diff --git a/modules/cloudsql-instance/README.md b/modules/cloudsql-instance/README.md
index 73b2e3f251..179e3c9128 100644
--- a/modules/cloudsql-instance/README.md
+++ b/modules/cloudsql-instance/README.md
@@ -161,6 +161,7 @@ module "db" {
| [disk_type](variables.tf#L73) | The type of data disk: `PD_SSD` or `PD_HDD`. | string | | "PD_SSD" |
| [encryption_key_name](variables.tf#L79) | The full path to the encryption key used for the CMEK disk encryption of the primary instance. | string | | null |
| [flags](variables.tf#L85) | Map FLAG_NAME=>VALUE for database-specific tuning. | map(string) | | null |
+| [ipv4_enabled](variables.tf#L143) | Add a public IP address to database instance. | bool | | false |
| [labels](variables.tf#L91) | Labels to be attached to all instances. | map(string) | | null |
| [prefix](variables.tf#L107) | Prefix used to generate instance names. | string | | null |
| [replicas](variables.tf#L123) | Map of NAME=> {REGION, KMS_KEY} for additional read replicas. Set to null to disable replica creation. | map(object({…})) | | {} |
diff --git a/modules/cloudsql-instance/main.tf b/modules/cloudsql-instance/main.tf
index c76f53d4fa..de4b5560a1 100644
--- a/modules/cloudsql-instance/main.tf
+++ b/modules/cloudsql-instance/main.tf
@@ -59,7 +59,7 @@ resource "google_sql_database_instance" "primary" {
user_labels = var.labels
ip_configuration {
- ipv4_enabled = false
+ ipv4_enabled = var.ipv4_enabled
private_network = var.network
dynamic "authorized_networks" {
for_each = var.authorized_networks != null ? var.authorized_networks : {}
@@ -124,7 +124,7 @@ resource "google_sql_database_instance" "replicas" {
user_labels = var.labels
ip_configuration {
- ipv4_enabled = false
+ ipv4_enabled = var.ipv4_enabled
private_network = var.network
dynamic "authorized_networks" {
for_each = var.authorized_networks != null ? var.authorized_networks : {}
diff --git a/modules/cloudsql-instance/variables.tf b/modules/cloudsql-instance/variables.tf
index 30acd91587..cd1581a25e 100644
--- a/modules/cloudsql-instance/variables.tf
+++ b/modules/cloudsql-instance/variables.tf
@@ -139,3 +139,9 @@ variable "users" {
type = map(string)
default = null
}
+
+variable "ipv4_enabled" {
+ description = "Add a public IP address to database instance."
+ type = bool
+ default = false
+}
diff --git a/tests/modules/cloudsql_instance/fixture/main.tf b/tests/modules/cloudsql_instance/fixture/main.tf
index 075ee4f1a1..cb5cc02581 100644
--- a/tests/modules/cloudsql_instance/fixture/main.tf
+++ b/tests/modules/cloudsql_instance/fixture/main.tf
@@ -34,4 +34,5 @@ module "test" {
users = var.users
tier = var.tier
deletion_protection = var.deletion_protection
+ ipv4_enabled = var.ipv4_enabled
}
diff --git a/tests/modules/cloudsql_instance/fixture/variables.tf b/tests/modules/cloudsql_instance/fixture/variables.tf
index d6cc7d8383..4f98386559 100644
--- a/tests/modules/cloudsql_instance/fixture/variables.tf
+++ b/tests/modules/cloudsql_instance/fixture/variables.tf
@@ -112,3 +112,8 @@ variable "deletion_protection" {
type = bool
default = false
}
+
+variable "ipv4_enabled" {
+ type = bool
+ default = false
+}
diff --git a/tests/modules/cloudsql_instance/test_plan.py b/tests/modules/cloudsql_instance/test_plan.py
index c4e8ba0a5a..f23c69c7af 100644
--- a/tests/modules/cloudsql_instance/test_plan.py
+++ b/tests/modules/cloudsql_instance/test_plan.py
@@ -117,3 +117,25 @@ def test_databases(plan_runner):
assert len(resources) == 2
assert all(r['values']['instance'] == "db" for r in resources)
assert sorted(r['values']['name'] for r in resources) == ["db1", "db2"]
+
+
+def test_simple_instance_ipv4_enable(plan_runner):
+ "Test instance ipv4_enabled."
+
+ _, resources = plan_runner(ipv4_enabled="true")
+ assert len(resources) == 1
+ assert resources[0]['values']['settings'][0]['ip_configuration'][0]['ipv4_enabled']
+
+
+def test_replicas_ipv4_enable(plan_runner):
+ "Test replicas ipv4_enabled."
+
+ replicas = """{
+ replica1 = { region = "europe-west3", encryption_key_name = null }
+ }"""
+
+ _, resources = plan_runner(replicas=replicas, ipv4_enabled="true")
+
+ assert len(resources) == 2
+ assert all([r['values']['settings'][0]['ip_configuration'][0]['ipv4_enabled'] for r in resources])
+