1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. compute
  5. ForwardingRule
Google Cloud Classic v7.16.0 published on Wednesday, Mar 27, 2024 by Pulumi

gcp.compute.ForwardingRule

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.16.0 published on Wednesday, Mar 27, 2024 by Pulumi

    A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, portRange] tuple.

    To get more information about ForwardingRule, see:

    Example Usage

    Internal Http Lb With Mig Backend

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    // Internal HTTP load balancer with a managed instance group backend
    // VPC network
    const ilbNetwork = new gcp.compute.Network("ilb_network", {
        name: "l7-ilb-network",
        autoCreateSubnetworks: false,
    });
    // proxy-only subnet
    const proxySubnet = new gcp.compute.Subnetwork("proxy_subnet", {
        name: "l7-ilb-proxy-subnet",
        ipCidrRange: "10.0.0.0/24",
        region: "europe-west1",
        purpose: "REGIONAL_MANAGED_PROXY",
        role: "ACTIVE",
        network: ilbNetwork.id,
    });
    // backend subnet
    const ilbSubnet = new gcp.compute.Subnetwork("ilb_subnet", {
        name: "l7-ilb-subnet",
        ipCidrRange: "10.0.1.0/24",
        region: "europe-west1",
        network: ilbNetwork.id,
    });
    // health check
    const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
        name: "l7-ilb-hc",
        region: "europe-west1",
        httpHealthCheck: {
            portSpecification: "USE_SERVING_PORT",
        },
    });
    // instance template
    const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
        networkInterfaces: [{
            accessConfigs: [{}],
            network: ilbNetwork.id,
            subnetwork: ilbSubnet.id,
        }],
        name: "l7-ilb-mig-template",
        machineType: "e2-small",
        tags: ["http-server"],
        disks: [{
            sourceImage: "debian-cloud/debian-10",
            autoDelete: true,
            boot: true,
        }],
        metadata: {
            "startup-script": `#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    `,
        },
    });
    // MIG
    const mig = new gcp.compute.RegionInstanceGroupManager("mig", {
        name: "l7-ilb-mig1",
        region: "europe-west1",
        versions: [{
            instanceTemplate: instanceTemplate.id,
            name: "primary",
        }],
        baseInstanceName: "vm",
        targetSize: 2,
    });
    // backend service
    const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", {
        name: "l7-ilb-backend-subnet",
        region: "europe-west1",
        protocol: "HTTP",
        loadBalancingScheme: "INTERNAL_MANAGED",
        timeoutSec: 10,
        healthChecks: defaultRegionHealthCheck.id,
        backends: [{
            group: mig.instanceGroup,
            balancingMode: "UTILIZATION",
            capacityScaler: 1,
        }],
    });
    // URL map
    const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", {
        name: "l7-ilb-regional-url-map",
        region: "europe-west1",
        defaultService: defaultRegionBackendService.id,
    });
    // HTTP target proxy
    const _default = new gcp.compute.RegionTargetHttpProxy("default", {
        name: "l7-ilb-target-http-proxy",
        region: "europe-west1",
        urlMap: defaultRegionUrlMap.id,
    });
    // forwarding rule
    const googleComputeForwardingRule = new gcp.compute.ForwardingRule("google_compute_forwarding_rule", {
        name: "l7-ilb-forwarding-rule",
        region: "europe-west1",
        ipProtocol: "TCP",
        loadBalancingScheme: "INTERNAL_MANAGED",
        portRange: "80",
        target: _default.id,
        network: ilbNetwork.id,
        subnetwork: ilbSubnet.id,
        networkTier: "PREMIUM",
    });
    // allow all access from IAP and health check ranges
    const fw_iap = new gcp.compute.Firewall("fw-iap", {
        name: "l7-ilb-fw-allow-iap-hc",
        direction: "INGRESS",
        network: ilbNetwork.id,
        sourceRanges: [
            "130.211.0.0/22",
            "35.191.0.0/16",
            "35.235.240.0/20",
        ],
        allows: [{
            protocol: "tcp",
        }],
    });
    // allow http from proxy subnet to backends
    const fw_ilb_to_backends = new gcp.compute.Firewall("fw-ilb-to-backends", {
        name: "l7-ilb-fw-allow-ilb-to-backends",
        direction: "INGRESS",
        network: ilbNetwork.id,
        sourceRanges: ["10.0.0.0/24"],
        targetTags: ["http-server"],
        allows: [{
            protocol: "tcp",
            ports: [
                "80",
                "443",
                "8080",
            ],
        }],
    });
    // test instance
    const vm_test = new gcp.compute.Instance("vm-test", {
        name: "l7-ilb-test-vm",
        zone: "europe-west1-b",
        machineType: "e2-small",
        networkInterfaces: [{
            network: ilbNetwork.id,
            subnetwork: ilbSubnet.id,
        }],
        bootDisk: {
            initializeParams: {
                image: "debian-cloud/debian-10",
            },
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    # Internal HTTP load balancer with a managed instance group backend
    # VPC network
    ilb_network = gcp.compute.Network("ilb_network",
        name="l7-ilb-network",
        auto_create_subnetworks=False)
    # proxy-only subnet
    proxy_subnet = gcp.compute.Subnetwork("proxy_subnet",
        name="l7-ilb-proxy-subnet",
        ip_cidr_range="10.0.0.0/24",
        region="europe-west1",
        purpose="REGIONAL_MANAGED_PROXY",
        role="ACTIVE",
        network=ilb_network.id)
    # backend subnet
    ilb_subnet = gcp.compute.Subnetwork("ilb_subnet",
        name="l7-ilb-subnet",
        ip_cidr_range="10.0.1.0/24",
        region="europe-west1",
        network=ilb_network.id)
    # health check
    default_region_health_check = gcp.compute.RegionHealthCheck("default",
        name="l7-ilb-hc",
        region="europe-west1",
        http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
            port_specification="USE_SERVING_PORT",
        ))
    # instance template
    instance_template = gcp.compute.InstanceTemplate("instance_template",
        network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
            access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
            network=ilb_network.id,
            subnetwork=ilb_subnet.id,
        )],
        name="l7-ilb-mig-template",
        machine_type="e2-small",
        tags=["http-server"],
        disks=[gcp.compute.InstanceTemplateDiskArgs(
            source_image="debian-cloud/debian-10",
            auto_delete=True,
            boot=True,
        )],
        metadata={
            "startup-script": """#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    """,
        })
    # MIG
    mig = gcp.compute.RegionInstanceGroupManager("mig",
        name="l7-ilb-mig1",
        region="europe-west1",
        versions=[gcp.compute.RegionInstanceGroupManagerVersionArgs(
            instance_template=instance_template.id,
            name="primary",
        )],
        base_instance_name="vm",
        target_size=2)
    # backend service
    default_region_backend_service = gcp.compute.RegionBackendService("default",
        name="l7-ilb-backend-subnet",
        region="europe-west1",
        protocol="HTTP",
        load_balancing_scheme="INTERNAL_MANAGED",
        timeout_sec=10,
        health_checks=default_region_health_check.id,
        backends=[gcp.compute.RegionBackendServiceBackendArgs(
            group=mig.instance_group,
            balancing_mode="UTILIZATION",
            capacity_scaler=1,
        )])
    # URL map
    default_region_url_map = gcp.compute.RegionUrlMap("default",
        name="l7-ilb-regional-url-map",
        region="europe-west1",
        default_service=default_region_backend_service.id)
    # HTTP target proxy
    default = gcp.compute.RegionTargetHttpProxy("default",
        name="l7-ilb-target-http-proxy",
        region="europe-west1",
        url_map=default_region_url_map.id)
    # forwarding rule
    google_compute_forwarding_rule = gcp.compute.ForwardingRule("google_compute_forwarding_rule",
        name="l7-ilb-forwarding-rule",
        region="europe-west1",
        ip_protocol="TCP",
        load_balancing_scheme="INTERNAL_MANAGED",
        port_range="80",
        target=default.id,
        network=ilb_network.id,
        subnetwork=ilb_subnet.id,
        network_tier="PREMIUM")
    # allow all access from IAP and health check ranges
    fw_iap = gcp.compute.Firewall("fw-iap",
        name="l7-ilb-fw-allow-iap-hc",
        direction="INGRESS",
        network=ilb_network.id,
        source_ranges=[
            "130.211.0.0/22",
            "35.191.0.0/16",
            "35.235.240.0/20",
        ],
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
        )])
    # allow http from proxy subnet to backends
    fw_ilb_to_backends = gcp.compute.Firewall("fw-ilb-to-backends",
        name="l7-ilb-fw-allow-ilb-to-backends",
        direction="INGRESS",
        network=ilb_network.id,
        source_ranges=["10.0.0.0/24"],
        target_tags=["http-server"],
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
            ports=[
                "80",
                "443",
                "8080",
            ],
        )])
    # test instance
    vm_test = gcp.compute.Instance("vm-test",
        name="l7-ilb-test-vm",
        zone="europe-west1-b",
        machine_type="e2-small",
        network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs(
            network=ilb_network.id,
            subnetwork=ilb_subnet.id,
        )],
        boot_disk=gcp.compute.InstanceBootDiskArgs(
            initialize_params=gcp.compute.InstanceBootDiskInitializeParamsArgs(
                image="debian-cloud/debian-10",
            ),
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// Internal HTTP load balancer with a managed instance group backend
    		// VPC network
    		ilbNetwork, err := compute.NewNetwork(ctx, "ilb_network", &compute.NetworkArgs{
    			Name:                  pulumi.String("l7-ilb-network"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		// proxy-only subnet
    		_, err = compute.NewSubnetwork(ctx, "proxy_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("l7-ilb-proxy-subnet"),
    			IpCidrRange: pulumi.String("10.0.0.0/24"),
    			Region:      pulumi.String("europe-west1"),
    			Purpose:     pulumi.String("REGIONAL_MANAGED_PROXY"),
    			Role:        pulumi.String("ACTIVE"),
    			Network:     ilbNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// backend subnet
    		ilbSubnet, err := compute.NewSubnetwork(ctx, "ilb_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("l7-ilb-subnet"),
    			IpCidrRange: pulumi.String("10.0.1.0/24"),
    			Region:      pulumi.String("europe-west1"),
    			Network:     ilbNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// health check
    		defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
    			Name:   pulumi.String("l7-ilb-hc"),
    			Region: pulumi.String("europe-west1"),
    			HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
    				PortSpecification: pulumi.String("USE_SERVING_PORT"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// instance template
    		instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
    			NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
    				&compute.InstanceTemplateNetworkInterfaceArgs{
    					AccessConfigs: compute.InstanceTemplateNetworkInterfaceAccessConfigArray{
    						nil,
    					},
    					Network:    ilbNetwork.ID(),
    					Subnetwork: ilbSubnet.ID(),
    				},
    			},
    			Name:        pulumi.String("l7-ilb-mig-template"),
    			MachineType: pulumi.String("e2-small"),
    			Tags: pulumi.StringArray{
    				pulumi.String("http-server"),
    			},
    			Disks: compute.InstanceTemplateDiskArray{
    				&compute.InstanceTemplateDiskArgs{
    					SourceImage: pulumi.String("debian-cloud/debian-10"),
    					AutoDelete:  pulumi.Bool(true),
    					Boot:        pulumi.Bool(true),
    				},
    			},
    			Metadata: pulumi.Map{
    				"startup-script": pulumi.Any(`#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    `),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// MIG
    		mig, err := compute.NewRegionInstanceGroupManager(ctx, "mig", &compute.RegionInstanceGroupManagerArgs{
    			Name:   pulumi.String("l7-ilb-mig1"),
    			Region: pulumi.String("europe-west1"),
    			Versions: compute.RegionInstanceGroupManagerVersionArray{
    				&compute.RegionInstanceGroupManagerVersionArgs{
    					InstanceTemplate: instanceTemplate.ID(),
    					Name:             pulumi.String("primary"),
    				},
    			},
    			BaseInstanceName: pulumi.String("vm"),
    			TargetSize:       pulumi.Int(2),
    		})
    		if err != nil {
    			return err
    		}
    		// backend service
    		defaultRegionBackendService, err := compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
    			Name:                pulumi.String("l7-ilb-backend-subnet"),
    			Region:              pulumi.String("europe-west1"),
    			Protocol:            pulumi.String("HTTP"),
    			LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    			TimeoutSec:          pulumi.Int(10),
    			HealthChecks:        defaultRegionHealthCheck.ID(),
    			Backends: compute.RegionBackendServiceBackendArray{
    				&compute.RegionBackendServiceBackendArgs{
    					Group:          mig.InstanceGroup,
    					BalancingMode:  pulumi.String("UTILIZATION"),
    					CapacityScaler: pulumi.Float64(1),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// URL map
    		defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{
    			Name:           pulumi.String("l7-ilb-regional-url-map"),
    			Region:         pulumi.String("europe-west1"),
    			DefaultService: defaultRegionBackendService.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// HTTP target proxy
    		_, err = compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{
    			Name:   pulumi.String("l7-ilb-target-http-proxy"),
    			Region: pulumi.String("europe-west1"),
    			UrlMap: defaultRegionUrlMap.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// forwarding rule
    		_, err = compute.NewForwardingRule(ctx, "google_compute_forwarding_rule", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("l7-ilb-forwarding-rule"),
    			Region:              pulumi.String("europe-west1"),
    			IpProtocol:          pulumi.String("TCP"),
    			LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    			PortRange:           pulumi.String("80"),
    			Target:              _default.ID(),
    			Network:             ilbNetwork.ID(),
    			Subnetwork:          ilbSubnet.ID(),
    			NetworkTier:         pulumi.String("PREMIUM"),
    		})
    		if err != nil {
    			return err
    		}
    		// allow all access from IAP and health check ranges
    		_, err = compute.NewFirewall(ctx, "fw-iap", &compute.FirewallArgs{
    			Name:      pulumi.String("l7-ilb-fw-allow-iap-hc"),
    			Direction: pulumi.String("INGRESS"),
    			Network:   ilbNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("130.211.0.0/22"),
    				pulumi.String("35.191.0.0/16"),
    				pulumi.String("35.235.240.0/20"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// allow http from proxy subnet to backends
    		_, err = compute.NewFirewall(ctx, "fw-ilb-to-backends", &compute.FirewallArgs{
    			Name:      pulumi.String("l7-ilb-fw-allow-ilb-to-backends"),
    			Direction: pulumi.String("INGRESS"),
    			Network:   ilbNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.0.0.0/24"),
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("http-server"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("80"),
    						pulumi.String("443"),
    						pulumi.String("8080"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// test instance
    		_, err = compute.NewInstance(ctx, "vm-test", &compute.InstanceArgs{
    			Name:        pulumi.String("l7-ilb-test-vm"),
    			Zone:        pulumi.String("europe-west1-b"),
    			MachineType: pulumi.String("e2-small"),
    			NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
    				&compute.InstanceNetworkInterfaceArgs{
    					Network:    ilbNetwork.ID(),
    					Subnetwork: ilbSubnet.ID(),
    				},
    			},
    			BootDisk: &compute.InstanceBootDiskArgs{
    				InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
    					Image: pulumi.String("debian-cloud/debian-10"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        // Internal HTTP load balancer with a managed instance group backend
        // VPC network
        var ilbNetwork = new Gcp.Compute.Network("ilb_network", new()
        {
            Name = "l7-ilb-network",
            AutoCreateSubnetworks = false,
        });
    
        // proxy-only subnet
        var proxySubnet = new Gcp.Compute.Subnetwork("proxy_subnet", new()
        {
            Name = "l7-ilb-proxy-subnet",
            IpCidrRange = "10.0.0.0/24",
            Region = "europe-west1",
            Purpose = "REGIONAL_MANAGED_PROXY",
            Role = "ACTIVE",
            Network = ilbNetwork.Id,
        });
    
        // backend subnet
        var ilbSubnet = new Gcp.Compute.Subnetwork("ilb_subnet", new()
        {
            Name = "l7-ilb-subnet",
            IpCidrRange = "10.0.1.0/24",
            Region = "europe-west1",
            Network = ilbNetwork.Id,
        });
    
        // health check
        var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
        {
            Name = "l7-ilb-hc",
            Region = "europe-west1",
            HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
            {
                PortSpecification = "USE_SERVING_PORT",
            },
        });
    
        // instance template
        var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
        {
            NetworkInterfaces = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
                {
                    AccessConfigs = new[]
                    {
                        null,
                    },
                    Network = ilbNetwork.Id,
                    Subnetwork = ilbSubnet.Id,
                },
            },
            Name = "l7-ilb-mig-template",
            MachineType = "e2-small",
            Tags = new[]
            {
                "http-server",
            },
            Disks = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
                {
                    SourceImage = "debian-cloud/debian-10",
                    AutoDelete = true,
                    Boot = true,
                },
            },
            Metadata = 
            {
                { "startup-script", @"#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/hostname"")
    IP=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip"")
    METADATA=$(curl -f -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True"" | jq 'del(.[""startup-script""])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    " },
            },
        });
    
        // MIG
        var mig = new Gcp.Compute.RegionInstanceGroupManager("mig", new()
        {
            Name = "l7-ilb-mig1",
            Region = "europe-west1",
            Versions = new[]
            {
                new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs
                {
                    InstanceTemplate = instanceTemplate.Id,
                    Name = "primary",
                },
            },
            BaseInstanceName = "vm",
            TargetSize = 2,
        });
    
        // backend service
        var defaultRegionBackendService = new Gcp.Compute.RegionBackendService("default", new()
        {
            Name = "l7-ilb-backend-subnet",
            Region = "europe-west1",
            Protocol = "HTTP",
            LoadBalancingScheme = "INTERNAL_MANAGED",
            TimeoutSec = 10,
            HealthChecks = defaultRegionHealthCheck.Id,
            Backends = new[]
            {
                new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs
                {
                    Group = mig.InstanceGroup,
                    BalancingMode = "UTILIZATION",
                    CapacityScaler = 1,
                },
            },
        });
    
        // URL map
        var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new()
        {
            Name = "l7-ilb-regional-url-map",
            Region = "europe-west1",
            DefaultService = defaultRegionBackendService.Id,
        });
    
        // HTTP target proxy
        var @default = new Gcp.Compute.RegionTargetHttpProxy("default", new()
        {
            Name = "l7-ilb-target-http-proxy",
            Region = "europe-west1",
            UrlMap = defaultRegionUrlMap.Id,
        });
    
        // forwarding rule
        var googleComputeForwardingRule = new Gcp.Compute.ForwardingRule("google_compute_forwarding_rule", new()
        {
            Name = "l7-ilb-forwarding-rule",
            Region = "europe-west1",
            IpProtocol = "TCP",
            LoadBalancingScheme = "INTERNAL_MANAGED",
            PortRange = "80",
            Target = @default.Id,
            Network = ilbNetwork.Id,
            Subnetwork = ilbSubnet.Id,
            NetworkTier = "PREMIUM",
        });
    
        // allow all access from IAP and health check ranges
        var fw_iap = new Gcp.Compute.Firewall("fw-iap", new()
        {
            Name = "l7-ilb-fw-allow-iap-hc",
            Direction = "INGRESS",
            Network = ilbNetwork.Id,
            SourceRanges = new[]
            {
                "130.211.0.0/22",
                "35.191.0.0/16",
                "35.235.240.0/20",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
            },
        });
    
        // allow http from proxy subnet to backends
        var fw_ilb_to_backends = new Gcp.Compute.Firewall("fw-ilb-to-backends", new()
        {
            Name = "l7-ilb-fw-allow-ilb-to-backends",
            Direction = "INGRESS",
            Network = ilbNetwork.Id,
            SourceRanges = new[]
            {
                "10.0.0.0/24",
            },
            TargetTags = new[]
            {
                "http-server",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "80",
                        "443",
                        "8080",
                    },
                },
            },
        });
    
        // test instance
        var vm_test = new Gcp.Compute.Instance("vm-test", new()
        {
            Name = "l7-ilb-test-vm",
            Zone = "europe-west1-b",
            MachineType = "e2-small",
            NetworkInterfaces = new[]
            {
                new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
                {
                    Network = ilbNetwork.Id,
                    Subnetwork = ilbSubnet.Id,
                },
            },
            BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
            {
                InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
                {
                    Image = "debian-cloud/debian-10",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.InstanceTemplate;
    import com.pulumi.gcp.compute.InstanceTemplateArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
    import com.pulumi.gcp.compute.RegionInstanceGroupManager;
    import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
    import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
    import com.pulumi.gcp.compute.RegionUrlMap;
    import com.pulumi.gcp.compute.RegionUrlMapArgs;
    import com.pulumi.gcp.compute.RegionTargetHttpProxy;
    import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.Firewall;
    import com.pulumi.gcp.compute.FirewallArgs;
    import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
    import com.pulumi.gcp.compute.Instance;
    import com.pulumi.gcp.compute.InstanceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
    import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var ilbNetwork = new Network("ilbNetwork", NetworkArgs.builder()        
                .name("l7-ilb-network")
                .autoCreateSubnetworks(false)
                .build());
    
            var proxySubnet = new Subnetwork("proxySubnet", SubnetworkArgs.builder()        
                .name("l7-ilb-proxy-subnet")
                .ipCidrRange("10.0.0.0/24")
                .region("europe-west1")
                .purpose("REGIONAL_MANAGED_PROXY")
                .role("ACTIVE")
                .network(ilbNetwork.id())
                .build());
    
            var ilbSubnet = new Subnetwork("ilbSubnet", SubnetworkArgs.builder()        
                .name("l7-ilb-subnet")
                .ipCidrRange("10.0.1.0/24")
                .region("europe-west1")
                .network(ilbNetwork.id())
                .build());
    
