Monitor Cloud SQL for PostgreSQL using the Database Insights MCP server

The Database Insights remote MCP server lets you monitor Cloud SQL for PostgreSQL clusters and instances from your AI-enabled development environments and AI agent platforms by fetching query and system metrics.

This document describes how to use the Database Insights remote Model Context Protocol (MCP) server to monitor Cloud SQL for PostgreSQL from AI applications such as Gemini CLI, agent mode in Gemini Code Assist, Claude Code, or in AI applications that you're developing.

Model Context Protocol (MCP) standardizes how large language models (LLMs) and AI applications or agents connect to external data sources. MCP servers let you use their tools, resources, and prompts to take actions and get updated data from their backend service.

What's the difference between local and remote MCP servers?

Local MCP servers

Typically run on your local machine and use the standard input and output streams (stdio) for communication between services on the same device.

Remote MCP servers

Run on the service's infrastructure and offer an HTTP endpoint to AI applications for communication between the AI MCP client and the MCP server. For more information about MCP architecture, see MCP architecture .

Google and Google Cloud remote MCP servers

Google and Google Cloud remote MCP servers have the following features and benefits:

• Simplified, centralized discovery.
• Managed global or regional HTTP endpoints.
• Fine-grained authorization.
• Optional prompt and response security with Model Armor protection.
• Centralized audit logging.

For information about other MCP servers and information about security and governance controls available for Google Cloud MCP servers, see Google Cloud MCP servers overview .

Before you begin

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Roles required to select or create a project

• Select a project : Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
• Create a project : To create a project, you need the Project Creator role ( roles/resourcemanager.projectCreator ), which contains the resourcemanager.projects.create permission. Learn how to grant roles .

Go to project selector

If you're using an existing project for this guide, verify that you have the permissions required to complete this guide . If you created a new project, then you already have the required permissions.

Enable the Cloud SQL, Database Insights APIs.

Roles required to enable APIs

To enable APIs, you need the Service Usage Admin IAM role ( roles/serviceusage.serviceUsageAdmin ), which contains the serviceusage.services.enable permission. Learn how to grant roles .

Enable the APIs

Install the gcloud CLI .

If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity .

To initialize the gcloud CLI, run the following command:

gcloud  
init

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Roles required to select or create a project

• Select a project : Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
• Create a project : To create a project, you need the Project Creator role ( roles/resourcemanager.projectCreator ), which contains the resourcemanager.projects.create permission. Learn how to grant roles .

Go to project selector

If you're using an existing project for this guide, verify that you have the permissions required to complete this guide . If you created a new project, then you already have the required permissions.

Enable the Cloud SQL, Database Insights APIs.

Roles required to enable APIs

To enable APIs, you need the Service Usage Admin IAM role ( roles/serviceusage.serviceUsageAdmin ), which contains the serviceusage.services.enable permission. Learn how to grant roles .

Enable the APIs

Install the gcloud CLI .

If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity .

To initialize the gcloud CLI, run the following command:

gcloud  
init

Required roles

To get the permissions that you need to use the Database Insights MCP server, ask your administrator to grant you the following IAM roles on the project where you want to use the Database Insights MCP server:

• Make MCP tool calls: MCP Tool User ( roles/mcp.toolUser )
• View Cloud Monitoring data: Monitoring Viewer ( roles/monitoring.viewer )
• View Database Insights data: Database Insights Viewer ( roles/databaseinsights.viewer )

For more information about granting roles, see Manage access to projects, folders, and organizations .

These predefined roles contain the permissions required to use the Database Insights MCP server. To see the exact permissions that are required, expand the Required permissionssection:

You might also be able to get these permissions with custom roles or other predefined roles .

Authentication and authorization

The Cloud SQL for PostgreSQL remote MCP server uses the OAuth 2.0 protocol with Identity and Access Management (IAM) for authentication and authorization. All Google Cloud identities are supported for authentication to MCP servers.

The Database Insights remote MCP server doesn't accept API keys.

We recommend that you create a separate identity for agents that are using MCP tools so that access to resources can be controlled and monitored. For more information about authentication, see Authenticate to MCP servers .

Database Insights MCP OAuth scopes

Database Insights has the following MCP tool OAuth scopes:

Additional scopes might be required on the resources accessed during a tool call.

Configure an MCP client to use the Database Insights MCP server

AI applications and agents, such as Claude or Gemini CLI, can instantiate an MCP client that connects to a single MCP server. An AI application can have multiple clients that connect to different MCP servers. To connect to a remote MCP server, the MCP client must know the remote MCP server's URL.

In your AI application, look for a way to connect to a remote MCP server. You are prompted to enter details about the server, such as its name and URL.

For the Database Insights MCP server, enter the following as required:

• Server name: Database Insights MCP server
• Server URLor Endpoint: https://databaseinsights.googleapis.com/mcp
• Transport: HTTP
• Authentication details: Depending on how you want to authenticate, you can enter your Google Cloud credentials, your OAuth Client ID and secret, or an agent identity and credentials. For more information about authentication, see Authenticate to MCP servers .
• OAuth scope: the OAuth 2.0 scope that you want to use when connecting to the Database Insights MCP server.

For host-specific guidance about setting up and connecting to MCP server, see the following:

• Claude.ai
• Gemini CLI

For more general guidance, see the following resources:

• Connect to remote MCP servers .
• Configure MCP in an AI application .

Available tools

To view details of available MCP tools and their descriptions for the Database Insights MCP server, see the Database Insights MCP reference .

