gcp.compute.ForwardingRule
Explore with Pulumi AI
A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, portRange] tuple.
To get more information about ForwardingRule, see:
- API documentation
- How-to Guides
Example Usage
Forwarding Rule Externallb
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const hc = new gcp.compute.RegionHealthCheck("hc", {
name: "check-website-backend",
checkIntervalSec: 1,
timeoutSec: 1,
region: "us-central1",
tcpHealthCheck: {
port: 80,
},
});
const backend = new gcp.compute.RegionBackendService("backend", {
name: "website-backend",
region: "us-central1",
loadBalancingScheme: "EXTERNAL",
healthChecks: hc.id,
});
// Forwarding rule for External Network Load Balancing using Backend Services
const _default = new gcp.compute.ForwardingRule("default", {
name: "website-forwarding-rule",
region: "us-central1",
portRange: "80",
backendService: backend.id,
});
import pulumi
import pulumi_gcp as gcp
hc = gcp.compute.RegionHealthCheck("hc",
name="check-website-backend",
check_interval_sec=1,
timeout_sec=1,
region="us-central1",
tcp_health_check={
"port": 80,
})
backend = gcp.compute.RegionBackendService("backend",
name="website-backend",
region="us-central1",
load_balancing_scheme="EXTERNAL",
health_checks=hc.id)
# Forwarding rule for External Network Load Balancing using Backend Services
default = gcp.compute.ForwardingRule("default",
name="website-forwarding-rule",
region="us-central1",
port_range="80",
backend_service=backend.id)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
hc, err := compute.NewRegionHealthCheck(ctx, "hc", &compute.RegionHealthCheckArgs{
Name: pulumi.String("check-website-backend"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
Region: pulumi.String("us-central1"),
TcpHealthCheck: &compute.RegionHealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
Name: pulumi.String("website-backend"),
Region: pulumi.String("us-central1"),
LoadBalancingScheme: pulumi.String("EXTERNAL"),
HealthChecks: hc.ID(),
})
if err != nil {
return err
}
// Forwarding rule for External Network Load Balancing using Backend Services
_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
Name: pulumi.String("website-forwarding-rule"),
Region: pulumi.String("us-central1"),
PortRange: pulumi.String("80"),
BackendService: backend.ID(),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var hc = new Gcp.Compute.RegionHealthCheck("hc", new()
{
Name = "check-website-backend",
CheckIntervalSec = 1,
TimeoutSec = 1,
Region = "us-central1",
TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs
{
Port = 80,
},
});
var backend = new Gcp.Compute.RegionBackendService("backend", new()
{
Name = "website-backend",
Region = "us-central1",
LoadBalancingScheme = "EXTERNAL",
HealthChecks = hc.Id,
});
// Forwarding rule for External Network Load Balancing using Backend Services
var @default = new Gcp.Compute.ForwardingRule("default", new()
{
Name = "website-forwarding-rule",
Region = "us-central1",
PortRange = "80",
BackendService = backend.Id,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var hc = new RegionHealthCheck("hc", RegionHealthCheckArgs.builder()
.name("check-website-backend")
.checkIntervalSec(1)
.timeoutSec(1)
.region("us-central1")
.tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()
.name("website-backend")
.region("us-central1")
.loadBalancingScheme("EXTERNAL")
.healthChecks(hc.id())
.build());
// Forwarding rule for External Network Load Balancing using Backend Services
var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
.name("website-forwarding-rule")
.region("us-central1")
.portRange(80)
.backendService(backend.id())
.build());
}
}
resources:
# Forwarding rule for External Network Load Balancing using Backend Services
default:
type: gcp:compute:ForwardingRule
properties:
name: website-forwarding-rule
region: us-central1
portRange: 80
backendService: ${backend.id}
backend:
type: gcp:compute:RegionBackendService
properties:
name: website-backend
region: us-central1
loadBalancingScheme: EXTERNAL
healthChecks: ${hc.id}
hc:
type: gcp:compute:RegionHealthCheck
properties:
name: check-website-backend
checkIntervalSec: 1
timeoutSec: 1
region: us-central1
tcpHealthCheck:
port: '80'
Forwarding Rule Global Internallb
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const hc = new gcp.compute.HealthCheck("hc", {
name: "check-website-backend",
checkIntervalSec: 1,
timeoutSec: 1,
tcpHealthCheck: {
port: 80,
},
});
const backend = new gcp.compute.RegionBackendService("backend", {
name: "website-backend",
region: "us-central1",
healthChecks: hc.id,
});
const defaultNetwork = new gcp.compute.Network("default", {
name: "website-net",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "website-net",
ipCidrRange: "10.0.0.0/16",
region: "us-central1",
network: defaultNetwork.id,
});
// Forwarding rule for Internal Load Balancing
const _default = new gcp.compute.ForwardingRule("default", {
name: "website-forwarding-rule",
region: "us-central1",
loadBalancingScheme: "INTERNAL",
backendService: backend.id,
allPorts: true,
allowGlobalAccess: true,
network: defaultNetwork.name,
subnetwork: defaultSubnetwork.name,
});
import pulumi
import pulumi_gcp as gcp
hc = gcp.compute.HealthCheck("hc",
name="check-website-backend",
check_interval_sec=1,
timeout_sec=1,
tcp_health_check={
"port": 80,
})
backend = gcp.compute.RegionBackendService("backend",
name="website-backend",
region="us-central1",
health_checks=hc.id)
default_network = gcp.compute.Network("default",
name="website-net",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="website-net",
ip_cidr_range="10.0.0.0/16",
region="us-central1",
network=default_network.id)
# Forwarding rule for Internal Load Balancing
default = gcp.compute.ForwardingRule("default",
name="website-forwarding-rule",
region="us-central1",
load_balancing_scheme="INTERNAL",
backend_service=backend.id,
all_ports=True,
allow_global_access=True,
network=default_network.name,
subnetwork=default_subnetwork.name)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
hc, err := compute.NewHealthCheck(ctx, "hc", &compute.HealthCheckArgs{
Name: pulumi.String("check-website-backend"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
Name: pulumi.String("website-backend"),
Region: pulumi.String("us-central1"),
HealthChecks: hc.ID(),
})
if err != nil {
return err
}
defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("website-net"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("website-net"),
IpCidrRange: pulumi.String("10.0.0.0/16"),
Region: pulumi.String("us-central1"),
Network: defaultNetwork.ID(),
})
if err != nil {
return err
}
// Forwarding rule for Internal Load Balancing
_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
Name: pulumi.String("website-forwarding-rule"),
Region: pulumi.String("us-central1"),
LoadBalancingScheme: pulumi.String("INTERNAL"),
BackendService: backend.ID(),
AllPorts: pulumi.Bool(true),
AllowGlobalAccess: pulumi.Bool(true),
Network: defaultNetwork.Name,
Subnetwork: defaultSubnetwork.Name,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var hc = new Gcp.Compute.HealthCheck("hc", new()
{
Name = "check-website-backend",
CheckIntervalSec = 1,
TimeoutSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
Port = 80,
},
});
var backend = new Gcp.Compute.RegionBackendService("backend", new()
{
Name = "website-backend",
Region = "us-central1",
HealthChecks = hc.Id,
});
var defaultNetwork = new Gcp.Compute.Network("default", new()
{
Name = "website-net",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "website-net",
IpCidrRange = "10.0.0.0/16",
Region = "us-central1",
Network = defaultNetwork.Id,
});
// Forwarding rule for Internal Load Balancing
var @default = new Gcp.Compute.ForwardingRule("default", new()
{
Name = "website-forwarding-rule",
Region = "us-central1",
LoadBalancingScheme = "INTERNAL",
BackendService = backend.Id,
AllPorts = true,
AllowGlobalAccess = true,
Network = defaultNetwork.Name,
Subnetwork = defaultSubnetwork.Name,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var hc = new HealthCheck("hc", HealthCheckArgs.builder()
.name("check-website-backend")
.checkIntervalSec(1)
.timeoutSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()
.name("website-backend")
.region("us-central1")
.healthChecks(hc.id())
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.name("website-net")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("website-net")
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.network(defaultNetwork.id())
.build());
// Forwarding rule for Internal Load Balancing
var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
.name("website-forwarding-rule")
.region("us-central1")
.loadBalancingScheme("INTERNAL")
.backendService(backend.id())
.allPorts(true)
.allowGlobalAccess(true)
.network(defaultNetwork.name())
.subnetwork(defaultSubnetwork.name())
.build());
}
}
resources:
# Forwarding rule for Internal Load Balancing
default:
type: gcp:compute:ForwardingRule
properties:
name: website-forwarding-rule
region: us-central1
loadBalancingScheme: INTERNAL
backendService: ${backend.id}
allPorts: true
allowGlobalAccess: true
network: ${defaultNetwork.name}
subnetwork: ${defaultSubnetwork.name}
backend:
type: gcp:compute:RegionBackendService
properties:
name: website-backend
region: us-central1
healthChecks: ${hc.id}
hc:
type: gcp:compute:HealthCheck
properties:
name: check-website-backend
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
defaultNetwork:
type: gcp:compute:Network
name: default
properties:
name: website-net
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: website-net
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${defaultNetwork.id}
Forwarding Rule Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const defaultTargetPool = new gcp.compute.TargetPool("default", {name: "website-target-pool"});
const _default = new gcp.compute.ForwardingRule("default", {
name: "website-forwarding-rule",
target: defaultTargetPool.id,
portRange: "80",
});
import pulumi
import pulumi_gcp as gcp
default_target_pool = gcp.compute.TargetPool("default", name="website-target-pool")
default = gcp.compute.ForwardingRule("default",
name="website-forwarding-rule",
target=default_target_pool.id,
port_range="80")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultTargetPool, err := compute.NewTargetPool(ctx, "default", &compute.TargetPoolArgs{
Name: pulumi.String("website-target-pool"),
})
if err != nil {
return err
}
_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
Name: pulumi.String("website-forwarding-rule"),
Target: defaultTargetPool.ID(),
PortRange: pulumi.String("80"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var defaultTargetPool = new Gcp.Compute.TargetPool("default", new()
{
Name = "website-target-pool",
});
var @default = new Gcp.Compute.ForwardingRule("default", new()
{
Name = "website-forwarding-rule",
Target = defaultTargetPool.Id,
PortRange = "80",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.TargetPool;
import com.pulumi.gcp.compute.TargetPoolArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultTargetPool = new TargetPool("defaultTargetPool", TargetPoolArgs.builder()
.name("website-target-pool")
.build());
var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
.name("website-forwarding-rule")
.target(defaultTargetPool.id())
.portRange("80")
.build());
}
}
resources:
default:
type: gcp:compute:ForwardingRule
properties:
name: website-forwarding-rule
target: ${defaultTargetPool.id}
portRange: '80'
defaultTargetPool:
type: gcp:compute:TargetPool
name: default
properties:
name: website-target-pool
Forwarding Rule L3 Default
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const healthCheck = new gcp.compute.RegionHealthCheck("health_check", {
name: "health-check",
region: "us-central1",
tcpHealthCheck: {
port: 80,
},
});
const service = new gcp.compute.RegionBackendService("service", {
region: "us-central1",
name: "service",
healthChecks: healthCheck.id,
protocol: "UNSPECIFIED",
loadBalancingScheme: "EXTERNAL",
});
const fwdRule = new gcp.compute.ForwardingRule("fwd_rule", {
name: "l3-forwarding-rule",
backendService: service.id,
ipProtocol: "L3_DEFAULT",
allPorts: true,
});
import pulumi
import pulumi_gcp as gcp
health_check = gcp.compute.RegionHealthCheck("health_check",
name="health-check",
region="us-central1",
tcp_health_check={
"port": 80,
})
service = gcp.compute.RegionBackendService("service",
region="us-central1",
name="service",
health_checks=health_check.id,
protocol="UNSPECIFIED",
load_balancing_scheme="EXTERNAL")
fwd_rule = gcp.compute.ForwardingRule("fwd_rule",
name="l3-forwarding-rule",
backend_service=service.id,
ip_protocol="L3_DEFAULT",
all_ports=True)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
healthCheck, err := compute.NewRegionHealthCheck(ctx, "health_check", &compute.RegionHealthCheckArgs{
Name: pulumi.String("health-check"),
Region: pulumi.String("us-central1"),
TcpHealthCheck: &compute.RegionHealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
service, err := compute.NewRegionBackendService(ctx, "service", &compute.RegionBackendServiceArgs{
Region: pulumi.String("us-central1"),
Name: pulumi.String("service"),
HealthChecks: healthCheck.ID(),
Protocol: pulumi.String("UNSPECIFIED"),
LoadBalancingScheme: pulumi.String("EXTERNAL"),
})
if err != nil {
return err
}
_, err = compute.NewForwardingRule(ctx, "fwd_rule", &compute.ForwardingRuleArgs{
Name: pulumi.String("l3-forwarding-rule"),
BackendService: service.ID(),
IpProtocol: pulumi.String("L3_DEFAULT"),
AllPorts: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var healthCheck = new Gcp.Compute.RegionHealthCheck("health_check", new()
{
Name = "health-check",
Region = "us-central1",
TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs
{
Port = 80,
},
});
var service = new Gcp.Compute.RegionBackendService("service", new()
{
Region = "us-central1",
Name = "service",
HealthChecks = healthCheck.Id,
Protocol = "UNSPECIFIED",
LoadBalancingScheme = "EXTERNAL",
});
var fwdRule = new Gcp.Compute.ForwardingRule("fwd_rule", new()
{
Name = "l3-forwarding-rule",
BackendService = service.Id,
IpProtocol = "L3_DEFAULT",
AllPorts = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var healthCheck = new RegionHealthCheck("healthCheck", RegionHealthCheckArgs.builder()
.name("health-check")
.region("us-central1")
.tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()
.port(80)
.build())
.build());
var service = new RegionBackendService("service", RegionBackendServiceArgs.builder()
.region("us-central1")
.name("service")
.healthChecks(healthCheck.id())
.protocol("UNSPECIFIED")
.loadBalancingScheme("EXTERNAL")
.build());
var fwdRule = new ForwardingRule("fwdRule", ForwardingRuleArgs.builder()
.name("l3-forwarding-rule")
.backendService(service.id())
.ipProtocol("L3_DEFAULT")
.allPorts(true)
.build());
}
}
resources:
fwdRule:
type: gcp:compute:ForwardingRule
name: fwd_rule
properties:
name: l3-forwarding-rule
backendService: ${service.id}
ipProtocol: L3_DEFAULT
allPorts: true
service:
type: gcp:compute:RegionBackendService
properties:
region: us-central1
name: service
healthChecks: ${healthCheck.id}
protocol: UNSPECIFIED
loadBalancingScheme: EXTERNAL
healthCheck:
type: gcp:compute:RegionHealthCheck
name: health_check
properties:
name: health-check
region: us-central1
tcpHealthCheck:
port: 80
Forwarding Rule Internallb
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const hc = new gcp.compute.HealthCheck("hc", {
name: "check-website-backend",
checkIntervalSec: 1,
timeoutSec: 1,
tcpHealthCheck: {
port: 80,
},
});
const backend = new gcp.compute.RegionBackendService("backend", {
name: "website-backend",
region: "us-central1",
healthChecks: hc.id,
});
const defaultNetwork = new gcp.compute.Network("default", {
name: "website-net",
autoCreateSubnetworks: false,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "website-net",
ipCidrRange: "10.0.0.0/16",
region: "us-central1",
network: defaultNetwork.id,
});
// Forwarding rule for Internal Load Balancing
const _default = new gcp.compute.ForwardingRule("default", {
name: "website-forwarding-rule",
region: "us-central1",
loadBalancingScheme: "INTERNAL",
backendService: backend.id,
allPorts: true,
network: defaultNetwork.name,
subnetwork: defaultSubnetwork.name,
ipVersion: "IPV4",
});
import pulumi
import pulumi_gcp as gcp
hc = gcp.compute.HealthCheck("hc",
name="check-website-backend",
check_interval_sec=1,
timeout_sec=1,
tcp_health_check={
"port": 80,
})
backend = gcp.compute.RegionBackendService("backend",
name="website-backend",
region="us-central1",
health_checks=hc.id)
default_network = gcp.compute.Network("default",
name="website-net",
auto_create_subnetworks=False)
default_subnetwork = gcp.compute.Subnetwork("default",
name="website-net",
ip_cidr_range="10.0.0.0/16",
region="us-central1",
network=default_network.id)
# Forwarding rule for Internal Load Balancing
default = gcp.compute.ForwardingRule("default",
name="website-forwarding-rule",
region="us-central1",
load_balancing_scheme="INTERNAL",
backend_service=backend.id,
all_ports=True,
network=default_network.name,
subnetwork=default_subnetwork.name,
ip_version="IPV4")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
hc, err := compute.NewHealthCheck(ctx, "hc", &compute.HealthCheckArgs{
Name: pulumi.String("check-website-backend"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
Name: pulumi.String("website-backend"),
Region: pulumi.String("us-central1"),
HealthChecks: hc.ID(),
})
if err != nil {
return err
}
defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("website-net"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("website-net"),
IpCidrRange: pulumi.String("10.0.0.0/16"),
Region: pulumi.String("us-central1"),
Network: defaultNetwork.ID(),
})
if err != nil {
return err
}
// Forwarding rule for Internal Load Balancing
_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
Name: pulumi.String("website-forwarding-rule"),
Region: pulumi.String("us-central1"),
LoadBalancingScheme: pulumi.String("INTERNAL"),
BackendService: backend.ID(),
AllPorts: pulumi.Bool(true),
Network: defaultNetwork.Name,
Subnetwork: defaultSubnetwork.Name,
IpVersion: pulumi.String("IPV4"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var hc = new Gcp.Compute.HealthCheck("hc", new()
{
Name = "check-website-backend",
CheckIntervalSec = 1,
TimeoutSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
Port = 80,
},
});
var backend = new Gcp.Compute.RegionBackendService("backend", new()
{
Name = "website-backend",
Region = "us-central1",
HealthChecks = hc.Id,
});
var defaultNetwork = new Gcp.Compute.Network("default", new()
{
Name = "website-net",
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "website-net",
IpCidrRange = "10.0.0.0/16",
Region = "us-central1",
Network = defaultNetwork.Id,
});
// Forwarding rule for Internal Load Balancing
var @default = new Gcp.Compute.ForwardingRule("default", new()
{
Name = "website-forwarding-rule",
Region = "us-central1",
LoadBalancingScheme = "INTERNAL",
BackendService = backend.Id,
AllPorts = true,
Network = defaultNetwork.Name,
Subnetwork = defaultSubnetwork.Name,
IpVersion = "IPV4",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var hc = new HealthCheck("hc", HealthCheckArgs.builder()
.name("check-website-backend")
.checkIntervalSec(1)
.timeoutSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()
.name("website-backend")
.region("us-central1")
.healthChecks(hc.id())
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.name("website-net")
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("website-net")
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.network(defaultNetwork.id())
.build());
// Forwarding rule for Internal Load Balancing
var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
.name("website-forwarding-rule")
.region("us-central1")
.loadBalancingScheme("INTERNAL")
.backendService(backend.id())
.allPorts(true)
.network(defaultNetwork.name())
.subnetwork(defaultSubnetwork.name())
.ipVersion("IPV4")
.build());
}
}
resources:
# Forwarding rule for Internal Load Balancing
default:
type: gcp:compute:ForwardingRule
properties:
name: website-forwarding-rule
region: us-central1
loadBalancingScheme: INTERNAL
backendService: ${backend.id}
allPorts: true
network: ${defaultNetwork.name}
subnetwork: ${defaultSubnetwork.name}
ipVersion: IPV4
backend:
type: gcp:compute:RegionBackendService
properties:
name: website-backend
