The gcp:memorystore/instance:Instance resource, part of the Pulumi GCP provider, defines a Memorystore for Valkey instance: its network placement, capacity (shards and replicas), persistence strategy, and optional cross-region replication. This guide focuses on four capabilities: network connectivity via Private Service Connect, high availability with replicas and zone distribution, persistence modes (RDB snapshots and AOF), and cross-region replication with custom TLS certificates.
Memorystore instances require VPC networks with Service Connection Policies for Private Service Connect, and may reference KMS keys or Certificate Authority pools. The examples are intentionally small. Combine them with your own VPC infrastructure, security policies, and monitoring.
Create a basic instance with network connectivity
Most deployments start with a minimal configuration that establishes network connectivity and basic operational parameters.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const producerNet = new gcp.compute.Network("producer_net", {
name: "my-network",
autoCreateSubnetworks: false,
});
const producerSubnet = new gcp.compute.Subnetwork("producer_subnet", {
name: "my-subnet",
ipCidrRange: "10.0.0.248/29",
region: "us-central1",
network: producerNet.id,
});
const _default = new gcp.networkconnectivity.ServiceConnectionPolicy("default", {
name: "my-policy",
location: "us-central1",
serviceClass: "gcp-memorystore",
description: "my basic service connection policy",
network: producerNet.id,
pscConfig: {
subnetworks: [producerSubnet.id],
},
});
const project = gcp.organizations.getProject({});
const instance_basic = new gcp.memorystore.Instance("instance-basic", {
instanceId: "basic-instance",
shardCount: 1,
desiredAutoCreatedEndpoints: [{
network: producerNet.id,
projectId: project.then(project => project.projectId),
}],
location: "us-central1",
deletionProtectionEnabled: false,
maintenancePolicy: {
weeklyMaintenanceWindows: [{
day: "MONDAY",
startTime: {
hours: 1,
minutes: 0,
seconds: 0,
nanos: 0,
},
}],
},
}, {
dependsOn: [_default],
});
import pulumi
import pulumi_gcp as gcp
producer_net = gcp.compute.Network("producer_net",
name="my-network",
auto_create_subnetworks=False)
producer_subnet = gcp.compute.Subnetwork("producer_subnet",
name="my-subnet",
ip_cidr_range="10.0.0.248/29",
region="us-central1",
network=producer_net.id)
default = gcp.networkconnectivity.ServiceConnectionPolicy("default",
name="my-policy",
location="us-central1",
service_class="gcp-memorystore",
description="my basic service connection policy",
network=producer_net.id,
psc_config={
"subnetworks": [producer_subnet.id],
})
project = gcp.organizations.get_project()
instance_basic = gcp.memorystore.Instance("instance-basic",
instance_id="basic-instance",
shard_count=1,
desired_auto_created_endpoints=[{
"network": producer_net.id,
"project_id": project.project_id,
}],
location="us-central1",
deletion_protection_enabled=False,
maintenance_policy={
"weekly_maintenance_windows": [{
"day": "MONDAY",
"start_time": {
"hours": 1,
"minutes": 0,
"seconds": 0,
"nanos": 0,
},
}],
},
opts = pulumi.ResourceOptions(depends_on=[default]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/memorystore"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/networkconnectivity"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
producerNet, err := compute.NewNetwork(ctx, "producer_net", &compute.NetworkArgs{
Name: pulumi.String("my-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
producerSubnet, err := compute.NewSubnetwork(ctx, "producer_subnet", &compute.SubnetworkArgs{
Name: pulumi.String("my-subnet"),
IpCidrRange: pulumi.String("10.0.0.248/29"),
Region: pulumi.String("us-central1"),
Network: producerNet.ID(),
})
if err != nil {
return err
}
_default, err := networkconnectivity.NewServiceConnectionPolicy(ctx, "default", &networkconnectivity.ServiceConnectionPolicyArgs{
Name: pulumi.String("my-policy"),
Location: pulumi.String("us-central1"),
ServiceClass: pulumi.String("gcp-memorystore"),
Description: pulumi.String("my basic service connection policy"),
Network: producerNet.ID(),
PscConfig: &networkconnectivity.ServiceConnectionPolicyPscConfigArgs{
Subnetworks: pulumi.StringArray{
producerSubnet.ID(),
},
},
})
if err != nil {
return err
}
project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
_, err = memorystore.NewInstance(ctx, "instance-basic", &memorystore.InstanceArgs{
InstanceId: pulumi.String("basic-instance"),
ShardCount: pulumi.Int(1),
DesiredAutoCreatedEndpoints: memorystore.InstanceDesiredAutoCreatedEndpointArray{
&memorystore.InstanceDesiredAutoCreatedEndpointArgs{
Network: producerNet.ID(),
ProjectId: pulumi.String(project.ProjectId),
},
},
Location: pulumi.String("us-central1"),
DeletionProtectionEnabled: pulumi.Bool(false),
MaintenancePolicy: &memorystore.InstanceMaintenancePolicyArgs{
WeeklyMaintenanceWindows: memorystore.InstanceMaintenancePolicyWeeklyMaintenanceWindowArray{
&memorystore.InstanceMaintenancePolicyWeeklyMaintenanceWindowArgs{
Day: pulumi.String("MONDAY"),
StartTime: &memorystore.InstanceMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs{
Hours: pulumi.Int(1),
Minutes: pulumi.Int(0),
Seconds: pulumi.Int(0),
Nanos: pulumi.Int(0),
},
},
},
},
}, pulumi.DependsOn([]pulumi.Resource{
_default,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var producerNet = new Gcp.Compute.Network("producer_net", new()
{
Name = "my-network",
AutoCreateSubnetworks = false,
});
var producerSubnet = new Gcp.Compute.Subnetwork("producer_subnet", new()
{
Name = "my-subnet",
IpCidrRange = "10.0.0.248/29",
Region = "us-central1",
Network = producerNet.Id,
});
var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy("default", new()
{
Name = "my-policy",
Location = "us-central1",
ServiceClass = "gcp-memorystore",
Description = "my basic service connection policy",
Network = producerNet.Id,
PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs
{
Subnetworks = new[]
{
producerSubnet.Id,
},
},
});
var project = Gcp.Organizations.GetProject.Invoke();
var instance_basic = new Gcp.MemoryStore.Instance("instance-basic", new()
{
InstanceId = "basic-instance",
ShardCount = 1,
DesiredAutoCreatedEndpoints = new[]
{
new Gcp.MemoryStore.Inputs.InstanceDesiredAutoCreatedEndpointArgs
{
Network = producerNet.Id,
ProjectId = project.Apply(getProjectResult => getProjectResult.ProjectId),
},
},
Location = "us-central1",
DeletionProtectionEnabled = false,
MaintenancePolicy = new Gcp.MemoryStore.Inputs.InstanceMaintenancePolicyArgs
{
WeeklyMaintenanceWindows = new[]
{
new Gcp.MemoryStore.Inputs.InstanceMaintenancePolicyWeeklyMaintenanceWindowArgs
{
Day = "MONDAY",
StartTime = new Gcp.MemoryStore.Inputs.InstanceMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs
{
Hours = 1,
Minutes = 0,
Seconds = 0,
Nanos = 0,
},
},
},
},
}, new CustomResourceOptions
{
DependsOn =
{
@default,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;
import com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;
import com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.memorystore.Instance;
import com.pulumi.gcp.memorystore.InstanceArgs;
import com.pulumi.gcp.memorystore.inputs.InstanceDesiredAutoCreatedEndpointArgs;
import com.pulumi.gcp.memorystore.inputs.InstanceMaintenancePolicyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var producerNet = new Network("producerNet", NetworkArgs.builder()
.name("my-network")
.autoCreateSubnetworks(false)
.build());
var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder()
.name("my-subnet")
.ipCidrRange("10.0.0.248/29")
.region("us-central1")
.network(producerNet.id())
.build());
var default_ = new ServiceConnectionPolicy("default", ServiceConnectionPolicyArgs.builder()
.name("my-policy")
.location("us-central1")
.serviceClass("gcp-memorystore")
.description("my basic service connection policy")
.network(producerNet.id())
.pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()
.subnetworks(producerSubnet.id())
.build())
.build());
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
var instance_basic = new Instance("instance-basic", InstanceArgs.builder()
.instanceId("basic-instance")
.shardCount(1)
.desiredAutoCreatedEndpoints(InstanceDesiredAutoCreatedEndpointArgs.builder()
.network(producerNet.id())
.projectId(project.projectId())
.build())
.location("us-central1")
.deletionProtectionEnabled(false)
.maintenancePolicy(InstanceMaintenancePolicyArgs.builder()
.weeklyMaintenanceWindows(InstanceMaintenancePolicyWeeklyMaintenanceWindowArgs.builder()
.day("MONDAY")
.startTime(InstanceMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs.builder()
.hours(1)
.minutes(0)
.seconds(0)
.nanos(0)
.build())
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(default_)
.build());
}
}
resources:
instance-basic:
type: gcp:memorystore:Instance
properties:
instanceId: basic-instance
shardCount: 1
desiredAutoCreatedEndpoints:
- network: ${producerNet.id}
projectId: ${project.projectId}
location: us-central1
deletionProtectionEnabled: false
maintenancePolicy:
weeklyMaintenanceWindows:
- day: MONDAY
startTime:
hours: 1
minutes: 0
seconds: 0
nanos: 0
options:
dependsOn:
- ${default}
default:
type: gcp:networkconnectivity:ServiceConnectionPolicy
properties:
name: my-policy
location: us-central1
serviceClass: gcp-memorystore
description: my basic service connection policy
network: ${producerNet.id}
pscConfig:
subnetworks:
- ${producerSubnet.id}
producerSubnet:
type: gcp:compute:Subnetwork
name: producer_subnet
properties:
name: my-subnet
ipCidrRange: 10.0.0.248/29
region: us-central1
network: ${producerNet.id}
producerNet:
type: gcp:compute:Network
name: producer_net
properties:
name: my-network
autoCreateSubnetworks: false
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
The desiredAutoCreatedEndpoints property creates Private Service Connect endpoints in your VPC network, enabling applications to connect to the instance. The ServiceConnectionPolicy resource must exist first to authorize Memorystore to create endpoints in your network. The maintenancePolicy defines when Google can perform updates, with weeklyMaintenanceWindows specifying day and time.
Configure instance with replicas and persistence
Production deployments add replicas for high availability and configure persistence for data durability.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const producerNet = new gcp.compute.Network("producer_net", {
name: "my-network",
autoCreateSubnetworks: false,
});
const producerSubnet = new gcp.compute.Subnetwork("producer_subnet", {
name: "my-subnet",
ipCidrRange: "10.0.0.248/29",
region: "us-central1",
network: producerNet.id,
});
const _default = new gcp.networkconnectivity.ServiceConnectionPolicy("default", {
name: "my-policy",
location: "us-central1",
serviceClass: "gcp-memorystore",
description: "my basic service connection policy",
network: producerNet.id,
pscConfig: {
subnetworks: [producerSubnet.id],
},
});
const project = gcp.organizations.getProject({});
const instance_full = new gcp.memorystore.Instance("instance-full", {
instanceId: "full-instance",
shardCount: 1,
desiredAutoCreatedEndpoints: [{
network: producerNet.id,
projectId: project.then(project => project.projectId),
}],
location: "us-central1",
replicaCount: 1,
nodeType: "SHARED_CORE_NANO",
transitEncryptionMode: "TRANSIT_ENCRYPTION_DISABLED",
authorizationMode: "AUTH_DISABLED",
kmsKey: "my-key",
engineConfigs: {
"maxmemory-policy": "volatile-ttl",
},
zoneDistributionConfig: {
mode: "SINGLE_ZONE",
zone: "us-central1-b",
},
maintenancePolicy: {
weeklyMaintenanceWindows: [{
day: "MONDAY",
startTime: {
hours: 1,
minutes: 0,
seconds: 0,
nanos: 0,
},
}],
},
engineVersion: "VALKEY_7_2",
deletionProtectionEnabled: false,
mode: "CLUSTER",
persistenceConfig: {
mode: "RDB",
rdbConfig: {
rdbSnapshotPeriod: "ONE_HOUR",
rdbSnapshotStartTime: "2024-10-02T15:01:23Z",
},
},
labels: {
abc: "xyz",
},
}, {
dependsOn: [_default],
});
import pulumi
import pulumi_gcp as gcp
producer_net = gcp.compute.Network("producer_net",
name="my-network",
auto_create_subnetworks=False)
producer_subnet = gcp.compute.Subnetwork("producer_subnet",
name="my-subnet",
ip_cidr_range="10.0.0.248/29",
region="us-central1",
network=producer_net.id)
default = gcp.networkconnectivity.ServiceConnectionPolicy("default",
name="my-policy",
location="us-central1",
service_class="gcp-memorystore",
description="my basic service connection policy",
network=producer_net.id,
psc_config={
"subnetworks": [producer_subnet.id],
})
project = gcp.organizations.get_project()
instance_full = gcp.memorystore.Instance("instance-full",
instance_id="full-instance",
shard_count=1,
desired_auto_created_endpoints=[{
"network": producer_net.id,
"project_id": project.project_id,
}],
location="us-central1",
replica_count=1,
node_type="SHARED_CORE_NANO",
transit_encryption_mode="TRANSIT_ENCRYPTION_DISABLED",
authorization_mode="AUTH_DISABLED",
kms_key="my-key",
engine_configs={
"maxmemory-policy": "volatile-ttl",
},
zone_distribution_config={
"mode": "SINGLE_ZONE",
"zone": "us-central1-b",
},
maintenance_policy={
"weekly_maintenance_windows": [{
"day": "MONDAY",
"start_time": {
"hours": 1,
"minutes": 0,
"seconds": 0,
"nanos": 0,
},
}],
},
engine_version="VALKEY_7_2",
deletion_protection_enabled=False,
mode="CLUSTER",
persistence_config={
"mode": "RDB",
"rdb_config": {
"rdb_snapshot_period": "ONE_HOUR",
"rdb_snapshot_start_time": "2024-10-02T15:01:23Z",
},
},
labels={
"abc": "xyz",
},
opts = pulumi.ResourceOptions(depends_on=[default]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/memorystore"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/networkconnectivity"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
producerNet, err := compute.NewNetwork(ctx, "producer_net", &compute.NetworkArgs{
Name: pulumi.String("my-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
producerSubnet, err := compute.NewSubnetwork(ctx, "producer_subnet", &compute.SubnetworkArgs{
Name: pulumi.String("my-subnet"),
IpCidrRange: pulumi.String("10.0.0.248/29"),
Region: pulumi.String("us-central1"),
Network: producerNet.ID(),
})
if err != nil {
return err
}
_default, err := networkconnectivity.NewServiceConnectionPolicy(ctx, "default", &networkconnectivity.ServiceConnectionPolicyArgs{
Name: pulumi.String("my-policy"),
Location: pulumi.String("us-central1"),
ServiceClass: pulumi.String("gcp-memorystore"),
Description: pulumi.String("my basic service connection policy"),
Network: producerNet.ID(),
PscConfig: &networkconnectivity.ServiceConnectionPolicyPscConfigArgs{
Subnetworks: pulumi.StringArray{
producerSubnet.ID(),
},
},
})
if err != nil {
return err
}
project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
_, err = memorystore.NewInstance(ctx, "instance-full", &memorystore.InstanceArgs{
InstanceId: pulumi.String("full-instance"),
ShardCount: pulumi.Int(1),
DesiredAutoCreatedEndpoints: memorystore.InstanceDesiredAutoCreatedEndpointArray{
&memorystore.InstanceDesiredAutoCreatedEndpointArgs{
Network: producerNet.ID(),
ProjectId: pulumi.String(project.ProjectId),
},
},
Location: pulumi.String("us-central1"),
ReplicaCount: pulumi.Int(1),
NodeType: pulumi.String("SHARED_CORE_NANO"),
TransitEncryptionMode: pulumi.String("TRANSIT_ENCRYPTION_DISABLED"),
AuthorizationMode: pulumi.String("AUTH_DISABLED"),
KmsKey: pulumi.String("my-key"),
EngineConfigs: pulumi.StringMap{
"maxmemory-policy": pulumi.String("volatile-ttl"),
},
ZoneDistributionConfig: &memorystore.InstanceZoneDistributionConfigArgs{
Mode: pulumi.String("SINGLE_ZONE"),
Zone: pulumi.String("us-central1-b"),
},
MaintenancePolicy: &memorystore.InstanceMaintenancePolicyArgs{
WeeklyMaintenanceWindows: memorystore.InstanceMaintenancePolicyWeeklyMaintenanceWindowArray{
&memorystore.InstanceMaintenancePolicyWeeklyMaintenanceWindowArgs{
Day: pulumi.String("MONDAY"),
StartTime: &memorystore.InstanceMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs{
Hours: pulumi.Int(1),
Minutes: pulumi.Int(0),
Seconds: pulumi.Int(0),
Nanos: pulumi.Int(0),
},
},
},
},
EngineVersion: pulumi.String("VALKEY_7_2"),
DeletionProtectionEnabled: pulumi.Bool(false),
Mode: pulumi.String("CLUSTER"),
PersistenceConfig: &memorystore.InstancePersistenceConfigArgs{
Mode: pulumi.String("RDB"),
RdbConfig: &memorystore.InstancePersistenceConfigRdbConfigArgs{
RdbSnapshotPeriod: pulumi.String("ONE_HOUR"),
RdbSnapshotStartTime: pulumi.String("2024-10-02T15:01:23Z"),
},
},
Labels: pulumi.StringMap{
"abc": pulumi.String("xyz"),
},
}, pulumi.DependsOn([]pulumi.Resource{
_default,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var producerNet = new Gcp.Compute.Network("producer_net", new()
{
Name = "my-network",
AutoCreateSubnetworks = false,
});
var producerSubnet = new Gcp.Compute.Subnetwork("producer_subnet", new()
{
Name = "my-subnet",
IpCidrRange = "10.0.0.248/29",
Region = "us-central1",
Network = producerNet.Id,
});
var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy("default", new()
{
Name = "my-policy",
Location = "us-central1",
ServiceClass = "gcp-memorystore",
Description = "my basic service connection policy",
Network = producerNet.Id,
PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs
{
Subnetworks = new[]
{
producerSubnet.Id,
},
},
});
var project = Gcp.Organizations.GetProject.Invoke();
var instance_full = new Gcp.MemoryStore.Instance("instance-full", new()
{
InstanceId = "full-instance",
ShardCount = 1,
DesiredAutoCreatedEndpoints = new[]
{
new Gcp.MemoryStore.Inputs.InstanceDesiredAutoCreatedEndpointArgs
{
Network = producerNet.Id,
ProjectId = project.Apply(getProjectResult => getProjectResult.ProjectId),
},
},
Location = "us-central1",
ReplicaCount = 1,
NodeType = "SHARED_CORE_NANO",
TransitEncryptionMode = "TRANSIT_ENCRYPTION_DISABLED",
AuthorizationMode = "AUTH_DISABLED",
KmsKey = "my-key",
EngineConfigs =
{
{ "maxmemory-policy", "volatile-ttl" },
},
ZoneDistributionConfig = new Gcp.MemoryStore.Inputs.InstanceZoneDistributionConfigArgs
{
Mode = "SINGLE_ZONE",
Zone = "us-central1-b",
},
MaintenancePolicy = new Gcp.MemoryStore.Inputs.InstanceMaintenancePolicyArgs
{
WeeklyMaintenanceWindows = new[]
{
new Gcp.MemoryStore.Inputs.InstanceMaintenancePolicyWeeklyMaintenanceWindowArgs
{
Day = "MONDAY",
StartTime = new Gcp.MemoryStore.Inputs.InstanceMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs
{
Hours = 1,
Minutes = 0,
Seconds = 0,
Nanos = 0,
},
},
},
},
EngineVersion = "VALKEY_7_2",
DeletionProtectionEnabled = false,
Mode = "CLUSTER",
PersistenceConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigArgs
{
Mode = "RDB",
RdbConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigRdbConfigArgs
{
RdbSnapshotPeriod = "ONE_HOUR",
RdbSnapshotStartTime = "2024-10-02T15:01:23Z",
},
},
Labels =
{
{ "abc", "xyz" },
},
}, new CustomResourceOptions
{
DependsOn =
{
@default,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;
import com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;
import com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.memorystore.Instance;
import com.pulumi.gcp.memorystore.InstanceArgs;
import com.pulumi.gcp.memorystore.inputs.InstanceDesiredAutoCreatedEndpointArgs;
import com.pulumi.gcp.memorystore.inputs.InstanceZoneDistributionConfigArgs;
import com.pulumi.gcp.memorystore.inputs.InstanceMaintenancePolicyArgs;
import com.pulumi.gcp.memorystore.inputs.InstancePersistenceConfigArgs;
import com.pulumi.gcp.memorystore.inputs.InstancePersistenceConfigRdbConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var producerNet = new Network("producerNet", NetworkArgs.builder()
.name("my-network")
.autoCreateSubnetworks(false)
.build());
var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder()
.name("my-subnet")
.ipCidrRange("10.0.0.248/29")
.region("us-central1")
.network(producerNet.id())
.build());
var default_ = new ServiceConnectionPolicy("default", ServiceConnectionPolicyArgs.builder()
.name("my-policy")
.location("us-central1")
.serviceClass("gcp-memorystore")
.description("my basic service connection policy")
.network(producerNet.id())
.pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()
.subnetworks(producerSubnet.id())
.build())
.build());
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
var instance_full = new Instance("instance-full", InstanceArgs.builder()
.instanceId("full-instance")
.shardCount(1)
.desiredAutoCreatedEndpoints(InstanceDesiredAutoCreatedEndpointArgs.builder()
.network(producerNet.id())
.projectId(project.projectId())
.build())
.location("us-central1")
.replicaCount(1)
.nodeType("SHARED_CORE_NANO")
.transitEncryptionMode("TRANSIT_ENCRYPTION_DISABLED")
.authorizationMode("AUTH_DISABLED")
.kmsKey("my-key")
.engineConfigs(Map.of("maxmemory-policy", "volatile-ttl"))
.zoneDistributionConfig(InstanceZoneDistributionConfigArgs.builder()
.mode("SINGLE_ZONE")
.zone("us-central1-b")
.build())
.maintenancePolicy(InstanceMaintenancePolicyArgs.builder()
.weeklyMaintenanceWindows(InstanceMaintenancePolicyWeeklyMaintenanceWindowArgs.builder()
.day("MONDAY")
.startTime(InstanceMaintenancePolicyWeeklyMaintenanceWindowStartTimeArgs.builder()
.hours(1)
.minutes(0)
.seconds(0)
.nanos(0)
.build())
.build())
.build())
.engineVersion("VALKEY_7_2")
