google_sql_user

Creates a new Google SQL User on a Google SQL User Instance. For more information, see the official documentation, or the JSON API.

Example Usage

Example creating a SQL User.

resource "random_id" "db_name_suffix" {
  byte_length = 4
}

resource "google_sql_database_instance" "main" {
  name             = "main-instance-${random_id.db_name_suffix.hex}"
  database_version = "MYSQL_5_7"

  settings {
    tier = "db-f1-micro"
  }
}

resource "google_sql_user" "users" {
  name     = "me"
  instance = google_sql_database_instance.main.name
  host     = "me.com"
  password = "changeme"
}

Example using Cloud SQL IAM database authentication.

resource "random_id" "db_name_suffix" {
  byte_length = 4
}

resource "google_sql_database_instance" "main" {
  name             = "main-instance-${random_id.db_name_suffix.hex}"
  database_version = "POSTGRES_15"

  settings {
    tier = "db-f1-micro"

    database_flags {
      name  = "cloudsql.iam_authentication"
      value = "on"
    }
  }
}

resource "google_sql_user" "iam_user" {
  name     = "me@example.com"
  instance = google_sql_database_instance.main.name
  type     = "CLOUD_IAM_USER"
}

resource "google_sql_user" "iam_service_account_user" {
  # Note: for Postgres only, GCP requires omitting the ".gserviceaccount.com" suffix
  # from the service account email due to length limits on database usernames.
  name     = trimsuffix(google_service_account.service_account.email, ".gserviceaccount.com")
  instance = google_sql_database_instance.main.name
  type     = "CLOUD_IAM_SERVICE_ACCOUNT"
}

Example using Cloud SQL IAM Group authentication.

resource "random_id" "db_name_suffix" {
  byte_length = 4
}

resource "google_sql_database_instance" "main" {
  name             = "main-instance-${random_id.db_name_suffix.hex}"
  database_version = "MYSQL_8_0"

  settings {
    tier = "db-f1-micro"

    database_flags {
      name  = "cloudsql.iam_authentication"
      value = "on"
    }
  }
}

resource "google_sql_user" "iam_group_user" {
  name     = "iam_group@example.com"
  instance = google_sql_database_instance.main.name
  type     = "CLOUD_IAM_GROUP"
}

Argument Reference

The following arguments are supported:


The optional password_policy block is only supported by Mysql. The password_policy block supports:

The read only password_policy.status subblock supports:

Attributes Reference

Only the arguments listed above are exposed as attributes.

Timeouts

This resource provides the following Timeouts configuration options: configuration options:

Import

SQL users for MySQL databases can be imported using the project, instance, host and name, e.g.

SQL users for PostgreSQL databases can be imported using the project, instance and name, e.g.

In Terraform v1.5.0 and later, use an import block to import NAME_HERE using one of the formats above. For example:

# MySQL database
import {
  id = "{{project_id}}/{{instance}}/{{host}}/{{name}}"
  to = google_sql_user.default
}

# PostgreSQL database
import {
  id = "{{project_id}}/{{instance}}/{{name}}"
  to = google_sql_user.default
}

When using the terraform import command, NAME_HERE can be imported using one of the formats above. For example:

# MySQL database
$ terraform import google_sql_user.default {{project_id}}/{{instance}}/{{host}}/{{name}}

# PostgreSQL database
$ terraform import google_sql_user.default {{project_id}}/{{instance}}/{{name}}