Introduction
Sometimes when you’re building a proof of concept or a quick demo, you just need a simple database backend with a public IP address. What if I told you that you can create an AlloyDB instance with a public IP without having to dive into private IP network configuration? Let me show you how to do exactly that.
Using gcloud CLI
AlloyDB is an enterprise-grade, fully PostgreSQL-compatible database with tons of unique features, making it a Swiss Army knife of a data backend for any kind of application. As such, it comes with only a private IP by default. This makes it more secure, but at the same time, requires additional actions at the network level. However, as I mentioned in the intro, sometimes you just want something quick and dirty to verify functionality or run a demo. So, how do you create an AlloyDB instance with a public IP enabled in a few quick steps?
I am going to use a command-line approach and show you how to create the smallest possible AlloyDB instance with a public IP without configuring a private network. I am using a brand-new project with a default network.
If this is a brand-new project, we still need to enable the minimum required APIs. Run the following command in Google Cloud Shell or from your Mac terminal. I am assuming you already have all the required privileges in the project.
gcloud services enable alloydb.googleapis.com \
compute.googleapis.com \
servicenetworking.googleapis.com
And then run the command to create your AlloyDB cluster.
export PGPASSWORD="MyVeryStrictPassword123+"
echo $PGPASSWORD
export REGION=us-central1
export ADBCLUSTER=alloydb-aip-01
gcloud alloydb clusters create $ADBCLUSTER \
--region=$REGION \
--password=$PASSWORD \
--enable-private-service-connect
Did you notice the --enable-private-service-connect parameter? This creates a Private Service Connect (PSC) enabled AlloyDB cluster. Once the cluster is created, run the following command to create the primary instance. For my tests, when they don’t require a large cache or heavy CPU power, I usually opt for the C4A machine type with a single CPU — it is enough to demonstrate functionality and costs less than other configurations.
gcloud alloydb instances create $ADBCLUSTER-pr \
--instance-type=PRIMARY \
--machine-type=c4a-highmem-1 \
--cpu-count=1 \
--availability-type=ZONAL \
--database-flags=password.enforce_complexity=on \
--assign-inbound-public-ip=ASSIGN_IPV4 \
--region=$REGION \
--cluster=$ADBCLUSTER
And that’s it — after 5–8 minutes, you will have an AlloyDB primary instance running with only a public IP enabled. From there, you can use gcloud to connect to the instance, create a database, and run your queries. For more details on that step, take a look at one of my previous posts where I explain how to use gcloud to connect to AlloyDB.
gcloud beta alloydb connect $ADBCLUSTER-pr --cluster=$ADBCLUSTER --region=$REGION --public-ip
Using Terraform
Of course, you can also use Terraform Google provider to automate this process. Below is the alloydb-poc.tf configuration file:
terraform {
required_providers {
google = {
source = "hashicorp/google"
version = ">= 7.0.0"
}
}
}
provider "google" {
project = var.project_id
region = var.region
}
resource "google_alloydb_cluster" "default" {
cluster_id = var.cluster_id
location = var.region
psc_config {
psc_enabled = true
}
initial_user {
user = "postgres"
password = var.db_password
}
}
resource "google_alloydb_instance" "primary" {
cluster = google_alloydb_cluster.default.name
instance_id = var.instance_id
instance_type = "PRIMARY"
availability_type = "ZONAL"
machine_config {
machine_type="c4a-highmem-1"
cpu_count = 1
}
database_flags = {
"password.enforce_complexity" = "on"
}
network_config {
enable_public_ip = true
}
}
variable "project_id" {
description = "The GCP Project ID"
type = string
}
variable "region" {
description = "The GCP Region (e.g., us-central1)"
type = string
default = "us-central1"
}
variable "cluster_id" {
description = "The name of the AlloyDB cluster"
type = string
default = "alloydb-aip-01"
}
variable "instance_id" {
description = "The name of the primary instance"
type = string
default = "alloydb-aip-01-pr"
}
variable "db_password" {
description = "Password for the default postgres user (must meet complexity requirements!)"
type = string
sensitive = true
}
output "alloydb_public_ip" {
description = "The Public IP address assigned to the AlloyDB primary instance"
value = google_alloydb_instance.primary.public_ip_address
}
Run your Terraform deployment using the commands below, but remember to replace the YOUR_PROJECT_ID placeholder with your actual Google Cloud project ID and put your own password:
terraform init
terraform apply \
-var="project_id=YOUR_PROJECT_ID" \
-var="db_password=MyVeryStrictPassword123+"
In just a few minutes, you’ll have an AlloyDB instance up and running with a public IP.
I hope this makes your life easier and serves as a handy ‘hack’ for your daily workflow, whether you’re building a quick proof of concept or jumping into a vibe coding session. By the way, you can use this method for some codelabs like this one when you prefer to use your local machine instead of the Google Cloud shell.
Top comments (0)