1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. compute
  5. ForwardingRule
Google Cloud Classic v7.18.0 published on Wednesday, Apr 10, 2024 by Pulumi

gcp.compute.ForwardingRule

Explore with Pulumi AI

gcp logo
Google Cloud Classic v7.18.0 published on Wednesday, Apr 10, 2024 by Pulumi

    A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, portRange] tuple.

    To get more information about ForwardingRule, see:

    Example Usage

    Internal Http Lb With Mig Backend

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    // Internal HTTP load balancer with a managed instance group backend
    // VPC network
    const ilbNetwork = new gcp.compute.Network("ilb_network", {
        name: "l7-ilb-network",
        autoCreateSubnetworks: false,
    });
    // proxy-only subnet
    const proxySubnet = new gcp.compute.Subnetwork("proxy_subnet", {
        name: "l7-ilb-proxy-subnet",
        ipCidrRange: "10.0.0.0/24",
        region: "europe-west1",
        purpose: "REGIONAL_MANAGED_PROXY",
        role: "ACTIVE",
        network: ilbNetwork.id,
    });
    // backend subnet
    const ilbSubnet = new gcp.compute.Subnetwork("ilb_subnet", {
        name: "l7-ilb-subnet",
        ipCidrRange: "10.0.1.0/24",
        region: "europe-west1",
        network: ilbNetwork.id,
    });
    // health check
    const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
        name: "l7-ilb-hc",
        region: "europe-west1",
        httpHealthCheck: {
            portSpecification: "USE_SERVING_PORT",
        },
    });
    // instance template
    const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
        networkInterfaces: [{
            accessConfigs: [{}],
            network: ilbNetwork.id,
            subnetwork: ilbSubnet.id,
        }],
        name: "l7-ilb-mig-template",
        machineType: "e2-small",
        tags: ["http-server"],
        disks: [{
            sourceImage: "debian-cloud/debian-10",
            autoDelete: true,
            boot: true,
        }],
        metadata: {
            "startup-script": `#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    `,
        },
    });
    // MIG
    const mig = new gcp.compute.RegionInstanceGroupManager("mig", {
        name: "l7-ilb-mig1",
        region: "europe-west1",
        versions: [{
            instanceTemplate: instanceTemplate.id,
            name: "primary",
        }],
        baseInstanceName: "vm",
        targetSize: 2,
    });
    // backend service
    const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", {
        name: "l7-ilb-backend-subnet",
        region: "europe-west1",
        protocol: "HTTP",
        loadBalancingScheme: "INTERNAL_MANAGED",
        timeoutSec: 10,
        healthChecks: defaultRegionHealthCheck.id,
        backends: [{
            group: mig.instanceGroup,
            balancingMode: "UTILIZATION",
            capacityScaler: 1,
        }],
    });
    // URL map
    const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", {
        name: "l7-ilb-regional-url-map",
        region: "europe-west1",
        defaultService: defaultRegionBackendService.id,
    });
    // HTTP target proxy
    const _default = new gcp.compute.RegionTargetHttpProxy("default", {
        name: "l7-ilb-target-http-proxy",
        region: "europe-west1",
        urlMap: defaultRegionUrlMap.id,
    });
    // forwarding rule
    const googleComputeForwardingRule = new gcp.compute.ForwardingRule("google_compute_forwarding_rule", {
        name: "l7-ilb-forwarding-rule",
        region: "europe-west1",
        ipProtocol: "TCP",
        loadBalancingScheme: "INTERNAL_MANAGED",
        portRange: "80",
        target: _default.id,
        network: ilbNetwork.id,
        subnetwork: ilbSubnet.id,
        networkTier: "PREMIUM",
    });
    // allow all access from IAP and health check ranges
    const fw_iap = new gcp.compute.Firewall("fw-iap", {
        name: "l7-ilb-fw-allow-iap-hc",
        direction: "INGRESS",
        network: ilbNetwork.id,
        sourceRanges: [
            "130.211.0.0/22",
            "35.191.0.0/16",
            "35.235.240.0/20",
        ],
        allows: [{
            protocol: "tcp",
        }],
    });
    // allow http from proxy subnet to backends
