Getting notAuthorized error with cloud_sql_proxy locally

In my case the problem was that the service account didn't have the correct role. You should at least set it to Editor.

TL;DR: If your error log contains Error during createEphemeral.., please read on.

Solution that works for me is from Github Cloud-SQL-Proxy Issue Tracker.

It seems that you may have encountered a bug in backend that is triggered when there is an old service account with the same name. Follow the steps below to solve your issue:

1. Go to the Cloud Project IAM page (Left Menu > IAM & Admin > IAM)
2. Look for the row with the robot account that is having the issue.
3. It should say "Cloud SQL Client" on the role column.
4. Click on it to open the dropdown
5. Click on the 'Cloud SQL Client' role that is checked to uncheck it.
6. Click the blue save button above.
7. Verify that the service account is removed from the IAM page.
8. Click the Add button above in the same page.
9. Enter the service account email address and select the Cloud SQL Client role
10. Click Add
11. The service account should appear again in the the list.

Credits to Chees, but points are mine :P. Hope it solves your issue.