region: us-central1
healthChecks: ${hc.id}
hc:
type: gcp:compute:HealthCheck
properties:
name: check-website-backend
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
defaultNetwork:
type: gcp:compute:Network
name: default
properties:
name: website-net
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: website-net
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${defaultNetwork.id}
Forwarding Rule Http Lb
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const debianImage = gcp.compute.getImage({
family: "debian-11",
project: "debian-cloud",
});
const defaultNetwork = new gcp.compute.Network("default", {
name: "website-net",
autoCreateSubnetworks: false,
routingMode: "REGIONAL",
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "website-net-default",
ipCidrRange: "10.1.2.0/24",
region: "us-central1",
network: defaultNetwork.id,
});
const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
name: "template-website-backend",
machineType: "e2-medium",
networkInterfaces: [{
network: defaultNetwork.id,
subnetwork: defaultSubnetwork.id,
}],
disks: [{
sourceImage: debianImage.then(debianImage => debianImage.selfLink),
autoDelete: true,
boot: true,
}],
tags: [
"allow-ssh",
"load-balanced-backend",
],
});
const rigm = new gcp.compute.RegionInstanceGroupManager("rigm", {
region: "us-central1",
name: "website-rigm",
versions: [{
instanceTemplate: instanceTemplate.id,
name: "primary",
}],
baseInstanceName: "internal-glb",
targetSize: 1,
});
const fw1 = new gcp.compute.Firewall("fw1", {
name: "website-fw-1",
network: defaultNetwork.id,
sourceRanges: ["10.1.2.0/24"],
allows: [
{
protocol: "tcp",
},
{
protocol: "udp",
},
{
protocol: "icmp",
},
],
direction: "INGRESS",
});
const fw2 = new gcp.compute.Firewall("fw2", {
name: "website-fw-2",
network: defaultNetwork.id,
sourceRanges: ["0.0.0.0/0"],
allows: [{
protocol: "tcp",
ports: ["22"],
}],
targetTags: ["allow-ssh"],
direction: "INGRESS",
}, {
dependsOn: [fw1],
});
const fw3 = new gcp.compute.Firewall("fw3", {
name: "website-fw-3",
network: defaultNetwork.id,
sourceRanges: [
"130.211.0.0/22",
"35.191.0.0/16",
],
allows: [{
protocol: "tcp",
}],
targetTags: ["load-balanced-backend"],
direction: "INGRESS",
}, {
dependsOn: [fw2],
});
const fw4 = new gcp.compute.Firewall("fw4", {
name: "website-fw-4",
network: defaultNetwork.id,
sourceRanges: ["10.129.0.0/26"],
targetTags: ["load-balanced-backend"],
allows: [
{
protocol: "tcp",
ports: ["80"],
},
{
protocol: "tcp",
ports: ["443"],
},
{
protocol: "tcp",
ports: ["8000"],
},
],
direction: "INGRESS",
}, {
dependsOn: [fw3],
});
const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
region: "us-central1",
name: "website-hc",
httpHealthCheck: {
portSpecification: "USE_SERVING_PORT",
},
}, {
dependsOn: [fw4],
});
const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", {
loadBalancingScheme: "INTERNAL_MANAGED",
backends: [{
group: rigm.instanceGroup,
balancingMode: "UTILIZATION",
capacityScaler: 1,
}],
region: "us-central1",
name: "website-backend",
protocol: "HTTP",
timeoutSec: 10,
healthChecks: defaultRegionHealthCheck.id,
});
const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", {
region: "us-central1",
name: "website-map",
defaultService: defaultRegionBackendService.id,
});
const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", {
region: "us-central1",
name: "website-proxy",
urlMap: defaultRegionUrlMap.id,
});
const proxy = new gcp.compute.Subnetwork("proxy", {
name: "website-net-proxy",
ipCidrRange: "10.129.0.0/26",
region: "us-central1",
network: defaultNetwork.id,
purpose: "REGIONAL_MANAGED_PROXY",
role: "ACTIVE",
});
// Forwarding rule for Internal Load Balancing
const _default = new gcp.compute.ForwardingRule("default", {
name: "website-forwarding-rule",
region: "us-central1",
ipProtocol: "TCP",
loadBalancingScheme: "INTERNAL_MANAGED",
portRange: "80",
target: defaultRegionTargetHttpProxy.id,
network: defaultNetwork.id,
subnetwork: defaultSubnetwork.id,
networkTier: "PREMIUM",
}, {
dependsOn: [proxy],
});
import pulumi
import pulumi_gcp as gcp
debian_image = gcp.compute.get_image(family="debian-11",
project="debian-cloud")
default_network = gcp.compute.Network("default",
name="website-net",
auto_create_subnetworks=False,
routing_mode="REGIONAL")
default_subnetwork = gcp.compute.Subnetwork("default",
name="website-net-default",
ip_cidr_range="10.1.2.0/24",
region="us-central1",
network=default_network.id)
instance_template = gcp.compute.InstanceTemplate("instance_template",
name="template-website-backend",
machine_type="e2-medium",
network_interfaces=[{
"network": default_network.id,
"subnetwork": default_subnetwork.id,
}],
disks=[{
"source_image": debian_image.self_link,
"auto_delete": True,
"boot": True,
}],
tags=[
"allow-ssh",
"load-balanced-backend",
])
rigm = gcp.compute.RegionInstanceGroupManager("rigm",
region="us-central1",
name="website-rigm",
versions=[{
"instance_template": instance_template.id,
"name": "primary",
}],
base_instance_name="internal-glb",
target_size=1)
fw1 = gcp.compute.Firewall("fw1",
name="website-fw-1",
network=default_network.id,
source_ranges=["10.1.2.0/24"],
allows=[
{
"protocol": "tcp",
},
{
"protocol": "udp",
},
{
"protocol": "icmp",
},
],
direction="INGRESS")
fw2 = gcp.compute.Firewall("fw2",
name="website-fw-2",
network=default_network.id,
source_ranges=["0.0.0.0/0"],
allows=[{
"protocol": "tcp",
"ports": ["22"],
}],
target_tags=["allow-ssh"],
direction="INGRESS",
opts = pulumi.ResourceOptions(depends_on=[fw1]))
fw3 = gcp.compute.Firewall("fw3",
name="website-fw-3",
network=default_network.id,
source_ranges=[
"130.211.0.0/22",
"35.191.0.0/16",
],
allows=[{
"protocol": "tcp",
}],
target_tags=["load-balanced-backend"],
direction="INGRESS",
opts = pulumi.ResourceOptions(depends_on=[fw2]))
fw4 = gcp.compute.Firewall("fw4",
name="website-fw-4",
network=default_network.id,
source_ranges=["10.129.0.0/26"],
target_tags=["load-balanced-backend"],
allows=[
{
"protocol": "tcp",
"ports": ["80"],
},
{
"protocol": "tcp",
"ports": ["443"],
},
{
"protocol": "tcp",
"ports": ["8000"],
},
],
direction="INGRESS",
opts = pulumi.ResourceOptions(depends_on=[fw3]))
default_region_health_check = gcp.compute.RegionHealthCheck("default",
region="us-central1",
name="website-hc",
http_health_check={
"port_specification": "USE_SERVING_PORT",
},
opts = pulumi.ResourceOptions(depends_on=[fw4]))
default_region_backend_service = gcp.compute.RegionBackendService("default",
load_balancing_scheme="INTERNAL_MANAGED",
backends=[{
"group": rigm.instance_group,
"balancing_mode": "UTILIZATION",
"capacity_scaler": 1,
}],
region="us-central1",
name="website-backend",
protocol="HTTP",
timeout_sec=10,
health_checks=default_region_health_check.id)
default_region_url_map = gcp.compute.RegionUrlMap("default",
region="us-central1",
name="website-map",
default_service=default_region_backend_service.id)
default_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy("default",
region="us-central1",
name="website-proxy",
url_map=default_region_url_map.id)
proxy = gcp.compute.Subnetwork("proxy",
name="website-net-proxy",
ip_cidr_range="10.129.0.0/26",
region="us-central1",
network=default_network.id,
purpose="REGIONAL_MANAGED_PROXY",
role="ACTIVE")
# Forwarding rule for Internal Load Balancing
default = gcp.compute.ForwardingRule("default",
name="website-forwarding-rule",
region="us-central1",
ip_protocol="TCP",
load_balancing_scheme="INTERNAL_MANAGED",
port_range="80",
target=default_region_target_http_proxy.id,
network=default_network.id,
subnetwork=default_subnetwork.id,
network_tier="PREMIUM",
opts = pulumi.ResourceOptions(depends_on=[proxy]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
debianImage, err := compute.LookupImage(ctx, &compute.LookupImageArgs{
Family: pulumi.StringRef("debian-11"),
Project: pulumi.StringRef("debian-cloud"),
}, nil)
if err != nil {
return err
}
defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("website-net"),
AutoCreateSubnetworks: pulumi.Bool(false),
RoutingMode: pulumi.String("REGIONAL"),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("website-net-default"),
IpCidrRange: pulumi.String("10.1.2.0/24"),
Region: pulumi.String("us-central1"),
Network: defaultNetwork.ID(),
})
if err != nil {
return err
}
instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
Name: pulumi.String("template-website-backend"),
MachineType: pulumi.String("e2-medium"),
NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
&compute.InstanceTemplateNetworkInterfaceArgs{
Network: defaultNetwork.ID(),
Subnetwork: defaultSubnetwork.ID(),
},
},
Disks: compute.InstanceTemplateDiskArray{
&compute.InstanceTemplateDiskArgs{
SourceImage: pulumi.String(debianImage.SelfLink),
AutoDelete: pulumi.Bool(true),
Boot: pulumi.Bool(true),
},
},
Tags: pulumi.StringArray{
pulumi.String("allow-ssh"),
pulumi.String("load-balanced-backend"),
},
})
if err != nil {
return err
}
rigm, err := compute.NewRegionInstanceGroupManager(ctx, "rigm", &compute.RegionInstanceGroupManagerArgs{
Region: pulumi.String("us-central1"),
Name: pulumi.String("website-rigm"),
Versions: compute.RegionInstanceGroupManagerVersionArray{
&compute.RegionInstanceGroupManagerVersionArgs{
InstanceTemplate: instanceTemplate.ID(),
Name: pulumi.String("primary"),
},
},
BaseInstanceName: pulumi.String("internal-glb"),
TargetSize: pulumi.Int(1),
})
if err != nil {
return err
}
fw1, err := compute.NewFirewall(ctx, "fw1", &compute.FirewallArgs{
Name: pulumi.String("website-fw-1"),
Network: defaultNetwork.ID(),
SourceRanges: pulumi.StringArray{
pulumi.String("10.1.2.0/24"),
},
Allows: compute.FirewallAllowArray{
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
},
&compute.FirewallAllowArgs{
Protocol: pulumi.String("udp"),
},
&compute.FirewallAllowArgs{
Protocol: pulumi.String("icmp"),
},
},
Direction: pulumi.String("INGRESS"),
})
if err != nil {
return err
}
fw2, err := compute.NewFirewall(ctx, "fw2", &compute.FirewallArgs{
Name: pulumi.String("website-fw-2"),
Network: defaultNetwork.ID(),
SourceRanges: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
Allows: compute.FirewallAllowArray{
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
Ports: pulumi.StringArray{
pulumi.String("22"),
},
},
},
TargetTags: pulumi.StringArray{
pulumi.String("allow-ssh"),
},
Direction: pulumi.String("INGRESS"),
}, pulumi.DependsOn([]pulumi.Resource{
fw1,
}))
if err != nil {
return err
}
fw3, err := compute.NewFirewall(ctx, "fw3", &compute.FirewallArgs{
Name: pulumi.String("website-fw-3"),
Network: defaultNetwork.ID(),
SourceRanges: pulumi.StringArray{
pulumi.String("130.211.0.0/22"),
pulumi.String("35.191.0.0/16"),
},
Allows: compute.FirewallAllowArray{
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
},
},
TargetTags: pulumi.StringArray{
pulumi.String("load-balanced-backend"),
},
Direction: pulumi.String("INGRESS"),
}, pulumi.DependsOn([]pulumi.Resource{
fw2,
}))
if err != nil {
return err
}
fw4, err := compute.NewFirewall(ctx, "fw4", &compute.FirewallArgs{
Name: pulumi.String("website-fw-4"),
Network: defaultNetwork.ID(),
SourceRanges: pulumi.StringArray{
pulumi.String("10.129.0.0/26"),
},
TargetTags: pulumi.StringArray{
pulumi.String("load-balanced-backend"),
},
Allows: compute.FirewallAllowArray{
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
Ports: pulumi.StringArray{
pulumi.String("80"),
},
},
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
Ports: pulumi.StringArray{
pulumi.String("443"),
},
},
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
Ports: pulumi.StringArray{
pulumi.String("8000"),
},
},
},
Direction: pulumi.String("INGRESS"),
}, pulumi.DependsOn([]pulumi.Resource{
fw3,
}))
if err != nil {
return err
}
defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
Region: pulumi.String("us-central1"),
Name: pulumi.String("website-hc"),
HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
PortSpecification: pulumi.String("USE_SERVING_PORT"),
},
}, pulumi.DependsOn([]pulumi.Resource{
fw4,
}))
if err != nil {
return err
}
defaultRegionBackendService, err := compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
Backends: compute.RegionBackendServiceBackendArray{
&compute.RegionBackendServiceBackendArgs{
Group: rigm.InstanceGroup,
BalancingMode: pulumi.String("UTILIZATION"),
CapacityScaler: pulumi.Float64(1),
},
},
Region: pulumi.String("us-central1"),
Name: pulumi.String("website-backend"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
HealthChecks: defaultRegionHealthCheck.ID(),
})
if err != nil {
return err
}
defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{
Region: pulumi.String("us-central1"),
Name: pulumi.String("website-map"),
DefaultService: defaultRegionBackendService.ID(),
})
if err != nil {
return err
}
defaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{
Region: pulumi.String("us-central1"),
Name: pulumi.String("website-proxy"),
UrlMap: defaultRegionUrlMap.ID(),
})
if err != nil {
return err
}
proxy, err := compute.NewSubnetwork(ctx, "proxy", &compute.SubnetworkArgs{
Name: pulumi.String("website-net-proxy"),
IpCidrRange: pulumi.String("10.129.0.0/26"),
Region: pulumi.String("us-central1"),
Network: defaultNetwork.ID(),
Purpose: pulumi.String("REGIONAL_MANAGED_PROXY"),
Role: pulumi.String("ACTIVE"),
})
if err != nil {
return err
}
// Forwarding rule for Internal Load Balancing
_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
Name: pulumi.String("website-forwarding-rule"),
Region: pulumi.String("us-central1"),
IpProtocol: pulumi.String("TCP"),
LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
PortRange: pulumi.String("80"),
Target: defaultRegionTargetHttpProxy.ID(),
Network: defaultNetwork.ID(),
Subnetwork: defaultSubnetwork.ID(),
NetworkTier: pulumi.String("PREMIUM"),
}, pulumi.DependsOn([]pulumi.Resource{
proxy,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var debianImage = Gcp.Compute.GetImage.Invoke(new()
{
Family = "debian-11",
Project = "debian-cloud",
});
var defaultNetwork = new Gcp.Compute.Network("default", new()
{
Name = "website-net",
AutoCreateSubnetworks = false,
RoutingMode = "REGIONAL",
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "website-net-default",
IpCidrRange = "10.1.2.0/24",
Region = "us-central1",
Network = defaultNetwork.Id,
});
var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
{
Name = "template-website-backend",
MachineType = "e2-medium",
NetworkInterfaces = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
{
Network = defaultNetwork.Id,
Subnetwork = defaultSubnetwork.Id,
},
},
Disks = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
{
SourceImage = debianImage.Apply(getImageResult => getImageResult.SelfLink),
AutoDelete = true,
Boot = true,
},
},
Tags = new[]
{
"allow-ssh",
"load-balanced-backend",
},
});
var rigm = new Gcp.Compute.RegionInstanceGroupManager("rigm", new()
{
Region = "us-central1",
Name = "website-rigm",
Versions = new[]
{
new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs
{
InstanceTemplate = instanceTemplate.Id,
Name = "primary",
},
},
BaseInstanceName = "internal-glb",
TargetSize = 1,
});
var fw1 = new Gcp.Compute.Firewall("fw1", new()
{
Name = "website-fw-1",
Network = defaultNetwork.Id,
SourceRanges = new[]
{
"10.1.2.0/24",
},
Allows = new[]
{
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
},
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "udp",
},
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "icmp",
},
},
Direction = "INGRESS",
});
var fw2 = new Gcp.Compute.Firewall("fw2", new()
{
Name = "website-fw-2",
Network = defaultNetwork.Id,
SourceRanges = new[]
{
"0.0.0.0/0",
},
Allows = new[]
{
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
Ports = new[]
{
"22",
},
},
},
TargetTags = new[]
{
"allow-ssh",
},
Direction = "INGRESS",
}, new CustomResourceOptions
{
DependsOn =
{
fw1,
},
});
var fw3 = new Gcp.Compute.Firewall("fw3", new()
{
Name = "website-fw-3",
Network = defaultNetwork.Id,
SourceRanges = new[]
{
"130.211.0.0/22",
"35.191.0.0/16",
},
Allows = new[]
{
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
},
},
TargetTags = new[]
{
"load-balanced-backend",
},
Direction = "INGRESS",
}, new CustomResourceOptions
{
DependsOn =
{
fw2,
},
});
var fw4 = new Gcp.Compute.Firewall("fw4", new()
{
Name = "website-fw-4",
Network = defaultNetwork.Id,
SourceRanges = new[]
{
"10.129.0.0/26",
},
TargetTags = new[]
{
"load-balanced-backend",
},
Allows = new[]
{
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
Ports = new[]
{
"80",
},
},
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
Ports = new[]
{
"443",
},
},
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
Ports = new[]
{
"8000",
},
},
},
Direction = "INGRESS",
}, new CustomResourceOptions
{
DependsOn =
{
fw3,
},
});
var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
{
Region = "us-central1",
Name = "website-hc",
HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
{
PortSpecification = "USE_SERVING_PORT",
},
}, new CustomResourceOptions
{
DependsOn =
{
fw4,
},
});
var defaultRegionBackendService = new Gcp.Compute.RegionBackendService("default", new()
{
LoadBalancingScheme = "INTERNAL_MANAGED",
Backends = new[]
{
new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs
{
Group = rigm.InstanceGroup,
BalancingMode = "UTILIZATION",
CapacityScaler = 1,
},
},
Region = "us-central1",
Name = "website-backend",
Protocol = "HTTP",
TimeoutSec = 10,
HealthChecks = defaultRegionHealthCheck.Id,
});
var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new()
{
Region = "us-central1",
Name = "website-map",
DefaultService = defaultRegionBackendService.Id,
});
var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy("default", new()
{
Region = "us-central1",
Name = "website-proxy",
UrlMap = defaultRegionUrlMap.Id,
});
var proxy = new Gcp.Compute.Subnetwork("proxy", new()
{
Name = "website-net-proxy",
IpCidrRange = "10.129.0.0/26",
Region = "us-central1",
Network = defaultNetwork.Id,
Purpose = "REGIONAL_MANAGED_PROXY",
Role = "ACTIVE",
});
// Forwarding rule for Internal Load Balancing
var @default = new Gcp.Compute.ForwardingRule("default", new()
{
Name = "website-forwarding-rule",
Region = "us-central1",
IpProtocol = "TCP",
LoadBalancingScheme = "INTERNAL_MANAGED",
PortRange = "80",
Target = defaultRegionTargetHttpProxy.Id,
Network = defaultNetwork.Id,
Subnetwork = defaultSubnetwork.Id,
NetworkTier = "PREMIUM",
}, new CustomResourceOptions
{
DependsOn =
{
proxy,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetImageArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.RegionInstanceGroupManager;
import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
import com.pulumi.gcp.compute.RegionUrlMap;
import com.pulumi.gcp.compute.RegionUrlMapArgs;
import com.pulumi.gcp.compute.RegionTargetHttpProxy;
import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
.family("debian-11")
.project("debian-cloud")
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.name("website-net")
.autoCreateSubnetworks(false)
.routingMode("REGIONAL")
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("website-net-default")
.ipCidrRange("10.1.2.0/24")
.region("us-central1")
.network(defaultNetwork.id())
.build());
var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()
.name("template-website-backend")
.machineType("e2-medium")
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.build())
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
.autoDelete(true)
.boot(true)
.build())
.tags(
"allow-ssh",
"load-balanced-backend")
.build());
var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder()
.region("us-central1")
.name("website-rigm")
.versions(RegionInstanceGroupManagerVersionArgs.builder()
.instanceTemplate(instanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("internal-glb")
.targetSize(1)
.build());
var fw1 = new Firewall("fw1", FirewallArgs.builder()
.name("website-fw-1")
.network(defaultNetwork.id())
.sourceRanges("10.1.2.0/24")
.allows(
FirewallAllowArgs.builder()
.protocol("tcp")
.build(),
FirewallAllowArgs.builder()
.protocol("udp")
.build(),
FirewallAllowArgs.builder()
.protocol("icmp")
.build())
.direction("INGRESS")
.build());
var fw2 = new Firewall("fw2", FirewallArgs.builder()
.name("website-fw-2")
.network(defaultNetwork.id())
.sourceRanges("0.0.0.0/0")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.ports("22")
.build())
.targetTags("allow-ssh")
.direction("INGRESS")
.build(), CustomResourceOptions.builder()
.dependsOn(fw1)
.build());
var fw3 = new Firewall("fw3", FirewallArgs.builder()
