Automate DB access via tunnel with GIT Pull Requests in Google Cloud

In this article I will show the way how to connect to some database which, works in Private subnet in GCP with automated secure way. What does it means, each time when some member of our team comes to devops engineers to get an access to the database, after official approve we must go to the GCP and prepare all permissions by hand. Just imagine some engineer have PUBLIC IP address and to give an access to some DB we must add PUBLIC IP address of the user to firewall whitelist, then create new username in the SSH Jumping server with predefined user PUBLIC key(which, only after that user can connect to the DB via Jumper server). All these stuff triggered by CircleCI if PR will be approved by one of the member DevOps team group from Github and merged to main branch. To automate these stuff in GCP I wrote in bash which you can get all code files from this repository.

Note: The source of the syncronization for PUBLIC keys and PUBLIC IP addresses of the users will be repository where code files will be located. It means if some another PUBLIC IP and PUBLIC key will be added by hand to the remote server and firewall, they will be deleted by code. So it means code files tracks state from source of the repository.

In the following video I am trying to simulate it. I hope it will be useful.