diff --git a/terraform/basic_gke/main.tf b/terraform/basic_gke/main.tf
index b9cc263..0bb5b87 100644
--- a/terraform/basic_gke/main.tf
+++ b/terraform/basic_gke/main.tf
@@ -252,7 +252,12 @@ output "gke_connect_command" {
 #################### SQL ##################################
 
 module "cloudsql" {
-  source  = "../modules/cloudsql"
-  project = var.project
-  region  = var.region
+  source             = "../modules/cloudsql"
+  project            = var.project
+  region             = var.region
+  private_network_id = module.networking.private_network_id
+
+  depends_on = [
+    module.networking
+  ]
 }
diff --git a/terraform/modules/cloudsql/cloudsql.tf b/terraform/modules/cloudsql/cloudsql.tf
index 317d9f7..44b1d3f 100644
--- a/terraform/modules/cloudsql/cloudsql.tf
+++ b/terraform/modules/cloudsql/cloudsql.tf
@@ -20,6 +20,11 @@ variable "db_version" {
   default     = "POSTGRES_13"
 }
 
+variable "private_network_id" {
+  description = "Private network id."
+  type        = string
+}
+
 resource "google_sql_database_instance" "instance" {
   project = var.project
   region  = var.region
@@ -29,6 +34,11 @@ resource "google_sql_database_instance" "instance" {
 
   settings {
     tier = var.tier
+
+    ip_configuration {
+      ipv4_enabled    = false
+      private_network = var.private_network_id
+    }
   }
 
   deletion_protection = "true"
diff --git a/terraform/modules/networking/networking.tf b/terraform/modules/networking/networking.tf
index 0297682..4a7b757 100644
--- a/terraform/modules/networking/networking.tf
+++ b/terraform/modules/networking/networking.tf
@@ -3,8 +3,37 @@ variable "project" {
   type        = string
 }
 
+output "private_network_id" {
+  description = "Private network id."
+  value       = google_compute_network.private_network.id
+}
+
+resource "google_project_service" "servicenetworking" {
+  project                    = var.project
+  service                    = "servicenetworking.googleapis.com"
+  disable_dependent_services = true
+}
+
 resource "google_compute_network" "private_network" {
   project                 = var.project
   name                    = "private-network"
   auto_create_subnetworks = false
+  depends_on = [
+    google_project_service.servicenetworking
+  ]
+}
+
+resource "google_compute_global_address" "private_ip_address" {
+  project       = google_compute_network.private_network.project
+  name          = "private-ip-address"
+  purpose       = "VPC_PEERING"
+  address_type  = "INTERNAL"
+  prefix_length = 16
+  network       = google_compute_network.private_network.id
+}
+
+resource "google_service_networking_connection" "private_vpc_connection" {
+  network                 = google_compute_network.private_network.id
+  service                 = "servicenetworking.googleapis.com"
+  reserved_peering_ranges = [google_compute_global_address.private_ip_address.name]
 }