Manage Data Connect services and databases

Your Data Connect projects consist of two major infrastructure elements:

One or more Data Connect service instances
One or more Cloud SQL for PostgreSQL instances

This guide discusses how to set up and manage your Data Connect service instances, and introduces how to manage your associated Cloud SQL instances.

Configure regions for Firebase Data Connect

Projects that use Data Connect require a location setting.

When you create a new Data Connect service instance, you're prompted to select the location of the service.

Available locations

Data Connect services can be created in the following regions.

asia-east1
asia-east2
asia-northeast1
asia-northeast2
asia-northeast3
asia-south1
asia-southeast1
asia-southeast2
australia-southeast1
australia-southeast2
europe-central2
europe-north1
europe-southwest1
europe-west1
europe-west2
europe-west3
europe-west4
europe-west6
europe-west8
europe-west9
me-west1
northamerica-northeast1
northamerica-northeast2
southamerica-east1
southamerica-west1
us-central1
us-east1
us-east4
us-south1
us-west1
us-west2
us-west3
us-west4

Manage Data Connect service instances

Create services

To create a new service, use the Firebase console or run the local project initialization using the Firebase CLI. These workflows create a new Data Connect service.

These flows also guide you through:

Provisioning a new Cloud SQL instance (no-cost tier)
Linking an existing Cloud SQL instance to Data Connect (Blaze plan)

Manage users

Data Connect provides tools to manage user access that follow the the principle of least privilege (grant each user or service account the minimum necessary permissions to support needed functionality) and the notion of role-based access control (RBAC) (with predefined roles to manage database permissions, simplifying security management).

To add project members as users who can modify Data Connect instances in your project, use the Firebase console to select appropriate predefined user roles.

These roles grant permissions using Identity and Access Management (IAM). A role is a collection of permissions. When you assign a role to a project member, you grant that project member all the permissions that the role contains. See more information in:

The overview of Firebase IAM roles
The detailed list of Data Connect roles

Choose roles to enable specific workflows

IAM roles enable Firebase CLI workflows to let you manage your Data Connect projects.

CLI command, other workflow	Role(s) required
`firebase init dataconnect`	No permissions (when not linking a Cloud SQL instance) roles/cloudsql.admin (when creating a Cloud SQL instance)
`firebase deploy -–only dataconnect`	firebasedataconnect.connectors.* firebasedataconnect.services.* firebasedataconnect.schemas.* roles/cloudsql.admin
`firebase dataconnect:sql:diff`	firebasedataconnect.services.* firebasedataconnect.schemas.*
`firebase dataconnect:sql:migrate`	roles/cloudsql.admin on the target Cloud SQL instance
`firebase dataconnect:sql:grant`	roles/cloudsql.admin on the target Cloud SQL instance

Monitor Data Connect service performance

Understand service performance

The performance of both the Data Connect service and the Cloud SQL for PostgreSQL service can affect your experience during preview.

For the Data Connect service, there is a limit of 1200 GraphQL and connector requests per minute, affecting the rate at which you can call and execute queries and mutations.
For the Cloud SQL for PostgreSQL service, refer to general guidance in the Quotas and limits documentation.

Monitor service performance, usage and billing

You can monitor requests, errors and operation rates, both globally and per operation in the Firebase console.

Manage Cloud SQL instances

Free trial limitations

The following Cloud SQL for PostgreSQL features are not supported in the free trial:

PostgreSQL versions other than 15.x
Use of existing Cloud SQL for PostgreSQL instances
Different machine tier than db-f1-micro
Changing resources of your instance, such as storage, memory, CPU
Read replicas
Private instance IP address
High-availability (multi-zone); only single-zone instances are supported
Enterprise Plus edition
Automatic backups
Automatic storage increase.

Administer Cloud SQL instances

In general, you can manage your Cloud SQL instances using the Google Cloud console to perform the following workflows.

Stop and restart Cloud SQL instances
Create and delete Cloud SQL databases (within instances)
Start PostgreSQL database instances with flags and use a variety of extensions
Monitor performance with Cloud SQL observability features in the Google Cloud console
Manage Cloud SQL access and security with features like IAM, secret manager, data encryption and auth proxy
Add, delete and administer Cloud SQL users.

For these and other workflows, refer to the Cloud SQL for PostgreSQL documentation.

Grant PostgreSQL user roles using the Firebase CLI and Google Cloud tools

In some cases, you might want to connect to the Data Connect-managed Cloud SQL database directly via a SQL client of your choice using, for example, Cloud Run, Cloud Functions or GKE.

To enable such connections, you need to grant SQL permissions by:

Assigning the roles/cloudsql.client IAM role to the user or service account that needs to connect to the instance, either from the Google Cloud console or using the gcloud CLI
Granting the necessary PostgreSQL role using the Firebase CLI

Assign the Cloud SQL IAM role

For information on working with Cloud SQL for PostgreSQL to assign IAM role roles/cloudsql.client, see Roles and permissions.

Grant PostgreSQL roles

Using the Firebase CLI, you can grant pre-defined PostgreSQL roles to users or service accounts associated with your project with the firebase dataconnect:sql:grant command.

For example, to grant the writer role, run this command at the CLI:

firebase dataconnect:sql:grant --role writer

For details, refer to the CLI reference guide.