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
                .name("l7-ilb-hc")
                .region("europe-west1")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .portSpecification("USE_SERVING_PORT")
                    .build())
                .build());
    
            var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
                .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                    .accessConfigs()
                    .network(ilbNetwork.id())
                    .subnetwork(ilbSubnet.id())
                    .build())
                .name("l7-ilb-mig-template")
                .machineType("e2-small")
                .tags("http-server")
                .disks(InstanceTemplateDiskArgs.builder()
                    .sourceImage("debian-cloud/debian-10")
                    .autoDelete(true)
                    .boot(true)
                    .build())
                .metadata(Map.of("startup-script", """
    #! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
                """))
                .build());
    
            var mig = new RegionInstanceGroupManager("mig", RegionInstanceGroupManagerArgs.builder()        
                .name("l7-ilb-mig1")
                .region("europe-west1")
                .versions(RegionInstanceGroupManagerVersionArgs.builder()
                    .instanceTemplate(instanceTemplate.id())
                    .name("primary")
                    .build())
                .baseInstanceName("vm")
                .targetSize(2)
                .build());
    
            var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()        
                .name("l7-ilb-backend-subnet")
                .region("europe-west1")
                .protocol("HTTP")
                .loadBalancingScheme("INTERNAL_MANAGED")
                .timeoutSec(10)
                .healthChecks(defaultRegionHealthCheck.id())
                .backends(RegionBackendServiceBackendArgs.builder()
                    .group(mig.instanceGroup())
                    .balancingMode("UTILIZATION")
                    .capacityScaler(1)
                    .build())
                .build());
    
            var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()        
                .name("l7-ilb-regional-url-map")
                .region("europe-west1")
                .defaultService(defaultRegionBackendService.id())
                .build());
    
            var default_ = new RegionTargetHttpProxy("default", RegionTargetHttpProxyArgs.builder()        
                .name("l7-ilb-target-http-proxy")
                .region("europe-west1")
                .urlMap(defaultRegionUrlMap.id())
                .build());
    
            var googleComputeForwardingRule = new ForwardingRule("googleComputeForwardingRule", ForwardingRuleArgs.builder()        
                .name("l7-ilb-forwarding-rule")
                .region("europe-west1")
                .ipProtocol("TCP")
                .loadBalancingScheme("INTERNAL_MANAGED")
                .portRange("80")
                .target(default_.id())
                .network(ilbNetwork.id())
                .subnetwork(ilbSubnet.id())
                .networkTier("PREMIUM")
                .build());
    
            var fw_iap = new Firewall("fw-iap", FirewallArgs.builder()        
                .name("l7-ilb-fw-allow-iap-hc")
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .sourceRanges(            
                    "130.211.0.0/22",
                    "35.191.0.0/16",
                    "35.235.240.0/20")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build())
                .build());
    
            var fw_ilb_to_backends = new Firewall("fw-ilb-to-backends", FirewallArgs.builder()        
                .name("l7-ilb-fw-allow-ilb-to-backends")
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .sourceRanges("10.0.0.0/24")
                .targetTags("http-server")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports(                
                        "80",
                        "443",
                        "8080")
                    .build())
                .build());
    
            var vm_test = new Instance("vm-test", InstanceArgs.builder()        
                .name("l7-ilb-test-vm")
                .zone("europe-west1-b")
                .machineType("e2-small")
                .networkInterfaces(InstanceNetworkInterfaceArgs.builder()
                    .network(ilbNetwork.id())
                    .subnetwork(ilbSubnet.id())
                    .build())
                .bootDisk(InstanceBootDiskArgs.builder()
                    .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
                        .image("debian-cloud/debian-10")
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      # Internal HTTP load balancer with a managed instance group backend
    
      # VPC network
      ilbNetwork:
        type: gcp:compute:Network
        name: ilb_network
        properties:
          name: l7-ilb-network
          autoCreateSubnetworks: false
      # proxy-only subnet
      proxySubnet:
        type: gcp:compute:Subnetwork
        name: proxy_subnet
        properties:
          name: l7-ilb-proxy-subnet
          ipCidrRange: 10.0.0.0/24
          region: europe-west1
          purpose: REGIONAL_MANAGED_PROXY
          role: ACTIVE
          network: ${ilbNetwork.id}
      # backend subnet
      ilbSubnet:
        type: gcp:compute:Subnetwork
        name: ilb_subnet
        properties:
          name: l7-ilb-subnet
          ipCidrRange: 10.0.1.0/24
          region: europe-west1
          network: ${ilbNetwork.id}
      # forwarding rule
      googleComputeForwardingRule:
        type: gcp:compute:ForwardingRule
        name: google_compute_forwarding_rule
        properties:
          name: l7-ilb-forwarding-rule
          region: europe-west1
          ipProtocol: TCP
          loadBalancingScheme: INTERNAL_MANAGED
          portRange: '80'
          target: ${default.id}
          network: ${ilbNetwork.id}
          subnetwork: ${ilbSubnet.id}
          networkTier: PREMIUM
      # HTTP target proxy
      default:
        type: gcp:compute:RegionTargetHttpProxy
        properties:
          name: l7-ilb-target-http-proxy
          region: europe-west1
          urlMap: ${defaultRegionUrlMap.id}
      # URL map
      defaultRegionUrlMap:
        type: gcp:compute:RegionUrlMap
        name: default
        properties:
          name: l7-ilb-regional-url-map
          region: europe-west1
          defaultService: ${defaultRegionBackendService.id}
      # backend service
      defaultRegionBackendService:
        type: gcp:compute:RegionBackendService
        name: default
        properties:
          name: l7-ilb-backend-subnet
          region: europe-west1
          protocol: HTTP
          loadBalancingScheme: INTERNAL_MANAGED
          timeoutSec: 10
          healthChecks: ${defaultRegionHealthCheck.id}
          backends:
            - group: ${mig.instanceGroup}
              balancingMode: UTILIZATION
              capacityScaler: 1
      # instance template
      instanceTemplate:
        type: gcp:compute:InstanceTemplate
        name: instance_template
        properties:
          networkInterfaces:
            - accessConfigs:
                - {}
              network: ${ilbNetwork.id}
              subnetwork: ${ilbSubnet.id}
          name: l7-ilb-mig-template
          machineType: e2-small
          tags:
            - http-server
          disks:
            - sourceImage: debian-cloud/debian-10
              autoDelete: true
              boot: true
          metadata:
            startup-script: |
              #! /bin/bash
              set -euo pipefail
    
              export DEBIAN_FRONTEND=noninteractive
              apt-get update
              apt-get install -y nginx-light jq
    
              NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
              IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
              METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
              cat <<EOF > /var/www/html/index.html
              <pre>
              Name: $NAME
              IP: $IP
              Metadata: $METADATA
              </pre>
              EOF          
      # health check
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        name: default
        properties:
          name: l7-ilb-hc
          region: europe-west1
          httpHealthCheck:
            portSpecification: USE_SERVING_PORT
      # MIG
      mig:
        type: gcp:compute:RegionInstanceGroupManager
        properties:
          name: l7-ilb-mig1
          region: europe-west1
          versions:
            - instanceTemplate: ${instanceTemplate.id}
              name: primary
          baseInstanceName: vm
          targetSize: 2
      # allow all access from IAP and health check ranges
      fw-iap:
        type: gcp:compute:Firewall
        properties:
          name: l7-ilb-fw-allow-iap-hc
          direction: INGRESS
          network: ${ilbNetwork.id}
          sourceRanges:
            - 130.211.0.0/22
            - 35.191.0.0/16
            - 35.235.240.0/20
          allows:
            - protocol: tcp
      # allow http from proxy subnet to backends
      fw-ilb-to-backends:
        type: gcp:compute:Firewall
        properties:
          name: l7-ilb-fw-allow-ilb-to-backends
          direction: INGRESS
          network: ${ilbNetwork.id}
          sourceRanges:
            - 10.0.0.0/24
          targetTags:
            - http-server
          allows:
            - protocol: tcp
              ports:
                - '80'
                - '443'
                - '8080'
      # test instance
      vm-test:
        type: gcp:compute:Instance
        properties:
          name: l7-ilb-test-vm
          zone: europe-west1-b
          machineType: e2-small
          networkInterfaces:
            - network: ${ilbNetwork.id}
              subnetwork: ${ilbSubnet.id}
          bootDisk:
            initializeParams:
              image: debian-cloud/debian-10
    

    Internal Tcp Udp Lb With Mig Backend

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    // Internal TCP/UDP load balancer with a managed instance group backend
    // VPC
    const ilbNetwork = new gcp.compute.Network("ilb_network", {
        name: "l4-ilb-network",
        autoCreateSubnetworks: false,
    });
    // backed subnet
    const ilbSubnet = new gcp.compute.Subnetwork("ilb_subnet", {
        name: "l4-ilb-subnet",
        ipCidrRange: "10.0.1.0/24",
        region: "europe-west1",
        network: ilbNetwork.id,
    });
    // health check
    const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
        name: "l4-ilb-hc",
        region: "europe-west1",
        httpHealthCheck: {
            port: 80,
        },
    });
    // instance template
    const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
        networkInterfaces: [{
            accessConfigs: [{}],
            network: ilbNetwork.id,
            subnetwork: ilbSubnet.id,
        }],
        name: "l4-ilb-mig-template",
        machineType: "e2-small",
        tags: [
            "allow-ssh",
            "allow-health-check",
        ],
        disks: [{
            sourceImage: "debian-cloud/debian-10",
            autoDelete: true,
            boot: true,
        }],
        metadata: {
            "startup-script": `#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    `,
        },
    });
    // MIG
    const mig = new gcp.compute.RegionInstanceGroupManager("mig", {
        name: "l4-ilb-mig1",
        region: "europe-west1",
        versions: [{
            instanceTemplate: instanceTemplate.id,
            name: "primary",
        }],
        baseInstanceName: "vm",
        targetSize: 2,
    });
    // backend service
    const _default = new gcp.compute.RegionBackendService("default", {
        name: "l4-ilb-backend-subnet",
        region: "europe-west1",
        protocol: "TCP",
        loadBalancingScheme: "INTERNAL",
        healthChecks: defaultRegionHealthCheck.id,
        backends: [{
            group: mig.instanceGroup,
            balancingMode: "CONNECTION",
        }],
    });
    // forwarding rule
    const googleComputeForwardingRule = new gcp.compute.ForwardingRule("google_compute_forwarding_rule", {
        name: "l4-ilb-forwarding-rule",
        backendService: _default.id,
        region: "europe-west1",
        ipProtocol: "TCP",
        loadBalancingScheme: "INTERNAL",
        allPorts: true,
        allowGlobalAccess: true,
        network: ilbNetwork.id,
        subnetwork: ilbSubnet.id,
    });
    // allow all access from health check ranges
    const fwHc = new gcp.compute.Firewall("fw_hc", {
        name: "l4-ilb-fw-allow-hc",
        direction: "INGRESS",
        network: ilbNetwork.id,
        sourceRanges: [
            "130.211.0.0/22",
            "35.191.0.0/16",
            "35.235.240.0/20",
        ],
        allows: [{
            protocol: "tcp",
        }],
        targetTags: ["allow-health-check"],
    });
    // allow communication within the subnet 
    const fwIlbToBackends = new gcp.compute.Firewall("fw_ilb_to_backends", {
        name: "l4-ilb-fw-allow-ilb-to-backends",
        direction: "INGRESS",
        network: ilbNetwork.id,
        sourceRanges: ["10.0.1.0/24"],
        allows: [
            {
                protocol: "tcp",
            },
            {
                protocol: "udp",
            },
            {
                protocol: "icmp",
            },
        ],
    });
    // allow SSH
    const fwIlbSsh = new gcp.compute.Firewall("fw_ilb_ssh", {
        name: "l4-ilb-fw-ssh",
        direction: "INGRESS",
        network: ilbNetwork.id,
        allows: [{
            protocol: "tcp",
            ports: ["22"],
        }],
        targetTags: ["allow-ssh"],
        sourceRanges: ["0.0.0.0/0"],
    });
    // test instance
    const vmTest = new gcp.compute.Instance("vm_test", {
        name: "l4-ilb-test-vm",
        zone: "europe-west1-b",
        machineType: "e2-small",
        networkInterfaces: [{
            network: ilbNetwork.id,
            subnetwork: ilbSubnet.id,
        }],
        bootDisk: {
            initializeParams: {
                image: "debian-cloud/debian-10",
            },
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    # Internal TCP/UDP load balancer with a managed instance group backend
    # VPC
    ilb_network = gcp.compute.Network("ilb_network",
        name="l4-ilb-network",
        auto_create_subnetworks=False)
    # backed subnet
    ilb_subnet = gcp.compute.Subnetwork("ilb_subnet",
        name="l4-ilb-subnet",
        ip_cidr_range="10.0.1.0/24",
        region="europe-west1",
        network=ilb_network.id)
    # health check
    default_region_health_check = gcp.compute.RegionHealthCheck("default",
        name="l4-ilb-hc",
        region="europe-west1",
        http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
            port=80,
        ))
    # instance template
    instance_template = gcp.compute.InstanceTemplate("instance_template",
        network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
            access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
            network=ilb_network.id,
            subnetwork=ilb_subnet.id,
        )],
        name="l4-ilb-mig-template",
        machine_type="e2-small",
        tags=[
            "allow-ssh",
            "allow-health-check",
        ],
        disks=[gcp.compute.InstanceTemplateDiskArgs(
            source_image="debian-cloud/debian-10",
            auto_delete=True,
            boot=True,
        )],
        metadata={
            "startup-script": """#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    """,
        })
    # MIG
    mig = gcp.compute.RegionInstanceGroupManager("mig",
        name="l4-ilb-mig1",
        region="europe-west1",
        versions=[gcp.compute.RegionInstanceGroupManagerVersionArgs(
            instance_template=instance_template.id,
            name="primary",
        )],
        base_instance_name="vm",
        target_size=2)
    # backend service
    default = gcp.compute.RegionBackendService("default",
        name="l4-ilb-backend-subnet",
        region="europe-west1",
        protocol="TCP",
        load_balancing_scheme="INTERNAL",
        health_checks=default_region_health_check.id,
        backends=[gcp.compute.RegionBackendServiceBackendArgs(
            group=mig.instance_group,
            balancing_mode="CONNECTION",
        )])
    # forwarding rule
    google_compute_forwarding_rule = gcp.compute.ForwardingRule("google_compute_forwarding_rule",
        name="l4-ilb-forwarding-rule",
        backend_service=default.id,
        region="europe-west1",
        ip_protocol="TCP",
        load_balancing_scheme="INTERNAL",
        all_ports=True,
        allow_global_access=True,
        network=ilb_network.id,
        subnetwork=ilb_subnet.id)
    # allow all access from health check ranges
    fw_hc = gcp.compute.Firewall("fw_hc",
        name="l4-ilb-fw-allow-hc",
        direction="INGRESS",
        network=ilb_network.id,
        source_ranges=[
            "130.211.0.0/22",
            "35.191.0.0/16",
            "35.235.240.0/20",
        ],
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
        )],
        target_tags=["allow-health-check"])
    # allow communication within the subnet 
    fw_ilb_to_backends = gcp.compute.Firewall("fw_ilb_to_backends",
        name="l4-ilb-fw-allow-ilb-to-backends",
        direction="INGRESS",
        network=ilb_network.id,
        source_ranges=["10.0.1.0/24"],
        allows=[
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="udp",
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="icmp",
            ),
        ])
    # allow SSH
    fw_ilb_ssh = gcp.compute.Firewall("fw_ilb_ssh",
        name="l4-ilb-fw-ssh",
        direction="INGRESS",
        network=ilb_network.id,
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
            ports=["22"],
        )],
        target_tags=["allow-ssh"],
        source_ranges=["0.0.0.0/0"])
    # test instance
    vm_test = gcp.compute.Instance("vm_test",
        name="l4-ilb-test-vm",
        zone="europe-west1-b",
        machine_type="e2-small",
        network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs(
            network=ilb_network.id,
            subnetwork=ilb_subnet.id,
        )],
        boot_disk=gcp.compute.InstanceBootDiskArgs(
            initialize_params=gcp.compute.InstanceBootDiskInitializeParamsArgs(
                image="debian-cloud/debian-10",
            ),
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// Internal TCP/UDP load balancer with a managed instance group backend
    		// VPC
    		ilbNetwork, err := compute.NewNetwork(ctx, "ilb_network", &compute.NetworkArgs{
    			Name:                  pulumi.String("l4-ilb-network"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		// backed subnet
    		ilbSubnet, err := compute.NewSubnetwork(ctx, "ilb_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("l4-ilb-subnet"),
    			IpCidrRange: pulumi.String("10.0.1.0/24"),
    			Region:      pulumi.String("europe-west1"),
    			Network:     ilbNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// health check
    		defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
    			Name:   pulumi.String("l4-ilb-hc"),
    			Region: pulumi.String("europe-west1"),
    			HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// instance template
    		instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
    			NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
    				&compute.InstanceTemplateNetworkInterfaceArgs{
    					AccessConfigs: compute.InstanceTemplateNetworkInterfaceAccessConfigArray{
    						nil,
    					},
    					Network:    ilbNetwork.ID(),
    					Subnetwork: ilbSubnet.ID(),
    				},
    			},
    			Name:        pulumi.String("l4-ilb-mig-template"),
    			MachineType: pulumi.String("e2-small"),
    			Tags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    				pulumi.String("allow-health-check"),
    			},
    			Disks: compute.InstanceTemplateDiskArray{
    				&compute.InstanceTemplateDiskArgs{
    					SourceImage: pulumi.String("debian-cloud/debian-10"),
    					AutoDelete:  pulumi.Bool(true),
    					Boot:        pulumi.Bool(true),
    				},
    			},
    			Metadata: pulumi.Map{
    				"startup-script": pulumi.Any(`#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    `),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// MIG
    		mig, err := compute.NewRegionInstanceGroupManager(ctx, "mig", &compute.RegionInstanceGroupManagerArgs{
    			Name:   pulumi.String("l4-ilb-mig1"),
    			Region: pulumi.String("europe-west1"),
    			Versions: compute.RegionInstanceGroupManagerVersionArray{
    				&compute.RegionInstanceGroupManagerVersionArgs{
    					InstanceTemplate: instanceTemplate.ID(),
    					Name:             pulumi.String("primary"),
    				},
    			},
    			BaseInstanceName: pulumi.String("vm"),
    			TargetSize:       pulumi.Int(2),
    		})
    		if err != nil {
    			return err
    		}
    		// backend service
    		_, err = compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
    			Name:                pulumi.String("l4-ilb-backend-subnet"),
    			Region:              pulumi.String("europe-west1"),
    			Protocol:            pulumi.String("TCP"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			HealthChecks:        defaultRegionHealthCheck.ID(),
    			Backends: compute.RegionBackendServiceBackendArray{
    				&compute.RegionBackendServiceBackendArgs{
    					Group:         mig.InstanceGroup,
    					BalancingMode: pulumi.String("CONNECTION"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// forwarding rule
    		_, err = compute.NewForwardingRule(ctx, "google_compute_forwarding_rule", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("l4-ilb-forwarding-rule"),
    			BackendService:      _default.ID(),
    			Region:              pulumi.String("europe-west1"),
    			IpProtocol:          pulumi.String("TCP"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			AllPorts:            pulumi.Bool(true),
    			AllowGlobalAccess:   pulumi.Bool(true),
    			Network:             ilbNetwork.ID(),
    			Subnetwork:          ilbSubnet.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// allow all access from health check ranges
    		_, err = compute.NewFirewall(ctx, "fw_hc", &compute.FirewallArgs{
    			Name:      pulumi.String("l4-ilb-fw-allow-hc"),
    			Direction: pulumi.String("INGRESS"),
    			Network:   ilbNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("130.211.0.0/22"),
    				pulumi.String("35.191.0.0/16"),
    				pulumi.String("35.235.240.0/20"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("allow-health-check"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// allow communication within the subnet
    		_, err = compute.NewFirewall(ctx, "fw_ilb_to_backends", &compute.FirewallArgs{
    			Name:      pulumi.String("l4-ilb-fw-allow-ilb-to-backends"),
    			Direction: pulumi.String("INGRESS"),
    			Network:   ilbNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.0.1.0/24"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("udp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("icmp"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// allow SSH
    		_, err = compute.NewFirewall(ctx, "fw_ilb_ssh", &compute.FirewallArgs{
    			Name:      pulumi.String("l4-ilb-fw-ssh"),
    			Direction: pulumi.String("INGRESS"),
    			Network:   ilbNetwork.ID(),
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("22"),
    					},
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    			},
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("0.0.0.0/0"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// test instance
    		_, err = compute.NewInstance(ctx, "vm_test", &compute.InstanceArgs{
    			Name:        pulumi.String("l4-ilb-test-vm"),
    			Zone:        pulumi.String("europe-west1-b"),
    			MachineType: pulumi.String("e2-small"),
    			NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
    				&compute.InstanceNetworkInterfaceArgs{
    					Network:    ilbNetwork.ID(),
    					Subnetwork: ilbSubnet.ID(),
    				},
    			},
    			BootDisk: &compute.InstanceBootDiskArgs{
    				InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
    					Image: pulumi.String("debian-cloud/debian-10"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        // Internal TCP/UDP load balancer with a managed instance group backend
        // VPC
        var ilbNetwork = new Gcp.Compute.Network("ilb_network", new()
        {
            Name = "l4-ilb-network",
            AutoCreateSubnetworks = false,
        });
    
        // backed subnet
        var ilbSubnet = new Gcp.Compute.Subnetwork("ilb_subnet", new()
        {
            Name = "l4-ilb-subnet",
            IpCidrRange = "10.0.1.0/24",
            Region = "europe-west1",
            Network = ilbNetwork.Id,
        });
    
        // health check
        var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
        {
            Name = "l4-ilb-hc",
            Region = "europe-west1",
            HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        // instance template
        var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
        {
            NetworkInterfaces = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
                {
                    AccessConfigs = new[]
                    {
                        null,
                    },
                    Network = ilbNetwork.Id,
                    Subnetwork = ilbSubnet.Id,
                },
            },
            Name = "l4-ilb-mig-template",
            MachineType = "e2-small",
            Tags = new[]
            {
                "allow-ssh",
                "allow-health-check",
            },
            Disks = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
                {
                    SourceImage = "debian-cloud/debian-10",
                    AutoDelete = true,
                    Boot = true,
                },
            },
            Metadata = 
            {
                { "startup-script", @"#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/hostname"")
    IP=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip"")
    METADATA=$(curl -f -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True"" | jq 'del(.[""startup-script""])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    " },
            },
        });
    
        // MIG
        var mig = new Gcp.Compute.RegionInstanceGroupManager("mig", new()
        {
            Name = "l4-ilb-mig1",
            Region = "europe-west1",
            Versions = new[]
            {
                new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs
                {
                    InstanceTemplate = instanceTemplate.Id,
                    Name = "primary",
                },
            },
            BaseInstanceName = "vm",
            TargetSize = 2,
        });
    
        // backend service
        var @default = new Gcp.Compute.RegionBackendService("default", new()
        {
            Name = "l4-ilb-backend-subnet",
            Region = "europe-west1",
            Protocol = "TCP",
            LoadBalancingScheme = "INTERNAL",
            HealthChecks = defaultRegionHealthCheck.Id,
            Backends = new[]
            {
                new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs
                {
                    Group = mig.InstanceGroup,
                    BalancingMode = "CONNECTION",
                },
            },
        });
    
        // forwarding rule
        var googleComputeForwardingRule = new Gcp.Compute.ForwardingRule("google_compute_forwarding_rule", new()
        {
            Name = "l4-ilb-forwarding-rule",
            BackendService = @default.Id,
            Region = "europe-west1",
            IpProtocol = "TCP",
            LoadBalancingScheme = "INTERNAL",
            AllPorts = true,
            AllowGlobalAccess = true,
            Network = ilbNetwork.Id,
            Subnetwork = ilbSubnet.Id,
        });
    
