NAME gcloud sql instances patch - updates the settings of a Cloud SQL instance SYNOPSIS gcloud sql instances patch INSTANCE [--activation-policy=ACTIVATION_POLICY] [--active-directory-domain=ACTIVE_DIRECTORY_DOMAIN] [--[no-]assign-ip] [--async] [--audit-bucket-path=AUDIT_BUCKET_PATH] [--audit-retention-interval=AUDIT_RETENTION_INTERVAL] [--audit-upload-interval=AUDIT_UPLOAD_INTERVAL] [--availability-type=AVAILABILITY_TYPE] [--clear-password-policy] [--connector-enforcement=CONNECTOR_ENFORCEMENT] [--cpu=CPU] [--database-version=DATABASE_VERSION] [--[no-]deletion-protection] [--deny-maintenance-period-end-date=DENY_MAINTENANCE_PERIOD_END_DATE] [--deny-maintenance-period-start-date=DENY_MAINTENANCE_PERIOD_START_DATE] [--deny-maintenance-period-time=DENY_MAINTENANCE_PERIOD_TIME] [--diff] [--edition=EDITION] [--[no-]enable-bin-log] [--enable-data-cache] [--[no-]enable-database-replication] [--[no-]enable-google-private-path] [--enable-password-policy] [--enable-point-in-time-recovery] [--follow-gae-app=FOLLOW_GAE_APP] [--[no-]insights-config-query-insights-enabled] [--insights-config-query-plans-per-minute=INSIGHTS_CONFIG_QUERY_PLANS_PER_MINUTE] [--insights-config-query-string-length=INSIGHTS_CONFIG_QUERY_STRING_LENGTH] [--[no-]insights-config-record-application-tags] [--[no-]insights-config-record-client-address] [--maintenance-release-channel=MAINTENANCE_RELEASE_CHANNEL] [--maintenance-version=MAINTENANCE_VERSION] [--maintenance-window-any] [--maintenance-window-day=MAINTENANCE_WINDOW_DAY] [--maintenance-window-hour=MAINTENANCE_WINDOW_HOUR] [--memory=MEMORY] [--network=NETWORK] [--password-policy-complexity=PASSWORD_POLICY_COMPLEXITY] [--[no-]password-policy-disallow-username-substring] [--password-policy-min-length=PASSWORD_POLICY_MIN_LENGTH] [--password-policy-password-change-interval=PASSWORD_POLICY_PASSWORD_CHANGE_INTERVAL] [--password-policy-reuse-interval=PASSWORD_POLICY_REUSE_INTERVAL] [--pricing-plan=PRICING_PLAN, -p PRICING_PLAN] [--[no-]recreate-replicas-on-primary-crash] [--remove-deny-maintenance-period] [--replication=REPLICATION] [--[no-]require-ssl] [--simulate-maintenance-event] [--ssl-mode=SSL_MODE] [--[no-]storage-auto-increase] [--storage-size=STORAGE_SIZE] [--threads-per-core=THREADS_PER_CORE] [--tier=TIER, -t TIER] [--upgrade-sql-network-architecture] [--allowed-psc-projects=PROJECT,[PROJECT,...] | --clear-allowed-psc-projects] [--authorized-gae-apps=APP,[APP,...] | --clear-gae-apps] [--authorized-networks=NETWORK,[NETWORK,...] | --clear-authorized-networks] [--clear-database-flags | --database-flags=FLAG=VALUE,[FLAG=VALUE,...]] [--gce-zone=GCE_ZONE | --secondary-zone=SECONDARY_ZONE --zone=ZONE] [--no-backup | --backup-location=BACKUP_LOCATION --backup-start-time=BACKUP_START_TIME --retained-backups-count=RETAINED_BACKUPS_COUNT --retained-transaction-log-days=RETAINED_TRANSACTION_LOG_DAYS] [GCLOUD_WIDE_FLAG ...] DESCRIPTION Updates the settings of a Cloud SQL instance. POSITIONAL ARGUMENTS INSTANCE Cloud SQL instance ID. FLAGS --activation-policy=ACTIVATION_POLICY Activation policy for this instance. This specifies when the instance should be activated and is applicable only when the instance state is RUNNABLE. The default is always. More information on activation policies can be found here: https://cloud.google.com/sql/docs/mysql/start-stop-restart-instance#activation_policy. ACTIVATION_POLICY must be one of: always, never. --active-directory-domain=ACTIVE_DIRECTORY_DOMAIN Managed Service for Microsoft Active Directory domain this instance is joined to. Only available for SQL Server instances. --[no-]assign-ip Assign a public IP address to the instance. This is a public, externally available IPv4 address that you can use to connect to your instance when properly authorized. Use --assign-ip to enable and --no-assign-ip to disable. --async Return immediately, without waiting for the operation in progress to complete. --audit-bucket-path=AUDIT_BUCKET_PATH The location, as