    const fw_ilb_to_backends = new gcp.compute.Firewall("fw-ilb-to-backends", {
        name: "l7-ilb-fw-allow-ilb-to-backends",
        direction: "INGRESS",
        network: ilbNetwork.id,
        sourceRanges: ["10.0.0.0/24"],
        targetTags: ["http-server"],
        allows: [{
            protocol: "tcp",
            ports: [
                "80",
                "443",
                "8080",
            ],
        }],
    });
    // test instance
    const vm_test = new gcp.compute.Instance("vm-test", {
        name: "l7-ilb-test-vm",
        zone: "europe-west1-b",
        machineType: "e2-small",
        networkInterfaces: [{
            network: ilbNetwork.id,
            subnetwork: ilbSubnet.id,
        }],
        bootDisk: {
            initializeParams: {
                image: "debian-cloud/debian-10",
            },
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    # Internal HTTP load balancer with a managed instance group backend
    # VPC network
    ilb_network = gcp.compute.Network("ilb_network",
        name="l7-ilb-network",
        auto_create_subnetworks=False)
    # proxy-only subnet
    proxy_subnet = gcp.compute.Subnetwork("proxy_subnet",
        name="l7-ilb-proxy-subnet",
        ip_cidr_range="10.0.0.0/24",
        region="europe-west1",
        purpose="REGIONAL_MANAGED_PROXY",
        role="ACTIVE",
        network=ilb_network.id)
    # backend subnet
    ilb_subnet = gcp.compute.Subnetwork("ilb_subnet",
        name="l7-ilb-subnet",
        ip_cidr_range="10.0.1.0/24",
        region="europe-west1",
        network=ilb_network.id)
    # health check
    default_region_health_check = gcp.compute.RegionHealthCheck("default",
        name="l7-ilb-hc",
        region="europe-west1",
        http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
            port_specification="USE_SERVING_PORT",
        ))
    # instance template
    instance_template = gcp.compute.InstanceTemplate("instance_template",
        network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
            access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
            network=ilb_network.id,
            subnetwork=ilb_subnet.id,
        )],
        name="l7-ilb-mig-template",
        machine_type="e2-small",
        tags=["http-server"],
        disks=[gcp.compute.InstanceTemplateDiskArgs(
            source_image="debian-cloud/debian-10",
            auto_delete=True,
            boot=True,
        )],
        metadata={
            "startup-script": """#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    """,
        })
    # MIG
    mig = gcp.compute.RegionInstanceGroupManager("mig",
        name="l7-ilb-mig1",
        region="europe-west1",
        versions=[gcp.compute.RegionInstanceGroupManagerVersionArgs(
            instance_template=instance_template.id,
            name="primary",
        )],
        base_instance_name="vm",
        target_size=2)
    # backend service
    default_region_backend_service = gcp.compute.RegionBackendService("default",
        name="l7-ilb-backend-subnet",
        region="europe-west1",
        protocol="HTTP",
        load_balancing_scheme="INTERNAL_MANAGED",
        timeout_sec=10,
        health_checks=default_region_health_check.id,
        backends=[gcp.compute.RegionBackendServiceBackendArgs(
            group=mig.instance_group,
            balancing_mode="UTILIZATION",
            capacity_scaler=1,
        )])
    # URL map
    default_region_url_map = gcp.compute.RegionUrlMap("default",
        name="l7-ilb-regional-url-map",
        region="europe-west1",
        default_service=default_region_backend_service.id)
    # HTTP target proxy
    default = gcp.compute.RegionTargetHttpProxy("default",
        name="l7-ilb-target-http-proxy",
        region="europe-west1",
        url_map=default_region_url_map.id)
    # forwarding rule
    google_compute_forwarding_rule = gcp.compute.ForwardingRule("google_compute_forwarding_rule",
        name="l7-ilb-forwarding-rule",
        region="europe-west1",
        ip_protocol="TCP",
        load_balancing_scheme="INTERNAL_MANAGED",
        port_range="80",
        target=default.id,
        network=ilb_network.id,