.name("website-fw-3")
.network(defaultNetwork.id())
.sourceRanges(
"130.211.0.0/22",
"35.191.0.0/16")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.build())
.targetTags("load-balanced-backend")
.direction("INGRESS")
.build(), CustomResourceOptions.builder()
.dependsOn(fw2)
.build());
var fw4 = new Firewall("fw4", FirewallArgs.builder()
.name("website-fw-4")
.network(defaultNetwork.id())
.sourceRanges("10.129.0.0/26")
.targetTags("load-balanced-backend")
.allows(
FirewallAllowArgs.builder()
.protocol("tcp")
.ports("80")
.build(),
FirewallAllowArgs.builder()
.protocol("tcp")
.ports("443")
.build(),
FirewallAllowArgs.builder()
.protocol("tcp")
.ports("8000")
.build())
.direction("INGRESS")
.build(), CustomResourceOptions.builder()
.dependsOn(fw3)
.build());
var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()
.region("us-central1")
.name("website-hc")
.httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
.portSpecification("USE_SERVING_PORT")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(fw4)
.build());
var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()
.loadBalancingScheme("INTERNAL_MANAGED")
.backends(RegionBackendServiceBackendArgs.builder()
.group(rigm.instanceGroup())
.balancingMode("UTILIZATION")
.capacityScaler(1)
.build())
.region("us-central1")
.name("website-backend")
.protocol("HTTP")
.timeoutSec(10)
.healthChecks(defaultRegionHealthCheck.id())
.build());
var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()
.region("us-central1")
.name("website-map")
.defaultService(defaultRegionBackendService.id())
.build());
var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()
.region("us-central1")
.name("website-proxy")
.urlMap(defaultRegionUrlMap.id())
.build());
var proxy = new Subnetwork("proxy", SubnetworkArgs.builder()
.name("website-net-proxy")
.ipCidrRange("10.129.0.0/26")
.region("us-central1")
.network(defaultNetwork.id())
.purpose("REGIONAL_MANAGED_PROXY")
.role("ACTIVE")
.build());
// Forwarding rule for Internal Load Balancing
var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
.name("website-forwarding-rule")
.region("us-central1")
.ipProtocol("TCP")
.loadBalancingScheme("INTERNAL_MANAGED")
.portRange("80")
.target(defaultRegionTargetHttpProxy.id())
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.networkTier("PREMIUM")
.build(), CustomResourceOptions.builder()
.dependsOn(proxy)
.build());
}
}
resources:
# Forwarding rule for Internal Load Balancing
default:
type: gcp:compute:ForwardingRule
properties:
name: website-forwarding-rule
region: us-central1
ipProtocol: TCP
loadBalancingScheme: INTERNAL_MANAGED
portRange: '80'
target: ${defaultRegionTargetHttpProxy.id}
network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
networkTier: PREMIUM
options:
dependson:
- ${proxy}
defaultRegionTargetHttpProxy:
type: gcp:compute:RegionTargetHttpProxy
name: default
properties:
region: us-central1
name: website-proxy
urlMap: ${defaultRegionUrlMap.id}
defaultRegionUrlMap:
type: gcp:compute:RegionUrlMap
name: default
properties:
region: us-central1
name: website-map
defaultService: ${defaultRegionBackendService.id}
defaultRegionBackendService:
type: gcp:compute:RegionBackendService
name: default
properties:
loadBalancingScheme: INTERNAL_MANAGED
backends:
- group: ${rigm.instanceGroup}
balancingMode: UTILIZATION
capacityScaler: 1
region: us-central1
name: website-backend
protocol: HTTP
timeoutSec: 10
healthChecks: ${defaultRegionHealthCheck.id}
rigm:
type: gcp:compute:RegionInstanceGroupManager
properties:
region: us-central1
name: website-rigm
versions:
- instanceTemplate: ${instanceTemplate.id}
name: primary
baseInstanceName: internal-glb
targetSize: 1
instanceTemplate:
type: gcp:compute:InstanceTemplate
name: instance_template
properties:
name: template-website-backend
machineType: e2-medium
networkInterfaces:
- network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
disks:
- sourceImage: ${debianImage.selfLink}
autoDelete: true
boot: true
tags:
- allow-ssh
- load-balanced-backend
defaultRegionHealthCheck:
type: gcp:compute:RegionHealthCheck
name: default
properties:
region: us-central1
name: website-hc
httpHealthCheck:
portSpecification: USE_SERVING_PORT
options:
dependson:
- ${fw4}
fw1:
type: gcp:compute:Firewall
properties:
name: website-fw-1
network: ${defaultNetwork.id}
sourceRanges:
- 10.1.2.0/24
allows:
- protocol: tcp
- protocol: udp
- protocol: icmp
direction: INGRESS
fw2:
type: gcp:compute:Firewall
properties:
name: website-fw-2
network: ${defaultNetwork.id}
sourceRanges:
- 0.0.0.0/0
allows:
- protocol: tcp
ports:
- '22'
targetTags:
- allow-ssh
direction: INGRESS
options:
dependson:
- ${fw1}
fw3:
type: gcp:compute:Firewall
properties:
name: website-fw-3
network: ${defaultNetwork.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
allows:
- protocol: tcp
targetTags:
- load-balanced-backend
direction: INGRESS
options:
dependson:
- ${fw2}
fw4:
type: gcp:compute:Firewall
properties:
name: website-fw-4
network: ${defaultNetwork.id}
sourceRanges:
- 10.129.0.0/26
targetTags:
- load-balanced-backend
allows:
- protocol: tcp
ports:
- '80'
- protocol: tcp
ports:
- '443'
- protocol: tcp
ports:
- '8000'
direction: INGRESS
options:
dependson:
- ${fw3}
defaultNetwork:
type: gcp:compute:Network
name: default
properties:
name: website-net
autoCreateSubnetworks: false
routingMode: REGIONAL
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: website-net-default
ipCidrRange: 10.1.2.0/24
region: us-central1
network: ${defaultNetwork.id}
proxy:
type: gcp:compute:Subnetwork
properties:
name: website-net-proxy
ipCidrRange: 10.129.0.0/26
region: us-central1
network: ${defaultNetwork.id}
purpose: REGIONAL_MANAGED_PROXY
role: ACTIVE
variables:
debianImage:
fn::invoke:
Function: gcp:compute:getImage
Arguments:
family: debian-11
project: debian-cloud
Forwarding Rule Regional Http Xlb
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const debianImage = gcp.compute.getImage({
family: "debian-11",
project: "debian-cloud",
});
const defaultNetwork = new gcp.compute.Network("default", {
name: "website-net",
autoCreateSubnetworks: false,
routingMode: "REGIONAL",
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "website-net-default",
ipCidrRange: "10.1.2.0/24",
region: "us-central1",
network: defaultNetwork.id,
});
const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
name: "template-website-backend",
machineType: "e2-medium",
networkInterfaces: [{
network: defaultNetwork.id,
subnetwork: defaultSubnetwork.id,
}],
disks: [{
sourceImage: debianImage.then(debianImage => debianImage.selfLink),
autoDelete: true,
boot: true,
}],
tags: [
"allow-ssh",
"load-balanced-backend",
],
});
const rigm = new gcp.compute.RegionInstanceGroupManager("rigm", {
region: "us-central1",
name: "website-rigm",
versions: [{
instanceTemplate: instanceTemplate.id,
name: "primary",
}],
baseInstanceName: "internal-glb",
targetSize: 1,
});
const fw1 = new gcp.compute.Firewall("fw1", {
name: "website-fw-1",
network: defaultNetwork.id,
sourceRanges: ["10.1.2.0/24"],
allows: [
{
protocol: "tcp",
},
{
protocol: "udp",
},
{
protocol: "icmp",
},
],
direction: "INGRESS",
});
const fw2 = new gcp.compute.Firewall("fw2", {
name: "website-fw-2",
network: defaultNetwork.id,
sourceRanges: ["0.0.0.0/0"],
allows: [{
protocol: "tcp",
ports: ["22"],
}],
targetTags: ["allow-ssh"],
direction: "INGRESS",
}, {
dependsOn: [fw1],
});
const fw3 = new gcp.compute.Firewall("fw3", {
name: "website-fw-3",
network: defaultNetwork.id,
sourceRanges: [
"130.211.0.0/22",
"35.191.0.0/16",
],
allows: [{
protocol: "tcp",
}],
targetTags: ["load-balanced-backend"],
direction: "INGRESS",
}, {
dependsOn: [fw2],
});
const fw4 = new gcp.compute.Firewall("fw4", {
name: "website-fw-4",
network: defaultNetwork.id,
sourceRanges: ["10.129.0.0/26"],
targetTags: ["load-balanced-backend"],
allows: [
{
protocol: "tcp",
ports: ["80"],
},
{
protocol: "tcp",
ports: ["443"],
},
{
protocol: "tcp",
ports: ["8000"],
},
],
direction: "INGRESS",
}, {
dependsOn: [fw3],
});
const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
region: "us-central1",
name: "website-hc",
httpHealthCheck: {
portSpecification: "USE_SERVING_PORT",
},
}, {
dependsOn: [fw4],
});
const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", {
loadBalancingScheme: "EXTERNAL_MANAGED",
backends: [{
group: rigm.instanceGroup,
balancingMode: "UTILIZATION",
capacityScaler: 1,
}],
region: "us-central1",
name: "website-backend",
protocol: "HTTP",
timeoutSec: 10,
healthChecks: defaultRegionHealthCheck.id,
});
const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", {
region: "us-central1",
name: "website-map",
defaultService: defaultRegionBackendService.id,
});
const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", {
region: "us-central1",
name: "website-proxy",
urlMap: defaultRegionUrlMap.id,
});
const defaultAddress = new gcp.compute.Address("default", {
name: "website-ip-1",
region: "us-central1",
networkTier: "STANDARD",
});
const proxy = new gcp.compute.Subnetwork("proxy", {
name: "website-net-proxy",
ipCidrRange: "10.129.0.0/26",
region: "us-central1",
network: defaultNetwork.id,
purpose: "REGIONAL_MANAGED_PROXY",
role: "ACTIVE",
});
// Forwarding rule for Regional External Load Balancing
const _default = new gcp.compute.ForwardingRule("default", {
name: "website-forwarding-rule",
region: "us-central1",
ipProtocol: "TCP",
loadBalancingScheme: "EXTERNAL_MANAGED",
portRange: "80",
target: defaultRegionTargetHttpProxy.id,
network: defaultNetwork.id,
ipAddress: defaultAddress.address,
networkTier: "STANDARD",
}, {
dependsOn: [proxy],
});
import pulumi
import pulumi_gcp as gcp
debian_image = gcp.compute.get_image(family="debian-11",
project="debian-cloud")
default_network = gcp.compute.Network("default",
name="website-net",
auto_create_subnetworks=False,
routing_mode="REGIONAL")
default_subnetwork = gcp.compute.Subnetwork("default",
name="website-net-default",
ip_cidr_range="10.1.2.0/24",
region="us-central1",
network=default_network.id)
instance_template = gcp.compute.InstanceTemplate("instance_template",
name="template-website-backend",
machine_type="e2-medium",
network_interfaces=[{
"network": default_network.id,
"subnetwork": default_subnetwork.id,
}],
disks=[{
"source_image": debian_image.self_link,
"auto_delete": True,
"boot": True,
}],
tags=[
"allow-ssh",
"load-balanced-backend",
])
rigm = gcp.compute.RegionInstanceGroupManager("rigm",
region="us-central1",
name="website-rigm",
versions=[{
"instance_template": instance_template.id,
"name": "primary",
}],
base_instance_name="internal-glb",
target_size=1)
fw1 = gcp.compute.Firewall("fw1",
name="website-fw-1",
network=default_network.id,
source_ranges=["10.1.2.0/24"],
allows=[
{
"protocol": "tcp",
},
{
"protocol": "udp",
},
{
"protocol": "icmp",
},
],
direction="INGRESS")
fw2 = gcp.compute.Firewall("fw2",
name="website-fw-2",
network=default_network.id,
source_ranges=["0.0.0.0/0"],
allows=[{
"protocol": "tcp",
"ports": ["22"],
}],
target_tags=["allow-ssh"],
direction="INGRESS",
opts = pulumi.ResourceOptions(depends_on=[fw1]))
fw3 = gcp.compute.Firewall("fw3",
name="website-fw-3",
network=default_network.id,
source_ranges=[
"130.211.0.0/22",
"35.191.0.0/16",
],
allows=[{
"protocol": "tcp",
}],
target_tags=["load-balanced-backend"],
direction="INGRESS",
opts = pulumi.ResourceOptions(depends_on=[fw2]))
fw4 = gcp.compute.Firewall("fw4",
name="website-fw-4",
network=default_network.id,
source_ranges=["10.129.0.0/26"],
target_tags=["load-balanced-backend"],
allows=[
{
"protocol": "tcp",
"ports": ["80"],
},
{
"protocol": "tcp",
"ports": ["443"],
},
{
"protocol": "tcp",
"ports": ["8000"],
},
],
direction="INGRESS",
opts = pulumi.ResourceOptions(depends_on=[fw3]))
default_region_health_check = gcp.compute.RegionHealthCheck("default",
region="us-central1",
name="website-hc",
http_health_check={
"port_specification": "USE_SERVING_PORT",
},
opts = pulumi.ResourceOptions(depends_on=[fw4]))
default_region_backend_service = gcp.compute.RegionBackendService("default",
load_balancing_scheme="EXTERNAL_MANAGED",
backends=[{
"group": rigm.instance_group,
"balancing_mode": "UTILIZATION",
"capacity_scaler": 1,
}],
region="us-central1",
name="website-backend",
protocol="HTTP",
timeout_sec=10,
health_checks=default_region_health_check.id)
default_region_url_map = gcp.compute.RegionUrlMap("default",
region="us-central1",
name="website-map",
default_service=default_region_backend_service.id)
default_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy("default",
region="us-central1",
name="website-proxy",
url_map=default_region_url_map.id)
default_address = gcp.compute.Address("default",
name="website-ip-1",
region="us-central1",
network_tier="STANDARD")
proxy = gcp.compute.Subnetwork("proxy",
name="website-net-proxy",
ip_cidr_range="10.129.0.0/26",
region="us-central1",
network=default_network.id,
purpose="REGIONAL_MANAGED_PROXY",
role="ACTIVE")
# Forwarding rule for Regional External Load Balancing
default = gcp.compute.ForwardingRule("default",
name="website-forwarding-rule",
region="us-central1",
ip_protocol="TCP",
load_balancing_scheme="EXTERNAL_MANAGED",
port_range="80",
target=default_region_target_http_proxy.id,
network=default_network.id,
ip_address=default_address.address,
network_tier="STANDARD",
opts = pulumi.ResourceOptions(depends_on=[proxy]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
debianImage, err := compute.LookupImage(ctx, &compute.LookupImageArgs{
Family: pulumi.StringRef("debian-11"),
Project: pulumi.StringRef("debian-cloud"),
}, nil)
if err != nil {
return err
}
defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("website-net"),
AutoCreateSubnetworks: pulumi.Bool(false),
RoutingMode: pulumi.String("REGIONAL"),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("website-net-default"),
IpCidrRange: pulumi.String("10.1.2.0/24"),
Region: pulumi.String("us-central1"),
Network: defaultNetwork.ID(),
})
if err != nil {
return err
}
instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
Name: pulumi.String("template-website-backend"),
MachineType: pulumi.String("e2-medium"),
NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
&compute.InstanceTemplateNetworkInterfaceArgs{
Network: defaultNetwork.ID(),
Subnetwork: defaultSubnetwork.ID(),
},
},
Disks: compute.InstanceTemplateDiskArray{
&compute.InstanceTemplateDiskArgs{
SourceImage: pulumi.String(debianImage.SelfLink),
AutoDelete: pulumi.Bool(true),
Boot: pulumi.Bool(true),
},
},
Tags: pulumi.StringArray{
pulumi.String("allow-ssh"),
pulumi.String("load-balanced-backend"),
},
})
if err != nil {
return err
}
rigm, err := compute.NewRegionInstanceGroupManager(ctx, "rigm", &compute.RegionInstanceGroupManagerArgs{
Region: pulumi.String("us-central1"),
Name: pulumi.String("website-rigm"),
Versions: compute.RegionInstanceGroupManagerVersionArray{
&compute.RegionInstanceGroupManagerVersionArgs{
InstanceTemplate: instanceTemplate.ID(),
Name: pulumi.String("primary"),
},
},
BaseInstanceName: pulumi.String("internal-glb"),
TargetSize: pulumi.Int(1),
})
if err != nil {
return err
}
fw1, err := compute.NewFirewall(ctx, "fw1", &compute.FirewallArgs{
Name: pulumi.String("website-fw-1"),
Network: defaultNetwork.ID(),
SourceRanges: pulumi.StringArray{
pulumi.String("10.1.2.0/24"),
},
Allows: compute.FirewallAllowArray{
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
},
&compute.FirewallAllowArgs{
Protocol: pulumi.String("udp"),
},
&compute.FirewallAllowArgs{
Protocol: pulumi.String("icmp"),
},
},
Direction: pulumi.String("INGRESS"),
})
if err != nil {
return err
}
fw2, err := compute.NewFirewall(ctx, "fw2", &compute.FirewallArgs{
Name: pulumi.String("website-fw-2"),
Network: defaultNetwork.ID(),
SourceRanges: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
Allows: compute.FirewallAllowArray{
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
Ports: pulumi.StringArray{
pulumi.String("22"),
},
},
},
TargetTags: pulumi.StringArray{
pulumi.String("allow-ssh"),
},
Direction: pulumi.String("INGRESS"),
}, pulumi.DependsOn([]pulumi.Resource{
fw1,
}))
if err != nil {
return err
}
fw3, err := compute.NewFirewall(ctx, "fw3", &compute.FirewallArgs{
Name: pulumi.String("website-fw-3"),
Network: defaultNetwork.ID(),
SourceRanges: pulumi.StringArray{
pulumi.String("130.211.0.0/22"),
pulumi.String("35.191.0.0/16"),
},
Allows: compute.FirewallAllowArray{
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
},
},
TargetTags: pulumi.StringArray{
pulumi.String("load-balanced-backend"),
},
Direction: pulumi.String("INGRESS"),
}, pulumi.DependsOn([]pulumi.Resource{
fw2,
}))
if err != nil {
return err
}
fw4, err := compute.NewFirewall(ctx, "fw4", &compute.FirewallArgs{
Name: pulumi.String("website-fw-4"),
Network: defaultNetwork.ID(),
SourceRanges: pulumi.StringArray{
pulumi.String("10.129.0.0/26"),
},
TargetTags: pulumi.StringArray{
pulumi.String("load-balanced-backend"),
},
Allows: compute.FirewallAllowArray{
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
Ports: pulumi.StringArray{
pulumi.String("80"),
},
},
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
Ports: pulumi.StringArray{
pulumi.String("443"),
},
},
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
Ports: pulumi.StringArray{
pulumi.String("8000"),
},
},
},
Direction: pulumi.String("INGRESS"),
}, pulumi.DependsOn([]pulumi.Resource{
fw3,
}))
if err != nil {
return err
}
defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
Region: pulumi.String("us-central1"),
Name: pulumi.String("website-hc"),
HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
PortSpecification: pulumi.String("USE_SERVING_PORT"),
},
}, pulumi.DependsOn([]pulumi.Resource{
fw4,
}))
if err != nil {
return err
}
defaultRegionBackendService, err := compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
Backends: compute.RegionBackendServiceBackendArray{
&compute.RegionBackendServiceBackendArgs{
Group: rigm.InstanceGroup,
BalancingMode: pulumi.String("UTILIZATION"),
CapacityScaler: pulumi.Float64(1),
},
},
Region: pulumi.String("us-central1"),
Name: pulumi.String("website-backend"),
Protocol: pulumi.String("HTTP"),
TimeoutSec: pulumi.Int(10),
HealthChecks: defaultRegionHealthCheck.ID(),
})
if err != nil {
return err
}
defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{
Region: pulumi.String("us-central1"),
Name: pulumi.String("website-map"),
DefaultService: defaultRegionBackendService.ID(),
})
if err != nil {
return err
}
defaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{
Region: pulumi.String("us-central1"),
Name: pulumi.String("website-proxy"),
UrlMap: defaultRegionUrlMap.ID(),
})
if err != nil {
return err
}
defaultAddress, err := compute.NewAddress(ctx, "default", &compute.AddressArgs{
Name: pulumi.String("website-ip-1"),
Region: pulumi.String("us-central1"),
NetworkTier: pulumi.String("STANDARD"),
})
if err != nil {
return err
}
proxy, err := compute.NewSubnetwork(ctx, "proxy", &compute.SubnetworkArgs{
Name: pulumi.String("website-net-proxy"),
IpCidrRange: pulumi.String("10.129.0.0/26"),
Region: pulumi.String("us-central1"),
Network: defaultNetwork.ID(),
Purpose: pulumi.String("REGIONAL_MANAGED_PROXY"),
Role: pulumi.String("ACTIVE"),
})
if err != nil {
return err
}
// Forwarding rule for Regional External Load Balancing
_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
Name: pulumi.String("website-forwarding-rule"),
Region: pulumi.String("us-central1"),
IpProtocol: pulumi.String("TCP"),
LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
PortRange: pulumi.String("80"),
Target: defaultRegionTargetHttpProxy.ID(),
Network: defaultNetwork.ID(),
IpAddress: defaultAddress.Address,
NetworkTier: pulumi.String("STANDARD"),
}, pulumi.DependsOn([]pulumi.Resource{
proxy,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var debianImage = Gcp.Compute.GetImage.Invoke(new()
{
Family = "debian-11",
Project = "debian-cloud",
});
var defaultNetwork = new Gcp.Compute.Network("default", new()
{
Name = "website-net",
AutoCreateSubnetworks = false,
RoutingMode = "REGIONAL",
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "website-net-default",
IpCidrRange = "10.1.2.0/24",
Region = "us-central1",
Network = defaultNetwork.Id,
});
var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
{
Name = "template-website-backend",
MachineType = "e2-medium",
NetworkInterfaces = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
{
Network = defaultNetwork.Id,
Subnetwork = defaultSubnetwork.Id,
},
},
Disks = new[]
{
new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