a Cloud Storage bucket, to which audit files are uploaded. The URI is in the form gs://bucketName/folderName. Only available for SQL Server instances. --audit-retention-interval=AUDIT_RETENTION_INTERVAL The number of days for audit log retention on disk, for example, 3dfor 3 days. Only available for SQL Server instances. --audit-upload-interval=AUDIT_UPLOAD_INTERVAL How often to upload audit logs (audit files), for example, 30mfor 30 minutes. Only available for SQL Server instances. --availability-type=AVAILABILITY_TYPE Specifies level of availability. AVAILABILITY_TYPE must be one of: regional Provides high availability and is recommended for production instances; instance automatically fails over to another zone within your selected region. zonal Provides no failover capability. This is the default. --clear-password-policy Clear the existing password policy. This flag is only available for Postgres. --connector-enforcement=CONNECTOR_ENFORCEMENT Cloud SQL Connector enforcement mode. It determines how Cloud SQL Connectors are used in the connection. See the list of modes here (https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/instances#connectorenforcement). CONNECTOR_ENFORCEMENT must be one of: CONNECTOR_ENFORCEMENT_UNSPECIFIED The requirement for Cloud SQL connectors is unknown. NOT_REQUIRED Does not require Cloud SQL connectors. REQUIRED Requires all connections to use Cloud SQL connectors, including the Cloud SQL Auth Proxy and Cloud SQL Java, Python, and Go connectors. Note: This disables all existing authorized networks. --cpu=CPU Whole number value indicating how many cores are desired in the machine. Both --cpu and --memory must be specified if a custom machine type is desired, and the --tier flag must be omitted. --database-version=DATABASE_VERSION The database engine type and versions. If left unspecified, no changes occur. See the list of database versions at https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/SqlDatabaseVersion. Apart from listed major versions, DATABASE_VERSION also accepts supported minor versions. DATABASE_VERSION must be one of: MYSQL_5_6, MYSQL_5_7, MYSQL_8_0, POSTGRES_9_6, POSTGRES_10, POSTGRES_11, POSTGRES_12, POSTGRES_13, POSTGRES_14, POSTGRES_15, SQLSERVER_2017_EXPRESS, SQLSERVER_2017_WEB, SQLSERVER_2017_STANDARD, SQLSERVER_2017_ENTERPRISE, SQLSERVER_2019_EXPRESS, SQLSERVER_2019_WEB, SQLSERVER_2019_STANDARD, SQLSERVER_2019_ENTERPRISE, SQLSERVER_2022_EXPRESS, SQLSERVER_2022_WEB, SQLSERVER_2022_STANDARD, SQLSERVER_2022_ENTERPRISE. --[no-]deletion-protection Enable deletion protection on a Cloud SQL instance. Use --deletion-protection to enable and --no-deletion-protection to disable. --deny-maintenance-period-end-date=DENY_MAINTENANCE_PERIOD_END_DATE Date when the deny maintenance period ends, that is 2021-01-10. --deny-maintenance-period-start-date=DENY_MAINTENANCE_PERIOD_START_DATE Date when the deny maintenance period begins, that is 2020-11-01. --deny-maintenance-period-time=DENY_MAINTENANCE_PERIOD_TIME Time when the deny maintenance period starts or ends, that is 05:00:00. --diff Show what changed as a result of the update. --edition=EDITION Specifies the edition of Cloud SQL instance. EDITION must be one of: enterprise, enterprise-plus. --[no-]enable-bin-log Allows for data recovery from a specific point in time, down to a fraction of a second. Must have automatic backups enabled to use. Make sure storage can support at least 7 days of logs. Use --enable-bin-log to enable and --no-enable-bin-log to disable. --enable-data-cache Enable use of data cache for accelerated read performance. This flag is only available for Enterprise_Plus edition instances. --[no-]enable-database-replication Enable database replication. Applicable only for read replica instance(s). WARNING: Instance will be restarted. Use --enable-database-replication to enable and --no-enable-database-replication to disable. --[no-]enable-google-private-path