# Cloud SQL instance with multi-region read replicas From startups to enterprises, database disaster recovery planning is critical to provide the continuity of processing. While Cloud SQL does provide high availability within a single region, regional failures or unavailability can occur from cyber attacks to natural disasters. Such incidents or outages lead to a quick domino effect for startups, making it difficult to recover from the loss of revenue and customers, which is especially true for bootstrapped or lean startups. It is critical that your database is regionally resilient and made available promptly in a secondary region. With Cloud SQL for PostgreSQL, you can configure cross-region read replicas for a complete DR failover and fallback process. This example creates a [Cloud SQL instance](https://cloud.google.com/sql) with multi-region read replicas as described in the [Cloud SQL for PostgreSQL disaster recovery](https://cloud.google.com/architecture/cloud-sql-postgres-disaster-recovery-complete-failover-fallback) article. The solution is resilient to a regional outage. To get familiar with the procedure needed in the unfortunate case of a disaster recovery, please follow steps described in [part two](https://cloud.google.com/architecture/cloud-sql-postgres-disaster-recovery-complete-failover-fallback#phase-2) of the aforementioned article. Use cases: Configuring the CloudSQL instance for DR can be done in the following steps: - Create an HA Cloud SQL for PostgreSQL instance. - Deploy a cross-region read replica on Google Cloud using Cloud SQL for PostgreSQL. The solution will use: - [VPC](https://cloud.google.com/vpc) with Private Service Access to deploy the instances and VM - [Cloud SQL - Postgre SQL](https://cloud.google.com/sql/pricing) instanced with Private IP - [Goocle Cloud Storage](https://cloud.google.com/storage/) bucket to handle database import/export - [Google Cloud Engine](https://cloud.google.com/compute) instance to connect to the Posgre SQL instance - [Google Cloud NAT](https://cloud.google.com/nat/docs/overview) to access internet resources This is the high level diagram: ![Cloud SQL multi-region.](images/diagram.png "Cloud SQL multi-region") If you're migrating from another Cloud Provider, refer to [this](https://cloud.google.com/free/docs/aws-azure-gcp-service-comparison) documentation to see equivalent services and comparisons in Microsoft Azure and Amazon Web Services. ## Requirements This example will deploy all its resources into the project defined by the `project_id` variable. Please note that we assume this project already exists. However, if you provide the appropriate values to the `project_create` variable, the project will be created as part of the deployment. If `project_create` is left to `null`, the identity performing the deployment needs the `owner` role on the project defined by the `project_id` variable. Otherwise, the identity performing the deployment needs `resourcemanager.projectCreator` on the resource hierarchy node specified by `project_create.parent` and `billing.user` on the billing account specified by `project_create.billing_account_id`. ## Deployment ### Step 0: Cloning the repository Click on the image below, sign in if required and when the prompt appears, click on “confirm”. [
string
| ✓ | |
| [prefix](variables.tf#L51) | Unique prefix used for resource names. Not used for project if 'project_create' is null. | string
| ✓ | |
| [project_id](variables.tf#L65) | Project id, references existing project if `project_create` is null. | string
| ✓ | |
| [data_eng_principals](variables.tf#L23) | Groups with Service Account Token creator role on service accounts in IAM format, only user supported on CloudSQL, eg 'user@domain.com'. | list(string)
| | []
|
| [network_config](variables.tf#L29) | Shared VPC network configurations to use. If null networks will be created in projects with preconfigured values. | object({…})
| | null
|
| [postgres_database](variables.tf#L45) | `postgres` database. | string
| | "guestbook"
|
| [project_create](variables.tf#L56) | Provide values if project creation is needed, uses existing project if null. Parent is in 'folders/nnn' or 'organizations/nnn' format. | object({…})
| | null
|
| [regions](variables.tf#L70) | Map of instance_name => location where instances will be deployed. | map(string)
| | {…}
|
| [service_encryption_keys](variables.tf#L17) | Cloud KMS keys to use to encrypt resources. Provide a key for each reagion configured. | map(string)
| | null
|
| [sql_configuration](variables.tf#L84) | Cloud SQL configuration | object({…})
| | {…}
|
## Outputs
| name | description | sensitive |
|---|---|:---:|
| [bucket](outputs.tf#L22) | Cloud storage bucket to import/export data from Cloud SQL. | |
| [connection_names](outputs.tf#L17) | Connection name of each instance. | |
| [demo_commands](outputs.tf#L37) | Demo commands. | |
| [ips](outputs.tf#L27) | IP address of each instance. | |
| [project_id](outputs.tf#L32) | ID of the project containing all the instances. | |
| [service_accounts](outputs.tf#L46) | Service Accounts. | |