A connection profile definition.
To get more information about ConnectionProfile, see:
data "google_project" "project" {
}
resource "google_sql_database_instance" "cloudsqldb" {
name = "my-database"
database_version = "MYSQL_5_7"
settings {
tier = "db-n1-standard-1"
deletion_protection_enabled = false
}
deletion_protection = false
}
resource "google_sql_ssl_cert" "sql_client_cert" {
common_name = "my-cert"
instance = google_sql_database_instance.cloudsqldb.name
depends_on = [google_sql_database_instance.cloudsqldb]
}
resource "google_sql_user" "sqldb_user" {
name = "my-username"
instance = google_sql_database_instance.cloudsqldb.name
password = "my-password"
depends_on = [google_sql_ssl_cert.sql_client_cert]
}
resource "google_database_migration_service_connection_profile" "cloudsqlprofile" {
location = "us-central1"
connection_profile_id = "my-fromprofileid"
display_name = "my-fromprofileid_display"
labels = {
foo = "bar"
}
mysql {
host = google_sql_database_instance.cloudsqldb.ip_address.0.ip_address
port = 3306
username = google_sql_user.sqldb_user.name
password = google_sql_user.sqldb_user.password
ssl {
client_key = google_sql_ssl_cert.sql_client_cert.private_key
client_certificate = google_sql_ssl_cert.sql_client_cert.cert
ca_certificate = google_sql_ssl_cert.sql_client_cert.server_ca_cert
}
cloud_sql_id = "my-database"
}
depends_on = [google_sql_user.sqldb_user]
}
resource "google_database_migration_service_connection_profile" "cloudsqlprofile_destination" {
location = "us-central1"
connection_profile_id = "my-toprofileid"
display_name = "my-toprofileid_displayname"
labels = {
foo = "bar"
}
cloudsql {
settings {
database_version = "MYSQL_5_7"
user_labels = {
cloudfoo = "cloudbar"
}
tier = "db-n1-standard-1"
edition = "ENTERPRISE"
storage_auto_resize_limit = "0"
activation_policy = "ALWAYS"
ip_config {
enable_ipv4 = true
require_ssl = true
}
auto_storage_increase = true
data_disk_type = "PD_HDD"
data_disk_size_gb = "11"
zone = "us-central1-b"
source_id = "projects/${data.google_project.project.project_id}/locations/us-central1/connectionProfiles/my-fromprofileid"
root_password = "testpasscloudsql"
}
}
depends_on = [google_database_migration_service_connection_profile.cloudsqlprofile]
}
resource "google_sql_database_instance" "postgresqldb" {
name = "my-database"
database_version = "POSTGRES_12"
settings {
tier = "db-custom-2-13312"
}
deletion_protection = false
}
resource "google_sql_ssl_cert" "sql_client_cert" {
common_name = "my-cert"
instance = google_sql_database_instance.postgresqldb.name
depends_on = [google_sql_database_instance.postgresqldb]
}
resource "google_sql_user" "sqldb_user" {
name = "my-username"
instance = google_sql_database_instance.postgresqldb.name
password = "my-password"
depends_on = [google_sql_ssl_cert.sql_client_cert]
}
resource "google_database_migration_service_connection_profile" "postgresprofile" {
location = "us-central1"
connection_profile_id = "my-profileid"
display_name = "my-profileid_display"
labels = {
foo = "bar"
}
postgresql {
host = google_sql_database_instance.postgresqldb.ip_address.0.ip_address
port = 5432
username = google_sql_user.sqldb_user.name
password = google_sql_user.sqldb_user.password
ssl {
client_key = google_sql_ssl_cert.sql_client_cert.private_key
client_certificate = google_sql_ssl_cert.sql_client_cert.cert
ca_certificate = google_sql_ssl_cert.sql_client_cert.server_ca_cert
}
cloud_sql_id = "my-database"
}
depends_on = [google_sql_user.sqldb_user]
}
resource "google_database_migration_service_connection_profile" "oracleprofile" {
location = "us-central1"
connection_profile_id = "my-profileid"
display_name = "my-profileid_display"
labels = {
foo = "bar"
}
oracle {
host = "host"
port = 1521
username = "username"
password = "password"
database_service = "dbprovider"
static_service_ip_connectivity {}
}
}
data "google_project" "project" {
}
resource "google_compute_network" "default" {
name = "vpc-network"
}
resource "google_compute_global_address" "private_ip_alloc" {
name = "private-ip-alloc"
address_type = "INTERNAL"
purpose = "VPC_PEERING"
prefix_length = 16
network = google_compute_network.default.id
}
resource "google_service_networking_connection" "vpc_connection" {
network = google_compute_network.default.id
service = "servicenetworking.googleapis.com"
reserved_peering_ranges = [google_compute_global_address.private_ip_alloc.name]
}
resource "google_database_migration_service_connection_profile" "alloydbprofile" {
location = "us-central1"
connection_profile_id = "my-profileid"
display_name = "my-profileid_display"
labels = {
foo = "bar"
}
alloydb {
cluster_id = "tf-test-dbmsalloycluster%{random_suffix}"
settings {
initial_user {
user = "alloyuser%{random_suffix}"
password = "alloypass%{random_suffix}"
}
vpc_network = google_compute_network.default.id
labels = {
alloyfoo = "alloybar"
}
primary_instance_settings {
id = "priminstid"
machine_config {
cpu_count = 2
}
database_flags = {
}
labels = {
alloysinstfoo = "allowinstbar"
}
}
}
}
depends_on = [google_service_networking_connection.vpc_connection]
}
The following arguments are supported:
connection_profile_id
-
(Required)
The ID of the connection profile.display_name
-
(Optional)
The connection profile display name.