Enable a private path for Google Cloud services. This flag specifies whether the instance is accessible to internal Google Cloud services such as BigQuery. This is only applicable to MySQL and PostgreSQL instances that don't use public IP. Currently, SQL Server isn't supported. Use --enable-google-private-path to enable and --no-enable-google-private-path to disable. --enable-password-policy Enable the password policy, which enforces user password management with the policies configured for the instance. This flag is only available for Postgres. --enable-point-in-time-recovery Allows for data recovery from a specific point in time, down to a fraction of a second, via write-ahead logs. Must have automatic backups enabled to use. Make sure storage can support at least 7 days of logs. --follow-gae-app=FOLLOW_GAE_APP First Generation instances only. The App Engine app this instance should follow. It must be in the same region as the instance. WARNING: Instance may be restarted. --[no-]insights-config-query-insights-enabled Enable query insights feature to provide query and query plan analytics. Use --insights-config-query-insights-enabled to enable and --no-insights-config-query-insights-enabled to disable. --insights-config-query-plans-per-minute=INSIGHTS_CONFIG_QUERY_PLANS_PER_MINUTE Number of query plans to sample every minute. Default value is 5. Allowed range: 0 to 20. --insights-config-query-string-length=INSIGHTS_CONFIG_QUERY_STRING_LENGTH Query string length in bytes to be stored by the query insights feature. Default length is 1024 bytes. Allowed range: 256 to 4500 bytes. --[no-]insights-config-record-application-tags Allow application tags to be recorded by the query insights feature. Use --insights-config-record-application-tags to enable and --no-insights-config-record-application-tags to disable. --[no-]insights-config-record-client-address Allow the client address to be recorded by the query insights feature. Use --insights-config-record-client-address to enable and --no-insights-config-record-client-address to disable. --maintenance-release-channel=MAINTENANCE_RELEASE_CHANNEL Which channel's updates to apply during the maintenance window. If not specified, Cloud SQL chooses the timing of updates to your instance. MAINTENANCE_RELEASE_CHANNEL must be one of: preview Preview updates release prior to production updates. You may wish to use the preview channel for dev/test applications so that you can preview their compatibility with your application prior to the production release. production Production updates are stable and recommended for applications in production. week5 week5 updates release after the production updates. Use the week5 channel to receive a 5 week advance notification about the upcoming maintenance, so you can prepare your application for the release. --maintenance-version=MAINTENANCE_VERSION The desired maintenance version of the instance. --maintenance-window-any Removes the user-specified maintenance window. --maintenance-window-day=MAINTENANCE_WINDOW_DAY Day of week for maintenance window, in UTC time zone. MAINTENANCE_WINDOW_DAY must be one of: SUN, MON, TUE, WED, THU, FRI, SAT. --maintenance-window-hour=MAINTENANCE_WINDOW_HOUR Hour of day for maintenance window, in UTC time zone. --memory=MEMORY Whole number value indicating how much memory is desired in the machine. A size unit should be provided (eg. 3072MiB or 9GiB) - if no units are specified, GiB is assumed. Both --cpu and --memory must be specified if a custom machine type is desired, and the --tier flag must be omitted. --network=NETWORK Network in the current project that the instance will be part of. To specify using a network with a shared VPC, use the full URL of the network. For an example host project, 'testproject', and shared network, 'testsharednetwork', this would use the form: --network=projects/testproject/global/networks/testsharednetwork --password-policy-complexity=PASSWORD_POLICY_COMPLEXITY