Overview
You can establish connectivity from the destination database to the source database through a secure reverse SSH tunnel. This method requires a bastion host VM in the Google Cloud project as well as a machine (for example, a laptop on the network) that has connectivity to the source database.The Database Migration Service for PostgreSQL collects the required information at migration creation time, and auto-generates the script for setting it all up.
See the following diagram:
Set up a reverse SSH tunnel
The following steps are performed in the Database Migration Service flow for
creating a migration job, to set up a reverse SSH tunnel between the source database and Cloud SQL instance. After you provide some parameters, you execute a set of gcloud
commands on a machine which has connectivity to both the source database and to Google Cloud.
- Select the VM instance used to establish connectivity between the source database and the Cloud SQL instance. Typically this is a VM running in the VPC where the application accessing the new Cloud SQL database runs. The VM instance serves as the SSH tunnel bastion server.
You can use an existing Compute Engine VM instance for this purpose.
Choose the Compute Engine VM instance from the list.
Provide a free port that the SSH tunnel can use.
Alternatively, you can create a new VM at this step. Select
CREATE A COMPUTE ENGINE VM INSTANCEand the generated script includes instructions to create it.Provide a name for the VM instance.
Select a machine type for the VM.
Specify a subnet for the VM
Click VIEW SCRIPT to view the generated script.
Make sure the replication connections section of the
pg_hba.conffile or the AWS RDS security groups definitions on the source database are updated to accept connections from the Cloud SQL VPC's IP address range.Run the script on a machine that has access to both the source database and the Compute Engine VM. The script performs the following operations:
Configures the Compute Engine VM as an SSH tunnel bastion server.
Establishes a secure SSH connection between the source database and the VPC.
If you're creating a new Compute Engine VM, then after successfully running the script, copy the VM server IP from the script output and enter it in the provided text field. The Cloud SQL instance will be updated as needed when you later test or start the migration job.
Click CONFIGURE & CONTINUE.
Verify your migration job to confirm that it correctly migrated data from your source database instance to the destination Cloud SQL database instance.
If your source is within a VPN (in AWS, for example, or your own on-premises VPN), proceed to the section on connecting VPCs through VPNs for more information on configuring the source VPN and Google Cloud VPN to work with each other.
After your migration job is configured, connectivity is verified, and VPNs are configured successfully if necessary, then you can run the job.
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-07-02 UTC.
TMZ Celebrity News – Breaking Stories, Videos & Gossip
Looking for the latest TMZ celebrity news? You've come to the right place. From shocking Hollywood scandals to exclusive videos, TMZ delivers it all in real time.
Whether it’s a red carpet slip-up, a viral paparazzi moment, or a legal drama involving your favorite stars, TMZ news is always first to break the story. Stay in the loop with daily updates, insider tips, and jaw-dropping photos.
🎥 Watch TMZ Live
TMZ Live brings you daily celebrity news and interviews straight from the TMZ newsroom. Don’t miss a beat—watch now and see what’s trending in Hollywood.
- Exclusive TMZ interviews and court updates
- Viral celebrity videos and candid photos
- Trending gossip and entertainment news