        subnetwork=ilb_subnet.id,
        network_tier="PREMIUM")
    # allow all access from IAP and health check ranges
    fw_iap = gcp.compute.Firewall("fw-iap",
        name="l7-ilb-fw-allow-iap-hc",
        direction="INGRESS",
        network=ilb_network.id,
        source_ranges=[
            "130.211.0.0/22",
            "35.191.0.0/16",
            "35.235.240.0/20",
        ],
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
        )])
    # allow http from proxy subnet to backends
    fw_ilb_to_backends = gcp.compute.Firewall("fw-ilb-to-backends",
        name="l7-ilb-fw-allow-ilb-to-backends",
        direction="INGRESS",
        network=ilb_network.id,
        source_ranges=["10.0.0.0/24"],
        target_tags=["http-server"],
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
            ports=[
                "80",
                "443",
                "8080",
            ],
        )])
    # test instance
    vm_test = gcp.compute.Instance("vm-test",
        name="l7-ilb-test-vm",
        zone="europe-west1-b",
        machine_type="e2-small",
        network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs(
            network=ilb_network.id,
            subnetwork=ilb_subnet.id,
        )],
        boot_disk=gcp.compute.InstanceBootDiskArgs(
            initialize_params=gcp.compute.InstanceBootDiskInitializeParamsArgs(
                image="debian-cloud/debian-10",
            ),
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// Internal HTTP load balancer with a managed instance group backend
    		// VPC network
    		ilbNetwork, err := compute.NewNetwork(ctx, "ilb_network", &compute.NetworkArgs{
    			Name:                  pulumi.String("l7-ilb-network"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		// proxy-only subnet
    		_, err = compute.NewSubnetwork(ctx, "proxy_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("l7-ilb-proxy-subnet"),
    			IpCidrRange: pulumi.String("10.0.0.0/24"),
    			Region:      pulumi.String("europe-west1"),
    			Purpose:     pulumi.String("REGIONAL_MANAGED_PROXY"),
    			Role:        pulumi.String("ACTIVE"),
    			Network:     ilbNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// backend subnet
    		ilbSubnet, err := compute.NewSubnetwork(ctx, "ilb_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("l7-ilb-subnet"),
    			IpCidrRange: pulumi.String("10.0.1.0/24"),
    			Region:      pulumi.String("europe-west1"),
    			Network:     ilbNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// health check
    		defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
    			Name:   pulumi.String("l7-ilb-hc"),
    			Region: pulumi.String("europe-west1"),
    			HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
    				PortSpecification: pulumi.String("USE_SERVING_PORT"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// instance template
    		instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
    			NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
    				&compute.InstanceTemplateNetworkInterfaceArgs{
    					AccessConfigs: compute.InstanceTemplateNetworkInterfaceAccessConfigArray{
    						nil,
    					},
    					Network:    ilbNetwork.ID(),
    					Subnetwork: ilbSubnet.ID(),
    				},
    			},
    			Name:        pulumi.String("l7-ilb-mig-template"),
    			MachineType: pulumi.String("e2-small"),
    			Tags: pulumi.StringArray{
    				pulumi.String("http-server"),
    			},
    			Disks: compute.InstanceTemplateDiskArray{
    				&compute.InstanceTemplateDiskArgs{
    					SourceImage: pulumi.String("debian-cloud/debian-10"),
    					AutoDelete:  pulumi.Bool(true),
    					Boot:        pulumi.Bool(true),
    				},
    			},
    			Metadata: pulumi.Map{
    				"startup-script": pulumi.Any(`#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    `),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// MIG
    		mig, err := compute.NewRegionInstanceGroupManager(ctx, "mig", &compute.RegionInstanceGroupManagerArgs{
    			Name:   pulumi.String("l7-ilb-mig1"),
    			Region: pulumi.String("europe-west1"),
    			Versions: compute.RegionInstanceGroupManagerVersionArray{
    				&compute.RegionInstanceGroupManagerVersionArgs{