The complexity of the password. This flag is available only for PostgreSQL. PASSWORD_POLICY_COMPLEXITY must be one of: COMPLEXITY_DEFAULT A combination of lowercase, uppercase, numeric, and non-alphanumeric characters. COMPLEXITY_UNSPECIFIED The default value if COMPLEXITY_DEFAULT is not specified. It implies that complexity check is not enabled. --[no-]password-policy-disallow-username-substring Disallow username as a part of the password. Use --password-policy-disallow-username-substring to enable and --no-password-policy-disallow-username-substring to disable. --password-policy-min-length=PASSWORD_POLICY_MIN_LENGTH Minimum number of characters allowed in the password. --password-policy-password-change-interval=PASSWORD_POLICY_PASSWORD_CHANGE_INTERVAL Minimum interval after which the password can be changed, for example, 2m for 2 minutes. See $ gcloud topic datetimes for information on duration formats. This flag is available only for PostgreSQL. --password-policy-reuse-interval=PASSWORD_POLICY_REUSE_INTERVAL Number of previous passwords that cannot be reused. The valid range is 0 to 100. --pricing-plan=PRICING_PLAN, -p PRICING_PLAN First Generation instances only. The pricing plan for this instance. PRICING_PLAN must be one of: PER_USE, PACKAGE. --[no-]recreate-replicas-on-primary-crash Allow/Disallow replica recreation when a primary MySQL instance operating in reduced durability mode crashes. Not recreating the replicas might lead to data inconsistencies between the primary and its replicas. This setting is only applicable for MySQL instances and is enabled by default. Use --recreate-replicas-on-primary-crash to enable and --no-recreate-replicas-on-primary-crash to disable. --remove-deny-maintenance-period Removes the user-specified deny maintenance period. --replication=REPLICATION Type of replication this instance uses. The default is synchronous. REPLICATION must be one of: synchronous, asynchronous. --[no-]require-ssl mysqld should default to 'REQUIRE X509' for users connecting over IP. Use --require-ssl to enable and --no-require-ssl to disable. --simulate-maintenance-event Simulate a maintenance event without changing the version. Only applicable to instances that support near-zero downtime planned maintenance. --ssl-mode=SSL_MODE Set the SSL mode of the instance. SSL_MODE must be one of: ALLOW_UNENCRYPTED_AND_ENCRYPTED Allow non-SSL and SSL connections. For SSL connections, client certificate will not be verified. ENCRYPTED_ONLY Only allow connections encrypted with SSL/TLS. TRUSTED_CLIENT_CERTIFICATE_REQUIRED Only allow connections encrypted with SSL/TLS and with valid client certificates. --[no-]storage-auto-increase Storage size can be increased, but it cannot be decreased; storage increases are permanent for the life of the instance. With this setting enabled, a spike in storage requirements can result in permanently increased storage costs for your instance. However, if an instance runs out of available space, it can result in the instance going offline, dropping existing connections. This setting is enabled by default. Use --storage-auto-increase to enable and --no-storage-auto-increase to disable. --storage-size=STORAGE_SIZE Amount of storage allocated to the instance. Must be an integer number of GB. The default is 10GB. Information on storage limits can be found here: https://cloud.google.com/sql/docs/quotas#storage_limits --threads-per-core=THREADS_PER_CORE The number of threads per core. The value of this flag can be 1 or 2. To disable SMT, set this flag to 1. Only available in Cloud SQL for SQL Server instances. --tier=TIER, -t TIER Machine type for a shared-core instance e.g. db-g1-small. For all other instances, instead of using tiers, customize your instance by specifying its CPU and memory. You can do so with the --cpu and --memory flags. Learn more about how CPU and memory affects pricing: https://cloud.google.com/sql/pricing. WARNING: Instance