Google Cloud SQL (Postgres)

Create a connection between Faraday and Google Cloud SQL (Postgres) so that your data is always up to date to make predictions, and your predictions can seamlessly sync back to your database.


In this tutorial, we'll show you how to:

  • Connect your Google Cloud SQL (Postgres) account to Faraday using a connection.

Let's dive in.

  1. You'll need a Faraday account — signup is free!


You'll need the following details to create your connection to Google Cloud SQL (Postgres):

  • Instance connection name requiredtextFor use with Cloud SQL proxy. Client must enable Cloud SQL Admin API and give IAM role "Cloud SQL Client" to our service account (Datasets) or (Targets).
  • User requiredtext
  • Password requiredtext
  • Database requiredtext
  • Schema requiredtext

Granting access

First, you'll need Faraday access to your Google Cloud SQL (Postgres) account.

Google Cloud SQL is a hosted database service. Connectivity is shared with a GCP IAM user while database access is shared with a user and password.

Which IAM account (or both) depends on use of Targets and/or Datasets:

  • Datasets:
  • Targets:
  1. Give service account Cloud SQL client permission on Project Postgres connections are host-based and require a user and password. We suggest that you create a Faraday-only schema to both send and receive data. Within this schema, Faraday would have full read and write access. Alternatively, you can give Faraday access to certain tables in a shared schema.

Example commands:

  • CREATE USER faraday_user WITH PASSWORD '***'
  • CREATE SCHEMA faraday_schema
  • GRANT USAGE, CREATE ON SCHEMA faraday_schema TO faraday_user

This connection type can be placed behind an SSH bastion (aka jump server). In that case, specify the user and host of the SSH bastion.

This connection type can also be placed behind a load balancer. In that case, specify the host of the load balancer. Faraday suggests that you use an unguessable string somewhere in the path to your data. This avoids what is called the Confused deputy problem

For example, instead of naming an S3 bucket s3://faraday-acme/, name it s3://faraday-acme-pwiiprz162ez. This guarantees that malicious actors cannot guess the name and request that Faraday import data from it into their account. The same logic applies to any path that is used to locate data.



Use a POST /connections request:

curl --json '{
  "name": "Google Cloud SQL (Postgres)",
  "options": {
    "type": "gcp-cloud-sql-postgres",
    "instance_connection_name": "...",
    "user": "...",
    "password": "...",
    "database": "...",
    "schema": "..."
  1. Wait briefly while Faraday establishes your connection. It shouldn't take long.

Your new connection is now ready to use.