Stay organized with collections
Save and categorize content based on your preferences.
This page describes what you, as a Cloud SQL customer, are responsible for and what Google is responsible for.
Introduction
Cloud SQL is a fully managed database service that simplifies deployment, maintenance, and management of relational databases in the cloud. Cloud SQL offers meaningful insights and manageability features, significantly reducing user toil.
As a Cloud SQL customer, you are responsible for configuring and operating Cloud SQL for your workload needs to get the most value from the service.
Google's responsibilities
Provision and maintain the underlying infrastructure, including hardware, firmware, kernel, OS, storage, network and more:
Secure the low-level infrastructure, which includes the physical premises, the hardware in Google data centers, and the low-level software stack running on the machines.
Encrypt data in a Cloud SQL instance at rest by default and enable customer-managed encryption in transit.
Provide maintenance notifications, allow maintenance deferrals, and set maintenance denial periods.
Apply database vendor-provided fixes to instances as part of scheduled maintenance.
Make database vendor-provided fixes for known security vulnerabilities available for customers to apply proactively using self-service maintenance
Provide monitoring telemetry for various instance components including but not limited to:
CPU
Storage
Network
Memory
User connections
Provide disaster recovery capabilities
in case of region outages for instances configured with cross-region read
replicas and instances configured with multi-region backups.
Provide high availability in case of zonal outages on instances configured for high availability (HA).
Provide actionable insights into instance sizing and idleness for cost optimization with the Recommender service.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Shared responsibility\n\n\u003cbr /\u003e\n\n\u003cbr /\u003e\n\nThis page describes what you, as a Cloud SQL customer, are responsible for and what Google is responsible for.\n\nIntroduction\n------------\n\nCloud SQL is a fully managed database service that simplifies deployment, maintenance, and management of relational databases in the cloud. Cloud SQL offers meaningful insights and manageability features, significantly reducing user toil.\n\nAs a Cloud SQL customer, you are responsible for configuring and operating Cloud SQL for your workload needs to get the most value from the service.\n\nGoogle's responsibilities\n-------------------------\n\n- Provision and maintain the underlying infrastructure, including hardware, firmware, kernel, OS, storage, network and more:\n - [Secure](/docs/security/infrastructure/design#secure_low_level_infrastructure) the low-level infrastructure, which includes the physical premises, the hardware in Google data centers, and the low-level software stack running on the machines.\n - Encrypt data in a Cloud SQL instance [at rest](/docs/security/encryption/default-encryption) by default and enable customer-managed encryption [in transit](/docs/security/encryption-in-transit).\n- Install and [maintain](/sql/docs/mysql/maintenance) the database software.\n - Provide configuration and tools to secure your Cloud SQL instance.\n - Provide limited access to database-specific functionality available to customers using flags, stored procedures, and plugins.\n - Increase instance storage capacity for instances configured to [enable automatic storage increase](/sql/docs/mysql/instance-settings#automatic-storage-increase-2ndgen).\n - Provide maintenance notifications, allow maintenance deferrals, and set maintenance denial periods.\n - Apply database vendor-provided fixes to instances as part of scheduled maintenance.\n - Make database vendor-provided fixes for known security vulnerabilities available for customers to apply proactively using self-service maintenance\n- Provide monitoring telemetry for various instance components including but not limited to:\n - CPU\n - Storage\n - Network\n - Memory\n - User connections\n- Provide [disaster recovery](/sql/docs/mysql/intro-to-cloud-sql-disaster-recovery) capabilities in case of region outages for instances configured with cross-region read replicas and instances configured with multi-region backups.\n- Provide high availability in case of zonal outages on instances configured for [high availability (HA)](/sql/docs/mysql/high-availability).\n- Provide actionable insights into instance sizing and idleness for cost optimization with the [Recommender service](/sql/docs/mysql/recommender-sql-idle).\n- Provide Google Cloud integrations for [Identity and Access Management (IAM)](/sql/docs/mysql/iam-overview), [tags](/sql/docs/mysql/tags), [Cloud Logging](/sql/docs/mysql/logging), [Cloud Key Management Service](/sql/docs/mysql/configure-cmek) and [Network Intelligence Center](/network-intelligence-center/docs).\n\nCustomer responsibilities\n-------------------------\n\n- [Create](/sql/docs/mysql/create-instance) instances with the appropriate version, location, size and [database flags](/sql/docs/mysql/flags).\n- Create and administer databases and any user-created code on the instance.\n- [Secure](/sql/docs/mysql/instance-access-control) access, authentication, and authorization using appropriate controls.\n- Configure and troubleshoot connectivity from client-side tooling to the Cloud SQL instance.\n- Configure the Cloud SQL instance for [high availability](/sql/docs/mysql/high-availability) and zonal/regional [disaster recovery](/sql/docs/mysql/intro-to-cloud-sql-disaster-recovery).\n- Use the [maintenance features](/sql/docs/mysql/maintenance) to control the business impact from maintenance events.\n- Manage, tune, and optimize the database performance based on the workload and instance configuration.\n- Configure [storage capacity](/sql/docs/mysql/instance-settings#storage-capacity-2ndgen) to accommodate future growth necessary for critical database maintenance events."]]