{
SourceImage = debianImage.Apply(getImageResult => getImageResult.SelfLink),
AutoDelete = true,
Boot = true,
},
},
Tags = new[]
{
"allow-ssh",
"load-balanced-backend",
},
});
var rigm = new Gcp.Compute.RegionInstanceGroupManager("rigm", new()
{
Region = "us-central1",
Name = "website-rigm",
Versions = new[]
{
new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs
{
InstanceTemplate = instanceTemplate.Id,
Name = "primary",
},
},
BaseInstanceName = "internal-glb",
TargetSize = 1,
});
var fw1 = new Gcp.Compute.Firewall("fw1", new()
{
Name = "website-fw-1",
Network = defaultNetwork.Id,
SourceRanges = new[]
{
"10.1.2.0/24",
},
Allows = new[]
{
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
},
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "udp",
},
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "icmp",
},
},
Direction = "INGRESS",
});
var fw2 = new Gcp.Compute.Firewall("fw2", new()
{
Name = "website-fw-2",
Network = defaultNetwork.Id,
SourceRanges = new[]
{
"0.0.0.0/0",
},
Allows = new[]
{
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
Ports = new[]
{
"22",
},
},
},
TargetTags = new[]
{
"allow-ssh",
},
Direction = "INGRESS",
}, new CustomResourceOptions
{
DependsOn =
{
fw1,
},
});
var fw3 = new Gcp.Compute.Firewall("fw3", new()
{
Name = "website-fw-3",
Network = defaultNetwork.Id,
SourceRanges = new[]
{
"130.211.0.0/22",
"35.191.0.0/16",
},
Allows = new[]
{
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
},
},
TargetTags = new[]
{
"load-balanced-backend",
},
Direction = "INGRESS",
}, new CustomResourceOptions
{
DependsOn =
{
fw2,
},
});
var fw4 = new Gcp.Compute.Firewall("fw4", new()
{
Name = "website-fw-4",
Network = defaultNetwork.Id,
SourceRanges = new[]
{
"10.129.0.0/26",
},
TargetTags = new[]
{
"load-balanced-backend",
},
Allows = new[]
{
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
Ports = new[]
{
"80",
},
},
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
Ports = new[]
{
"443",
},
},
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
Ports = new[]
{
"8000",
},
},
},
Direction = "INGRESS",
}, new CustomResourceOptions
{
DependsOn =
{
fw3,
},
});
var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
{
Region = "us-central1",
Name = "website-hc",
HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
{
PortSpecification = "USE_SERVING_PORT",
},
}, new CustomResourceOptions
{
DependsOn =
{
fw4,
},
});
var defaultRegionBackendService = new Gcp.Compute.RegionBackendService("default", new()
{
LoadBalancingScheme = "EXTERNAL_MANAGED",
Backends = new[]
{
new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs
{
Group = rigm.InstanceGroup,
BalancingMode = "UTILIZATION",
CapacityScaler = 1,
},
},
Region = "us-central1",
Name = "website-backend",
Protocol = "HTTP",
TimeoutSec = 10,
HealthChecks = defaultRegionHealthCheck.Id,
});
var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new()
{
Region = "us-central1",
Name = "website-map",
DefaultService = defaultRegionBackendService.Id,
});
var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy("default", new()
{
Region = "us-central1",
Name = "website-proxy",
UrlMap = defaultRegionUrlMap.Id,
});
var defaultAddress = new Gcp.Compute.Address("default", new()
{
Name = "website-ip-1",
Region = "us-central1",
NetworkTier = "STANDARD",
});
var proxy = new Gcp.Compute.Subnetwork("proxy", new()
{
Name = "website-net-proxy",
IpCidrRange = "10.129.0.0/26",
Region = "us-central1",
Network = defaultNetwork.Id,
Purpose = "REGIONAL_MANAGED_PROXY",
Role = "ACTIVE",
});
// Forwarding rule for Regional External Load Balancing
var @default = new Gcp.Compute.ForwardingRule("default", new()
{
Name = "website-forwarding-rule",
Region = "us-central1",
IpProtocol = "TCP",
LoadBalancingScheme = "EXTERNAL_MANAGED",
PortRange = "80",
Target = defaultRegionTargetHttpProxy.Id,
Network = defaultNetwork.Id,
IpAddress = defaultAddress.IPAddress,
NetworkTier = "STANDARD",
}, new CustomResourceOptions
{
DependsOn =
{
proxy,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetImageArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.RegionInstanceGroupManager;
import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
import com.pulumi.gcp.compute.RegionUrlMap;
import com.pulumi.gcp.compute.RegionUrlMapArgs;
import com.pulumi.gcp.compute.RegionTargetHttpProxy;
import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
.family("debian-11")
.project("debian-cloud")
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.name("website-net")
.autoCreateSubnetworks(false)
.routingMode("REGIONAL")
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("website-net-default")
.ipCidrRange("10.1.2.0/24")
.region("us-central1")
.network(defaultNetwork.id())
.build());
var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()
.name("template-website-backend")
.machineType("e2-medium")
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.build())
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
.autoDelete(true)
.boot(true)
.build())
.tags(
"allow-ssh",
"load-balanced-backend")
.build());
var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder()
.region("us-central1")
.name("website-rigm")
.versions(RegionInstanceGroupManagerVersionArgs.builder()
.instanceTemplate(instanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("internal-glb")
.targetSize(1)
.build());
var fw1 = new Firewall("fw1", FirewallArgs.builder()
.name("website-fw-1")
.network(defaultNetwork.id())
.sourceRanges("10.1.2.0/24")
.allows(
FirewallAllowArgs.builder()
.protocol("tcp")
.build(),
FirewallAllowArgs.builder()
.protocol("udp")
.build(),
FirewallAllowArgs.builder()
.protocol("icmp")
.build())
.direction("INGRESS")
.build());
var fw2 = new Firewall("fw2", FirewallArgs.builder()
.name("website-fw-2")
.network(defaultNetwork.id())
.sourceRanges("0.0.0.0/0")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.ports("22")
.build())
.targetTags("allow-ssh")
.direction("INGRESS")
.build(), CustomResourceOptions.builder()
.dependsOn(fw1)
.build());
var fw3 = new Firewall("fw3", FirewallArgs.builder()
.name("website-fw-3")
.network(defaultNetwork.id())
.sourceRanges(
"130.211.0.0/22",
"35.191.0.0/16")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.build())
.targetTags("load-balanced-backend")
.direction("INGRESS")
.build(), CustomResourceOptions.builder()
.dependsOn(fw2)
.build());
var fw4 = new Firewall("fw4", FirewallArgs.builder()
.name("website-fw-4")
.network(defaultNetwork.id())
.sourceRanges("10.129.0.0/26")
.targetTags("load-balanced-backend")
.allows(
FirewallAllowArgs.builder()
.protocol("tcp")
.ports("80")
.build(),
FirewallAllowArgs.builder()
.protocol("tcp")
.ports("443")
.build(),
FirewallAllowArgs.builder()
.protocol("tcp")
.ports("8000")
.build())
.direction("INGRESS")
.build(), CustomResourceOptions.builder()
.dependsOn(fw3)
.build());
var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()
.region("us-central1")
.name("website-hc")
.httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
.portSpecification("USE_SERVING_PORT")
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(fw4)
.build());
var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()
.loadBalancingScheme("EXTERNAL_MANAGED")
.backends(RegionBackendServiceBackendArgs.builder()
.group(rigm.instanceGroup())
.balancingMode("UTILIZATION")
.capacityScaler(1)
.build())
.region("us-central1")
.name("website-backend")
.protocol("HTTP")
.timeoutSec(10)
.healthChecks(defaultRegionHealthCheck.id())
.build());
var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()
.region("us-central1")
.name("website-map")
.defaultService(defaultRegionBackendService.id())
.build());
var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()
.region("us-central1")
.name("website-proxy")
.urlMap(defaultRegionUrlMap.id())
.build());
var defaultAddress = new Address("defaultAddress", AddressArgs.builder()
.name("website-ip-1")
.region("us-central1")
.networkTier("STANDARD")
.build());
var proxy = new Subnetwork("proxy", SubnetworkArgs.builder()
.name("website-net-proxy")
.ipCidrRange("10.129.0.0/26")
.region("us-central1")
.network(defaultNetwork.id())
.purpose("REGIONAL_MANAGED_PROXY")
.role("ACTIVE")
.build());
// Forwarding rule for Regional External Load Balancing
var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
.name("website-forwarding-rule")
.region("us-central1")
.ipProtocol("TCP")
.loadBalancingScheme("EXTERNAL_MANAGED")
.portRange("80")
.target(defaultRegionTargetHttpProxy.id())
.network(defaultNetwork.id())
.ipAddress(defaultAddress.address())
.networkTier("STANDARD")
.build(), CustomResourceOptions.builder()
.dependsOn(proxy)
.build());
}
}
resources:
# Forwarding rule for Regional External Load Balancing
default:
type: gcp:compute:ForwardingRule
properties:
name: website-forwarding-rule
region: us-central1
ipProtocol: TCP
loadBalancingScheme: EXTERNAL_MANAGED
portRange: '80'
target: ${defaultRegionTargetHttpProxy.id}
network: ${defaultNetwork.id}
ipAddress: ${defaultAddress.address}
networkTier: STANDARD
options:
dependson:
- ${proxy}
defaultRegionTargetHttpProxy:
type: gcp:compute:RegionTargetHttpProxy
name: default
properties:
region: us-central1
name: website-proxy
urlMap: ${defaultRegionUrlMap.id}
defaultRegionUrlMap:
type: gcp:compute:RegionUrlMap
name: default
properties:
region: us-central1
name: website-map
defaultService: ${defaultRegionBackendService.id}
defaultRegionBackendService:
type: gcp:compute:RegionBackendService
name: default
properties:
loadBalancingScheme: EXTERNAL_MANAGED
backends:
- group: ${rigm.instanceGroup}
balancingMode: UTILIZATION
capacityScaler: 1
region: us-central1
name: website-backend
protocol: HTTP
timeoutSec: 10
healthChecks: ${defaultRegionHealthCheck.id}
rigm:
type: gcp:compute:RegionInstanceGroupManager
properties:
region: us-central1
name: website-rigm
versions:
- instanceTemplate: ${instanceTemplate.id}
name: primary
baseInstanceName: internal-glb
targetSize: 1
instanceTemplate:
type: gcp:compute:InstanceTemplate
name: instance_template
properties:
name: template-website-backend
machineType: e2-medium
networkInterfaces:
- network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
disks:
- sourceImage: ${debianImage.selfLink}
autoDelete: true
boot: true
tags:
- allow-ssh
- load-balanced-backend
defaultRegionHealthCheck:
type: gcp:compute:RegionHealthCheck
name: default
properties:
region: us-central1
name: website-hc
httpHealthCheck:
portSpecification: USE_SERVING_PORT
options:
dependson:
- ${fw4}
defaultAddress:
type: gcp:compute:Address
name: default
properties:
name: website-ip-1
region: us-central1
networkTier: STANDARD
fw1:
type: gcp:compute:Firewall
properties:
name: website-fw-1
network: ${defaultNetwork.id}
sourceRanges:
- 10.1.2.0/24
allows:
- protocol: tcp
- protocol: udp
- protocol: icmp
direction: INGRESS
fw2:
type: gcp:compute:Firewall
properties:
name: website-fw-2
network: ${defaultNetwork.id}
sourceRanges:
- 0.0.0.0/0
allows:
- protocol: tcp
ports:
- '22'
targetTags:
- allow-ssh
direction: INGRESS
options:
dependson:
- ${fw1}
fw3:
type: gcp:compute:Firewall
properties:
name: website-fw-3
network: ${defaultNetwork.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
allows:
- protocol: tcp
targetTags:
- load-balanced-backend
direction: INGRESS
options:
dependson:
- ${fw2}
fw4:
type: gcp:compute:Firewall
properties:
name: website-fw-4
network: ${defaultNetwork.id}
sourceRanges:
- 10.129.0.0/26
targetTags:
- load-balanced-backend
allows:
- protocol: tcp
ports:
- '80'
- protocol: tcp
ports:
- '443'
- protocol: tcp
ports:
- '8000'
direction: INGRESS
options:
dependson:
- ${fw3}
defaultNetwork:
type: gcp:compute:Network
name: default
properties:
name: website-net
autoCreateSubnetworks: false
routingMode: REGIONAL
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: website-net-default
ipCidrRange: 10.1.2.0/24
region: us-central1
network: ${defaultNetwork.id}
proxy:
type: gcp:compute:Subnetwork
properties:
name: website-net-proxy
ipCidrRange: 10.129.0.0/26
region: us-central1
network: ${defaultNetwork.id}
purpose: REGIONAL_MANAGED_PROXY
role: ACTIVE
variables:
debianImage:
fn::invoke:
Function: gcp:compute:getImage
Arguments:
family: debian-11
project: debian-cloud
Forwarding Rule Vpc Psc
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
// Consumer service endpoint
const consumerNet = new gcp.compute.Network("consumer_net", {
name: "consumer-net",
autoCreateSubnetworks: false,
});
const consumerSubnet = new gcp.compute.Subnetwork("consumer_subnet", {
name: "consumer-net",
ipCidrRange: "10.0.0.0/16",
region: "us-central1",
network: consumerNet.id,
});
const consumerAddress = new gcp.compute.Address("consumer_address", {
name: "website-ip-1",
region: "us-central1",
subnetwork: consumerSubnet.id,
addressType: "INTERNAL",
});
// Producer service attachment
const producerNet = new gcp.compute.Network("producer_net", {
name: "producer-net",
autoCreateSubnetworks: false,
});
const pscProducerSubnet = new gcp.compute.Subnetwork("psc_producer_subnet", {
name: "producer-psc-net",
ipCidrRange: "10.1.0.0/16",
region: "us-central1",
purpose: "PRIVATE_SERVICE_CONNECT",
network: producerNet.id,
});
const producerSubnet = new gcp.compute.Subnetwork("producer_subnet", {
name: "producer-net",
ipCidrRange: "10.0.0.0/16",
region: "us-central1",
network: producerNet.id,
});
const producerServiceHealthCheck = new gcp.compute.HealthCheck("producer_service_health_check", {
name: "producer-service-health-check",
checkIntervalSec: 1,
timeoutSec: 1,
tcpHealthCheck: {
port: 80,
},
});
const producerServiceBackend = new gcp.compute.RegionBackendService("producer_service_backend", {
name: "producer-service-backend",
region: "us-central1",
healthChecks: producerServiceHealthCheck.id,
});
const producerTargetService = new gcp.compute.ForwardingRule("producer_target_service", {
name: "producer-forwarding-rule",
region: "us-central1",
loadBalancingScheme: "INTERNAL",
backendService: producerServiceBackend.id,
allPorts: true,
network: producerNet.name,
subnetwork: producerSubnet.name,
});
const producerServiceAttachment = new gcp.compute.ServiceAttachment("producer_service_attachment", {
name: "producer-service",
region: "us-central1",
description: "A service attachment configured with Terraform",
enableProxyProtocol: true,
connectionPreference: "ACCEPT_AUTOMATIC",
natSubnets: [pscProducerSubnet.name],
targetService: producerTargetService.id,
});
// Forwarding rule for VPC private service connect
const _default = new gcp.compute.ForwardingRule("default", {
name: "psc-endpoint",
region: "us-central1",
loadBalancingScheme: "",
target: producerServiceAttachment.id,
network: consumerNet.name,
ipAddress: consumerAddress.id,
allowPscGlobalAccess: true,
});
import pulumi
import pulumi_gcp as gcp
# Consumer service endpoint
consumer_net = gcp.compute.Network("consumer_net",
name="consumer-net",
auto_create_subnetworks=False)
consumer_subnet = gcp.compute.Subnetwork("consumer_subnet",
name="consumer-net",
ip_cidr_range="10.0.0.0/16",
region="us-central1",
network=consumer_net.id)
consumer_address = gcp.compute.Address("consumer_address",
name="website-ip-1",
region="us-central1",
subnetwork=consumer_subnet.id,
address_type="INTERNAL")
# Producer service attachment
producer_net = gcp.compute.Network("producer_net",
name="producer-net",
auto_create_subnetworks=False)
psc_producer_subnet = gcp.compute.Subnetwork("psc_producer_subnet",
name="producer-psc-net",
ip_cidr_range="10.1.0.0/16",
region="us-central1",
purpose="PRIVATE_SERVICE_CONNECT",
network=producer_net.id)
producer_subnet = gcp.compute.Subnetwork("producer_subnet",
name="producer-net",
ip_cidr_range="10.0.0.0/16",
region="us-central1",
network=producer_net.id)
producer_service_health_check = gcp.compute.HealthCheck("producer_service_health_check",
name="producer-service-health-check",
check_interval_sec=1,
timeout_sec=1,
tcp_health_check={
"port": 80,
})
producer_service_backend = gcp.compute.RegionBackendService("producer_service_backend",
name="producer-service-backend",
region="us-central1",
health_checks=producer_service_health_check.id)
producer_target_service = gcp.compute.ForwardingRule("producer_target_service",
name="producer-forwarding-rule",
region="us-central1",
load_balancing_scheme="INTERNAL",
backend_service=producer_service_backend.id,
all_ports=True,
network=producer_net.name,
subnetwork=producer_subnet.name)
producer_service_attachment = gcp.compute.ServiceAttachment("producer_service_attachment",
name="producer-service",
region="us-central1",
description="A service attachment configured with Terraform",
enable_proxy_protocol=True,
connection_preference="ACCEPT_AUTOMATIC",
nat_subnets=[psc_producer_subnet.name],
target_service=producer_target_service.id)
# Forwarding rule for VPC private service connect
default = gcp.compute.ForwardingRule("default",
name="psc-endpoint",
region="us-central1",
load_balancing_scheme="",
target=producer_service_attachment.id,
network=consumer_net.name,
ip_address=consumer_address.id,
allow_psc_global_access=True)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Consumer service endpoint
consumerNet, err := compute.NewNetwork(ctx, "consumer_net", &compute.NetworkArgs{
Name: pulumi.String("consumer-net"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
consumerSubnet, err := compute.NewSubnetwork(ctx, "consumer_subnet", &compute.SubnetworkArgs{
Name: pulumi.String("consumer-net"),
IpCidrRange: pulumi.String("10.0.0.0/16"),
Region: pulumi.String("us-central1"),
Network: consumerNet.ID(),
})
if err != nil {
return err
}
consumerAddress, err := compute.NewAddress(ctx, "consumer_address", &compute.AddressArgs{
Name: pulumi.String("website-ip-1"),
Region: pulumi.String("us-central1"),
Subnetwork: consumerSubnet.ID(),
AddressType: pulumi.String("INTERNAL"),
})
if err != nil {
return err
}
// Producer service attachment
producerNet, err := compute.NewNetwork(ctx, "producer_net", &compute.NetworkArgs{
Name: pulumi.String("producer-net"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
pscProducerSubnet, err := compute.NewSubnetwork(ctx, "psc_producer_subnet", &compute.SubnetworkArgs{
Name: pulumi.String("producer-psc-net"),
IpCidrRange: pulumi.String("10.1.0.0/16"),
Region: pulumi.String("us-central1"),
Purpose: pulumi.String("PRIVATE_SERVICE_CONNECT"),
Network: producerNet.ID(),
})
if err != nil {
return err
}
producerSubnet, err := compute.NewSubnetwork(ctx, "producer_subnet", &compute.SubnetworkArgs{
Name: pulumi.String("producer-net"),
IpCidrRange: pulumi.String("10.0.0.0/16"),
Region: pulumi.String("us-central1"),
Network: producerNet.ID(),
})
if err != nil {
return err
}
producerServiceHealthCheck, err := compute.NewHealthCheck(ctx, "producer_service_health_check", &compute.HealthCheckArgs{
Name: pulumi.String("producer-service-health-check"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
producerServiceBackend, err := compute.NewRegionBackendService(ctx, "producer_service_backend", &compute.RegionBackendServiceArgs{
Name: pulumi.String("producer-service-backend"),
Region: pulumi.String("us-central1"),
HealthChecks: producerServiceHealthCheck.ID(),
})
if err != nil {
return err
}
producerTargetService, err := compute.NewForwardingRule(ctx, "producer_target_service", &compute.ForwardingRuleArgs{
Name: pulumi.String("producer-forwarding-rule"),
Region: pulumi.String("us-central1"),
LoadBalancingScheme: pulumi.String("INTERNAL"),
BackendService: producerServiceBackend.ID(),
AllPorts: pulumi.Bool(true),
Network: producerNet.Name,
Subnetwork: producerSubnet.Name,
})
if err != nil {
return err
}
producerServiceAttachment, err := compute.NewServiceAttachment(ctx, "producer_service_attachment", &compute.ServiceAttachmentArgs{
Name: pulumi.String("producer-service"),
Region: pulumi.String("us-central1"),
Description: pulumi.String("A service attachment configured with Terraform"),
EnableProxyProtocol: pulumi.Bool(true),
ConnectionPreference: pulumi.String("ACCEPT_AUTOMATIC"),
NatSubnets: pulumi.StringArray{
pscProducerSubnet.Name,
},
TargetService: producerTargetService.ID(),
})
if err != nil {
return err
}
// Forwarding rule for VPC private service connect
_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
Name: pulumi.String("psc-endpoint"),
Region: pulumi.String("us-central1"),
LoadBalancingScheme: pulumi.String(""),
Target: producerServiceAttachment.ID(),
Network: consumerNet.Name,
IpAddress: consumerAddress.ID(),