    					InstanceTemplate: instanceTemplate.ID(),
    					Name:             pulumi.String("primary"),
    				},
    			},
    			BaseInstanceName: pulumi.String("vm"),
    			TargetSize:       pulumi.Int(2),
    		})
    		if err != nil {
    			return err
    		}
    		// backend service
    		defaultRegionBackendService, err := compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
    			Name:                pulumi.String("l7-ilb-backend-subnet"),
    			Region:              pulumi.String("europe-west1"),
    			Protocol:            pulumi.String("HTTP"),
    			LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    			TimeoutSec:          pulumi.Int(10),
    			HealthChecks:        defaultRegionHealthCheck.ID(),
    			Backends: compute.RegionBackendServiceBackendArray{
    				&compute.RegionBackendServiceBackendArgs{
    					Group:          mig.InstanceGroup,
    					BalancingMode:  pulumi.String("UTILIZATION"),
    					CapacityScaler: pulumi.Float64(1),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// URL map
    		defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{
    			Name:           pulumi.String("l7-ilb-regional-url-map"),
    			Region:         pulumi.String("europe-west1"),
    			DefaultService: defaultRegionBackendService.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// HTTP target proxy
    		_, err = compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{
    			Name:   pulumi.String("l7-ilb-target-http-proxy"),
    			Region: pulumi.String("europe-west1"),
    			UrlMap: defaultRegionUrlMap.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// forwarding rule
    		_, err = compute.NewForwardingRule(ctx, "google_compute_forwarding_rule", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("l7-ilb-forwarding-rule"),
    			Region:              pulumi.String("europe-west1"),
    			IpProtocol:          pulumi.String("TCP"),
    			LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    			PortRange:           pulumi.String("80"),
    			Target:              _default.ID(),
    			Network:             ilbNetwork.ID(),
    			Subnetwork:          ilbSubnet.ID(),
    			NetworkTier:         pulumi.String("PREMIUM"),
    		})
    		if err != nil {
    			return err
    		}
    		// allow all access from IAP and health check ranges
    		_, err = compute.NewFirewall(ctx, "fw-iap", &compute.FirewallArgs{
    			Name:      pulumi.String("l7-ilb-fw-allow-iap-hc"),
    			Direction: pulumi.String("INGRESS"),
    			Network:   ilbNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("130.211.0.0/22"),
    				pulumi.String("35.191.0.0/16"),
    				pulumi.String("35.235.240.0/20"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// allow http from proxy subnet to backends
    		_, err = compute.NewFirewall(ctx, "fw-ilb-to-backends", &compute.FirewallArgs{
    			Name:      pulumi.String("l7-ilb-fw-allow-ilb-to-backends"),
    			Direction: pulumi.String("INGRESS"),
    			Network:   ilbNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.0.0.0/24"),
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("http-server"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("80"),
    						pulumi.String("443"),
    						pulumi.String("8080"),
    					},
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// test instance
    		_, err = compute.NewInstance(ctx, "vm-test", &compute.InstanceArgs{
    			Name:        pulumi.String("l7-ilb-test-vm"),
    			Zone:        pulumi.String("europe-west1-b"),
    			MachineType: pulumi.String("e2-small"),
    			NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
    				&compute.InstanceNetworkInterfaceArgs{
    					Network:    ilbNetwork.ID(),
    					Subnetwork: ilbSubnet.ID(),
    				},
    			},
    			BootDisk: &compute.InstanceBootDiskArgs{
    				InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
    					Image: pulumi.String("debian-cloud/debian-10"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        // Internal HTTP load balancer with a managed instance group backend
        // VPC network
        var ilbNetwork = new Gcp.Compute.Network("ilb_network", new()
        {
            Name = "l7-ilb-network",
            AutoCreateSubnetworks = false,
        });
    