.deletionProtectionEnabled(false)
.mode("CLUSTER")
.persistenceConfig(InstancePersistenceConfigArgs.builder()
.mode("RDB")
.rdbConfig(InstancePersistenceConfigRdbConfigArgs.builder()
.rdbSnapshotPeriod("ONE_HOUR")
.rdbSnapshotStartTime("2024-10-02T15:01:23Z")
.build())
.build())
.labels(Map.of("abc", "xyz"))
.build(), CustomResourceOptions.builder()
.dependsOn(default_)
.build());
}
}
resources:
instance-full:
type: gcp:memorystore:Instance
properties:
instanceId: full-instance
shardCount: 1
desiredAutoCreatedEndpoints:
- network: ${producerNet.id}
projectId: ${project.projectId}
location: us-central1
replicaCount: 1
nodeType: SHARED_CORE_NANO
transitEncryptionMode: TRANSIT_ENCRYPTION_DISABLED
authorizationMode: AUTH_DISABLED
kmsKey: my-key
engineConfigs:
maxmemory-policy: volatile-ttl
zoneDistributionConfig:
mode: SINGLE_ZONE
zone: us-central1-b
maintenancePolicy:
weeklyMaintenanceWindows:
- day: MONDAY
startTime:
hours: 1
minutes: 0
seconds: 0
nanos: 0
engineVersion: VALKEY_7_2
deletionProtectionEnabled: false
mode: CLUSTER
persistenceConfig:
mode: RDB
rdbConfig:
rdbSnapshotPeriod: ONE_HOUR
rdbSnapshotStartTime: 2024-10-02T15:01:23Z
labels:
abc: xyz
options:
dependsOn:
- ${default}
default:
type: gcp:networkconnectivity:ServiceConnectionPolicy
properties:
name: my-policy
location: us-central1
serviceClass: gcp-memorystore
description: my basic service connection policy
network: ${producerNet.id}
pscConfig:
subnetworks:
- ${producerSubnet.id}
producerSubnet:
type: gcp:compute:Subnetwork
name: producer_subnet
properties:
name: my-subnet
ipCidrRange: 10.0.0.248/29
region: us-central1
network: ${producerNet.id}
producerNet:
type: gcp:compute:Network
name: producer_net
properties:
name: my-network
autoCreateSubnetworks: false
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
The replicaCount property adds read replicas to each shard, providing failover capability. The persistenceConfig enables RDB snapshots at regular intervals (rdbSnapshotPeriod), writing point-in-time backups. The zoneDistributionConfig controls whether instances spread across zones (MULTI_ZONE) or stay in one (SINGLE_ZONE). The engineConfigs property passes Valkey configuration parameters like maxmemory-policy directly to the engine.
Enable append-only file persistence
Applications requiring stronger durability can use AOF persistence instead of RDB snapshots.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const producerNet = new gcp.compute.Network("producer_net", {
name: "my-network",
autoCreateSubnetworks: false,
});
const producerSubnet = new gcp.compute.Subnetwork("producer_subnet", {
name: "my-subnet",
ipCidrRange: "10.0.0.248/29",
region: "us-central1",
network: producerNet.id,
});
const _default = new gcp.networkconnectivity.ServiceConnectionPolicy("default", {
name: "my-policy",
location: "us-central1",
serviceClass: "gcp-memorystore",
description: "my basic service connection policy",
network: producerNet.id,
pscConfig: {
subnetworks: [producerSubnet.id],
},
});
const project = gcp.organizations.getProject({});
const instance_persistence_aof = new gcp.memorystore.Instance("instance-persistence-aof", {
instanceId: "aof-instance",
shardCount: 1,
desiredAutoCreatedEndpoints: [{
network: producerNet.id,
projectId: project.then(project => project.projectId),
}],
location: "us-central1",
persistenceConfig: {
mode: "AOF",
aofConfig: {
appendFsync: "EVERY_SEC",
},
},
deletionProtectionEnabled: false,
}, {
dependsOn: [_default],
});
import pulumi
import pulumi_gcp as gcp
producer_net = gcp.compute.Network("producer_net",
name="my-network",
auto_create_subnetworks=False)
producer_subnet = gcp.compute.Subnetwork("producer_subnet",
name="my-subnet",
ip_cidr_range="10.0.0.248/29",
region="us-central1",
network=producer_net.id)
default = gcp.networkconnectivity.ServiceConnectionPolicy("default",
name="my-policy",
location="us-central1",
service_class="gcp-memorystore",
description="my basic service connection policy",
network=producer_net.id,
psc_config={
"subnetworks": [producer_subnet.id],
})
project = gcp.organizations.get_project()
instance_persistence_aof = gcp.memorystore.Instance("instance-persistence-aof",
instance_id="aof-instance",
shard_count=1,
desired_auto_created_endpoints=[{
"network": producer_net.id,
"project_id": project.project_id,
}],
location="us-central1",
persistence_config={
"mode": "AOF",
"aof_config": {
"append_fsync": "EVERY_SEC",
},
},
deletion_protection_enabled=False,
opts = pulumi.ResourceOptions(depends_on=[default]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/memorystore"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/networkconnectivity"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
producerNet, err := compute.NewNetwork(ctx, "producer_net", &compute.NetworkArgs{
Name: pulumi.String("my-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
producerSubnet, err := compute.NewSubnetwork(ctx, "producer_subnet", &compute.SubnetworkArgs{
Name: pulumi.String("my-subnet"),
IpCidrRange: pulumi.String("10.0.0.248/29"),
Region: pulumi.String("us-central1"),
Network: producerNet.ID(),
})
if err != nil {
return err
}
_default, err := networkconnectivity.NewServiceConnectionPolicy(ctx, "default", &networkconnectivity.ServiceConnectionPolicyArgs{
Name: pulumi.String("my-policy"),
Location: pulumi.String("us-central1"),
ServiceClass: pulumi.String("gcp-memorystore"),
Description: pulumi.String("my basic service connection policy"),
Network: producerNet.ID(),
PscConfig: &networkconnectivity.ServiceConnectionPolicyPscConfigArgs{
Subnetworks: pulumi.StringArray{
producerSubnet.ID(),
},
},
})
if err != nil {
return err
}
project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
_, err = memorystore.NewInstance(ctx, "instance-persistence-aof", &memorystore.InstanceArgs{
InstanceId: pulumi.String("aof-instance"),
ShardCount: pulumi.Int(1),
DesiredAutoCreatedEndpoints: memorystore.InstanceDesiredAutoCreatedEndpointArray{
&memorystore.InstanceDesiredAutoCreatedEndpointArgs{
Network: producerNet.ID(),
ProjectId: pulumi.String(project.ProjectId),
},
},
Location: pulumi.String("us-central1"),
PersistenceConfig: &memorystore.InstancePersistenceConfigArgs{
Mode: pulumi.String("AOF"),
AofConfig: &memorystore.InstancePersistenceConfigAofConfigArgs{
AppendFsync: pulumi.String("EVERY_SEC"),
},
},
DeletionProtectionEnabled: pulumi.Bool(false),
}, pulumi.DependsOn([]pulumi.Resource{
_default,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var producerNet = new Gcp.Compute.Network("producer_net", new()
{
Name = "my-network",
AutoCreateSubnetworks = false,
});
var producerSubnet = new Gcp.Compute.Subnetwork("producer_subnet", new()
{
Name = "my-subnet",
IpCidrRange = "10.0.0.248/29",
Region = "us-central1",
Network = producerNet.Id,
});
var @default = new Gcp.NetworkConnectivity.ServiceConnectionPolicy("default", new()
{
Name = "my-policy",
Location = "us-central1",
ServiceClass = "gcp-memorystore",
Description = "my basic service connection policy",
Network = producerNet.Id,
PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs
{
Subnetworks = new[]
{
producerSubnet.Id,
},
},
});
var project = Gcp.Organizations.GetProject.Invoke();
var instance_persistence_aof = new Gcp.MemoryStore.Instance("instance-persistence-aof", new()
{
InstanceId = "aof-instance",
ShardCount = 1,
DesiredAutoCreatedEndpoints = new[]
{
new Gcp.MemoryStore.Inputs.InstanceDesiredAutoCreatedEndpointArgs
{
Network = producerNet.Id,
ProjectId = project.Apply(getProjectResult => getProjectResult.ProjectId),
},
},
Location = "us-central1",
PersistenceConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigArgs
{
Mode = "AOF",
AofConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigAofConfigArgs
{
AppendFsync = "EVERY_SEC",
},
},
DeletionProtectionEnabled = false,
}, new CustomResourceOptions
{
DependsOn =
{
@default,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;
import com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;
import com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.memorystore.Instance;
import com.pulumi.gcp.memorystore.InstanceArgs;
import com.pulumi.gcp.memorystore.inputs.InstanceDesiredAutoCreatedEndpointArgs;
import com.pulumi.gcp.memorystore.inputs.InstancePersistenceConfigArgs;
import com.pulumi.gcp.memorystore.inputs.InstancePersistenceConfigAofConfigArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var producerNet = new Network("producerNet", NetworkArgs.builder()
.name("my-network")
.autoCreateSubnetworks(false)
.build());
var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder()
.name("my-subnet")
.ipCidrRange("10.0.0.248/29")
.region("us-central1")
.network(producerNet.id())
.build());
var default_ = new ServiceConnectionPolicy("default", ServiceConnectionPolicyArgs.builder()
.name("my-policy")
.location("us-central1")
.serviceClass("gcp-memorystore")
.description("my basic service connection policy")
.network(producerNet.id())
.pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()
.subnetworks(producerSubnet.id())
.build())
.build());
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
var instance_persistence_aof = new Instance("instance-persistence-aof", InstanceArgs.builder()
.instanceId("aof-instance")
.shardCount(1)
.desiredAutoCreatedEndpoints(InstanceDesiredAutoCreatedEndpointArgs.builder()
.network(producerNet.id())
.projectId(project.projectId())
.build())
.location("us-central1")
.persistenceConfig(InstancePersistenceConfigArgs.builder()
.mode("AOF")
.aofConfig(InstancePersistenceConfigAofConfigArgs.builder()
.appendFsync("EVERY_SEC")
.build())
.build())
.deletionProtectionEnabled(false)
.build(), CustomResourceOptions.builder()
.dependsOn(default_)
.build());
}
}
resources:
instance-persistence-aof:
type: gcp:memorystore:Instance
properties:
instanceId: aof-instance
shardCount: 1
desiredAutoCreatedEndpoints:
- network: ${producerNet.id}
projectId: ${project.projectId}
location: us-central1
persistenceConfig:
mode: AOF
aofConfig:
appendFsync: EVERY_SEC
deletionProtectionEnabled: false
options:
dependsOn:
- ${default}
default:
type: gcp:networkconnectivity:ServiceConnectionPolicy
properties:
name: my-policy
location: us-central1
serviceClass: gcp-memorystore
description: my basic service connection policy
network: ${producerNet.id}
pscConfig:
subnetworks:
- ${producerSubnet.id}
producerSubnet:
type: gcp:compute:Subnetwork
name: producer_subnet
properties:
name: my-subnet
ipCidrRange: 10.0.0.248/29
region: us-central1
network: ${producerNet.id}
producerNet:
type: gcp:compute:Network
name: producer_net
properties:
name: my-network
autoCreateSubnetworks: false
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
AOF persistence writes every operation to disk, providing more frequent durability than periodic snapshots. The appendFsync setting controls write frequency: EVERY_SEC syncs to disk every second, balancing durability and performance. This mode trades some throughput for reduced data loss in failure scenarios.