        // allow all access from health check ranges
        var fwHc = new Gcp.Compute.Firewall("fw_hc", new()
        {
            Name = "l4-ilb-fw-allow-hc",
            Direction = "INGRESS",
            Network = ilbNetwork.Id,
            SourceRanges = new[]
            {
                "130.211.0.0/22",
                "35.191.0.0/16",
                "35.235.240.0/20",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
            },
            TargetTags = new[]
            {
                "allow-health-check",
            },
        });
    
        // allow communication within the subnet 
        var fwIlbToBackends = new Gcp.Compute.Firewall("fw_ilb_to_backends", new()
        {
            Name = "l4-ilb-fw-allow-ilb-to-backends",
            Direction = "INGRESS",
            Network = ilbNetwork.Id,
            SourceRanges = new[]
            {
                "10.0.1.0/24",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "udp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "icmp",
                },
            },
        });
    
        // allow SSH
        var fwIlbSsh = new Gcp.Compute.Firewall("fw_ilb_ssh", new()
        {
            Name = "l4-ilb-fw-ssh",
            Direction = "INGRESS",
            Network = ilbNetwork.Id,
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "22",
                    },
                },
            },
            TargetTags = new[]
            {
                "allow-ssh",
            },
            SourceRanges = new[]
            {
                "0.0.0.0/0",
            },
        });
    
        // test instance
        var vmTest = new Gcp.Compute.Instance("vm_test", new()
        {
            Name = "l4-ilb-test-vm",
            Zone = "europe-west1-b",
            MachineType = "e2-small",
            NetworkInterfaces = new[]
            {
                new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
                {
                    Network = ilbNetwork.Id,
                    Subnetwork = ilbSubnet.Id,
                },
            },
            BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
            {
                InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
                {
                    Image = "debian-cloud/debian-10",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.InstanceTemplate;
    import com.pulumi.gcp.compute.InstanceTemplateArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
    import com.pulumi.gcp.compute.RegionInstanceGroupManager;
    import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
    import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.Firewall;
    import com.pulumi.gcp.compute.FirewallArgs;
    import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
    import com.pulumi.gcp.compute.Instance;
    import com.pulumi.gcp.compute.InstanceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
    import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var ilbNetwork = new Network("ilbNetwork", NetworkArgs.builder()        
                .name("l4-ilb-network")
                .autoCreateSubnetworks(false)
                .build());
    
            var ilbSubnet = new Subnetwork("ilbSubnet", SubnetworkArgs.builder()        
                .name("l4-ilb-subnet")
                .ipCidrRange("10.0.1.0/24")
                .region("europe-west1")
                .network(ilbNetwork.id())
                .build());
    
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
                .name("l4-ilb-hc")
                .region("europe-west1")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
                .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                    .accessConfigs()
                    .network(ilbNetwork.id())
                    .subnetwork(ilbSubnet.id())
                    .build())
                .name("l4-ilb-mig-template")
                .machineType("e2-small")
                .tags(            
                    "allow-ssh",
                    "allow-health-check")
                .disks(InstanceTemplateDiskArgs.builder()
                    .sourceImage("debian-cloud/debian-10")
                    .autoDelete(true)
                    .boot(true)
                    .build())
                .metadata(Map.of("startup-script", """
    #! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
                """))
                .build());
    
            var mig = new RegionInstanceGroupManager("mig", RegionInstanceGroupManagerArgs.builder()        
                .name("l4-ilb-mig1")
                .region("europe-west1")
                .versions(RegionInstanceGroupManagerVersionArgs.builder()
                    .instanceTemplate(instanceTemplate.id())
                    .name("primary")
                    .build())
                .baseInstanceName("vm")
                .targetSize(2)
                .build());
    
            var default_ = new RegionBackendService("default", RegionBackendServiceArgs.builder()        
                .name("l4-ilb-backend-subnet")
                .region("europe-west1")
                .protocol("TCP")
                .loadBalancingScheme("INTERNAL")
                .healthChecks(defaultRegionHealthCheck.id())
                .backends(RegionBackendServiceBackendArgs.builder()
                    .group(mig.instanceGroup())
                    .balancingMode("CONNECTION")
                    .build())
                .build());
    
            var googleComputeForwardingRule = new ForwardingRule("googleComputeForwardingRule", ForwardingRuleArgs.builder()        
                .name("l4-ilb-forwarding-rule")
                .backendService(default_.id())
                .region("europe-west1")
                .ipProtocol("TCP")
                .loadBalancingScheme("INTERNAL")
                .allPorts(true)
                .allowGlobalAccess(true)
                .network(ilbNetwork.id())
                .subnetwork(ilbSubnet.id())
                .build());
    
            var fwHc = new Firewall("fwHc", FirewallArgs.builder()        
                .name("l4-ilb-fw-allow-hc")
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .sourceRanges(            
                    "130.211.0.0/22",
                    "35.191.0.0/16",
                    "35.235.240.0/20")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build())
                .targetTags("allow-health-check")
                .build());
    
            var fwIlbToBackends = new Firewall("fwIlbToBackends", FirewallArgs.builder()        
                .name("l4-ilb-fw-allow-ilb-to-backends")
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .sourceRanges("10.0.1.0/24")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("udp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("icmp")
                        .build())
                .build());
    
            var fwIlbSsh = new Firewall("fwIlbSsh", FirewallArgs.builder()        
                .name("l4-ilb-fw-ssh")
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("22")
                    .build())
                .targetTags("allow-ssh")
                .sourceRanges("0.0.0.0/0")
                .build());
    
            var vmTest = new Instance("vmTest", InstanceArgs.builder()        
                .name("l4-ilb-test-vm")
                .zone("europe-west1-b")
                .machineType("e2-small")
                .networkInterfaces(InstanceNetworkInterfaceArgs.builder()
                    .network(ilbNetwork.id())
                    .subnetwork(ilbSubnet.id())
                    .build())
                .bootDisk(InstanceBootDiskArgs.builder()
                    .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
                        .image("debian-cloud/debian-10")
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      # Internal TCP/UDP load balancer with a managed instance group backend
    
      # VPC
      ilbNetwork:
        type: gcp:compute:Network
        name: ilb_network
        properties:
          name: l4-ilb-network
          autoCreateSubnetworks: false
      # backed subnet
      ilbSubnet:
        type: gcp:compute:Subnetwork
        name: ilb_subnet
        properties:
          name: l4-ilb-subnet
          ipCidrRange: 10.0.1.0/24
          region: europe-west1
          network: ${ilbNetwork.id}
      # forwarding rule
      googleComputeForwardingRule:
        type: gcp:compute:ForwardingRule
        name: google_compute_forwarding_rule
        properties:
          name: l4-ilb-forwarding-rule
          backendService: ${default.id}
          region: europe-west1
          ipProtocol: TCP
          loadBalancingScheme: INTERNAL
          allPorts: true
          allowGlobalAccess: true
          network: ${ilbNetwork.id}
          subnetwork: ${ilbSubnet.id}
      # backend service
      default:
        type: gcp:compute:RegionBackendService
        properties:
          name: l4-ilb-backend-subnet
          region: europe-west1
          protocol: TCP
          loadBalancingScheme: INTERNAL
          healthChecks: ${defaultRegionHealthCheck.id}
          backends:
            - group: ${mig.instanceGroup}
              balancingMode: CONNECTION
      # instance template
      instanceTemplate:
        type: gcp:compute:InstanceTemplate
        name: instance_template
        properties:
          networkInterfaces:
            - accessConfigs:
                - {}
              network: ${ilbNetwork.id}
              subnetwork: ${ilbSubnet.id}
          name: l4-ilb-mig-template
          machineType: e2-small
          tags:
            - allow-ssh
            - allow-health-check
          disks:
            - sourceImage: debian-cloud/debian-10
              autoDelete: true
              boot: true
          metadata:
            startup-script: |
              #! /bin/bash
              set -euo pipefail
    
              export DEBIAN_FRONTEND=noninteractive
              apt-get update
              apt-get install -y nginx-light jq
    
              NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
              IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
              METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
              cat <<EOF > /var/www/html/index.html
              <pre>
              Name: $NAME
              IP: $IP
              Metadata: $METADATA
              </pre>
              EOF          
      # health check
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        name: default
        properties:
          name: l4-ilb-hc
          region: europe-west1
          httpHealthCheck:
            port: '80'
      # MIG
      mig:
        type: gcp:compute:RegionInstanceGroupManager
        properties:
          name: l4-ilb-mig1
          region: europe-west1
          versions:
            - instanceTemplate: ${instanceTemplate.id}
              name: primary
          baseInstanceName: vm
          targetSize: 2
      # allow all access from health check ranges
      fwHc:
        type: gcp:compute:Firewall
        name: fw_hc
        properties:
          name: l4-ilb-fw-allow-hc
          direction: INGRESS
          network: ${ilbNetwork.id}
          sourceRanges:
            - 130.211.0.0/22
            - 35.191.0.0/16
            - 35.235.240.0/20
          allows:
            - protocol: tcp
          targetTags:
            - allow-health-check
      # allow communication within the subnet
      fwIlbToBackends:
        type: gcp:compute:Firewall
        name: fw_ilb_to_backends
        properties:
          name: l4-ilb-fw-allow-ilb-to-backends
          direction: INGRESS
          network: ${ilbNetwork.id}
          sourceRanges:
            - 10.0.1.0/24
          allows:
            - protocol: tcp
            - protocol: udp
            - protocol: icmp
      # allow SSH
      fwIlbSsh:
        type: gcp:compute:Firewall
        name: fw_ilb_ssh
        properties:
          name: l4-ilb-fw-ssh
          direction: INGRESS
          network: ${ilbNetwork.id}
          allows:
            - protocol: tcp
              ports:
                - '22'
          targetTags:
            - allow-ssh
          sourceRanges:
            - 0.0.0.0/0
      # test instance
      vmTest:
        type: gcp:compute:Instance
        name: vm_test
        properties:
          name: l4-ilb-test-vm
          zone: europe-west1-b
          machineType: e2-small
          networkInterfaces:
            - network: ${ilbNetwork.id}
              subnetwork: ${ilbSubnet.id}
          bootDisk:
            initializeParams:
              image: debian-cloud/debian-10
    

    Forwarding Rule Externallb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const hc = new gcp.compute.RegionHealthCheck("hc", {
        name: "check-website-backend",
        checkIntervalSec: 1,
        timeoutSec: 1,
        region: "us-central1",
        tcpHealthCheck: {
            port: 80,
        },
    });
    const backend = new gcp.compute.RegionBackendService("backend", {
        name: "website-backend",
        region: "us-central1",
        loadBalancingScheme: "EXTERNAL",
        healthChecks: hc.id,
    });
    // Forwarding rule for External Network Load Balancing using Backend Services
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        portRange: "80",
        backendService: backend.id,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    hc = gcp.compute.RegionHealthCheck("hc",
        name="check-website-backend",
        check_interval_sec=1,
        timeout_sec=1,
        region="us-central1",
        tcp_health_check=gcp.compute.RegionHealthCheckTcpHealthCheckArgs(
            port=80,
        ))
    backend = gcp.compute.RegionBackendService("backend",
        name="website-backend",
        region="us-central1",
        load_balancing_scheme="EXTERNAL",
        health_checks=hc.id)
    # Forwarding rule for External Network Load Balancing using Backend Services
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        port_range="80",
        backend_service=backend.id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		hc, err := compute.NewRegionHealthCheck(ctx, "hc", &compute.RegionHealthCheckArgs{
    			Name:             pulumi.String("check-website-backend"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			Region:           pulumi.String("us-central1"),
    			TcpHealthCheck: &compute.RegionHealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
    			Name:                pulumi.String("website-backend"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    			HealthChecks:        hc.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for External Network Load Balancing using Backend Services
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:           pulumi.String("website-forwarding-rule"),
    			Region:         pulumi.String("us-central1"),
    			PortRange:      pulumi.String("80"),
    			BackendService: backend.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var hc = new Gcp.Compute.RegionHealthCheck("hc", new()
        {
            Name = "check-website-backend",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            Region = "us-central1",
            TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var backend = new Gcp.Compute.RegionBackendService("backend", new()
        {
            Name = "website-backend",
            Region = "us-central1",
            LoadBalancingScheme = "EXTERNAL",
            HealthChecks = hc.Id,
        });
    
        // Forwarding rule for External Network Load Balancing using Backend Services
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            PortRange = "80",
            BackendService = backend.Id,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new RegionHealthCheck("hc", RegionHealthCheckArgs.builder()        
                .name("check-website-backend")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .region("us-central1")
                .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()        
                .name("website-backend")
                .region("us-central1")
                .loadBalancingScheme("EXTERNAL")
                .healthChecks(hc.id())
                .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("website-forwarding-rule")
                .region("us-central1")
                .portRange(80)
                .backendService(backend.id())
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for External Network Load Balancing using Backend Services
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          portRange: 80
          backendService: ${backend.id}
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          name: website-backend
          region: us-central1
          loadBalancingScheme: EXTERNAL
          healthChecks: ${hc.id}
      hc:
        type: gcp:compute:RegionHealthCheck
        properties:
          name: check-website-backend
          checkIntervalSec: 1
          timeoutSec: 1
          region: us-central1
          tcpHealthCheck:
            port: '80'
    

    Forwarding Rule Global Internallb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const hc = new gcp.compute.HealthCheck("hc", {
        name: "check-website-backend",
        checkIntervalSec: 1,
        timeoutSec: 1,
        tcpHealthCheck: {
            port: 80,
        },
    });
    const backend = new gcp.compute.RegionBackendService("backend", {
        name: "website-backend",
        region: "us-central1",
        healthChecks: hc.id,
    });
    const defaultNetwork = new gcp.compute.Network("default", {
        name: "website-net",
        autoCreateSubnetworks: false,
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "website-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: defaultNetwork.id,
    });
    // Forwarding rule for Internal Load Balancing
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        loadBalancingScheme: "INTERNAL",
        backendService: backend.id,
        allPorts: true,
        allowGlobalAccess: true,
        network: defaultNetwork.name,
        subnetwork: defaultSubnetwork.name,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    hc = gcp.compute.HealthCheck("hc",
        name="check-website-backend",
        check_interval_sec=1,
        timeout_sec=1,
        tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
            port=80,
        ))
    backend = gcp.compute.RegionBackendService("backend",
        name="website-backend",
        region="us-central1",
        health_checks=hc.id)
    default_network = gcp.compute.Network("default",
        name="website-net",
        auto_create_subnetworks=False)
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="website-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=default_network.id)
    # Forwarding rule for Internal Load Balancing
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        load_balancing_scheme="INTERNAL",
        backend_service=backend.id,
        all_ports=True,
        allow_global_access=True,
        network=default_network.name,
        subnetwork=default_subnetwork.name)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		hc, err := compute.NewHealthCheck(ctx, "hc", &compute.HealthCheckArgs{
    			Name:             pulumi.String("check-website-backend"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
    			Name:         pulumi.String("website-backend"),
    			Region:       pulumi.String("us-central1"),
    			HealthChecks: hc.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("website-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net"),
    			IpCidrRange: pulumi.String("10.0.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for Internal Load Balancing
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("website-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			BackendService:      backend.ID(),
    			AllPorts:            pulumi.Bool(true),
    			AllowGlobalAccess:   pulumi.Bool(true),
    			Network:             defaultNetwork.Name,
    			Subnetwork:          defaultSubnetwork.Name,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var hc = new Gcp.Compute.HealthCheck("hc", new()
        {
            Name = "check-website-backend",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var backend = new Gcp.Compute.RegionBackendService("backend", new()
        {
            Name = "website-backend",
            Region = "us-central1",
            HealthChecks = hc.Id,
        });
    
        var defaultNetwork = new Gcp.Compute.Network("default", new()
        {
            Name = "website-net",
            AutoCreateSubnetworks = false,
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "website-net",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            Network = defaultNetwork.Id,
        });
    
        // Forwarding rule for Internal Load Balancing
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            LoadBalancingScheme = "INTERNAL",
            BackendService = backend.Id,
            AllPorts = true,
            AllowGlobalAccess = true,
            Network = defaultNetwork.Name,
            Subnetwork = defaultSubnetwork.Name,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new HealthCheck("hc", HealthCheckArgs.builder()        
                .name("check-website-backend")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()        
                .name("website-backend")
                .region("us-central1")
                .healthChecks(hc.id())
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
                .name("website-net")
                .autoCreateSubnetworks(false)
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
                .name("website-net")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("website-forwarding-rule")
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(backend.id())
                .allPorts(true)
                .allowGlobalAccess(true)
                .network(defaultNetwork.name())
                .subnetwork(defaultSubnetwork.name())
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for Internal Load Balancing
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${backend.id}
          allPorts: true
          allowGlobalAccess: true
          network: ${defaultNetwork.name}
          subnetwork: ${defaultSubnetwork.name}
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          name: website-backend
          region: us-central1
          healthChecks: ${hc.id}
      hc:
        type: gcp:compute:HealthCheck
        properties:
          name: check-website-backend
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
      defaultNetwork:
        type: gcp:compute:Network
        name: default
        properties:
          name: website-net
          autoCreateSubnetworks: false
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: website-net
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${defaultNetwork.id}
    

    Forwarding Rule Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const defaultTargetPool = new gcp.compute.TargetPool("default", {name: "website-target-pool"});
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        target: defaultTargetPool.id,
        portRange: "80",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    default_target_pool = gcp.compute.TargetPool("default", name="website-target-pool")
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        target=default_target_pool.id,
        port_range="80")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		defaultTargetPool, err := compute.NewTargetPool(ctx, "default", &compute.TargetPoolArgs{
    			Name: pulumi.String("website-target-pool"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:      pulumi.String("website-forwarding-rule"),
    			Target:    defaultTargetPool.ID(),
    			PortRange: pulumi.String("80"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var defaultTargetPool = new Gcp.Compute.TargetPool("default", new()
        {
            Name = "website-target-pool",
        });
    
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Target = defaultTargetPool.Id,
            PortRange = "80",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.TargetPool;
    import com.pulumi.gcp.compute.TargetPoolArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var defaultTargetPool = new TargetPool("defaultTargetPool", TargetPoolArgs.builder()        
                .name("website-target-pool")
                .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("website-forwarding-rule")
                .target(defaultTargetPool.id())
                .portRange("80")
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          target: ${defaultTargetPool.id}
          portRange: '80'
      defaultTargetPool:
        type: gcp:compute:TargetPool
        name: default
        properties:
          name: website-target-pool
    

    Forwarding Rule L3 Default

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const healthCheck = new gcp.compute.RegionHealthCheck("health_check", {
        name: "health-check",
        region: "us-central1",
        tcpHealthCheck: {
            port: 80,
        },
    });
    const service = new gcp.compute.RegionBackendService("service", {
        region: "us-central1",
        name: "service",
        healthChecks: healthCheck.id,
        protocol: "UNSPECIFIED",
        loadBalancingScheme: "EXTERNAL",
    });
    const fwdRule = new gcp.compute.ForwardingRule("fwd_rule", {
        name: "l3-forwarding-rule",
        backendService: service.id,
        ipProtocol: "L3_DEFAULT",
        allPorts: true,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    health_check = gcp.compute.RegionHealthCheck("health_check",
        name="health-check",
        region="us-central1",
        tcp_health_check=gcp.compute.RegionHealthCheckTcpHealthCheckArgs(
            port=80,
        ))
    service = gcp.compute.RegionBackendService("service",
        region="us-central1",
        name="service",
        health_checks=health_check.id,
        protocol="UNSPECIFIED",
        load_balancing_scheme="EXTERNAL")
    fwd_rule = gcp.compute.ForwardingRule("fwd_rule",
        name="l3-forwarding-rule",
        backend_service=service.id,
        ip_protocol="L3_DEFAULT",
        all_ports=True)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		healthCheck, err := compute.NewRegionHealthCheck(ctx, "health_check", &compute.RegionHealthCheckArgs{
    			Name:   pulumi.String("health-check"),
    			Region: pulumi.String("us-central1"),
    			TcpHealthCheck: &compute.RegionHealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		service, err := compute.NewRegionBackendService(ctx, "service", &compute.RegionBackendServiceArgs{
    			Region:              pulumi.String("us-central1"),
    			Name:                pulumi.String("service"),
    			HealthChecks:        healthCheck.ID(),
    			Protocol:            pulumi.String("UNSPECIFIED"),
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewForwardingRule(ctx, "fwd_rule", &compute.ForwardingRuleArgs{
    			Name:           pulumi.String("l3-forwarding-rule"),
    			BackendService: service.ID(),
    			IpProtocol:     pulumi.String("L3_DEFAULT"),
    			AllPorts:       pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var healthCheck = new Gcp.Compute.RegionHealthCheck("health_check", new()
        {
            Name = "health-check",
            Region = "us-central1",
            TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var service = new Gcp.Compute.RegionBackendService("service", new()
        {
            Region = "us-central1",
            Name = "service",
            HealthChecks = healthCheck.Id,
            Protocol = "UNSPECIFIED",
            LoadBalancingScheme = "EXTERNAL",
        });
    
        var fwdRule = new Gcp.Compute.ForwardingRule("fwd_rule", new()
        {
            Name = "l3-forwarding-rule",
            BackendService = service.Id,
            IpProtocol = "L3_DEFAULT",
            AllPorts = true,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var healthCheck = new RegionHealthCheck("healthCheck", RegionHealthCheckArgs.builder()        
                .name("health-check")
                .region("us-central1")
                .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()
                    .port(80)
                    .build())
                .build());
    
            var service = new RegionBackendService("service", RegionBackendServiceArgs.builder()        
                .region("us-central1")
                .name("service")
                .healthChecks(healthCheck.id())
                .protocol("UNSPECIFIED")
                .loadBalancingScheme("EXTERNAL")
                .build());
    
            var fwdRule = new ForwardingRule("fwdRule", ForwardingRuleArgs.builder()        
                .name("l3-forwarding-rule")
                .backendService(service.id())
                .ipProtocol("L3_DEFAULT")
                .allPorts(true)
                .build());
    
        }
    }
    
    resources:
      fwdRule:
        type: gcp:compute:ForwardingRule
        name: fwd_rule
        properties:
          name: l3-forwarding-rule
          backendService: ${service.id}
          ipProtocol: L3_DEFAULT
          allPorts: true
      service:
        type: gcp:compute:RegionBackendService
        properties:
          region: us-central1
          name: service
          healthChecks: ${healthCheck.id}
          protocol: UNSPECIFIED
          loadBalancingScheme: EXTERNAL
      healthCheck:
        type: gcp:compute:RegionHealthCheck
        name: health_check
        properties:
          name: health-check
          region: us-central1
          tcpHealthCheck:
            port: 80
    

