Answer-first summary for fast verification
Answer: Use AlloyDB Auth Proxy and configure the application project’s firewall to allow connections to port 5433.
The recommended approach to securely connect an application in a different project and network to AlloyDB while minimizing operations is using the AlloyDB Auth Proxy. The Auth Proxy handles encryption and IAM-based authentication, enabling secure connections without requiring VPC peering or Shared VPC. The application connects via the proxy (running locally), which routes traffic through Google's infrastructure, avoiding the need to expose AlloyDB publicly or reconfigure network settings. Option B is correct because it aligns with Google's best practices for cross-project connectivity with minimal setup. Options A and D involve network/project restructuring, which violates isolation requirements. Option C addresses authentication but not network connectivity.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can you securely connect your application hosted in a separate project and network to an AlloyDB instance while maintaining project isolation, minimizing additional operations, and following Google-recommended practices for network configuration?
A
Provision a Shared VPC project where both the application project and the AlloyDB project are service projects.
B
Use AlloyDB Auth Proxy and configure the application project’s firewall to allow connections to port 5433.
C
Provision a service account from the AlloyDB project. Use this service account’s JSON key file as the --credentials-file to connect to the AlloyDB instance.
D
Ask the database team to provision AlloyDB databases in the same project and network as the application.
No comments yet.