I’m trying to set up a connection between my MySQL database and Google Sheets using Google Apps Script. The problem is that my database server has a firewall configured with IP whitelisting for security reasons. Only specific IP addresses are allowed to connect to the database.
I need to know what IP addresses Google Apps Script uses when making external connections so I can add them to my firewall’s whitelist. Does Google Apps Script use a fixed set of IP addresses, or do they change frequently?
If there isn’t a reliable list of static IPs for Apps Script, what other approaches could I use to make this connection work while keeping my database secure? I’m looking for practical solutions that don’t require completely removing the firewall protection.
Google Apps Script uses dynamic IPs that Google won’t share for whitelisting - ran into this same issue last year. I switched to Google Cloud SQL instead of direct MySQL access. Cloud SQL works seamlessly with Apps Script, no IP restrictions, and you get enterprise security through IAM. Migration was easy - just exported my MySQL data and imported it into Cloud SQL. You could also set up a cloud function as a middleman to handle database connections, but that’s more work than the Cloud SQL approach. Performance has been solid and security’s actually better than the old IP-based setup.
Google Apps Script doesn’t provide a static list of IPs for whitelisting, as their IP addresses frequently change due to infrastructure management. I faced a similar situation when I needed to connect to a MySQL server about six months ago. A practical solution I found was to create an API endpoint on a server with a static IP. The Apps Script then communicates with this API, which in turn connects to the MySQL database. This method adds an extra layer but maintains security. If you’re considering alternatives, the Google Cloud SQL proxy might be a viable option if you’re willing to move your database. Some users also explore VPNs, but those can complicate the setup. Overall, the API middleware strategy worked effectively for us without requiring significant changes to our infrastructure.
Had this same problem a few months ago. Switched to OAuth tokens with MySQL instead of IP whitelisting - much more secure too. Set up OAuth2 authentication on your database server and let Apps Script authenticate with service account credentials. No more worrying about IP changes, plus it’s actually safer than static IP lists.