1. Answers
  2. Creating managed NAT for GCP private network instances

How do I create managed NAT for GCP private network instances?

In this guide, we will create a managed Network Address Translation (NAT) for Google Cloud Platform (GCP) private network instances using Pulumi. Managed NAT allows private instances to access the internet while remaining unreachable from the internet. We will define a VPC network, subnetwork, router, and NAT configuration.

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

// Create a VPC network
const network = new gcp.compute.Network("network", {
    autoCreateSubnetworks: false,
});

// Create a subnetwork
const subnetwork = new gcp.compute.Subnetwork("subnetwork", {
    ipCidrRange: "10.0.0.0/24",
    region: "us-central1",
    network: network.id,
});

// Create a cloud router
const router = new gcp.compute.Router("router", {
    network: network.id,
    region: "us-central1",
});

// Create a NAT configuration for the router
const nat = new gcp.compute.RouterNat("nat", {
    router: router.name,
    region: "us-central1",
    natIpAllocateOption: "AUTO_ONLY",
    sourceSubnetworkIpRangesToNat: "ALL_SUBNETWORKS_ALL_IP_RANGES",
    minPortsPerVm: 64,
    udpIdleTimeoutSec: 30,
    tcpEstablishedIdleTimeoutSec: 1200,
    tcpTransitoryIdleTimeoutSec: 30,
});

Key Points

  • VPC Network: A custom VPC network is created without automatically created subnetworks.
  • Subnetwork: A subnetwork is created within the VPC network with a specific IP CIDR range.
  • Cloud Router: A cloud router is created to manage dynamic routing.
  • NAT Configuration: The NAT configuration is set up to allow all subnetworks and IP ranges to use NAT for internet access.

Summary

We created a managed NAT for GCP private network instances by defining a VPC network, subnetwork, cloud router, and NAT configuration using Pulumi. This setup allows private instances to access the internet securely.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up