will be restarted. --upgrade-sql-network-architecture Upgrade from old network architecture to new network architecture. The new network architecture offers better isolation, reliability, and faster new feature adoption. At most one of these can be specified: --allowed-psc-projects=PROJECT,[PROJECT,...] A comma-separated list of projects. Each project in this list might be represented by a project number (numeric) or by a project ID (alphanumeric). This allows Private Service Connect connections to be established from specified consumer projects. --clear-allowed-psc-projects This will clear the project allowlist of Private Service Connect, disallowing all projects from creating new Private Service Connect bindings to the instance. At most one of these can be specified: --authorized-gae-apps=APP,[APP,...] First Generation instances only. List of project IDs for App Engine applications running in the Standard environment that can access this instance. The value given for this argument replaces the existing list. --clear-gae-apps Specified to clear the list of App Engine apps that can access this instance. At most one of these can be specified: --authorized-networks=NETWORK,[NETWORK,...] The list of external networks that are allowed to connect to the instance. Specified in CIDR notation, also known as 'slash' notation (e.g. 192.168.100.0/24). The value given for this argument replaces the existing list. --clear-authorized-networks Clear the list of external networks that are allowed to connect to the instance. At most one of these can be specified: --clear-database-flags Clear the database flags set on the instance. WARNING: Instance will be restarted. --database-flags=FLAG=VALUE,[FLAG=VALUE,...] Comma-separated list of database flags to set on the instance. Use an equals sign to separate flag name and value. Flags without values, like skip_grant_tables, can be written out without a value after, e.g., skip_grant_tables=. Use on/off for booleans. View the Instance Resource API for allowed flags. (e.g., --database-flags max_allowed_packet=55555,skip_grant_tables=,log_output=1) At most one of these can be specified: --gce-zone=GCE_ZONE (DEPRECATED) Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.). WARNING: Instance may be restarted. Flag --gce-zone is deprecated and will be removed by release 255.0.0. Use --zone instead. --secondary-zone=SECONDARY_ZONE Preferred secondary Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.). --zone=ZONE Preferred Compute Engine zone (e.g. us-central1-a, us-central1-b, etc.). WARNING: Instance may be restarted. At most one of these can be specified: --no-backup Specified if daily backup should be disabled. --backup-location=BACKUP_LOCATION Choose where to store your backups. Backups are stored in the closest multi-region location to you by default. Only customize if needed. Specify empty string to revert to default. --backup-start-time=BACKUP_START_TIME Start time of daily backups, specified in the HH:MM format, in the UTC timezone. --retained-backups-count=RETAINED_BACKUPS_COUNT How many backups to keep. The valid range is between 1 and 365. Default value is 7 for Enterprise edition instances. For Enterprise_Plus, default value is 15. Applicable only if --no-backups is not specified. --retained-transaction-log-days=RETAINED_TRANSACTION_LOG_DAYS How many days of transaction logs to keep. The valid range is between 1 and 35. Only use this option when point-in-time recovery is enabled. If logs are stored on disk, storage size for transaction logs could increase when the number of days for log retention increases. For Enterprise, default and max retention values are 7 and 7 respectively. For Enterprise_Plus, default and max retention values are 14 and 35. GCLOUD WIDE FLAGS These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details. NOTES These variants are also available: $ gcloud alpha sql instances patch $ gcloud beta sql instances patch