Set up a Cloud SQL database for App Maker

When you set up a default Cloud SQL instance that App Maker apps can use to store app data:

  • Developers can quickly add data models to their apps with just a few clicks.
  • App Maker handles interactions with SQL, which lets developers avoid database management tasks and focus on building great apps.
  • You can ensure your organization's G Suite data is stored securely in a database controlled by your organization.
  • Developers can switch to a custom instance for production deployments.

Cloud SQL requires that your organization has Google Cloud Platform (GCP) enabled. GCP has its own pricing structure.

If you decline to provide a default Cloud SQL database, developers can deploy apps that use external databases, such as a MySQL database that resides outside of Google Cloud.

Set up a default Cloud SQL instance for App Maker

Before you begin: To apply the setting for certain users: Put their accounts in an organizational unit (to set by department) or put them in a configuration group (to set for users across or within departments).

  1. Sign in to your Google Admin console.

    Sign in using your administrator account (does not end in @gmail.com).

  2. From the Admin console Home page, go to Apps and then Additional Google Services and then App Maker.
  3. Click Database settings.
  4. To apply the setting to everyone, leave the top organizational unit selected. Otherwise, select a child organizational unit or a configuration group.
  5. Click Help me set up Cloud SQL. The Admin console automatically detects if your domain has a GCP Organization resource set up, if you have access to GCP, and if your organization has existing Cloud SQL projects and suitable instances:

    When a GCP Organization resource isn't set up for your domain, set one up. Click the link to open GCP Console and create an account. You may be eligible for a free trial. After GCP is set up, return to App Maker Database settings and proceed with Cloud SQL setup.

    When a GCP Organization resource is set up for your domain:

    • If your organization has existing Cloud SQL projects and instances that you can access, you can select the project and instance from the menu. You can also create an instance for App Maker to use, as described in the next section.
    • If you don’t have access to an existing Cloud SQL project and can't create one, click the link to send a request to your organization’s GCP admin. They can set up Cloud SQL for you.
    • If you can access a Cloud SQL project but no instances, you can create one:
      1. Select the GCP project for the new instance.
      2. Click Create new SQL instance. The dialog takes you to GCP Console where you configure the instance.
      3. Set up the instance with the following settings:
        • Database engine: MySQL (required)
        • Type of instance: Second generation (required)
        • Region: us-central1 (recommended)

          We recommend that you use the us-central1 region for your new instance, regardless of your geographic location. You can select a different region, but app performance might not be satisfactory because apps are run in us-central.

        • Size (machine type): micro, small, or standard to start (recommended)

          You can start with a smaller instance and increase its size as more users and developers use App Maker. Note: Micro and small instances don't have an SLA and uptime isn't guaranteed.

      4. Return to the Admin console to complete set up. Refresh the page and select the new instance.

    By default, all G Suite users in your domain will have read and write access to the Cloud SQL instance that you set up for App Maker (they won't have permission to create and manage Cloud SQL databases outside of App Maker). However, only App Maker developers actually need access to the Cloud SQL instance; app users don’t need access to use apps. You can edit the roles associated with the GCP project to restrict or allow access for certain users, Google Groups, or domains in your organization. Learn how to edit roles.

  6. Click Save. If you configured an organizational unit or group, you might be able to Inherit/Override an organization or Unset a group.

  7. The default Cloud SQL instance is typically enabled in App Maker soon after you save your changes in the Admin console. However, it can take up to 24 hours to take effect. Open App Maker and verify that you can create a Cloud SQL model. Learn how.

Create an instance and edit Cloud SQL roles

Manually create a Cloud SQL instance for App Maker
  1. Go to the Cloud SQL Instances page in GCP.
  2. Click Create Instance to set up a new instance with the following settings:
    • Database engine: MySQL (required)
    • Type of instance: Second generation (required)
    • Region: us-central1 (recommended)

      We recommend that you use the us-central1 region for your new instance, regardless of your geographic location. You can select a different region, but app performance might not be satisfactory because apps are run in us-central.

    • Size (machine type): micro, small, or standard to start (recommended)

      You can start with a smaller instance and increase its size as more users and developers use App Maker. Note: Micro and small instances don't have an SLA and uptime isn't guaranteed.

  3. At this point, you can go to the App Maker database settings in the Admin console and click Help me set up Cloud SQL to select your new instance from a list and automatically set up permissions. To configure permissions and add the instance to App Maker manually, continue to the next step.

  4. Open IAM & Admin in GCP to grant required permissions. App Maker needs the SQL admin role to create and manage databases. It needs the SQL client role for apps to read and write data. Your organization's App Maker developers need the SQL client role so apps can read and write data on behalf of app users. 

  5. Click Select a project at the top of the page, then select the project that contains the SQL instance.
  6. Click Add Add people at the top of the page to add a member to your project.
  7. Paste appmaker-maestro@appspot.gserviceaccount.com into the New members field.
  8. Click the Roles drop-down list and choose the following roles:
    • Cloud SQL and then Cloud SQL Admin
    • Cloud SQL and then Cloud SQL Client
  9. Click Save.
  10. To give a user, group, or domain access to the SQL instance:
    1. Click Add Add people at the top of the page to add a member to your project.
    2. Enter the user’s email address, the group’s email address, or the domain as the member name.
    3. Click the Roles drop-down list and assign the Cloud SQL and then  Cloud SQL Client role.
    4. Click Save.
  11. Go to SQL instances and click the instance you're using for App Maker.
  12. Locate the instance connection name field and click Copy Copy.
  13. Open App Maker settings in the Admin console.
  14. Click Database settings.
  15. Select the organizational unit that you want to set the default Cloud SQL instance for. You can set a different default instance for each organizational unit. Learn more about organizational units.
  16. Paste the instance connection name in the instance connection name field and click Save.
  17. The default Cloud SQL instance is typically enabled in App Maker soon after you save your changes in the Admin console. However, it can take up to 24 hours to propagate to all users in your organization. Open App Maker and verify that you can create a Cloud SQL model. Learn how.
Edit Cloud SQL roles

When you set a Cloud SQL instance in the Admin console, everyone in your domain is added to the Cloud SQL Client role. You can customize the Cloud SQL Client role to add or remove users, Google Groups, or domains that belong to your organization. 

  1. Open IAM & Admin in GCP.
  2. Click Select a project at the top of the page, then select the project that contains the Cloud SQL instance.
  3. If you didn’t create your Cloud SQL project through the Admin console, make sure that the required service account roles are set:
    1. Click Add Add people at the top of the page to add a member to your project.
    2. Paste appmaker-maestro@appspot.gserviceaccount.com into the New members field.
    3. Click the Roles drop-down list and choose the following roles:
      • Cloud SQL and then Cloud SQL Admin
      • Cloud SQL and then  Cloud SQL Client
    4. Click Save.
  4. To give a user, group, or domain access to the SQL instance:
    1. Click Add Add people at the top of the page to add a member to your project.
    2. Enter the user’s email address, the group’s email address, or the domain as the member name.
    3. Click the Roles drop-down list and assign the Cloud SQL and then  Cloud SQL Client role.
    4. Click Save.
  5. To remove users, groups, or domains from a role:
    1. Click Roles to view the permissions by role.
    2. Click the Down arrow Down Arrow next to the role to expand the list of members.
    3. In the row for the user, group, or domain, click Delete Delete.
    4. In the confirmation dialog, click Remove.
Was this helpful?
How can we improve it?