List tools

Use the MCP inspector to list tools, or send a tools/list HTTP request directly to the Database Insights remote MCP server. The tools/list method doesn't require authentication.

 POST /mcp HTTP/1.1
Host: databaseinsights.googleapis.com
Content-Type: application/json

{
  "jsonrpc": "2.0",
  "method": "tools/list",
} 

Sample use cases

The following are sample use cases for monitoring Cloud SQL for PostgreSQL using the Database Insights MCP server.

Monitor query performance

You can use the Database Insights MCP server to identify slow queries and understand database workload patterns.

Sample prompt:

"Find the top 5 queries with the highest execution time on my Cloud SQL for PostgreSQL instance in project PROJECT_ID over the last hour."

Workflow:The workflow for monitoring query performance includes the following steps:

• Data fetching: The agent calls the get_query_metrics tool with a PromQL query configured to fetch cloudsql.googleapis.com/database/postgresql/insights/aggregate/execution_time .

• Analysis: The agent processes the returned time-series data to identify the queries with the highest accumulated execution time.

• Reporting: The agent lists the query hashes and their respective execution times, helping you identify potential bottlenecks.

System health check

You can monitor the resource utilization of your Cloud SQL for PostgreSQL instances to ensure they are sized correctly and performing optimally.

Sample prompt:

"What has been the average CPU utilization and available memory for my Cloud SQL for PostgreSQL instance INSTANCE_ID over the past 24 hours?"

Workflow: The workflow for a system health check includes the following steps:

• Metric retrieval: The agent uses the get_system_metrics tool to fetch cloudsql.googleapis.com/database/cpu/utilization for the specified instance.

• Summarization: The agent aggregates the data over the 24-hour period.

• Reporting: The agent provides a summary of the CPU and memory trends, alerting you if utilization peaked near the limits.

Optional security and safety configurations

MCP introduces new security risks and considerations due to the wide variety of actions that you can do with the MCP tools. To minimize and manage these risks, Google Cloud offers default settings and customizable policies to control the use of MCP tools in your Google Cloud organization or project.

For more information about MCP security and governance, see AI security and safety .

Use Model Armor

Model Armor is a Google Cloud service designed to enhance the security and safety of your AI applications. It works by proactively screening LLM prompts and responses, protecting against various risks and supporting responsible AI practices. Whether you are deploying AI in your cloud environment, or on external cloud providers, Model Armor can help you prevent malicious input, verify content safety, protect sensitive data, maintain compliance, and enforce your AI safety and security policies consistently across your diverse AI landscape.

When Model Armor is enabled with logging enabled , Model Armor logs the entire payload. This might expose sensitive information in your logs.

Enable Model Armor

You must enable Model Armor APIs before you can use Model Armor.

Configure protection for Google and Google Cloud remote MCP servers

To help protect your MCP tool calls and responses you can use Model Armor floor settings. A floor setting defines the minimum security filters that apply across the project. This configuration applies a consistent set of filters to all MCP tool calls and responses within the project.

Set up a Model Armor floor setting with MCP sanitization enabled. For more information, see Configure Model Armor floor settings .

See the following example command:

gcloud  
model-armor  
floorsettings  
update  
 \ 
--full-uri = 
 'projects/ PROJECT_ID 
/locations/global/floorSetting' 
  
 \ 
--enable-floor-setting-enforcement = 
TRUE  
 \ 
--add-integrated-services = 
GOOGLE_MCP_SERVER  
 \ 
--google-mcp-server-enforcement-type = 
INSPECT_AND_BLOCK  
 \ 
--enable-google-mcp-server-cloud-logging  
 \ 
--malicious-uri-filter-settings-enforcement = 
ENABLED  
 \ 
--add-rai-settings-filters = 
 '[{"confidenceLevel": "MEDIUM_AND_ABOVE", "filterType": "DANGEROUS"}]' 

Replace PROJECT_ID with your Google Cloud project ID.

Note the following settings:

• INSPECT_AND_BLOCK : The enforcement type that inspects content for the Google MCP server and blocks prompts and responses that match the filters.
• ENABLED : The setting that enables a filter or enforcement.
• MEDIUM_AND_ABOVE : The confidence level for the Responsible AI - Dangerous filter settings. You can modify this setting, though lower values might result in more false positives. For more information, see Model Armor confidence levels .

Disable scanning MCP traffic with Model Armor

To stop Model Armor from automatically scanning traffic to and from Google MCP servers based on the project's floor settings, run the following command:

 gcloud  
model-armor  
floorsettings  
update  
 \ 
  
--full-uri = 
 'projects/ PROJECT_ID 
/locations/global/floorSetting' 
  
 \ 
  
--remove-integrated-services = 
GOOGLE_MCP_SERVER 

Replace PROJECT_ID with the Google Cloud project ID. Model Armor doesn't automatically apply the rules defined in this project's floor settings to any Google MCP server traffic.

Model Armor floor settings and general configuration can impact more than just MCP. Because Model Armor integrates with services like Agent Platform, any changes you make to floor settings can affect traffic scanning and safety behaviors across all integrated services, not just MCP.

Control MCP use with IAM deny policies

Identity and Access Management (IAM) deny policies help you secure Google Cloud remote MCP servers. Configure these policies to block unwanted MCP tool access.

For example, you can deny or allow access based on:

• The principal
• Tool properties like read-only
• The application's OAuth client ID

For more information, see Control MCP use with Identity and Access Management .

What's next

• Read the Database Insights MCP reference documentation .
• Learn more about Google Cloud MCP servers .