AllowPscGlobalAccess: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
// Consumer service endpoint
var consumerNet = new Gcp.Compute.Network("consumer_net", new()
{
Name = "consumer-net",
AutoCreateSubnetworks = false,
});
var consumerSubnet = new Gcp.Compute.Subnetwork("consumer_subnet", new()
{
Name = "consumer-net",
IpCidrRange = "10.0.0.0/16",
Region = "us-central1",
Network = consumerNet.Id,
});
var consumerAddress = new Gcp.Compute.Address("consumer_address", new()
{
Name = "website-ip-1",
Region = "us-central1",
Subnetwork = consumerSubnet.Id,
AddressType = "INTERNAL",
});
// Producer service attachment
var producerNet = new Gcp.Compute.Network("producer_net", new()
{
Name = "producer-net",
AutoCreateSubnetworks = false,
});
var pscProducerSubnet = new Gcp.Compute.Subnetwork("psc_producer_subnet", new()
{
Name = "producer-psc-net",
IpCidrRange = "10.1.0.0/16",
Region = "us-central1",
Purpose = "PRIVATE_SERVICE_CONNECT",
Network = producerNet.Id,
});
var producerSubnet = new Gcp.Compute.Subnetwork("producer_subnet", new()
{
Name = "producer-net",
IpCidrRange = "10.0.0.0/16",
Region = "us-central1",
Network = producerNet.Id,
});
var producerServiceHealthCheck = new Gcp.Compute.HealthCheck("producer_service_health_check", new()
{
Name = "producer-service-health-check",
CheckIntervalSec = 1,
TimeoutSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
Port = 80,
},
});
var producerServiceBackend = new Gcp.Compute.RegionBackendService("producer_service_backend", new()
{
Name = "producer-service-backend",
Region = "us-central1",
HealthChecks = producerServiceHealthCheck.Id,
});
var producerTargetService = new Gcp.Compute.ForwardingRule("producer_target_service", new()
{
Name = "producer-forwarding-rule",
Region = "us-central1",
LoadBalancingScheme = "INTERNAL",
BackendService = producerServiceBackend.Id,
AllPorts = true,
Network = producerNet.Name,
Subnetwork = producerSubnet.Name,
});
var producerServiceAttachment = new Gcp.Compute.ServiceAttachment("producer_service_attachment", new()
{
Name = "producer-service",
Region = "us-central1",
Description = "A service attachment configured with Terraform",
EnableProxyProtocol = true,
ConnectionPreference = "ACCEPT_AUTOMATIC",
NatSubnets = new[]
{
pscProducerSubnet.Name,
},
TargetService = producerTargetService.Id,
});
// Forwarding rule for VPC private service connect
var @default = new Gcp.Compute.ForwardingRule("default", new()
{
Name = "psc-endpoint",
Region = "us-central1",
LoadBalancingScheme = "",
Target = producerServiceAttachment.Id,
Network = consumerNet.Name,
IpAddress = consumerAddress.Id,
AllowPscGlobalAccess = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.gcp.compute.ServiceAttachment;
import com.pulumi.gcp.compute.ServiceAttachmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Consumer service endpoint
var consumerNet = new Network("consumerNet", NetworkArgs.builder()
.name("consumer-net")
.autoCreateSubnetworks(false)
.build());
var consumerSubnet = new Subnetwork("consumerSubnet", SubnetworkArgs.builder()
.name("consumer-net")
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.network(consumerNet.id())
.build());
var consumerAddress = new Address("consumerAddress", AddressArgs.builder()
.name("website-ip-1")
.region("us-central1")
.subnetwork(consumerSubnet.id())
.addressType("INTERNAL")
.build());
// Producer service attachment
var producerNet = new Network("producerNet", NetworkArgs.builder()
.name("producer-net")
.autoCreateSubnetworks(false)
.build());
var pscProducerSubnet = new Subnetwork("pscProducerSubnet", SubnetworkArgs.builder()
.name("producer-psc-net")
.ipCidrRange("10.1.0.0/16")
.region("us-central1")
.purpose("PRIVATE_SERVICE_CONNECT")
.network(producerNet.id())
.build());
var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder()
.name("producer-net")
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.network(producerNet.id())
.build());
var producerServiceHealthCheck = new HealthCheck("producerServiceHealthCheck", HealthCheckArgs.builder()
.name("producer-service-health-check")
.checkIntervalSec(1)
.timeoutSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
var producerServiceBackend = new RegionBackendService("producerServiceBackend", RegionBackendServiceArgs.builder()
.name("producer-service-backend")
.region("us-central1")
.healthChecks(producerServiceHealthCheck.id())
.build());
var producerTargetService = new ForwardingRule("producerTargetService", ForwardingRuleArgs.builder()
.name("producer-forwarding-rule")
.region("us-central1")
.loadBalancingScheme("INTERNAL")
.backendService(producerServiceBackend.id())
.allPorts(true)
.network(producerNet.name())
.subnetwork(producerSubnet.name())
.build());
var producerServiceAttachment = new ServiceAttachment("producerServiceAttachment", ServiceAttachmentArgs.builder()
.name("producer-service")
.region("us-central1")
.description("A service attachment configured with Terraform")
.enableProxyProtocol(true)
.connectionPreference("ACCEPT_AUTOMATIC")
.natSubnets(pscProducerSubnet.name())
.targetService(producerTargetService.id())
.build());
// Forwarding rule for VPC private service connect
var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
.name("psc-endpoint")
.region("us-central1")
.loadBalancingScheme("")
.target(producerServiceAttachment.id())
.network(consumerNet.name())
.ipAddress(consumerAddress.id())
.allowPscGlobalAccess(true)
.build());
}
}
resources:
# Forwarding rule for VPC private service connect
default:
type: gcp:compute:ForwardingRule
properties:
name: psc-endpoint
region: us-central1
loadBalancingScheme:
target: ${producerServiceAttachment.id}
network: ${consumerNet.name}
ipAddress: ${consumerAddress.id}
allowPscGlobalAccess: true
# Consumer service endpoint
consumerNet:
type: gcp:compute:Network
name: consumer_net
properties:
name: consumer-net
autoCreateSubnetworks: false
consumerSubnet:
type: gcp:compute:Subnetwork
name: consumer_subnet
properties:
name: consumer-net
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${consumerNet.id}
consumerAddress:
type: gcp:compute:Address
name: consumer_address
properties:
name: website-ip-1
region: us-central1
subnetwork: ${consumerSubnet.id}
addressType: INTERNAL
# Producer service attachment
producerNet:
type: gcp:compute:Network
name: producer_net
properties:
name: producer-net
autoCreateSubnetworks: false
producerSubnet:
type: gcp:compute:Subnetwork
name: producer_subnet
properties:
name: producer-net
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${producerNet.id}
pscProducerSubnet:
type: gcp:compute:Subnetwork
name: psc_producer_subnet
properties:
name: producer-psc-net
ipCidrRange: 10.1.0.0/16
region: us-central1
purpose: PRIVATE_SERVICE_CONNECT
network: ${producerNet.id}
producerServiceAttachment:
type: gcp:compute:ServiceAttachment
name: producer_service_attachment
properties:
name: producer-service
region: us-central1
description: A service attachment configured with Terraform
enableProxyProtocol: true
connectionPreference: ACCEPT_AUTOMATIC
natSubnets:
- ${pscProducerSubnet.name}
targetService: ${producerTargetService.id}
producerTargetService:
type: gcp:compute:ForwardingRule
name: producer_target_service
properties:
name: producer-forwarding-rule
region: us-central1
loadBalancingScheme: INTERNAL
backendService: ${producerServiceBackend.id}
allPorts: true
network: ${producerNet.name}
subnetwork: ${producerSubnet.name}
producerServiceBackend:
type: gcp:compute:RegionBackendService
name: producer_service_backend
properties:
name: producer-service-backend
region: us-central1
healthChecks: ${producerServiceHealthCheck.id}
producerServiceHealthCheck:
type: gcp:compute:HealthCheck
name: producer_service_health_check
properties:
name: producer-service-health-check
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
Forwarding Rule Vpc Psc No Automate Dns
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const consumerNet = new gcp.compute.Network("consumer_net", {
name: "consumer-net",
autoCreateSubnetworks: false,
});
const consumerSubnet = new gcp.compute.Subnetwork("consumer_subnet", {
name: "consumer-net",
ipCidrRange: "10.0.0.0/16",
region: "us-central1",
network: consumerNet.id,
});
const consumerAddress = new gcp.compute.Address("consumer_address", {
name: "website-ip-1",
region: "us-central1",
subnetwork: consumerSubnet.id,
addressType: "INTERNAL",
});
const producerNet = new gcp.compute.Network("producer_net", {
name: "producer-net",
autoCreateSubnetworks: false,
});
const pscProducerSubnet = new gcp.compute.Subnetwork("psc_producer_subnet", {
name: "producer-psc-net",
ipCidrRange: "10.1.0.0/16",
region: "us-central1",
purpose: "PRIVATE_SERVICE_CONNECT",
network: producerNet.id,
});
const producerSubnet = new gcp.compute.Subnetwork("producer_subnet", {
name: "producer-net",
ipCidrRange: "10.0.0.0/16",
region: "us-central1",
network: producerNet.id,
});
const producerServiceHealthCheck = new gcp.compute.HealthCheck("producer_service_health_check", {
name: "producer-service-health-check",
checkIntervalSec: 1,
timeoutSec: 1,
tcpHealthCheck: {
port: 80,
},
});
const producerServiceBackend = new gcp.compute.RegionBackendService("producer_service_backend", {
name: "producer-service-backend",
region: "us-central1",
healthChecks: producerServiceHealthCheck.id,
});
const producerTargetService = new gcp.compute.ForwardingRule("producer_target_service", {
name: "producer-forwarding-rule",
region: "us-central1",
loadBalancingScheme: "INTERNAL",
backendService: producerServiceBackend.id,
allPorts: true,
network: producerNet.name,
subnetwork: producerSubnet.name,
});
const producerServiceAttachment = new gcp.compute.ServiceAttachment("producer_service_attachment", {
name: "producer-service",
region: "us-central1",
description: "A service attachment configured with Terraform",
enableProxyProtocol: true,
connectionPreference: "ACCEPT_AUTOMATIC",
natSubnets: [pscProducerSubnet.name],
targetService: producerTargetService.id,
});
const _default = new gcp.compute.ForwardingRule("default", {
name: "psc-endpoint",
region: "us-central1",
loadBalancingScheme: "",
target: producerServiceAttachment.id,
network: consumerNet.name,
ipAddress: consumerAddress.id,
allowPscGlobalAccess: true,
noAutomateDnsZone: true,
});
import pulumi
import pulumi_gcp as gcp
consumer_net = gcp.compute.Network("consumer_net",
name="consumer-net",
auto_create_subnetworks=False)
consumer_subnet = gcp.compute.Subnetwork("consumer_subnet",
name="consumer-net",
ip_cidr_range="10.0.0.0/16",
region="us-central1",
network=consumer_net.id)
consumer_address = gcp.compute.Address("consumer_address",
name="website-ip-1",
region="us-central1",
subnetwork=consumer_subnet.id,
address_type="INTERNAL")
producer_net = gcp.compute.Network("producer_net",
name="producer-net",
auto_create_subnetworks=False)
psc_producer_subnet = gcp.compute.Subnetwork("psc_producer_subnet",
name="producer-psc-net",
ip_cidr_range="10.1.0.0/16",
region="us-central1",
purpose="PRIVATE_SERVICE_CONNECT",
network=producer_net.id)
producer_subnet = gcp.compute.Subnetwork("producer_subnet",
name="producer-net",
ip_cidr_range="10.0.0.0/16",
region="us-central1",
network=producer_net.id)
producer_service_health_check = gcp.compute.HealthCheck("producer_service_health_check",
name="producer-service-health-check",
check_interval_sec=1,
timeout_sec=1,
tcp_health_check={
"port": 80,
})
producer_service_backend = gcp.compute.RegionBackendService("producer_service_backend",
name="producer-service-backend",
region="us-central1",
health_checks=producer_service_health_check.id)
producer_target_service = gcp.compute.ForwardingRule("producer_target_service",
name="producer-forwarding-rule",
region="us-central1",
load_balancing_scheme="INTERNAL",
backend_service=producer_service_backend.id,
all_ports=True,
network=producer_net.name,
subnetwork=producer_subnet.name)
producer_service_attachment = gcp.compute.ServiceAttachment("producer_service_attachment",
name="producer-service",
region="us-central1",
description="A service attachment configured with Terraform",
enable_proxy_protocol=True,
connection_preference="ACCEPT_AUTOMATIC",
nat_subnets=[psc_producer_subnet.name],
target_service=producer_target_service.id)
default = gcp.compute.ForwardingRule("default",
name="psc-endpoint",
region="us-central1",
load_balancing_scheme="",
target=producer_service_attachment.id,
network=consumer_net.name,
ip_address=consumer_address.id,
allow_psc_global_access=True,
no_automate_dns_zone=True)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
consumerNet, err := compute.NewNetwork(ctx, "consumer_net", &compute.NetworkArgs{
Name: pulumi.String("consumer-net"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
consumerSubnet, err := compute.NewSubnetwork(ctx, "consumer_subnet", &compute.SubnetworkArgs{
Name: pulumi.String("consumer-net"),
IpCidrRange: pulumi.String("10.0.0.0/16"),
Region: pulumi.String("us-central1"),
Network: consumerNet.ID(),
})
if err != nil {
return err
}
consumerAddress, err := compute.NewAddress(ctx, "consumer_address", &compute.AddressArgs{
Name: pulumi.String("website-ip-1"),
Region: pulumi.String("us-central1"),
Subnetwork: consumerSubnet.ID(),
AddressType: pulumi.String("INTERNAL"),
})
if err != nil {
return err
}
producerNet, err := compute.NewNetwork(ctx, "producer_net", &compute.NetworkArgs{
Name: pulumi.String("producer-net"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
pscProducerSubnet, err := compute.NewSubnetwork(ctx, "psc_producer_subnet", &compute.SubnetworkArgs{
Name: pulumi.String("producer-psc-net"),
IpCidrRange: pulumi.String("10.1.0.0/16"),
Region: pulumi.String("us-central1"),
Purpose: pulumi.String("PRIVATE_SERVICE_CONNECT"),
Network: producerNet.ID(),
})
if err != nil {
return err
}
producerSubnet, err := compute.NewSubnetwork(ctx, "producer_subnet", &compute.SubnetworkArgs{
Name: pulumi.String("producer-net"),
IpCidrRange: pulumi.String("10.0.0.0/16"),
Region: pulumi.String("us-central1"),
Network: producerNet.ID(),
})
if err != nil {
return err
}
producerServiceHealthCheck, err := compute.NewHealthCheck(ctx, "producer_service_health_check", &compute.HealthCheckArgs{
Name: pulumi.String("producer-service-health-check"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
producerServiceBackend, err := compute.NewRegionBackendService(ctx, "producer_service_backend", &compute.RegionBackendServiceArgs{
Name: pulumi.String("producer-service-backend"),
Region: pulumi.String("us-central1"),
HealthChecks: producerServiceHealthCheck.ID(),
})
if err != nil {
return err
}
producerTargetService, err := compute.NewForwardingRule(ctx, "producer_target_service", &compute.ForwardingRuleArgs{
Name: pulumi.String("producer-forwarding-rule"),
Region: pulumi.String("us-central1"),
LoadBalancingScheme: pulumi.String("INTERNAL"),
BackendService: producerServiceBackend.ID(),
AllPorts: pulumi.Bool(true),
Network: producerNet.Name,
Subnetwork: producerSubnet.Name,
})
if err != nil {
return err
}
producerServiceAttachment, err := compute.NewServiceAttachment(ctx, "producer_service_attachment", &compute.ServiceAttachmentArgs{
Name: pulumi.String("producer-service"),
Region: pulumi.String("us-central1"),
Description: pulumi.String("A service attachment configured with Terraform"),
EnableProxyProtocol: pulumi.Bool(true),
ConnectionPreference: pulumi.String("ACCEPT_AUTOMATIC"),
NatSubnets: pulumi.StringArray{
pscProducerSubnet.Name,
},
TargetService: producerTargetService.ID(),
})
if err != nil {
return err
}
_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
Name: pulumi.String("psc-endpoint"),
Region: pulumi.String("us-central1"),
LoadBalancingScheme: pulumi.String(""),
Target: producerServiceAttachment.ID(),
Network: consumerNet.Name,
IpAddress: consumerAddress.ID(),
AllowPscGlobalAccess: pulumi.Bool(true),
NoAutomateDnsZone: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var consumerNet = new Gcp.Compute.Network("consumer_net", new()
{
Name = "consumer-net",
AutoCreateSubnetworks = false,
});
var consumerSubnet = new Gcp.Compute.Subnetwork("consumer_subnet", new()
{
Name = "consumer-net",
IpCidrRange = "10.0.0.0/16",
Region = "us-central1",
Network = consumerNet.Id,
});
var consumerAddress = new Gcp.Compute.Address("consumer_address", new()
{
Name = "website-ip-1",
Region = "us-central1",
Subnetwork = consumerSubnet.Id,
AddressType = "INTERNAL",
});
var producerNet = new Gcp.Compute.Network("producer_net", new()
{
Name = "producer-net",
AutoCreateSubnetworks = false,
});
var pscProducerSubnet = new Gcp.Compute.Subnetwork("psc_producer_subnet", new()
{
Name = "producer-psc-net",
IpCidrRange = "10.1.0.0/16",
Region = "us-central1",
Purpose = "PRIVATE_SERVICE_CONNECT",
Network = producerNet.Id,
});
var producerSubnet = new Gcp.Compute.Subnetwork("producer_subnet", new()
{
Name = "producer-net",
IpCidrRange = "10.0.0.0/16",
Region = "us-central1",
Network = producerNet.Id,
});
var producerServiceHealthCheck = new Gcp.Compute.HealthCheck("producer_service_health_check", new()
{
Name = "producer-service-health-check",
CheckIntervalSec = 1,
TimeoutSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
Port = 80,
},
});
var producerServiceBackend = new Gcp.Compute.RegionBackendService("producer_service_backend", new()
{
Name = "producer-service-backend",
Region = "us-central1",
HealthChecks = producerServiceHealthCheck.Id,
});
var producerTargetService = new Gcp.Compute.ForwardingRule("producer_target_service", new()
{
Name = "producer-forwarding-rule",
Region = "us-central1",
LoadBalancingScheme = "INTERNAL",
BackendService = producerServiceBackend.Id,
AllPorts = true,
Network = producerNet.Name,
Subnetwork = producerSubnet.Name,
});
var producerServiceAttachment = new Gcp.Compute.ServiceAttachment("producer_service_attachment", new()
{
Name = "producer-service",
Region = "us-central1",
Description = "A service attachment configured with Terraform",
EnableProxyProtocol = true,
ConnectionPreference = "ACCEPT_AUTOMATIC",
NatSubnets = new[]
{
pscProducerSubnet.Name,
},
TargetService = producerTargetService.Id,
});
var @default = new Gcp.Compute.ForwardingRule("default", new()
{
Name = "psc-endpoint",
Region = "us-central1",
LoadBalancingScheme = "",
Target = producerServiceAttachment.Id,
Network = consumerNet.Name,
IpAddress = consumerAddress.Id,
AllowPscGlobalAccess = true,
NoAutomateDnsZone = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.gcp.compute.ServiceAttachment;
import com.pulumi.gcp.compute.ServiceAttachmentArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var consumerNet = new Network("consumerNet", NetworkArgs.builder()
.name("consumer-net")
.autoCreateSubnetworks(false)
.build());
var consumerSubnet = new Subnetwork("consumerSubnet", SubnetworkArgs.builder()
.name("consumer-net")
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.network(consumerNet.id())
.build());
var consumerAddress = new Address("consumerAddress", AddressArgs.builder()
.name("website-ip-1")
.region("us-central1")
.subnetwork(consumerSubnet.id())
.addressType("INTERNAL")
.build());
var producerNet = new Network("producerNet", NetworkArgs.builder()
.name("producer-net")
.autoCreateSubnetworks(false)
.build());
var pscProducerSubnet = new Subnetwork("pscProducerSubnet", SubnetworkArgs.builder()
.name("producer-psc-net")
.ipCidrRange("10.1.0.0/16")
.region("us-central1")
.purpose("PRIVATE_SERVICE_CONNECT")
.network(producerNet.id())
.build());
var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder()
.name("producer-net")
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.network(producerNet.id())
.build());
var producerServiceHealthCheck = new HealthCheck("producerServiceHealthCheck", HealthCheckArgs.builder()
.name("producer-service-health-check")
.checkIntervalSec(1)
.timeoutSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
var producerServiceBackend = new RegionBackendService("producerServiceBackend", RegionBackendServiceArgs.builder()
.name("producer-service-backend")
.region("us-central1")
.healthChecks(producerServiceHealthCheck.id())
.build());
var producerTargetService = new ForwardingRule("producerTargetService", ForwardingRuleArgs.builder()
.name("producer-forwarding-rule")
.region("us-central1")
.loadBalancingScheme("INTERNAL")
.backendService(producerServiceBackend.id())
.allPorts(true)
.network(producerNet.name())
.subnetwork(producerSubnet.name())
.build());
var producerServiceAttachment = new ServiceAttachment("producerServiceAttachment", ServiceAttachmentArgs.builder()
