Clarify the public ip / cidr

examples/cloud-sql-mysql/main.tf

@@ -41,11 +41,11 @@ module "mysql" {
   master_user_name = "${var.master_user_name}"
   master_user_host = "%"
 
-  enable_public_internet_access = "${var.enable_public_internet_access}"
+  # To make it easier to test this example, we are giving the servers public IP addresses and allowing inbound
+  # connections from anywhere. In real-world usage, your servers should live in private subnets, only have private IP
+  # addresses, and only allow access from specific trusted networks, servers or applications in your VPC.
+  enable_public_internet_access = true
 
-  # Never do this in production!
-  # We're setting permissive network rules to make
-  # it easier to test the instance
   authorized_networks = [
     {
       name  = "allow-all-inbound"

examples/cloud-sql-mysql/variables.tf

@@ -28,12 +28,6 @@ variable "master_user_password" {
 # OPTIONAL PARAMETERS
 # Generally, these values won't need to be changed.
 # ---------------------------------------------------------------------------------------------------------------------
-# In nearly all cases, databases should NOT be publicly accessible, however if you're migrating from a PAAS provider like Heroku to GCP, this needs to remain open to the internet.
-variable "enable_public_internet_access" {
-  description = "WARNING: - In nearly all cases a database should NOT be publicly accessible. Only set this to true if you want the database open to the internet"
-  default     = true
-}
-
 variable "mysql_version" {
   description = "The engine version of the database, e.g. `MYSQL_5_6` or `MYSQL_5_7`. See https://cloud.google.com/sql/docs/features for supported versions."
   default     = "MYSQL_5_7"