        // proxy-only subnet
        var proxySubnet = new Gcp.Compute.Subnetwork("proxy_subnet", new()
        {
            Name = "l7-ilb-proxy-subnet",
            IpCidrRange = "10.0.0.0/24",
            Region = "europe-west1",
            Purpose = "REGIONAL_MANAGED_PROXY",
            Role = "ACTIVE",
            Network = ilbNetwork.Id,
        });
    
        // backend subnet
        var ilbSubnet = new Gcp.Compute.Subnetwork("ilb_subnet", new()
        {
            Name = "l7-ilb-subnet",
            IpCidrRange = "10.0.1.0/24",
            Region = "europe-west1",
            Network = ilbNetwork.Id,
        });
    
        // health check
        var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
        {
            Name = "l7-ilb-hc",
            Region = "europe-west1",
            HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
            {
                PortSpecification = "USE_SERVING_PORT",
            },
        });
    
        // instance template
        var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
        {
            NetworkInterfaces = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
                {
                    AccessConfigs = new[]
                    {
                        null,
                    },
                    Network = ilbNetwork.Id,
                    Subnetwork = ilbSubnet.Id,
                },
            },
            Name = "l7-ilb-mig-template",
            MachineType = "e2-small",
            Tags = new[]
            {
                "http-server",
            },
            Disks = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
                {
                    SourceImage = "debian-cloud/debian-10",
                    AutoDelete = true,
                    Boot = true,
                },
            },
            Metadata = 
            {
                { "startup-script", @"#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/hostname"")
    IP=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip"")
    METADATA=$(curl -f -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True"" | jq 'del(.[""startup-script""])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    " },
            },
        });
    
        // MIG
        var mig = new Gcp.Compute.RegionInstanceGroupManager("mig", new()
        {
            Name = "l7-ilb-mig1",
            Region = "europe-west1",
            Versions = new[]
            {
                new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs
                {
                    InstanceTemplate = instanceTemplate.Id,
                    Name = "primary",
                },
            },
            BaseInstanceName = "vm",
            TargetSize = 2,
        });
    
        // backend service
        var defaultRegionBackendService = new Gcp.Compute.RegionBackendService("default", new()
        {
            Name = "l7-ilb-backend-subnet",
            Region = "europe-west1",
            Protocol = "HTTP",
            LoadBalancingScheme = "INTERNAL_MANAGED",
            TimeoutSec = 10,
            HealthChecks = defaultRegionHealthCheck.Id,
            Backends = new[]
            {
                new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs
                {
                    Group = mig.InstanceGroup,
                    BalancingMode = "UTILIZATION",
                    CapacityScaler = 1,
                },
            },
        });
    
        // URL map
        var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new()
        {
            Name = "l7-ilb-regional-url-map",
            Region = "europe-west1",
            DefaultService = defaultRegionBackendService.Id,
        });
    
        // HTTP target proxy
        var @default = new Gcp.Compute.RegionTargetHttpProxy("default", new()
        {
            Name = "l7-ilb-target-http-proxy",
            Region = "europe-west1",
            UrlMap = defaultRegionUrlMap.Id,
        });
    
        // forwarding rule
        var googleComputeForwardingRule = new Gcp.Compute.ForwardingRule("google_compute_forwarding_rule", new()
        {
            Name = "l7-ilb-forwarding-rule",
            Region = "europe-west1",
            IpProtocol = "TCP",
            LoadBalancingScheme = "INTERNAL_MANAGED",
            PortRange = "80",
            Target = @default.Id,
            Network = ilbNetwork.Id,
            Subnetwork = ilbSubnet.Id,
            NetworkTier = "PREMIUM",
        });
    
        // allow all access from IAP and health check ranges
        var fw_iap = new Gcp.Compute.Firewall("fw-iap", new()
        {
            Name = "l7-ilb-fw-allow-iap-hc",
            Direction = "INGRESS",
            Network = ilbNetwork.Id,
            SourceRanges = new[]
            {
                "130.211.0.0/22",
                "35.191.0.0/16",
                "35.235.240.0/20",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
            },
        });
    
        // allow http from proxy subnet to backends
        var fw_ilb_to_backends = new Gcp.Compute.Firewall("fw-ilb-to-backends", new()
        {
            Name = "l7-ilb-fw-allow-ilb-to-backends",
            Direction = "INGRESS",
            Network = ilbNetwork.Id,
            SourceRanges = new[]
            {
                "10.0.0.0/24",
            },
            TargetTags = new[]
            {
                "http-server",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "80",
                        "443",
                        "8080",
                    },
                },
            },
        });
    
