StevenACoffman/AlloyDB_Change_To_Public_IP_RequireSSL.md

Last active November 10, 2025 22:06

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/StevenACoffman/74988559c0053bab47624d5fb3d3adbf.js"></script>
Save StevenACoffman/74988559c0053bab47624d5fb3d3adbf to your computer and use it in GitHub Desktop.

Download ZIP

AlloyDB_Change_To_Public_IP_RequireSSL.md

Raw

AlloyDB_Change_To_Public_IP_RequireSSL.md

Screenshot 2025-11-10 at 5 01 35 PM

### Procedure:

Step 1: Go to https://console.cloud.google.com/alloydb/clusters?referrer=search&project=khan-academy Select Cluster, and Edit Read Pool
Step 2: Under Network Security, Select Require SSL (and optionally Enforce mTLS via AlloyDB connectors)
Step 3: Under Connectivity, Select Enable Public IP

Step 4: Unhide Advanced Configuration vieo, then Under Flags, click "Add database flag" and ensure at least these minimum flags are set to these values (other flags also may be set)

flag	value
alloydb.enable_pglogical	on
alloydb.logical_decoding	on
password.enforce_complexity	on
password.min_uppercase_letters	1
password.min_numerical_chars flag	1
password.min_pass_length	10
password.min_special_chars	1
password.enforce_password_does_not_contain_username	on

Step 5: Update Read Pool
Step 6: Repeat for the Primary instance

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment