1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. compute
  5. ForwardingRule
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

gcp.compute.ForwardingRule

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

    A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, portRange] tuple.

    To get more information about ForwardingRule, see:

    Example Usage

    Forwarding Rule Externallb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const hc = new gcp.compute.RegionHealthCheck("hc", {
        name: "check-website-backend",
        checkIntervalSec: 1,
        timeoutSec: 1,
        region: "us-central1",
        tcpHealthCheck: {
            port: 80,
        },
    });
    const backend = new gcp.compute.RegionBackendService("backend", {
        name: "website-backend",
        region: "us-central1",
        loadBalancingScheme: "EXTERNAL",
        healthChecks: hc.id,
    });
    // Forwarding rule for External Network Load Balancing using Backend Services
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        portRange: "80",
        backendService: backend.id,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    hc = gcp.compute.RegionHealthCheck("hc",
        name="check-website-backend",
        check_interval_sec=1,
        timeout_sec=1,
        region="us-central1",
        tcp_health_check={
            "port": 80,
        })
    backend = gcp.compute.RegionBackendService("backend",
        name="website-backend",
        region="us-central1",
        load_balancing_scheme="EXTERNAL",
        health_checks=hc.id)
    # Forwarding rule for External Network Load Balancing using Backend Services
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        port_range="80",
        backend_service=backend.id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		hc, err := compute.NewRegionHealthCheck(ctx, "hc", &compute.RegionHealthCheckArgs{
    			Name:             pulumi.String("check-website-backend"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			Region:           pulumi.String("us-central1"),
    			TcpHealthCheck: &compute.RegionHealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
    			Name:                pulumi.String("website-backend"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    			HealthChecks:        hc.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for External Network Load Balancing using Backend Services
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:           pulumi.String("website-forwarding-rule"),
    			Region:         pulumi.String("us-central1"),
    			PortRange:      pulumi.String("80"),
    			BackendService: backend.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var hc = new Gcp.Compute.RegionHealthCheck("hc", new()
        {
            Name = "check-website-backend",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            Region = "us-central1",
            TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var backend = new Gcp.Compute.RegionBackendService("backend", new()
        {
            Name = "website-backend",
            Region = "us-central1",
            LoadBalancingScheme = "EXTERNAL",
            HealthChecks = hc.Id,
        });
    
        // Forwarding rule for External Network Load Balancing using Backend Services
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            PortRange = "80",
            BackendService = backend.Id,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new RegionHealthCheck("hc", RegionHealthCheckArgs.builder()
                .name("check-website-backend")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .region("us-central1")
                .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()
                .name("website-backend")
                .region("us-central1")
                .loadBalancingScheme("EXTERNAL")
                .healthChecks(hc.id())
                .build());
    
            // Forwarding rule for External Network Load Balancing using Backend Services
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
                .name("website-forwarding-rule")
                .region("us-central1")
                .portRange(80)
                .backendService(backend.id())
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for External Network Load Balancing using Backend Services
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          portRange: 80
          backendService: ${backend.id}
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          name: website-backend
          region: us-central1
          loadBalancingScheme: EXTERNAL
          healthChecks: ${hc.id}
      hc:
        type: gcp:compute:RegionHealthCheck
        properties:
          name: check-website-backend
          checkIntervalSec: 1
          timeoutSec: 1
          region: us-central1
          tcpHealthCheck:
            port: '80'
    

    Forwarding Rule Global Internallb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const hc = new gcp.compute.HealthCheck("hc", {
        name: "check-website-backend",
        checkIntervalSec: 1,
        timeoutSec: 1,
        tcpHealthCheck: {
            port: 80,
        },
    });
    const backend = new gcp.compute.RegionBackendService("backend", {
        name: "website-backend",
        region: "us-central1",
        healthChecks: hc.id,
    });
    const defaultNetwork = new gcp.compute.Network("default", {
        name: "website-net",
        autoCreateSubnetworks: false,
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "website-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: defaultNetwork.id,
    });
    // Forwarding rule for Internal Load Balancing
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        loadBalancingScheme: "INTERNAL",
        backendService: backend.id,
        allPorts: true,
        allowGlobalAccess: true,
        network: defaultNetwork.name,
        subnetwork: defaultSubnetwork.name,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    hc = gcp.compute.HealthCheck("hc",
        name="check-website-backend",
        check_interval_sec=1,
        timeout_sec=1,
        tcp_health_check={
            "port": 80,
        })
    backend = gcp.compute.RegionBackendService("backend",
        name="website-backend",
        region="us-central1",
        health_checks=hc.id)
    default_network = gcp.compute.Network("default",
        name="website-net",
        auto_create_subnetworks=False)
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="website-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=default_network.id)
    # Forwarding rule for Internal Load Balancing
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        load_balancing_scheme="INTERNAL",
        backend_service=backend.id,
        all_ports=True,
        allow_global_access=True,
        network=default_network.name,
        subnetwork=default_subnetwork.name)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		hc, err := compute.NewHealthCheck(ctx, "hc", &compute.HealthCheckArgs{
    			Name:             pulumi.String("check-website-backend"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
    			Name:         pulumi.String("website-backend"),
    			Region:       pulumi.String("us-central1"),
    			HealthChecks: hc.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("website-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net"),
    			IpCidrRange: pulumi.String("10.0.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for Internal Load Balancing
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("website-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			BackendService:      backend.ID(),
    			AllPorts:            pulumi.Bool(true),
    			AllowGlobalAccess:   pulumi.Bool(true),
    			Network:             defaultNetwork.Name,
    			Subnetwork:          defaultSubnetwork.Name,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var hc = new Gcp.Compute.HealthCheck("hc", new()
        {
            Name = "check-website-backend",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var backend = new Gcp.Compute.RegionBackendService("backend", new()
        {
            Name = "website-backend",
            Region = "us-central1",
            HealthChecks = hc.Id,
        });
    
        var defaultNetwork = new Gcp.Compute.Network("default", new()
        {
            Name = "website-net",
            AutoCreateSubnetworks = false,
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "website-net",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            Network = defaultNetwork.Id,
        });
    
        // Forwarding rule for Internal Load Balancing
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            LoadBalancingScheme = "INTERNAL",
            BackendService = backend.Id,
            AllPorts = true,
            AllowGlobalAccess = true,
            Network = defaultNetwork.Name,
            Subnetwork = defaultSubnetwork.Name,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new HealthCheck("hc", HealthCheckArgs.builder()
                .name("check-website-backend")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()
                .name("website-backend")
                .region("us-central1")
                .healthChecks(hc.id())
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
                .name("website-net")
                .autoCreateSubnetworks(false)
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
                .name("website-net")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build());
    
            // Forwarding rule for Internal Load Balancing
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
                .name("website-forwarding-rule")
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(backend.id())
                .allPorts(true)
                .allowGlobalAccess(true)
                .network(defaultNetwork.name())
                .subnetwork(defaultSubnetwork.name())
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for Internal Load Balancing
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${backend.id}
          allPorts: true
          allowGlobalAccess: true
          network: ${defaultNetwork.name}
          subnetwork: ${defaultSubnetwork.name}
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          name: website-backend
          region: us-central1
          healthChecks: ${hc.id}
      hc:
        type: gcp:compute:HealthCheck
        properties:
          name: check-website-backend
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
      defaultNetwork:
        type: gcp:compute:Network
        name: default
        properties:
          name: website-net
          autoCreateSubnetworks: false
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: website-net
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${defaultNetwork.id}
    

    Forwarding Rule Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const defaultTargetPool = new gcp.compute.TargetPool("default", {name: "website-target-pool"});
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        target: defaultTargetPool.id,
        portRange: "80",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    default_target_pool = gcp.compute.TargetPool("default", name="website-target-pool")
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        target=default_target_pool.id,
        port_range="80")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		defaultTargetPool, err := compute.NewTargetPool(ctx, "default", &compute.TargetPoolArgs{
    			Name: pulumi.String("website-target-pool"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:      pulumi.String("website-forwarding-rule"),
    			Target:    defaultTargetPool.ID(),
    			PortRange: pulumi.String("80"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var defaultTargetPool = new Gcp.Compute.TargetPool("default", new()
        {
            Name = "website-target-pool",
        });
    
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Target = defaultTargetPool.Id,
            PortRange = "80",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.TargetPool;
    import com.pulumi.gcp.compute.TargetPoolArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var defaultTargetPool = new TargetPool("defaultTargetPool", TargetPoolArgs.builder()
                .name("website-target-pool")
                .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
                .name("website-forwarding-rule")
                .target(defaultTargetPool.id())
                .portRange("80")
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          target: ${defaultTargetPool.id}
          portRange: '80'
      defaultTargetPool:
        type: gcp:compute:TargetPool
        name: default
        properties:
          name: website-target-pool
    

    Forwarding Rule L3 Default

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const healthCheck = new gcp.compute.RegionHealthCheck("health_check", {
        name: "health-check",
        region: "us-central1",
        tcpHealthCheck: {
            port: 80,
        },
    });
    const service = new gcp.compute.RegionBackendService("service", {
        region: "us-central1",
        name: "service",
        healthChecks: healthCheck.id,
        protocol: "UNSPECIFIED",
        loadBalancingScheme: "EXTERNAL",
    });
    const fwdRule = new gcp.compute.ForwardingRule("fwd_rule", {
        name: "l3-forwarding-rule",
        backendService: service.id,
        ipProtocol: "L3_DEFAULT",
        allPorts: true,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    health_check = gcp.compute.RegionHealthCheck("health_check",
        name="health-check",
        region="us-central1",
        tcp_health_check={
            "port": 80,
        })
    service = gcp.compute.RegionBackendService("service",
        region="us-central1",
        name="service",
        health_checks=health_check.id,
        protocol="UNSPECIFIED",
        load_balancing_scheme="EXTERNAL")
    fwd_rule = gcp.compute.ForwardingRule("fwd_rule",
        name="l3-forwarding-rule",
        backend_service=service.id,
        ip_protocol="L3_DEFAULT",
        all_ports=True)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		healthCheck, err := compute.NewRegionHealthCheck(ctx, "health_check", &compute.RegionHealthCheckArgs{
    			Name:   pulumi.String("health-check"),
    			Region: pulumi.String("us-central1"),
    			TcpHealthCheck: &compute.RegionHealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		service, err := compute.NewRegionBackendService(ctx, "service", &compute.RegionBackendServiceArgs{
    			Region:              pulumi.String("us-central1"),
    			Name:                pulumi.String("service"),
    			HealthChecks:        healthCheck.ID(),
    			Protocol:            pulumi.String("UNSPECIFIED"),
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewForwardingRule(ctx, "fwd_rule", &compute.ForwardingRuleArgs{
    			Name:           pulumi.String("l3-forwarding-rule"),
    			BackendService: service.ID(),
    			IpProtocol:     pulumi.String("L3_DEFAULT"),
    			AllPorts:       pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var healthCheck = new Gcp.Compute.RegionHealthCheck("health_check", new()
        {
            Name = "health-check",
            Region = "us-central1",
            TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var service = new Gcp.Compute.RegionBackendService("service", new()
        {
            Region = "us-central1",
            Name = "service",
            HealthChecks = healthCheck.Id,
            Protocol = "UNSPECIFIED",
            LoadBalancingScheme = "EXTERNAL",
        });
    
        var fwdRule = new Gcp.Compute.ForwardingRule("fwd_rule", new()
        {
            Name = "l3-forwarding-rule",
            BackendService = service.Id,
            IpProtocol = "L3_DEFAULT",
            AllPorts = true,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var healthCheck = new RegionHealthCheck("healthCheck", RegionHealthCheckArgs.builder()
                .name("health-check")
                .region("us-central1")
                .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()
                    .port(80)
                    .build())
                .build());
    
            var service = new RegionBackendService("service", RegionBackendServiceArgs.builder()
                .region("us-central1")
                .name("service")
                .healthChecks(healthCheck.id())
                .protocol("UNSPECIFIED")
                .loadBalancingScheme("EXTERNAL")
                .build());
    
            var fwdRule = new ForwardingRule("fwdRule", ForwardingRuleArgs.builder()
                .name("l3-forwarding-rule")
                .backendService(service.id())
                .ipProtocol("L3_DEFAULT")
                .allPorts(true)
                .build());
    
        }
    }
    
    resources:
      fwdRule:
        type: gcp:compute:ForwardingRule
        name: fwd_rule
        properties:
          name: l3-forwarding-rule
          backendService: ${service.id}
          ipProtocol: L3_DEFAULT
          allPorts: true
      service:
        type: gcp:compute:RegionBackendService
        properties:
          region: us-central1
          name: service
          healthChecks: ${healthCheck.id}
          protocol: UNSPECIFIED
          loadBalancingScheme: EXTERNAL
      healthCheck:
        type: gcp:compute:RegionHealthCheck
        name: health_check
        properties:
          name: health-check
          region: us-central1
          tcpHealthCheck:
            port: 80
    

    Forwarding Rule Internallb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const hc = new gcp.compute.HealthCheck("hc", {
        name: "check-website-backend",
        checkIntervalSec: 1,
        timeoutSec: 1,
        tcpHealthCheck: {
            port: 80,
        },
    });
    const backend = new gcp.compute.RegionBackendService("backend", {
        name: "website-backend",
        region: "us-central1",
        healthChecks: hc.id,
    });
    const defaultNetwork = new gcp.compute.Network("default", {
        name: "website-net",
        autoCreateSubnetworks: false,
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "website-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: defaultNetwork.id,
    });
    // Forwarding rule for Internal Load Balancing
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        loadBalancingScheme: "INTERNAL",
        backendService: backend.id,
        allPorts: true,
        network: defaultNetwork.name,
        subnetwork: defaultSubnetwork.name,
        ipVersion: "IPV4",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    hc = gcp.compute.HealthCheck("hc",
        name="check-website-backend",
        check_interval_sec=1,
        timeout_sec=1,
        tcp_health_check={
            "port": 80,
        })
    backend = gcp.compute.RegionBackendService("backend",
        name="website-backend",
        region="us-central1",
        health_checks=hc.id)
    default_network = gcp.compute.Network("default",
        name="website-net",
        auto_create_subnetworks=False)
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="website-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=default_network.id)
    # Forwarding rule for Internal Load Balancing
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        load_balancing_scheme="INTERNAL",
        backend_service=backend.id,
        all_ports=True,
        network=default_network.name,
        subnetwork=default_subnetwork.name,
        ip_version="IPV4")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		hc, err := compute.NewHealthCheck(ctx, "hc", &compute.HealthCheckArgs{
    			Name:             pulumi.String("check-website-backend"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
    			Name:         pulumi.String("website-backend"),
    			Region:       pulumi.String("us-central1"),
    			HealthChecks: hc.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("website-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net"),
    			IpCidrRange: pulumi.String("10.0.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for Internal Load Balancing
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("website-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			BackendService:      backend.ID(),
    			AllPorts:            pulumi.Bool(true),
    			Network:             defaultNetwork.Name,
    			Subnetwork:          defaultSubnetwork.Name,
    			IpVersion:           pulumi.String("IPV4"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var hc = new Gcp.Compute.HealthCheck("hc", new()
        {
            Name = "check-website-backend",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var backend = new Gcp.Compute.RegionBackendService("backend", new()
        {
            Name = "website-backend",
            Region = "us-central1",
            HealthChecks = hc.Id,
        });
    
        var defaultNetwork = new Gcp.Compute.Network("default", new()
        {
            Name = "website-net",
            AutoCreateSubnetworks = false,
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "website-net",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            Network = defaultNetwork.Id,
        });
    
        // Forwarding rule for Internal Load Balancing
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            LoadBalancingScheme = "INTERNAL",
            BackendService = backend.Id,
            AllPorts = true,
            Network = defaultNetwork.Name,
            Subnetwork = defaultSubnetwork.Name,
            IpVersion = "IPV4",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new HealthCheck("hc", HealthCheckArgs.builder()
                .name("check-website-backend")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()
                .name("website-backend")
                .region("us-central1")
                .healthChecks(hc.id())
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
                .name("website-net")
                .autoCreateSubnetworks(false)
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
                .name("website-net")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build());
    
            // Forwarding rule for Internal Load Balancing
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
                .name("website-forwarding-rule")
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(backend.id())
                .allPorts(true)
                .network(defaultNetwork.name())
                .subnetwork(defaultSubnetwork.name())
                .ipVersion("IPV4")
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for Internal Load Balancing
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${backend.id}
          allPorts: true
          network: ${defaultNetwork.name}
          subnetwork: ${defaultSubnetwork.name}
          ipVersion: IPV4
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          name: website-backend
          region: us-central1
          healthChecks: ${hc.id}
      hc:
        type: gcp:compute:HealthCheck
        properties:
          name: check-website-backend
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
      defaultNetwork:
        type: gcp:compute:Network
        name: default
        properties:
          name: website-net
          autoCreateSubnetworks: false
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: website-net
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${defaultNetwork.id}
    

    Forwarding Rule Http Lb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const debianImage = gcp.compute.getImage({
        family: "debian-11",
        project: "debian-cloud",
    });
    const defaultNetwork = new gcp.compute.Network("default", {
        name: "website-net",
        autoCreateSubnetworks: false,
        routingMode: "REGIONAL",
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "website-net-default",
        ipCidrRange: "10.1.2.0/24",
        region: "us-central1",
        network: defaultNetwork.id,
    });
    const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
        name: "template-website-backend",
        machineType: "e2-medium",
        networkInterfaces: [{
            network: defaultNetwork.id,
            subnetwork: defaultSubnetwork.id,
        }],
        disks: [{
            sourceImage: debianImage.then(debianImage => debianImage.selfLink),
            autoDelete: true,
            boot: true,
        }],
        tags: [
            "allow-ssh",
            "load-balanced-backend",
        ],
    });
    const rigm = new gcp.compute.RegionInstanceGroupManager("rigm", {
        region: "us-central1",
        name: "website-rigm",
        versions: [{
            instanceTemplate: instanceTemplate.id,
            name: "primary",
        }],
        baseInstanceName: "internal-glb",
        targetSize: 1,
    });
    const fw1 = new gcp.compute.Firewall("fw1", {
        name: "website-fw-1",
        network: defaultNetwork.id,
        sourceRanges: ["10.1.2.0/24"],
        allows: [
            {
                protocol: "tcp",
            },
            {
                protocol: "udp",
            },
            {
                protocol: "icmp",
            },
        ],
        direction: "INGRESS",
    });
    const fw2 = new gcp.compute.Firewall("fw2", {
        name: "website-fw-2",
        network: defaultNetwork.id,
        sourceRanges: ["0.0.0.0/0"],
        allows: [{
            protocol: "tcp",
            ports: ["22"],
        }],
        targetTags: ["allow-ssh"],
        direction: "INGRESS",
    }, {
        dependsOn: [fw1],
    });
    const fw3 = new gcp.compute.Firewall("fw3", {
        name: "website-fw-3",
        network: defaultNetwork.id,
        sourceRanges: [
            "130.211.0.0/22",
            "35.191.0.0/16",
        ],
        allows: [{
            protocol: "tcp",
        }],
        targetTags: ["load-balanced-backend"],
        direction: "INGRESS",
    }, {
        dependsOn: [fw2],
    });
    const fw4 = new gcp.compute.Firewall("fw4", {
        name: "website-fw-4",
        network: defaultNetwork.id,
        sourceRanges: ["10.129.0.0/26"],
        targetTags: ["load-balanced-backend"],
        allows: [
            {
                protocol: "tcp",
                ports: ["80"],
            },
            {
                protocol: "tcp",
                ports: ["443"],
            },
            {
                protocol: "tcp",
                ports: ["8000"],
            },
        ],
        direction: "INGRESS",
    }, {
        dependsOn: [fw3],
    });
    const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
        region: "us-central1",
        name: "website-hc",
        httpHealthCheck: {
            portSpecification: "USE_SERVING_PORT",
        },
    }, {
        dependsOn: [fw4],
    });
    const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", {
        loadBalancingScheme: "INTERNAL_MANAGED",
        backends: [{
            group: rigm.instanceGroup,
            balancingMode: "UTILIZATION",
            capacityScaler: 1,
        }],
        region: "us-central1",
        name: "website-backend",
        protocol: "HTTP",
        timeoutSec: 10,
        healthChecks: defaultRegionHealthCheck.id,
    });
    const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", {
        region: "us-central1",
        name: "website-map",
        defaultService: defaultRegionBackendService.id,
    });
    const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", {
        region: "us-central1",
        name: "website-proxy",
        urlMap: defaultRegionUrlMap.id,
    });
    const proxy = new gcp.compute.Subnetwork("proxy", {
        name: "website-net-proxy",
        ipCidrRange: "10.129.0.0/26",
        region: "us-central1",
        network: defaultNetwork.id,
        purpose: "REGIONAL_MANAGED_PROXY",
        role: "ACTIVE",
    });
    // Forwarding rule for Internal Load Balancing
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        ipProtocol: "TCP",
        loadBalancingScheme: "INTERNAL_MANAGED",
        portRange: "80",
        target: defaultRegionTargetHttpProxy.id,
        network: defaultNetwork.id,
        subnetwork: defaultSubnetwork.id,
        networkTier: "PREMIUM",
    }, {
        dependsOn: [proxy],
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    debian_image = gcp.compute.get_image(family="debian-11",
        project="debian-cloud")
    default_network = gcp.compute.Network("default",
        name="website-net",
        auto_create_subnetworks=False,
        routing_mode="REGIONAL")
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="website-net-default",
        ip_cidr_range="10.1.2.0/24",
        region="us-central1",
        network=default_network.id)
    instance_template = gcp.compute.InstanceTemplate("instance_template",
        name="template-website-backend",
        machine_type="e2-medium",
        network_interfaces=[{
            "network": default_network.id,
            "subnetwork": default_subnetwork.id,
        }],
        disks=[{
            "source_image": debian_image.self_link,
            "auto_delete": True,
            "boot": True,
        }],
        tags=[
            "allow-ssh",
            "load-balanced-backend",
        ])
    rigm = gcp.compute.RegionInstanceGroupManager("rigm",
        region="us-central1",
        name="website-rigm",
        versions=[{
            "instance_template": instance_template.id,
            "name": "primary",
        }],
        base_instance_name="internal-glb",
        target_size=1)
    fw1 = gcp.compute.Firewall("fw1",
        name="website-fw-1",
        network=default_network.id,
        source_ranges=["10.1.2.0/24"],
        allows=[
            {
                "protocol": "tcp",
            },
            {
                "protocol": "udp",
            },
            {
                "protocol": "icmp",
            },
        ],
        direction="INGRESS")
    fw2 = gcp.compute.Firewall("fw2",
        name="website-fw-2",
        network=default_network.id,
        source_ranges=["0.0.0.0/0"],
        allows=[{
            "protocol": "tcp",
            "ports": ["22"],
        }],
        target_tags=["allow-ssh"],
        direction="INGRESS",
        opts = pulumi.ResourceOptions(depends_on=[fw1]))
    fw3 = gcp.compute.Firewall("fw3",
        name="website-fw-3",
        network=default_network.id,
        source_ranges=[
            "130.211.0.0/22",
            "35.191.0.0/16",
        ],
        allows=[{
            "protocol": "tcp",
        }],
        target_tags=["load-balanced-backend"],
        direction="INGRESS",
        opts = pulumi.ResourceOptions(depends_on=[fw2]))
    fw4 = gcp.compute.Firewall("fw4",
        name="website-fw-4",
        network=default_network.id,
        source_ranges=["10.129.0.0/26"],
        target_tags=["load-balanced-backend"],
        allows=[
            {
                "protocol": "tcp",
                "ports": ["80"],
            },
            {
                "protocol": "tcp",
                "ports": ["443"],
            },
            {
                "protocol": "tcp",
                "ports": ["8000"],
            },
        ],
        direction="INGRESS",
        opts = pulumi.ResourceOptions(depends_on=[fw3]))
    default_region_health_check = gcp.compute.RegionHealthCheck("default",
        region="us-central1",
        name="website-hc",
        http_health_check={
            "port_specification": "USE_SERVING_PORT",
        },
        opts = pulumi.ResourceOptions(depends_on=[fw4]))
    default_region_backend_service = gcp.compute.RegionBackendService("default",
        load_balancing_scheme="INTERNAL_MANAGED",
        backends=[{
            "group": rigm.instance_group,
            "balancing_mode": "UTILIZATION",
            "capacity_scaler": 1,
        }],
        region="us-central1",
        name="website-backend",
        protocol="HTTP",
        timeout_sec=10,
        health_checks=default_region_health_check.id)
    default_region_url_map = gcp.compute.RegionUrlMap("default",
        region="us-central1",
        name="website-map",
        default_service=default_region_backend_service.id)
    default_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy("default",
        region="us-central1",
        name="website-proxy",
        url_map=default_region_url_map.id)
    proxy = gcp.compute.Subnetwork("proxy",
        name="website-net-proxy",
        ip_cidr_range="10.129.0.0/26",
        region="us-central1",
        network=default_network.id,
        purpose="REGIONAL_MANAGED_PROXY",
        role="ACTIVE")
    # Forwarding rule for Internal Load Balancing
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        ip_protocol="TCP",
        load_balancing_scheme="INTERNAL_MANAGED",
        port_range="80",
        target=default_region_target_http_proxy.id,
        network=default_network.id,
        subnetwork=default_subnetwork.id,
        network_tier="PREMIUM",
        opts = pulumi.ResourceOptions(depends_on=[proxy]))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		debianImage, err := compute.LookupImage(ctx, &compute.LookupImageArgs{
    			Family:  pulumi.StringRef("debian-11"),
    			Project: pulumi.StringRef("debian-cloud"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("website-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    			RoutingMode:           pulumi.String("REGIONAL"),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net-default"),
    			IpCidrRange: pulumi.String("10.1.2.0/24"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
    			Name:        pulumi.String("template-website-backend"),
    			MachineType: pulumi.String("e2-medium"),
    			NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
    				&compute.InstanceTemplateNetworkInterfaceArgs{
    					Network:    defaultNetwork.ID(),
    					Subnetwork: defaultSubnetwork.ID(),
    				},
    			},
    			Disks: compute.InstanceTemplateDiskArray{
    				&compute.InstanceTemplateDiskArgs{
    					SourceImage: pulumi.String(debianImage.SelfLink),
    					AutoDelete:  pulumi.Bool(true),
    					Boot:        pulumi.Bool(true),
    				},
    			},
    			Tags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    				pulumi.String("load-balanced-backend"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		rigm, err := compute.NewRegionInstanceGroupManager(ctx, "rigm", &compute.RegionInstanceGroupManagerArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-rigm"),
    			Versions: compute.RegionInstanceGroupManagerVersionArray{
    				&compute.RegionInstanceGroupManagerVersionArgs{
    					InstanceTemplate: instanceTemplate.ID(),
    					Name:             pulumi.String("primary"),
    				},
    			},
    			BaseInstanceName: pulumi.String("internal-glb"),
    			TargetSize:       pulumi.Int(1),
    		})
    		if err != nil {
    			return err
    		}
    		fw1, err := compute.NewFirewall(ctx, "fw1", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-1"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.1.2.0/24"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("udp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("icmp"),
    				},
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		fw2, err := compute.NewFirewall(ctx, "fw2", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-2"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("0.0.0.0/0"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("22"),
    					},
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    			},
    			Direction: pulumi.String("INGRESS"),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			fw1,
    		}))
    		if err != nil {
    			return err
    		}
    		fw3, err := compute.NewFirewall(ctx, "fw3", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-3"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("130.211.0.0/22"),
    				pulumi.String("35.191.0.0/16"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("load-balanced-backend"),
    			},
    			Direction: pulumi.String("INGRESS"),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			fw2,
    		}))
    		if err != nil {
    			return err
    		}
    		fw4, err := compute.NewFirewall(ctx, "fw4", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-4"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.129.0.0/26"),
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("load-balanced-backend"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("80"),
    					},
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("443"),
    					},
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("8000"),
    					},
    				},
    			},
    			Direction: pulumi.String("INGRESS"),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			fw3,
    		}))
    		if err != nil {
    			return err
    		}
    		defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-hc"),
    			HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
    				PortSpecification: pulumi.String("USE_SERVING_PORT"),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			fw4,
    		}))
    		if err != nil {
    			return err
    		}
    		defaultRegionBackendService, err := compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
    			LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    			Backends: compute.RegionBackendServiceBackendArray{
    				&compute.RegionBackendServiceBackendArgs{
    					Group:          rigm.InstanceGroup,
    					BalancingMode:  pulumi.String("UTILIZATION"),
    					CapacityScaler: pulumi.Float64(1),
    				},
    			},
    			Region:       pulumi.String("us-central1"),
    			Name:         pulumi.String("website-backend"),
    			Protocol:     pulumi.String("HTTP"),
    			TimeoutSec:   pulumi.Int(10),
    			HealthChecks: defaultRegionHealthCheck.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{
    			Region:         pulumi.String("us-central1"),
    			Name:           pulumi.String("website-map"),
    			DefaultService: defaultRegionBackendService.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-proxy"),
    			UrlMap: defaultRegionUrlMap.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		proxy, err := compute.NewSubnetwork(ctx, "proxy", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net-proxy"),
    			IpCidrRange: pulumi.String("10.129.0.0/26"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    			Purpose:     pulumi.String("REGIONAL_MANAGED_PROXY"),
    			Role:        pulumi.String("ACTIVE"),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for Internal Load Balancing
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("website-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			IpProtocol:          pulumi.String("TCP"),
    			LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    			PortRange:           pulumi.String("80"),
    			Target:              defaultRegionTargetHttpProxy.ID(),
    			Network:             defaultNetwork.ID(),
    			Subnetwork:          defaultSubnetwork.ID(),
    			NetworkTier:         pulumi.String("PREMIUM"),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			proxy,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var debianImage = Gcp.Compute.GetImage.Invoke(new()
        {
            Family = "debian-11",
            Project = "debian-cloud",
        });
    
        var defaultNetwork = new Gcp.Compute.Network("default", new()
        {
            Name = "website-net",
            AutoCreateSubnetworks = false,
            RoutingMode = "REGIONAL",
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "website-net-default",
            IpCidrRange = "10.1.2.0/24",
            Region = "us-central1",
            Network = defaultNetwork.Id,
        });
    
        var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
        {
            Name = "template-website-backend",
            MachineType = "e2-medium",
            NetworkInterfaces = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
                {
                    Network = defaultNetwork.Id,
                    Subnetwork = defaultSubnetwork.Id,
                },
            },
            Disks = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
                {
                    SourceImage = debianImage.Apply(getImageResult => getImageResult.SelfLink),
                    AutoDelete = true,
                    Boot = true,
                },
            },
            Tags = new[]
            {
                "allow-ssh",
                "load-balanced-backend",
            },
        });
    
        var rigm = new Gcp.Compute.RegionInstanceGroupManager("rigm", new()
        {
            Region = "us-central1",
            Name = "website-rigm",
            Versions = new[]
            {
                new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs
                {
                    InstanceTemplate = instanceTemplate.Id,
                    Name = "primary",
                },
            },
            BaseInstanceName = "internal-glb",
            TargetSize = 1,
        });
    
        var fw1 = new Gcp.Compute.Firewall("fw1", new()
        {
            Name = "website-fw-1",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "10.1.2.0/24",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "udp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "icmp",
                },
            },
            Direction = "INGRESS",
        });
    
        var fw2 = new Gcp.Compute.Firewall("fw2", new()
        {
            Name = "website-fw-2",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "0.0.0.0/0",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "22",
                    },
                },
            },
            TargetTags = new[]
            {
                "allow-ssh",
            },
            Direction = "INGRESS",
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                fw1,
            },
        });
    
        var fw3 = new Gcp.Compute.Firewall("fw3", new()
        {
            Name = "website-fw-3",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "130.211.0.0/22",
                "35.191.0.0/16",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
            },
            TargetTags = new[]
            {
                "load-balanced-backend",
            },
            Direction = "INGRESS",
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                fw2,
            },
        });
    
        var fw4 = new Gcp.Compute.Firewall("fw4", new()
        {
            Name = "website-fw-4",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "10.129.0.0/26",
            },
            TargetTags = new[]
            {
                "load-balanced-backend",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "80",
                    },
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "443",
                    },
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "8000",
                    },
                },
            },
            Direction = "INGRESS",
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                fw3,
            },
        });
    
        var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
        {
            Region = "us-central1",
            Name = "website-hc",
            HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
            {
                PortSpecification = "USE_SERVING_PORT",
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                fw4,
            },
        });
    
        var defaultRegionBackendService = new Gcp.Compute.RegionBackendService("default", new()
        {
            LoadBalancingScheme = "INTERNAL_MANAGED",
            Backends = new[]
            {
                new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs
                {
                    Group = rigm.InstanceGroup,
                    BalancingMode = "UTILIZATION",
                    CapacityScaler = 1,
                },
            },
            Region = "us-central1",
            Name = "website-backend",
            Protocol = "HTTP",
            TimeoutSec = 10,
            HealthChecks = defaultRegionHealthCheck.Id,
        });
    
        var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new()
        {
            Region = "us-central1",
            Name = "website-map",
            DefaultService = defaultRegionBackendService.Id,
        });
    
        var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy("default", new()
        {
            Region = "us-central1",
            Name = "website-proxy",
            UrlMap = defaultRegionUrlMap.Id,
        });
    
        var proxy = new Gcp.Compute.Subnetwork("proxy", new()
        {
            Name = "website-net-proxy",
            IpCidrRange = "10.129.0.0/26",
            Region = "us-central1",
            Network = defaultNetwork.Id,
            Purpose = "REGIONAL_MANAGED_PROXY",
            Role = "ACTIVE",
        });
    
        // Forwarding rule for Internal Load Balancing
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            IpProtocol = "TCP",
            LoadBalancingScheme = "INTERNAL_MANAGED",
            PortRange = "80",
            Target = defaultRegionTargetHttpProxy.Id,
            Network = defaultNetwork.Id,
            Subnetwork = defaultSubnetwork.Id,
            NetworkTier = "PREMIUM",
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                proxy,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.ComputeFunctions;
    import com.pulumi.gcp.compute.inputs.GetImageArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.InstanceTemplate;
    import com.pulumi.gcp.compute.InstanceTemplateArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
    import com.pulumi.gcp.compute.RegionInstanceGroupManager;
    import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
    import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
    import com.pulumi.gcp.compute.Firewall;
    import com.pulumi.gcp.compute.FirewallArgs;
    import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
    import com.pulumi.gcp.compute.RegionUrlMap;
    import com.pulumi.gcp.compute.RegionUrlMapArgs;
    import com.pulumi.gcp.compute.RegionTargetHttpProxy;
    import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
                .family("debian-11")
                .project("debian-cloud")
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
                .name("website-net")
                .autoCreateSubnetworks(false)
                .routingMode("REGIONAL")
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
                .name("website-net-default")
                .ipCidrRange("10.1.2.0/24")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build());
    
            var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()
                .name("template-website-backend")
                .machineType("e2-medium")
                .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                    .network(defaultNetwork.id())
                    .subnetwork(defaultSubnetwork.id())
                    .build())
                .disks(InstanceTemplateDiskArgs.builder()
                    .sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
                    .autoDelete(true)
                    .boot(true)
                    .build())
                .tags(            
                    "allow-ssh",
                    "load-balanced-backend")
                .build());
    
            var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder()
                .region("us-central1")
                .name("website-rigm")
                .versions(RegionInstanceGroupManagerVersionArgs.builder()
                    .instanceTemplate(instanceTemplate.id())
                    .name("primary")
                    .build())
                .baseInstanceName("internal-glb")
                .targetSize(1)
                .build());
    
            var fw1 = new Firewall("fw1", FirewallArgs.builder()
                .name("website-fw-1")
                .network(defaultNetwork.id())
                .sourceRanges("10.1.2.0/24")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("udp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("icmp")
                        .build())
                .direction("INGRESS")
                .build());
    
            var fw2 = new Firewall("fw2", FirewallArgs.builder()
                .name("website-fw-2")
                .network(defaultNetwork.id())
                .sourceRanges("0.0.0.0/0")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("22")
                    .build())
                .targetTags("allow-ssh")
                .direction("INGRESS")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(fw1)
                    .build());
    
            var fw3 = new Firewall("fw3", FirewallArgs.builder()
                .name("website-fw-3")
                .network(defaultNetwork.id())
                .sourceRanges(            
                    "130.211.0.0/22",
                    "35.191.0.0/16")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build())
                .targetTags("load-balanced-backend")
                .direction("INGRESS")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(fw2)
                    .build());
    
            var fw4 = new Firewall("fw4", FirewallArgs.builder()
                .name("website-fw-4")
                .network(defaultNetwork.id())
                .sourceRanges("10.129.0.0/26")
                .targetTags("load-balanced-backend")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("80")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("443")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("8000")
                        .build())
                .direction("INGRESS")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(fw3)
                    .build());
    
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()
                .region("us-central1")
                .name("website-hc")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .portSpecification("USE_SERVING_PORT")
                    .build())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(fw4)
                    .build());
    
            var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()
                .loadBalancingScheme("INTERNAL_MANAGED")
                .backends(RegionBackendServiceBackendArgs.builder()
                    .group(rigm.instanceGroup())
                    .balancingMode("UTILIZATION")
                    .capacityScaler(1)
                    .build())
                .region("us-central1")
                .name("website-backend")
                .protocol("HTTP")
                .timeoutSec(10)
                .healthChecks(defaultRegionHealthCheck.id())
                .build());
    
            var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()
                .region("us-central1")
                .name("website-map")
                .defaultService(defaultRegionBackendService.id())
                .build());
    
            var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()
                .region("us-central1")
                .name("website-proxy")
                .urlMap(defaultRegionUrlMap.id())
                .build());
    
            var proxy = new Subnetwork("proxy", SubnetworkArgs.builder()
                .name("website-net-proxy")
                .ipCidrRange("10.129.0.0/26")
                .region("us-central1")
                .network(defaultNetwork.id())
                .purpose("REGIONAL_MANAGED_PROXY")
                .role("ACTIVE")
                .build());
    
            // Forwarding rule for Internal Load Balancing
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
                .name("website-forwarding-rule")
                .region("us-central1")
                .ipProtocol("TCP")
                .loadBalancingScheme("INTERNAL_MANAGED")
                .portRange("80")
                .target(defaultRegionTargetHttpProxy.id())
                .network(defaultNetwork.id())
                .subnetwork(defaultSubnetwork.id())
                .networkTier("PREMIUM")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(proxy)
                    .build());
    
        }
    }
    
    resources:
      # Forwarding rule for Internal Load Balancing
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          ipProtocol: TCP
          loadBalancingScheme: INTERNAL_MANAGED
          portRange: '80'
          target: ${defaultRegionTargetHttpProxy.id}
          network: ${defaultNetwork.id}
          subnetwork: ${defaultSubnetwork.id}
          networkTier: PREMIUM
        options:
          dependson:
            - ${proxy}
      defaultRegionTargetHttpProxy:
        type: gcp:compute:RegionTargetHttpProxy
        name: default
        properties:
          region: us-central1
          name: website-proxy
          urlMap: ${defaultRegionUrlMap.id}
      defaultRegionUrlMap:
        type: gcp:compute:RegionUrlMap
        name: default
        properties:
          region: us-central1
          name: website-map
          defaultService: ${defaultRegionBackendService.id}
      defaultRegionBackendService:
        type: gcp:compute:RegionBackendService
        name: default
        properties:
          loadBalancingScheme: INTERNAL_MANAGED
          backends:
            - group: ${rigm.instanceGroup}
              balancingMode: UTILIZATION
              capacityScaler: 1
          region: us-central1
          name: website-backend
          protocol: HTTP
          timeoutSec: 10
          healthChecks: ${defaultRegionHealthCheck.id}
      rigm:
        type: gcp:compute:RegionInstanceGroupManager
        properties:
          region: us-central1
          name: website-rigm
          versions:
            - instanceTemplate: ${instanceTemplate.id}
              name: primary
          baseInstanceName: internal-glb
          targetSize: 1
      instanceTemplate:
        type: gcp:compute:InstanceTemplate
        name: instance_template
        properties:
          name: template-website-backend
          machineType: e2-medium
          networkInterfaces:
            - network: ${defaultNetwork.id}
              subnetwork: ${defaultSubnetwork.id}
          disks:
            - sourceImage: ${debianImage.selfLink}
              autoDelete: true
              boot: true
          tags:
            - allow-ssh
            - load-balanced-backend
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        name: default
        properties:
          region: us-central1
          name: website-hc
          httpHealthCheck:
            portSpecification: USE_SERVING_PORT
        options:
          dependson:
            - ${fw4}
      fw1:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-1
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.1.2.0/24
          allows:
            - protocol: tcp
            - protocol: udp
            - protocol: icmp
          direction: INGRESS
      fw2:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-2
          network: ${defaultNetwork.id}
          sourceRanges:
            - 0.0.0.0/0
          allows:
            - protocol: tcp
              ports:
                - '22'
          targetTags:
            - allow-ssh
          direction: INGRESS
        options:
          dependson:
            - ${fw1}
      fw3:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-3
          network: ${defaultNetwork.id}
          sourceRanges:
            - 130.211.0.0/22
            - 35.191.0.0/16
          allows:
            - protocol: tcp
          targetTags:
            - load-balanced-backend
          direction: INGRESS
        options:
          dependson:
            - ${fw2}
      fw4:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-4
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.129.0.0/26
          targetTags:
            - load-balanced-backend
          allows:
            - protocol: tcp
              ports:
                - '80'
            - protocol: tcp
              ports:
                - '443'
            - protocol: tcp
              ports:
                - '8000'
          direction: INGRESS
        options:
          dependson:
            - ${fw3}
      defaultNetwork:
        type: gcp:compute:Network
        name: default
        properties:
          name: website-net
          autoCreateSubnetworks: false
          routingMode: REGIONAL
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: website-net-default
          ipCidrRange: 10.1.2.0/24
          region: us-central1
          network: ${defaultNetwork.id}
      proxy:
        type: gcp:compute:Subnetwork
        properties:
          name: website-net-proxy
          ipCidrRange: 10.129.0.0/26
          region: us-central1
          network: ${defaultNetwork.id}
          purpose: REGIONAL_MANAGED_PROXY
          role: ACTIVE
    variables:
      debianImage:
        fn::invoke:
          Function: gcp:compute:getImage
          Arguments:
            family: debian-11
            project: debian-cloud
    

    Forwarding Rule Regional Http Xlb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const debianImage = gcp.compute.getImage({
        family: "debian-11",
        project: "debian-cloud",
    });
    const defaultNetwork = new gcp.compute.Network("default", {
        name: "website-net",
        autoCreateSubnetworks: false,
        routingMode: "REGIONAL",
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "website-net-default",
        ipCidrRange: "10.1.2.0/24",
        region: "us-central1",
        network: defaultNetwork.id,
    });
    const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
        name: "template-website-backend",
        machineType: "e2-medium",
        networkInterfaces: [{
            network: defaultNetwork.id,
            subnetwork: defaultSubnetwork.id,
        }],
        disks: [{
            sourceImage: debianImage.then(debianImage => debianImage.selfLink),
            autoDelete: true,
            boot: true,
        }],
        tags: [
            "allow-ssh",
            "load-balanced-backend",
        ],
    });
    const rigm = new gcp.compute.RegionInstanceGroupManager("rigm", {
        region: "us-central1",
        name: "website-rigm",
        versions: [{
            instanceTemplate: instanceTemplate.id,
            name: "primary",
        }],
        baseInstanceName: "internal-glb",
        targetSize: 1,
    });
    const fw1 = new gcp.compute.Firewall("fw1", {
        name: "website-fw-1",
        network: defaultNetwork.id,
        sourceRanges: ["10.1.2.0/24"],
        allows: [
            {
                protocol: "tcp",
            },
            {
                protocol: "udp",
            },
            {
                protocol: "icmp",
            },
        ],
        direction: "INGRESS",
    });
    const fw2 = new gcp.compute.Firewall("fw2", {
        name: "website-fw-2",
        network: defaultNetwork.id,
        sourceRanges: ["0.0.0.0/0"],
        allows: [{
            protocol: "tcp",
            ports: ["22"],
        }],
        targetTags: ["allow-ssh"],
        direction: "INGRESS",
    }, {
        dependsOn: [fw1],
    });
    const fw3 = new gcp.compute.Firewall("fw3", {
        name: "website-fw-3",
        network: defaultNetwork.id,
        sourceRanges: [
            "130.211.0.0/22",
            "35.191.0.0/16",
        ],
        allows: [{
            protocol: "tcp",
        }],
        targetTags: ["load-balanced-backend"],
        direction: "INGRESS",
    }, {
        dependsOn: [fw2],
    });
    const fw4 = new gcp.compute.Firewall("fw4", {
        name: "website-fw-4",
        network: defaultNetwork.id,
        sourceRanges: ["10.129.0.0/26"],
        targetTags: ["load-balanced-backend"],
        allows: [
            {
                protocol: "tcp",
                ports: ["80"],
            },
            {
                protocol: "tcp",
                ports: ["443"],
            },
            {
                protocol: "tcp",
                ports: ["8000"],
            },
        ],
        direction: "INGRESS",
    }, {
        dependsOn: [fw3],
    });
    const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
        region: "us-central1",
        name: "website-hc",
        httpHealthCheck: {
            portSpecification: "USE_SERVING_PORT",
        },
    }, {
        dependsOn: [fw4],
    });
    const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", {
        loadBalancingScheme: "EXTERNAL_MANAGED",
        backends: [{
            group: rigm.instanceGroup,
            balancingMode: "UTILIZATION",
            capacityScaler: 1,
        }],
        region: "us-central1",
        name: "website-backend",
        protocol: "HTTP",
        timeoutSec: 10,
        healthChecks: defaultRegionHealthCheck.id,
    });
    const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", {
        region: "us-central1",
        name: "website-map",
        defaultService: defaultRegionBackendService.id,
    });
    const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", {
        region: "us-central1",
        name: "website-proxy",
        urlMap: defaultRegionUrlMap.id,
    });
    const defaultAddress = new gcp.compute.Address("default", {
        name: "website-ip-1",
        region: "us-central1",
        networkTier: "STANDARD",
    });
    const proxy = new gcp.compute.Subnetwork("proxy", {
        name: "website-net-proxy",
        ipCidrRange: "10.129.0.0/26",
        region: "us-central1",
        network: defaultNetwork.id,
        purpose: "REGIONAL_MANAGED_PROXY",
        role: "ACTIVE",
    });
    // Forwarding rule for Regional External Load Balancing
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        ipProtocol: "TCP",
        loadBalancingScheme: "EXTERNAL_MANAGED",
        portRange: "80",
        target: defaultRegionTargetHttpProxy.id,
        network: defaultNetwork.id,
        ipAddress: defaultAddress.address,
        networkTier: "STANDARD",
    }, {
        dependsOn: [proxy],
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    debian_image = gcp.compute.get_image(family="debian-11",
        project="debian-cloud")
    default_network = gcp.compute.Network("default",
        name="website-net",
        auto_create_subnetworks=False,
        routing_mode="REGIONAL")
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="website-net-default",
        ip_cidr_range="10.1.2.0/24",
        region="us-central1",
        network=default_network.id)
    instance_template = gcp.compute.InstanceTemplate("instance_template",
        name="template-website-backend",
        machine_type="e2-medium",
        network_interfaces=[{
            "network": default_network.id,
            "subnetwork": default_subnetwork.id,
        }],
        disks=[{
            "source_image": debian_image.self_link,
            "auto_delete": True,
            "boot": True,
        }],
        tags=[
            "allow-ssh",
            "load-balanced-backend",
        ])
    rigm = gcp.compute.RegionInstanceGroupManager("rigm",
        region="us-central1",
        name="website-rigm",
        versions=[{
            "instance_template": instance_template.id,
            "name": "primary",
        }],
        base_instance_name="internal-glb",
        target_size=1)
    fw1 = gcp.compute.Firewall("fw1",
        name="website-fw-1",
        network=default_network.id,
        source_ranges=["10.1.2.0/24"],
        allows=[
            {
                "protocol": "tcp",
            },
            {
                "protocol": "udp",
            },
            {
                "protocol": "icmp",
            },
        ],
        direction="INGRESS")
    fw2 = gcp.compute.Firewall("fw2",
        name="website-fw-2",
        network=default_network.id,
        source_ranges=["0.0.0.0/0"],
        allows=[{
            "protocol": "tcp",
            "ports": ["22"],
        }],
        target_tags=["allow-ssh"],
        direction="INGRESS",
        opts = pulumi.ResourceOptions(depends_on=[fw1]))
    fw3 = gcp.compute.Firewall("fw3",
        name="website-fw-3",
        network=default_network.id,
        source_ranges=[
            "130.211.0.0/22",
            "35.191.0.0/16",
        ],
        allows=[{
            "protocol": "tcp",
        }],
        target_tags=["load-balanced-backend"],
        direction="INGRESS",
        opts = pulumi.ResourceOptions(depends_on=[fw2]))
    fw4 = gcp.compute.Firewall("fw4",
        name="website-fw-4",
        network=default_network.id,
        source_ranges=["10.129.0.0/26"],
        target_tags=["load-balanced-backend"],
        allows=[
            {
                "protocol": "tcp",
                "ports": ["80"],
            },
            {
                "protocol": "tcp",
                "ports": ["443"],
            },
            {
                "protocol": "tcp",
                "ports": ["8000"],
            },
        ],
        direction="INGRESS",
        opts = pulumi.ResourceOptions(depends_on=[fw3]))
    default_region_health_check = gcp.compute.RegionHealthCheck("default",
        region="us-central1",
        name="website-hc",
        http_health_check={
            "port_specification": "USE_SERVING_PORT",
        },
        opts = pulumi.ResourceOptions(depends_on=[fw4]))
    default_region_backend_service = gcp.compute.RegionBackendService("default",
        load_balancing_scheme="EXTERNAL_MANAGED",
        backends=[{
            "group": rigm.instance_group,
            "balancing_mode": "UTILIZATION",
            "capacity_scaler": 1,
        }],
        region="us-central1",
        name="website-backend",
        protocol="HTTP",
        timeout_sec=10,
        health_checks=default_region_health_check.id)
    default_region_url_map = gcp.compute.RegionUrlMap("default",
        region="us-central1",
        name="website-map",
        default_service=default_region_backend_service.id)
    default_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy("default",
        region="us-central1",
        name="website-proxy",
        url_map=default_region_url_map.id)
    default_address = gcp.compute.Address("default",
        name="website-ip-1",
        region="us-central1",
        network_tier="STANDARD")
    proxy = gcp.compute.Subnetwork("proxy",
        name="website-net-proxy",
        ip_cidr_range="10.129.0.0/26",
        region="us-central1",
        network=default_network.id,
        purpose="REGIONAL_MANAGED_PROXY",
        role="ACTIVE")
    # Forwarding rule for Regional External Load Balancing
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        ip_protocol="TCP",
        load_balancing_scheme="EXTERNAL_MANAGED",
        port_range="80",
        target=default_region_target_http_proxy.id,
        network=default_network.id,
        ip_address=default_address.address,
        network_tier="STANDARD",
        opts = pulumi.ResourceOptions(depends_on=[proxy]))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		debianImage, err := compute.LookupImage(ctx, &compute.LookupImageArgs{
    			Family:  pulumi.StringRef("debian-11"),
    			Project: pulumi.StringRef("debian-cloud"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("website-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    			RoutingMode:           pulumi.String("REGIONAL"),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net-default"),
    			IpCidrRange: pulumi.String("10.1.2.0/24"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
    			Name:        pulumi.String("template-website-backend"),
    			MachineType: pulumi.String("e2-medium"),
    			NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
    				&compute.InstanceTemplateNetworkInterfaceArgs{
    					Network:    defaultNetwork.ID(),
    					Subnetwork: defaultSubnetwork.ID(),
    				},
    			},
    			Disks: compute.InstanceTemplateDiskArray{
    				&compute.InstanceTemplateDiskArgs{
    					SourceImage: pulumi.String(debianImage.SelfLink),
    					AutoDelete:  pulumi.Bool(true),
    					Boot:        pulumi.Bool(true),
    				},
    			},
    			Tags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    				pulumi.String("load-balanced-backend"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		rigm, err := compute.NewRegionInstanceGroupManager(ctx, "rigm", &compute.RegionInstanceGroupManagerArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-rigm"),
    			Versions: compute.RegionInstanceGroupManagerVersionArray{
    				&compute.RegionInstanceGroupManagerVersionArgs{
    					InstanceTemplate: instanceTemplate.ID(),
    					Name:             pulumi.String("primary"),
    				},
    			},
    			BaseInstanceName: pulumi.String("internal-glb"),
    			TargetSize:       pulumi.Int(1),
    		})
    		if err != nil {
    			return err
    		}
    		fw1, err := compute.NewFirewall(ctx, "fw1", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-1"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.1.2.0/24"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("udp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("icmp"),
    				},
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		fw2, err := compute.NewFirewall(ctx, "fw2", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-2"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("0.0.0.0/0"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("22"),
    					},
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    			},
    			Direction: pulumi.String("INGRESS"),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			fw1,
    		}))
    		if err != nil {
    			return err
    		}
    		fw3, err := compute.NewFirewall(ctx, "fw3", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-3"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("130.211.0.0/22"),
    				pulumi.String("35.191.0.0/16"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("load-balanced-backend"),
    			},
    			Direction: pulumi.String("INGRESS"),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			fw2,
    		}))
    		if err != nil {
    			return err
    		}
    		fw4, err := compute.NewFirewall(ctx, "fw4", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-4"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.129.0.0/26"),
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("load-balanced-backend"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("80"),
    					},
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("443"),
    					},
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("8000"),
    					},
    				},
    			},
    			Direction: pulumi.String("INGRESS"),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			fw3,
    		}))
    		if err != nil {
    			return err
    		}
    		defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-hc"),
    			HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
    				PortSpecification: pulumi.String("USE_SERVING_PORT"),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			fw4,
    		}))
    		if err != nil {
    			return err
    		}
    		defaultRegionBackendService, err := compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
    			LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
    			Backends: compute.RegionBackendServiceBackendArray{
    				&compute.RegionBackendServiceBackendArgs{
    					Group:          rigm.InstanceGroup,
    					BalancingMode:  pulumi.String("UTILIZATION"),
    					CapacityScaler: pulumi.Float64(1),
    				},
    			},
    			Region:       pulumi.String("us-central1"),
    			Name:         pulumi.String("website-backend"),
    			Protocol:     pulumi.String("HTTP"),
    			TimeoutSec:   pulumi.Int(10),
    			HealthChecks: defaultRegionHealthCheck.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{
    			Region:         pulumi.String("us-central1"),
    			Name:           pulumi.String("website-map"),
    			DefaultService: defaultRegionBackendService.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-proxy"),
    			UrlMap: defaultRegionUrlMap.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultAddress, err := compute.NewAddress(ctx, "default", &compute.AddressArgs{
    			Name:        pulumi.String("website-ip-1"),
    			Region:      pulumi.String("us-central1"),
    			NetworkTier: pulumi.String("STANDARD"),
    		})
    		if err != nil {
    			return err
    		}
    		proxy, err := compute.NewSubnetwork(ctx, "proxy", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net-proxy"),
    			IpCidrRange: pulumi.String("10.129.0.0/26"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    			Purpose:     pulumi.String("REGIONAL_MANAGED_PROXY"),
    			Role:        pulumi.String("ACTIVE"),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for Regional External Load Balancing
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("website-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			IpProtocol:          pulumi.String("TCP"),
    			LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
    			PortRange:           pulumi.String("80"),
    			Target:              defaultRegionTargetHttpProxy.ID(),
    			Network:             defaultNetwork.ID(),
    			IpAddress:           defaultAddress.Address,
    			NetworkTier:         pulumi.String("STANDARD"),
    		}, pulumi.DependsOn([]pulumi.Resource{
    			proxy,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var debianImage = Gcp.Compute.GetImage.Invoke(new()
        {
            Family = "debian-11",
            Project = "debian-cloud",
        });
    
        var defaultNetwork = new Gcp.Compute.Network("default", new()
        {
            Name = "website-net",
            AutoCreateSubnetworks = false,
            RoutingMode = "REGIONAL",
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "website-net-default",
            IpCidrRange = "10.1.2.0/24",
            Region = "us-central1",
            Network = defaultNetwork.Id,
        });
    
        var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
        {
            Name = "template-website-backend",
            MachineType = "e2-medium",
            NetworkInterfaces = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
                {
                    Network = defaultNetwork.Id,
                    Subnetwork = defaultSubnetwork.Id,
                },
            },
            Disks = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
                {
                    SourceImage = debianImage.Apply(getImageResult => getImageResult.SelfLink),
                    AutoDelete = true,
                    Boot = true,
                },
            },
            Tags = new[]
            {
                "allow-ssh",
                "load-balanced-backend",
            },
        });
    
        var rigm = new Gcp.Compute.RegionInstanceGroupManager("rigm", new()
        {
            Region = "us-central1",
            Name = "website-rigm",
            Versions = new[]
            {
                new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs
                {
                    InstanceTemplate = instanceTemplate.Id,
                    Name = "primary",
                },
            },
            BaseInstanceName = "internal-glb",
            TargetSize = 1,
        });
    
        var fw1 = new Gcp.Compute.Firewall("fw1", new()
        {
            Name = "website-fw-1",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "10.1.2.0/24",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "udp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "icmp",
                },
            },
            Direction = "INGRESS",
        });
    
        var fw2 = new Gcp.Compute.Firewall("fw2", new()
        {
            Name = "website-fw-2",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "0.0.0.0/0",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "22",
                    },
                },
            },
            TargetTags = new[]
            {
                "allow-ssh",
            },
            Direction = "INGRESS",
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                fw1,
            },
        });
    
        var fw3 = new Gcp.Compute.Firewall("fw3", new()
        {
            Name = "website-fw-3",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "130.211.0.0/22",
                "35.191.0.0/16",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
            },
            TargetTags = new[]
            {
                "load-balanced-backend",
            },
            Direction = "INGRESS",
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                fw2,
            },
        });
    
        var fw4 = new Gcp.Compute.Firewall("fw4", new()
        {
            Name = "website-fw-4",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "10.129.0.0/26",
            },
            TargetTags = new[]
            {
                "load-balanced-backend",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "80",
                    },
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "443",
                    },
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "8000",
                    },
                },
            },
            Direction = "INGRESS",
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                fw3,
            },
        });
    
        var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
        {
            Region = "us-central1",
            Name = "website-hc",
            HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
            {
                PortSpecification = "USE_SERVING_PORT",
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                fw4,
            },
        });
    
        var defaultRegionBackendService = new Gcp.Compute.RegionBackendService("default", new()
        {
            LoadBalancingScheme = "EXTERNAL_MANAGED",
            Backends = new[]
            {
                new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs
                {
                    Group = rigm.InstanceGroup,
                    BalancingMode = "UTILIZATION",
                    CapacityScaler = 1,
                },
            },
            Region = "us-central1",
            Name = "website-backend",
            Protocol = "HTTP",
            TimeoutSec = 10,
            HealthChecks = defaultRegionHealthCheck.Id,
        });
    
        var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new()
        {
            Region = "us-central1",
            Name = "website-map",
            DefaultService = defaultRegionBackendService.Id,
        });
    
        var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy("default", new()
        {
            Region = "us-central1",
            Name = "website-proxy",
            UrlMap = defaultRegionUrlMap.Id,
        });
    
        var defaultAddress = new Gcp.Compute.Address("default", new()
        {
            Name = "website-ip-1",
            Region = "us-central1",
            NetworkTier = "STANDARD",
        });
    
        var proxy = new Gcp.Compute.Subnetwork("proxy", new()
        {
            Name = "website-net-proxy",
            IpCidrRange = "10.129.0.0/26",
            Region = "us-central1",
            Network = defaultNetwork.Id,
            Purpose = "REGIONAL_MANAGED_PROXY",
            Role = "ACTIVE",
        });
    
        // Forwarding rule for Regional External Load Balancing
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            IpProtocol = "TCP",
            LoadBalancingScheme = "EXTERNAL_MANAGED",
            PortRange = "80",
            Target = defaultRegionTargetHttpProxy.Id,
            Network = defaultNetwork.Id,
            IpAddress = defaultAddress.IPAddress,
            NetworkTier = "STANDARD",
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                proxy,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.ComputeFunctions;
    import com.pulumi.gcp.compute.inputs.GetImageArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.InstanceTemplate;
    import com.pulumi.gcp.compute.InstanceTemplateArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
    import com.pulumi.gcp.compute.RegionInstanceGroupManager;
    import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
    import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
    import com.pulumi.gcp.compute.Firewall;
    import com.pulumi.gcp.compute.FirewallArgs;
    import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
    import com.pulumi.gcp.compute.RegionUrlMap;
    import com.pulumi.gcp.compute.RegionUrlMapArgs;
    import com.pulumi.gcp.compute.RegionTargetHttpProxy;
    import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
    import com.pulumi.gcp.compute.Address;
    import com.pulumi.gcp.compute.AddressArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
                .family("debian-11")
                .project("debian-cloud")
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
                .name("website-net")
                .autoCreateSubnetworks(false)
                .routingMode("REGIONAL")
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
                .name("website-net-default")
                .ipCidrRange("10.1.2.0/24")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build());
    
            var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()
                .name("template-website-backend")
                .machineType("e2-medium")
                .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                    .network(defaultNetwork.id())
                    .subnetwork(defaultSubnetwork.id())
                    .build())
                .disks(InstanceTemplateDiskArgs.builder()
                    .sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
                    .autoDelete(true)
                    .boot(true)
                    .build())
                .tags(            
                    "allow-ssh",
                    "load-balanced-backend")
                .build());
    
            var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder()
                .region("us-central1")
                .name("website-rigm")
                .versions(RegionInstanceGroupManagerVersionArgs.builder()
                    .instanceTemplate(instanceTemplate.id())
                    .name("primary")
                    .build())
                .baseInstanceName("internal-glb")
                .targetSize(1)
                .build());
    
            var fw1 = new Firewall("fw1", FirewallArgs.builder()
                .name("website-fw-1")
                .network(defaultNetwork.id())
                .sourceRanges("10.1.2.0/24")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("udp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("icmp")
                        .build())
                .direction("INGRESS")
                .build());
    
            var fw2 = new Firewall("fw2", FirewallArgs.builder()
                .name("website-fw-2")
                .network(defaultNetwork.id())
                .sourceRanges("0.0.0.0/0")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("22")
                    .build())
                .targetTags("allow-ssh")
                .direction("INGRESS")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(fw1)
                    .build());
    
            var fw3 = new Firewall("fw3", FirewallArgs.builder()
                .name("website-fw-3")
                .network(defaultNetwork.id())
                .sourceRanges(            
                    "130.211.0.0/22",
                    "35.191.0.0/16")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build())
                .targetTags("load-balanced-backend")
                .direction("INGRESS")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(fw2)
                    .build());
    
            var fw4 = new Firewall("fw4", FirewallArgs.builder()
                .name("website-fw-4")
                .network(defaultNetwork.id())
                .sourceRanges("10.129.0.0/26")
                .targetTags("load-balanced-backend")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("80")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("443")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("8000")
                        .build())
                .direction("INGRESS")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(fw3)
                    .build());
    
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()
                .region("us-central1")
                .name("website-hc")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .portSpecification("USE_SERVING_PORT")
                    .build())
                .build(), CustomResourceOptions.builder()
                    .dependsOn(fw4)
                    .build());
    
            var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()
                .loadBalancingScheme("EXTERNAL_MANAGED")
                .backends(RegionBackendServiceBackendArgs.builder()
                    .group(rigm.instanceGroup())
                    .balancingMode("UTILIZATION")
                    .capacityScaler(1)
                    .build())
                .region("us-central1")
                .name("website-backend")
                .protocol("HTTP")
                .timeoutSec(10)
                .healthChecks(defaultRegionHealthCheck.id())
                .build());
    
            var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()
                .region("us-central1")
                .name("website-map")
                .defaultService(defaultRegionBackendService.id())
                .build());
    
            var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()
                .region("us-central1")
                .name("website-proxy")
                .urlMap(defaultRegionUrlMap.id())
                .build());
    
            var defaultAddress = new Address("defaultAddress", AddressArgs.builder()
                .name("website-ip-1")
                .region("us-central1")
                .networkTier("STANDARD")
                .build());
    
            var proxy = new Subnetwork("proxy", SubnetworkArgs.builder()
                .name("website-net-proxy")
                .ipCidrRange("10.129.0.0/26")
                .region("us-central1")
                .network(defaultNetwork.id())
                .purpose("REGIONAL_MANAGED_PROXY")
                .role("ACTIVE")
                .build());
    
            // Forwarding rule for Regional External Load Balancing
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
                .name("website-forwarding-rule")
                .region("us-central1")
                .ipProtocol("TCP")
                .loadBalancingScheme("EXTERNAL_MANAGED")
                .portRange("80")
                .target(defaultRegionTargetHttpProxy.id())
                .network(defaultNetwork.id())
                .ipAddress(defaultAddress.address())
                .networkTier("STANDARD")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(proxy)
                    .build());
    
        }
    }
    
    resources:
      # Forwarding rule for Regional External Load Balancing
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          ipProtocol: TCP
          loadBalancingScheme: EXTERNAL_MANAGED
          portRange: '80'
          target: ${defaultRegionTargetHttpProxy.id}
          network: ${defaultNetwork.id}
          ipAddress: ${defaultAddress.address}
          networkTier: STANDARD
        options:
          dependson:
            - ${proxy}
      defaultRegionTargetHttpProxy:
        type: gcp:compute:RegionTargetHttpProxy
        name: default
        properties:
          region: us-central1
          name: website-proxy
          urlMap: ${defaultRegionUrlMap.id}
      defaultRegionUrlMap:
        type: gcp:compute:RegionUrlMap
        name: default
        properties:
          region: us-central1
          name: website-map
          defaultService: ${defaultRegionBackendService.id}
      defaultRegionBackendService:
        type: gcp:compute:RegionBackendService
        name: default
        properties:
          loadBalancingScheme: EXTERNAL_MANAGED
          backends:
            - group: ${rigm.instanceGroup}
              balancingMode: UTILIZATION
              capacityScaler: 1
          region: us-central1
          name: website-backend
          protocol: HTTP
          timeoutSec: 10
          healthChecks: ${defaultRegionHealthCheck.id}
      rigm:
        type: gcp:compute:RegionInstanceGroupManager
        properties:
          region: us-central1
          name: website-rigm
          versions:
            - instanceTemplate: ${instanceTemplate.id}
              name: primary
          baseInstanceName: internal-glb
          targetSize: 1
      instanceTemplate:
        type: gcp:compute:InstanceTemplate
        name: instance_template
        properties:
          name: template-website-backend
          machineType: e2-medium
          networkInterfaces:
            - network: ${defaultNetwork.id}
              subnetwork: ${defaultSubnetwork.id}
          disks:
            - sourceImage: ${debianImage.selfLink}
              autoDelete: true
              boot: true
          tags:
            - allow-ssh
            - load-balanced-backend
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        name: default
        properties:
          region: us-central1
          name: website-hc
          httpHealthCheck:
            portSpecification: USE_SERVING_PORT
        options:
          dependson:
            - ${fw4}
      defaultAddress:
        type: gcp:compute:Address
        name: default
        properties:
          name: website-ip-1
          region: us-central1
          networkTier: STANDARD
      fw1:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-1
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.1.2.0/24
          allows:
            - protocol: tcp
            - protocol: udp
            - protocol: icmp
          direction: INGRESS
      fw2:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-2
          network: ${defaultNetwork.id}
          sourceRanges:
            - 0.0.0.0/0
          allows:
            - protocol: tcp
              ports:
                - '22'
          targetTags:
            - allow-ssh
          direction: INGRESS
        options:
          dependson:
            - ${fw1}
      fw3:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-3
          network: ${defaultNetwork.id}
          sourceRanges:
            - 130.211.0.0/22
            - 35.191.0.0/16
          allows:
            - protocol: tcp
          targetTags:
            - load-balanced-backend
          direction: INGRESS
        options:
          dependson:
            - ${fw2}
      fw4:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-4
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.129.0.0/26
          targetTags:
            - load-balanced-backend
          allows:
            - protocol: tcp
              ports:
                - '80'
            - protocol: tcp
              ports:
                - '443'
            - protocol: tcp
              ports:
                - '8000'
          direction: INGRESS
        options:
          dependson:
            - ${fw3}
      defaultNetwork:
        type: gcp:compute:Network
        name: default
        properties:
          name: website-net
          autoCreateSubnetworks: false
          routingMode: REGIONAL
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: website-net-default
          ipCidrRange: 10.1.2.0/24
          region: us-central1
          network: ${defaultNetwork.id}
      proxy:
        type: gcp:compute:Subnetwork
        properties:
          name: website-net-proxy
          ipCidrRange: 10.129.0.0/26
          region: us-central1
          network: ${defaultNetwork.id}
          purpose: REGIONAL_MANAGED_PROXY
          role: ACTIVE
    variables:
      debianImage:
        fn::invoke:
          Function: gcp:compute:getImage
          Arguments:
            family: debian-11
            project: debian-cloud
    

    Forwarding Rule Vpc Psc

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    // Consumer service endpoint
    const consumerNet = new gcp.compute.Network("consumer_net", {
        name: "consumer-net",
        autoCreateSubnetworks: false,
    });
    const consumerSubnet = new gcp.compute.Subnetwork("consumer_subnet", {
        name: "consumer-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: consumerNet.id,
    });
    const consumerAddress = new gcp.compute.Address("consumer_address", {
        name: "website-ip-1",
        region: "us-central1",
        subnetwork: consumerSubnet.id,
        addressType: "INTERNAL",
    });
    // Producer service attachment
    const producerNet = new gcp.compute.Network("producer_net", {
        name: "producer-net",
        autoCreateSubnetworks: false,
    });
    const pscProducerSubnet = new gcp.compute.Subnetwork("psc_producer_subnet", {
        name: "producer-psc-net",
        ipCidrRange: "10.1.0.0/16",
        region: "us-central1",
        purpose: "PRIVATE_SERVICE_CONNECT",
        network: producerNet.id,
    });
    const producerSubnet = new gcp.compute.Subnetwork("producer_subnet", {
        name: "producer-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: producerNet.id,
    });
    const producerServiceHealthCheck = new gcp.compute.HealthCheck("producer_service_health_check", {
        name: "producer-service-health-check",
        checkIntervalSec: 1,
        timeoutSec: 1,
        tcpHealthCheck: {
            port: 80,
        },
    });
    const producerServiceBackend = new gcp.compute.RegionBackendService("producer_service_backend", {
        name: "producer-service-backend",
        region: "us-central1",
        healthChecks: producerServiceHealthCheck.id,
    });
    const producerTargetService = new gcp.compute.ForwardingRule("producer_target_service", {
        name: "producer-forwarding-rule",
        region: "us-central1",
        loadBalancingScheme: "INTERNAL",
        backendService: producerServiceBackend.id,
        allPorts: true,
        network: producerNet.name,
        subnetwork: producerSubnet.name,
    });
    const producerServiceAttachment = new gcp.compute.ServiceAttachment("producer_service_attachment", {
        name: "producer-service",
        region: "us-central1",
        description: "A service attachment configured with Terraform",
        enableProxyProtocol: true,
        connectionPreference: "ACCEPT_AUTOMATIC",
        natSubnets: [pscProducerSubnet.name],
        targetService: producerTargetService.id,
    });
    // Forwarding rule for VPC private service connect
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "psc-endpoint",
        region: "us-central1",
        loadBalancingScheme: "",
        target: producerServiceAttachment.id,
        network: consumerNet.name,
        ipAddress: consumerAddress.id,
        allowPscGlobalAccess: true,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    # Consumer service endpoint
    consumer_net = gcp.compute.Network("consumer_net",
        name="consumer-net",
        auto_create_subnetworks=False)
    consumer_subnet = gcp.compute.Subnetwork("consumer_subnet",
        name="consumer-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=consumer_net.id)
    consumer_address = gcp.compute.Address("consumer_address",
        name="website-ip-1",
        region="us-central1",
        subnetwork=consumer_subnet.id,
        address_type="INTERNAL")
    # Producer service attachment
    producer_net = gcp.compute.Network("producer_net",
        name="producer-net",
        auto_create_subnetworks=False)
    psc_producer_subnet = gcp.compute.Subnetwork("psc_producer_subnet",
        name="producer-psc-net",
        ip_cidr_range="10.1.0.0/16",
        region="us-central1",
        purpose="PRIVATE_SERVICE_CONNECT",
        network=producer_net.id)
    producer_subnet = gcp.compute.Subnetwork("producer_subnet",
        name="producer-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=producer_net.id)
    producer_service_health_check = gcp.compute.HealthCheck("producer_service_health_check",
        name="producer-service-health-check",
        check_interval_sec=1,
        timeout_sec=1,
        tcp_health_check={
            "port": 80,
        })
    producer_service_backend = gcp.compute.RegionBackendService("producer_service_backend",
        name="producer-service-backend",
        region="us-central1",
        health_checks=producer_service_health_check.id)
    producer_target_service = gcp.compute.ForwardingRule("producer_target_service",
        name="producer-forwarding-rule",
        region="us-central1",
        load_balancing_scheme="INTERNAL",
        backend_service=producer_service_backend.id,
        all_ports=True,
        network=producer_net.name,
        subnetwork=producer_subnet.name)
    producer_service_attachment = gcp.compute.ServiceAttachment("producer_service_attachment",
        name="producer-service",
        region="us-central1",
        description="A service attachment configured with Terraform",
        enable_proxy_protocol=True,
        connection_preference="ACCEPT_AUTOMATIC",
        nat_subnets=[psc_producer_subnet.name],
        target_service=producer_target_service.id)
    # Forwarding rule for VPC private service connect
    default = gcp.compute.ForwardingRule("default",
        name="psc-endpoint",
        region="us-central1",
        load_balancing_scheme="",
        target=producer_service_attachment.id,
        network=consumer_net.name,
        ip_address=consumer_address.id,
        allow_psc_global_access=True)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// Consumer service endpoint
    		consumerNet, err := compute.NewNetwork(ctx, "consumer_net", &compute.NetworkArgs{
    			Name:                  pulumi.String("consumer-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		consumerSubnet, err := compute.NewSubnetwork(ctx, "consumer_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("consumer-net"),
    			IpCidrRange: pulumi.String("10.0.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Network:     consumerNet.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		consumerAddress, err := compute.NewAddress(ctx, "consumer_address", &compute.AddressArgs{
    			Name:        pulumi.String("website-ip-1"),
    			Region:      pulumi.String("us-central1"),
    			Subnetwork:  consumerSubnet.ID(),
    			AddressType: pulumi.String("INTERNAL"),
    		})
    		if err != nil {
    			return err
    		}
    		// Producer service attachment
    		producerNet, err := compute.NewNetwork(ctx, "producer_net", &compute.NetworkArgs{
    			Name:                  pulumi.String("producer-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		pscProducerSubnet, err := compute.NewSubnetwork(ctx, "psc_producer_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("producer-psc-net"),
    			IpCidrRange: pulumi.String("10.1.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Purpose:     pulumi.String("PRIVATE_SERVICE_CONNECT"),
    			Network:     producerNet.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		producerSubnet, err := compute.NewSubnetwork(ctx, "producer_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("producer-net"),
    			IpCidrRange: pulumi.String("10.0.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Network:     producerNet.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		producerServiceHealthCheck, err := compute.NewHealthCheck(ctx, "producer_service_health_check", &compute.HealthCheckArgs{
    			Name:             pulumi.String("producer-service-health-check"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		producerServiceBackend, err := compute.NewRegionBackendService(ctx, "producer_service_backend", &compute.RegionBackendServiceArgs{
    			Name:         pulumi.String("producer-service-backend"),
    			Region:       pulumi.String("us-central1"),
    			HealthChecks: producerServiceHealthCheck.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		producerTargetService, err := compute.NewForwardingRule(ctx, "producer_target_service", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("producer-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			BackendService:      producerServiceBackend.ID(),
    			AllPorts:            pulumi.Bool(true),
    			Network:             producerNet.Name,
    			Subnetwork:          producerSubnet.Name,
    		})
    		if err != nil {
    			return err
    		}
    		producerServiceAttachment, err := compute.NewServiceAttachment(ctx, "producer_service_attachment", &compute.ServiceAttachmentArgs{
    			Name:                 pulumi.String("producer-service"),
    			Region:               pulumi.String("us-central1"),
    			Description:          pulumi.String("A service attachment configured with Terraform"),
    			EnableProxyProtocol:  pulumi.Bool(true),
    			ConnectionPreference: pulumi.String("ACCEPT_AUTOMATIC"),
    			NatSubnets: pulumi.StringArray{
    				pscProducerSubnet.Name,
    			},
    			TargetService: producerTargetService.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for VPC private service connect
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                 pulumi.String("psc-endpoint"),
    			Region:               pulumi.String("us-central1"),
    			LoadBalancingScheme:  pulumi.String(""),
    			Target:               producerServiceAttachment.ID(),
    			Network:              consumerNet.Name,
    			IpAddress:            consumerAddress.ID(),
    			AllowPscGlobalAccess: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        // Consumer service endpoint
        var consumerNet = new Gcp.Compute.Network("consumer_net", new()
        {
            Name = "consumer-net",
            AutoCreateSubnetworks = false,
        });
    
        var consumerSubnet = new Gcp.Compute.Subnetwork("consumer_subnet", new()
        {
            Name = "consumer-net",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            Network = consumerNet.Id,
        });
    
        var consumerAddress = new Gcp.Compute.Address("consumer_address", new()
        {
            Name = "website-ip-1",
            Region = "us-central1",
            Subnetwork = consumerSubnet.Id,
            AddressType = "INTERNAL",
        });
    
        // Producer service attachment
        var producerNet = new Gcp.Compute.Network("producer_net", new()
        {
            Name = "producer-net",
            AutoCreateSubnetworks = false,
        });
    
        var pscProducerSubnet = new Gcp.Compute.Subnetwork("psc_producer_subnet", new()
        {
            Name = "producer-psc-net",
            IpCidrRange = "10.1.0.0/16",
            Region = "us-central1",
            Purpose = "PRIVATE_SERVICE_CONNECT",
            Network = producerNet.Id,
        });
    
        var producerSubnet = new Gcp.Compute.Subnetwork("producer_subnet", new()
        {
            Name = "producer-net",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            Network = producerNet.Id,
        });
    
        var producerServiceHealthCheck = new Gcp.Compute.HealthCheck("producer_service_health_check", new()
        {
            Name = "producer-service-health-check",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var producerServiceBackend = new Gcp.Compute.RegionBackendService("producer_service_backend", new()
        {
            Name = "producer-service-backend",
            Region = "us-central1",
            HealthChecks = producerServiceHealthCheck.Id,
        });
    
        var producerTargetService = new Gcp.Compute.ForwardingRule("producer_target_service", new()
        {
            Name = "producer-forwarding-rule",
            Region = "us-central1",
            LoadBalancingScheme = "INTERNAL",
            BackendService = producerServiceBackend.Id,
            AllPorts = true,
            Network = producerNet.Name,
            Subnetwork = producerSubnet.Name,
        });
    
        var producerServiceAttachment = new Gcp.Compute.ServiceAttachment("producer_service_attachment", new()
        {
            Name = "producer-service",
            Region = "us-central1",
            Description = "A service attachment configured with Terraform",
            EnableProxyProtocol = true,
            ConnectionPreference = "ACCEPT_AUTOMATIC",
            NatSubnets = new[]
            {
                pscProducerSubnet.Name,
            },
            TargetService = producerTargetService.Id,
        });
    
        // Forwarding rule for VPC private service connect
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "psc-endpoint",
            Region = "us-central1",
            LoadBalancingScheme = "",
            Target = producerServiceAttachment.Id,
            Network = consumerNet.Name,
            IpAddress = consumerAddress.Id,
            AllowPscGlobalAccess = true,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.Address;
    import com.pulumi.gcp.compute.AddressArgs;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.ServiceAttachment;
    import com.pulumi.gcp.compute.ServiceAttachmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // Consumer service endpoint
            var consumerNet = new Network("consumerNet", NetworkArgs.builder()
                .name("consumer-net")
                .autoCreateSubnetworks(false)
                .build());
    
            var consumerSubnet = new Subnetwork("consumerSubnet", SubnetworkArgs.builder()
                .name("consumer-net")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(consumerNet.id())
                .build());
    
            var consumerAddress = new Address("consumerAddress", AddressArgs.builder()
                .name("website-ip-1")
                .region("us-central1")
                .subnetwork(consumerSubnet.id())
                .addressType("INTERNAL")
                .build());
    
            // Producer service attachment
            var producerNet = new Network("producerNet", NetworkArgs.builder()
                .name("producer-net")
                .autoCreateSubnetworks(false)
                .build());
    
            var pscProducerSubnet = new Subnetwork("pscProducerSubnet", SubnetworkArgs.builder()
                .name("producer-psc-net")
                .ipCidrRange("10.1.0.0/16")
                .region("us-central1")
                .purpose("PRIVATE_SERVICE_CONNECT")
                .network(producerNet.id())
                .build());
    
            var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder()
                .name("producer-net")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(producerNet.id())
                .build());
    
            var producerServiceHealthCheck = new HealthCheck("producerServiceHealthCheck", HealthCheckArgs.builder()
                .name("producer-service-health-check")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var producerServiceBackend = new RegionBackendService("producerServiceBackend", RegionBackendServiceArgs.builder()
                .name("producer-service-backend")
                .region("us-central1")
                .healthChecks(producerServiceHealthCheck.id())
                .build());
    
            var producerTargetService = new ForwardingRule("producerTargetService", ForwardingRuleArgs.builder()
                .name("producer-forwarding-rule")
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(producerServiceBackend.id())
                .allPorts(true)
                .network(producerNet.name())
                .subnetwork(producerSubnet.name())
                .build());
    
            var producerServiceAttachment = new ServiceAttachment("producerServiceAttachment", ServiceAttachmentArgs.builder()
                .name("producer-service")
                .region("us-central1")
                .description("A service attachment configured with Terraform")
                .enableProxyProtocol(true)
                .connectionPreference("ACCEPT_AUTOMATIC")
                .natSubnets(pscProducerSubnet.name())
                .targetService(producerTargetService.id())
                .build());
    
            // Forwarding rule for VPC private service connect
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
                .name("psc-endpoint")
                .region("us-central1")
                .loadBalancingScheme("")
                .target(producerServiceAttachment.id())
                .network(consumerNet.name())
                .ipAddress(consumerAddress.id())
                .allowPscGlobalAccess(true)
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for VPC private service connect
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: psc-endpoint
          region: us-central1
          loadBalancingScheme:
          target: ${producerServiceAttachment.id}
          network: ${consumerNet.name}
          ipAddress: ${consumerAddress.id}
          allowPscGlobalAccess: true
      # Consumer service endpoint
      consumerNet:
        type: gcp:compute:Network
        name: consumer_net
        properties:
          name: consumer-net
          autoCreateSubnetworks: false
      consumerSubnet:
        type: gcp:compute:Subnetwork
        name: consumer_subnet
        properties:
          name: consumer-net
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${consumerNet.id}
      consumerAddress:
        type: gcp:compute:Address
        name: consumer_address
        properties:
          name: website-ip-1
          region: us-central1
          subnetwork: ${consumerSubnet.id}
          addressType: INTERNAL
      # Producer service attachment
      producerNet:
        type: gcp:compute:Network
        name: producer_net
        properties:
          name: producer-net
          autoCreateSubnetworks: false
      producerSubnet:
        type: gcp:compute:Subnetwork
        name: producer_subnet
        properties:
          name: producer-net
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${producerNet.id}
      pscProducerSubnet:
        type: gcp:compute:Subnetwork
        name: psc_producer_subnet
        properties:
          name: producer-psc-net
          ipCidrRange: 10.1.0.0/16
          region: us-central1
          purpose: PRIVATE_SERVICE_CONNECT
          network: ${producerNet.id}
      producerServiceAttachment:
        type: gcp:compute:ServiceAttachment
        name: producer_service_attachment
        properties:
          name: producer-service
          region: us-central1
          description: A service attachment configured with Terraform
          enableProxyProtocol: true
          connectionPreference: ACCEPT_AUTOMATIC
          natSubnets:
            - ${pscProducerSubnet.name}
          targetService: ${producerTargetService.id}
      producerTargetService:
        type: gcp:compute:ForwardingRule
        name: producer_target_service
        properties:
          name: producer-forwarding-rule
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${producerServiceBackend.id}
          allPorts: true
          network: ${producerNet.name}
          subnetwork: ${producerSubnet.name}
      producerServiceBackend:
        type: gcp:compute:RegionBackendService
        name: producer_service_backend
        properties:
          name: producer-service-backend
          region: us-central1
          healthChecks: ${producerServiceHealthCheck.id}
      producerServiceHealthCheck:
        type: gcp:compute:HealthCheck
        name: producer_service_health_check
        properties:
          name: producer-service-health-check
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
    

    Forwarding Rule Vpc Psc No Automate Dns

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const consumerNet = new gcp.compute.Network("consumer_net", {
        name: "consumer-net",
        autoCreateSubnetworks: false,
    });
    const consumerSubnet = new gcp.compute.Subnetwork("consumer_subnet", {
        name: "consumer-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: consumerNet.id,
    });
    const consumerAddress = new gcp.compute.Address("consumer_address", {
        name: "website-ip-1",
        region: "us-central1",
        subnetwork: consumerSubnet.id,
        addressType: "INTERNAL",
    });
    const producerNet = new gcp.compute.Network("producer_net", {
        name: "producer-net",
        autoCreateSubnetworks: false,
    });
    const pscProducerSubnet = new gcp.compute.Subnetwork("psc_producer_subnet", {
        name: "producer-psc-net",
        ipCidrRange: "10.1.0.0/16",
        region: "us-central1",
        purpose: "PRIVATE_SERVICE_CONNECT",
        network: producerNet.id,
    });
    const producerSubnet = new gcp.compute.Subnetwork("producer_subnet", {
        name: "producer-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: producerNet.id,
    });
    const producerServiceHealthCheck = new gcp.compute.HealthCheck("producer_service_health_check", {
        name: "producer-service-health-check",
        checkIntervalSec: 1,
        timeoutSec: 1,
        tcpHealthCheck: {
            port: 80,
        },
    });
    const producerServiceBackend = new gcp.compute.RegionBackendService("producer_service_backend", {
        name: "producer-service-backend",
        region: "us-central1",
        healthChecks: producerServiceHealthCheck.id,
    });
    const producerTargetService = new gcp.compute.ForwardingRule("producer_target_service", {
        name: "producer-forwarding-rule",
        region: "us-central1",
        loadBalancingScheme: "INTERNAL",
        backendService: producerServiceBackend.id,
        allPorts: true,
        network: producerNet.name,
        subnetwork: producerSubnet.name,
    });
    const producerServiceAttachment = new gcp.compute.ServiceAttachment("producer_service_attachment", {
        name: "producer-service",
        region: "us-central1",
        description: "A service attachment configured with Terraform",
        enableProxyProtocol: true,
        connectionPreference: "ACCEPT_AUTOMATIC",
        natSubnets: [pscProducerSubnet.name],
        targetService: producerTargetService.id,
    });
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "psc-endpoint",
        region: "us-central1",
        loadBalancingScheme: "",
        target: producerServiceAttachment.id,
        network: consumerNet.name,
        ipAddress: consumerAddress.id,
        allowPscGlobalAccess: true,
        noAutomateDnsZone: true,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    consumer_net = gcp.compute.Network("consumer_net",
        name="consumer-net",
        auto_create_subnetworks=False)
    consumer_subnet = gcp.compute.Subnetwork("consumer_subnet",
        name="consumer-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=consumer_net.id)
    consumer_address = gcp.compute.Address("consumer_address",
        name="website-ip-1",
        region="us-central1",
        subnetwork=consumer_subnet.id,
        address_type="INTERNAL")
    producer_net = gcp.compute.Network("producer_net",
        name="producer-net",
        auto_create_subnetworks=False)
    psc_producer_subnet = gcp.compute.Subnetwork("psc_producer_subnet",
        name="producer-psc-net",
        ip_cidr_range="10.1.0.0/16",
        region="us-central1",
        purpose="PRIVATE_SERVICE_CONNECT",
        network=producer_net.id)
    producer_subnet = gcp.compute.Subnetwork("producer_subnet",
        name="producer-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=producer_net.id)
    producer_service_health_check = gcp.compute.HealthCheck("producer_service_health_check",
        name="producer-service-health-check",
        check_interval_sec=1,
        timeout_sec=1,
        tcp_health_check={
            "port": 80,
        })
    producer_service_backend = gcp.compute.RegionBackendService("producer_service_backend",
        name="producer-service-backend",
        region="us-central1",
        health_checks=producer_service_health_check.id)
    producer_target_service = gcp.compute.ForwardingRule("producer_target_service",
        name="producer-forwarding-rule",
        region="us-central1",
        load_balancing_scheme="INTERNAL",
        backend_service=producer_service_backend.id,
        all_ports=True,
        network=producer_net.name,
        subnetwork=producer_subnet.name)
    producer_service_attachment = gcp.compute.ServiceAttachment("producer_service_attachment",
        name="producer-service",
        region="us-central1",
        description="A service attachment configured with Terraform",
        enable_proxy_protocol=True,
        connection_preference="ACCEPT_AUTOMATIC",
        nat_subnets=[psc_producer_subnet.name],
        target_service=producer_target_service.id)
    default = gcp.compute.ForwardingRule("default",
        name="psc-endpoint",
        region="us-central1",
        load_balancing_scheme="",
        target=producer_service_attachment.id,
        network=consumer_net.name,
        ip_address=consumer_address.id,
        allow_psc_global_access=True,
        no_automate_dns_zone=True)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		consumerNet, err := compute.NewNetwork(ctx, "consumer_net", &compute.NetworkArgs{
    			Name:                  pulumi.String("consumer-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		consumerSubnet, err := compute.NewSubnetwork(ctx, "consumer_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("consumer-net"),
    			IpCidrRange: pulumi.String("10.0.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Network:     consumerNet.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		consumerAddress, err := compute.NewAddress(ctx, "consumer_address", &compute.AddressArgs{
    			Name:        pulumi.String("website-ip-1"),
    			Region:      pulumi.String("us-central1"),
    			Subnetwork:  consumerSubnet.ID(),
    			AddressType: pulumi.String("INTERNAL"),
    		})
    		if err != nil {
    			return err
    		}
    		producerNet, err := compute.NewNetwork(ctx, "producer_net", &compute.NetworkArgs{
    			Name:                  pulumi.String("producer-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		pscProducerSubnet, err := compute.NewSubnetwork(ctx, "psc_producer_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("producer-psc-net"),
    			IpCidrRange: pulumi.String("10.1.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Purpose:     pulumi.String("PRIVATE_SERVICE_CONNECT"),
    			Network:     producerNet.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		producerSubnet, err := compute.NewSubnetwork(ctx, "producer_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("producer-net"),
    			IpCidrRange: pulumi.String("10.0.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Network:     producerNet.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		producerServiceHealthCheck, err := compute.NewHealthCheck(ctx, "producer_service_health_check", &compute.HealthCheckArgs{
    			Name:             pulumi.String("producer-service-health-check"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		producerServiceBackend, err := compute.NewRegionBackendService(ctx, "producer_service_backend", &compute.RegionBackendServiceArgs{
    			Name:         pulumi.String("producer-service-backend"),
    			Region:       pulumi.String("us-central1"),
    			HealthChecks: producerServiceHealthCheck.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		producerTargetService, err := compute.NewForwardingRule(ctx, "producer_target_service", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("producer-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			BackendService:      producerServiceBackend.ID(),
    			AllPorts:            pulumi.Bool(true),
    			Network:             producerNet.Name,
    			Subnetwork:          producerSubnet.Name,
    		})
    		if err != nil {
    			return err
    		}
    		producerServiceAttachment, err := compute.NewServiceAttachment(ctx, "producer_service_attachment", &compute.ServiceAttachmentArgs{
    			Name:                 pulumi.String("producer-service"),
    			Region:               pulumi.String("us-central1"),
    			Description:          pulumi.String("A service attachment configured with Terraform"),
    			EnableProxyProtocol:  pulumi.Bool(true),
    			ConnectionPreference: pulumi.String("ACCEPT_AUTOMATIC"),
    			NatSubnets: pulumi.StringArray{
    				pscProducerSubnet.Name,
    			},
    			TargetService: producerTargetService.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                 pulumi.String("psc-endpoint"),
    			Region:               pulumi.String("us-central1"),
    			LoadBalancingScheme:  pulumi.String(""),
    			Target:               producerServiceAttachment.ID(),
    			Network:              consumerNet.Name,
    			IpAddress:            consumerAddress.ID(),
    			AllowPscGlobalAccess: pulumi.Bool(true),
    			NoAutomateDnsZone:    pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var consumerNet = new Gcp.Compute.Network("consumer_net", new()
        {
            Name = "consumer-net",
            AutoCreateSubnetworks = false,
        });
    
        var consumerSubnet = new Gcp.Compute.Subnetwork("consumer_subnet", new()
        {
            Name = "consumer-net",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            Network = consumerNet.Id,
        });
    
        var consumerAddress = new Gcp.Compute.Address("consumer_address", new()
        {
            Name = "website-ip-1",
            Region = "us-central1",
            Subnetwork = consumerSubnet.Id,
            AddressType = "INTERNAL",
        });
    
        var producerNet = new Gcp.Compute.Network("producer_net", new()
        {
            Name = "producer-net",
            AutoCreateSubnetworks = false,
        });
    
        var pscProducerSubnet = new Gcp.Compute.Subnetwork("psc_producer_subnet", new()
        {
            Name = "producer-psc-net",
            IpCidrRange = "10.1.0.0/16",
            Region = "us-central1",
            Purpose = "PRIVATE_SERVICE_CONNECT",
            Network = producerNet.Id,
        });
    
        var producerSubnet = new Gcp.Compute.Subnetwork("producer_subnet", new()
        {
            Name = "producer-net",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            Network = producerNet.Id,
        });
    
        var producerServiceHealthCheck = new Gcp.Compute.HealthCheck("producer_service_health_check", new()
        {
            Name = "producer-service-health-check",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var producerServiceBackend = new Gcp.Compute.RegionBackendService("producer_service_backend", new()
        {
            Name = "producer-service-backend",
            Region = "us-central1",
            HealthChecks = producerServiceHealthCheck.Id,
        });
    
        var producerTargetService = new Gcp.Compute.ForwardingRule("producer_target_service", new()
        {
            Name = "producer-forwarding-rule",
            Region = "us-central1",
            LoadBalancingScheme = "INTERNAL",
            BackendService = producerServiceBackend.Id,
            AllPorts = true,
            Network = producerNet.Name,
            Subnetwork = producerSubnet.Name,
        });
    
        var producerServiceAttachment = new Gcp.Compute.ServiceAttachment("producer_service_attachment", new()
        {
            Name = "producer-service",
            Region = "us-central1",
            Description = "A service attachment configured with Terraform",
            EnableProxyProtocol = true,
            ConnectionPreference = "ACCEPT_AUTOMATIC",
            NatSubnets = new[]
            {
                pscProducerSubnet.Name,
            },
            TargetService = producerTargetService.Id,
        });
    
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "psc-endpoint",
            Region = "us-central1",
            LoadBalancingScheme = "",
            Target = producerServiceAttachment.Id,
            Network = consumerNet.Name,
            IpAddress = consumerAddress.Id,
            AllowPscGlobalAccess = true,
            NoAutomateDnsZone = true,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.Address;
    import com.pulumi.gcp.compute.AddressArgs;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.ServiceAttachment;
    import com.pulumi.gcp.compute.ServiceAttachmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var consumerNet = new Network("consumerNet", NetworkArgs.builder()
                .name("consumer-net")
                .autoCreateSubnetworks(false)
                .build());
    
            var consumerSubnet = new Subnetwork("consumerSubnet", SubnetworkArgs.builder()
                .name("consumer-net")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(consumerNet.id())
                .build());
    
            var consumerAddress = new Address("consumerAddress", AddressArgs.builder()
                .name("website-ip-1")
                .region("us-central1")
                .subnetwork(consumerSubnet.id())
                .addressType("INTERNAL")
                .build());
    
            var producerNet = new Network("producerNet", NetworkArgs.builder()
                .name("producer-net")
                .autoCreateSubnetworks(false)
                .build());
    
            var pscProducerSubnet = new Subnetwork("pscProducerSubnet", SubnetworkArgs.builder()
                .name("producer-psc-net")
                .ipCidrRange("10.1.0.0/16")
                .region("us-central1")
                .purpose("PRIVATE_SERVICE_CONNECT")
                .network(producerNet.id())
                .build());
    
            var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder()
                .name("producer-net")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(producerNet.id())
                .build());
    
            var producerServiceHealthCheck = new HealthCheck("producerServiceHealthCheck", HealthCheckArgs.builder()
                .name("producer-service-health-check")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var producerServiceBackend = new RegionBackendService("producerServiceBackend", RegionBackendServiceArgs.builder()
                .name("producer-service-backend")
                .region("us-central1")
                .healthChecks(producerServiceHealthCheck.id())
                .build());
    
            var producerTargetService = new ForwardingRule("producerTargetService", ForwardingRuleArgs.builder()
                .name("producer-forwarding-rule")
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(producerServiceBackend.id())
                .allPorts(true)
                .network(producerNet.name())
                .subnetwork(producerSubnet.name())
                .build());
    
            var producerServiceAttachment = new ServiceAttachment("producerServiceAttachment", ServiceAttachmentArgs.builder()
                .name("producer-service")
                .region("us-central1")
                .description("A service attachment configured with Terraform")
                .enableProxyProtocol(true)
                .connectionPreference("ACCEPT_AUTOMATIC")
                .natSubnets(pscProducerSubnet.name())
                .targetService(producerTargetService.id())
                .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
                .name("psc-endpoint")
                .region("us-central1")
                .loadBalancingScheme("")
                .target(producerServiceAttachment.id())
                .network(consumerNet.name())
                .ipAddress(consumerAddress.id())
                .allowPscGlobalAccess(true)
                .noAutomateDnsZone(true)
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: psc-endpoint
          region: us-central1
          loadBalancingScheme:
          target: ${producerServiceAttachment.id}
          network: ${consumerNet.name}
          ipAddress: ${consumerAddress.id}
          allowPscGlobalAccess: true
          noAutomateDnsZone: true
      consumerNet:
        type: gcp:compute:Network
        name: consumer_net
        properties:
          name: consumer-net
          autoCreateSubnetworks: false
      consumerSubnet:
        type: gcp:compute:Subnetwork
        name: consumer_subnet
        properties:
          name: consumer-net
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${consumerNet.id}
      consumerAddress:
        type: gcp:compute:Address
        name: consumer_address
        properties:
          name: website-ip-1
          region: us-central1
          subnetwork: ${consumerSubnet.id}
          addressType: INTERNAL
      producerNet:
        type: gcp:compute:Network
        name: producer_net
        properties:
          name: producer-net
          autoCreateSubnetworks: false
      producerSubnet:
        type: gcp:compute:Subnetwork
        name: producer_subnet
        properties:
          name: producer-net
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${producerNet.id}
      pscProducerSubnet:
        type: gcp:compute:Subnetwork
        name: psc_producer_subnet
        properties:
          name: producer-psc-net
          ipCidrRange: 10.1.0.0/16
          region: us-central1
          purpose: PRIVATE_SERVICE_CONNECT
          network: ${producerNet.id}
      producerServiceAttachment:
        type: gcp:compute:ServiceAttachment
        name: producer_service_attachment
        properties:
          name: producer-service
          region: us-central1
          description: A service attachment configured with Terraform
          enableProxyProtocol: true
          connectionPreference: ACCEPT_AUTOMATIC
          natSubnets:
            - ${pscProducerSubnet.name}
          targetService: ${producerTargetService.id}
      producerTargetService:
        type: gcp:compute:ForwardingRule
        name: producer_target_service
        properties:
          name: producer-forwarding-rule
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${producerServiceBackend.id}
          allPorts: true
          network: ${producerNet.name}
          subnetwork: ${producerSubnet.name}
      producerServiceBackend:
        type: gcp:compute:RegionBackendService
        name: producer_service_backend
        properties:
          name: producer-service-backend
          region: us-central1
          healthChecks: ${producerServiceHealthCheck.id}
      producerServiceHealthCheck:
        type: gcp:compute:HealthCheck
        name: producer_service_health_check
        properties:
          name: producer-service-health-check
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
    

    Forwarding Rule Regional Steering

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const basic = new gcp.compute.Address("basic", {
        name: "website-ip",
        region: "us-central1",
    });
    const external = new gcp.compute.RegionBackendService("external", {
        name: "service-backend",
        region: "us-central1",
        loadBalancingScheme: "EXTERNAL",
    });
    const externalForwardingRule = new gcp.compute.ForwardingRule("external", {
        name: "external-forwarding-rule",
        region: "us-central1",
        ipAddress: basic.address,
        backendService: external.selfLink,
        loadBalancingScheme: "EXTERNAL",
    });
    const steering = new gcp.compute.ForwardingRule("steering", {
        name: "steering-rule",
        region: "us-central1",
        ipAddress: basic.address,
        backendService: external.selfLink,
        loadBalancingScheme: "EXTERNAL",
        sourceIpRanges: [
            "34.121.88.0/24",
            "35.187.239.137",
        ],
    }, {
        dependsOn: [externalForwardingRule],
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    basic = gcp.compute.Address("basic",
        name="website-ip",
        region="us-central1")
    external = gcp.compute.RegionBackendService("external",
        name="service-backend",
        region="us-central1",
        load_balancing_scheme="EXTERNAL")
    external_forwarding_rule = gcp.compute.ForwardingRule("external",
        name="external-forwarding-rule",
        region="us-central1",
        ip_address=basic.address,
        backend_service=external.self_link,
        load_balancing_scheme="EXTERNAL")
    steering = gcp.compute.ForwardingRule("steering",
        name="steering-rule",
        region="us-central1",
        ip_address=basic.address,
        backend_service=external.self_link,
        load_balancing_scheme="EXTERNAL",
        source_ip_ranges=[
            "34.121.88.0/24",
            "35.187.239.137",
        ],
        opts = pulumi.ResourceOptions(depends_on=[external_forwarding_rule]))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		basic, err := compute.NewAddress(ctx, "basic", &compute.AddressArgs{
    			Name:   pulumi.String("website-ip"),
    			Region: pulumi.String("us-central1"),
    		})
    		if err != nil {
    			return err
    		}
    		external, err := compute.NewRegionBackendService(ctx, "external", &compute.RegionBackendServiceArgs{
    			Name:                pulumi.String("service-backend"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    		})
    		if err != nil {
    			return err
    		}
    		externalForwardingRule, err := compute.NewForwardingRule(ctx, "external", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("external-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			IpAddress:           basic.Address,
    			BackendService:      external.SelfLink,
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewForwardingRule(ctx, "steering", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("steering-rule"),
    			Region:              pulumi.String("us-central1"),
    			IpAddress:           basic.Address,
    			BackendService:      external.SelfLink,
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    			SourceIpRanges: pulumi.StringArray{
    				pulumi.String("34.121.88.0/24"),
    				pulumi.String("35.187.239.137"),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			externalForwardingRule,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var basic = new Gcp.Compute.Address("basic", new()
        {
            Name = "website-ip",
            Region = "us-central1",
        });
    
        var external = new Gcp.Compute.RegionBackendService("external", new()
        {
            Name = "service-backend",
            Region = "us-central1",
            LoadBalancingScheme = "EXTERNAL",
        });
    
        var externalForwardingRule = new Gcp.Compute.ForwardingRule("external", new()
        {
            Name = "external-forwarding-rule",
            Region = "us-central1",
            IpAddress = basic.IPAddress,
            BackendService = external.SelfLink,
            LoadBalancingScheme = "EXTERNAL",
        });
    
        var steering = new Gcp.Compute.ForwardingRule("steering", new()
        {
            Name = "steering-rule",
            Region = "us-central1",
            IpAddress = basic.IPAddress,
            BackendService = external.SelfLink,
            LoadBalancingScheme = "EXTERNAL",
            SourceIpRanges = new[]
            {
                "34.121.88.0/24",
                "35.187.239.137",
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                externalForwardingRule,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Address;
    import com.pulumi.gcp.compute.AddressArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var basic = new Address("basic", AddressArgs.builder()
                .name("website-ip")
                .region("us-central1")
                .build());
    
            var external = new RegionBackendService("external", RegionBackendServiceArgs.builder()
                .name("service-backend")
                .region("us-central1")
                .loadBalancingScheme("EXTERNAL")
                .build());
    
            var externalForwardingRule = new ForwardingRule("externalForwardingRule", ForwardingRuleArgs.builder()
                .name("external-forwarding-rule")
                .region("us-central1")
                .ipAddress(basic.address())
                .backendService(external.selfLink())
                .loadBalancingScheme("EXTERNAL")
                .build());
    
            var steering = new ForwardingRule("steering", ForwardingRuleArgs.builder()
                .name("steering-rule")
                .region("us-central1")
                .ipAddress(basic.address())
                .backendService(external.selfLink())
                .loadBalancingScheme("EXTERNAL")
                .sourceIpRanges(            
                    "34.121.88.0/24",
                    "35.187.239.137")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(externalForwardingRule)
                    .build());
    
        }
    }
    
    resources:
      steering:
        type: gcp:compute:ForwardingRule
        properties:
          name: steering-rule
          region: us-central1
          ipAddress: ${basic.address}
          backendService: ${external.selfLink}
          loadBalancingScheme: EXTERNAL
          sourceIpRanges:
            - 34.121.88.0/24
            - 35.187.239.137
        options:
          dependson:
            - ${externalForwardingRule}
      basic:
        type: gcp:compute:Address
        properties:
          name: website-ip
          region: us-central1
      external:
        type: gcp:compute:RegionBackendService
        properties:
          name: service-backend
          region: us-central1
          loadBalancingScheme: EXTERNAL
      externalForwardingRule:
        type: gcp:compute:ForwardingRule
        name: external
        properties:
          name: external-forwarding-rule
          region: us-central1
          ipAddress: ${basic.address}
          backendService: ${external.selfLink}
          loadBalancingScheme: EXTERNAL
    

    Forwarding Rule Internallb Ipv6

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const hc = new gcp.compute.HealthCheck("hc", {
        name: "check-ilb-ipv6-backend",
        checkIntervalSec: 1,
        timeoutSec: 1,
        tcpHealthCheck: {
            port: 80,
        },
    });
    const backend = new gcp.compute.RegionBackendService("backend", {
        name: "ilb-ipv6-backend",
        region: "us-central1",
        healthChecks: hc.id,
    });
    const defaultNetwork = new gcp.compute.Network("default", {
        name: "net-ipv6",
        autoCreateSubnetworks: false,
        enableUlaInternalIpv6: true,
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "subnet-internal-ipv6",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        stackType: "IPV4_IPV6",
        ipv6AccessType: "INTERNAL",
        network: defaultNetwork.id,
    });
    // Forwarding rule for Internal Load Balancing
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "ilb-ipv6-forwarding-rule",
        region: "us-central1",
        loadBalancingScheme: "INTERNAL",
        backendService: backend.id,
        allPorts: true,
        network: defaultNetwork.name,
        subnetwork: defaultSubnetwork.name,
        ipVersion: "IPV6",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    hc = gcp.compute.HealthCheck("hc",
        name="check-ilb-ipv6-backend",
        check_interval_sec=1,
        timeout_sec=1,
        tcp_health_check={
            "port": 80,
        })
    backend = gcp.compute.RegionBackendService("backend",
        name="ilb-ipv6-backend",
        region="us-central1",
        health_checks=hc.id)
    default_network = gcp.compute.Network("default",
        name="net-ipv6",
        auto_create_subnetworks=False,
        enable_ula_internal_ipv6=True)
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="subnet-internal-ipv6",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        stack_type="IPV4_IPV6",
        ipv6_access_type="INTERNAL",
        network=default_network.id)
    # Forwarding rule for Internal Load Balancing
    default = gcp.compute.ForwardingRule("default",
        name="ilb-ipv6-forwarding-rule",
        region="us-central1",
        load_balancing_scheme="INTERNAL",
        backend_service=backend.id,
        all_ports=True,
        network=default_network.name,
        subnetwork=default_subnetwork.name,
        ip_version="IPV6")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		hc, err := compute.NewHealthCheck(ctx, "hc", &compute.HealthCheckArgs{
    			Name:             pulumi.String("check-ilb-ipv6-backend"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
    			Name:         pulumi.String("ilb-ipv6-backend"),
    			Region:       pulumi.String("us-central1"),
    			HealthChecks: hc.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("net-ipv6"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    			EnableUlaInternalIpv6: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:           pulumi.String("subnet-internal-ipv6"),
    			IpCidrRange:    pulumi.String("10.0.0.0/16"),
    			Region:         pulumi.String("us-central1"),
    			StackType:      pulumi.String("IPV4_IPV6"),
    			Ipv6AccessType: pulumi.String("INTERNAL"),
    			Network:        defaultNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for Internal Load Balancing
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("ilb-ipv6-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			BackendService:      backend.ID(),
    			AllPorts:            pulumi.Bool(true),
    			Network:             defaultNetwork.Name,
    			Subnetwork:          defaultSubnetwork.Name,
    			IpVersion:           pulumi.String("IPV6"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var hc = new Gcp.Compute.HealthCheck("hc", new()
        {
            Name = "check-ilb-ipv6-backend",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var backend = new Gcp.Compute.RegionBackendService("backend", new()
        {
            Name = "ilb-ipv6-backend",
            Region = "us-central1",
            HealthChecks = hc.Id,
        });
    
        var defaultNetwork = new Gcp.Compute.Network("default", new()
        {
            Name = "net-ipv6",
            AutoCreateSubnetworks = false,
            EnableUlaInternalIpv6 = true,
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "subnet-internal-ipv6",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            StackType = "IPV4_IPV6",
            Ipv6AccessType = "INTERNAL",
            Network = defaultNetwork.Id,
        });
    
        // Forwarding rule for Internal Load Balancing
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "ilb-ipv6-forwarding-rule",
            Region = "us-central1",
            LoadBalancingScheme = "INTERNAL",
            BackendService = backend.Id,
            AllPorts = true,
            Network = defaultNetwork.Name,
            Subnetwork = defaultSubnetwork.Name,
            IpVersion = "IPV6",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new HealthCheck("hc", HealthCheckArgs.builder()
                .name("check-ilb-ipv6-backend")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()
                .name("ilb-ipv6-backend")
                .region("us-central1")
                .healthChecks(hc.id())
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
                .name("net-ipv6")
                .autoCreateSubnetworks(false)
                .enableUlaInternalIpv6(true)
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
                .name("subnet-internal-ipv6")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .stackType("IPV4_IPV6")
                .ipv6AccessType("INTERNAL")
                .network(defaultNetwork.id())
                .build());
    
            // Forwarding rule for Internal Load Balancing
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
                .name("ilb-ipv6-forwarding-rule")
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(backend.id())
                .allPorts(true)
                .network(defaultNetwork.name())
                .subnetwork(defaultSubnetwork.name())
                .ipVersion("IPV6")
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for Internal Load Balancing
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: ilb-ipv6-forwarding-rule
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${backend.id}
          allPorts: true
          network: ${defaultNetwork.name}
          subnetwork: ${defaultSubnetwork.name}
          ipVersion: IPV6
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          name: ilb-ipv6-backend
          region: us-central1
          healthChecks: ${hc.id}
      hc:
        type: gcp:compute:HealthCheck
        properties:
          name: check-ilb-ipv6-backend
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
      defaultNetwork:
        type: gcp:compute:Network
        name: default
        properties:
          name: net-ipv6
          autoCreateSubnetworks: false
          enableUlaInternalIpv6: true
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: subnet-internal-ipv6
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          stackType: IPV4_IPV6
          ipv6AccessType: INTERNAL
          network: ${defaultNetwork.id}
    

    Create ForwardingRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ForwardingRule(name: string, args?: ForwardingRuleArgs, opts?: CustomResourceOptions);
    @overload
    def ForwardingRule(resource_name: str,
                       args: Optional[ForwardingRuleArgs] = None,
                       opts: Optional[ResourceOptions] = None)
    
    @overload
    def ForwardingRule(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       all_ports: Optional[bool] = None,
                       allow_global_access: Optional[bool] = None,
                       allow_psc_global_access: Optional[bool] = None,
                       backend_service: Optional[str] = None,
                       description: Optional[str] = None,
                       ip_address: Optional[str] = None,
                       ip_protocol: Optional[str] = None,
                       ip_version: Optional[str] = None,
                       is_mirroring_collector: Optional[bool] = None,
                       labels: Optional[Mapping[str, str]] = None,
                       load_balancing_scheme: Optional[str] = None,
                       name: Optional[str] = None,
                       network: Optional[str] = None,
                       network_tier: Optional[str] = None,
                       no_automate_dns_zone: Optional[bool] = None,
                       port_range: Optional[str] = None,
                       ports: Optional[Sequence[str]] = None,
                       project: Optional[str] = None,
                       recreate_closed_psc: Optional[bool] = None,
                       region: Optional[str] = None,
                       service_directory_registrations: Optional[ForwardingRuleServiceDirectoryRegistrationsArgs] = None,
                       service_label: Optional[str] = None,
                       source_ip_ranges: Optional[Sequence[str]] = None,
                       subnetwork: Optional[str] = None,
                       target: Optional[str] = None)
    func NewForwardingRule(ctx *Context, name string, args *ForwardingRuleArgs, opts ...ResourceOption) (*ForwardingRule, error)
    public ForwardingRule(string name, ForwardingRuleArgs? args = null, CustomResourceOptions? opts = null)
    public ForwardingRule(String name, ForwardingRuleArgs args)
    public ForwardingRule(String name, ForwardingRuleArgs args, CustomResourceOptions options)
    
    type: gcp:compute:ForwardingRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var forwardingRuleResource = new Gcp.Compute.ForwardingRule("forwardingRuleResource", new()
    {
        AllPorts = false,
        AllowGlobalAccess = false,
        AllowPscGlobalAccess = false,
        BackendService = "string",
        Description = "string",
        IpAddress = "string",
        IpProtocol = "string",
        IpVersion = "string",
        IsMirroringCollector = false,
        Labels = 
        {
            { "string", "string" },
        },
        LoadBalancingScheme = "string",
        Name = "string",
        Network = "string",
        NetworkTier = "string",
        NoAutomateDnsZone = false,
        PortRange = "string",
        Ports = new[]
        {
            "string",
        },
        Project = "string",
        RecreateClosedPsc = false,
        Region = "string",
        ServiceDirectoryRegistrations = new Gcp.Compute.Inputs.ForwardingRuleServiceDirectoryRegistrationsArgs
        {
            Namespace = "string",
            Service = "string",
        },
        ServiceLabel = "string",
        SourceIpRanges = new[]
        {
            "string",
        },
        Subnetwork = "string",
        Target = "string",
    });
    
    example, err := compute.NewForwardingRule(ctx, "forwardingRuleResource", &compute.ForwardingRuleArgs{
    	AllPorts:             pulumi.Bool(false),
    	AllowGlobalAccess:    pulumi.Bool(false),
    	AllowPscGlobalAccess: pulumi.Bool(false),
    	BackendService:       pulumi.String("string"),
    	Description:          pulumi.String("string"),
    	IpAddress:            pulumi.String("string"),
    	IpProtocol:           pulumi.String("string"),
    	IpVersion:            pulumi.String("string"),
    	IsMirroringCollector: pulumi.Bool(false),
    	Labels: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	LoadBalancingScheme: pulumi.String("string"),
    	Name:                pulumi.String("string"),
    	Network:             pulumi.String("string"),
    	NetworkTier:         pulumi.String("string"),
    	NoAutomateDnsZone:   pulumi.Bool(false),
    	PortRange:           pulumi.String("string"),
    	Ports: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Project:           pulumi.String("string"),
    	RecreateClosedPsc: pulumi.Bool(false),
    	Region:            pulumi.String("string"),
    	ServiceDirectoryRegistrations: &compute.ForwardingRuleServiceDirectoryRegistrationsArgs{
    		Namespace: pulumi.String("string"),
    		Service:   pulumi.String("string"),
    	},
    	ServiceLabel: pulumi.String("string"),
    	SourceIpRanges: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Subnetwork: pulumi.String("string"),
    	Target:     pulumi.String("string"),
    })
    
    var forwardingRuleResource = new ForwardingRule("forwardingRuleResource", ForwardingRuleArgs.builder()
        .allPorts(false)
        .allowGlobalAccess(false)
        .allowPscGlobalAccess(false)
        .backendService("string")
        .description("string")
        .ipAddress("string")
        .ipProtocol("string")
        .ipVersion("string")
        .isMirroringCollector(false)
        .labels(Map.of("string", "string"))
        .loadBalancingScheme("string")
        .name("string")
        .network("string")
        .networkTier("string")
        .noAutomateDnsZone(false)
        .portRange("string")
        .ports("string")
        .project("string")
        .recreateClosedPsc(false)
        .region("string")
        .serviceDirectoryRegistrations(ForwardingRuleServiceDirectoryRegistrationsArgs.builder()
            .namespace("string")
            .service("string")
            .build())
        .serviceLabel("string")
        .sourceIpRanges("string")
        .subnetwork("string")
        .target("string")
        .build());
    
    forwarding_rule_resource = gcp.compute.ForwardingRule("forwardingRuleResource",
        all_ports=False,
        allow_global_access=False,
        allow_psc_global_access=False,
        backend_service="string",
        description="string",
        ip_address="string",
        ip_protocol="string",
        ip_version="string",
        is_mirroring_collector=False,
        labels={
            "string": "string",
        },
        load_balancing_scheme="string",
        name="string",
        network="string",
        network_tier="string",
        no_automate_dns_zone=False,
        port_range="string",
        ports=["string"],
        project="string",
        recreate_closed_psc=False,
        region="string",
        service_directory_registrations={
            "namespace": "string",
            "service": "string",
        },
        service_label="string",
        source_ip_ranges=["string"],
        subnetwork="string",
        target="string")
    
    const forwardingRuleResource = new gcp.compute.ForwardingRule("forwardingRuleResource", {
        allPorts: false,
        allowGlobalAccess: false,
        allowPscGlobalAccess: false,
        backendService: "string",
        description: "string",
        ipAddress: "string",
        ipProtocol: "string",
        ipVersion: "string",
        isMirroringCollector: false,
        labels: {
            string: "string",
        },
        loadBalancingScheme: "string",
        name: "string",
        network: "string",
        networkTier: "string",
        noAutomateDnsZone: false,
        portRange: "string",
        ports: ["string"],
        project: "string",
        recreateClosedPsc: false,
        region: "string",
        serviceDirectoryRegistrations: {
            namespace: "string",
            service: "string",
        },
        serviceLabel: "string",
        sourceIpRanges: ["string"],
        subnetwork: "string",
        target: "string",
    });
    
    type: gcp:compute:ForwardingRule
    properties:
        allPorts: false
        allowGlobalAccess: false
        allowPscGlobalAccess: false
        backendService: string
        description: string
        ipAddress: string
        ipProtocol: string
        ipVersion: string
        isMirroringCollector: false
        labels:
            string: string
        loadBalancingScheme: string
        name: string
        network: string
        networkTier: string
        noAutomateDnsZone: false
        portRange: string
        ports:
            - string
        project: string
        recreateClosedPsc: false
        region: string
        serviceDirectoryRegistrations:
            namespace: string
            service: string
        serviceLabel: string
        sourceIpRanges:
            - string
        subnetwork: string
        target: string
    

    ForwardingRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ForwardingRule resource accepts the following input properties:

    AllPorts bool
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    AllowGlobalAccess bool
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    AllowPscGlobalAccess bool
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    BackendService string
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    Description string
    An optional description of this resource. Provide this property when you create the resource.
    IpAddress string
    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.
    IpProtocol string
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    IpVersion string
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    IsMirroringCollector bool
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    Labels Dictionary<string, string>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    LoadBalancingScheme string
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    Name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    Network string
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    NetworkTier string
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    NoAutomateDnsZone bool
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    PortRange string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \d+(?:-\d+)?
    Ports List<string>
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. @pattern: \d+(?:-\d+)?
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    RecreateClosedPsc bool
    Region string
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    ServiceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrations
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    ServiceLabel string
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    SourceIpRanges List<string>
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    Subnetwork string
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    Target string
    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    • For load balancers, see the "Target" column in Port specifications.
    • For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
    • vpc-sc - APIs that support VPC Service Controls.
    • all-apis - All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
    AllPorts bool
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    AllowGlobalAccess bool
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    AllowPscGlobalAccess bool
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    BackendService string
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    Description string
    An optional description of this resource. Provide this property when you create the resource.
    IpAddress string
    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.
    IpProtocol string
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    IpVersion string
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    IsMirroringCollector bool
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    Labels map[string]string

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    LoadBalancingScheme string
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    Name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    Network string
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    NetworkTier string
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    NoAutomateDnsZone bool
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    PortRange string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \d+(?:-\d+)?
    Ports []string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. @pattern: \d+(?:-\d+)?
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    RecreateClosedPsc bool
    Region string
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    ServiceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrationsArgs
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    ServiceLabel string
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    SourceIpRanges []string
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    Subnetwork string
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    Target string
    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    • For load balancers, see the "Target" column in Port specifications.
    • For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
    • vpc-sc - APIs that support VPC Service Controls.
    • all-apis - All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
    allPorts Boolean
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allowGlobalAccess Boolean
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allowPscGlobalAccess Boolean
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backendService String
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    description String
    An optional description of this resource. Provide this property when you create the resource.
    ipAddress String
    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.
    ipProtocol String
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ipVersion String
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    isMirroringCollector Boolean
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    labels Map<String,String>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    loadBalancingScheme String
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name String
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network String
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    networkTier String
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    noAutomateDnsZone Boolean
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    portRange String
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \d+(?:-\d+)?
    ports List<String>
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. @pattern: \d+(?:-\d+)?
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    recreateClosedPsc Boolean
    region String
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    serviceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrations
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    serviceLabel String
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    sourceIpRanges List<String>
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork String
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target String
    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    • For load balancers, see the "Target" column in Port specifications.
    • For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
    • vpc-sc - APIs that support VPC Service Controls.
    • all-apis - All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
    allPorts boolean
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allowGlobalAccess boolean
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allowPscGlobalAccess boolean
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backendService string
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    description string
    An optional description of this resource. Provide this property when you create the resource.
    ipAddress string
    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.
    ipProtocol string
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ipVersion string
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    isMirroringCollector boolean
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    labels {[key: string]: string}

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    loadBalancingScheme string
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network string
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    networkTier string
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    noAutomateDnsZone boolean
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    portRange string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \d+(?:-\d+)?
    ports string[]
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. @pattern: \d+(?:-\d+)?
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    recreateClosedPsc boolean
    region string
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    serviceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrations
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    serviceLabel string
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    sourceIpRanges string[]
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork string
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target string
    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    • For load balancers, see the "Target" column in Port specifications.
    • For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
    • vpc-sc - APIs that support VPC Service Controls.
    • all-apis - All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
    all_ports bool
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allow_global_access bool
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allow_psc_global_access bool
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backend_service str
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    description str
    An optional description of this resource. Provide this property when you create the resource.
    ip_address str
    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.
    ip_protocol str
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ip_version str
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    is_mirroring_collector bool
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    labels Mapping[str, str]

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    load_balancing_scheme str
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name str
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network str
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    network_tier str
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    no_automate_dns_zone bool
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    port_range str
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \d+(?:-\d+)?
    ports Sequence[str]
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. @pattern: \d+(?:-\d+)?
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    recreate_closed_psc bool
    region str
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    service_directory_registrations ForwardingRuleServiceDirectoryRegistrationsArgs
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    service_label str
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    source_ip_ranges Sequence[str]
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork str
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target str
    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    • For load balancers, see the "Target" column in Port specifications.
    • For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
    • vpc-sc - APIs that support VPC Service Controls.
    • all-apis - All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
    allPorts Boolean
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allowGlobalAccess Boolean
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allowPscGlobalAccess Boolean
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backendService String
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    description String
    An optional description of this resource. Provide this property when you create the resource.
    ipAddress String
    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.
    ipProtocol String
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ipVersion String
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    isMirroringCollector Boolean
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    labels Map<String>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    loadBalancingScheme String
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name String
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network String
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    networkTier String
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    noAutomateDnsZone Boolean
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    portRange String
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \d+(?:-\d+)?
    ports List<String>
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. @pattern: \d+(?:-\d+)?
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    recreateClosedPsc Boolean
    region String
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    serviceDirectoryRegistrations Property Map
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    serviceLabel String
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    sourceIpRanges List<String>
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork String
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target String
    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    • For load balancers, see the "Target" column in Port specifications.
    • For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
    • vpc-sc - APIs that support VPC Service Controls.
    • all-apis - All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ForwardingRule resource produces the following output properties:

    BaseForwardingRule string
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    CreationTimestamp string
    Creation timestamp in RFC3339 text format.
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ForwardingRuleId int
    The unique identifier number for the resource. This identifier is defined by the server.
    Id string
    The provider-assigned unique ID for this managed resource.
    LabelFingerprint string
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    PscConnectionId string
    The PSC connection id of the PSC Forwarding Rule.
    PscConnectionStatus string
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    SelfLink string
    The URI of the created resource.
    ServiceName string
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    BaseForwardingRule string
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    CreationTimestamp string
    Creation timestamp in RFC3339 text format.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ForwardingRuleId int
    The unique identifier number for the resource. This identifier is defined by the server.
    Id string
    The provider-assigned unique ID for this managed resource.
    LabelFingerprint string
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    PscConnectionId string
    The PSC connection id of the PSC Forwarding Rule.
    PscConnectionStatus string
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    SelfLink string
    The URI of the created resource.
    ServiceName string
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    baseForwardingRule String
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creationTimestamp String
    Creation timestamp in RFC3339 text format.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    forwardingRuleId Integer
    The unique identifier number for the resource. This identifier is defined by the server.
    id String
    The provider-assigned unique ID for this managed resource.
    labelFingerprint String
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    pscConnectionId String
    The PSC connection id of the PSC Forwarding Rule.
    pscConnectionStatus String
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    selfLink String
    The URI of the created resource.
    serviceName String
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    baseForwardingRule string
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creationTimestamp string
    Creation timestamp in RFC3339 text format.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    forwardingRuleId number
    The unique identifier number for the resource. This identifier is defined by the server.
    id string
    The provider-assigned unique ID for this managed resource.
    labelFingerprint string
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    pscConnectionId string
    The PSC connection id of the PSC Forwarding Rule.
    pscConnectionStatus string
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    selfLink string
    The URI of the created resource.
    serviceName string
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    base_forwarding_rule str
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creation_timestamp str
    Creation timestamp in RFC3339 text format.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    forwarding_rule_id int
    The unique identifier number for the resource. This identifier is defined by the server.
    id str
    The provider-assigned unique ID for this managed resource.
    label_fingerprint str
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    psc_connection_id str
    The PSC connection id of the PSC Forwarding Rule.
    psc_connection_status str
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    self_link str
    The URI of the created resource.
    service_name str
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    baseForwardingRule String
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creationTimestamp String
    Creation timestamp in RFC3339 text format.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    forwardingRuleId Number
    The unique identifier number for the resource. This identifier is defined by the server.
    id String
    The provider-assigned unique ID for this managed resource.
    labelFingerprint String
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    pscConnectionId String
    The PSC connection id of the PSC Forwarding Rule.
    pscConnectionStatus String
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    selfLink String
    The URI of the created resource.
    serviceName String
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

    Look up Existing ForwardingRule Resource

    Get an existing ForwardingRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ForwardingRuleState, opts?: CustomResourceOptions): ForwardingRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            all_ports: Optional[bool] = None,
            allow_global_access: Optional[bool] = None,
            allow_psc_global_access: Optional[bool] = None,
            backend_service: Optional[str] = None,
            base_forwarding_rule: Optional[str] = None,
            creation_timestamp: Optional[str] = None,
            description: Optional[str] = None,
            effective_labels: Optional[Mapping[str, str]] = None,
            forwarding_rule_id: Optional[int] = None,
            ip_address: Optional[str] = None,
            ip_protocol: Optional[str] = None,
            ip_version: Optional[str] = None,
            is_mirroring_collector: Optional[bool] = None,
            label_fingerprint: Optional[str] = None,
            labels: Optional[Mapping[str, str]] = None,
            load_balancing_scheme: Optional[str] = None,
            name: Optional[str] = None,
            network: Optional[str] = None,
            network_tier: Optional[str] = None,
            no_automate_dns_zone: Optional[bool] = None,
            port_range: Optional[str] = None,
            ports: Optional[Sequence[str]] = None,
            project: Optional[str] = None,
            psc_connection_id: Optional[str] = None,
            psc_connection_status: Optional[str] = None,
            pulumi_labels: Optional[Mapping[str, str]] = None,
            recreate_closed_psc: Optional[bool] = None,
            region: Optional[str] = None,
            self_link: Optional[str] = None,
            service_directory_registrations: Optional[ForwardingRuleServiceDirectoryRegistrationsArgs] = None,
            service_label: Optional[str] = None,
            service_name: Optional[str] = None,
            source_ip_ranges: Optional[Sequence[str]] = None,
            subnetwork: Optional[str] = None,
            target: Optional[str] = None) -> ForwardingRule
    func GetForwardingRule(ctx *Context, name string, id IDInput, state *ForwardingRuleState, opts ...ResourceOption) (*ForwardingRule, error)
    public static ForwardingRule Get(string name, Input<string> id, ForwardingRuleState? state, CustomResourceOptions? opts = null)
    public static ForwardingRule get(String name, Output<String> id, ForwardingRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllPorts bool
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    AllowGlobalAccess bool
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    AllowPscGlobalAccess bool
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    BackendService string
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    BaseForwardingRule string
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    CreationTimestamp string
    Creation timestamp in RFC3339 text format.
    Description string
    An optional description of this resource. Provide this property when you create the resource.
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ForwardingRuleId int
    The unique identifier number for the resource. This identifier is defined by the server.
    IpAddress string
    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.
    IpProtocol string
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    IpVersion string
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    IsMirroringCollector bool
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    LabelFingerprint string
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    Labels Dictionary<string, string>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    LoadBalancingScheme string
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    Name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    Network string
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    NetworkTier string
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    NoAutomateDnsZone bool
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    PortRange string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \d+(?:-\d+)?
    Ports List<string>
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. @pattern: \d+(?:-\d+)?
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    PscConnectionId string
    The PSC connection id of the PSC Forwarding Rule.
    PscConnectionStatus string
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    RecreateClosedPsc bool
    Region string
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    SelfLink string
    The URI of the created resource.
    ServiceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrations
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    ServiceLabel string
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    ServiceName string
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    SourceIpRanges List<string>
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    Subnetwork string
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    Target string
    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    • For load balancers, see the "Target" column in Port specifications.
    • For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
    • vpc-sc - APIs that support VPC Service Controls.
    • all-apis - All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
    AllPorts bool
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    AllowGlobalAccess bool
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    AllowPscGlobalAccess bool
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    BackendService string
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    BaseForwardingRule string
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    CreationTimestamp string
    Creation timestamp in RFC3339 text format.
    Description string
    An optional description of this resource. Provide this property when you create the resource.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ForwardingRuleId int
    The unique identifier number for the resource. This identifier is defined by the server.
    IpAddress string
    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.
    IpProtocol string
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    IpVersion string
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    IsMirroringCollector bool
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    LabelFingerprint string
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    Labels map[string]string

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    LoadBalancingScheme string
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    Name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    Network string
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    NetworkTier string
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    NoAutomateDnsZone bool
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    PortRange string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \d+(?:-\d+)?
    Ports []string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. @pattern: \d+(?:-\d+)?
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    PscConnectionId string
    The PSC connection id of the PSC Forwarding Rule.
    PscConnectionStatus string
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    RecreateClosedPsc bool
    Region string
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    SelfLink string
    The URI of the created resource.
    ServiceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrationsArgs
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    ServiceLabel string
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    ServiceName string
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    SourceIpRanges []string
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    Subnetwork string
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    Target string
    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    • For load balancers, see the "Target" column in Port specifications.
    • For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
    • vpc-sc - APIs that support VPC Service Controls.
    • all-apis - All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
    allPorts Boolean
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allowGlobalAccess Boolean
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allowPscGlobalAccess Boolean
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backendService String
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    baseForwardingRule String
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creationTimestamp String
    Creation timestamp in RFC3339 text format.
    description String
    An optional description of this resource. Provide this property when you create the resource.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    forwardingRuleId Integer
    The unique identifier number for the resource. This identifier is defined by the server.
    ipAddress String
    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.
    ipProtocol String
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ipVersion String
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    isMirroringCollector Boolean
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    labelFingerprint String
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    labels Map<String,String>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    loadBalancingScheme String
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name String
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network String
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    networkTier String
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    noAutomateDnsZone Boolean
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    portRange String
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \d+(?:-\d+)?
    ports List<String>
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. @pattern: \d+(?:-\d+)?
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pscConnectionId String
    The PSC connection id of the PSC Forwarding Rule.
    pscConnectionStatus String
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    recreateClosedPsc Boolean
    region String
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    selfLink String
    The URI of the created resource.
    serviceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrations
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    serviceLabel String
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    serviceName String
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    sourceIpRanges List<String>
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork String
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target String
    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    • For load balancers, see the "Target" column in Port specifications.
    • For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
    • vpc-sc - APIs that support VPC Service Controls.
    • all-apis - All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
    allPorts boolean
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allowGlobalAccess boolean
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allowPscGlobalAccess boolean
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backendService string
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    baseForwardingRule string
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creationTimestamp string
    Creation timestamp in RFC3339 text format.
    description string
    An optional description of this resource. Provide this property when you create the resource.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    forwardingRuleId number
    The unique identifier number for the resource. This identifier is defined by the server.
    ipAddress string
    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.
    ipProtocol string
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ipVersion string
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    isMirroringCollector boolean
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    labelFingerprint string
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    labels {[key: string]: string}

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    loadBalancingScheme string
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network string
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    networkTier string
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    noAutomateDnsZone boolean
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    portRange string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \d+(?:-\d+)?
    ports string[]
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. @pattern: \d+(?:-\d+)?
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pscConnectionId string
    The PSC connection id of the PSC Forwarding Rule.
    pscConnectionStatus string
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    recreateClosedPsc boolean
    region string
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    selfLink string
    The URI of the created resource.
    serviceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrations
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    serviceLabel string
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    serviceName string
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    sourceIpRanges string[]
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork string
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target string
    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    • For load balancers, see the "Target" column in Port specifications.
    • For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
    • vpc-sc - APIs that support VPC Service Controls.
    • all-apis - All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
    all_ports bool
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allow_global_access bool
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allow_psc_global_access bool
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backend_service str
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    base_forwarding_rule str
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creation_timestamp str
    Creation timestamp in RFC3339 text format.
    description str
    An optional description of this resource. Provide this property when you create the resource.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    forwarding_rule_id int
    The unique identifier number for the resource. This identifier is defined by the server.
    ip_address str
    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.
    ip_protocol str
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ip_version str
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    is_mirroring_collector bool
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    label_fingerprint str
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    labels Mapping[str, str]

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    load_balancing_scheme str
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name str
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network str
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    network_tier str
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    no_automate_dns_zone bool
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    port_range str
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \d+(?:-\d+)?
    ports Sequence[str]
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. @pattern: \d+(?:-\d+)?
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    psc_connection_id str
    The PSC connection id of the PSC Forwarding Rule.
    psc_connection_status str
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    recreate_closed_psc bool
    region str
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    self_link str
    The URI of the created resource.
    service_directory_registrations ForwardingRuleServiceDirectoryRegistrationsArgs
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    service_label str
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    service_name str
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    source_ip_ranges Sequence[str]
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork str
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target str
    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    • For load balancers, see the "Target" column in Port specifications.
    • For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
    • vpc-sc - APIs that support VPC Service Controls.
    • all-apis - All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
    allPorts Boolean
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allowGlobalAccess Boolean
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allowPscGlobalAccess Boolean
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backendService String
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    baseForwardingRule String
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creationTimestamp String
    Creation timestamp in RFC3339 text format.
    description String
    An optional description of this resource. Provide this property when you create the resource.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    forwardingRuleId Number
    The unique identifier number for the resource. This identifier is defined by the server.
    ipAddress String
    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.
    ipProtocol String
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ipVersion String
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    isMirroringCollector Boolean
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    labelFingerprint String
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    labels Map<String>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    loadBalancingScheme String
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name String
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network String
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    networkTier String
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    noAutomateDnsZone Boolean
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    portRange String
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \d+(?:-\d+)?
    ports List<String>
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. @pattern: \d+(?:-\d+)?
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pscConnectionId String
    The PSC connection id of the PSC Forwarding Rule.
    pscConnectionStatus String
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    recreateClosedPsc Boolean
    region String
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    selfLink String
    The URI of the created resource.
    serviceDirectoryRegistrations Property Map
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    serviceLabel String
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    serviceName String
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    sourceIpRanges List<String>
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork String
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target String
    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    • For load balancers, see the "Target" column in Port specifications.
    • For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
    • vpc-sc - APIs that support VPC Service Controls.
    • all-apis - All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    Supporting Types

    ForwardingRuleServiceDirectoryRegistrations, ForwardingRuleServiceDirectoryRegistrationsArgs

    Namespace string
    Service Directory namespace to register the forwarding rule under.
    Service string
    Service Directory service to register the forwarding rule under.
    Namespace string
    Service Directory namespace to register the forwarding rule under.
    Service string
    Service Directory service to register the forwarding rule under.
    namespace String
    Service Directory namespace to register the forwarding rule under.
    service String
    Service Directory service to register the forwarding rule under.
    namespace string
    Service Directory namespace to register the forwarding rule under.
    service string
    Service Directory service to register the forwarding rule under.
    namespace str
    Service Directory namespace to register the forwarding rule under.
    service str
    Service Directory service to register the forwarding rule under.
    namespace String
    Service Directory namespace to register the forwarding rule under.
    service String
    Service Directory service to register the forwarding rule under.

    Import

    ForwardingRule can be imported using any of these accepted formats:

    • projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}

    • {{project}}/{{region}}/{{name}}

    • {{region}}/{{name}}

    • {{name}}

    When using the pulumi import command, ForwardingRule can be imported using one of the formats above. For example:

    $ pulumi import gcp:compute/forwardingRule:ForwardingRule default projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}
    
    $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{project}}/{{region}}/{{name}}
    
    $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{region}}/{{name}}
    
    $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{name}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi