请告诉我有关使用Google AppMaker安全设置Cloud SQL的信息。 在GCP中,我创建了第二代实例(My SQL)。
在以下URL中,要从AppMaker连接到Cloud SQL, 云端SQL方面批准appmaker-maestro@appspot.gserviceaccount.com作为角色。 https://developers.google.com/appmaker/models/cloudsql
在这种情况下,由于上述角色对于由Google App Maker创建的所有应用程序都很常见,所以如果有人知道数据库用户名和密码,它似乎可以从世界上的任何AppMaker访问。
我如何设置Cloud SQL,以便只能从特定的AppMaker或内部网络访问Cloud SQL?
Please tell me about secure setup of Cloud SQL with Google AppMaker. In GCP, I created a second generation instance(My SQL).
In the following URL, to connect to Cloud SQL from AppMaker,Cloud SQL side approves appmaker-maestro@appspot.gserviceaccount.com as Role. https://developers.google.com/appmaker/models/cloudsql
In this case, since the above Role is common to all the applications created by Google App Maker, if someone knows the Database user name and password, it seems to be accessible from any AppMaker in the world.
How can I setup Cloud SQL so that can be accessed Cloud SQL only from specific AppMaker or from internal network?
最满意答案
App Maker在建立Cloud SQL连接时会检查项目的ACL(访问控制列表),因此如果用户帐户没有对项目的权限,连接将被拒绝,尽管他/她是否拥有用户名/密码或不。
App Maker do check the ACL(access control list) of the project when establishing the Cloud SQL connection, so if the user account doesn't have the right permission to the project, the connection will be denied, despite whether he/she has the username/password or not.
更多推荐
发布评论