Connecting to VPC internal services from Google Cloud Shell
Is it possible to access services (like CloudSQL or some custom applications) that are running on internal IPs only (VPC) from cloud shell?
The idea behind it, I want to keep Cloud SQL on private IPs and use it from Cloud Run (works fine), but occasionally I need to connect to that SQL manually and run some queries (like watching app audit logs stored in database).
It looks like an overkill and too complicated to have VPN or Cloud Proxy instance running or to spin up a dedicated App Engine VM as a jump node to just occasionally run MySQL client from cloud shell, so I'm looking for an alternative "direct" method without exposing MySQL on a public IP.
Bastion hosts provide an external facing point of entry into a network containing private network instances, as illustrated in the following diagram.
This host can provide a single point of fortification or audit and can be started and stopped to enable or disable inbound SSH.