.name("producer-service")
.region("us-central1")
.description("A service attachment configured with Terraform")
.enableProxyProtocol(true)
.connectionPreference("ACCEPT_AUTOMATIC")
.natSubnets(pscProducerSubnet.name())
.targetService(producerTargetService.id())
.build());
var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
.name("psc-endpoint")
.region("us-central1")
.loadBalancingScheme("")
.target(producerServiceAttachment.id())
.network(consumerNet.name())
.ipAddress(consumerAddress.id())
.allowPscGlobalAccess(true)
.noAutomateDnsZone(true)
.build());
}
}
resources:
default:
type: gcp:compute:ForwardingRule
properties:
name: psc-endpoint
region: us-central1
loadBalancingScheme:
target: ${producerServiceAttachment.id}
network: ${consumerNet.name}
ipAddress: ${consumerAddress.id}
allowPscGlobalAccess: true
noAutomateDnsZone: true
consumerNet:
type: gcp:compute:Network
name: consumer_net
properties:
name: consumer-net
autoCreateSubnetworks: false
consumerSubnet:
type: gcp:compute:Subnetwork
name: consumer_subnet
properties:
name: consumer-net
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${consumerNet.id}
consumerAddress:
type: gcp:compute:Address
name: consumer_address
properties:
name: website-ip-1
region: us-central1
subnetwork: ${consumerSubnet.id}
addressType: INTERNAL
producerNet:
type: gcp:compute:Network
name: producer_net
properties:
name: producer-net
autoCreateSubnetworks: false
producerSubnet:
type: gcp:compute:Subnetwork
name: producer_subnet
properties:
name: producer-net
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${producerNet.id}
pscProducerSubnet:
type: gcp:compute:Subnetwork
name: psc_producer_subnet
properties:
name: producer-psc-net
ipCidrRange: 10.1.0.0/16
region: us-central1
purpose: PRIVATE_SERVICE_CONNECT
network: ${producerNet.id}
producerServiceAttachment:
type: gcp:compute:ServiceAttachment
name: producer_service_attachment
properties:
name: producer-service
region: us-central1
description: A service attachment configured with Terraform
enableProxyProtocol: true
connectionPreference: ACCEPT_AUTOMATIC
natSubnets:
- ${pscProducerSubnet.name}
targetService: ${producerTargetService.id}
producerTargetService:
type: gcp:compute:ForwardingRule
name: producer_target_service
properties:
name: producer-forwarding-rule
region: us-central1
loadBalancingScheme: INTERNAL
backendService: ${producerServiceBackend.id}
allPorts: true
network: ${producerNet.name}
subnetwork: ${producerSubnet.name}
producerServiceBackend:
type: gcp:compute:RegionBackendService
name: producer_service_backend
properties:
name: producer-service-backend
region: us-central1
healthChecks: ${producerServiceHealthCheck.id}
producerServiceHealthCheck:
type: gcp:compute:HealthCheck
name: producer_service_health_check
properties:
name: producer-service-health-check
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
Forwarding Rule Regional Steering
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const basic = new gcp.compute.Address("basic", {
name: "website-ip",
region: "us-central1",
});
const external = new gcp.compute.RegionBackendService("external", {
name: "service-backend",
region: "us-central1",
loadBalancingScheme: "EXTERNAL",
});
const externalForwardingRule = new gcp.compute.ForwardingRule("external", {
name: "external-forwarding-rule",
region: "us-central1",
ipAddress: basic.address,
backendService: external.selfLink,
loadBalancingScheme: "EXTERNAL",
});
const steering = new gcp.compute.ForwardingRule("steering", {
name: "steering-rule",
region: "us-central1",
ipAddress: basic.address,
backendService: external.selfLink,
loadBalancingScheme: "EXTERNAL",
sourceIpRanges: [
"34.121.88.0/24",
"35.187.239.137",
],
}, {
dependsOn: [externalForwardingRule],
});
import pulumi
import pulumi_gcp as gcp
basic = gcp.compute.Address("basic",
name="website-ip",
region="us-central1")
external = gcp.compute.RegionBackendService("external",
name="service-backend",
region="us-central1",
load_balancing_scheme="EXTERNAL")
external_forwarding_rule = gcp.compute.ForwardingRule("external",
name="external-forwarding-rule",
region="us-central1",
ip_address=basic.address,
backend_service=external.self_link,
load_balancing_scheme="EXTERNAL")
steering = gcp.compute.ForwardingRule("steering",
name="steering-rule",
region="us-central1",
ip_address=basic.address,
backend_service=external.self_link,
load_balancing_scheme="EXTERNAL",
source_ip_ranges=[
"34.121.88.0/24",
"35.187.239.137",
],
opts = pulumi.ResourceOptions(depends_on=[external_forwarding_rule]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
basic, err := compute.NewAddress(ctx, "basic", &compute.AddressArgs{
Name: pulumi.String("website-ip"),
Region: pulumi.String("us-central1"),
})
if err != nil {
return err
}
external, err := compute.NewRegionBackendService(ctx, "external", &compute.RegionBackendServiceArgs{
Name: pulumi.String("service-backend"),
Region: pulumi.String("us-central1"),
LoadBalancingScheme: pulumi.String("EXTERNAL"),
})
if err != nil {
return err
}
externalForwardingRule, err := compute.NewForwardingRule(ctx, "external", &compute.ForwardingRuleArgs{
Name: pulumi.String("external-forwarding-rule"),
Region: pulumi.String("us-central1"),
IpAddress: basic.Address,
BackendService: external.SelfLink,
LoadBalancingScheme: pulumi.String("EXTERNAL"),
})
if err != nil {
return err
}
_, err = compute.NewForwardingRule(ctx, "steering", &compute.ForwardingRuleArgs{
Name: pulumi.String("steering-rule"),
Region: pulumi.String("us-central1"),
IpAddress: basic.Address,
BackendService: external.SelfLink,
LoadBalancingScheme: pulumi.String("EXTERNAL"),
SourceIpRanges: pulumi.StringArray{
pulumi.String("34.121.88.0/24"),
pulumi.String("35.187.239.137"),
},
}, pulumi.DependsOn([]pulumi.Resource{
externalForwardingRule,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var basic = new Gcp.Compute.Address("basic", new()
{
Name = "website-ip",
Region = "us-central1",
});
var external = new Gcp.Compute.RegionBackendService("external", new()
{
Name = "service-backend",
Region = "us-central1",
LoadBalancingScheme = "EXTERNAL",
});
var externalForwardingRule = new Gcp.Compute.ForwardingRule("external", new()
{
Name = "external-forwarding-rule",
Region = "us-central1",
IpAddress = basic.IPAddress,
BackendService = external.SelfLink,
LoadBalancingScheme = "EXTERNAL",
});
var steering = new Gcp.Compute.ForwardingRule("steering", new()
{
Name = "steering-rule",
Region = "us-central1",
IpAddress = basic.IPAddress,
BackendService = external.SelfLink,
LoadBalancingScheme = "EXTERNAL",
SourceIpRanges = new[]
{
"34.121.88.0/24",
"35.187.239.137",
},
}, new CustomResourceOptions
{
DependsOn =
{
externalForwardingRule,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var basic = new Address("basic", AddressArgs.builder()
.name("website-ip")
.region("us-central1")
.build());
var external = new RegionBackendService("external", RegionBackendServiceArgs.builder()
.name("service-backend")
.region("us-central1")
.loadBalancingScheme("EXTERNAL")
.build());
var externalForwardingRule = new ForwardingRule("externalForwardingRule", ForwardingRuleArgs.builder()
.name("external-forwarding-rule")
.region("us-central1")
.ipAddress(basic.address())
.backendService(external.selfLink())
.loadBalancingScheme("EXTERNAL")
.build());
var steering = new ForwardingRule("steering", ForwardingRuleArgs.builder()
.name("steering-rule")
.region("us-central1")
.ipAddress(basic.address())
.backendService(external.selfLink())
.loadBalancingScheme("EXTERNAL")
.sourceIpRanges(
"34.121.88.0/24",
"35.187.239.137")
.build(), CustomResourceOptions.builder()
.dependsOn(externalForwardingRule)
.build());
}
}
resources:
steering:
type: gcp:compute:ForwardingRule
properties:
name: steering-rule
region: us-central1
ipAddress: ${basic.address}
backendService: ${external.selfLink}
loadBalancingScheme: EXTERNAL
sourceIpRanges:
- 34.121.88.0/24
- 35.187.239.137
options:
dependson:
- ${externalForwardingRule}
basic:
type: gcp:compute:Address
properties:
name: website-ip
region: us-central1
external:
type: gcp:compute:RegionBackendService
properties:
name: service-backend
region: us-central1
loadBalancingScheme: EXTERNAL
externalForwardingRule:
type: gcp:compute:ForwardingRule
name: external
properties:
name: external-forwarding-rule
region: us-central1
ipAddress: ${basic.address}
backendService: ${external.selfLink}
loadBalancingScheme: EXTERNAL
Forwarding Rule Internallb Ipv6
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const hc = new gcp.compute.HealthCheck("hc", {
name: "check-ilb-ipv6-backend",
checkIntervalSec: 1,
timeoutSec: 1,
tcpHealthCheck: {
port: 80,
},
});
const backend = new gcp.compute.RegionBackendService("backend", {
name: "ilb-ipv6-backend",
region: "us-central1",
healthChecks: hc.id,
});
const defaultNetwork = new gcp.compute.Network("default", {
name: "net-ipv6",
autoCreateSubnetworks: false,
enableUlaInternalIpv6: true,
});
const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
name: "subnet-internal-ipv6",
ipCidrRange: "10.0.0.0/16",
region: "us-central1",
stackType: "IPV4_IPV6",
ipv6AccessType: "INTERNAL",
network: defaultNetwork.id,
});
// Forwarding rule for Internal Load Balancing
const _default = new gcp.compute.ForwardingRule("default", {
name: "ilb-ipv6-forwarding-rule",
region: "us-central1",
loadBalancingScheme: "INTERNAL",
backendService: backend.id,
allPorts: true,
network: defaultNetwork.name,
subnetwork: defaultSubnetwork.name,
ipVersion: "IPV6",
});
import pulumi
import pulumi_gcp as gcp
hc = gcp.compute.HealthCheck("hc",
name="check-ilb-ipv6-backend",
check_interval_sec=1,
timeout_sec=1,
tcp_health_check={
"port": 80,
})
backend = gcp.compute.RegionBackendService("backend",
name="ilb-ipv6-backend",
region="us-central1",
health_checks=hc.id)
default_network = gcp.compute.Network("default",
name="net-ipv6",
auto_create_subnetworks=False,
enable_ula_internal_ipv6=True)
default_subnetwork = gcp.compute.Subnetwork("default",
name="subnet-internal-ipv6",
ip_cidr_range="10.0.0.0/16",
region="us-central1",
stack_type="IPV4_IPV6",
ipv6_access_type="INTERNAL",
network=default_network.id)
# Forwarding rule for Internal Load Balancing
default = gcp.compute.ForwardingRule("default",
name="ilb-ipv6-forwarding-rule",
region="us-central1",
load_balancing_scheme="INTERNAL",
backend_service=backend.id,
all_ports=True,
network=default_network.name,
subnetwork=default_subnetwork.name,
ip_version="IPV6")
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
hc, err := compute.NewHealthCheck(ctx, "hc", &compute.HealthCheckArgs{
Name: pulumi.String("check-ilb-ipv6-backend"),
CheckIntervalSec: pulumi.Int(1),
TimeoutSec: pulumi.Int(1),
TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
Name: pulumi.String("ilb-ipv6-backend"),
Region: pulumi.String("us-central1"),
HealthChecks: hc.ID(),
})
if err != nil {
return err
}
defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("net-ipv6"),
AutoCreateSubnetworks: pulumi.Bool(false),
EnableUlaInternalIpv6: pulumi.Bool(true),
})
if err != nil {
return err
}
defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
Name: pulumi.String("subnet-internal-ipv6"),
IpCidrRange: pulumi.String("10.0.0.0/16"),
Region: pulumi.String("us-central1"),
StackType: pulumi.String("IPV4_IPV6"),
Ipv6AccessType: pulumi.String("INTERNAL"),
Network: defaultNetwork.ID(),
})
if err != nil {
return err
}
// Forwarding rule for Internal Load Balancing
_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
Name: pulumi.String("ilb-ipv6-forwarding-rule"),
Region: pulumi.String("us-central1"),
LoadBalancingScheme: pulumi.String("INTERNAL"),
BackendService: backend.ID(),
AllPorts: pulumi.Bool(true),
Network: defaultNetwork.Name,
Subnetwork: defaultSubnetwork.Name,
IpVersion: pulumi.String("IPV6"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var hc = new Gcp.Compute.HealthCheck("hc", new()
{
Name = "check-ilb-ipv6-backend",
CheckIntervalSec = 1,
TimeoutSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
Port = 80,
},
});
var backend = new Gcp.Compute.RegionBackendService("backend", new()
{
Name = "ilb-ipv6-backend",
Region = "us-central1",
HealthChecks = hc.Id,
});
var defaultNetwork = new Gcp.Compute.Network("default", new()
{
Name = "net-ipv6",
AutoCreateSubnetworks = false,
EnableUlaInternalIpv6 = true,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
{
Name = "subnet-internal-ipv6",
IpCidrRange = "10.0.0.0/16",
Region = "us-central1",
StackType = "IPV4_IPV6",
Ipv6AccessType = "INTERNAL",
Network = defaultNetwork.Id,
});
// Forwarding rule for Internal Load Balancing
var @default = new Gcp.Compute.ForwardingRule("default", new()
{
Name = "ilb-ipv6-forwarding-rule",
Region = "us-central1",
LoadBalancingScheme = "INTERNAL",
BackendService = backend.Id,
AllPorts = true,
Network = defaultNetwork.Name,
Subnetwork = defaultSubnetwork.Name,
IpVersion = "IPV6",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var hc = new HealthCheck("hc", HealthCheckArgs.builder()
.name("check-ilb-ipv6-backend")
.checkIntervalSec(1)
.timeoutSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()
.name("ilb-ipv6-backend")
.region("us-central1")
.healthChecks(hc.id())
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.name("net-ipv6")
.autoCreateSubnetworks(false)
.enableUlaInternalIpv6(true)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.name("subnet-internal-ipv6")
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.stackType("IPV4_IPV6")
.ipv6AccessType("INTERNAL")
.network(defaultNetwork.id())
.build());
// Forwarding rule for Internal Load Balancing
var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
.name("ilb-ipv6-forwarding-rule")
.region("us-central1")
.loadBalancingScheme("INTERNAL")
.backendService(backend.id())
.allPorts(true)
.network(defaultNetwork.name())
.subnetwork(defaultSubnetwork.name())
.ipVersion("IPV6")
.build());
}
}
resources:
# Forwarding rule for Internal Load Balancing
default:
type: gcp:compute:ForwardingRule
properties:
name: ilb-ipv6-forwarding-rule
region: us-central1
loadBalancingScheme: INTERNAL
backendService: ${backend.id}
allPorts: true
network: ${defaultNetwork.name}
subnetwork: ${defaultSubnetwork.name}
ipVersion: IPV6
backend:
type: gcp:compute:RegionBackendService
properties:
name: ilb-ipv6-backend
region: us-central1
healthChecks: ${hc.id}
hc:
type: gcp:compute:HealthCheck
properties:
name: check-ilb-ipv6-backend
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
defaultNetwork:
type: gcp:compute:Network
name: default
properties:
name: net-ipv6
autoCreateSubnetworks: false
enableUlaInternalIpv6: true
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: subnet-internal-ipv6
ipCidrRange: 10.0.0.0/16
region: us-central1
stackType: IPV4_IPV6
ipv6AccessType: INTERNAL
network: ${defaultNetwork.id}
Create ForwardingRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ForwardingRule(name: string, args?: ForwardingRuleArgs, opts?: CustomResourceOptions);
@overload
def ForwardingRule(resource_name: str,
args: Optional[ForwardingRuleArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def ForwardingRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
all_ports: Optional[bool] = None,
allow_global_access: Optional[bool] = None,
allow_psc_global_access: Optional[bool] = None,
backend_service: Optional[str] = None,
description: Optional[str] = None,
ip_address: Optional[str] = None,
ip_protocol: Optional[str] = None,
ip_version: Optional[str] = None,
is_mirroring_collector: Optional[bool] = None,
labels: Optional[Mapping[str, str]] = None,
load_balancing_scheme: Optional[str] = None,
name: Optional[str] = None,
network: Optional[str] = None,
network_tier: Optional[str] = None,
no_automate_dns_zone: Optional[bool] = None,
port_range: Optional[str] = None,
ports: Optional[Sequence[str]] = None,
project: Optional[str] = None,
recreate_closed_psc: Optional[bool] = None,
region: Optional[str] = None,
service_directory_registrations: Optional[ForwardingRuleServiceDirectoryRegistrationsArgs] = None,
service_label: Optional[str] = None,
source_ip_ranges: Optional[Sequence[str]] = None,
subnetwork: Optional[str] = None,
target: Optional[str] = None)
func NewForwardingRule(ctx *Context, name string, args *ForwardingRuleArgs, opts ...ResourceOption) (*ForwardingRule, error)
public ForwardingRule(string name, ForwardingRuleArgs? args = null, CustomResourceOptions? opts = null)
public ForwardingRule(String name, ForwardingRuleArgs args)
public ForwardingRule(String name, ForwardingRuleArgs args, CustomResourceOptions options)
type: gcp:compute:ForwardingRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ForwardingRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ForwardingRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ForwardingRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ForwardingRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ForwardingRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var forwardingRuleResource = new Gcp.Compute.ForwardingRule("forwardingRuleResource", new()
{
AllPorts = false,
AllowGlobalAccess = false,
AllowPscGlobalAccess = false,
BackendService = "string",
Description = "string",
IpAddress = "string",
IpProtocol = "string",
IpVersion = "string",
IsMirroringCollector = false,
Labels =
{
{ "string", "string" },
},
LoadBalancingScheme = "string",
Name = "string",
Network = "string",
NetworkTier = "string",
NoAutomateDnsZone = false,
PortRange = "string",
Ports = new[]
{
"string",
},
Project = "string",
RecreateClosedPsc = false,
Region = "string",
ServiceDirectoryRegistrations = new Gcp.Compute.Inputs.ForwardingRuleServiceDirectoryRegistrationsArgs
{
Namespace = "string",
Service = "string",
},
ServiceLabel = "string",
SourceIpRanges = new[]
{
"string",
},
Subnetwork = "string",
Target = "string",
});
example, err := compute.NewForwardingRule(ctx, "forwardingRuleResource", &compute.ForwardingRuleArgs{
AllPorts: pulumi.Bool(false),
AllowGlobalAccess: pulumi.Bool(false),
AllowPscGlobalAccess: pulumi.Bool(false),
BackendService: pulumi.String("string"),
Description: pulumi.String("string"),
IpAddress: pulumi.String("string"),
IpProtocol: pulumi.String("string"),
IpVersion: pulumi.String("string"),
IsMirroringCollector: pulumi.Bool(false),
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
LoadBalancingScheme: pulumi.String("string"),
Name: pulumi.String("string"),
Network: pulumi.String("string"),
NetworkTier: pulumi.String("string"),
NoAutomateDnsZone: pulumi.Bool(false),
PortRange: pulumi.String("string"),
Ports: pulumi.StringArray{
pulumi.String("string"),
},
Project: pulumi.String("string"),
RecreateClosedPsc: pulumi.Bool(false),
Region: pulumi.String("string"),
ServiceDirectoryRegistrations: &compute.ForwardingRuleServiceDirectoryRegistrationsArgs{
Namespace: pulumi.String("string"),
Service: pulumi.String("string"),
},
ServiceLabel: pulumi.String("string"),
SourceIpRanges: pulumi.StringArray{
pulumi.String("string"),
},
Subnetwork: pulumi.String("string"),
Target: pulumi.String("string"),
})
var forwardingRuleResource = new ForwardingRule("forwardingRuleResource", ForwardingRuleArgs.builder()
.allPorts(false)
.allowGlobalAccess(false)
.allowPscGlobalAccess(false)
.backendService("string")
.description("string")
.ipAddress("string")
.ipProtocol("string")
.ipVersion("string")
.isMirroringCollector(false)
.labels(Map.of("string", "string"))
.loadBalancingScheme("string")
.name("string")
.network("string")
.networkTier("string")
.noAutomateDnsZone(false)
.portRange("string")
.ports("string")
.project("string")
.recreateClosedPsc(false)
.region("string")
.serviceDirectoryRegistrations(ForwardingRuleServiceDirectoryRegistrationsArgs.builder()
.namespace("string")
.service("string")
.build())
.serviceLabel("string")
.sourceIpRanges("string")
.subnetwork("string")
.target("string")
.build());
forwarding_rule_resource = gcp.compute.ForwardingRule("forwardingRuleResource",
all_ports=False,
allow_global_access=False,
allow_psc_global_access=False,
backend_service="string",
description="string",
ip_address="string",
ip_protocol="string",
ip_version="string",
is_mirroring_collector=False,
labels={
"string": "string",
},
load_balancing_scheme="string",
name="string",
network="string",
network_tier="string",
no_automate_dns_zone=False,
port_range="string",
ports=["string"],
project="string",
recreate_closed_psc=False,
region="string",
service_directory_registrations={
"namespace": "string",
