diff --git a/terraform/basic_gke/main.tf b/terraform/basic_gke/main.tf
index ffd0417..3606993 100644
--- a/terraform/basic_gke/main.tf
+++ b/terraform/basic_gke/main.tf
@@ -149,6 +149,11 @@ resource "local_file" "pgclient_key" {
   directory_permission = "0700"
 }
 
+output "cloudsql_connection_string" {
+  description = "Connection URL for main user in cloudsql."
+  value       = "postgresql://postgres@${module.cloudsql.instance.ip_address.0.ip_address}/postgres?ssl=true&sslmode=verify-ca&sslcert=${urlencode(abspath(local_file.pgclient_crt.filename))}&sslkey=${urlencode(abspath(local_file.pgclient_key.filename))}&sslrootcert=${urlencode(abspath(local_file.pgserver_crt.filename))}"
+}
+
 # Create a workload identity service account for IAM authentication to
 # cloudsql
 module "cloudsql_test_sa" {
diff --git a/terraform/modules/cloudsql/cloudsql.tf b/terraform/modules/cloudsql/cloudsql.tf
index 4059dc3..35d68c0 100644
--- a/terraform/modules/cloudsql/cloudsql.tf
+++ b/terraform/modules/cloudsql/cloudsql.tf
@@ -92,6 +92,7 @@ resource "google_sql_user" "postgres" {
 }
 
 resource "google_sql_ssl_cert" "client_cert" {
+  project     = var.project
   common_name = "client-name"
   instance    = google_sql_database_instance.instance.name
 }