This error occurs when Terraform fails to create a GCP Cloud SQL instance due to state conflicts, permission issues, or timeout problems. The operation failed because another operation was in progress, the instance name was recently deleted, or required APIs were not enabled.
The OperationError in Cloud SQL indicates that the instance creation operation could not proceed due to one of several state or configuration issues. GCP Cloud SQL prevents concurrent operations on the same instance, meaning if another operation (creation, deletion, or modification) is already in progress, new operations will fail. Additionally, instance names cannot be reused for approximately one week after deletion, and certain required APIs must be enabled in your GCP project before Terraform can interact with Cloud SQL.
Check if an instance with the same name was recently deleted. Instance names cannot be reused for approximately one week after deletion. If you recently deleted an instance, either wait a week or use a different name:
resource "google_sql_database_instance" "example" {
name = "my-new-instance-name-${formatdate("YYYYMMDDhhmmss", timestamp())}"
database_version = "POSTGRES_15"
region = "us-central1"
}Ensure the following APIs are enabled in your GCP project:
- Cloud SQL Admin API
- Compute Engine API
- Cloud Resource Manager API
- Service Networking API (if using private IP)
Enable via gcloud:
gcloud services enable sqladmin.googleapis.com
gcloud services enable compute.googleapis.com
gcloud services enable cloudresourcemanager.googleapis.com
gcloud services enable servicenetworking.googleapis.comEnsure your service account has the required roles to create and manage Cloud SQL instances. The minimum required role is roles/cloudsql.admin. If using private IP or VPC networking, additional roles may be needed:
gcloud projects add-iam-policy-binding PROJECT_ID \
--member="serviceAccount:SERVICE_ACCOUNT_EMAIL" \
--role="roles/cloudsql.admin"
gcloud projects add-iam-policy-binding PROJECT_ID \
--member="serviceAccount:SERVICE_ACCOUNT_EMAIL" \
--role="roles/compute.networkAdmin"When creating multiple Cloud SQL instances or related resources, force serialization to prevent concurrent operation conflicts. Use depends_on to ensure resources are created sequentially:
resource "google_sql_database_instance" "instance1" {
name = "instance-1"
# ... configuration
}
resource "google_sql_database_instance" "instance2" {
name = "instance-2"
# ... configuration
depends_on = [google_sql_database_instance.instance1]
}
resource "google_sql_database" "example" {
name = "example_db"
instance = google_sql_database_instance.instance1.name
depends_on = [google_sql_database_instance.instance1]
}Alternatively, use parallelism flag:
terraform apply -parallelism=1Cloud SQL instance creation can take 10+ minutes. Increase the timeout to prevent premature failure:
resource "google_sql_database_instance" "example" {
name = "my-instance"
database_version = "POSTGRES_15"
region = "us-central1"
settings {
tier = "db-f1-micro"
}
timeouts {
create = "20m"
delete = "20m"
update = "20m"
}
}If the issue persists, enable detailed logging to identify the exact failure point:
export TF_LOG=DEBUG
terraform apply 2>&1 | tee terraform.log
# Check logs for specific error details
grep -i "operation\|error\|409\|conflict" terraform.logReview the full error message in the logs to identify whether the issue is permissions-related, state-related, or a service outage.
When using Cloud SQL with private IP addresses, you must first establish a Service Networking connection before Terraform can create instances. This requires enabling the Service Networking API and creating a private service connection. The error "Failed to create subnetwork" when using private IPs indicates this connection is missing. Also note that instance names follow global uniqueness rules within a GCP project, and deletion is not immediateโdeleted instance names are reserved for approximately one week. Some users have reported needing the roles/compute.networkAdmin role in addition to roles/cloudsql.admin when using VPC networking. Finally, 409 Conflict errors typically indicate state misalignment; if this occurs, check the GCP Console to see the actual state of instances and clean up any orphaned resources before retrying Terraform operations.
Error: Error installing helm release: cannot re-use a name that is still in use
How to fix "release name in use" error in Terraform with Helm
Error: Error creating GKE Cluster: BadRequest
BadRequest error creating GKE cluster in Terraform
Error: External program failed to produce valid JSON
External program failed to produce valid JSON
Error: Unsupported argument in child module call
How to fix "Unsupported argument in child module call" in Terraform
Error: network is unreachable
How to fix "network is unreachable" in Terraform