labels
-
(Optional)
The resource labels for connection profile to use to annotate any related underlying resources such as Compute Engine VMs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
mysql
-
(Optional)
Specifies connection parameters required specifically for MySQL databases.
Structure is documented below.
postgresql
-
(Optional)
Specifies connection parameters required specifically for PostgreSQL databases.
Structure is documented below.
oracle
-
(Optional)
Specifies connection parameters required specifically for Oracle databases.
Structure is documented below.
cloudsql
-
(Optional)
Specifies required connection parameters, and, optionally, the parameters required to create a Cloud SQL destination database instance.
Structure is documented below.
alloydb
-
(Optional)
Specifies required connection parameters, and the parameters required to create an AlloyDB destination cluster.
Structure is documented below.
location
-
(Optional)
The location where the connection profile should reside.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
host
-
(Required)
Required. The IP or hostname of the source MySQL database.
port
-
(Required)
Required. The network port of the source MySQL database.
username
-
(Required)
Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.
password
-
(Required)
Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.
This field is not returned on request, and the value is encrypted when stored in Database Migration Service.
Note: This property is sensitive and will not be displayed in the plan.
password_set
-
(Output)
Output only. Indicates If this connection profile password is stored.
ssl
-
(Optional)
SSL configuration for the destination to connect to the source database.
Structure is documented below.
cloud_sql_id
-
(Optional)
If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source.
type
-
(Output)
The current connection profile state.
client_key
-
(Optional)
Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.
If this field is used then the 'clientCertificate' field is mandatory.
Note: This property is sensitive and will not be displayed in the plan.
client_certificate
-
(Optional)
Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.
If this field is used then the 'clientKey' field is mandatory
Note: This property is sensitive and will not be displayed in the plan.
ca_certificate
-
(Required)
Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
The replica will use this certificate to verify it's connecting to the right host.
Note: This property is sensitive and will not be displayed in the plan.
The postgresql
block supports:
host
-
(Required)
Required. The IP or hostname of the source MySQL database.
port
-
(Required)
Required. The network port of the source MySQL database.
username
-
(Required)
Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.
password
-
(Required)
Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.
This field is not returned on request, and the value is encrypted when stored in Database Migration Service.
Note: This property is sensitive and will not be displayed in the plan.
password_set
-
(Output)
Output only. Indicates If this connection profile password is stored.
ssl
-
(Optional)
SSL configuration for the destination to connect to the source database.
Structure is documented below.
cloud_sql_id
-
(Optional)
If the source is a Cloud SQL database, use this field to provide the Cloud SQL instance ID of the source.
network_architecture
-
(Output)
Output only. If the source is a Cloud SQL database, this field indicates the network architecture it's associated with.
type
-
(Output)
The current connection profile state.
client_key
-
(Optional)
Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.
If this field is used then the 'clientCertificate' field is mandatory.
Note: This property is sensitive and will not be displayed in the plan.
client_certificate
-
(Optional)
Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.
If this field is used then the 'clientKey' field is mandatory
Note: This property is sensitive and will not be displayed in the plan.
ca_certificate
-
(Required)
Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
The replica will use this certificate to verify it's connecting to the right host.
Note: This property is sensitive and will not be displayed in the plan.
host
-
(Required)
Required. The IP or hostname of the source Oracle database.
port
-
(Required)
Required. The network port of the source Oracle database.
username
-
(Required)
Required. The username that Database Migration Service will use to connect to the database. The value is encrypted when stored in Database Migration Service.
password
-
(Required)
Required. Input only. The password for the user that Database Migration Service will be using to connect to the database.
