you? If yes, did it work? If no, I would like you to work and test them, if the issue still persists please let me know, I will be happy to help you. Thanks and have a great day ahead! — Priyashree Bhadra, Jan 03 '22 at 08:27
Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. — Community, Jan 07 '22 at 17:24

score 2 · Accepted Answer · answered Jan 12 '22 at 11:19

you are missing one step. you need to install the google cloud sdk first, then use gcloud auth login command to login into your account and authorize, then connect to cloud sql proxy.

The connector account and the account used to log in to pgadmin should be the same.

score 0 · Answer 2 · edited Jun 27 '22 at 01:05

0

You can either install the Google Cloud SDK and authorise, or you can use the flag -credential_file in the cloud proxy command:

./cloud_sql_proxy -instances=<Instance>:<region>:<DB>=tcp:0.0.0.0:9096 -credential_file=<KEY_FILE_PATH> -enable_iam_login

edited Jun 27 '22 at 01:05

Jeremy Caney

7,102
69
48
77

answered Jun 21 '22 at 17:15

Kavin Kumar

1
1

GCP IAM access to postgres SQL in GCP

2 Answers2