    Forwarding Rule Internallb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const hc = new gcp.compute.HealthCheck("hc", {
        name: "check-website-backend",
        checkIntervalSec: 1,
        timeoutSec: 1,
        tcpHealthCheck: {
            port: 80,
        },
    });
    const backend = new gcp.compute.RegionBackendService("backend", {
        name: "website-backend",
        region: "us-central1",
        healthChecks: hc.id,
    });
    const defaultNetwork = new gcp.compute.Network("default", {
        name: "website-net",
        autoCreateSubnetworks: false,
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "website-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: defaultNetwork.id,
    });
    // Forwarding rule for Internal Load Balancing
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        loadBalancingScheme: "INTERNAL",
        backendService: backend.id,
        allPorts: true,
        network: defaultNetwork.name,
        subnetwork: defaultSubnetwork.name,
        ipVersion: "IPV4",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    hc = gcp.compute.HealthCheck("hc",
        name="check-website-backend",
        check_interval_sec=1,
        timeout_sec=1,
        tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
            port=80,
        ))
    backend = gcp.compute.RegionBackendService("backend",
        name="website-backend",
        region="us-central1",
        health_checks=hc.id)
    default_network = gcp.compute.Network("default",
        name="website-net",
        auto_create_subnetworks=False)
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="website-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=default_network.id)
    # Forwarding rule for Internal Load Balancing
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        load_balancing_scheme="INTERNAL",
        backend_service=backend.id,
        all_ports=True,
        network=default_network.name,
        subnetwork=default_subnetwork.name,
        ip_version="IPV4")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		hc, err := compute.NewHealthCheck(ctx, "hc", &compute.HealthCheckArgs{
    			Name:             pulumi.String("check-website-backend"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
    			Name:         pulumi.String("website-backend"),
    			Region:       pulumi.String("us-central1"),
    			HealthChecks: hc.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("website-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net"),
    			IpCidrRange: pulumi.String("10.0.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for Internal Load Balancing
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("website-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			BackendService:      backend.ID(),
    			AllPorts:            pulumi.Bool(true),
    			Network:             defaultNetwork.Name,
    			Subnetwork:          defaultSubnetwork.Name,
    			IpVersion:           pulumi.String("IPV4"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var hc = new Gcp.Compute.HealthCheck("hc", new()
        {
            Name = "check-website-backend",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var backend = new Gcp.Compute.RegionBackendService("backend", new()
        {
            Name = "website-backend",
            Region = "us-central1",
            HealthChecks = hc.Id,
        });
    
        var defaultNetwork = new Gcp.Compute.Network("default", new()
        {
            Name = "website-net",
            AutoCreateSubnetworks = false,
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "website-net",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            Network = defaultNetwork.Id,
        });
    
        // Forwarding rule for Internal Load Balancing
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            LoadBalancingScheme = "INTERNAL",
            BackendService = backend.Id,
            AllPorts = true,
            Network = defaultNetwork.Name,
            Subnetwork = defaultSubnetwork.Name,
            IpVersion = "IPV4",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new HealthCheck("hc", HealthCheckArgs.builder()        
                .name("check-website-backend")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()        
                .name("website-backend")
                .region("us-central1")
                .healthChecks(hc.id())
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
                .name("website-net")
                .autoCreateSubnetworks(false)
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
                .name("website-net")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("website-forwarding-rule")
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(backend.id())
                .allPorts(true)
                .network(defaultNetwork.name())
                .subnetwork(defaultSubnetwork.name())
                .ipVersion("IPV4")
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for Internal Load Balancing
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${backend.id}
          allPorts: true
          network: ${defaultNetwork.name}
          subnetwork: ${defaultSubnetwork.name}
          ipVersion: IPV4
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          name: website-backend
          region: us-central1
          healthChecks: ${hc.id}
      hc:
        type: gcp:compute:HealthCheck
        properties:
          name: check-website-backend
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
      defaultNetwork:
        type: gcp:compute:Network
        name: default
        properties:
          name: website-net
          autoCreateSubnetworks: false
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: website-net
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${defaultNetwork.id}
    

    Forwarding Rule Http Lb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const debianImage = gcp.compute.getImage({
        family: "debian-11",
        project: "debian-cloud",
    });
    const defaultNetwork = new gcp.compute.Network("default", {
        name: "website-net",
        autoCreateSubnetworks: false,
        routingMode: "REGIONAL",
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "website-net-default",
        ipCidrRange: "10.1.2.0/24",
        region: "us-central1",
        network: defaultNetwork.id,
    });
    const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
        name: "template-website-backend",
        machineType: "e2-medium",
        networkInterfaces: [{
            network: defaultNetwork.id,
            subnetwork: defaultSubnetwork.id,
        }],
        disks: [{
            sourceImage: debianImage.then(debianImage => debianImage.selfLink),
            autoDelete: true,
            boot: true,
        }],
        tags: [
            "allow-ssh",
            "load-balanced-backend",
        ],
    });
    const rigm = new gcp.compute.RegionInstanceGroupManager("rigm", {
        region: "us-central1",
        name: "website-rigm",
        versions: [{
            instanceTemplate: instanceTemplate.id,
            name: "primary",
        }],
        baseInstanceName: "internal-glb",
        targetSize: 1,
    });
    const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
        region: "us-central1",
        name: "website-hc",
        httpHealthCheck: {
            portSpecification: "USE_SERVING_PORT",
        },
    });
    const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", {
        loadBalancingScheme: "INTERNAL_MANAGED",
        backends: [{
            group: rigm.instanceGroup,
            balancingMode: "UTILIZATION",
            capacityScaler: 1,
        }],
        region: "us-central1",
        name: "website-backend",
        protocol: "HTTP",
        timeoutSec: 10,
        healthChecks: defaultRegionHealthCheck.id,
    });
    const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", {
        region: "us-central1",
        name: "website-map",
        defaultService: defaultRegionBackendService.id,
    });
    const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", {
        region: "us-central1",
        name: "website-proxy",
        urlMap: defaultRegionUrlMap.id,
    });
    // Forwarding rule for Internal Load Balancing
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        ipProtocol: "TCP",
        loadBalancingScheme: "INTERNAL_MANAGED",
        portRange: "80",
        target: defaultRegionTargetHttpProxy.id,
        network: defaultNetwork.id,
        subnetwork: defaultSubnetwork.id,
        networkTier: "PREMIUM",
    });
    const fw1 = new gcp.compute.Firewall("fw1", {
        name: "website-fw-1",
        network: defaultNetwork.id,
        sourceRanges: ["10.1.2.0/24"],
        allows: [
            {
                protocol: "tcp",
            },
            {
                protocol: "udp",
            },
            {
                protocol: "icmp",
            },
        ],
        direction: "INGRESS",
    });
    const fw2 = new gcp.compute.Firewall("fw2", {
        name: "website-fw-2",
        network: defaultNetwork.id,
        sourceRanges: ["0.0.0.0/0"],
        allows: [{
            protocol: "tcp",
            ports: ["22"],
        }],
        targetTags: ["allow-ssh"],
        direction: "INGRESS",
    });
    const fw3 = new gcp.compute.Firewall("fw3", {
        name: "website-fw-3",
        network: defaultNetwork.id,
        sourceRanges: [
            "130.211.0.0/22",
            "35.191.0.0/16",
        ],
        allows: [{
            protocol: "tcp",
        }],
        targetTags: ["load-balanced-backend"],
        direction: "INGRESS",
    });
    const fw4 = new gcp.compute.Firewall("fw4", {
        name: "website-fw-4",
        network: defaultNetwork.id,
        sourceRanges: ["10.129.0.0/26"],
        targetTags: ["load-balanced-backend"],
        allows: [
            {
                protocol: "tcp",
                ports: ["80"],
            },
            {
                protocol: "tcp",
                ports: ["443"],
            },
            {
                protocol: "tcp",
                ports: ["8000"],
            },
        ],
        direction: "INGRESS",
    });
    const proxy = new gcp.compute.Subnetwork("proxy", {
        name: "website-net-proxy",
        ipCidrRange: "10.129.0.0/26",
        region: "us-central1",
        network: defaultNetwork.id,
        purpose: "REGIONAL_MANAGED_PROXY",
        role: "ACTIVE",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    debian_image = gcp.compute.get_image(family="debian-11",
        project="debian-cloud")
    default_network = gcp.compute.Network("default",
        name="website-net",
        auto_create_subnetworks=False,
        routing_mode="REGIONAL")
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="website-net-default",
        ip_cidr_range="10.1.2.0/24",
        region="us-central1",
        network=default_network.id)
    instance_template = gcp.compute.InstanceTemplate("instance_template",
        name="template-website-backend",
        machine_type="e2-medium",
        network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
            network=default_network.id,
            subnetwork=default_subnetwork.id,
        )],
        disks=[gcp.compute.InstanceTemplateDiskArgs(
            source_image=debian_image.self_link,
            auto_delete=True,
            boot=True,
        )],
        tags=[
            "allow-ssh",
            "load-balanced-backend",
        ])
    rigm = gcp.compute.RegionInstanceGroupManager("rigm",
        region="us-central1",
        name="website-rigm",
        versions=[gcp.compute.RegionInstanceGroupManagerVersionArgs(
            instance_template=instance_template.id,
            name="primary",
        )],
        base_instance_name="internal-glb",
        target_size=1)
    default_region_health_check = gcp.compute.RegionHealthCheck("default",
        region="us-central1",
        name="website-hc",
        http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
            port_specification="USE_SERVING_PORT",
        ))
    default_region_backend_service = gcp.compute.RegionBackendService("default",
        load_balancing_scheme="INTERNAL_MANAGED",
        backends=[gcp.compute.RegionBackendServiceBackendArgs(
            group=rigm.instance_group,
            balancing_mode="UTILIZATION",
            capacity_scaler=1,
        )],
        region="us-central1",
        name="website-backend",
        protocol="HTTP",
        timeout_sec=10,
        health_checks=default_region_health_check.id)
    default_region_url_map = gcp.compute.RegionUrlMap("default",
        region="us-central1",
        name="website-map",
        default_service=default_region_backend_service.id)
    default_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy("default",
        region="us-central1",
        name="website-proxy",
        url_map=default_region_url_map.id)
    # Forwarding rule for Internal Load Balancing
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        ip_protocol="TCP",
        load_balancing_scheme="INTERNAL_MANAGED",
        port_range="80",
        target=default_region_target_http_proxy.id,
        network=default_network.id,
        subnetwork=default_subnetwork.id,
        network_tier="PREMIUM")
    fw1 = gcp.compute.Firewall("fw1",
        name="website-fw-1",
        network=default_network.id,
        source_ranges=["10.1.2.0/24"],
        allows=[
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="udp",
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="icmp",
            ),
        ],
        direction="INGRESS")
    fw2 = gcp.compute.Firewall("fw2",
        name="website-fw-2",
        network=default_network.id,
        source_ranges=["0.0.0.0/0"],
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
            ports=["22"],
        )],
        target_tags=["allow-ssh"],
        direction="INGRESS")
    fw3 = gcp.compute.Firewall("fw3",
        name="website-fw-3",
        network=default_network.id,
        source_ranges=[
            "130.211.0.0/22",
            "35.191.0.0/16",
        ],
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
        )],
        target_tags=["load-balanced-backend"],
        direction="INGRESS")
    fw4 = gcp.compute.Firewall("fw4",
        name="website-fw-4",
        network=default_network.id,
        source_ranges=["10.129.0.0/26"],
        target_tags=["load-balanced-backend"],
        allows=[
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
                ports=["80"],
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
                ports=["443"],
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
                ports=["8000"],
            ),
        ],
        direction="INGRESS")
    proxy = gcp.compute.Subnetwork("proxy",
        name="website-net-proxy",
        ip_cidr_range="10.129.0.0/26",
        region="us-central1",
        network=default_network.id,
        purpose="REGIONAL_MANAGED_PROXY",
        role="ACTIVE")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		debianImage, err := compute.LookupImage(ctx, &compute.LookupImageArgs{
    			Family:  pulumi.StringRef("debian-11"),
    			Project: pulumi.StringRef("debian-cloud"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("website-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    			RoutingMode:           pulumi.String("REGIONAL"),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net-default"),
    			IpCidrRange: pulumi.String("10.1.2.0/24"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
    			Name:        pulumi.String("template-website-backend"),
    			MachineType: pulumi.String("e2-medium"),
    			NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
    				&compute.InstanceTemplateNetworkInterfaceArgs{
    					Network:    defaultNetwork.ID(),
    					Subnetwork: defaultSubnetwork.ID(),
    				},
    			},
    			Disks: compute.InstanceTemplateDiskArray{
    				&compute.InstanceTemplateDiskArgs{
    					SourceImage: pulumi.String(debianImage.SelfLink),
    					AutoDelete:  pulumi.Bool(true),
    					Boot:        pulumi.Bool(true),
    				},
    			},
    			Tags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    				pulumi.String("load-balanced-backend"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		rigm, err := compute.NewRegionInstanceGroupManager(ctx, "rigm", &compute.RegionInstanceGroupManagerArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-rigm"),
    			Versions: compute.RegionInstanceGroupManagerVersionArray{
    				&compute.RegionInstanceGroupManagerVersionArgs{
    					InstanceTemplate: instanceTemplate.ID(),
    					Name:             pulumi.String("primary"),
    				},
    			},
    			BaseInstanceName: pulumi.String("internal-glb"),
    			TargetSize:       pulumi.Int(1),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-hc"),
    			HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
    				PortSpecification: pulumi.String("USE_SERVING_PORT"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionBackendService, err := compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
    			LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    			Backends: compute.RegionBackendServiceBackendArray{
    				&compute.RegionBackendServiceBackendArgs{
    					Group:          rigm.InstanceGroup,
    					BalancingMode:  pulumi.String("UTILIZATION"),
    					CapacityScaler: pulumi.Float64(1),
    				},
    			},
    			Region:       pulumi.String("us-central1"),
    			Name:         pulumi.String("website-backend"),
    			Protocol:     pulumi.String("HTTP"),
    			TimeoutSec:   pulumi.Int(10),
    			HealthChecks: defaultRegionHealthCheck.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{
    			Region:         pulumi.String("us-central1"),
    			Name:           pulumi.String("website-map"),
    			DefaultService: defaultRegionBackendService.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-proxy"),
    			UrlMap: defaultRegionUrlMap.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for Internal Load Balancing
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("website-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			IpProtocol:          pulumi.String("TCP"),
    			LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    			PortRange:           pulumi.String("80"),
    			Target:              defaultRegionTargetHttpProxy.ID(),
    			Network:             defaultNetwork.ID(),
    			Subnetwork:          defaultSubnetwork.ID(),
    			NetworkTier:         pulumi.String("PREMIUM"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw1", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-1"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.1.2.0/24"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("udp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("icmp"),
    				},
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw2", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-2"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("0.0.0.0/0"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("22"),
    					},
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw3", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-3"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("130.211.0.0/22"),
    				pulumi.String("35.191.0.0/16"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("load-balanced-backend"),
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw4", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-4"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.129.0.0/26"),
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("load-balanced-backend"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("80"),
    					},
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("443"),
    					},
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("8000"),
    					},
    				},
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewSubnetwork(ctx, "proxy", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net-proxy"),
    			IpCidrRange: pulumi.String("10.129.0.0/26"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    			Purpose:     pulumi.String("REGIONAL_MANAGED_PROXY"),
    			Role:        pulumi.String("ACTIVE"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var debianImage = Gcp.Compute.GetImage.Invoke(new()
        {
            Family = "debian-11",
            Project = "debian-cloud",
        });
    
        var defaultNetwork = new Gcp.Compute.Network("default", new()
        {
            Name = "website-net",
            AutoCreateSubnetworks = false,
            RoutingMode = "REGIONAL",
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "website-net-default",
            IpCidrRange = "10.1.2.0/24",
            Region = "us-central1",
            Network = defaultNetwork.Id,
        });
    
        var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
        {
            Name = "template-website-backend",
            MachineType = "e2-medium",
            NetworkInterfaces = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
                {
                    Network = defaultNetwork.Id,
                    Subnetwork = defaultSubnetwork.Id,
                },
            },
            Disks = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
                {
                    SourceImage = debianImage.Apply(getImageResult => getImageResult.SelfLink),
                    AutoDelete = true,
                    Boot = true,
                },
            },
            Tags = new[]
            {
                "allow-ssh",
                "load-balanced-backend",
            },
        });
    
        var rigm = new Gcp.Compute.RegionInstanceGroupManager("rigm", new()
        {
            Region = "us-central1",
            Name = "website-rigm",
            Versions = new[]
            {
                new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs
                {
                    InstanceTemplate = instanceTemplate.Id,
                    Name = "primary",
                },
            },
            BaseInstanceName = "internal-glb",
            TargetSize = 1,
        });
    
        var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
        {
            Region = "us-central1",
            Name = "website-hc",
            HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
            {
                PortSpecification = "USE_SERVING_PORT",
            },
        });
    
        var defaultRegionBackendService = new Gcp.Compute.RegionBackendService("default", new()
        {
            LoadBalancingScheme = "INTERNAL_MANAGED",
            Backends = new[]
            {
                new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs
                {
                    Group = rigm.InstanceGroup,
                    BalancingMode = "UTILIZATION",
                    CapacityScaler = 1,
                },
            },
            Region = "us-central1",
            Name = "website-backend",
            Protocol = "HTTP",
            TimeoutSec = 10,
            HealthChecks = defaultRegionHealthCheck.Id,
        });
    
        var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new()
        {
            Region = "us-central1",
            Name = "website-map",
            DefaultService = defaultRegionBackendService.Id,
        });
    
        var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy("default", new()
        {
            Region = "us-central1",
            Name = "website-proxy",
            UrlMap = defaultRegionUrlMap.Id,
        });
    
        // Forwarding rule for Internal Load Balancing
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            IpProtocol = "TCP",
            LoadBalancingScheme = "INTERNAL_MANAGED",
            PortRange = "80",
            Target = defaultRegionTargetHttpProxy.Id,
            Network = defaultNetwork.Id,
            Subnetwork = defaultSubnetwork.Id,
            NetworkTier = "PREMIUM",
        });
    
        var fw1 = new Gcp.Compute.Firewall("fw1", new()
        {
            Name = "website-fw-1",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "10.1.2.0/24",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "udp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "icmp",
                },
            },
            Direction = "INGRESS",
        });
    
        var fw2 = new Gcp.Compute.Firewall("fw2", new()
        {
            Name = "website-fw-2",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "0.0.0.0/0",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "22",
                    },
                },
            },
            TargetTags = new[]
            {
                "allow-ssh",
            },
            Direction = "INGRESS",
        });
    
        var fw3 = new Gcp.Compute.Firewall("fw3", new()
        {
            Name = "website-fw-3",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "130.211.0.0/22",
                "35.191.0.0/16",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
            },
            TargetTags = new[]
            {
                "load-balanced-backend",
            },
            Direction = "INGRESS",
        });
    
        var fw4 = new Gcp.Compute.Firewall("fw4", new()
        {
            Name = "website-fw-4",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "10.129.0.0/26",
            },
            TargetTags = new[]
            {
                "load-balanced-backend",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "80",
                    },
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "443",
                    },
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "8000",
                    },
                },
            },
            Direction = "INGRESS",
        });
    
        var proxy = new Gcp.Compute.Subnetwork("proxy", new()
        {
            Name = "website-net-proxy",
            IpCidrRange = "10.129.0.0/26",
            Region = "us-central1",
            Network = defaultNetwork.Id,
            Purpose = "REGIONAL_MANAGED_PROXY",
            Role = "ACTIVE",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.ComputeFunctions;
    import com.pulumi.gcp.compute.inputs.GetImageArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.InstanceTemplate;
    import com.pulumi.gcp.compute.InstanceTemplateArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
    import com.pulumi.gcp.compute.RegionInstanceGroupManager;
    import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
    import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
    import com.pulumi.gcp.compute.RegionUrlMap;
    import com.pulumi.gcp.compute.RegionUrlMapArgs;
    import com.pulumi.gcp.compute.RegionTargetHttpProxy;
    import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.Firewall;
    import com.pulumi.gcp.compute.FirewallArgs;
    import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
                .family("debian-11")
                .project("debian-cloud")
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
                .name("website-net")
                .autoCreateSubnetworks(false)
                .routingMode("REGIONAL")
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
                .name("website-net-default")
                .ipCidrRange("10.1.2.0/24")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build());
    
            var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
                .name("template-website-backend")
                .machineType("e2-medium")
                .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                    .network(defaultNetwork.id())
                    .subnetwork(defaultSubnetwork.id())
                    .build())
                .disks(InstanceTemplateDiskArgs.builder()
                    .sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
                    .autoDelete(true)
                    .boot(true)
                    .build())
                .tags(            
                    "allow-ssh",
                    "load-balanced-backend")
                .build());
    
            var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder()        
                .region("us-central1")
                .name("website-rigm")
                .versions(RegionInstanceGroupManagerVersionArgs.builder()
                    .instanceTemplate(instanceTemplate.id())
                    .name("primary")
                    .build())
                .baseInstanceName("internal-glb")
                .targetSize(1)
                .build());
    
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
                .region("us-central1")
                .name("website-hc")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .portSpecification("USE_SERVING_PORT")
                    .build())
                .build());
    
            var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()        
                .loadBalancingScheme("INTERNAL_MANAGED")
                .backends(RegionBackendServiceBackendArgs.builder()
                    .group(rigm.instanceGroup())
                    .balancingMode("UTILIZATION")
                    .capacityScaler(1)
                    .build())
                .region("us-central1")
                .name("website-backend")
                .protocol("HTTP")
                .timeoutSec(10)
                .healthChecks(defaultRegionHealthCheck.id())
                .build());
    
            var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()        
                .region("us-central1")
                .name("website-map")
                .defaultService(defaultRegionBackendService.id())
                .build());
    
            var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()        
                .region("us-central1")
                .name("website-proxy")
                .urlMap(defaultRegionUrlMap.id())
                .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("website-forwarding-rule")
                .region("us-central1")
                .ipProtocol("TCP")
                .loadBalancingScheme("INTERNAL_MANAGED")
                .portRange("80")
                .target(defaultRegionTargetHttpProxy.id())
                .network(defaultNetwork.id())
                .subnetwork(defaultSubnetwork.id())
                .networkTier("PREMIUM")
                .build());
    
            var fw1 = new Firewall("fw1", FirewallArgs.builder()        
                .name("website-fw-1")
                .network(defaultNetwork.id())
                .sourceRanges("10.1.2.0/24")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("udp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("icmp")
                        .build())
                .direction("INGRESS")
                .build());
    
            var fw2 = new Firewall("fw2", FirewallArgs.builder()        
                .name("website-fw-2")
                .network(defaultNetwork.id())
                .sourceRanges("0.0.0.0/0")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("22")
                    .build())
                .targetTags("allow-ssh")
                .direction("INGRESS")
                .build());
    
            var fw3 = new Firewall("fw3", FirewallArgs.builder()        
                .name("website-fw-3")
                .network(defaultNetwork.id())
                .sourceRanges(            
                    "130.211.0.0/22",
                    "35.191.0.0/16")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build())
                .targetTags("load-balanced-backend")
                .direction("INGRESS")
                .build());
    
            var fw4 = new Firewall("fw4", FirewallArgs.builder()        
                .name("website-fw-4")
                .network(defaultNetwork.id())
                .sourceRanges("10.129.0.0/26")
                .targetTags("load-balanced-backend")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("80")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("443")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("8000")
                        .build())
                .direction("INGRESS")
                .build());
    
            var proxy = new Subnetwork("proxy", SubnetworkArgs.builder()        
                .name("website-net-proxy")
                .ipCidrRange("10.129.0.0/26")
                .region("us-central1")
                .network(defaultNetwork.id())
                .purpose("REGIONAL_MANAGED_PROXY")
                .role("ACTIVE")
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for Internal Load Balancing
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          ipProtocol: TCP
          loadBalancingScheme: INTERNAL_MANAGED
          portRange: '80'
          target: ${defaultRegionTargetHttpProxy.id}
          network: ${defaultNetwork.id}
          subnetwork: ${defaultSubnetwork.id}
          networkTier: PREMIUM
      defaultRegionTargetHttpProxy:
        type: gcp:compute:RegionTargetHttpProxy
        name: default
        properties:
          region: us-central1
          name: website-proxy
          urlMap: ${defaultRegionUrlMap.id}
      defaultRegionUrlMap:
        type: gcp:compute:RegionUrlMap
        name: default
        properties:
          region: us-central1
          name: website-map
          defaultService: ${defaultRegionBackendService.id}
      defaultRegionBackendService:
        type: gcp:compute:RegionBackendService
        name: default
        properties:
          loadBalancingScheme: INTERNAL_MANAGED
          backends:
            - group: ${rigm.instanceGroup}
              balancingMode: UTILIZATION
              capacityScaler: 1
          region: us-central1
          name: website-backend
          protocol: HTTP
          timeoutSec: 10
          healthChecks: ${defaultRegionHealthCheck.id}
      rigm:
        type: gcp:compute:RegionInstanceGroupManager
        properties:
          region: us-central1
          name: website-rigm
          versions:
            - instanceTemplate: ${instanceTemplate.id}
              name: primary
          baseInstanceName: internal-glb
          targetSize: 1
      instanceTemplate:
        type: gcp:compute:InstanceTemplate
        name: instance_template
        properties:
          name: template-website-backend
          machineType: e2-medium
          networkInterfaces:
            - network: ${defaultNetwork.id}
              subnetwork: ${defaultSubnetwork.id}
          disks:
            - sourceImage: ${debianImage.selfLink}
              autoDelete: true
              boot: true
          tags:
            - allow-ssh
            - load-balanced-backend
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        name: default
        properties:
          region: us-central1
          name: website-hc
          httpHealthCheck:
            portSpecification: USE_SERVING_PORT
      fw1:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-1
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.1.2.0/24
          allows:
            - protocol: tcp
            - protocol: udp
            - protocol: icmp
          direction: INGRESS
      fw2:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-2
          network: ${defaultNetwork.id}
          sourceRanges:
            - 0.0.0.0/0
          allows:
            - protocol: tcp
              ports:
                - '22'
          targetTags:
            - allow-ssh
          direction: INGRESS
      fw3:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-3
          network: ${defaultNetwork.id}
          sourceRanges:
            - 130.211.0.0/22
            - 35.191.0.0/16
          allows:
            - protocol: tcp
          targetTags:
            - load-balanced-backend
          direction: INGRESS
      fw4:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-4
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.129.0.0/26
          targetTags:
            - load-balanced-backend
          allows:
            - protocol: tcp
              ports:
                - '80'
            - protocol: tcp
              ports:
                - '443'
            - protocol: tcp
              ports:
                - '8000'
          direction: INGRESS
      defaultNetwork:
        type: gcp:compute:Network
        name: default
        properties:
          name: website-net
          autoCreateSubnetworks: false
          routingMode: REGIONAL
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: website-net-default
          ipCidrRange: 10.1.2.0/24
          region: us-central1
          network: ${defaultNetwork.id}
      proxy:
        type: gcp:compute:Subnetwork
        properties:
          name: website-net-proxy
          ipCidrRange: 10.129.0.0/26
          region: us-central1
          network: ${defaultNetwork.id}
          purpose: REGIONAL_MANAGED_PROXY
          role: ACTIVE
    variables:
      debianImage:
        fn::invoke:
          Function: gcp:compute:getImage
          Arguments:
            family: debian-11
            project: debian-cloud
    

    Forwarding Rule Regional Http Xlb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const debianImage = gcp.compute.getImage({
        family: "debian-11",
        project: "debian-cloud",
    });
    const defaultNetwork = new gcp.compute.Network("default", {
        name: "website-net",
        autoCreateSubnetworks: false,
        routingMode: "REGIONAL",
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "website-net-default",
        ipCidrRange: "10.1.2.0/24",
        region: "us-central1",
        network: defaultNetwork.id,
    });
    const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
        name: "template-website-backend",
        machineType: "e2-medium",
        networkInterfaces: [{
            network: defaultNetwork.id,
            subnetwork: defaultSubnetwork.id,
        }],
        disks: [{
            sourceImage: debianImage.then(debianImage => debianImage.selfLink),
            autoDelete: true,
            boot: true,
        }],
        tags: [
            "allow-ssh",
            "load-balanced-backend",
        ],
    });
    const rigm = new gcp.compute.RegionInstanceGroupManager("rigm", {
        region: "us-central1",
        name: "website-rigm",
        versions: [{
            instanceTemplate: instanceTemplate.id,
            name: "primary",
        }],
        baseInstanceName: "internal-glb",
        targetSize: 1,
    });
    const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
        region: "us-central1",
        name: "website-hc",
        httpHealthCheck: {
            portSpecification: "USE_SERVING_PORT",
        },
    });
    const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", {
        loadBalancingScheme: "EXTERNAL_MANAGED",
        backends: [{
            group: rigm.instanceGroup,
            balancingMode: "UTILIZATION",
            capacityScaler: 1,
        }],
        region: "us-central1",
        name: "website-backend",
        protocol: "HTTP",
        timeoutSec: 10,
        healthChecks: defaultRegionHealthCheck.id,
    });
    const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", {
        region: "us-central1",
        name: "website-map",
        defaultService: defaultRegionBackendService.id,
    });
    const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", {
        region: "us-central1",
        name: "website-proxy",
        urlMap: defaultRegionUrlMap.id,
    });
    const defaultAddress = new gcp.compute.Address("default", {
        name: "website-ip-1",
        region: "us-central1",
        networkTier: "STANDARD",
    });
    // Forwarding rule for Regional External Load Balancing
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        ipProtocol: "TCP",
        loadBalancingScheme: "EXTERNAL_MANAGED",
        portRange: "80",
        target: defaultRegionTargetHttpProxy.id,
        network: defaultNetwork.id,
        ipAddress: defaultAddress.id,
        networkTier: "STANDARD",
    });
    const fw1 = new gcp.compute.Firewall("fw1", {
        name: "website-fw-1",
        network: defaultNetwork.id,
        sourceRanges: ["10.1.2.0/24"],
        allows: [
            {
                protocol: "tcp",
            },
            {
                protocol: "udp",
            },
            {
                protocol: "icmp",
            },
        ],
        direction: "INGRESS",
    });
    const fw2 = new gcp.compute.Firewall("fw2", {
        name: "website-fw-2",
        network: defaultNetwork.id,
        sourceRanges: ["0.0.0.0/0"],
        allows: [{
            protocol: "tcp",
            ports: ["22"],
        }],
        targetTags: ["allow-ssh"],
        direction: "INGRESS",
    });
    const fw3 = new gcp.compute.Firewall("fw3", {
        name: "website-fw-3",
        network: defaultNetwork.id,
        sourceRanges: [
            "130.211.0.0/22",
            "35.191.0.0/16",
        ],
        allows: [{
            protocol: "tcp",
        }],
        targetTags: ["load-balanced-backend"],
        direction: "INGRESS",
    });
    const fw4 = new gcp.compute.Firewall("fw4", {
        name: "website-fw-4",
        network: defaultNetwork.id,
        sourceRanges: ["10.129.0.0/26"],
        targetTags: ["load-balanced-backend"],
        allows: [
            {
                protocol: "tcp",
                ports: ["80"],
            },
            {
                protocol: "tcp",
                ports: ["443"],
            },
            {
                protocol: "tcp",
                ports: ["8000"],
            },
        ],
        direction: "INGRESS",
    });
    const proxy = new gcp.compute.Subnetwork("proxy", {
        name: "website-net-proxy",
        ipCidrRange: "10.129.0.0/26",
        region: "us-central1",
        network: defaultNetwork.id,
        purpose: "REGIONAL_MANAGED_PROXY",
        role: "ACTIVE",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    debian_image = gcp.compute.get_image(family="debian-11",
        project="debian-cloud")
    default_network = gcp.compute.Network("default",
        name="website-net",
        auto_create_subnetworks=False,
        routing_mode="REGIONAL")
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="website-net-default",
        ip_cidr_range="10.1.2.0/24",
        region="us-central1",
        network=default_network.id)
    instance_template = gcp.compute.InstanceTemplate("instance_template",
        name="template-website-backend",
        machine_type="e2-medium",
        network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
            network=default_network.id,
            subnetwork=default_subnetwork.id,
        )],
        disks=[gcp.compute.InstanceTemplateDiskArgs(
            source_image=debian_image.self_link,
            auto_delete=True,
            boot=True,
        )],
        tags=[
            "allow-ssh",
            "load-balanced-backend",
        ])
    rigm = gcp.compute.RegionInstanceGroupManager("rigm",
        region="us-central1",
        name="website-rigm",
        versions=[gcp.compute.RegionInstanceGroupManagerVersionArgs(
            instance_template=instance_template.id,
            name="primary",
        )],
        base_instance_name="internal-glb",
        target_size=1)
    default_region_health_check = gcp.compute.RegionHealthCheck("default",
        region="us-central1",
        name="website-hc",
        http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
            port_specification="USE_SERVING_PORT",
        ))
    default_region_backend_service = gcp.compute.RegionBackendService("default",
        load_balancing_scheme="EXTERNAL_MANAGED",
        backends=[gcp.compute.RegionBackendServiceBackendArgs(
            group=rigm.instance_group,
            balancing_mode="UTILIZATION",
            capacity_scaler=1,
        )],
        region="us-central1",
        name="website-backend",
        protocol="HTTP",
        timeout_sec=10,
        health_checks=default_region_health_check.id)
    default_region_url_map = gcp.compute.RegionUrlMap("default",
        region="us-central1",
        name="website-map",
        default_service=default_region_backend_service.id)
    default_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy("default",
        region="us-central1",
        name="website-proxy",
        url_map=default_region_url_map.id)
    default_address = gcp.compute.Address("default",
        name="website-ip-1",
        region="us-central1",
        network_tier="STANDARD")
    # Forwarding rule for Regional External Load Balancing
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        ip_protocol="TCP",
        load_balancing_scheme="EXTERNAL_MANAGED",
        port_range="80",
        target=default_region_target_http_proxy.id,
        network=default_network.id,
        ip_address=default_address.id,
        network_tier="STANDARD")
    fw1 = gcp.compute.Firewall("fw1",
        name="website-fw-1",
        network=default_network.id,
        source_ranges=["10.1.2.0/24"],
        allows=[
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="udp",
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="icmp",
            ),
        ],
        direction="INGRESS")
    fw2 = gcp.compute.Firewall("fw2",
        name="website-fw-2",
        network=default_network.id,
        source_ranges=["0.0.0.0/0"],
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
            ports=["22"],
        )],
        target_tags=["allow-ssh"],
        direction="INGRESS")
    fw3 = gcp.compute.Firewall("fw3",
        name="website-fw-3",
        network=default_network.id,
        source_ranges=[
            "130.211.0.0/22",
            "35.191.0.0/16",
        ],
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
        )],
        target_tags=["load-balanced-backend"],
        direction="INGRESS")
    fw4 = gcp.compute.Firewall("fw4",
        name="website-fw-4",
        network=default_network.id,
        source_ranges=["10.129.0.0/26"],
        target_tags=["load-balanced-backend"],
        allows=[
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
                ports=["80"],
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
                ports=["443"],
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
                ports=["8000"],
            ),
        ],
        direction="INGRESS")
    proxy = gcp.compute.Subnetwork("proxy",
        name="website-net-proxy",
        ip_cidr_range="10.129.0.0/26",
        region="us-central1",
        network=default_network.id,
        purpose="REGIONAL_MANAGED_PROXY",
        role="ACTIVE")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		debianImage, err := compute.LookupImage(ctx, &compute.LookupImageArgs{
    			Family:  pulumi.StringRef("debian-11"),
    			Project: pulumi.StringRef("debian-cloud"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("website-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    			RoutingMode:           pulumi.String("REGIONAL"),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net-default"),
    			IpCidrRange: pulumi.String("10.1.2.0/24"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
    			Name:        pulumi.String("template-website-backend"),
    			MachineType: pulumi.String("e2-medium"),
    			NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
    				&compute.InstanceTemplateNetworkInterfaceArgs{
    					Network:    defaultNetwork.ID(),
    					Subnetwork: defaultSubnetwork.ID(),
    				},
    			},
    			Disks: compute.InstanceTemplateDiskArray{
    				&compute.InstanceTemplateDiskArgs{
    					SourceImage: pulumi.String(debianImage.SelfLink),
    					AutoDelete:  pulumi.Bool(true),
    					Boot:        pulumi.Bool(true),
    				},
    			},
    			Tags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    				pulumi.String("load-balanced-backend"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		rigm, err := compute.NewRegionInstanceGroupManager(ctx, "rigm", &compute.RegionInstanceGroupManagerArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-rigm"),
    			Versions: compute.RegionInstanceGroupManagerVersionArray{
    				&compute.RegionInstanceGroupManagerVersionArgs{
    					InstanceTemplate: instanceTemplate.ID(),
    					Name:             pulumi.String("primary"),
    				},
    			},
    			BaseInstanceName: pulumi.String("internal-glb"),
    			TargetSize:       pulumi.Int(1),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-hc"),
    			HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
    				PortSpecification: pulumi.String("USE_SERVING_PORT"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionBackendService, err := compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
    			LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
    			Backends: compute.RegionBackendServiceBackendArray{
    				&compute.RegionBackendServiceBackendArgs{
    					Group:          rigm.InstanceGroup,
    					BalancingMode:  pulumi.String("UTILIZATION"),
    					CapacityScaler: pulumi.Float64(1),
    				},
    			},
    			Region:       pulumi.String("us-central1"),
    			Name:         pulumi.String("website-backend"),
    			Protocol:     pulumi.String("HTTP"),
    			TimeoutSec:   pulumi.Int(10),
    			HealthChecks: defaultRegionHealthCheck.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{
    			Region:         pulumi.String("us-central1"),
    			Name:           pulumi.String("website-map"),
    			DefaultService: defaultRegionBackendService.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-proxy"),
    			UrlMap: defaultRegionUrlMap.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultAddress, err := compute.NewAddress(ctx, "default", &compute.AddressArgs{
    			Name:        pulumi.String("website-ip-1"),
    			Region:      pulumi.String("us-central1"),
    			NetworkTier: pulumi.String("STANDARD"),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for Regional External Load Balancing
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("website-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			IpProtocol:          pulumi.String("TCP"),
    			LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
    			PortRange:           pulumi.String("80"),
    			Target:              defaultRegionTargetHttpProxy.ID(),
    			Network:             defaultNetwork.ID(),
    			IpAddress:           defaultAddress.ID(),
    			NetworkTier:         pulumi.String("STANDARD"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw1", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-1"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.1.2.0/24"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("udp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("icmp"),
    				},
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw2", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-2"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("0.0.0.0/0"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("22"),
    					},
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw3", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-3"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("130.211.0.0/22"),
    				pulumi.String("35.191.0.0/16"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("load-balanced-backend"),
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw4", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-4"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.129.0.0/26"),
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("load-balanced-backend"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("80"),
    					},
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("443"),
    					},
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("8000"),
    					},
    				},
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewSubnetwork(ctx, "proxy", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net-proxy"),
    			IpCidrRange: pulumi.String("10.129.0.0/26"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    			Purpose:     pulumi.String("REGIONAL_MANAGED_PROXY"),
    			Role:        pulumi.String("ACTIVE"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var debianImage = Gcp.Compute.GetImage.Invoke(new()
        {
            Family = "debian-11",
            Project = "debian-cloud",
        });
    
        var defaultNetwork = new Gcp.Compute.Network("default", new()
        {
            Name = "website-net",
            AutoCreateSubnetworks = false,
            RoutingMode = "REGIONAL",
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "website-net-default",
            IpCidrRange = "10.1.2.0/24",
            Region = "us-central1",
            Network = defaultNetwork.Id,
        });
    
        var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
        {
            Name = "template-website-backend",
            MachineType = "e2-medium",
            NetworkInterfaces = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
                {
                    Network = defaultNetwork.Id,
                    Subnetwork = defaultSubnetwork.Id,
                },
            },
            Disks = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
                {
                    SourceImage = debianImage.Apply(getImageResult => getImageResult.SelfLink),
                    AutoDelete = true,
                    Boot = true,
                },
            },
            Tags = new[]
            {
                "allow-ssh",
                "load-balanced-backend",
            },
        });
    
        var rigm = new Gcp.Compute.RegionInstanceGroupManager("rigm", new()
        {
            Region = "us-central1",
            Name = "website-rigm",
            Versions = new[]
            {
                new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs
                {
                    InstanceTemplate = instanceTemplate.Id,
                    Name = "primary",
                },
            },
            BaseInstanceName = "internal-glb",
            TargetSize = 1,
        });
    
        var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
        {
            Region = "us-central1",
            Name = "website-hc",
            HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
            {
                PortSpecification = "USE_SERVING_PORT",
            },
        });
    
        var defaultRegionBackendService = new Gcp.Compute.RegionBackendService("default", new()
        {
            LoadBalancingScheme = "EXTERNAL_MANAGED",
            Backends = new[]
            {
                new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs
                {
                    Group = rigm.InstanceGroup,
                    BalancingMode = "UTILIZATION",
                    CapacityScaler = 1,
                },
            },
            Region = "us-central1",
            Name = "website-backend",
            Protocol = "HTTP",
            TimeoutSec = 10,
            HealthChecks = defaultRegionHealthCheck.Id,
        });
    
        var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new()
        {
            Region = "us-central1",
            Name = "website-map",
            DefaultService = defaultRegionBackendService.Id,
        });
    
        var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy("default", new()
        {
            Region = "us-central1",
            Name = "website-proxy",
            UrlMap = defaultRegionUrlMap.Id,
        });
    
        var defaultAddress = new Gcp.Compute.Address("default", new()
        {
            Name = "website-ip-1",
            Region = "us-central1",
            NetworkTier = "STANDARD",
        });
    
        // Forwarding rule for Regional External Load Balancing
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            IpProtocol = "TCP",
            LoadBalancingScheme = "EXTERNAL_MANAGED",
            PortRange = "80",
            Target = defaultRegionTargetHttpProxy.Id,
            Network = defaultNetwork.Id,
            IpAddress = defaultAddress.Id,
            NetworkTier = "STANDARD",
        });
    
        var fw1 = new Gcp.Compute.Firewall("fw1", new()
        {
            Name = "website-fw-1",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "10.1.2.0/24",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "udp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "icmp",
                },
            },
            Direction = "INGRESS",
        });
    
        var fw2 = new Gcp.Compute.Firewall("fw2", new()
        {
            Name = "website-fw-2",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "0.0.0.0/0",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "22",
                    },
                },
            },
            TargetTags = new[]
            {
                "allow-ssh",
            },
            Direction = "INGRESS",
        });
    
        var fw3 = new Gcp.Compute.Firewall("fw3", new()
        {
            Name = "website-fw-3",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "130.211.0.0/22",
                "35.191.0.0/16",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
            },
            TargetTags = new[]
            {
                "load-balanced-backend",
            },
            Direction = "INGRESS",
        });
    
        var fw4 = new Gcp.Compute.Firewall("fw4", new()
        {
            Name = "website-fw-4",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "10.129.0.0/26",
            },
            TargetTags = new[]
            {
                "load-balanced-backend",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "80",
                    },
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "443",
                    },
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "8000",
                    },
                },
            },
            Direction = "INGRESS",
        });
    
        var proxy = new Gcp.Compute.Subnetwork("proxy", new()
        {
            Name = "website-net-proxy",
            IpCidrRange = "10.129.0.0/26",
            Region = "us-central1",
            Network = defaultNetwork.Id,
            Purpose = "REGIONAL_MANAGED_PROXY",
            Role = "ACTIVE",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.ComputeFunctions;
    import com.pulumi.gcp.compute.inputs.GetImageArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.InstanceTemplate;
    import com.pulumi.gcp.compute.InstanceTemplateArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
    import com.pulumi.gcp.compute.RegionInstanceGroupManager;
    import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
    import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
    import com.pulumi.gcp.compute.RegionUrlMap;
    import com.pulumi.gcp.compute.RegionUrlMapArgs;
    import com.pulumi.gcp.compute.RegionTargetHttpProxy;
    import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
    import com.pulumi.gcp.compute.Address;
    import com.pulumi.gcp.compute.AddressArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.Firewall;
    import com.pulumi.gcp.compute.FirewallArgs;
    import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
                .family("debian-11")
                .project("debian-cloud")
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
                .name("website-net")
                .autoCreateSubnetworks(false)
                .routingMode("REGIONAL")
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
                .name("website-net-default")
                .ipCidrRange("10.1.2.0/24")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build());
    
            var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
                .name("template-website-backend")
                .machineType("e2-medium")
                .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                    .network(defaultNetwork.id())
                    .subnetwork(defaultSubnetwork.id())
                    .build())
                .disks(InstanceTemplateDiskArgs.builder()
                    .sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
                    .autoDelete(true)
                    .boot(true)
                    .build())
                .tags(            
                    "allow-ssh",
                    "load-balanced-backend")
                .build());
    
            var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder()        
                .region("us-central1")
                .name("website-rigm")
                .versions(RegionInstanceGroupManagerVersionArgs.builder()
                    .instanceTemplate(instanceTemplate.id())
                    .name("primary")
                    .build())
                .baseInstanceName("internal-glb")
                .targetSize(1)
                .build());
    