This field is not returned on request, and the value is encrypted when stored in Database Migration Service.
Note: This property is sensitive and will not be displayed in the plan.
password_set
-
(Output)
Output only. Indicates If this connection profile password is stored.
database_service
-
(Required)
Required. Database service for the Oracle connection.
ssl
-
(Optional)
SSL configuration for the destination to connect to the source database.
Structure is documented below.
static_service_ip_connectivity
-
(Optional)
This object has no nested fields.
Static IP address connectivity configured on service project.
forward_ssh_connectivity
-
(Optional)
SSL configuration for the destination to connect to the source database.
Structure is documented below.
private_connectivity
-
(Optional)
Configuration for using a private network to communicate with the source database
Structure is documented below.
type
-
(Output)
The current connection profile state.
client_key
-
(Optional)
Input only. The unencrypted PKCS#1 or PKCS#8 PEM-encoded private key associated with the Client Certificate.
If this field is used then the 'clientCertificate' field is mandatory.
Note: This property is sensitive and will not be displayed in the plan.
client_certificate
-
(Optional)
Input only. The x509 PEM-encoded certificate that will be used by the replica to authenticate against the source database server.
If this field is used then the 'clientKey' field is mandatory
Note: This property is sensitive and will not be displayed in the plan.
ca_certificate
-
(Required)
Required. Input only. The x509 PEM-encoded certificate of the CA that signed the source database server's certificate.
The replica will use this certificate to verify it's connecting to the right host.
Note: This property is sensitive and will not be displayed in the plan.
The forward_ssh_connectivity
block supports:
hostname
-
(Required)
Required. Hostname for the SSH tunnel.
username
-
(Required)
Required. Username for the SSH tunnel.
port
-
(Required)
Port for the SSH tunnel, default value is 22.
password
-
(Optional)
Input only. SSH password. Only one of password
and private_key
can be configured.
Note: This property is sensitive and will not be displayed in the plan.
private_key
-
(Optional)
Input only. SSH private key. Only one of password
and private_key
can be configured.
Note: This property is sensitive and will not be displayed in the plan.
The private_connectivity
block supports:
private_connection
-
(Required)
Required. The resource name (URI) of the private connection.cloud_sql_id
-
(Output)
Output only. The Cloud SQL instance ID that this connection profile is associated with.
settings
-
(Optional)
Immutable. Metadata used to create the destination Cloud SQL database.
Structure is documented below.
private_ip
-
(Output)
Output only. The Cloud SQL database instance's private IP.
public_ip
-
(Output)
Output only. The Cloud SQL database instance's public IP.
database_version
-
(Optional)
The database engine type and version.
Currently supported values located at https://cloud.google.com/database-migration/docs/reference/rest/v1/projects.locations.connectionProfiles#sqldatabaseversion
user_labels
-
(Optional)
The resource labels for a Cloud SQL instance to use to annotate any related underlying resources such as Compute Engine VMs.
tier
-
(Optional)
The tier (or machine type) for this instance, for example: db-n1-standard-1 (MySQL instances) or db-custom-1-3840 (PostgreSQL instances).
For more information, see https://cloud.google.com/sql/docs/mysql/instance-settings
storage_auto_resize_limit
-
(Optional)
The maximum size to which storage capacity can be automatically increased. The default value is 0, which specifies that there is no limit.
activation_policy
-
(Optional)
The activation policy specifies when the instance is activated; it is applicable only when the instance state is 'RUNNABLE'.
Possible values are: ALWAYS
, NEVER
.
ip_config
-
(Optional)
The settings for IP Management. This allows to enable or disable the instance IP and manage which external networks can connect to the instance. The IPv4 address cannot be disabled.
Structure is documented below.
auto_storage_increase
-
(Optional)
If you enable this setting, Cloud SQL checks your available storage every 30 seconds. If the available storage falls below a threshold size, Cloud SQL automatically adds additional storage capacity.
If the available storage repeatedly falls below the threshold size, Cloud SQL continues to add storage until it reaches the maximum of 30 TB.
database_flags
-
(Optional)
The database flags passed to the Cloud SQL instance at startup.
data_disk_type
-
(Optional)
The type of storage.
Possible values are: PD_SSD
, PD_HDD
.
data_disk_size_gb
-
(Optional)
The storage capacity available to the database, in GB. The minimum (and default) size is 10GB.
zone
-
(Optional)
The Google Cloud Platform zone where your Cloud SQL datdabse instance is located.
source_id
-
(Required)
The Database Migration Service source connection profile ID, in the format: projects/my_project_name/locations/us-central1/connectionProfiles/connection_profile_ID
root_password
-
(Optional)
Input only. Initial root password.