"service": "string",
},
service_label="string",
source_ip_ranges=["string"],
subnetwork="string",
target="string")
const forwardingRuleResource = new gcp.compute.ForwardingRule("forwardingRuleResource", {
allPorts: false,
allowGlobalAccess: false,
allowPscGlobalAccess: false,
backendService: "string",
description: "string",
ipAddress: "string",
ipProtocol: "string",
ipVersion: "string",
isMirroringCollector: false,
labels: {
string: "string",
},
loadBalancingScheme: "string",
name: "string",
network: "string",
networkTier: "string",
noAutomateDnsZone: false,
portRange: "string",
ports: ["string"],
project: "string",
recreateClosedPsc: false,
region: "string",
serviceDirectoryRegistrations: {
namespace: "string",
service: "string",
},
serviceLabel: "string",
sourceIpRanges: ["string"],
subnetwork: "string",
target: "string",
});
type: gcp:compute:ForwardingRule
properties:
allPorts: false
allowGlobalAccess: false
allowPscGlobalAccess: false
backendService: string
description: string
ipAddress: string
ipProtocol: string
ipVersion: string
isMirroringCollector: false
labels:
string: string
loadBalancingScheme: string
name: string
network: string
networkTier: string
noAutomateDnsZone: false
portRange: string
ports:
- string
project: string
recreateClosedPsc: false
region: string
serviceDirectoryRegistrations:
namespace: string
service: string
serviceLabel: string
sourceIpRanges:
- string
subnetwork: string
target: string
ForwardingRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ForwardingRule resource accepts the following input properties:
- All
Ports bool - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheallPorts
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
- Set this field to true to allow packets addressed to any port or packets
lacking destination port information (for example, UDP fragments after the
first fragment) to be forwarded to the backends configured with this
forwarding rule. The L3_DEFAULT protocol requires
allPorts
be set to true.
- It requires that the forwarding rule
- Allow
Global boolAccess - This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer. - Allow
Psc boolGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Backend
Service string - Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Ip
Address string - IP address for which this forwarding rule accepts traffic. When a client
sends traffic to this IP address, the forwarding rule directs the traffic
to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: - IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule'starget
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.
- When the
- Ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
. - Ip
Version string - The IP address version that will be used by this forwarding rule.
Valid options are IPV4 and IPV6.
If not set, the IPv4 address will be used by default.
Possible values are:
IPV4
,IPV6
. - Is
Mirroring boolCollector - Indicates whether or not this load balancer can be used as a collector for
packet mirroring. To prevent mirroring loops, instances behind this
load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
. - Labels Dictionary<string, string>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
. - Name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - Network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- Network
Tier string - This signifies the networking tier used for configuring
this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
. - No
Automate boolDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheportRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- Ports List<string>
- The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. Theports
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
- You can specify a list of up to five ports by number, separated by
commas. The ports can be contiguous or discontiguous.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair if they share at least one port number. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Recreate
Closed boolPsc - Region string
- A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- Service
Directory ForwardingRegistrations Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Service
Label string - An optional prefix to the service name for this Forwarding Rule.
If specified, will be the first label of the fully qualified service
name.
The label must be 1-63 characters long, and comply with RFC1035.
Specifically, the label must be 1-63 characters long and match the
regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. - Source
Ip List<string>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
- The URL of the target resource to receive the matched traffic. For
regional forwarding rules, this target must be in the same region as the
forwarding rule. For global forwarding rules, this target must be a global
load balancing resource.
The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- All
Ports bool - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheallPorts
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
- Set this field to true to allow packets addressed to any port or packets
lacking destination port information (for example, UDP fragments after the
first fragment) to be forwarded to the backends configured with this
forwarding rule. The L3_DEFAULT protocol requires
allPorts
be set to true.
- It requires that the forwarding rule
- Allow
Global boolAccess - This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer. - Allow
Psc boolGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Backend
Service string - Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Ip
Address string - IP address for which this forwarding rule accepts traffic. When a client
sends traffic to this IP address, the forwarding rule directs the traffic
to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: - IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule'starget
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.
- When the
- Ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
. - Ip
Version string - The IP address version that will be used by this forwarding rule.
Valid options are IPV4 and IPV6.
If not set, the IPv4 address will be used by default.
Possible values are:
IPV4
,IPV6
. - Is
Mirroring boolCollector - Indicates whether or not this load balancer can be used as a collector for
packet mirroring. To prevent mirroring loops, instances behind this
load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
. - Labels map[string]string
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
. - Name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - Network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- Network
Tier string - This signifies the networking tier used for configuring
this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
. - No
Automate boolDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheportRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- Ports []string
- The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. Theports
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
- You can specify a list of up to five ports by number, separated by
commas. The ports can be contiguous or discontiguous.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair if they share at least one port number. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Recreate
Closed boolPsc - Region string
- A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- Service
Directory ForwardingRegistrations Rule Service Directory Registrations Args - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Service
Label string - An optional prefix to the service name for this Forwarding Rule.
If specified, will be the first label of the fully qualified service
name.
The label must be 1-63 characters long, and comply with RFC1035.
Specifically, the label must be 1-63 characters long and match the
regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. - Source
Ip []stringRanges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
- The URL of the target resource to receive the matched traffic. For
regional forwarding rules, this target must be in the same region as the
forwarding rule. For global forwarding rules, this target must be a global
load balancing resource.
The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all
Ports Boolean - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheallPorts
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
- Set this field to true to allow packets addressed to any port or packets
lacking destination port information (for example, UDP fragments after the
first fragment) to be forwarded to the backends configured with this
forwarding rule. The L3_DEFAULT protocol requires
allPorts
be set to true.
- It requires that the forwarding rule
- allow
Global BooleanAccess - This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer. - allow
Psc BooleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend
Service String - Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- ip
Address String - IP address for which this forwarding rule accepts traffic. When a client
sends traffic to this IP address, the forwarding rule directs the traffic
to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: - IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule'starget
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.
- When the
- ip
Protocol String - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
. - ip
Version String - The IP address version that will be used by this forwarding rule.
Valid options are IPV4 and IPV6.
If not set, the IPv4 address will be used by default.
Possible values are:
IPV4
,IPV6
. - is
Mirroring BooleanCollector - Indicates whether or not this load balancer can be used as a collector for
packet mirroring. To prevent mirroring loops, instances behind this
load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
. - labels Map<String,String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
. - name String
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network String
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network
Tier String - This signifies the networking tier used for configuring
this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
. - no
Automate BooleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheportRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- ports List<String>
- The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. Theports
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
- You can specify a list of up to five ports by number, separated by
commas. The ports can be contiguous or discontiguous.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair if they share at least one port number. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- recreate
Closed BooleanPsc - region String
- A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- service
Directory ForwardingRegistrations Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service
Label String - An optional prefix to the service name for this Forwarding Rule.
If specified, will be the first label of the fully qualified service
name.
The label must be 1-63 characters long, and comply with RFC1035.
Specifically, the label must be 1-63 characters long and match the
regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. - source
Ip List<String>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
- The URL of the target resource to receive the matched traffic. For
regional forwarding rules, this target must be in the same region as the
forwarding rule. For global forwarding rules, this target must be a global
load balancing resource.
The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all
Ports boolean - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheallPorts
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
- Set this field to true to allow packets addressed to any port or packets
lacking destination port information (for example, UDP fragments after the
first fragment) to be forwarded to the backends configured with this
forwarding rule. The L3_DEFAULT protocol requires
allPorts
be set to true.
- It requires that the forwarding rule
- allow
Global booleanAccess - This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer. - allow
Psc booleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend
Service string - Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- description string
- An optional description of this resource. Provide this property when you create the resource.
- ip
Address string - IP address for which this forwarding rule accepts traffic. When a client
sends traffic to this IP address, the forwarding rule directs the traffic
to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: - IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule'starget
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.
- When the
- ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
. - ip
Version string - The IP address version that will be used by this forwarding rule.
Valid options are IPV4 and IPV6.
If not set, the IPv4 address will be used by default.
Possible values are:
IPV4
,IPV6
. - is
Mirroring booleanCollector - Indicates whether or not this load balancer can be used as a collector for
packet mirroring. To prevent mirroring loops, instances behind this
load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
. - labels {[key: string]: string}
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
. - name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network
Tier string - This signifies the networking tier used for configuring
this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
. - no
Automate booleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range string - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheportRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- ports string[]
- The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. Theports
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
- You can specify a list of up to five ports by number, separated by
commas. The ports can be contiguous or discontiguous.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair if they share at least one port number. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- recreate
Closed booleanPsc - region string
- A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- service
Directory ForwardingRegistrations Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service
Label string - An optional prefix to the service name for this Forwarding Rule.
If specified, will be the first label of the fully qualified service
name.
The label must be 1-63 characters long, and comply with RFC1035.
Specifically, the label must be 1-63 characters long and match the
regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. - source
Ip string[]Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target string
- The URL of the target resource to receive the matched traffic. For
regional forwarding rules, this target must be in the same region as the
forwarding rule. For global forwarding rules, this target must be a global
load balancing resource.
The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all_
ports bool - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheallPorts
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
- Set this field to true to allow packets addressed to any port or packets
lacking destination port information (for example, UDP fragments after the
first fragment) to be forwarded to the backends configured with this
forwarding rule. The L3_DEFAULT protocol requires
allPorts
be set to true.
- It requires that the forwarding rule
- allow_
global_ boolaccess - This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer. - allow_
psc_ boolglobal_ access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend_
service str - Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- description str
- An optional description of this resource. Provide this property when you create the resource.
- ip_
address str - IP address for which this forwarding rule accepts traffic. When a client
sends traffic to this IP address, the forwarding rule directs the traffic
to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: - IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule'starget
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.
- When the
- ip_
protocol str - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
. - ip_
version str - The IP address version that will be used by this forwarding rule.
Valid options are IPV4 and IPV6.
If not set, the IPv4 address will be used by default.
Possible values are:
IPV4
,IPV6
. - is_
mirroring_ boolcollector - Indicates whether or not this load balancer can be used as a collector for
packet mirroring. To prevent mirroring loops, instances behind this
load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
. - labels Mapping[str, str]
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load_
balancing_ strscheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
. - name str
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network str
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network_
tier str - This signifies the networking tier used for configuring
this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
. - no_
automate_ booldns_ zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port_
range str - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheportRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- ports Sequence[str]
- The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. Theports
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
- You can specify a list of up to five ports by number, separated by
commas. The ports can be contiguous or discontiguous.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair if they share at least one port number. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- recreate_
closed_ boolpsc - region str
- A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- service_
directory_ Forwardingregistrations Rule Service Directory Registrations Args - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service_
label str - An optional prefix to the service name for this Forwarding Rule.
If specified, will be the first label of the fully qualified service
name.
The label must be 1-63 characters long, and comply with RFC1035.
Specifically, the label must be 1-63 characters long and match the
regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. - source_
ip_ Sequence[str]ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork str
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target str
- The URL of the target resource to receive the matched traffic. For
regional forwarding rules, this target must be in the same region as the
forwarding rule. For global forwarding rules, this target must be a global
load balancing resource.
The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all
Ports Boolean - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheallPorts
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
- Set this field to true to allow packets addressed to any port or packets
lacking destination port information (for example, UDP fragments after the
first fragment) to be forwarded to the backends configured with this
forwarding rule. The L3_DEFAULT protocol requires
allPorts
be set to true.
- It requires that the forwarding rule
- allow
Global BooleanAccess - This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer. - allow
Psc BooleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend
Service String - Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- ip
Address String - IP address for which this forwarding rule accepts traffic. When a client
sends traffic to this IP address, the forwarding rule directs the traffic
to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: - IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule'starget
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.
- When the
- ip
Protocol String - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
. - ip
Version String - The IP address version that will be used by this forwarding rule.
Valid options are IPV4 and IPV6.
If not set, the IPv4 address will be used by default.
