Dial Configuration - Formal Documentation

Dial configuration controls how the Connector establishes the upstream connection for a Resource. It is optional. When absent, the Connector dials direct TCP using the Resource’s hostname and port. This is the default and matches the behavior of every Resource before this feature.

Dial methods

`tcp` (default)

The Connector dials hostname:port directly. This fits self-managed databases, Amazon RDS and Aurora, any other endpoint reachable over plain TCP from the Connector.

`gcp_cloudsql`

The Connector dials Google Cloud SQL natively, similarly to what Google’s cloud-sql-proxy does. Ephemeral mTLS certificates are minted and rotated automatically, and the connection is encrypted end-to-end by Cloud SQL. gcp_cloudsql requires dial_target to be the Cloud SQL instance connection name in project:region:instance form. Supported only for postgres and mysql Resources. Connector prerequisites:

Application Default Credentials configured: the GOOGLE_APPLICATION_CREDENTIALS environment variable points at a service account JSON key, or the Connector runs on a GCP workload with a bound identity.
The credentials grant roles/cloudsql.client on the project that owns the Cloud SQL instance.

When dial_method is not tcp, the Resource’s TLS configuration is ignored.

Configure dial configuration

Web Console
Terraform

Open the Resource

Navigate to Resources and open the target Resource.

Open the Connectivity tab

Select the Connectivity tab. The Dial Configuration section is where the dial method and target are set.

Pick a dial method

Selecting TCP keeps the default. Selecting Google Cloud SQL routes upstream connections natively.

Set the dial target (Cloud SQL only)

Enter the Cloud SQL instance connection name in project:region:instance form (for example my-project:us-central1:pg-prod), then click Save.

# Direct TCP dial (matches the default, usually omitted).
resource "formal_resource_dial_configuration" "tcp" {
  resource_id = formal_resource.my_postgres.id
  dial_method = "tcp"
}

# Native Cloud SQL dial.
resource "formal_resource_dial_configuration" "cloudsql" {
  resource_id = formal_resource.my_postgres.id
  dial_method = "gcp_cloudsql"
  dial_target = "my-project:us-central1:pg-prod"
}

A Resource has at most one dial configuration. Deleting it restores the default tcp behavior.

Verify

After applying the configuration, run the standard connectivity check:

From the Resource Details page, click Test Connection (or Test Connectors for a specific Connector).
The check should report success for the TCP, TLS, Authentication, and Data Access stages.

See Testing Resource Connectivity for what each stage validates.

For Cloud SQL, the first dial against a new instance adds roughly one second of latency while the ephemeral certificate is minted. Subsequent dials within the hour reuse the cached certificate.

​Dial methods

​tcp (default)

​gcp_cloudsql

​Configure dial configuration

​Verify

Dial methods

`tcp` (default)

`gcp_cloudsql`

Configure dial configuration

Verify