Note: This property is sensitive and will not be displayed in the plan.
root_password_set
-
(Output)
Output only. Indicates If this connection profile root password is stored.
collation
-
(Optional)
The Cloud SQL default instance level collation.
cmek_key_name
-
(Optional)
The KMS key name used for the csql instance.
edition
-
(Optional)
The edition of the given Cloud SQL instance.
Possible values are: ENTERPRISE
, ENTERPRISE_PLUS
.
enable_ipv4
-
(Optional)
Whether the instance should be assigned an IPv4 address or not.
private_network
-
(Optional)
The resource link for the VPC network from which the Cloud SQL instance is accessible for private IP. For example, projects/myProject/global/networks/default.
This setting can be updated, but it cannot be removed after it is set.
require_ssl
-
(Optional)
Whether SSL connections over IP should be enforced or not.
authorized_networks
-
(Optional)
The list of external networks that are allowed to connect to the instance using the IP.
Structure is documented below.
The authorized_networks
block supports:
value
-
(Required)
The allowlisted value for the access control list.
label
-
(Optional)
A label to identify this entry.
expire_time
-
(Optional)
The time when this access control entry expires in RFC 3339 format.
ttl
-
(Optional)
Input only. The time-to-leave of this access control entry.
cluster_id
-
(Required)
Required. The AlloyDB cluster ID that this connection profile is associated with.
settings
-
(Optional)
Immutable. Metadata used to create the destination AlloyDB cluster.
Structure is documented below.
initial_user
-
(Required)
Required. Input only. Initial user to setup during cluster creation.
Structure is documented below.
vpc_network
-
(Required)
Required. The resource link for the VPC network in which cluster resources are created and from which they are accessible via Private IP. The network must belong to the same project as the cluster.
It is specified in the form: 'projects/{project_number}/global/networks/{network_id}'. This is required to create a cluster.
labels
-
(Optional)
Labels for the AlloyDB cluster created by DMS.
primary_instance_settings
-
(Optional)
Settings for the cluster's primary instance
Structure is documented below.
The initial_user
block supports:
user
-
(Required)
The database username.
password
-
(Required)
The initial password for the user.
Note: This property is sensitive and will not be displayed in the plan.
password_set
-
(Output)
Output only. Indicates if the initialUser.password field has been set.
The primary_instance_settings
block supports:
id
-
(Required)
The database username.
machine_config
-
(Required)
Configuration for the machines that host the underlying database engine.
Structure is documented below.
database_flags
-
(Optional)
Database flags to pass to AlloyDB when DMS is creating the AlloyDB cluster and instances. See the AlloyDB documentation for how these can be used.
labels
-
(Optional)
Labels for the AlloyDB primary instance created by DMS.
private_ip
-
(Output)
Output only. The private IP address for the Instance. This is the connection endpoint for an end-user application.
The machine_config
block supports:
cpu_count
-
(Required)
The number of CPU's in the VM instance.In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}
name
-
The name of this connection profile resource in the form of projects/{project}/locations/{location}/connectionProfiles/{connectionProfile}.
create_time
-
Output only. The timestamp when the resource was created. A timestamp in RFC3339 UTC 'Zulu' format, accurate to nanoseconds. Example: '2014-10-02T15:01:23.045123456Z'.
state
-
The current connection profile state.
error
-
Output only. The error details in case of state FAILED.
Structure is documented below.
dbprovider
-
The database provider.
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
code
-
(Output)
The status code, which should be an enum value of google.rpc.Code.
message
-
(Output)
Human readable message indicating details about the current status.
details
-
(Output)
A list of messages that carry the error details.
This resource provides the following Timeouts configuration options:
create
- Default is 60 minutes.update
- Default is 60 minutes.delete
- Default is 60 minutes.ConnectionProfile can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}
{{project}}/{{location}}/{{connection_profile_id}}
{{location}}/{{connection_profile_id}}
In Terraform v1.5.0 and later, use an import
block to import ConnectionProfile using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}"
to = google_database_migration_service_connection_profile.default
}
When using the terraform import
command, ConnectionProfile can be imported using one of the formats above. For example:
$ terraform import google_database_migration_service_connection_profile.default projects/{{project}}/locations/{{location}}/connectionProfiles/{{connection_profile_id}}
$ terraform import google_database_migration_service_connection_profile.default {{project}}/{{location}}/{{connection_profile_id}}
$ terraform import google_database_migration_service_connection_profile.default {{location}}/{{connection_profile_id}}
This resource supports User Project Overrides.