Possible values are:
IPV4
,IPV6
. - is
Mirroring BooleanCollector - Indicates whether or not this load balancer can be used as a collector for
packet mirroring. To prevent mirroring loops, instances behind this
load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
. - labels Map<String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
. - name String
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network String
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network
Tier String - This signifies the networking tier used for configuring
this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
. - no
Automate BooleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheportRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- ports List<String>
- The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. Theports
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
- You can specify a list of up to five ports by number, separated by
commas. The ports can be contiguous or discontiguous.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair if they share at least one port number. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- recreate
Closed BooleanPsc - region String
- A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- service
Directory Property MapRegistrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service
Label String - An optional prefix to the service name for this Forwarding Rule.
If specified, will be the first label of the fully qualified service
name.
The label must be 1-63 characters long, and comply with RFC1035.
Specifically, the label must be 1-63 characters long and match the
regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. - source
Ip List<String>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
- The URL of the target resource to receive the matched traffic. For
regional forwarding rules, this target must be in the same region as the
forwarding rule. For global forwarding rules, this target must be a global
load balancing resource.
The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
Outputs
All input properties are implicitly available as output properties. Additionally, the ForwardingRule resource produces the following output properties:
- Base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Forwarding
Rule intId - The unique identifier number for the resource. This identifier is defined by the server.
- Id string
- The provider-assigned unique ID for this managed resource.
- Label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string - The URI of the created resource.
- Service
Name string - The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- Base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Forwarding
Rule intId - The unique identifier number for the resource. This identifier is defined by the server.
- Id string
- The provider-assigned unique ID for this managed resource.
- Label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Self
Link string - The URI of the created resource.
- Service
Name string - The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- base
Forwarding StringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- forwarding
Rule IntegerId - The unique identifier number for the resource. This identifier is defined by the server.
- id String
- The provider-assigned unique ID for this managed resource.
- label
Fingerprint String - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection StringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String - The URI of the created resource.
- service
Name String - The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation
Timestamp string - Creation timestamp in RFC3339 text format.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- forwarding
Rule numberId - The unique identifier number for the resource. This identifier is defined by the server.
- id string
- The provider-assigned unique ID for this managed resource.
- label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link string - The URI of the created resource.
- service
Name string - The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- base_
forwarding_ strrule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation_
timestamp str - Creation timestamp in RFC3339 text format.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- forwarding_
rule_ intid - The unique identifier number for the resource. This identifier is defined by the server.
- id str
- The provider-assigned unique ID for this managed resource.
- label_
fingerprint str - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc_
connection_ strid - The PSC connection id of the PSC Forwarding Rule.
- psc_
connection_ strstatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- self_
link str - The URI of the created resource.
- service_
name str - The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- base
Forwarding StringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- forwarding
Rule NumberId - The unique identifier number for the resource. This identifier is defined by the server.
- id String
- The provider-assigned unique ID for this managed resource.
- label
Fingerprint String - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection StringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- self
Link String - The URI of the created resource.
- service
Name String - The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
Look up Existing ForwardingRule Resource
Get an existing ForwardingRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ForwardingRuleState, opts?: CustomResourceOptions): ForwardingRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
all_ports: Optional[bool] = None,
allow_global_access: Optional[bool] = None,
allow_psc_global_access: Optional[bool] = None,
backend_service: Optional[str] = None,
base_forwarding_rule: Optional[str] = None,
creation_timestamp: Optional[str] = None,
description: Optional[str] = None,
effective_labels: Optional[Mapping[str, str]] = None,
forwarding_rule_id: Optional[int] = None,
ip_address: Optional[str] = None,
ip_protocol: Optional[str] = None,
ip_version: Optional[str] = None,
is_mirroring_collector: Optional[bool] = None,
label_fingerprint: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
load_balancing_scheme: Optional[str] = None,
name: Optional[str] = None,
network: Optional[str] = None,
network_tier: Optional[str] = None,
no_automate_dns_zone: Optional[bool] = None,
port_range: Optional[str] = None,
ports: Optional[Sequence[str]] = None,
project: Optional[str] = None,
psc_connection_id: Optional[str] = None,
psc_connection_status: Optional[str] = None,
pulumi_labels: Optional[Mapping[str, str]] = None,
recreate_closed_psc: Optional[bool] = None,
region: Optional[str] = None,
self_link: Optional[str] = None,
service_directory_registrations: Optional[ForwardingRuleServiceDirectoryRegistrationsArgs] = None,
service_label: Optional[str] = None,
service_name: Optional[str] = None,
source_ip_ranges: Optional[Sequence[str]] = None,
subnetwork: Optional[str] = None,
target: Optional[str] = None) -> ForwardingRule
func GetForwardingRule(ctx *Context, name string, id IDInput, state *ForwardingRuleState, opts ...ResourceOption) (*ForwardingRule, error)
public static ForwardingRule Get(string name, Input<string> id, ForwardingRuleState? state, CustomResourceOptions? opts = null)
public static ForwardingRule get(String name, Output<String> id, ForwardingRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- All
Ports bool - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheallPorts
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
- Set this field to true to allow packets addressed to any port or packets
lacking destination port information (for example, UDP fragments after the
first fragment) to be forwarded to the backends configured with this
forwarding rule. The L3_DEFAULT protocol requires
allPorts
be set to true.
- It requires that the forwarding rule
- Allow
Global boolAccess - This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer. - Allow
Psc boolGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Backend
Service string - Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- Base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Effective
Labels Dictionary<string, string> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Forwarding
Rule intId - The unique identifier number for the resource. This identifier is defined by the server.
- Ip
Address string - IP address for which this forwarding rule accepts traffic. When a client
sends traffic to this IP address, the forwarding rule directs the traffic
to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: - IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule'starget
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.
- When the
- Ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
. - Ip
Version string - The IP address version that will be used by this forwarding rule.
Valid options are IPV4 and IPV6.
If not set, the IPv4 address will be used by default.
Possible values are:
IPV4
,IPV6
. - Is
Mirroring boolCollector - Indicates whether or not this load balancer can be used as a collector for
packet mirroring. To prevent mirroring loops, instances behind this
load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
. - Label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Labels Dictionary<string, string>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
. - Name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - Network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- Network
Tier string - This signifies the networking tier used for configuring
this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
. - No
Automate boolDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheportRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- Ports List<string>
- The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. Theports
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
- You can specify a list of up to five ports by number, separated by
commas. The ports can be contiguous or discontiguous.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair if they share at least one port number. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels Dictionary<string, string> - The combination of labels configured directly on the resource and default labels configured on the provider.
- Recreate
Closed boolPsc - Region string
- A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- Self
Link string - The URI of the created resource.
- Service
Directory ForwardingRegistrations Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Service
Label string - An optional prefix to the service name for this Forwarding Rule.
If specified, will be the first label of the fully qualified service
name.
The label must be 1-63 characters long, and comply with RFC1035.
Specifically, the label must be 1-63 characters long and match the
regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. - Service
Name string - The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- Source
Ip List<string>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
- The URL of the target resource to receive the matched traffic. For
regional forwarding rules, this target must be in the same region as the
forwarding rule. For global forwarding rules, this target must be a global
load balancing resource.
The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- All
Ports bool - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheallPorts
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
- Set this field to true to allow packets addressed to any port or packets
lacking destination port information (for example, UDP fragments after the
first fragment) to be forwarded to the backends configured with this
forwarding rule. The L3_DEFAULT protocol requires
allPorts
be set to true.
- It requires that the forwarding rule
- Allow
Global boolAccess - This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer. - Allow
Psc boolGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Backend
Service string - Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- Base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Description string
- An optional description of this resource. Provide this property when you create the resource.
- Effective
Labels map[string]string - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- Forwarding
Rule intId - The unique identifier number for the resource. This identifier is defined by the server.
- Ip
Address string - IP address for which this forwarding rule accepts traffic. When a client
sends traffic to this IP address, the forwarding rule directs the traffic
to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: - IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule'starget
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.
- When the
- Ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
. - Ip
Version string - The IP address version that will be used by this forwarding rule.
Valid options are IPV4 and IPV6.
If not set, the IPv4 address will be used by default.
Possible values are:
IPV4
,IPV6
. - Is
Mirroring boolCollector - Indicates whether or not this load balancer can be used as a collector for
packet mirroring. To prevent mirroring loops, instances behind this
load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
. - Label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Labels map[string]string
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- Load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
. - Name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - Network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- Network
Tier string - This signifies the networking tier used for configuring
this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
. - No
Automate boolDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- Port
Range string - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheportRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- Ports []string
- The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. Theports
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
- You can specify a list of up to five ports by number, separated by
commas. The ports can be contiguous or discontiguous.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair if they share at least one port number. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Pulumi
Labels map[string]string - The combination of labels configured directly on the resource and default labels configured on the provider.
- Recreate
Closed boolPsc - Region string
- A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- Self
Link string - The URI of the created resource.
- Service
Directory ForwardingRegistrations Rule Service Directory Registrations Args - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Service
Label string - An optional prefix to the service name for this Forwarding Rule.
If specified, will be the first label of the fully qualified service
name.
The label must be 1-63 characters long, and comply with RFC1035.
Specifically, the label must be 1-63 characters long and match the
regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. - Service
Name string - The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- Source
Ip []stringRanges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
- The URL of the target resource to receive the matched traffic. For
regional forwarding rules, this target must be in the same region as the
forwarding rule. For global forwarding rules, this target must be a global
load balancing resource.
The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all
Ports Boolean - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheallPorts
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
- Set this field to true to allow packets addressed to any port or packets
lacking destination port information (for example, UDP fragments after the
first fragment) to be forwarded to the backends configured with this
forwarding rule. The L3_DEFAULT protocol requires
allPorts
be set to true.
- It requires that the forwarding rule
- allow
Global BooleanAccess - This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer. - allow
Psc BooleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend
Service String - Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- base
Forwarding StringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- effective
Labels Map<String,String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- forwarding
Rule IntegerId - The unique identifier number for the resource. This identifier is defined by the server.
- ip
Address String - IP address for which this forwarding rule accepts traffic. When a client
sends traffic to this IP address, the forwarding rule directs the traffic
to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: - IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule'starget
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.
- When the
- ip
Protocol String - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
. - ip
Version String - The IP address version that will be used by this forwarding rule.
Valid options are IPV4 and IPV6.
If not set, the IPv4 address will be used by default.
Possible values are:
IPV4
,IPV6
. - is
Mirroring BooleanCollector - Indicates whether or not this load balancer can be used as a collector for
packet mirroring. To prevent mirroring loops, instances behind this
load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
. - label
Fingerprint String - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Map<String,String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
. - name String
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network String
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network
Tier String - This signifies the networking tier used for configuring
this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
. - no
Automate BooleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheportRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- ports List<String>
- The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. Theports
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
- You can specify a list of up to five ports by number, separated by
commas. The ports can be contiguous or discontiguous.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair if they share at least one port number. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection StringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String,String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- recreate
Closed BooleanPsc - region String
- A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- self
Link String - The URI of the created resource.
- service
Directory ForwardingRegistrations Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service
Label String - An optional prefix to the service name for this Forwarding Rule.
If specified, will be the first label of the fully qualified service
name.
The label must be 1-63 characters long, and comply with RFC1035.
Specifically, the label must be 1-63 characters long and match the
regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. - service
Name String - The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- source
Ip List<String>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
- The URL of the target resource to receive the matched traffic. For
regional forwarding rules, this target must be in the same region as the
forwarding rule. For global forwarding rules, this target must be a global
load balancing resource.
The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all
Ports boolean - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheallPorts
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
- Set this field to true to allow packets addressed to any port or packets
lacking destination port information (for example, UDP fragments after the
first fragment) to be forwarded to the backends configured with this
forwarding rule. The L3_DEFAULT protocol requires
allPorts
be set to true.
- It requires that the forwarding rule
- allow
Global booleanAccess - This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer. - allow
Psc booleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend
Service string - Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- base
Forwarding stringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation
Timestamp string - Creation timestamp in RFC3339 text format.
- description string
- An optional description of this resource. Provide this property when you create the resource.
- effective
Labels {[key: string]: string} - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- forwarding
Rule numberId - The unique identifier number for the resource. This identifier is defined by the server.
- ip
Address string - IP address for which this forwarding rule accepts traffic. When a client
sends traffic to this IP address, the forwarding rule directs the traffic
to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: - IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule'starget
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.
- When the
- ip
Protocol string - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
. - ip
Version string - The IP address version that will be used by this forwarding rule.
Valid options are IPV4 and IPV6.
If not set, the IPv4 address will be used by default.
Possible values are:
IPV4
,IPV6
. - is
Mirroring booleanCollector - Indicates whether or not this load balancer can be used as a collector for
packet mirroring. To prevent mirroring loops, instances behind this
load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
. - label
Fingerprint string - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels {[key: string]: string}
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing stringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
. - name string
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network string
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network
Tier string - This signifies the networking tier used for configuring
this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
. - no
Automate booleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range string - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheportRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- ports string[]
- The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. Theports
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
- You can specify a list of up to five ports by number, separated by
commas. The ports can be contiguous or discontiguous.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair if they share at least one port number. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection stringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection stringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels {[key: string]: string} - The combination of labels configured directly on the resource and default labels configured on the provider.
- recreate
Closed booleanPsc - region string
- A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- self
Link string - The URI of the created resource.
- service
Directory ForwardingRegistrations Rule Service Directory Registrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service
Label string - An optional prefix to the service name for this Forwarding Rule.
If specified, will be the first label of the fully qualified service
name.
The label must be 1-63 characters long, and comply with RFC1035.
Specifically, the label must be 1-63 characters long and match the
regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. - service
Name string - The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- source
Ip string[]Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork string
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target string
- The URL of the target resource to receive the matched traffic. For
regional forwarding rules, this target must be in the same region as the
forwarding rule. For global forwarding rules, this target must be a global
load balancing resource.
The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all_
ports bool - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheallPorts
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
- Set this field to true to allow packets addressed to any port or packets
lacking destination port information (for example, UDP fragments after the
first fragment) to be forwarded to the backends configured with this
forwarding rule. The L3_DEFAULT protocol requires
allPorts
be set to true.
- It requires that the forwarding rule
- allow_
global_ boolaccess - This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer. - allow_
psc_ boolglobal_ access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend_
service str - Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- base_
forwarding_ strrule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation_
timestamp str - Creation timestamp in RFC3339 text format.
- description str
- An optional description of this resource. Provide this property when you create the resource.
- effective_
labels Mapping[str, str] - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- forwarding_
rule_ intid - The unique identifier number for the resource. This identifier is defined by the server.
- ip_
address str - IP address for which this forwarding rule accepts traffic. When a client
sends traffic to this IP address, the forwarding rule directs the traffic
to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: - IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule'starget
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.
- When the
- ip_
protocol str - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
. - ip_
version str - The IP address version that will be used by this forwarding rule.
Valid options are IPV4 and IPV6.
If not set, the IPv4 address will be used by default.
Possible values are:
IPV4
,IPV6
. - is_
mirroring_ boolcollector - Indicates whether or not this load balancer can be used as a collector for
packet mirroring. To prevent mirroring loops, instances behind this
load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
. - label_
fingerprint str - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Mapping[str, str]
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load_
balancing_ strscheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
. - name str
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network str
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network_
tier str - This signifies the networking tier used for configuring
this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
. - no_
automate_ booldns_ zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port_
range str - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheportRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- ports Sequence[str]
- The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. Theports
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
- You can specify a list of up to five ports by number, separated by
commas. The ports can be contiguous or discontiguous.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair if they share at least one port number. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc_
connection_ strid - The PSC connection id of the PSC Forwarding Rule.
- psc_
connection_ strstatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi_
labels Mapping[str, str] - The combination of labels configured directly on the resource and default labels configured on the provider.
- recreate_
closed_ boolpsc - region str
- A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- self_
link str - The URI of the created resource.
- service_
directory_ Forwardingregistrations Rule Service Directory Registrations Args - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service_
label str - An optional prefix to the service name for this Forwarding Rule.
If specified, will be the first label of the fully qualified service
name.
The label must be 1-63 characters long, and comply with RFC1035.
Specifically, the label must be 1-63 characters long and match the
regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. - service_
name str - The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- source_
ip_ Sequence[str]ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork str
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target str
- The URL of the target resource to receive the matched traffic. For
regional forwarding rules, this target must be in the same region as the
forwarding rule. For global forwarding rules, this target must be a global
load balancing resource.
The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all
Ports Boolean - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheallPorts
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
- Set this field to true to allow packets addressed to any port or packets
lacking destination port information (for example, UDP fragments after the
first fragment) to be forwarded to the backends configured with this
forwarding rule. The L3_DEFAULT protocol requires
allPorts
be set to true.
- It requires that the forwarding rule
- allow
Global BooleanAccess - This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer. - allow
Psc BooleanGlobal Access - This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend
Service String - Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- base
Forwarding StringRule - [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- description String
- An optional description of this resource. Provide this property when you create the resource.
- effective
Labels Map<String> - All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
- forwarding
Rule NumberId - The unique identifier number for the resource. This identifier is defined by the server.
- ip
Address String - IP address for which this forwarding rule accepts traffic. When a client
sends traffic to this IP address, the forwarding rule directs the traffic
to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: - IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule'starget
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.
- When the
- ip
Protocol String - The IP protocol to which this rule applies.
For protocol forwarding, valid
options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
. - ip
Version String - The IP address version that will be used by this forwarding rule.
Valid options are IPV4 and IPV6.
If not set, the IPv4 address will be used by default.
Possible values are:
IPV4
,IPV6
. - is
Mirroring BooleanCollector - Indicates whether or not this load balancer can be used as a collector for
packet mirroring. To prevent mirroring loops, instances behind this
load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
. - label
Fingerprint String - The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Map<String>
Labels to apply to this forwarding rule. A list of key->value pairs.
Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field
effective_labels
for all of the labels present on the resource.- load
Balancing StringScheme - Specifies the forwarding rule type.
For more information about forwarding rules, refer to
Forwarding rule concepts.
Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
. - name String
- Name of the resource; provided by the client when the resource is created.
The name must be 1-63 characters long, and comply with
RFC1035.
Specifically, the name must be 1-63 characters long and match the regular
expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. - network String
- This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network
Tier String - This signifies the networking tier used for configuring
this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
. - no
Automate BooleanDns Zone - This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
- port
Range String - The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. TheportRange
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
- Some products have restrictions on what ports can be used. See
port specifications
for details.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- ports List<String>
- The
ports
,portRange
, andallPorts
fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. Theports
field has the following limitations:- It requires that the forwarding rule
IPProtocol
be TCP, UDP, or SCTP, and - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
- You can specify a list of up to five ports by number, separated by
commas. The ports can be contiguous or discontiguous.
For external forwarding rules, two or more forwarding rules cannot use the
same
[IPAddress, IPProtocol]
pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair if they share at least one port number. @pattern: \d+(?:-\d+)?
- It requires that the forwarding rule
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection StringId - The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus - The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- pulumi
Labels Map<String> - The combination of labels configured directly on the resource and default labels configured on the provider.
- recreate
Closed BooleanPsc - region String
- A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- self
Link String - The URI of the created resource.
- service
Directory Property MapRegistrations - Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service
Label String - An optional prefix to the service name for this Forwarding Rule.
If specified, will be the first label of the fully qualified service
name.
The label must be 1-63 characters long, and comply with RFC1035.
Specifically, the label must be 1-63 characters long and match the
regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing. - service
Name String - The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- source
Ip List<String>Ranges - If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
- This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
- The URL of the target resource to receive the matched traffic. For
regional forwarding rules, this target must be in the same region as the
forwarding rule. For global forwarding rules, this target must be a global
load balancing resource.
The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs. For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
Supporting Types
ForwardingRuleServiceDirectoryRegistrations, ForwardingRuleServiceDirectoryRegistrationsArgs
Import
ForwardingRule can be imported using any of these accepted formats:
projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}
{{project}}/{{region}}/{{name}}
{{region}}/{{name}}
{{name}}
When using the pulumi import
command, ForwardingRule can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/forwardingRule:ForwardingRule default projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}
$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{project}}/{{region}}/{{name}}
$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{region}}/{{name}}
$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.