1. Open the GCP Console and navigate to the Cloud SQL Instances page.
2. Click on the name of the Cloud SQL instance that has the public read replica.
3. In the left-hand menu, click on “Replicas”.
4. Identify the public read replica instance and click on its name.
5. In the left-hand menu, click on “Connections”.
6. Under “Authorized networks”, click on the “Edit” button.
7. Remove any IP addresses or ranges that are not authorized to access the replica instance.
8. Click “Save” to save the changes.

​

1. Open the GCP Cloud Console and authenticate with your credentials.
2. Open the Cloud Shell by clicking on the icon in the top right corner of the console.
3. Run the following command to list all the read replica instances in your project: gcloud sql instances list
4. Identify the read replica instance that is public.
5. Run the following command to update the instance to not be public: gcloud sql instances patch [INSTANCE_NAME] --no-assign-ip Replace [INSTANCE_NAME] with the name of the instance you identified in step 4.
6. Verify that the instance is no longer public by running the following command: gcloud sql instances describe [INSTANCE_NAME] Replace [INSTANCE_NAME] with the name of the instance you identified in step 4. Look for the “ipAddresses” field in the output. If it says “None”, then the instance is not public.

1. First, you need to identify all the read replica instances that are public. You can use the GCP Python SDK to retrieve the list of all read replica instances and check if they are public or not. You can use the following code snippet to retrieve the list of all read replica instances:

from google.cloud import bigquery

client = bigquery.Client()

# List all read replica instances
query = """
SELECT *
FROM `project_id.region`.INFORMATION_SCHEMA.REPLICA_INFO
WHERE ROLE = 'READ_REPLICA';
"""

query_job = client.query(query)

for row in query_job:
    print(row)

2. Once you have identified the public read replica instances, you can update their access controls to make them private. You can use the GCP Python SDK to update the instance’s access controls and remove the public IP address. You can use the following code snippet to update the access control of a read replica instance:

from google.cloud import compute_v1

compute_client = compute_v1.InstancesClient()

# Set instance access control to private
access_config = compute_v1.AccessConfig(name="External NAT", type_="ONE_TO_ONE_NAT")
network_interface = compute_v1.NetworkInterface(access_configs=[access_config])
instance = compute_v1.Instance(network_interfaces=[network_interface])

# Update the instance with new access control
project_id = 'my-project'
zone = 'us-central1-a'
instance_name = 'my-instance'

operation = compute_client.update_network_interface(
    project=project_id,
    zone=zone,
    instance=instance_name,
    network_interface=network_interface,
)

# Wait for the operation to complete
operation.result()

3. Finally, you can verify that the read replica instances are no longer public by checking their access controls. You can use the GCP Python SDK to retrieve the instance’s access controls and verify that it is private. You can use the following code snippet to retrieve the access control of an instance:

from google.cloud import compute_v1

compute_client = compute_v1.InstancesClient()

# Get instance access control
project_id = 'my-project'
zone = 'us-central1-a'
instance_name = 'my-instance'

instance = compute_client.get(project=project_id, zone=zone, instance=instance_name)
access_config = instance.network_interfaces[0].access_configs[0]

if access_config.type_ == "ONE_TO_ONE_NAT":
    print("Instance access control is private")
else:
    print("Instance access control is public")