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
                .region("us-central1")
                .name("website-hc")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .portSpecification("USE_SERVING_PORT")
                    .build())
                .build());
    
            var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()        
                .loadBalancingScheme("EXTERNAL_MANAGED")
                .backends(RegionBackendServiceBackendArgs.builder()
                    .group(rigm.instanceGroup())
                    .balancingMode("UTILIZATION")
                    .capacityScaler(1)
                    .build())
                .region("us-central1")
                .name("website-backend")
                .protocol("HTTP")
                .timeoutSec(10)
                .healthChecks(defaultRegionHealthCheck.id())
                .build());
    
            var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()        
                .region("us-central1")
                .name("website-map")
                .defaultService(defaultRegionBackendService.id())
                .build());
    
            var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()        
                .region("us-central1")
                .name("website-proxy")
                .urlMap(defaultRegionUrlMap.id())
                .build());
    
            var defaultAddress = new Address("defaultAddress", AddressArgs.builder()        
                .name("website-ip-1")
                .region("us-central1")
                .networkTier("STANDARD")
                .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("website-forwarding-rule")
                .region("us-central1")
                .ipProtocol("TCP")
                .loadBalancingScheme("EXTERNAL_MANAGED")
                .portRange("80")
                .target(defaultRegionTargetHttpProxy.id())
                .network(defaultNetwork.id())
                .ipAddress(defaultAddress.id())
                .networkTier("STANDARD")
                .build());
    
            var fw1 = new Firewall("fw1", FirewallArgs.builder()        
                .name("website-fw-1")
                .network(defaultNetwork.id())
                .sourceRanges("10.1.2.0/24")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("udp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("icmp")
                        .build())
                .direction("INGRESS")
                .build());
    
            var fw2 = new Firewall("fw2", FirewallArgs.builder()        
                .name("website-fw-2")
                .network(defaultNetwork.id())
                .sourceRanges("0.0.0.0/0")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("22")
                    .build())
                .targetTags("allow-ssh")
                .direction("INGRESS")
                .build());
    
            var fw3 = new Firewall("fw3", FirewallArgs.builder()        
                .name("website-fw-3")
                .network(defaultNetwork.id())
                .sourceRanges(            
                    "130.211.0.0/22",
                    "35.191.0.0/16")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build())
                .targetTags("load-balanced-backend")
                .direction("INGRESS")
                .build());
    
            var fw4 = new Firewall("fw4", FirewallArgs.builder()        
                .name("website-fw-4")
                .network(defaultNetwork.id())
                .sourceRanges("10.129.0.0/26")
                .targetTags("load-balanced-backend")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("80")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("443")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("8000")
                        .build())
                .direction("INGRESS")
                .build());
    
            var proxy = new Subnetwork("proxy", SubnetworkArgs.builder()        
                .name("website-net-proxy")
                .ipCidrRange("10.129.0.0/26")
                .region("us-central1")
                .network(defaultNetwork.id())
                .purpose("REGIONAL_MANAGED_PROXY")
                .role("ACTIVE")
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for Regional External Load Balancing
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          ipProtocol: TCP
          loadBalancingScheme: EXTERNAL_MANAGED
          portRange: '80'
          target: ${defaultRegionTargetHttpProxy.id}
          network: ${defaultNetwork.id}
          ipAddress: ${defaultAddress.id}
          networkTier: STANDARD
      defaultRegionTargetHttpProxy:
        type: gcp:compute:RegionTargetHttpProxy
        name: default
        properties:
          region: us-central1
          name: website-proxy
          urlMap: ${defaultRegionUrlMap.id}
      defaultRegionUrlMap:
        type: gcp:compute:RegionUrlMap
        name: default
        properties:
          region: us-central1
          name: website-map
          defaultService: ${defaultRegionBackendService.id}
      defaultRegionBackendService:
        type: gcp:compute:RegionBackendService
        name: default
        properties:
          loadBalancingScheme: EXTERNAL_MANAGED
          backends:
            - group: ${rigm.instanceGroup}
              balancingMode: UTILIZATION
              capacityScaler: 1
          region: us-central1
          name: website-backend
          protocol: HTTP
          timeoutSec: 10
          healthChecks: ${defaultRegionHealthCheck.id}
      rigm:
        type: gcp:compute:RegionInstanceGroupManager
        properties:
          region: us-central1
          name: website-rigm
          versions:
            - instanceTemplate: ${instanceTemplate.id}
              name: primary
          baseInstanceName: internal-glb
          targetSize: 1
      instanceTemplate:
        type: gcp:compute:InstanceTemplate
        name: instance_template
        properties:
          name: template-website-backend
          machineType: e2-medium
          networkInterfaces:
            - network: ${defaultNetwork.id}
              subnetwork: ${defaultSubnetwork.id}
          disks:
            - sourceImage: ${debianImage.selfLink}
              autoDelete: true
              boot: true
          tags:
            - allow-ssh
            - load-balanced-backend
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        name: default
        properties:
          region: us-central1
          name: website-hc
          httpHealthCheck:
            portSpecification: USE_SERVING_PORT
      defaultAddress:
        type: gcp:compute:Address
        name: default
        properties:
          name: website-ip-1
          region: us-central1
          networkTier: STANDARD
      fw1:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-1
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.1.2.0/24
          allows:
            - protocol: tcp
            - protocol: udp
            - protocol: icmp
          direction: INGRESS
      fw2:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-2
          network: ${defaultNetwork.id}
          sourceRanges:
            - 0.0.0.0/0
          allows:
            - protocol: tcp
              ports:
                - '22'
          targetTags:
            - allow-ssh
          direction: INGRESS
      fw3:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-3
          network: ${defaultNetwork.id}
          sourceRanges:
            - 130.211.0.0/22
            - 35.191.0.0/16
          allows:
            - protocol: tcp
          targetTags:
            - load-balanced-backend
          direction: INGRESS
      fw4:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-4
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.129.0.0/26
          targetTags:
            - load-balanced-backend
          allows:
            - protocol: tcp
              ports:
                - '80'
            - protocol: tcp
              ports:
                - '443'
            - protocol: tcp
              ports:
                - '8000'
          direction: INGRESS
      defaultNetwork:
        type: gcp:compute:Network
        name: default
        properties:
          name: website-net
          autoCreateSubnetworks: false
          routingMode: REGIONAL
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: website-net-default
          ipCidrRange: 10.1.2.0/24
          region: us-central1
          network: ${defaultNetwork.id}
      proxy:
        type: gcp:compute:Subnetwork
        properties:
          name: website-net-proxy
          ipCidrRange: 10.129.0.0/26
          region: us-central1
          network: ${defaultNetwork.id}
          purpose: REGIONAL_MANAGED_PROXY
          role: ACTIVE
    variables:
      debianImage:
        fn::invoke:
          Function: gcp:compute:getImage
          Arguments:
            family: debian-11
            project: debian-cloud
    

    Forwarding Rule Vpc Psc

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    // Consumer service endpoint
    const consumerNet = new gcp.compute.Network("consumer_net", {
        name: "consumer-net",
        autoCreateSubnetworks: false,
    });
    const consumerSubnet = new gcp.compute.Subnetwork("consumer_subnet", {
        name: "consumer-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: consumerNet.id,
    });
    const consumerAddress = new gcp.compute.Address("consumer_address", {
        name: "website-ip-1",
        region: "us-central1",
        subnetwork: consumerSubnet.id,
        addressType: "INTERNAL",
    });
    // Producer service attachment
    const producerNet = new gcp.compute.Network("producer_net", {
        name: "producer-net",
        autoCreateSubnetworks: false,
    });
    const pscProducerSubnet = new gcp.compute.Subnetwork("psc_producer_subnet", {
        name: "producer-psc-net",
        ipCidrRange: "10.1.0.0/16",
        region: "us-central1",
        purpose: "PRIVATE_SERVICE_CONNECT",
        network: producerNet.id,
    });
    const producerSubnet = new gcp.compute.Subnetwork("producer_subnet", {
        name: "producer-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: producerNet.id,
    });
    const producerServiceHealthCheck = new gcp.compute.HealthCheck("producer_service_health_check", {
        name: "producer-service-health-check",
        checkIntervalSec: 1,
        timeoutSec: 1,
        tcpHealthCheck: {
            port: 80,
        },
    });
    const producerServiceBackend = new gcp.compute.RegionBackendService("producer_service_backend", {
        name: "producer-service-backend",
        region: "us-central1",
        healthChecks: producerServiceHealthCheck.id,
    });
    const producerTargetService = new gcp.compute.ForwardingRule("producer_target_service", {
        name: "producer-forwarding-rule",
        region: "us-central1",
        loadBalancingScheme: "INTERNAL",
        backendService: producerServiceBackend.id,
        allPorts: true,
        network: producerNet.name,
        subnetwork: producerSubnet.name,
    });
    const producerServiceAttachment = new gcp.compute.ServiceAttachment("producer_service_attachment", {
        name: "producer-service",
        region: "us-central1",
        description: "A service attachment configured with Terraform",
        enableProxyProtocol: true,
        connectionPreference: "ACCEPT_AUTOMATIC",
        natSubnets: [pscProducerSubnet.name],
        targetService: producerTargetService.id,
    });
    // Forwarding rule for VPC private service connect
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "psc-endpoint",
        region: "us-central1",
        loadBalancingScheme: "",
        target: producerServiceAttachment.id,
        network: consumerNet.name,
        ipAddress: consumerAddress.id,
        allowPscGlobalAccess: true,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    # Consumer service endpoint
    consumer_net = gcp.compute.Network("consumer_net",
        name="consumer-net",
        auto_create_subnetworks=False)
    consumer_subnet = gcp.compute.Subnetwork("consumer_subnet",
        name="consumer-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=consumer_net.id)
    consumer_address = gcp.compute.Address("consumer_address",
        name="website-ip-1",
        region="us-central1",
        subnetwork=consumer_subnet.id,
        address_type="INTERNAL")
    # Producer service attachment
    producer_net = gcp.compute.Network("producer_net",
        name="producer-net",
        auto_create_subnetworks=False)
    psc_producer_subnet = gcp.compute.Subnetwork("psc_producer_subnet",
        name="producer-psc-net",
        ip_cidr_range="10.1.0.0/16",
        region="us-central1",
        purpose="PRIVATE_SERVICE_CONNECT",
        network=producer_net.id)
    producer_subnet = gcp.compute.Subnetwork("producer_subnet",
        name="producer-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=producer_net.id)
    producer_service_health_check = gcp.compute.HealthCheck("producer_service_health_check",
        name="producer-service-health-check",
        check_interval_sec=1,
        timeout_sec=1,
        tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
            port=80,
        ))
    producer_service_backend = gcp.compute.RegionBackendService("producer_service_backend",
        name="producer-service-backend",
        region="us-central1",
        health_checks=producer_service_health_check.id)
    producer_target_service = gcp.compute.ForwardingRule("producer_target_service",
        name="producer-forwarding-rule",
        region="us-central1",
        load_balancing_scheme="INTERNAL",
        backend_service=producer_service_backend.id,
        all_ports=True,
        network=producer_net.name,
        subnetwork=producer_subnet.name)
    producer_service_attachment = gcp.compute.ServiceAttachment("producer_service_attachment",
        name="producer-service",
        region="us-central1",
        description="A service attachment configured with Terraform",
        enable_proxy_protocol=True,
        connection_preference="ACCEPT_AUTOMATIC",
        nat_subnets=[psc_producer_subnet.name],
        target_service=producer_target_service.id)
    # Forwarding rule for VPC private service connect
    default = gcp.compute.ForwardingRule("default",
        name="psc-endpoint",
        region="us-central1",
        load_balancing_scheme="",
        target=producer_service_attachment.id,
        network=consumer_net.name,
        ip_address=consumer_address.id,
        allow_psc_global_access=True)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// Consumer service endpoint
    		consumerNet, err := compute.NewNetwork(ctx, "consumer_net", &compute.NetworkArgs{
    			Name:                  pulumi.String("consumer-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		consumerSubnet, err := compute.NewSubnetwork(ctx, "consumer_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("consumer-net"),
    			IpCidrRange: pulumi.String("10.0.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Network:     consumerNet.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		consumerAddress, err := compute.NewAddress(ctx, "consumer_address", &compute.AddressArgs{
    			Name:        pulumi.String("website-ip-1"),
    			Region:      pulumi.String("us-central1"),
    			Subnetwork:  consumerSubnet.ID(),
    			AddressType: pulumi.String("INTERNAL"),
    		})
    		if err != nil {
    			return err
    		}
    		// Producer service attachment
    		producerNet, err := compute.NewNetwork(ctx, "producer_net", &compute.NetworkArgs{
    			Name:                  pulumi.String("producer-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		pscProducerSubnet, err := compute.NewSubnetwork(ctx, "psc_producer_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("producer-psc-net"),
    			IpCidrRange: pulumi.String("10.1.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Purpose:     pulumi.String("PRIVATE_SERVICE_CONNECT"),
    			Network:     producerNet.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		producerSubnet, err := compute.NewSubnetwork(ctx, "producer_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("producer-net"),
    			IpCidrRange: pulumi.String("10.0.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Network:     producerNet.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		producerServiceHealthCheck, err := compute.NewHealthCheck(ctx, "producer_service_health_check", &compute.HealthCheckArgs{
    			Name:             pulumi.String("producer-service-health-check"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		producerServiceBackend, err := compute.NewRegionBackendService(ctx, "producer_service_backend", &compute.RegionBackendServiceArgs{
    			Name:         pulumi.String("producer-service-backend"),
    			Region:       pulumi.String("us-central1"),
    			HealthChecks: producerServiceHealthCheck.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		producerTargetService, err := compute.NewForwardingRule(ctx, "producer_target_service", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("producer-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			BackendService:      producerServiceBackend.ID(),
    			AllPorts:            pulumi.Bool(true),
    			Network:             producerNet.Name,
    			Subnetwork:          producerSubnet.Name,
    		})
    		if err != nil {
    			return err
    		}
    		producerServiceAttachment, err := compute.NewServiceAttachment(ctx, "producer_service_attachment", &compute.ServiceAttachmentArgs{
    			Name:                 pulumi.String("producer-service"),
    			Region:               pulumi.String("us-central1"),
    			Description:          pulumi.String("A service attachment configured with Terraform"),
    			EnableProxyProtocol:  pulumi.Bool(true),
    			ConnectionPreference: pulumi.String("ACCEPT_AUTOMATIC"),
    			NatSubnets: pulumi.StringArray{
    				pscProducerSubnet.Name,
    			},
    			TargetService: producerTargetService.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for VPC private service connect
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                 pulumi.String("psc-endpoint"),
    			Region:               pulumi.String("us-central1"),
    			LoadBalancingScheme:  pulumi.String(""),
    			Target:               producerServiceAttachment.ID(),
    			Network:              consumerNet.Name,
    			IpAddress:            consumerAddress.ID(),
    			AllowPscGlobalAccess: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        // Consumer service endpoint
        var consumerNet = new Gcp.Compute.Network("consumer_net", new()
        {
            Name = "consumer-net",
            AutoCreateSubnetworks = false,
        });
    
        var consumerSubnet = new Gcp.Compute.Subnetwork("consumer_subnet", new()
        {
            Name = "consumer-net",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            Network = consumerNet.Id,
        });
    
        var consumerAddress = new Gcp.Compute.Address("consumer_address", new()
        {
            Name = "website-ip-1",
            Region = "us-central1",
            Subnetwork = consumerSubnet.Id,
            AddressType = "INTERNAL",
        });
    
        // Producer service attachment
        var producerNet = new Gcp.Compute.Network("producer_net", new()
        {
            Name = "producer-net",
            AutoCreateSubnetworks = false,
        });
    
        var pscProducerSubnet = new Gcp.Compute.Subnetwork("psc_producer_subnet", new()
        {
            Name = "producer-psc-net",
            IpCidrRange = "10.1.0.0/16",
            Region = "us-central1",
            Purpose = "PRIVATE_SERVICE_CONNECT",
            Network = producerNet.Id,
        });
    
        var producerSubnet = new Gcp.Compute.Subnetwork("producer_subnet", new()
        {
            Name = "producer-net",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            Network = producerNet.Id,
        });
    
        var producerServiceHealthCheck = new Gcp.Compute.HealthCheck("producer_service_health_check", new()
        {
            Name = "producer-service-health-check",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var producerServiceBackend = new Gcp.Compute.RegionBackendService("producer_service_backend", new()
        {
            Name = "producer-service-backend",
            Region = "us-central1",
            HealthChecks = producerServiceHealthCheck.Id,
        });
    
        var producerTargetService = new Gcp.Compute.ForwardingRule("producer_target_service", new()
        {
            Name = "producer-forwarding-rule",
            Region = "us-central1",
            LoadBalancingScheme = "INTERNAL",
            BackendService = producerServiceBackend.Id,
            AllPorts = true,
            Network = producerNet.Name,
            Subnetwork = producerSubnet.Name,
        });
    
        var producerServiceAttachment = new Gcp.Compute.ServiceAttachment("producer_service_attachment", new()
        {
            Name = "producer-service",
            Region = "us-central1",
            Description = "A service attachment configured with Terraform",
            EnableProxyProtocol = true,
            ConnectionPreference = "ACCEPT_AUTOMATIC",
            NatSubnets = new[]
            {
                pscProducerSubnet.Name,
            },
            TargetService = producerTargetService.Id,
        });
    
        // Forwarding rule for VPC private service connect
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "psc-endpoint",
            Region = "us-central1",
            LoadBalancingScheme = "",
            Target = producerServiceAttachment.Id,
            Network = consumerNet.Name,
            IpAddress = consumerAddress.Id,
            AllowPscGlobalAccess = true,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.Address;
    import com.pulumi.gcp.compute.AddressArgs;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.ServiceAttachment;
    import com.pulumi.gcp.compute.ServiceAttachmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var consumerNet = new Network("consumerNet", NetworkArgs.builder()        
                .name("consumer-net")
                .autoCreateSubnetworks(false)
                .build());
    
            var consumerSubnet = new Subnetwork("consumerSubnet", SubnetworkArgs.builder()        
                .name("consumer-net")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(consumerNet.id())
                .build());
    
            var consumerAddress = new Address("consumerAddress", AddressArgs.builder()        
                .name("website-ip-1")
                .region("us-central1")
                .subnetwork(consumerSubnet.id())
                .addressType("INTERNAL")
                .build());
    
            var producerNet = new Network("producerNet", NetworkArgs.builder()        
                .name("producer-net")
                .autoCreateSubnetworks(false)
                .build());
    
            var pscProducerSubnet = new Subnetwork("pscProducerSubnet", SubnetworkArgs.builder()        
                .name("producer-psc-net")
                .ipCidrRange("10.1.0.0/16")
                .region("us-central1")
                .purpose("PRIVATE_SERVICE_CONNECT")
                .network(producerNet.id())
                .build());
    
            var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder()        
                .name("producer-net")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(producerNet.id())
                .build());
    
            var producerServiceHealthCheck = new HealthCheck("producerServiceHealthCheck", HealthCheckArgs.builder()        
                .name("producer-service-health-check")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var producerServiceBackend = new RegionBackendService("producerServiceBackend", RegionBackendServiceArgs.builder()        
                .name("producer-service-backend")
                .region("us-central1")
                .healthChecks(producerServiceHealthCheck.id())
                .build());
    
            var producerTargetService = new ForwardingRule("producerTargetService", ForwardingRuleArgs.builder()        
                .name("producer-forwarding-rule")
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(producerServiceBackend.id())
                .allPorts(true)
                .network(producerNet.name())
                .subnetwork(producerSubnet.name())
                .build());
    
            var producerServiceAttachment = new ServiceAttachment("producerServiceAttachment", ServiceAttachmentArgs.builder()        
                .name("producer-service")
                .region("us-central1")
                .description("A service attachment configured with Terraform")
                .enableProxyProtocol(true)
                .connectionPreference("ACCEPT_AUTOMATIC")
                .natSubnets(pscProducerSubnet.name())
                .targetService(producerTargetService.id())
                .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("psc-endpoint")
                .region("us-central1")
                .loadBalancingScheme("")
                .target(producerServiceAttachment.id())
                .network(consumerNet.name())
                .ipAddress(consumerAddress.id())
                .allowPscGlobalAccess(true)
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for VPC private service connect
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: psc-endpoint
          region: us-central1
          loadBalancingScheme:
          target: ${producerServiceAttachment.id}
          network: ${consumerNet.name}
          ipAddress: ${consumerAddress.id}
          allowPscGlobalAccess: true
      # Consumer service endpoint
      consumerNet:
        type: gcp:compute:Network
        name: consumer_net
        properties:
          name: consumer-net
          autoCreateSubnetworks: false
      consumerSubnet:
        type: gcp:compute:Subnetwork
        name: consumer_subnet
        properties:
          name: consumer-net
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${consumerNet.id}
      consumerAddress:
        type: gcp:compute:Address
        name: consumer_address
        properties:
          name: website-ip-1
          region: us-central1
          subnetwork: ${consumerSubnet.id}
          addressType: INTERNAL
      # Producer service attachment
      producerNet:
        type: gcp:compute:Network
        name: producer_net
        properties:
          name: producer-net
          autoCreateSubnetworks: false
      producerSubnet:
        type: gcp:compute:Subnetwork
        name: producer_subnet
        properties:
          name: producer-net
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${producerNet.id}
      pscProducerSubnet:
        type: gcp:compute:Subnetwork
        name: psc_producer_subnet
        properties:
          name: producer-psc-net
          ipCidrRange: 10.1.0.0/16
          region: us-central1
          purpose: PRIVATE_SERVICE_CONNECT
          network: ${producerNet.id}
      producerServiceAttachment:
        type: gcp:compute:ServiceAttachment
        name: producer_service_attachment
        properties:
          name: producer-service
          region: us-central1
          description: A service attachment configured with Terraform
          enableProxyProtocol: true
          connectionPreference: ACCEPT_AUTOMATIC
          natSubnets:
            - ${pscProducerSubnet.name}
          targetService: ${producerTargetService.id}
      producerTargetService:
        type: gcp:compute:ForwardingRule
        name: producer_target_service
        properties:
          name: producer-forwarding-rule
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${producerServiceBackend.id}
          allPorts: true
          network: ${producerNet.name}
          subnetwork: ${producerSubnet.name}
      producerServiceBackend:
        type: gcp:compute:RegionBackendService
        name: producer_service_backend
        properties:
          name: producer-service-backend
          region: us-central1
          healthChecks: ${producerServiceHealthCheck.id}
      producerServiceHealthCheck:
        type: gcp:compute:HealthCheck
        name: producer_service_health_check
        properties:
          name: producer-service-health-check
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
    