Set up cross-region replication with primary and secondary
Disaster recovery requires replicating data across regions, with a secondary instance continuously receiving updates from the primary.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const primaryProducerNet = new gcp.compute.Network("primary_producer_net", {
name: "my-network-primary-instance",
autoCreateSubnetworks: false,
});
const primaryProducerSubnet = new gcp.compute.Subnetwork("primary_producer_subnet", {
name: "my-subnet-primary-instance",
ipCidrRange: "10.0.1.0/29",
region: "asia-east1",
network: primaryProducerNet.id,
});
const primaryPolicy = new gcp.networkconnectivity.ServiceConnectionPolicy("primary_policy", {
name: "my-policy-primary-instance",
location: "asia-east1",
serviceClass: "gcp-memorystore",
description: "my basic service connection policy",
network: primaryProducerNet.id,
pscConfig: {
subnetworks: [primaryProducerSubnet.id],
},
});
const project = gcp.organizations.getProject({});
// Primary instance
const primaryInstance = new gcp.memorystore.Instance("primary_instance", {
instanceId: "primary-instance",
shardCount: 1,
desiredAutoCreatedEndpoints: [{
network: primaryProducerNet.id,
projectId: project.then(project => project.projectId),
}],
location: "asia-east1",
replicaCount: 1,
nodeType: "SHARED_CORE_NANO",
transitEncryptionMode: "TRANSIT_ENCRYPTION_DISABLED",
authorizationMode: "AUTH_DISABLED",
engineConfigs: {
"maxmemory-policy": "volatile-ttl",
},
zoneDistributionConfig: {
mode: "SINGLE_ZONE",
zone: "asia-east1-c",
},
deletionProtectionEnabled: true,
persistenceConfig: {
mode: "RDB",
rdbConfig: {
rdbSnapshotPeriod: "ONE_HOUR",
rdbSnapshotStartTime: "2024-10-02T15:01:23Z",
},
},
labels: {
abc: "xyz",
},
}, {
dependsOn: [primaryPolicy],
});
const secondaryProducerNet = new gcp.compute.Network("secondary_producer_net", {
name: "my-network-secondary-instance",
autoCreateSubnetworks: false,
});
const secondaryProducerSubnet = new gcp.compute.Subnetwork("secondary_producer_subnet", {
name: "my-subnet-secondary-instance",
ipCidrRange: "10.0.2.0/29",
region: "europe-north1",
network: secondaryProducerNet.id,
});
const secondaryPolicy = new gcp.networkconnectivity.ServiceConnectionPolicy("secondary_policy", {
name: "my-policy-secondary-instance",
location: "europe-north1",
serviceClass: "gcp-memorystore",
description: "my basic service connection policy",
network: secondaryProducerNet.id,
pscConfig: {
subnetworks: [secondaryProducerSubnet.id],
},
});
// Secondary instance
const secondaryInstance = new gcp.memorystore.Instance("secondary_instance", {
instanceId: "secondary-instance",
shardCount: 1,
desiredAutoCreatedEndpoints: [{
network: secondaryProducerNet.id,
projectId: project.then(project => project.projectId),
}],
location: "europe-north1",
replicaCount: 1,
nodeType: "SHARED_CORE_NANO",
transitEncryptionMode: "TRANSIT_ENCRYPTION_DISABLED",
authorizationMode: "AUTH_DISABLED",
engineConfigs: {
"maxmemory-policy": "volatile-ttl",
},
zoneDistributionConfig: {
mode: "SINGLE_ZONE",
zone: "europe-north1-c",
},
deletionProtectionEnabled: true,
crossInstanceReplicationConfig: {
instanceRole: "SECONDARY",
primaryInstance: {
instance: primaryInstance.id,
},
},
persistenceConfig: {
mode: "RDB",
rdbConfig: {
rdbSnapshotPeriod: "ONE_HOUR",
rdbSnapshotStartTime: "2024-10-02T15:01:23Z",
},
},
labels: {
abc: "xyz",
},
}, {
dependsOn: [secondaryPolicy],
});
import pulumi
import pulumi_gcp as gcp
primary_producer_net = gcp.compute.Network("primary_producer_net",
name="my-network-primary-instance",
auto_create_subnetworks=False)
primary_producer_subnet = gcp.compute.Subnetwork("primary_producer_subnet",
name="my-subnet-primary-instance",
ip_cidr_range="10.0.1.0/29",
region="asia-east1",
network=primary_producer_net.id)
primary_policy = gcp.networkconnectivity.ServiceConnectionPolicy("primary_policy",
name="my-policy-primary-instance",
location="asia-east1",
service_class="gcp-memorystore",
description="my basic service connection policy",
network=primary_producer_net.id,
psc_config={
"subnetworks": [primary_producer_subnet.id],
})
project = gcp.organizations.get_project()
# Primary instance
primary_instance = gcp.memorystore.Instance("primary_instance",
instance_id="primary-instance",
shard_count=1,
desired_auto_created_endpoints=[{
"network": primary_producer_net.id,
"project_id": project.project_id,
}],
location="asia-east1",
replica_count=1,
node_type="SHARED_CORE_NANO",
transit_encryption_mode="TRANSIT_ENCRYPTION_DISABLED",
authorization_mode="AUTH_DISABLED",
engine_configs={
"maxmemory-policy": "volatile-ttl",
},
zone_distribution_config={
"mode": "SINGLE_ZONE",
"zone": "asia-east1-c",
},
deletion_protection_enabled=True,
persistence_config={
"mode": "RDB",
"rdb_config": {
"rdb_snapshot_period": "ONE_HOUR",
"rdb_snapshot_start_time": "2024-10-02T15:01:23Z",
},
},
labels={
"abc": "xyz",
},
opts = pulumi.ResourceOptions(depends_on=[primary_policy]))
secondary_producer_net = gcp.compute.Network("secondary_producer_net",
name="my-network-secondary-instance",
auto_create_subnetworks=False)
secondary_producer_subnet = gcp.compute.Subnetwork("secondary_producer_subnet",
name="my-subnet-secondary-instance",
ip_cidr_range="10.0.2.0/29",
region="europe-north1",
network=secondary_producer_net.id)
secondary_policy = gcp.networkconnectivity.ServiceConnectionPolicy("secondary_policy",
name="my-policy-secondary-instance",
location="europe-north1",
service_class="gcp-memorystore",
description="my basic service connection policy",
network=secondary_producer_net.id,
psc_config={
"subnetworks": [secondary_producer_subnet.id],
})
# Secondary instance
secondary_instance = gcp.memorystore.Instance("secondary_instance",
instance_id="secondary-instance",
shard_count=1,
desired_auto_created_endpoints=[{
"network": secondary_producer_net.id,
"project_id": project.project_id,
}],
location="europe-north1",
replica_count=1,
node_type="SHARED_CORE_NANO",
transit_encryption_mode="TRANSIT_ENCRYPTION_DISABLED",
authorization_mode="AUTH_DISABLED",
engine_configs={
"maxmemory-policy": "volatile-ttl",
},
zone_distribution_config={
"mode": "SINGLE_ZONE",
"zone": "europe-north1-c",
},
deletion_protection_enabled=True,
cross_instance_replication_config={
"instance_role": "SECONDARY",
"primary_instance": {
"instance": primary_instance.id,
},
},
persistence_config={
"mode": "RDB",
"rdb_config": {
"rdb_snapshot_period": "ONE_HOUR",
"rdb_snapshot_start_time": "2024-10-02T15:01:23Z",
},
},
labels={
"abc": "xyz",
},
opts = pulumi.ResourceOptions(depends_on=[secondary_policy]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/memorystore"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/networkconnectivity"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
primaryProducerNet, err := compute.NewNetwork(ctx, "primary_producer_net", &compute.NetworkArgs{
Name: pulumi.String("my-network-primary-instance"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
primaryProducerSubnet, err := compute.NewSubnetwork(ctx, "primary_producer_subnet", &compute.SubnetworkArgs{
Name: pulumi.String("my-subnet-primary-instance"),
IpCidrRange: pulumi.String("10.0.1.0/29"),
Region: pulumi.String("asia-east1"),
Network: primaryProducerNet.ID(),
})
if err != nil {
return err
}
primaryPolicy, err := networkconnectivity.NewServiceConnectionPolicy(ctx, "primary_policy", &networkconnectivity.ServiceConnectionPolicyArgs{
Name: pulumi.String("my-policy-primary-instance"),
Location: pulumi.String("asia-east1"),
ServiceClass: pulumi.String("gcp-memorystore"),
Description: pulumi.String("my basic service connection policy"),
Network: primaryProducerNet.ID(),
PscConfig: &networkconnectivity.ServiceConnectionPolicyPscConfigArgs{
Subnetworks: pulumi.StringArray{
primaryProducerSubnet.ID(),
},
},
})
if err != nil {
return err
}
project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
// Primary instance
primaryInstance, err := memorystore.NewInstance(ctx, "primary_instance", &memorystore.InstanceArgs{
InstanceId: pulumi.String("primary-instance"),
ShardCount: pulumi.Int(1),
DesiredAutoCreatedEndpoints: memorystore.InstanceDesiredAutoCreatedEndpointArray{
