Console

1. In the Google Cloud console, go to theCloud SQL Instances page.

   Go to Cloud SQL Instances

2. ClickCreate instance.
3. On theChoose your database engine panel of theCreate an instance page, clickChoose SQL Server.

4. In theChoose a Cloud SQL edition section of theCreate a SQL Server instance page, select the Cloud SQL edition for your instance:Enterprise orEnterprise Plus.

   For more information about Cloud SQL editions, seeIntroduction to Cloud SQL editions.

5. Select the edition preset for your instance. To see the available presets, click theEdition preset menu.Note:To learn about how edition presets differ from one another, clickCompare edition presets.
6. In theInstance info section, select the database version for your instance. To see the available versions, click theDatabase version menu.
7. In theInstance ID field of theInstance info pane, enter an ID for your instance.
   Don't include sensitive or personally identifiable information in your instance name.

   You do not need to include the project ID in the instance name. This is done automatically whereappropriate (for example, in the log files).

8. In thePassword field, enter a password for the user.

To see the password in clear text, click theShow password icon.

You can either enter the password manually or clickGenerate to have Cloud SQL create a password for you automatically.

9. In theChoose region and zonal availability section, select the region and zone for your instance. Region availability might be different based on your Cloud SQL for SQL Server edition. For more information, seeAbout instance settings.

   Place your instance in the same region as the resources that access it. The region you select can't be modified in the future. In most cases, you don't need to specify a zone.

   Note:If there is a resource location constraint on your organization policy, you must select one of the regions that the organization policy allows. You see a message about Resource Location Restriction in theChoose region and zonal availability section if a constraint exists.Learn more.

   If you are configuring your instance forhigh availability, you can select both a primary and secondary zone.

   The following conditions apply when the secondary zone is used during instance creation:

   • The zones default toAny for the primary zone andAny (different from primary) for the secondary zone.
   • If both the primary and secondary zones are specified, they must be distinct zones.
10. In theCustomize your instance section, update settings for your instance. Begin by clickingSHOW CONFIGURATION OPTIONS to display the groups of settings. Then, expand the groups you want to review and customize settings. ASummary of all the options you select is shown on the right. Customizing these instance settings is optional. Defaults are assigned in every case where no customizations are made.

    The following table is a quick reference to instance settings. For more details about each setting, see theinstance settings page.

    Setting	Notes
    Machine type
    Machine type	Select from Lightweight, Standard (Most common), or High memory. Each machine type is classified by the number of CPUs (cores) and amount of memory for your instance.
    Cores	The number of vCPUs for your instance.Learn more.
    Memory	The amount of memory for your instance, in GBs.Learn more.
    Custom	For the Dedicated core machine type, instead of selecting a predefined configuration, select theCustom button to create an instance with a custom configuration. When you select this option, you need to select the number of cores and amount of memory for your instance.Learn more.
    Storage
    Storage type	Determines whether your instance uses SSD or HDD storage.Learn more.
    Storage capacity	The amount of storage provisioned for the instance.Learn more.
    Enable automatic storage increases	Determines whether Cloud SQL automatically provides more storage for your instance when free space runs low.Learn more.
    Encryption
    Google-managed encryption	The default option.
    Customer key-managed encryption key (CMEK)	Select to use your key with Google Cloud Key Management Service.Learn more.
    Connections
    Private IP	Adds a private IP address for your instance. To enable connecting to the instance, additional configuration is required. Optionally, you can specify an allocated IP range for your instances to use for connections. ExpandShow allocated IP range option. Select an IP range from the drop-down menu. Your instance can have both a public and a private IP address. Note:Cloud SQL generates a write endpoint automatically for your Cloud SQL Enterprise Plus edition instance if you do the following: If you haven't already enabled the Cloud DNS API,enable the Cloud DNS API for your Google Cloud project. Enable the Cloud DNS API for your Google Cloud project (if this API isn't enabled). Add a private IP address to the instance. Specify an associated network for the instance. Optionally, specify an allocated IP range for the instance. Learn more about usingprivate IP. Learn more aboutallocated IP address ranges.
    Public IP	Adds a public IP address for your instance. You can then add authorized networks to connect to the instance. Your instance can have both a public and a private IP address. Learn more about usingpublic IP.
    Authorized networks	Add the name for the new network and the Network address.Learn more.
    Security
    Server certificate authority mode	Choose the type of certificate authority (CA) that signs the server certificate for this Cloud SQL instance.Learn more. By default, when you create an instance in Google Cloud console, the instance uses theGoogle managed internal certificate authority (GOOGLE_MANAGED_INTERNAL_CA), which is the per-instance CA option.
    Data protection
    Automate backups	The window of time when you would like backups to start.
    Choose where to store your backups	Select Multi-region for most use cases. If you need to store backups in a specific region, for example, if there are regulatory reasons to do so, select Region and select your region from the Location drop-down menu.
    Choose how many automated backups to store	The number of automated backups you would like to retain (from 1 to 365 days).Learn more.
    Enable point-in-time recovery	Enables point-in-time recovery and transaction logging.Learn more.Note:The following default behavior applies: If you create a Cloud SQL Enterprise Plus edition instance, then PITR is enabled by default, regardless of how the instance was created. If you create a Cloud SQL Enterprise edition instance, then PITR is disabled by default, regardless of how it is created. In this case, if you want to use PITR you must enable it manually.
    Enable deletion protection	Determines whether to protect an instance against accidental deletion.Learn more.
    Enable retained backups after instance deletion	Determines whether automated and on-demand backups are retained after an instance is deleted.Learn more.
    Choose how many days of logs to retain	Configure write-ahead log retention from 1 to 7 days. The default setting is 7 days.Learn more.
    Maintenance
    Preferred window	Determines a one-hour window when Cloud SQL can perform disruptive maintenance on your instance. If you do not set the window, then disruptive maintenance can be done at any time.Learn more.
    Order of updates	Your preferred timing for instance updates, relative to other instances in the same project.Learn more.
    Flags
    ADD FLAG	You can use database flags to control settings and parameters for your instance.Learn more.
    Labels
    ADD LABEL	Add a key and value for each label that you add. You use labels to help organize your instances.

11. ClickCreate Instance.

    Note: It might take a few minutes to create your instance. However, you canview information about the instance while it's being created.

gcloud

For information about installing and getting started with thegcloud CLI, seeInstalling gcloud CLI.For information about starting Cloud Shell, see theCloud Shell documentation.

You must usegcloud version 243.0.0 or later.

1. Use thegcloud sql instances create command to create the instance:

For Cloud SQL Enterprise Plus edition instances:

gcloudsqlinstancescreateINSTANCE_NAME\--database-version=DATABASE_VERSION\--region=REGION\--tier=TIER\--root-password=ROOT_PASSWORD\--edition=ENTERPRISE_PLUS

For Cloud SQL Enterprise edition instances:

gcloudsqlinstancescreateINSTANCE_NAME\--database-version=DATABASE_VERSION\--region=REGION\--cpu=NUMBER_OF_vCPUs\--memory=MEMORY_SIZE\--root-password=ROOT_PASSWORD\--edition=ENTERPRISE

Don't include sensitive or personally identifiable information in your instance name.


You do not need to include the project ID in the instance name. This is done automatically whereappropriate (for example, in the log files).

The values for vCPUs and memory size are limited for Cloud SQL Enterprise edition. For more information, seeChoose between Cloud SQL Enterprise Plus edition and Cloud SQL Enterprise edition.

For example, the following string creates an instance with two vCPUs and 7,680 MB of memory:

gcloudsqlinstancescreatemyinstance\--database-version=SQLSERVER_2017_STANDARD\--region=us-central1\--cpu=2\--memory=7680MB\--root-password=EXAMPLE_PASSWORD\--edition=ENTERPRISE

For some sample values, see Sample machine types.

To learn about the parameters for instance settings, seegcloud sql instances create.

Note:Cloud SQL generates a write endpoint automatically for your Cloud SQL Enterprise Plus edition instance if you do the following:

1. Enable the Cloud DNS API for your Google Cloud project (if this API isn't enabled).
2. Add a private IP address to the instance.
3. Specify an associated network for the instance.
4. Optionally, specify an allocated IP range for the instance.

The default value forREGION isus-central1.

Don't include sensitive or personally identifiable information in your instance name; it is externally visible.
You do not need to include the project ID in the instance name. This is done automatically whereappropriate (for example, in the log files).

If you are creating an instance forhigh availability, you can specify both the primary and secondary zones, using the--zone and--secondary-zone parameters. The following conditions apply when the secondary zone is used during instance creation or edit:

• The zones must be valid zones.
• If the secondary zone is specified, the primary must also be specified.
• If the primary and secondary zones are specified, they must be distinct zones.
• If the primary and secondary zones are specified, they must belong to the same region.

You can add moreparametersto determine other instance settings:

Setting	Parameter	Notes
Required parameters
Database version	--database-version	Thedatabase version, which is based on your Cloud SQL edition.
Region	--region	See valid values.Note:Some organizations use an organization policy to restrict resource locations. If this type of policy affects your project, you can only select regions the organization policy allows. In theLocation drop-down menu in the Console, the locations that are not allowed are unavailable.Learn more.
Connectivity
Private IP	--network --no-assign-ip (optional) --allocated-ip-range-name (optional) --enable-google-private-path (optional)	--network: Specifies the name of the VPC network you want to use for this instance. Private services access must already be configured for the network. Available only for the beta command (gcloud beta sql instances create). --no-assign-ip: Instance will only have a private IP address. --allocated-ip-range-name: If specified, sets a range name for which an IP range is allocated. For example,google-managed-services-default. The range name should comply withRFC-1035 and be within 1-63 characters. (gcloud alpha sql instances create). Note:Cloud SQL generates a write endpoint automatically for your Cloud SQL Enterprise Plus edition instance if you do the following: Enable the Cloud DNS API for your Google Cloud project (if this API isn't enabled). Add a private IP address to the instance. Specify an associated network for the instance. Optionally, specify an allocated IP range for the instance.
Public IP	--authorized-networks	For public IP connections, only connections from authorized networks can connect to your instance.Learn more.
Server CA mode	--server-ca-mode	The--server-ca-mode flag configures the type ofserver certificate authority (CA) for an instance. You can select one of the following options: GOOGLE_MANAGED_INTERNAL_CA: this is the default value. With this option, an internal CA dedicated to each Cloud SQL instance signs the server certificate for that instance. GOOGLE_MANAGED_CAS_CA: with this option, a CA hierarchy consisting of a root CA and subordinate server CAs managed by Cloud SQL and hosted on Google Cloud Certificate Authority Service (CA Service) is used. The subordinate server CAs in a region sign the server certificates and are shared across instances in the region. CUSTOMER_MANAGED_CAS_CA: with this option, you define the CA hierarchy and manage the rotation of the CA certificates. You create a CA pool in CA Service in the same region of your instance. One of the CAs in the pool is used to sign the server certificate. For more information, seeUse a customer-managed CA.
Machine type and storage
Machine type	--tier
Storage type	--storage-type	Determines whether your instance uses SSD or HDD storage.Learn more.
Storage capacity	--storage-size	The amount of storage provisioned for the instance, in GB.Learn more.
Automatic storage increase	--storage-auto-increase	Determines whether Cloud SQL automatically provides more storage for your instance when free space runs low.Learn more.
Automatic storage increase limit	--storage-auto-increase-limit	Determines how large Cloud SQL can automatically grow storage. Available only for the beta command (gcloud beta sql instances create).Learn more.
Automatic backups and high availability
High availability	--availability-type	For a highly-available instance, set toREGIONAL.Learn more.
Secondary zone	--secondary-zone	If you're creating an instance forhigh availability, you can specify both the primary and secondary zones using the--zone and--secondary-zone parameters. The following restrictions apply when the secondary zone is used during instance creation or edit: The zones must be valid zones. If the secondary zone is specified, the primary must also be specified. If the primary and secondary zones are specified, they must be distinct zones. If the primary and secondary zones are specified, they must belong to the same region.
Automatic backups	--backup-start-time	The window of time when you would like backups to start.
Retention settings for automated backups	--retained-backups-count	The number of automated backups to retain.Learn more.
Retention settings for transaction logs	--retained-transaction-log-days	The number of days to retain transaction logs for point-in-time recovery.Learn more.
Point-in-time recovery	--enable-point-in-time-recovery	Enables point-in-time recovery and transaction logs.Learn more.Note:The following default behavior applies: If you create a Cloud SQL Enterprise Plus edition instance, then PITR is enabled by default, regardless of how the instance was created. If you create a Cloud SQL Enterprise edition instance, then PITR is disabled by default, regardless of how it is created. In this case, if you want to use PITR, then you must enable it manually.
Add database flags
Database flags	--database-flags	You can use database flags to control settings and parameters for your instance.Learn more about database flags.
Maintenance schedule
Maintenance window	--maintenance-window-day, --maintenance-window-hour	Determines a one-hour window when Cloud SQL can perform disruptive maintenance on your instance. If you don't set the window, then disruptive maintenance can be done at any time.Learn more.
Maintenance timing	--maintenance-release-channel	Your preferred timing for instance updates, relative to other instances in the same project. Usepreview for earlier updates, andproduction for later updates.Learn more.
Custom SAN
Add a custom subject alternative name (SAN)	--custom-subject-alternative-names=DNS_NAMES	If you want to use a custom DNS name to connect to a Cloud SQL instance instead of using an IP address, then configure the custom subject alternative name (SAN) setting while creating the instance. The custom DNS name that you insert into the custom SAN setting is added to the SAN field of the server certificate of the instance. This lets you use the custom DNS name with hostname validation securely. Before you can use the custom DNS name in your clients and applications, you must set up the mapping between the DNS name and the IP address. This is known asDNS resolution. You can add a comma-separated list of up to three custom DNS names to the custom SAN setting. Note: This feature is available forCUSTOMER_MANAGED_CAS_CA instances only. To create the instance, you must use thegcloud sql instances create command.

2. Note the automatically assigned IP address.

   If you are not using the Cloud SQL Auth Proxy, you will use this address as the host address that your applications or tools use to connect to the instance.

3. Set the password for the user:

   gcloudsqlusersset-passwordsqlserverno-host--instance=[INSTANCE_NAME]\--password=[PASSWORD]

Terraform

To create an instance, use aTerraform resource.

resource "google_sql_database_instance" "instance" {  name             = "sqlserver-instance"  region           = "us-central1"  database_version = "SQLSERVER_2019_STANDARD"  root_password    = "INSERT-PASSWORD-HERE"  settings {    tier = "db-custom-2-7680"  }  # set `deletion_protection` to true, will ensure that one cannot accidentally delete this instance by  # use of Terraform whereas `deletion_protection_enabled` flag protects this instance at the GCP level.  deletion_protection = false}

Apply the changes

To apply your Terraform configuration in a Google Cloud project, complete the steps in the following sections.

Prepare Cloud Shell

1. LaunchCloud Shell.

2. Set the default Google Cloud project where you want to apply your Terraform configurations.

   You only need to run this command once per project, and you can run it in any directory.

   export GOOGLE_CLOUD_PROJECT=PROJECT_ID

   Environment variables are overridden if you set explicit values in the Terraform configuration file.

Prepare the directory

Each Terraform configuration file must have its own directory (alsocalled aroot module).

1. InCloud Shell, create a directory and a new file within that directory. The filename must have the.tf extension—for examplemain.tf. In this tutorial, the file is referred to asmain.tf.

   mkdirDIRECTORY && cdDIRECTORY && touch main.tf

2. If you are following a tutorial, you can copy the sample code in each section or step.

   Copy the sample code into the newly createdmain.tf.

   Optionally, copy the code from GitHub. This is recommended when the Terraform snippet is part of an end-to-end solution.

3. Review and modify the sample parameters to apply to your environment.
4. Save your changes.
5. Initialize Terraform. You only need to do this once per directory.

   terraform init

   Optionally, to use the latest Google provider version, include the-upgrade option:

   terraform init -upgrade

Apply the changes

1. Review the configuration and verify that the resources that Terraform is going to create or update match your expectations:

   terraform plan

   Make corrections to the configuration as necessary.

2. Apply the Terraform configuration by running the following command and enteringyes at the prompt:

   terraform apply

   Wait until Terraform displays the "Apply complete!" message.

3. Open your Google Cloud project to view the results. In the Google Cloud console, navigate to your resources in the UI to make sure that Terraform has created or updated them.

REST v1

1. Create the instance

Not all possible fields are shown in the following basic API call. For aprototype of a JSON request, seeSettings.

Also see theInstances:insert page. For information about instance settings, includingvalid values for regions, seeInstance settings. Forinformation about machine types, seeCustom instance configurations.

Don't include sensitive or personally identifiable informationininstance-id; the value is externally visible.

You do not need to include the project ID in the instance name. This is done automatically whereappropriate (for example, in the log files).

Thecollation field (not shown in the following basic API call)lets you set a default value for thetype of collation used for the databases in your instance.This collation default is permanent at the instance level but not atthe database level. You can change this default with adatabase administration tool, but only for a specific database that you arecreating or updating. You cannot change the collation default for an instanceafter creating the instance (unless you recreate the instance).For information about collations in SQL Server,seeCollation and Unicode support. For a prototype of a JSON request, seeSettings. You can specify the following example string for thecollation parameter:SQL_Latin1_General_CP1_CI_AS.

ThetimeZone field (not shown in the following basic API call)lets you to set a time zone for an instance. After you create an instance,you can change the time zone of an instance. For more information and a list ofaccepted strings, seeSettings. You can specify the following example string for thetimeZone field:"Pacific Standard Time".See more.

To create an instance that is integrated with Managed Microsoft AD,specify a domain, such assubdomain.mydomain.com, for thedomain field. For more information, seeCreating an instance with Windows Authentication.Additionally, note theprocedures and constraints for integrating with a Managed Microsoft ADdomain in a different project.

1. Enable the Cloud DNS API for your Google Cloud project (if this API isn't enabled).
2. Add a private IP address to the instance.
3. Specify an associated network for the instance.
4. Optionally, specify an allocated IP range for the instance.

Before using any of the request data, make the following replacements:

• PROJECT_ID: your project ID.
• INSTANCE_ID: the instance ID.
• REGION: the region name.
• DATABASE_VERSION: an enum string of the database version. For example:SQLSERVER_2017_STANDARD.
• PASSWORD: the password for theroot user.
• MACHINE_TYPE: an enum string of the machine (tier) type. For example:
  db-perf-optimized-N-4.
• EDITION_TYPE: your Cloud SQL edition. The default value isENTERPRISE.
• DATA_CACHE_ENABLED: (optional) to enable Data cache for your instance, set the value of this parameter totrue.
• PRIVATE_NETWORK: specify the name of the Virtual Private Cloud (VPC) network that you want to use for this instance. Private services access must already be configured for the network.
• AUTHORIZED_NETWORKS: For public IP connections, specify the connections from authorized networks that can connect to your instance.
• CA_MODE: specify acertificate authority hierarchy for the instance, eitherGOOGLE_MANAGED_INTERNAL_CA orGOOGLE_MANAGED_CAS_CA. If you don't specifyserverCaMode, then the default configuration isGOOGLE_MANAGED_INTERNAL_CA. This feature is inPreview.
• DNS_NAMES: add a comma-separated list of up to three DNS names to theserver certificate of your Cloud SQL instance. You can secure multiple DNS names with a single certificate. This feature is available inPreview and forCUSTOMER_MANAGED_CAS_CA instances only.

HTTP method and URL:

POST https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances

Request JSON body:

{  "name": "INSTANCE_ID",  "region": "REGION",  "databaseVersion": "DATABASE_VERSION",  "rootPassword": "PASSWORD",  "settings": {    "tier": "MACHINE_TYPE",    "edition": "EDITION_TYPE",    "backupConfiguration": {      "enabled": true    },    "dataCacheConfig": {      "dataCacheEnabled": DATA_CACHE_ENABLED    },    "ipConfiguration": {      "privateNetwork": "PRIVATE_NETWORK",      "authorizedNetworks": [AUTHORIZED_NETWORKS],      "ipv4Enabled": false,      "serverCaMode": "CA_MODE",      "customSubjectAlternativeNames": "DNS_NAMES"    }  }}

To send your request, expand one of these options:

curl -X POST \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d @request.json \
     "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances"

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances" | Select-Object -Expand Content

You should receive a JSON response similar to the following:

{  "kind": "sql#operation",  "targetLink": "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances/INSTANCE_ID",  "status": "PENDING",  "user": "user@example.com",  "insertTime": "2020-01-01T19:13:21.834Z",  "operationType": "CREATE",  "name": "OPERATION_ID",  "targetId": "INSTANCE_ID",  "selfLink": "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/operations/OPERATION_ID",  "targetProject": "PROJECT_ID"}

After the instance is created, you can furtherconfigure the defaultuser account.

2. Retrieve the IPv4 address of the instance

Optionally, you can retrieve the automatically-assigned IPv4 address.In the response, that address is in theipAddress field.

Before using any of the request data, make the following replacements:

• PROJECT_ID: your project ID
• INSTANCE_ID: your instance ID, created in the previous step

HTTP method and URL:

GET https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances/INSTANCE_ID

To send your request, expand one of these options:

curl -X GET \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances/INSTANCE_ID"

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances/INSTANCE_ID" | Select-Object -Expand Content

You should receive a JSON response similar to the following:

{  "kind": "sql#instance",  "state": "RUNNABLE",  "databaseVersion": "DATABASE_VERSION",  "settings": {    "authorizedGaeApplications": [],    "tier": "MACHINE_TYPE",    "kind": "sql#settings",    "pricingPlan": "PER_USE",    "replicationType": "SYNCHRONOUS",    "activationPolicy": "ALWAYS",    "ipConfiguration": {      "authorizedNetworks": [],      "ipv4Enabled": true    },    "locationPreference": {      "zone": "ZONE",      "kind": "sql#locationPreference"    },    "dataDiskType": "PD_SSD",    "backupConfiguration": {      "startTime": "19:00",      "kind": "sql#backupConfiguration",      "enabled": true    },    "settingsVersion": "1",    "dataDiskSizeGb": "10"  },  "etag": "--redacted--",  "ipAddresses": [    {      "type": "PRIMARY",      "ipAddress": "10.0.0.1"    }  ],  "serverCaCert": {    ...  },  "instanceType": "CLOUD_SQL_INSTANCE",  "project": "PROJECT_ID",  "serviceAccountEmailAddress": "redacted@gcp-sa-cloud-sql.iam.gserviceaccount.com",  "backendType": "BACKEND_TYPE",  "selfLink": "https://sqladmin.googleapis.com/v1/projects/PROJECT_ID/instances/INSTANCE_ID",  "connectionName": "PROJECT_ID:REGION:INSTANCE_ID",  "name": "INSTANCE_ID",  "region": "REGION",  "gceZone": "ZONE"}

REST v1beta4

1. Create the instance

Not all possible fields are shown in the following basic API call. For a prototype of a JSON request, see Settings.

Also see the Instances:insert page. For information about instance settings, including valid values for regions, seeInstance settings. For information about machine types, see Custom instance configurations.

Don't include sensitive or personally identifiable information ininstance-id; the value is externally visible.

You do not need to include the project ID in the instance name. This is done automatically whereappropriate (for example, in the log files).

Thecollation field (not shown in the following basic API call) lets you to set a default value for the type of collation used for the databases in your instance. This collation default is permanent at the instance level but not at the database level. You can change this default with a database administration tool, but only for a specific database that you are creating or updating. You can't change the collation default for an instance after creating the instance (unless you recreate the instance). For information about collations in SQL Server, see Collation and Unicode support. For a prototype of a JSON request, see Settings. You can specify the following example string for thecollation parameter:SQL_Latin1_General_CP1_CI_AS.

ThetimeZone field (not shown in the following basic API call) lets you to set a time zone for an instance. After you create an instance, you can change the time zone of an instance. For more information and a list of accepted strings, see Settings. You can specify the following example string for thetimeZone field:"Pacific Standard Time".See more.

To create an instance that is integrated with Managed Microsoft AD, specify a domain, such assubdomain.mydomain.com, for thedomain field. For more information, see Creating an instance with Windows Authentication. Additionally, note the procedures and constraints for integrating with a Managed Microsoft AD domain in a different project.

1. Enable the Cloud DNS API for your Google Cloud project (if this API isn't enabled).
2. Add a private IP address to the instance.
3. Specify an associated network for the instance.
4. Optionally, specify an allocated IP range for the instance.

Before using any of the request data, make the following replacements:

• PROJECT_ID: your project ID.
• INSTANCE_ID: the instance ID.
• REGION: the region name.
• DATABASE_VERSION: an enum string of the database version.
• MACHINE_TYPE: an enum string of the machine (tier) type. For example:
  db-perf-optimized-N-4.
• PASSWORD: the password for theroot user.
• MACHINE_TYPE: an enum string of the machine (tier) type, as:db-custom-[CPUS]-[MEMORY_MBS].
• EDITION_TYPE: your Cloud SQL edition. The default value isENTERPRISE.
• DATA_CACHE_ENABLED: (optional) to enable Data cache for your instance, set the value of this parameter totrue.
• PRIVATE_NETWORK: specify the name of the Virtual Private Cloud (VPC) network that you want to use for this instance. Private services access must already be configured for the network.
• AUTHORIZED_NETWORKS: For public IP connections, specify the connections from authorized networks that can connect to your instance.
• CA_MODE: specify acertificate authority hierarchy for the instance, eitherGOOGLE_MANAGED_INTERNAL_CA orGOOGLE_MANAGED_CAS_CA. If you don't specifyserverCaMode, then the default configuration isGOOGLE_MANAGED_INTERNAL_CA. This feature is inPreview.
• DNS_NAMES: add a comma-separated list of up to three DNS names to theserver certificate of your Cloud SQL instance. You can secure multiple DNS names with a single certificate. This feature is available inPreview and forCUSTOMER_MANAGED_CAS_CA instances only.

HTTP method and URL:

POST https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/instances

Request JSON body:

{  "name": "INSTANCE_ID",  "region": "REGION",  "databaseVersion": "DATABASE_VERSION",  "rootPassword": "PASSWORD",  "settings": {    "tier": "MACHINE_TYPE",    "edition": "EDITION_TYPE",    "backupConfiguration": {      "enabled": true    },    "dataCacheConfig": {      "dataCacheEnabled": DATA_CACHE_ENABLED    },    "ipConfiguration": {      "privateNetwork": "PRIVATE_NETWORK",      "authorizedNetworks": [AUTHORIZED_NETWORKS],      "ipv4Enabled": false,      "serverCaMode": "CA_MODE",      "customSubjectAlternativeNames": "DNS_NAMES"    }  }}

To send your request, expand one of these options:

curl -X POST \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d @request.json \
     "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/instances"

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/instances" | Select-Object -Expand Content

You should receive a JSON response similar to the following:

{  "kind": "sql#operation",  "targetLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/instances/INSTANCE_ID",  "status": "PENDING",  "user": "user@example.com",  "insertTime": "2020-01-01T19:13:21.834Z",  "operationType": "CREATE",  "name": "OPERATION_ID",  "targetId": "INSTANCE_ID",  "selfLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/operations/OPERATION_ID",  "targetProject": "PROJECT_ID"}

After the instance is created, you can furtherconfigure the default user account.

2. Retrieve the IPv4 address of the instance

Optionally, you can retrieve the automatically-assigned IPv4 address. In the response, that address is in theipAddress field.

Before using any of the request data, make the following replacements:

• PROJECT_ID: your project ID
• INSTANCE_ID: your instance ID, created in the previous step

HTTP method and URL:

GET https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/instances/INSTANCE_ID

To send your request, expand one of these options:

curl -X GET \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/instances/INSTANCE_ID"

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method GET `
    -Headers $headers `
    -Uri "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/instances/INSTANCE_ID" | Select-Object -Expand Content

You should receive a JSON response similar to the following:

{  "kind": "sql#instance",  "state": "RUNNABLE",  "databaseVersion": "DATABASE_VERSION",  "settings": {    "authorizedGaeApplications": [],    "tier": "MACHINE_TYPE",    "kind": "sql#settings",    "pricingPlan": "PER_USE",    "replicationType": "SYNCHRONOUS",    "activationPolicy": "ALWAYS",    "ipConfiguration": {      "authorizedNetworks": [],      "ipv4Enabled": true    },    "locationPreference": {      "zone": "ZONE",      "kind": "sql#locationPreference"    },    "dataDiskType": "PD_SSD",    "backupConfiguration": {      "startTime": "19:00",      "kind": "sql#backupConfiguration",      "enabled": true    },    "settingsVersion": "1",    "dataDiskSizeGb": "10"  },  "etag": "--redacted--",  "ipAddresses": [    {      "type": "PRIMARY",      "ipAddress": "10.0.0.1"    }  ],  "serverCaCert": {    ...  },  "instanceType": "CLOUD_SQL_INSTANCE",  "project": "PROJECT_ID",  "serviceAccountEmailAddress": "redacted@gcp-sa-cloud-sql.iam.gserviceaccount.com",  "backendType": "BACKEND_TYPE",  "selfLink": "https://sqladmin.googleapis.com/sql/v1beta4/projects/PROJECT_ID/instances/INSTANCE_ID",  "connectionName": "PROJECT_ID:REGION:INSTANCE_ID",  "name": "INSTANCE_ID",  "region": "REGION",  "gceZone": "ZONE"}