    Forwarding Rule Vpc Psc No Automate Dns

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const consumerNet = new gcp.compute.Network("consumer_net", {
        name: "consumer-net",
        autoCreateSubnetworks: false,
    });
    const consumerSubnet = new gcp.compute.Subnetwork("consumer_subnet", {
        name: "consumer-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: consumerNet.id,
    });
    const consumerAddress = new gcp.compute.Address("consumer_address", {
        name: "website-ip-1",
        region: "us-central1",
        subnetwork: consumerSubnet.id,
        addressType: "INTERNAL",
    });
    const producerNet = new gcp.compute.Network("producer_net", {
        name: "producer-net",
        autoCreateSubnetworks: false,
    });
    const pscProducerSubnet = new gcp.compute.Subnetwork("psc_producer_subnet", {
        name: "producer-psc-net",
        ipCidrRange: "10.1.0.0/16",
        region: "us-central1",
        purpose: "PRIVATE_SERVICE_CONNECT",
        network: producerNet.id,
    });
    const producerSubnet = new gcp.compute.Subnetwork("producer_subnet", {
        name: "producer-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: producerNet.id,
    });
    const producerServiceHealthCheck = new gcp.compute.HealthCheck("producer_service_health_check", {
        name: "producer-service-health-check",
        checkIntervalSec: 1,
        timeoutSec: 1,
        tcpHealthCheck: {
            port: 80,
        },
    });
    const producerServiceBackend = new gcp.compute.RegionBackendService("producer_service_backend", {
        name: "producer-service-backend",
        region: "us-central1",
        healthChecks: producerServiceHealthCheck.id,
    });
    const producerTargetService = new gcp.compute.ForwardingRule("producer_target_service", {
        name: "producer-forwarding-rule",
        region: "us-central1",
        loadBalancingScheme: "INTERNAL",
        backendService: producerServiceBackend.id,
        allPorts: true,
        network: producerNet.name,
        subnetwork: producerSubnet.name,
    });
    const producerServiceAttachment = new gcp.compute.ServiceAttachment("producer_service_attachment", {
        name: "producer-service",
        region: "us-central1",
        description: "A service attachment configured with Terraform",
        enableProxyProtocol: true,
        connectionPreference: "ACCEPT_AUTOMATIC",
        natSubnets: [pscProducerSubnet.name],
        targetService: producerTargetService.id,
    });
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "psc-endpoint",
        region: "us-central1",
        loadBalancingScheme: "",
        target: producerServiceAttachment.id,
        network: consumerNet.name,
        ipAddress: consumerAddress.id,
        allowPscGlobalAccess: true,
        noAutomateDnsZone: true,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    consumer_net = gcp.compute.Network("consumer_net",
        name="consumer-net",
        auto_create_subnetworks=False)
    consumer_subnet = gcp.compute.Subnetwork("consumer_subnet",
        name="consumer-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=consumer_net.id)
    consumer_address = gcp.compute.Address("consumer_address",
        name="website-ip-1",
        region="us-central1",
        subnetwork=consumer_subnet.id,
        address_type="INTERNAL")
    producer_net = gcp.compute.Network("producer_net",
        name="producer-net",
        auto_create_subnetworks=False)
    psc_producer_subnet = gcp.compute.Subnetwork("psc_producer_subnet",
        name="producer-psc-net",
        ip_cidr_range="10.1.0.0/16",
        region="us-central1",
        purpose="PRIVATE_SERVICE_CONNECT",
        network=producer_net.id)
    producer_subnet = gcp.compute.Subnetwork("producer_subnet",
        name="producer-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=producer_net.id)
    producer_service_health_check = gcp.compute.HealthCheck("producer_service_health_check",
        name="producer-service-health-check",
        check_interval_sec=1,
        timeout_sec=1,
        tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
            port=80,
        ))
    producer_service_backend = gcp.compute.RegionBackendService("producer_service_backend",
        name="producer-service-backend",
        region="us-central1",
        health_checks=producer_service_health_check.id)
    producer_target_service = gcp.compute.ForwardingRule("producer_target_service",
        name="producer-forwarding-rule",
        region="us-central1",
        load_balancing_scheme="INTERNAL",
        backend_service=producer_service_backend.id,
        all_ports=True,
        network=producer_net.name,
        subnetwork=producer_subnet.name)
    producer_service_attachment = gcp.compute.ServiceAttachment("producer_service_attachment",
        name="producer-service",
        region="us-central1",
        description="A service attachment configured with Terraform",
        enable_proxy_protocol=True,
        connection_preference="ACCEPT_AUTOMATIC",
        nat_subnets=[psc_producer_subnet.name],
        target_service=producer_target_service.id)
    default = gcp.compute.ForwardingRule("default",
        name="psc-endpoint",
        region="us-central1",
        load_balancing_scheme="",
        target=producer_service_attachment.id,
        network=consumer_net.name,
        ip_address=consumer_address.id,
        allow_psc_global_access=True,
        no_automate_dns_zone=True)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		consumerNet, err := compute.NewNetwork(ctx, "consumer_net", &compute.NetworkArgs{
    			Name:                  pulumi.String("consumer-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		consumerSubnet, err := compute.NewSubnetwork(ctx, "consumer_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("consumer-net"),
    			IpCidrRange: pulumi.String("10.0.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Network:     consumerNet.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		consumerAddress, err := compute.NewAddress(ctx, "consumer_address", &compute.AddressArgs{
    			Name:        pulumi.String("website-ip-1"),
    			Region:      pulumi.String("us-central1"),
    			Subnetwork:  consumerSubnet.ID(),
    			AddressType: pulumi.String("INTERNAL"),
    		})
    		if err != nil {
    			return err
    		}
    		producerNet, err := compute.NewNetwork(ctx, "producer_net", &compute.NetworkArgs{
    			Name:                  pulumi.String("producer-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		pscProducerSubnet, err := compute.NewSubnetwork(ctx, "psc_producer_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("producer-psc-net"),
    			IpCidrRange: pulumi.String("10.1.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Purpose:     pulumi.String("PRIVATE_SERVICE_CONNECT"),
    			Network:     producerNet.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		producerSubnet, err := compute.NewSubnetwork(ctx, "producer_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("producer-net"),
    			IpCidrRange: pulumi.String("10.0.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Network:     producerNet.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		producerServiceHealthCheck, err := compute.NewHealthCheck(ctx, "producer_service_health_check", &compute.HealthCheckArgs{
    			Name:             pulumi.String("producer-service-health-check"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		producerServiceBackend, err := compute.NewRegionBackendService(ctx, "producer_service_backend", &compute.RegionBackendServiceArgs{
    			Name:         pulumi.String("producer-service-backend"),
    			Region:       pulumi.String("us-central1"),
    			HealthChecks: producerServiceHealthCheck.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		producerTargetService, err := compute.NewForwardingRule(ctx, "producer_target_service", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("producer-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			BackendService:      producerServiceBackend.ID(),
    			AllPorts:            pulumi.Bool(true),
    			Network:             producerNet.Name,
    			Subnetwork:          producerSubnet.Name,
    		})
    		if err != nil {
    			return err
    		}
    		producerServiceAttachment, err := compute.NewServiceAttachment(ctx, "producer_service_attachment", &compute.ServiceAttachmentArgs{
    			Name:                 pulumi.String("producer-service"),
    			Region:               pulumi.String("us-central1"),
    			Description:          pulumi.String("A service attachment configured with Terraform"),
    			EnableProxyProtocol:  pulumi.Bool(true),
    			ConnectionPreference: pulumi.String("ACCEPT_AUTOMATIC"),
    			NatSubnets: pulumi.StringArray{
    				pscProducerSubnet.Name,
    			},
    			TargetService: producerTargetService.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                 pulumi.String("psc-endpoint"),
    			Region:               pulumi.String("us-central1"),
    			LoadBalancingScheme:  pulumi.String(""),
    			Target:               producerServiceAttachment.ID(),
    			Network:              consumerNet.Name,
    			IpAddress:            consumerAddress.ID(),
    			AllowPscGlobalAccess: pulumi.Bool(true),
    			NoAutomateDnsZone:    pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var consumerNet = new Gcp.Compute.Network("consumer_net", new()
        {
            Name = "consumer-net",
            AutoCreateSubnetworks = false,
        });
    
        var consumerSubnet = new Gcp.Compute.Subnetwork("consumer_subnet", new()
        {
            Name = "consumer-net",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            Network = consumerNet.Id,
        });
    
        var consumerAddress = new Gcp.Compute.Address("consumer_address", new()
        {
            Name = "website-ip-1",
            Region = "us-central1",
            Subnetwork = consumerSubnet.Id,
            AddressType = "INTERNAL",
        });
    
        var producerNet = new Gcp.Compute.Network("producer_net", new()
        {
            Name = "producer-net",
            AutoCreateSubnetworks = false,
        });
    
        var pscProducerSubnet = new Gcp.Compute.Subnetwork("psc_producer_subnet", new()
        {
            Name = "producer-psc-net",
            IpCidrRange = "10.1.0.0/16",
            Region = "us-central1",
            Purpose = "PRIVATE_SERVICE_CONNECT",
            Network = producerNet.Id,
        });
    
        var producerSubnet = new Gcp.Compute.Subnetwork("producer_subnet", new()
        {
            Name = "producer-net",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            Network = producerNet.Id,
        });
    
        var producerServiceHealthCheck = new Gcp.Compute.HealthCheck("producer_service_health_check", new()
        {
            Name = "producer-service-health-check",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var producerServiceBackend = new Gcp.Compute.RegionBackendService("producer_service_backend", new()
        {
            Name = "producer-service-backend",
            Region = "us-central1",
            HealthChecks = producerServiceHealthCheck.Id,
        });
    
        var producerTargetService = new Gcp.Compute.ForwardingRule("producer_target_service", new()
        {
            Name = "producer-forwarding-rule",
            Region = "us-central1",
            LoadBalancingScheme = "INTERNAL",
            BackendService = producerServiceBackend.Id,
            AllPorts = true,
            Network = producerNet.Name,
            Subnetwork = producerSubnet.Name,
        });
    
        var producerServiceAttachment = new Gcp.Compute.ServiceAttachment("producer_service_attachment", new()
        {
            Name = "producer-service",
            Region = "us-central1",
            Description = "A service attachment configured with Terraform",
            EnableProxyProtocol = true,
            ConnectionPreference = "ACCEPT_AUTOMATIC",
            NatSubnets = new[]
            {
                pscProducerSubnet.Name,
            },
            TargetService = producerTargetService.Id,
        });
    
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "psc-endpoint",
            Region = "us-central1",
            LoadBalancingScheme = "",
            Target = producerServiceAttachment.Id,
            Network = consumerNet.Name,
            IpAddress = consumerAddress.Id,
            AllowPscGlobalAccess = true,
            NoAutomateDnsZone = true,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.Address;
    import com.pulumi.gcp.compute.AddressArgs;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.ServiceAttachment;
    import com.pulumi.gcp.compute.ServiceAttachmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var consumerNet = new Network("consumerNet", NetworkArgs.builder()        
                .name("consumer-net")
                .autoCreateSubnetworks(false)
                .build());
    
            var consumerSubnet = new Subnetwork("consumerSubnet", SubnetworkArgs.builder()        
                .name("consumer-net")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(consumerNet.id())
                .build());
    
            var consumerAddress = new Address("consumerAddress", AddressArgs.builder()        
                .name("website-ip-1")
                .region("us-central1")
                .subnetwork(consumerSubnet.id())
                .addressType("INTERNAL")
                .build());
    
            var producerNet = new Network("producerNet", NetworkArgs.builder()        
                .name("producer-net")
                .autoCreateSubnetworks(false)
                .build());
    
            var pscProducerSubnet = new Subnetwork("pscProducerSubnet", SubnetworkArgs.builder()        
                .name("producer-psc-net")
                .ipCidrRange("10.1.0.0/16")
                .region("us-central1")
                .purpose("PRIVATE_SERVICE_CONNECT")
                .network(producerNet.id())
                .build());
    
            var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder()        
                .name("producer-net")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(producerNet.id())
                .build());
    
            var producerServiceHealthCheck = new HealthCheck("producerServiceHealthCheck", HealthCheckArgs.builder()        
                .name("producer-service-health-check")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var producerServiceBackend = new RegionBackendService("producerServiceBackend", RegionBackendServiceArgs.builder()        
                .name("producer-service-backend")
                .region("us-central1")
                .healthChecks(producerServiceHealthCheck.id())
                .build());
    
            var producerTargetService = new ForwardingRule("producerTargetService", ForwardingRuleArgs.builder()        
                .name("producer-forwarding-rule")
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(producerServiceBackend.id())
                .allPorts(true)
                .network(producerNet.name())
                .subnetwork(producerSubnet.name())
                .build());
    
            var producerServiceAttachment = new ServiceAttachment("producerServiceAttachment", ServiceAttachmentArgs.builder()        
                .name("producer-service")
                .region("us-central1")
                .description("A service attachment configured with Terraform")
                .enableProxyProtocol(true)
                .connectionPreference("ACCEPT_AUTOMATIC")
                .natSubnets(pscProducerSubnet.name())
                .targetService(producerTargetService.id())
                .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("psc-endpoint")
                .region("us-central1")
                .loadBalancingScheme("")
                .target(producerServiceAttachment.id())
                .network(consumerNet.name())
                .ipAddress(consumerAddress.id())
                .allowPscGlobalAccess(true)
                .noAutomateDnsZone(true)
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: psc-endpoint
          region: us-central1
          loadBalancingScheme:
          target: ${producerServiceAttachment.id}
          network: ${consumerNet.name}
          ipAddress: ${consumerAddress.id}
          allowPscGlobalAccess: true
          noAutomateDnsZone: true
      consumerNet:
        type: gcp:compute:Network
        name: consumer_net
        properties:
          name: consumer-net
          autoCreateSubnetworks: false
      consumerSubnet:
        type: gcp:compute:Subnetwork
        name: consumer_subnet
        properties:
          name: consumer-net
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${consumerNet.id}
      consumerAddress:
        type: gcp:compute:Address
        name: consumer_address
        properties:
          name: website-ip-1
          region: us-central1
          subnetwork: ${consumerSubnet.id}
          addressType: INTERNAL
      producerNet:
        type: gcp:compute:Network
        name: producer_net
        properties:
          name: producer-net
          autoCreateSubnetworks: false
      producerSubnet:
        type: gcp:compute:Subnetwork
        name: producer_subnet
        properties:
          name: producer-net
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${producerNet.id}
      pscProducerSubnet:
        type: gcp:compute:Subnetwork
        name: psc_producer_subnet
        properties:
          name: producer-psc-net
          ipCidrRange: 10.1.0.0/16
          region: us-central1
          purpose: PRIVATE_SERVICE_CONNECT
          network: ${producerNet.id}
      producerServiceAttachment:
        type: gcp:compute:ServiceAttachment
        name: producer_service_attachment
        properties:
          name: producer-service
          region: us-central1
          description: A service attachment configured with Terraform
          enableProxyProtocol: true
          connectionPreference: ACCEPT_AUTOMATIC
          natSubnets:
            - ${pscProducerSubnet.name}
          targetService: ${producerTargetService.id}
      producerTargetService:
        type: gcp:compute:ForwardingRule
        name: producer_target_service
        properties:
          name: producer-forwarding-rule
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${producerServiceBackend.id}
          allPorts: true
          network: ${producerNet.name}
          subnetwork: ${producerSubnet.name}
      producerServiceBackend:
        type: gcp:compute:RegionBackendService
        name: producer_service_backend
        properties:
          name: producer-service-backend
          region: us-central1
          healthChecks: ${producerServiceHealthCheck.id}
      producerServiceHealthCheck:
        type: gcp:compute:HealthCheck
        name: producer_service_health_check
        properties:
          name: producer-service-health-check
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
    

    Forwarding Rule Regional Steering

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const basic = new gcp.compute.Address("basic", {
        name: "website-ip",
        region: "us-central1",
    });
    const external = new gcp.compute.RegionBackendService("external", {
        name: "service-backend",
        region: "us-central1",
        loadBalancingScheme: "EXTERNAL",
    });
    const steering = new gcp.compute.ForwardingRule("steering", {
        name: "steering-rule",
        region: "us-central1",
        ipAddress: basic.selfLink,
        backendService: external.selfLink,
        loadBalancingScheme: "EXTERNAL",
        sourceIpRanges: [
            "34.121.88.0/24",
            "35.187.239.137",
        ],
    });
    const externalForwardingRule = new gcp.compute.ForwardingRule("external", {
        name: "external-forwarding-rule",
        region: "us-central1",
        ipAddress: basic.selfLink,
        backendService: external.selfLink,
        loadBalancingScheme: "EXTERNAL",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    basic = gcp.compute.Address("basic",
        name="website-ip",
        region="us-central1")
    external = gcp.compute.RegionBackendService("external",
        name="service-backend",
        region="us-central1",
        load_balancing_scheme="EXTERNAL")
    steering = gcp.compute.ForwardingRule("steering",
        name="steering-rule",
        region="us-central1",
        ip_address=basic.self_link,
        backend_service=external.self_link,
        load_balancing_scheme="EXTERNAL",
        source_ip_ranges=[
            "34.121.88.0/24",
            "35.187.239.137",
        ])
    external_forwarding_rule = gcp.compute.ForwardingRule("external",
        name="external-forwarding-rule",
        region="us-central1",
        ip_address=basic.self_link,
        backend_service=external.self_link,
        load_balancing_scheme="EXTERNAL")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		basic, err := compute.NewAddress(ctx, "basic", &compute.AddressArgs{
    			Name:   pulumi.String("website-ip"),
    			Region: pulumi.String("us-central1"),
    		})
    		if err != nil {
    			return err
    		}
    		external, err := compute.NewRegionBackendService(ctx, "external", &compute.RegionBackendServiceArgs{
    			Name:                pulumi.String("service-backend"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewForwardingRule(ctx, "steering", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("steering-rule"),
    			Region:              pulumi.String("us-central1"),
    			IpAddress:           basic.SelfLink,
    			BackendService:      external.SelfLink,
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    			SourceIpRanges: pulumi.StringArray{
    				pulumi.String("34.121.88.0/24"),
    				pulumi.String("35.187.239.137"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewForwardingRule(ctx, "external", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("external-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			IpAddress:           basic.SelfLink,
    			BackendService:      external.SelfLink,
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var basic = new Gcp.Compute.Address("basic", new()
        {
            Name = "website-ip",
            Region = "us-central1",
        });
    
        var external = new Gcp.Compute.RegionBackendService("external", new()
        {
            Name = "service-backend",
            Region = "us-central1",
            LoadBalancingScheme = "EXTERNAL",
        });
    
        var steering = new Gcp.Compute.ForwardingRule("steering", new()
        {
            Name = "steering-rule",
            Region = "us-central1",
            IpAddress = basic.SelfLink,
            BackendService = external.SelfLink,
            LoadBalancingScheme = "EXTERNAL",
            SourceIpRanges = new[]
            {
                "34.121.88.0/24",
                "35.187.239.137",
            },
        });
    
        var externalForwardingRule = new Gcp.Compute.ForwardingRule("external", new()
        {
            Name = "external-forwarding-rule",
            Region = "us-central1",
            IpAddress = basic.SelfLink,
            BackendService = external.SelfLink,
            LoadBalancingScheme = "EXTERNAL",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Address;
    import com.pulumi.gcp.compute.AddressArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var basic = new Address("basic", AddressArgs.builder()        
                .name("website-ip")
                .region("us-central1")
                .build());
    
            var external = new RegionBackendService("external", RegionBackendServiceArgs.builder()        
                .name("service-backend")
                .region("us-central1")
                .loadBalancingScheme("EXTERNAL")
                .build());
    
            var steering = new ForwardingRule("steering", ForwardingRuleArgs.builder()        
                .name("steering-rule")
                .region("us-central1")
                .ipAddress(basic.selfLink())
                .backendService(external.selfLink())
                .loadBalancingScheme("EXTERNAL")
                .sourceIpRanges(            
                    "34.121.88.0/24",
                    "35.187.239.137")
                .build());
    
            var externalForwardingRule = new ForwardingRule("externalForwardingRule", ForwardingRuleArgs.builder()        
                .name("external-forwarding-rule")
                .region("us-central1")
                .ipAddress(basic.selfLink())
                .backendService(external.selfLink())
                .loadBalancingScheme("EXTERNAL")
                .build());
    
        }
    }
    
    resources:
      steering:
        type: gcp:compute:ForwardingRule
        properties:
          name: steering-rule
          region: us-central1
          ipAddress: ${basic.selfLink}
          backendService: ${external.selfLink}
          loadBalancingScheme: EXTERNAL
          sourceIpRanges:
            - 34.121.88.0/24
            - 35.187.239.137
      basic:
        type: gcp:compute:Address
        properties:
          name: website-ip
          region: us-central1
      external:
        type: gcp:compute:RegionBackendService
        properties:
          name: service-backend
          region: us-central1
          loadBalancingScheme: EXTERNAL
      externalForwardingRule:
        type: gcp:compute:ForwardingRule
        name: external
        properties:
          name: external-forwarding-rule
          region: us-central1
          ipAddress: ${basic.selfLink}
          backendService: ${external.selfLink}
          loadBalancingScheme: EXTERNAL
    