&memorystore.InstanceDesiredAutoCreatedEndpointArgs{
Network: primaryProducerNet.ID(),
ProjectId: pulumi.String(project.ProjectId),
},
},
Location: pulumi.String("asia-east1"),
ReplicaCount: pulumi.Int(1),
NodeType: pulumi.String("SHARED_CORE_NANO"),
TransitEncryptionMode: pulumi.String("TRANSIT_ENCRYPTION_DISABLED"),
AuthorizationMode: pulumi.String("AUTH_DISABLED"),
EngineConfigs: pulumi.StringMap{
"maxmemory-policy": pulumi.String("volatile-ttl"),
},
ZoneDistributionConfig: &memorystore.InstanceZoneDistributionConfigArgs{
Mode: pulumi.String("SINGLE_ZONE"),
Zone: pulumi.String("asia-east1-c"),
},
DeletionProtectionEnabled: pulumi.Bool(true),
PersistenceConfig: &memorystore.InstancePersistenceConfigArgs{
Mode: pulumi.String("RDB"),
RdbConfig: &memorystore.InstancePersistenceConfigRdbConfigArgs{
RdbSnapshotPeriod: pulumi.String("ONE_HOUR"),
RdbSnapshotStartTime: pulumi.String("2024-10-02T15:01:23Z"),
},
},
Labels: pulumi.StringMap{
"abc": pulumi.String("xyz"),
},
}, pulumi.DependsOn([]pulumi.Resource{
primaryPolicy,
}))
if err != nil {
return err
}
secondaryProducerNet, err := compute.NewNetwork(ctx, "secondary_producer_net", &compute.NetworkArgs{
Name: pulumi.String("my-network-secondary-instance"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
secondaryProducerSubnet, err := compute.NewSubnetwork(ctx, "secondary_producer_subnet", &compute.SubnetworkArgs{
Name: pulumi.String("my-subnet-secondary-instance"),
IpCidrRange: pulumi.String("10.0.2.0/29"),
Region: pulumi.String("europe-north1"),
Network: secondaryProducerNet.ID(),
})
if err != nil {
return err
}
secondaryPolicy, err := networkconnectivity.NewServiceConnectionPolicy(ctx, "secondary_policy", &networkconnectivity.ServiceConnectionPolicyArgs{
Name: pulumi.String("my-policy-secondary-instance"),
Location: pulumi.String("europe-north1"),
ServiceClass: pulumi.String("gcp-memorystore"),
Description: pulumi.String("my basic service connection policy"),
Network: secondaryProducerNet.ID(),
PscConfig: &networkconnectivity.ServiceConnectionPolicyPscConfigArgs{
Subnetworks: pulumi.StringArray{
secondaryProducerSubnet.ID(),
},
},
})
if err != nil {
return err
}
// Secondary instance
_, err = memorystore.NewInstance(ctx, "secondary_instance", &memorystore.InstanceArgs{
InstanceId: pulumi.String("secondary-instance"),
ShardCount: pulumi.Int(1),
DesiredAutoCreatedEndpoints: memorystore.InstanceDesiredAutoCreatedEndpointArray{
&memorystore.InstanceDesiredAutoCreatedEndpointArgs{
Network: secondaryProducerNet.ID(),
ProjectId: pulumi.String(project.ProjectId),
},
},
Location: pulumi.String("europe-north1"),
ReplicaCount: pulumi.Int(1),
NodeType: pulumi.String("SHARED_CORE_NANO"),
TransitEncryptionMode: pulumi.String("TRANSIT_ENCRYPTION_DISABLED"),
AuthorizationMode: pulumi.String("AUTH_DISABLED"),
EngineConfigs: pulumi.StringMap{
"maxmemory-policy": pulumi.String("volatile-ttl"),
},
ZoneDistributionConfig: &memorystore.InstanceZoneDistributionConfigArgs{
Mode: pulumi.String("SINGLE_ZONE"),
Zone: pulumi.String("europe-north1-c"),
},
DeletionProtectionEnabled: pulumi.Bool(true),
CrossInstanceReplicationConfig: &memorystore.InstanceCrossInstanceReplicationConfigArgs{
InstanceRole: pulumi.String("SECONDARY"),
PrimaryInstance: &memorystore.InstanceCrossInstanceReplicationConfigPrimaryInstanceArgs{
Instance: primaryInstance.ID(),
},
},
PersistenceConfig: &memorystore.InstancePersistenceConfigArgs{
Mode: pulumi.String("RDB"),
RdbConfig: &memorystore.InstancePersistenceConfigRdbConfigArgs{
RdbSnapshotPeriod: pulumi.String("ONE_HOUR"),
RdbSnapshotStartTime: pulumi.String("2024-10-02T15:01:23Z"),
},
},
Labels: pulumi.StringMap{
"abc": pulumi.String("xyz"),
},
}, pulumi.DependsOn([]pulumi.Resource{
secondaryPolicy,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var primaryProducerNet = new Gcp.Compute.Network("primary_producer_net", new()
{
Name = "my-network-primary-instance",
AutoCreateSubnetworks = false,
});
var primaryProducerSubnet = new Gcp.Compute.Subnetwork("primary_producer_subnet", new()
{
Name = "my-subnet-primary-instance",
IpCidrRange = "10.0.1.0/29",
Region = "asia-east1",
Network = primaryProducerNet.Id,
});
var primaryPolicy = new Gcp.NetworkConnectivity.ServiceConnectionPolicy("primary_policy", new()
{
Name = "my-policy-primary-instance",
Location = "asia-east1",
ServiceClass = "gcp-memorystore",
Description = "my basic service connection policy",
Network = primaryProducerNet.Id,
PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs
{
Subnetworks = new[]
{
primaryProducerSubnet.Id,
},
},
});
var project = Gcp.Organizations.GetProject.Invoke();
// Primary instance
var primaryInstance = new Gcp.MemoryStore.Instance("primary_instance", new()
{
InstanceId = "primary-instance",
ShardCount = 1,
DesiredAutoCreatedEndpoints = new[]
{
new Gcp.MemoryStore.Inputs.InstanceDesiredAutoCreatedEndpointArgs
{
Network = primaryProducerNet.Id,
ProjectId = project.Apply(getProjectResult => getProjectResult.ProjectId),
},
},
Location = "asia-east1",
ReplicaCount = 1,
NodeType = "SHARED_CORE_NANO",
TransitEncryptionMode = "TRANSIT_ENCRYPTION_DISABLED",
AuthorizationMode = "AUTH_DISABLED",
EngineConfigs =
{
{ "maxmemory-policy", "volatile-ttl" },
},
ZoneDistributionConfig = new Gcp.MemoryStore.Inputs.InstanceZoneDistributionConfigArgs
{
Mode = "SINGLE_ZONE",
Zone = "asia-east1-c",
},
DeletionProtectionEnabled = true,
PersistenceConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigArgs
{
Mode = "RDB",
RdbConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigRdbConfigArgs
{
RdbSnapshotPeriod = "ONE_HOUR",
RdbSnapshotStartTime = "2024-10-02T15:01:23Z",
},
},
Labels =
{
{ "abc", "xyz" },
},
}, new CustomResourceOptions
{
DependsOn =
{
primaryPolicy,
},
});
var secondaryProducerNet = new Gcp.Compute.Network("secondary_producer_net", new()
{
Name = "my-network-secondary-instance",
AutoCreateSubnetworks = false,
});
var secondaryProducerSubnet = new Gcp.Compute.Subnetwork("secondary_producer_subnet", new()
{
Name = "my-subnet-secondary-instance",
IpCidrRange = "10.0.2.0/29",
Region = "europe-north1",
Network = secondaryProducerNet.Id,
});
var secondaryPolicy = new Gcp.NetworkConnectivity.ServiceConnectionPolicy("secondary_policy", new()
{
Name = "my-policy-secondary-instance",
Location = "europe-north1",
ServiceClass = "gcp-memorystore",
Description = "my basic service connection policy",
Network = secondaryProducerNet.Id,
PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs
{
Subnetworks = new[]
{
secondaryProducerSubnet.Id,
},
},
});
// Secondary instance
var secondaryInstance = new Gcp.MemoryStore.Instance("secondary_instance", new()
{
InstanceId = "secondary-instance",
ShardCount = 1,
DesiredAutoCreatedEndpoints = new[]
{
new Gcp.MemoryStore.Inputs.InstanceDesiredAutoCreatedEndpointArgs
{
Network = secondaryProducerNet.Id,
ProjectId = project.Apply(getProjectResult => getProjectResult.ProjectId),
},
},
Location = "europe-north1",
ReplicaCount = 1,
NodeType = "SHARED_CORE_NANO",
TransitEncryptionMode = "TRANSIT_ENCRYPTION_DISABLED",
AuthorizationMode = "AUTH_DISABLED",
EngineConfigs =
{
{ "maxmemory-policy", "volatile-ttl" },
},
ZoneDistributionConfig = new Gcp.MemoryStore.Inputs.InstanceZoneDistributionConfigArgs
{
Mode = "SINGLE_ZONE",
Zone = "europe-north1-c",
},
DeletionProtectionEnabled = true,
CrossInstanceReplicationConfig = new Gcp.MemoryStore.Inputs.InstanceCrossInstanceReplicationConfigArgs
{
InstanceRole = "SECONDARY",
PrimaryInstance = new Gcp.MemoryStore.Inputs.InstanceCrossInstanceReplicationConfigPrimaryInstanceArgs
{
Instance = primaryInstance.Id,
},
},
PersistenceConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigArgs
{
Mode = "RDB",
RdbConfig = new Gcp.MemoryStore.Inputs.InstancePersistenceConfigRdbConfigArgs
{
RdbSnapshotPeriod = "ONE_HOUR",
RdbSnapshotStartTime = "2024-10-02T15:01:23Z",
},
},
Labels =
{
{ "abc", "xyz" },
},
}, new CustomResourceOptions
{
DependsOn =
{
secondaryPolicy,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;
import com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;
import com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.memorystore.Instance;
import com.pulumi.gcp.memorystore.InstanceArgs;
import com.pulumi.gcp.memorystore.inputs.InstanceDesiredAutoCreatedEndpointArgs;
import com.pulumi.gcp.memorystore.inputs.InstanceZoneDistributionConfigArgs;
import com.pulumi.gcp.memorystore.inputs.InstancePersistenceConfigArgs;
import com.pulumi.gcp.memorystore.inputs.InstancePersistenceConfigRdbConfigArgs;
import com.pulumi.gcp.memorystore.inputs.InstanceCrossInstanceReplicationConfigArgs;
import com.pulumi.gcp.memorystore.inputs.InstanceCrossInstanceReplicationConfigPrimaryInstanceArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var primaryProducerNet = new Network("primaryProducerNet", NetworkArgs.builder()
.name("my-network-primary-instance")
.autoCreateSubnetworks(false)
.build());
var primaryProducerSubnet = new Subnetwork("primaryProducerSubnet", SubnetworkArgs.builder()
.name("my-subnet-primary-instance")
.ipCidrRange("10.0.1.0/29")
.region("asia-east1")
.network(primaryProducerNet.id())
.build());
var primaryPolicy = new ServiceConnectionPolicy("primaryPolicy", ServiceConnectionPolicyArgs.builder()
.name("my-policy-primary-instance")
.location("asia-east1")
.serviceClass("gcp-memorystore")
.description("my basic service connection policy")
.network(primaryProducerNet.id())
.pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()
.subnetworks(primaryProducerSubnet.id())
.build())
.build());
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
// Primary instance
var primaryInstance = new Instance("primaryInstance", InstanceArgs.builder()
.instanceId("primary-instance")
.shardCount(1)
.desiredAutoCreatedEndpoints(InstanceDesiredAutoCreatedEndpointArgs.builder()
.network(primaryProducerNet.id())
.projectId(project.projectId())
.build())
.location("asia-east1")
.replicaCount(1)
.nodeType("SHARED_CORE_NANO")
.transitEncryptionMode("TRANSIT_ENCRYPTION_DISABLED")
.authorizationMode("AUTH_DISABLED")
.engineConfigs(Map.of("maxmemory-policy", "volatile-ttl"))
.zoneDistributionConfig(InstanceZoneDistributionConfigArgs.builder()
.mode("SINGLE_ZONE")
.zone("asia-east1-c")
.build())
.deletionProtectionEnabled(true)
.persistenceConfig(InstancePersistenceConfigArgs.builder()
.mode("RDB")
.rdbConfig(InstancePersistenceConfigRdbConfigArgs.builder()
.rdbSnapshotPeriod("ONE_HOUR")
.rdbSnapshotStartTime("2024-10-02T15:01:23Z")
.build())
.build())
.labels(Map.of("abc", "xyz"))
.build(), CustomResourceOptions.builder()
.dependsOn(primaryPolicy)
.build());
var secondaryProducerNet = new Network("secondaryProducerNet", NetworkArgs.builder()
.name("my-network-secondary-instance")
.autoCreateSubnetworks(false)
.build());
var secondaryProducerSubnet = new Subnetwork("secondaryProducerSubnet", SubnetworkArgs.builder()
.name("my-subnet-secondary-instance")
.ipCidrRange("10.0.2.0/29")
.region("europe-north1")
.network(secondaryProducerNet.id())
.build());
var secondaryPolicy = new ServiceConnectionPolicy("secondaryPolicy", ServiceConnectionPolicyArgs.builder()
.name("my-policy-secondary-instance")
.location("europe-north1")
.serviceClass("gcp-memorystore")
.description("my basic service connection policy")
.network(secondaryProducerNet.id())
.pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()
.subnetworks(secondaryProducerSubnet.id())
.build())
.build());
// Secondary instance
var secondaryInstance = new Instance("secondaryInstance", InstanceArgs.builder()
.instanceId("secondary-instance")
.shardCount(1)
.desiredAutoCreatedEndpoints(InstanceDesiredAutoCreatedEndpointArgs.builder()
.network(secondaryProducerNet.id())
.projectId(project.projectId())
.build())
.location("europe-north1")
.replicaCount(1)
.nodeType("SHARED_CORE_NANO")
.transitEncryptionMode("TRANSIT_ENCRYPTION_DISABLED")
.authorizationMode("AUTH_DISABLED")
.engineConfigs(Map.of("maxmemory-policy", "volatile-ttl"))
.zoneDistributionConfig(InstanceZoneDistributionConfigArgs.builder()
.mode("SINGLE_ZONE")
.zone("europe-north1-c")
.build())
.deletionProtectionEnabled(true)
.crossInstanceReplicationConfig(InstanceCrossInstanceReplicationConfigArgs.builder()
.instanceRole("SECONDARY")
.primaryInstance(InstanceCrossInstanceReplicationConfigPrimaryInstanceArgs.builder()
.instance(primaryInstance.id())
.build())
.build())
.persistenceConfig(InstancePersistenceConfigArgs.builder()
.mode("RDB")
.rdbConfig(InstancePersistenceConfigRdbConfigArgs.builder()
.rdbSnapshotPeriod("ONE_HOUR")
.rdbSnapshotStartTime("2024-10-02T15:01:23Z")
.build())
.build())
.labels(Map.of("abc", "xyz"))
.build(), CustomResourceOptions.builder()
.dependsOn(secondaryPolicy)
.build());
}
}
resources:
# Primary instance
primaryInstance:
type: gcp:memorystore:Instance
name: primary_instance
properties:
instanceId: primary-instance
shardCount: 1
desiredAutoCreatedEndpoints:
- network: ${primaryProducerNet.id}
projectId: ${project.projectId}
location: asia-east1
replicaCount: 1
nodeType: SHARED_CORE_NANO
transitEncryptionMode: TRANSIT_ENCRYPTION_DISABLED
authorizationMode: AUTH_DISABLED
engineConfigs:
maxmemory-policy: volatile-ttl
zoneDistributionConfig:
mode: SINGLE_ZONE
zone: asia-east1-c
deletionProtectionEnabled: true
persistenceConfig:
mode: RDB
rdbConfig:
rdbSnapshotPeriod: ONE_HOUR
rdbSnapshotStartTime: 2024-10-02T15:01:23Z
labels:
abc: xyz
options:
dependsOn:
- ${primaryPolicy}
primaryPolicy:
type: gcp:networkconnectivity:ServiceConnectionPolicy
name: primary_policy
properties:
name: my-policy-primary-instance
location: asia-east1
serviceClass: gcp-memorystore
description: my basic service connection policy
network: ${primaryProducerNet.id}
pscConfig:
subnetworks:
- ${primaryProducerSubnet.id}
primaryProducerSubnet:
type: gcp:compute:Subnetwork
name: primary_producer_subnet
properties:
name: my-subnet-primary-instance
ipCidrRange: 10.0.1.0/29
region: asia-east1
network: ${primaryProducerNet.id}
primaryProducerNet:
type: gcp:compute:Network
name: primary_producer_net
properties:
name: my-network-primary-instance
autoCreateSubnetworks: false
# Secondary instance
secondaryInstance:
type: gcp:memorystore:Instance
name: secondary_instance
properties:
instanceId: secondary-instance
shardCount: 1
desiredAutoCreatedEndpoints:
- network: ${secondaryProducerNet.id}
projectId: ${project.projectId}
location: europe-north1
replicaCount: 1
nodeType: SHARED_CORE_NANO
transitEncryptionMode: TRANSIT_ENCRYPTION_DISABLED
authorizationMode: AUTH_DISABLED
engineConfigs:
maxmemory-policy: volatile-ttl
zoneDistributionConfig:
mode: SINGLE_ZONE
zone: europe-north1-c
deletionProtectionEnabled: true # Cross instance replication config
crossInstanceReplicationConfig:
instanceRole: SECONDARY
primaryInstance:
instance: ${primaryInstance.id}
persistenceConfig:
mode: RDB
rdbConfig:
rdbSnapshotPeriod: ONE_HOUR
rdbSnapshotStartTime: 2024-10-02T15:01:23Z
labels:
abc: xyz
options:
dependsOn:
- ${secondaryPolicy}
secondaryPolicy:
type: gcp:networkconnectivity:ServiceConnectionPolicy
name: secondary_policy
properties:
name: my-policy-secondary-instance
location: europe-north1
serviceClass: gcp-memorystore
description: my basic service connection policy
network: ${secondaryProducerNet.id}
pscConfig:
subnetworks:
- ${secondaryProducerSubnet.id}
secondaryProducerSubnet:
type: gcp:compute:Subnetwork
name: secondary_producer_subnet
properties:
name: my-subnet-secondary-instance
ipCidrRange: 10.0.2.0/29
region: europe-north1
network: ${secondaryProducerNet.id}
secondaryProducerNet:
type: gcp:compute:Network
name: secondary_producer_net
properties:
name: my-network-secondary-instance
autoCreateSubnetworks: false
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
The crossInstanceReplicationConfig establishes the replication relationship. The secondary instance sets instanceRole to SECONDARY and references the primary instance ID. Both instances need their own VPC networks and Service Connection Policies in their respective regions. The primary must have deletionProtectionEnabled to prevent accidental deletion while the secondary depends on it.
Enable TLS with customer-managed certificate authority
Organizations with strict security requirements can use their own Certificate Authority for TLS encryption.
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const project = gcp.organizations.getProject({});
const _default = new gcp.certificateauthority.CaPool("default", {
name: "ca-pool",
location: "us-central1",
tier: "ENTERPRISE",
});
const memorystoreP4saRequester = new gcp.certificateauthority.CaPoolIamMember("memorystore_p4sa_requester", {
caPool: _default.id,
role: "roles/privateca.certificateRequester",
member: project.then(project => `serviceAccount:service-${project.number}@gcp-sa-memorystore.iam.gserviceaccount.com`),
});
const defaultAuthority = new gcp.certificateauthority.Authority("default", {
pool: _default.name,
certificateAuthorityId: "ca-auth",
location: "us-central1",
config: {
subjectConfig: {
subject: {
organization: "Google",
commonName: "my-memorystore-ca",
},
},
x509Config: {
caOptions: {
isCa: true,
},
keyUsage: {
baseKeyUsage: {
certSign: true,
crlSign: true,
},
extendedKeyUsage: {
serverAuth: true,
},
},
},
},
keySpec: {
algorithm: "RSA_PKCS1_4096_SHA256",
},
ignoreActiveCertificatesOnDeletion: true,
deletionProtection: false,
skipGracePeriod: true,
});
const producerNet = new gcp.compute.Network("producer_net", {
name: "ca-network",
autoCreateSubnetworks: false,
});
const producerSubnet = new gcp.compute.Subnetwork("producer_subnet", {
name: "ca-subnet",
ipCidrRange: "10.0.0.248/29",
region: "us-central1",
network: producerNet.id,
});
const defaultServiceConnectionPolicy = new gcp.networkconnectivity.ServiceConnectionPolicy("default", {
name: "ca-policy",
location: "us-central1",
serviceClass: "gcp-memorystore",
network: producerNet.id,
pscConfig: {
subnetworks: [producerSubnet.id],
},
});
const test_instance = new gcp.memorystore.Instance("test-instance", {
instanceId: "ca-instance",
shardCount: 3,
location: "us-central1",
desiredAutoCreatedEndpoints: [{
network: producerNet.id,
projectId: project.then(project => project.projectId),
}],
transitEncryptionMode: "SERVER_AUTHENTICATION",
serverCaMode: "CUSTOMER_MANAGED_CAS_CA",
serverCaPool: _default.id,
deletionProtectionEnabled: true,
}, {
dependsOn: [
defaultServiceConnectionPolicy,
defaultAuthority,
memorystoreP4saRequester,
],
});
import pulumi
import pulumi_gcp as gcp
project = gcp.organizations.get_project()
default = gcp.certificateauthority.CaPool("default",
name="ca-pool",
location="us-central1",
tier="ENTERPRISE")
memorystore_p4sa_requester = gcp.certificateauthority.CaPoolIamMember("memorystore_p4sa_requester",
ca_pool=default.id,
role="roles/privateca.certificateRequester",
member=f"serviceAccount:service-{project.number}@gcp-sa-memorystore.iam.gserviceaccount.com")
default_authority = gcp.certificateauthority.Authority("default",
pool=default.name,
certificate_authority_id="ca-auth",
location="us-central1",
config={
"subject_config": {
"subject": {
"organization": "Google",
"common_name": "my-memorystore-ca",
},
},
"x509_config": {
"ca_options": {
"is_ca": True,
},
"key_usage": {
"base_key_usage": {
"cert_sign": True,
"crl_sign": True,
},
"extended_key_usage": {
"server_auth": True,
},
},
},
},
key_spec={
"algorithm": "RSA_PKCS1_4096_SHA256",
},
ignore_active_certificates_on_deletion=True,
deletion_protection=False,
skip_grace_period=True)
producer_net = gcp.compute.Network("producer_net",
name="ca-network",
auto_create_subnetworks=False)
producer_subnet = gcp.compute.Subnetwork("producer_subnet",
name="ca-subnet",
ip_cidr_range="10.0.0.248/29",
region="us-central1",
network=producer_net.id)
default_service_connection_policy = gcp.networkconnectivity.ServiceConnectionPolicy("default",
name="ca-policy",
location="us-central1",
service_class="gcp-memorystore",
network=producer_net.id,
psc_config={
"subnetworks": [producer_subnet.id],
})
test_instance = gcp.memorystore.Instance("test-instance",
instance_id="ca-instance",
shard_count=3,
location="us-central1",
desired_auto_created_endpoints=[{
"network": producer_net.id,
"project_id": project.project_id,
}],
transit_encryption_mode="SERVER_AUTHENTICATION",
server_ca_mode="CUSTOMER_MANAGED_CAS_CA",
server_ca_pool=default.id,
deletion_protection_enabled=True,
opts = pulumi.ResourceOptions(depends_on=[
default_service_connection_policy,
default_authority,
memorystore_p4sa_requester,
]))
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/certificateauthority"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/memorystore"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/networkconnectivity"
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
project, err := organizations.LookupProject(ctx, &organizations.LookupProjectArgs{}, nil)
if err != nil {
return err
}
_default, err := certificateauthority.NewCaPool(ctx, "default", &certificateauthority.CaPoolArgs{
Name: pulumi.String("ca-pool"),
Location: pulumi.String("us-central1"),
Tier: pulumi.String("ENTERPRISE"),
})
if err != nil {
return err
}
memorystoreP4saRequester, err := certificateauthority.NewCaPoolIamMember(ctx, "memorystore_p4sa_requester", &certificateauthority.CaPoolIamMemberArgs{
CaPool: _default.ID(),
Role: pulumi.String("roles/privateca.certificateRequester"),
Member: pulumi.Sprintf("serviceAccount:service-%v@gcp-sa-memorystore.iam.gserviceaccount.com", project.Number),
})
if err != nil {
return err
}
defaultAuthority, err := certificateauthority.NewAuthority(ctx, "default", &certificateauthority.AuthorityArgs{
Pool: _default.Name,
CertificateAuthorityId: pulumi.String("ca-auth"),
Location: pulumi.String("us-central1"),
Config: &certificateauthority.AuthorityConfigArgs{
SubjectConfig: &certificateauthority.AuthorityConfigSubjectConfigArgs{
Subject: &certificateauthority.AuthorityConfigSubjectConfigSubjectArgs{
Organization: pulumi.String("Google"),
CommonName: pulumi.String("my-memorystore-ca"),
},
},
X509Config: &certificateauthority.AuthorityConfigX509ConfigArgs{
CaOptions: &certificateauthority.AuthorityConfigX509ConfigCaOptionsArgs{
IsCa: pulumi.Bool(true),
},
KeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageArgs{
BaseKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs{
CertSign: pulumi.Bool(true),
CrlSign: pulumi.Bool(true),
},
ExtendedKeyUsage: &certificateauthority.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs{
ServerAuth: pulumi.Bool(true),
},
},
},
},
KeySpec: &certificateauthority.AuthorityKeySpecArgs{
Algorithm: pulumi.String("RSA_PKCS1_4096_SHA256"),
},
IgnoreActiveCertificatesOnDeletion: pulumi.Bool(true),
DeletionProtection: pulumi.Bool(false),
SkipGracePeriod: pulumi.Bool(true),
})
if err != nil {
return err
}
producerNet, err := compute.NewNetwork(ctx, "producer_net", &compute.NetworkArgs{
Name: pulumi.String("ca-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
producerSubnet, err := compute.NewSubnetwork(ctx, "producer_subnet", &compute.SubnetworkArgs{
Name: pulumi.String("ca-subnet"),
IpCidrRange: pulumi.String("10.0.0.248/29"),
Region: pulumi.String("us-central1"),
Network: producerNet.ID(),
})
if err != nil {
return err
}
defaultServiceConnectionPolicy, err := networkconnectivity.NewServiceConnectionPolicy(ctx, "default", &networkconnectivity.ServiceConnectionPolicyArgs{
Name: pulumi.String("ca-policy"),
Location: pulumi.String("us-central1"),
ServiceClass: pulumi.String("gcp-memorystore"),
Network: producerNet.ID(),
PscConfig: &networkconnectivity.ServiceConnectionPolicyPscConfigArgs{
Subnetworks: pulumi.StringArray{
producerSubnet.ID(),
},
},
})
if err != nil {
return err
}
_, err = memorystore.NewInstance(ctx, "test-instance", &memorystore.InstanceArgs{
InstanceId: pulumi.String("ca-instance"),
ShardCount: pulumi.Int(3),
Location: pulumi.String("us-central1"),
DesiredAutoCreatedEndpoints: memorystore.InstanceDesiredAutoCreatedEndpointArray{
&memorystore.InstanceDesiredAutoCreatedEndpointArgs{
Network: producerNet.ID(),
ProjectId: pulumi.String(project.ProjectId),
},
},
TransitEncryptionMode: pulumi.String("SERVER_AUTHENTICATION"),
ServerCaMode: pulumi.String("CUSTOMER_MANAGED_CAS_CA"),
ServerCaPool: _default.ID(),
DeletionProtectionEnabled: pulumi.Bool(true),
}, pulumi.DependsOn([]pulumi.Resource{
defaultServiceConnectionPolicy,
defaultAuthority,
memorystoreP4saRequester,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var project = Gcp.Organizations.GetProject.Invoke();
var @default = new Gcp.CertificateAuthority.CaPool("default", new()
{
Name = "ca-pool",
Location = "us-central1",
Tier = "ENTERPRISE",
});
var memorystoreP4saRequester = new Gcp.CertificateAuthority.CaPoolIamMember("memorystore_p4sa_requester", new()
{
CaPool = @default.Id,
Role = "roles/privateca.certificateRequester",
Member = $"serviceAccount:service-{project.Apply(getProjectResult => getProjectResult.Number)}@gcp-sa-memorystore.iam.gserviceaccount.com",
});
var defaultAuthority = new Gcp.CertificateAuthority.Authority("default", new()
{
Pool = @default.Name,
CertificateAuthorityId = "ca-auth",
Location = "us-central1",
Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigArgs
{
SubjectConfig = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigArgs
{
Subject = new Gcp.CertificateAuthority.Inputs.AuthorityConfigSubjectConfigSubjectArgs
{
Organization = "Google",
CommonName = "my-memorystore-ca",
},
},
X509Config = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigArgs
{
CaOptions = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigCaOptionsArgs
{
IsCa = true,
},
KeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageArgs
{
BaseKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs
{
CertSign = true,
CrlSign = true,
},
ExtendedKeyUsage = new Gcp.CertificateAuthority.Inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs
{
ServerAuth = true,
},
},
},
},
KeySpec = new Gcp.CertificateAuthority.Inputs.AuthorityKeySpecArgs
{
Algorithm = "RSA_PKCS1_4096_SHA256",
},
IgnoreActiveCertificatesOnDeletion = true,
DeletionProtection = false,
SkipGracePeriod = true,
});
var producerNet = new Gcp.Compute.Network("producer_net", new()
{
Name = "ca-network",
AutoCreateSubnetworks = false,
});
var producerSubnet = new Gcp.Compute.Subnetwork("producer_subnet", new()
{
Name = "ca-subnet",
IpCidrRange = "10.0.0.248/29",
Region = "us-central1",
Network = producerNet.Id,
});
var defaultServiceConnectionPolicy = new Gcp.NetworkConnectivity.ServiceConnectionPolicy("default", new()
{
Name = "ca-policy",
Location = "us-central1",
ServiceClass = "gcp-memorystore",
Network = producerNet.Id,
PscConfig = new Gcp.NetworkConnectivity.Inputs.ServiceConnectionPolicyPscConfigArgs
{
Subnetworks = new[]
{
producerSubnet.Id,
},
},
});
var test_instance = new Gcp.MemoryStore.Instance("test-instance", new()
{
InstanceId = "ca-instance",
ShardCount = 3,
Location = "us-central1",
DesiredAutoCreatedEndpoints = new[]
{
new Gcp.MemoryStore.Inputs.InstanceDesiredAutoCreatedEndpointArgs
{
Network = producerNet.Id,
ProjectId = project.Apply(getProjectResult => getProjectResult.ProjectId),
},
},
TransitEncryptionMode = "SERVER_AUTHENTICATION",
ServerCaMode = "CUSTOMER_MANAGED_CAS_CA",
ServerCaPool = @default.Id,
DeletionProtectionEnabled = true,
}, new CustomResourceOptions
{
DependsOn =
{
defaultServiceConnectionPolicy,
defaultAuthority,
memorystoreP4saRequester,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.organizations.OrganizationsFunctions;
import com.pulumi.gcp.organizations.inputs.GetProjectArgs;
import com.pulumi.gcp.certificateauthority.CaPool;
import com.pulumi.gcp.certificateauthority.CaPoolArgs;
import com.pulumi.gcp.certificateauthority.CaPoolIamMember;
import com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;
import com.pulumi.gcp.certificateauthority.Authority;
import com.pulumi.gcp.certificateauthority.AuthorityArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigSubjectConfigSubjectArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigCaOptionsArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs;
import com.pulumi.gcp.certificateauthority.inputs.AuthorityKeySpecArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicy;
import com.pulumi.gcp.networkconnectivity.ServiceConnectionPolicyArgs;
import com.pulumi.gcp.networkconnectivity.inputs.ServiceConnectionPolicyPscConfigArgs;
import com.pulumi.gcp.memorystore.Instance;
import com.pulumi.gcp.memorystore.InstanceArgs;
import com.pulumi.gcp.memorystore.inputs.InstanceDesiredAutoCreatedEndpointArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var project = OrganizationsFunctions.getProject(GetProjectArgs.builder()
.build());
var default_ = new CaPool("default", CaPoolArgs.builder()
.name("ca-pool")
.location("us-central1")
.tier("ENTERPRISE")
.build());
var memorystoreP4saRequester = new CaPoolIamMember("memorystoreP4saRequester", CaPoolIamMemberArgs.builder()
.caPool(default_.id())
.role("roles/privateca.certificateRequester")
.member(String.format("serviceAccount:service-%s@gcp-sa-memorystore.iam.gserviceaccount.com", project.number()))
.build());
var defaultAuthority = new Authority("defaultAuthority", AuthorityArgs.builder()
.pool(default_.name())
.certificateAuthorityId("ca-auth")
.location("us-central1")
.config(AuthorityConfigArgs.builder()
.subjectConfig(AuthorityConfigSubjectConfigArgs.builder()
.subject(AuthorityConfigSubjectConfigSubjectArgs.builder()
.organization("Google")
.commonName("my-memorystore-ca")
.build())
.build())
.x509Config(AuthorityConfigX509ConfigArgs.builder()
.caOptions(AuthorityConfigX509ConfigCaOptionsArgs.builder()
.isCa(true)
.build())
.keyUsage(AuthorityConfigX509ConfigKeyUsageArgs.builder()
.baseKeyUsage(AuthorityConfigX509ConfigKeyUsageBaseKeyUsageArgs.builder()
.certSign(true)
.crlSign(true)
.build())
.extendedKeyUsage(AuthorityConfigX509ConfigKeyUsageExtendedKeyUsageArgs.builder()
.serverAuth(true)
.build())
.build())
.build())
.build())
.keySpec(AuthorityKeySpecArgs.builder()
.algorithm("RSA_PKCS1_4096_SHA256")
.build())
.ignoreActiveCertificatesOnDeletion(true)
.deletionProtection(false)
.skipGracePeriod(true)
.build());
var producerNet = new Network("producerNet", NetworkArgs.builder()
.name("ca-network")
.autoCreateSubnetworks(false)
.build());
var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder()
.name("ca-subnet")
.ipCidrRange("10.0.0.248/29")
.region("us-central1")
.network(producerNet.id())
.build());
var defaultServiceConnectionPolicy = new ServiceConnectionPolicy("defaultServiceConnectionPolicy", ServiceConnectionPolicyArgs.builder()
.name("ca-policy")
.location("us-central1")
.serviceClass("gcp-memorystore")
.network(producerNet.id())
.pscConfig(ServiceConnectionPolicyPscConfigArgs.builder()
.subnetworks(producerSubnet.id())
.build())
.build());
var test_instance = new Instance("test-instance", InstanceArgs.builder()
.instanceId("ca-instance")
.shardCount(3)
.location("us-central1")
.desiredAutoCreatedEndpoints(InstanceDesiredAutoCreatedEndpointArgs.builder()
.network(producerNet.id())
.projectId(project.projectId())
.build())
.transitEncryptionMode("SERVER_AUTHENTICATION")
.serverCaMode("CUSTOMER_MANAGED_CAS_CA")
.serverCaPool(default_.id())
.deletionProtectionEnabled(true)
.build(), CustomResourceOptions.builder()
.dependsOn(
defaultServiceConnectionPolicy,
defaultAuthority,
memorystoreP4saRequester)
.build());
}
}
resources:
test-instance:
type: gcp:memorystore:Instance
properties:
instanceId: ca-instance
shardCount: 3
location: us-central1
desiredAutoCreatedEndpoints:
- network: ${producerNet.id}
projectId: ${project.projectId}
transitEncryptionMode: SERVER_AUTHENTICATION
serverCaMode: CUSTOMER_MANAGED_CAS_CA
serverCaPool: ${default.id}
deletionProtectionEnabled: true
options:
dependsOn:
- ${defaultServiceConnectionPolicy}
- ${defaultAuthority}
- ${memorystoreP4saRequester}
default:
type: gcp:certificateauthority:CaPool
properties:
name: ca-pool
location: us-central1
tier: ENTERPRISE
memorystoreP4saRequester:
type: gcp:certificateauthority:CaPoolIamMember
name: memorystore_p4sa_requester
properties:
caPool: ${default.id}
role: roles/privateca.certificateRequester
member: serviceAccount:service-${project.number}@gcp-sa-memorystore.iam.gserviceaccount.com
defaultAuthority:
type: gcp:certificateauthority:Authority
name: default
properties:
pool: ${default.name}
certificateAuthorityId: ca-auth
location: us-central1
config:
subjectConfig:
subject:
organization: Google
commonName: my-memorystore-ca
x509Config:
caOptions:
isCa: true
keyUsage:
baseKeyUsage:
certSign: true
crlSign: true
extendedKeyUsage:
serverAuth: true
keySpec:
algorithm: RSA_PKCS1_4096_SHA256
ignoreActiveCertificatesOnDeletion: true
deletionProtection: false
skipGracePeriod: true
defaultServiceConnectionPolicy:
type: gcp:networkconnectivity:ServiceConnectionPolicy
name: default
properties:
name: ca-policy
location: us-central1
serviceClass: gcp-memorystore
network: ${producerNet.id}
pscConfig:
subnetworks:
- ${producerSubnet.id}
producerSubnet:
type: gcp:compute:Subnetwork
name: producer_subnet
properties:
name: ca-subnet
ipCidrRange: 10.0.0.248/29
region: us-central1
network: ${producerNet.id}
producerNet:
type: gcp:compute:Network
name: producer_net
properties:
name: ca-network
autoCreateSubnetworks: false
variables:
project:
fn::invoke:
function: gcp:organizations:getProject
arguments: {}
The transitEncryptionMode property enables TLS, while serverCaMode set to CUSTOMER_MANAGED_CAS_CA tells Memorystore to use your Certificate Authority instead of Google-managed certificates. The serverCaPool references a Private CA pool that issues certificates. The Memorystore service account needs the certificateRequester role on the CA pool to request certificates during instance creation.
Beyond these examples
These snippets focus on specific instance-level features: network connectivity and endpoint creation, high availability and persistence strategies, and cross-region replication and TLS encryption. They’re intentionally minimal rather than full cache deployments.
The examples rely on pre-existing infrastructure such as VPC networks, subnets, and Service Connection Policies, KMS keys for encryption at rest, and Certificate Authority pools for custom TLS. They focus on configuring the instance rather than provisioning the surrounding network and security infrastructure.
To keep things focused, common instance patterns are omitted, including:
- Automated backup configuration (automatedBackupConfig)
- Authorization modes and IAM authentication
- Engine version selection and maintenance version control
- GCS restore sources and managed backup sources
These omissions are intentional: the goal is to illustrate how each instance feature is wired, not provide drop-in cache modules. See the Memorystore Instance resource reference for all available configuration options.
Let's create GCP Memorystore Instances
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Networking & Connectivity
How do I set up networking for a Memorystore instance?
Create a
gcp.compute.Network, gcp.compute.Subnetwork, and gcp.networkconnectivity.ServiceConnectionPolicy first. Then configure desiredAutoCreatedEndpoints with the network ID and project ID. Use dependsOn to ensure the ServiceConnectionPolicy exists before creating the instance.Why is my import failing with desiredPscAutoConnections?
desiredPscAutoConnections is deprecated and pulumi import only works with desiredAutoCreatedEndpoints. Migrate to desiredAutoCreatedEndpoints for all new instances and imports.Why aren't discoveryEndpoints or pscAutoConnections populated in my outputs?
These fields are deprecated and won’t be populated when using
desiredAutoCreatedEndpoints or gcp.memorystore.InstanceDesiredUserCreatedEndpoints. Use endpoints.connections.pscConnection, endpoints.connections.pscAutoConnection, and endpoints.connections.pscAutoConnections instead.Security & Encryption
How do I enable encryption and authentication?
Set
transitEncryptionMode to SERVER_AUTHENTICATION for TLS encryption and authorizationMode to IAM_AUTH for authentication. Both are immutable after creation. For certificate authority, configure serverCaMode (defaults to GOOGLE_MANAGED_PER_INSTANCE_CA).How do I use my own certificates with CUSTOMER_MANAGED_CAS_CA?
Set
serverCaMode to CUSTOMER_MANAGED_CAS_CA and provide serverCaPool with your CA pool resource name. Grant the Memorystore service account (service-{project_number}@gcp-sa-memorystore.iam.gserviceaccount.com) the roles/privateca.certificateRequester role on the CA pool.Persistence & Backups
What's the difference between RDB and AOF persistence modes?
RDB creates periodic snapshots using
rdbConfig with rdbSnapshotPeriod (e.g., ONE_HOUR). AOF uses append-only files with aofConfig and appendFsync (e.g., EVERY_SEC). Configure the desired mode in persistenceConfig.mode.Replication & High Availability
How do I configure shards and replicas?
Set
shardCount (required) for the number of shards and replicaCount for replica nodes per shard (defaults to 0). Use zoneDistributionConfig to specify SINGLE_ZONE or multi-zone distribution.Can I create a read replica in another region?
Yes, create a secondary instance with
crossInstanceReplicationConfig.instanceRole set to SECONDARY and reference the primary instance ID in crossInstanceReplicationConfig.primaryInstance.instance.Configuration & Immutability
What properties can't I change after creating an instance?
These properties are immutable:
authorizationMode, instanceId, location, mode, project, transitEncryptionMode, zoneDistributionConfig, desiredAutoCreatedEndpoints, gcsSource, kmsKey, managedBackupSource, serverCaMode, and serverCaPool. Changing them requires recreating the instance.How does deletion protection work?
Set
deletionProtectionEnabled to true to prevent instance deletion. Deletion will fail until this is set to false.Can I downgrade my instance to an older version?
No, downgrades are not supported. The
maintenanceVersion field can only be used to upgrade to newer versions from availableMaintenanceVersions.