    Forwarding Rule Internallb Ipv6

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const hc = new gcp.compute.HealthCheck("hc", {
        name: "check-ilb-ipv6-backend",
        checkIntervalSec: 1,
        timeoutSec: 1,
        tcpHealthCheck: {
            port: 80,
        },
    });
    const backend = new gcp.compute.RegionBackendService("backend", {
        name: "ilb-ipv6-backend",
        region: "us-central1",
        healthChecks: hc.id,
    });
    const defaultNetwork = new gcp.compute.Network("default", {
        name: "net-ipv6",
        autoCreateSubnetworks: false,
        enableUlaInternalIpv6: true,
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "subnet-internal-ipv6",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        stackType: "IPV4_IPV6",
        ipv6AccessType: "INTERNAL",
        network: defaultNetwork.id,
    });
    // Forwarding rule for Internal Load Balancing
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "ilb-ipv6-forwarding-rule",
        region: "us-central1",
        loadBalancingScheme: "INTERNAL",
        backendService: backend.id,
        allPorts: true,
        network: defaultNetwork.name,
        subnetwork: defaultSubnetwork.name,
        ipVersion: "IPV6",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    hc = gcp.compute.HealthCheck("hc",
        name="check-ilb-ipv6-backend",
        check_interval_sec=1,
        timeout_sec=1,
        tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
            port=80,
        ))
    backend = gcp.compute.RegionBackendService("backend",
        name="ilb-ipv6-backend",
        region="us-central1",
        health_checks=hc.id)
    default_network = gcp.compute.Network("default",
        name="net-ipv6",
        auto_create_subnetworks=False,
        enable_ula_internal_ipv6=True)
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="subnet-internal-ipv6",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        stack_type="IPV4_IPV6",
        ipv6_access_type="INTERNAL",
        network=default_network.id)
    # Forwarding rule for Internal Load Balancing
    default = gcp.compute.ForwardingRule("default",
        name="ilb-ipv6-forwarding-rule",
        region="us-central1",
        load_balancing_scheme="INTERNAL",
        backend_service=backend.id,
        all_ports=True,
        network=default_network.name,
        subnetwork=default_subnetwork.name,
        ip_version="IPV6")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		hc, err := compute.NewHealthCheck(ctx, "hc", &compute.HealthCheckArgs{
    			Name:             pulumi.String("check-ilb-ipv6-backend"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
    			Name:         pulumi.String("ilb-ipv6-backend"),
    			Region:       pulumi.String("us-central1"),
    			HealthChecks: hc.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("net-ipv6"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    			EnableUlaInternalIpv6: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:           pulumi.String("subnet-internal-ipv6"),
    			IpCidrRange:    pulumi.String("10.0.0.0/16"),
    			Region:         pulumi.String("us-central1"),
    			StackType:      pulumi.String("IPV4_IPV6"),
    			Ipv6AccessType: pulumi.String("INTERNAL"),
    			Network:        defaultNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for Internal Load Balancing
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("ilb-ipv6-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			BackendService:      backend.ID(),
    			AllPorts:            pulumi.Bool(true),
    			Network:             defaultNetwork.Name,
    			Subnetwork:          defaultSubnetwork.Name,
    			IpVersion:           pulumi.String("IPV6"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var hc = new Gcp.Compute.HealthCheck("hc", new()
        {
            Name = "check-ilb-ipv6-backend",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var backend = new Gcp.Compute.RegionBackendService("backend", new()
        {
            Name = "ilb-ipv6-backend",
            Region = "us-central1",
            HealthChecks = hc.Id,
        });
    
        var defaultNetwork = new Gcp.Compute.Network("default", new()
        {
            Name = "net-ipv6",
            AutoCreateSubnetworks = false,
            EnableUlaInternalIpv6 = true,
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "subnet-internal-ipv6",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            StackType = "IPV4_IPV6",
            Ipv6AccessType = "INTERNAL",
            Network = defaultNetwork.Id,
        });
    
        // Forwarding rule for Internal Load Balancing
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "ilb-ipv6-forwarding-rule",
            Region = "us-central1",
            LoadBalancingScheme = "INTERNAL",
            BackendService = backend.Id,
            AllPorts = true,
            Network = defaultNetwork.Name,
            Subnetwork = defaultSubnetwork.Name,
            IpVersion = "IPV6",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new HealthCheck("hc", HealthCheckArgs.builder()        
                .name("check-ilb-ipv6-backend")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()        
                .name("ilb-ipv6-backend")
                .region("us-central1")
                .healthChecks(hc.id())
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
                .name("net-ipv6")
                .autoCreateSubnetworks(false)
                .enableUlaInternalIpv6(true)
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
                .name("subnet-internal-ipv6")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .stackType("IPV4_IPV6")
                .ipv6AccessType("INTERNAL")
                .network(defaultNetwork.id())
                .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("ilb-ipv6-forwarding-rule")
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(backend.id())
                .allPorts(true)
                .network(defaultNetwork.name())
                .subnetwork(defaultSubnetwork.name())
                .ipVersion("IPV6")
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for Internal Load Balancing
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: ilb-ipv6-forwarding-rule
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${backend.id}
          allPorts: true
          network: ${defaultNetwork.name}
          subnetwork: ${defaultSubnetwork.name}
          ipVersion: IPV6
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          name: ilb-ipv6-backend
          region: us-central1
          healthChecks: ${hc.id}
      hc:
        type: gcp:compute:HealthCheck
        properties:
          name: check-ilb-ipv6-backend
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
      defaultNetwork:
        type: gcp:compute:Network
        name: default
        properties:
          name: net-ipv6
          autoCreateSubnetworks: false
          enableUlaInternalIpv6: true
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: subnet-internal-ipv6
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          stackType: IPV4_IPV6
          ipv6AccessType: INTERNAL
          network: ${defaultNetwork.id}
    

    Create ForwardingRule Resource

    new ForwardingRule(name: string, args?: ForwardingRuleArgs, opts?: CustomResourceOptions);
    @overload
    def ForwardingRule(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       all_ports: Optional[bool] = None,
                       allow_global_access: Optional[bool] = None,
                       allow_psc_global_access: Optional[bool] = None,
                       backend_service: Optional[str] = None,
                       description: Optional[str] = None,
                       ip_address: Optional[str] = None,
                       ip_protocol: Optional[str] = None,
                       ip_version: Optional[str] = None,
                       is_mirroring_collector: Optional[bool] = None,
                       labels: Optional[Mapping[str, str]] = None,
                       load_balancing_scheme: Optional[str] = None,
                       name: Optional[str] = None,
                       network: Optional[str] = None,
                       network_tier: Optional[str] = None,
                       no_automate_dns_zone: Optional[bool] = None,
                       port_range: Optional[str] = None,
                       ports: Optional[Sequence[str]] = None,
                       project: Optional[str] = None,
                       recreate_closed_psc: Optional[bool] = None,
                       region: Optional[str] = None,
                       service_directory_registrations: Optional[ForwardingRuleServiceDirectoryRegistrationsArgs] = None,
                       service_label: Optional[str] = None,
                       source_ip_ranges: Optional[Sequence[str]] = None,
                       subnetwork: Optional[str] = None,
                       target: Optional[str] = None)
    @overload
    def ForwardingRule(resource_name: str,
                       args: Optional[ForwardingRuleArgs] = None,
                       opts: Optional[ResourceOptions] = None)
    func NewForwardingRule(ctx *Context, name string, args *ForwardingRuleArgs, opts ...ResourceOption) (*ForwardingRule, error)
    public ForwardingRule(string name, ForwardingRuleArgs? args = null, CustomResourceOptions? opts = null)
    public ForwardingRule(String name, ForwardingRuleArgs args)
    public ForwardingRule(String name, ForwardingRuleArgs args, CustomResourceOptions options)
    
    type: gcp:compute:ForwardingRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    ForwardingRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ForwardingRule resource accepts the following input properties:

    AllPorts bool
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    AllowGlobalAccess bool
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    AllowPscGlobalAccess bool
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    BackendService string
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    Description string
    An optional description of this resource. Provide this property when you create the resource.
    IpAddress string

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    IpProtocol string
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    IpVersion string
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    IsMirroringCollector bool
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    Labels Dictionary<string, string>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    LoadBalancingScheme string
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    Name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    Network string
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    NetworkTier string
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    NoAutomateDnsZone bool
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    PortRange string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.
    Ports List<string>
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    RecreateClosedPsc bool
    This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed
    Region string
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    ServiceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrations
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    ServiceLabel string
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    SourceIpRanges List<string>
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    Subnetwork string
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    Target string

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    AllPorts bool
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    AllowGlobalAccess bool
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    AllowPscGlobalAccess bool
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    BackendService string
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    Description string
    An optional description of this resource. Provide this property when you create the resource.
    IpAddress string

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    IpProtocol string
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    IpVersion string
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    IsMirroringCollector bool
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    Labels map[string]string

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    LoadBalancingScheme string
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    Name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    Network string
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    NetworkTier string
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    NoAutomateDnsZone bool
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    PortRange string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.
    Ports []string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    RecreateClosedPsc bool
    This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed
    Region string
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    ServiceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrationsArgs
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    ServiceLabel string
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    SourceIpRanges []string
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    Subnetwork string
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    Target string

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    allPorts Boolean
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allowGlobalAccess Boolean
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allowPscGlobalAccess Boolean
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backendService String
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    description String
    An optional description of this resource. Provide this property when you create the resource.
    ipAddress String

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ipProtocol String
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ipVersion String
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    isMirroringCollector Boolean
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    labels Map<String,String>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    loadBalancingScheme String
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name String
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network String
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    networkTier String
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    noAutomateDnsZone Boolean
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    portRange String
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.
    ports List<String>
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    recreateClosedPsc Boolean
    This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed
    region String
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    serviceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrations
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    serviceLabel String
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    sourceIpRanges List<String>
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork String
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target String

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    allPorts boolean
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allowGlobalAccess boolean
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allowPscGlobalAccess boolean
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backendService string
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    description string
    An optional description of this resource. Provide this property when you create the resource.
    ipAddress string

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ipProtocol string
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ipVersion string
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    isMirroringCollector boolean
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    labels {[key: string]: string}

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    loadBalancingScheme string
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network string
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    networkTier string
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    noAutomateDnsZone boolean
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    portRange string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.
    ports string[]
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number.
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    recreateClosedPsc boolean
    This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed
    region string
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    serviceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrations
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    serviceLabel string
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    sourceIpRanges string[]
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork string
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target string

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    all_ports bool
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allow_global_access bool
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allow_psc_global_access bool
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backend_service str
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    description str
    An optional description of this resource. Provide this property when you create the resource.
    ip_address str

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ip_protocol str
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ip_version str
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    is_mirroring_collector bool
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    labels Mapping[str, str]

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    load_balancing_scheme str
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name str
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network str
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    network_tier str
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    no_automate_dns_zone bool
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    port_range str
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.
    ports Sequence[str]
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number.
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    recreate_closed_psc bool
    This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed
    region str
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    service_directory_registrations ForwardingRuleServiceDirectoryRegistrationsArgs
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    service_label str
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    source_ip_ranges Sequence[str]
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork str
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target str

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    allPorts Boolean
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allowGlobalAccess Boolean
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allowPscGlobalAccess Boolean
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backendService String
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    description String
    An optional description of this resource. Provide this property when you create the resource.
    ipAddress String

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ipProtocol String
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ipVersion String
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    isMirroringCollector Boolean
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    labels Map<String>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    loadBalancingScheme String
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name String
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network String
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    networkTier String
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    noAutomateDnsZone Boolean
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    portRange String
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.
    ports List<String>
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    recreateClosedPsc Boolean
    This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed
    region String
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    serviceDirectoryRegistrations Property Map
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    serviceLabel String
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    sourceIpRanges List<String>
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork String
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target String

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ForwardingRule resource produces the following output properties:

    BaseForwardingRule string
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    CreationTimestamp string
    Creation timestamp in RFC3339 text format.
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Id string
    The provider-assigned unique ID for this managed resource.
    LabelFingerprint string
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    PscConnectionId string
    The PSC connection id of the PSC Forwarding Rule.
    PscConnectionStatus string
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    SelfLink string
    The URI of the created resource.
    ServiceName string
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    BaseForwardingRule string
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    CreationTimestamp string
    Creation timestamp in RFC3339 text format.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    Id string
    The provider-assigned unique ID for this managed resource.
    LabelFingerprint string
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    PscConnectionId string
    The PSC connection id of the PSC Forwarding Rule.
    PscConnectionStatus string
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    SelfLink string
    The URI of the created resource.
    ServiceName string
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    baseForwardingRule String
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creationTimestamp String
    Creation timestamp in RFC3339 text format.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id String
    The provider-assigned unique ID for this managed resource.
    labelFingerprint String
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    pscConnectionId String
    The PSC connection id of the PSC Forwarding Rule.
    pscConnectionStatus String
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    selfLink String
    The URI of the created resource.
    serviceName String
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    baseForwardingRule string
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creationTimestamp string
    Creation timestamp in RFC3339 text format.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id string
    The provider-assigned unique ID for this managed resource.
    labelFingerprint string
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    pscConnectionId string
    The PSC connection id of the PSC Forwarding Rule.
    pscConnectionStatus string
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    selfLink string
    The URI of the created resource.
    serviceName string
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    base_forwarding_rule str
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creation_timestamp str
    Creation timestamp in RFC3339 text format.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id str
    The provider-assigned unique ID for this managed resource.
    label_fingerprint str
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    psc_connection_id str
    The PSC connection id of the PSC Forwarding Rule.
    psc_connection_status str
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    self_link str
    The URI of the created resource.
    service_name str
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    baseForwardingRule String
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creationTimestamp String
    Creation timestamp in RFC3339 text format.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    id String
    The provider-assigned unique ID for this managed resource.
    labelFingerprint String
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    pscConnectionId String
    The PSC connection id of the PSC Forwarding Rule.
    pscConnectionStatus String
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    selfLink String
    The URI of the created resource.
    serviceName String
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

    Look up Existing ForwardingRule Resource

    Get an existing ForwardingRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ForwardingRuleState, opts?: CustomResourceOptions): ForwardingRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            all_ports: Optional[bool] = None,
            allow_global_access: Optional[bool] = None,
            allow_psc_global_access: Optional[bool] = None,
            backend_service: Optional[str] = None,
            base_forwarding_rule: Optional[str] = None,
            creation_timestamp: Optional[str] = None,
            description: Optional[str] = None,
            effective_labels: Optional[Mapping[str, str]] = None,
            ip_address: Optional[str] = None,
            ip_protocol: Optional[str] = None,
            ip_version: Optional[str] = None,
            is_mirroring_collector: Optional[bool] = None,
            label_fingerprint: Optional[str] = None,
            labels: Optional[Mapping[str, str]] = None,
            load_balancing_scheme: Optional[str] = None,
            name: Optional[str] = None,
            network: Optional[str] = None,
            network_tier: Optional[str] = None,
            no_automate_dns_zone: Optional[bool] = None,
            port_range: Optional[str] = None,
            ports: Optional[Sequence[str]] = None,
            project: Optional[str] = None,
            psc_connection_id: Optional[str] = None,
            psc_connection_status: Optional[str] = None,
            pulumi_labels: Optional[Mapping[str, str]] = None,
            recreate_closed_psc: Optional[bool] = None,
            region: Optional[str] = None,
            self_link: Optional[str] = None,
            service_directory_registrations: Optional[ForwardingRuleServiceDirectoryRegistrationsArgs] = None,
            service_label: Optional[str] = None,
            service_name: Optional[str] = None,
            source_ip_ranges: Optional[Sequence[str]] = None,
            subnetwork: Optional[str] = None,
            target: Optional[str] = None) -> ForwardingRule
    func GetForwardingRule(ctx *Context, name string, id IDInput, state *ForwardingRuleState, opts ...ResourceOption) (*ForwardingRule, error)
    public static ForwardingRule Get(string name, Input<string> id, ForwardingRuleState? state, CustomResourceOptions? opts = null)
    public static ForwardingRule get(String name, Output<String> id, ForwardingRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllPorts bool
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    AllowGlobalAccess bool
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    AllowPscGlobalAccess bool
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    BackendService string
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    BaseForwardingRule string
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    CreationTimestamp string
    Creation timestamp in RFC3339 text format.
    Description string
    An optional description of this resource. Provide this property when you create the resource.
    EffectiveLabels Dictionary<string, string>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    IpAddress string

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    IpProtocol string
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    IpVersion string
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    IsMirroringCollector bool
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    LabelFingerprint string
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    Labels Dictionary<string, string>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    LoadBalancingScheme string
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    Name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    Network string
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    NetworkTier string
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    NoAutomateDnsZone bool
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    PortRange string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.
    Ports List<string>
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    PscConnectionId string
    The PSC connection id of the PSC Forwarding Rule.
    PscConnectionStatus string
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    PulumiLabels Dictionary<string, string>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    RecreateClosedPsc bool
    This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed
    Region string
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    SelfLink string
    The URI of the created resource.
    ServiceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrations
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    ServiceLabel string
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    ServiceName string
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    SourceIpRanges List<string>
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    Subnetwork string
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    Target string

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    AllPorts bool
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    AllowGlobalAccess bool
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    AllowPscGlobalAccess bool
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    BackendService string
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    BaseForwardingRule string
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    CreationTimestamp string
    Creation timestamp in RFC3339 text format.
    Description string
    An optional description of this resource. Provide this property when you create the resource.
    EffectiveLabels map[string]string
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    IpAddress string

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    IpProtocol string
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    IpVersion string
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    IsMirroringCollector bool
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    LabelFingerprint string
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    Labels map[string]string

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    LoadBalancingScheme string
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    Name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    Network string
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    NetworkTier string
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    NoAutomateDnsZone bool
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    PortRange string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.
    Ports []string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number.
    Project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    PscConnectionId string
    The PSC connection id of the PSC Forwarding Rule.
    PscConnectionStatus string
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    PulumiLabels map[string]string
    The combination of labels configured directly on the resource and default labels configured on the provider.
    RecreateClosedPsc bool
    This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed
    Region string
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    SelfLink string
    The URI of the created resource.
    ServiceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrationsArgs
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    ServiceLabel string
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    ServiceName string
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    SourceIpRanges []string
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    Subnetwork string
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    Target string

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    allPorts Boolean
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allowGlobalAccess Boolean
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allowPscGlobalAccess Boolean
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backendService String
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    baseForwardingRule String
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creationTimestamp String
    Creation timestamp in RFC3339 text format.
    description String
    An optional description of this resource. Provide this property when you create the resource.
    effectiveLabels Map<String,String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ipAddress String

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ipProtocol String
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ipVersion String
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    isMirroringCollector Boolean
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    labelFingerprint String
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    labels Map<String,String>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    loadBalancingScheme String
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name String
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network String
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    networkTier String
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    noAutomateDnsZone Boolean
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    portRange String
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.
    ports List<String>
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pscConnectionId String
    The PSC connection id of the PSC Forwarding Rule.
    pscConnectionStatus String
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumiLabels Map<String,String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    recreateClosedPsc Boolean
    This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed
    region String
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    selfLink String
    The URI of the created resource.
    serviceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrations
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    serviceLabel String
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    serviceName String
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    sourceIpRanges List<String>
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork String
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target String

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    allPorts boolean
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allowGlobalAccess boolean
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allowPscGlobalAccess boolean
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backendService string
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    baseForwardingRule string
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creationTimestamp string
    Creation timestamp in RFC3339 text format.
    description string
    An optional description of this resource. Provide this property when you create the resource.
    effectiveLabels {[key: string]: string}
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ipAddress string

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ipProtocol string
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ipVersion string
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    isMirroringCollector boolean
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    labelFingerprint string
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    labels {[key: string]: string}

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    loadBalancingScheme string
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name string
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network string
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    networkTier string
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    noAutomateDnsZone boolean
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    portRange string
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.
    ports string[]
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number.
    project string
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pscConnectionId string
    The PSC connection id of the PSC Forwarding Rule.
    pscConnectionStatus string
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumiLabels {[key: string]: string}
    The combination of labels configured directly on the resource and default labels configured on the provider.
    recreateClosedPsc boolean
    This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed
    region string
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    selfLink string
    The URI of the created resource.
    serviceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrations
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    serviceLabel string
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    serviceName string
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    sourceIpRanges string[]
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork string
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target string

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    all_ports bool
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allow_global_access bool
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allow_psc_global_access bool
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backend_service str
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    base_forwarding_rule str
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creation_timestamp str
    Creation timestamp in RFC3339 text format.
    description str
    An optional description of this resource. Provide this property when you create the resource.
    effective_labels Mapping[str, str]
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ip_address str

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ip_protocol str
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ip_version str
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    is_mirroring_collector bool
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    label_fingerprint str
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    labels Mapping[str, str]

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    load_balancing_scheme str
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name str
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network str
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    network_tier str
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    no_automate_dns_zone bool
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    port_range str
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.
    ports Sequence[str]
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number.
    project str
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    psc_connection_id str
    The PSC connection id of the PSC Forwarding Rule.
    psc_connection_status str
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumi_labels Mapping[str, str]
    The combination of labels configured directly on the resource and default labels configured on the provider.
    recreate_closed_psc bool
    This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed
    region str
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    self_link str
    The URI of the created resource.
    service_directory_registrations ForwardingRuleServiceDirectoryRegistrationsArgs
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    service_label str
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    service_name str
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    source_ip_ranges Sequence[str]
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork str
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target str

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    allPorts Boolean
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT.
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding.
    • Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true.
    allowGlobalAccess Boolean
    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.
    allowPscGlobalAccess Boolean
    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
    backendService String
    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
    baseForwardingRule String
    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
    creationTimestamp String
    Creation timestamp in RFC3339 text format.
    description String
    An optional description of this resource. Provide this property when you create the resource.
    effectiveLabels Map<String>
    All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services.
    ipAddress String

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ipProtocol String
    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.
    ipVersion String
    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.
    isMirroringCollector Boolean
    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.
    labelFingerprint String
    The fingerprint used for optimistic locking of this resource. Used internally during updates.
    labels Map<String>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    Note: This field is non-authoritative, and will only manage the labels present in your configuration. Please refer to the field effective_labels for all of the labels present on the resource.

    loadBalancingScheme String
    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.
    name String
    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network String
    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
    networkTier String
    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.
    noAutomateDnsZone Boolean
    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.
    portRange String
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN.
    • Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.
    ports List<String>
    The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations:

    • It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and
    • It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding.
    • You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number.
    project String
    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
    pscConnectionId String
    The PSC connection id of the PSC Forwarding Rule.
    pscConnectionStatus String
    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED
    pulumiLabels Map<String>
    The combination of labels configured directly on the resource and default labels configured on the provider.
    recreateClosedPsc Boolean
    This is used in PSC consumer ForwardingRule to make terraform recreate the ForwardingRule when the status is closed
    region String
    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
    selfLink String
    The URI of the created resource.
    serviceDirectoryRegistrations Property Map
    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
    serviceLabel String
    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.
    serviceName String
    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
    sourceIpRanges List<String>
    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
    subnetwork String
    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
    target String

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    Supporting Types

    ForwardingRuleServiceDirectoryRegistrations, ForwardingRuleServiceDirectoryRegistrationsArgs

    Namespace string
    Service Directory namespace to register the forwarding rule under.
    Service string
    Service Directory service to register the forwarding rule under.
    Namespace string
    Service Directory namespace to register the forwarding rule under.
    Service string
    Service Directory service to register the forwarding rule under.
    namespace String
    Service Directory namespace to register the forwarding rule under.
    service String
    Service Directory service to register the forwarding rule under.
    namespace string
    Service Directory namespace to register the forwarding rule under.
    service string
    Service Directory service to register the forwarding rule under.
    namespace str
    Service Directory namespace to register the forwarding rule under.
    service str
    Service Directory service to register the forwarding rule under.
    namespace String
    Service Directory namespace to register the forwarding rule under.
    service String
    Service Directory service to register the forwarding rule under.

    Import

    ForwardingRule can be imported using any of these accepted formats:

    • projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}

    • {{project}}/{{region}}/{{name}}

    • {{region}}/{{name}}

    • {{name}}

    When using the pulumi import command, ForwardingRule can be imported using one of the formats above. For example:

    $ pulumi import gcp:compute/forwardingRule:ForwardingRule default projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}
    
    $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{project}}/{{region}}/{{name}}
    
    $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{region}}/{{name}}
    
    $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{name}}
    

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v7.16.0 published on Wednesday, Mar 27, 2024 by Pulumi