        // test instance
        var vm_test = new Gcp.Compute.Instance("vm-test", new()
        {
            Name = "l7-ilb-test-vm",
            Zone = "europe-west1-b",
            MachineType = "e2-small",
            NetworkInterfaces = new[]
            {
                new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
                {
                    Network = ilbNetwork.Id,
                    Subnetwork = ilbSubnet.Id,
                },
            },
            BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
            {
                InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
                {
                    Image = "debian-cloud/debian-10",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.InstanceTemplate;
    import com.pulumi.gcp.compute.InstanceTemplateArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
    import com.pulumi.gcp.compute.RegionInstanceGroupManager;
    import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
    import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
    import com.pulumi.gcp.compute.RegionUrlMap;
    import com.pulumi.gcp.compute.RegionUrlMapArgs;
    import com.pulumi.gcp.compute.RegionTargetHttpProxy;
    import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.Firewall;
    import com.pulumi.gcp.compute.FirewallArgs;
    import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
    import com.pulumi.gcp.compute.Instance;
    import com.pulumi.gcp.compute.InstanceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
    import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // Internal HTTP load balancer with a managed instance group backend
            // VPC network
            var ilbNetwork = new Network("ilbNetwork", NetworkArgs.builder()        
                .name("l7-ilb-network")
                .autoCreateSubnetworks(false)
                .build());
    
            // proxy-only subnet
            var proxySubnet = new Subnetwork("proxySubnet", SubnetworkArgs.builder()        
                .name("l7-ilb-proxy-subnet")
                .ipCidrRange("10.0.0.0/24")
                .region("europe-west1")
                .purpose("REGIONAL_MANAGED_PROXY")
                .role("ACTIVE")
                .network(ilbNetwork.id())
                .build());
    
            // backend subnet
            var ilbSubnet = new Subnetwork("ilbSubnet", SubnetworkArgs.builder()        
                .name("l7-ilb-subnet")
                .ipCidrRange("10.0.1.0/24")
                .region("europe-west1")
                .network(ilbNetwork.id())
                .build());
    
            // health check
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
                .name("l7-ilb-hc")
                .region("europe-west1")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .portSpecification("USE_SERVING_PORT")
                    .build())
                .build());
    
            // instance template
            var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
                .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                    .accessConfigs()
                    .network(ilbNetwork.id())
                    .subnetwork(ilbSubnet.id())
                    .build())
                .name("l7-ilb-mig-template")
                .machineType("e2-small")
                .tags("http-server")
                .disks(InstanceTemplateDiskArgs.builder()
                    .sourceImage("debian-cloud/debian-10")
                    .autoDelete(true)
                    .boot(true)
                    .build())
                .metadata(Map.of("startup-script", """
    #! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
                """))
                .build());
    
            // MIG
            var mig = new RegionInstanceGroupManager("mig", RegionInstanceGroupManagerArgs.builder()        
                .name("l7-ilb-mig1")
                .region("europe-west1")
                .versions(RegionInstanceGroupManagerVersionArgs.builder()
                    .instanceTemplate(instanceTemplate.id())
                    .name("primary")
                    .build())
                .baseInstanceName("vm")
                .targetSize(2)
                .build());
    
            // backend service
            var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()        
                .name("l7-ilb-backend-subnet")
                .region("europe-west1")
                .protocol("HTTP")
                .loadBalancingScheme("INTERNAL_MANAGED")
                .timeoutSec(10)
                .healthChecks(defaultRegionHealthCheck.id())
                .backends(RegionBackendServiceBackendArgs.builder()
                    .group(mig.instanceGroup())
                    .balancingMode("UTILIZATION")
                    .capacityScaler(1)
                    .build())
                .build());
    
            // URL map
            var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()        
                .name("l7-ilb-regional-url-map")
                .region("europe-west1")
                .defaultService(defaultRegionBackendService.id())
                .build());
    
            // HTTP target proxy
            var default_ = new RegionTargetHttpProxy("default", RegionTargetHttpProxyArgs.builder()        
                .name("l7-ilb-target-http-proxy")
                .region("europe-west1")
                .urlMap(defaultRegionUrlMap.id())
                .build());
    
            // forwarding rule
            var googleComputeForwardingRule = new ForwardingRule("googleComputeForwardingRule", ForwardingRuleArgs.builder()        
                .name("l7-ilb-forwarding-rule")
                .region("europe-west1")
                .ipProtocol("TCP")
                .loadBalancingScheme("INTERNAL_MANAGED")
                .portRange("80")
                .target(default_.id())
                .network(ilbNetwork.id())
                .subnetwork(ilbSubnet.id())
                .networkTier("PREMIUM")
                .build());
    
            // allow all access from IAP and health check ranges
            var fw_iap = new Firewall("fw-iap", FirewallArgs.builder()        
                .name("l7-ilb-fw-allow-iap-hc")
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .sourceRanges(            
                    "130.211.0.0/22",
                    "35.191.0.0/16",
                    "35.235.240.0/20")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build())
                .build());
    
            // allow http from proxy subnet to backends
            var fw_ilb_to_backends = new Firewall("fw-ilb-to-backends", FirewallArgs.builder()        
                .name("l7-ilb-fw-allow-ilb-to-backends")
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .sourceRanges("10.0.0.0/24")
                .targetTags("http-server")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports(                
                        "80",
                        "443",
                        "8080")
                    .build())
                .build());
    
            // test instance
            var vm_test = new Instance("vm-test", InstanceArgs.builder()        
                .name("l7-ilb-test-vm")
                .zone("europe-west1-b")
                .machineType("e2-small")
                .networkInterfaces(InstanceNetworkInterfaceArgs.builder()
                    .network(ilbNetwork.id())
                    .subnetwork(ilbSubnet.id())
                    .build())
                .bootDisk(InstanceBootDiskArgs.builder()
                    .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
                        .image("debian-cloud/debian-10")
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      # Internal HTTP load balancer with a managed instance group backend
    
      # VPC network
      ilbNetwork:
        type: gcp:compute:Network
        name: ilb_network
        properties:
          name: l7-ilb-network
          autoCreateSubnetworks: false
      # proxy-only subnet
      proxySubnet:
        type: gcp:compute:Subnetwork
        name: proxy_subnet
        properties:
          name: l7-ilb-proxy-subnet
          ipCidrRange: 10.0.0.0/24
          region: europe-west1
          purpose: REGIONAL_MANAGED_PROXY
          role: ACTIVE
          network: ${ilbNetwork.id}
      # backend subnet
      ilbSubnet:
        type: gcp:compute:Subnetwork
        name: ilb_subnet
        properties:
          name: l7-ilb-subnet
          ipCidrRange: 10.0.1.0/24
          region: europe-west1
          network: ${ilbNetwork.id}
      # forwarding rule
      googleComputeForwardingRule:
        type: gcp:compute:ForwardingRule
        name: google_compute_forwarding_rule
        properties:
          name: l7-ilb-forwarding-rule
          region: europe-west1
          ipProtocol: TCP
          loadBalancingScheme: INTERNAL_MANAGED
          portRange: '80'
          target: ${default.id}
          network: ${ilbNetwork.id}
          subnetwork: ${ilbSubnet.id}
          networkTier: PREMIUM
      # HTTP target proxy
      default:
        type: gcp:compute:RegionTargetHttpProxy
        properties:
          name: l7-ilb-target-http-proxy
          region: europe-west1
          urlMap: ${defaultRegionUrlMap.id}
      # URL map
      defaultRegionUrlMap:
        type: gcp:compute:RegionUrlMap
        name: default
        properties:
          name: l7-ilb-regional-url-map
          region: europe-west1
          defaultService: ${defaultRegionBackendService.id}
      # backend service
      defaultRegionBackendService:
        type: gcp:compute:RegionBackendService
        name: default
        properties:
          name: l7-ilb-backend-subnet
          region: europe-west1
          protocol: HTTP
          loadBalancingScheme: INTERNAL_MANAGED
          timeoutSec: 10
          healthChecks: ${defaultRegionHealthCheck.id}
          backends:
            - group: ${mig.instanceGroup}
              balancingMode: UTILIZATION
              capacityScaler: 1
      # instance template
      instanceTemplate:
        type: gcp:compute:InstanceTemplate
        name: instance_template
        properties:
          networkInterfaces:
            - accessConfigs:
                - {}
              network: ${ilbNetwork.id}
              subnetwork: ${ilbSubnet.id}
          name: l7-ilb-mig-template
          machineType: e2-small
          tags:
            - http-server
          disks:
            - sourceImage: debian-cloud/debian-10
              autoDelete: true
              boot: true
          metadata:
            startup-script: |
              #! /bin/bash
              set -euo pipefail
    
              export DEBIAN_FRONTEND=noninteractive
              apt-get update
              apt-get install -y nginx-light jq
    
              NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
              IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
              METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
              cat <<EOF > /var/www/html/index.html
              <pre>
              Name: $NAME
              IP: $IP
              Metadata: $METADATA
              </pre>
              EOF          
      # health check
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        name: default
        properties:
          name: l7-ilb-hc
          region: europe-west1
          httpHealthCheck:
            portSpecification: USE_SERVING_PORT
      # MIG
      mig:
        type: gcp:compute:RegionInstanceGroupManager
        properties:
          name: l7-ilb-mig1
          region: europe-west1
          versions:
            - instanceTemplate: ${instanceTemplate.id}
              name: primary
          baseInstanceName: vm
          targetSize: 2
      # allow all access from IAP and health check ranges
      fw-iap:
        type: gcp:compute:Firewall
        properties:
          name: l7-ilb-fw-allow-iap-hc
          direction: INGRESS
          network: ${ilbNetwork.id}
          sourceRanges:
            - 130.211.0.0/22
            - 35.191.0.0/16
            - 35.235.240.0/20
          allows:
            - protocol: tcp
      # allow http from proxy subnet to backends
      fw-ilb-to-backends:
        type: gcp:compute:Firewall
        properties:
          name: l7-ilb-fw-allow-ilb-to-backends
          direction: INGRESS
          network: ${ilbNetwork.id}
          sourceRanges:
            - 10.0.0.0/24
          targetTags:
            - http-server
          allows:
            - protocol: tcp
              ports:
                - '80'
                - '443'
                - '8080'
      # test instance
      vm-test:
        type: gcp:compute:Instance
        properties:
          name: l7-ilb-test-vm
          zone: europe-west1-b
          machineType: e2-small
          networkInterfaces:
            - network: ${ilbNetwork.id}
              subnetwork: ${ilbSubnet.id}
          bootDisk:
            initializeParams:
              image: debian-cloud/debian-10
    

    Internal Tcp Udp Lb With Mig Backend

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    // Internal TCP/UDP load balancer with a managed instance group backend
    // VPC
    const ilbNetwork = new gcp.compute.Network("ilb_network", {
        name: "l4-ilb-network",
        autoCreateSubnetworks: false,
    });
    // backed subnet
    const ilbSubnet = new gcp.compute.Subnetwork("ilb_subnet", {
        name: "l4-ilb-subnet",
        ipCidrRange: "10.0.1.0/24",
        region: "europe-west1",
        network: ilbNetwork.id,
    });
    // health check
    const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
        name: "l4-ilb-hc",
        region: "europe-west1",
        httpHealthCheck: {
            port: 80,
        },
    });
    // instance template
    const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
        networkInterfaces: [{
            accessConfigs: [{}],
            network: ilbNetwork.id,
            subnetwork: ilbSubnet.id,
        }],
        name: "l4-ilb-mig-template",
        machineType: "e2-small",
        tags: [
            "allow-ssh",
            "allow-health-check",
        ],
        disks: [{
            sourceImage: "debian-cloud/debian-10",
            autoDelete: true,
            boot: true,
        }],
        metadata: {
            "startup-script": `#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    `,
        },
    });
    // MIG
    const mig = new gcp.compute.RegionInstanceGroupManager("mig", {
        name: "l4-ilb-mig1",
        region: "europe-west1",
        versions: [{
            instanceTemplate: instanceTemplate.id,
            name: "primary",
        }],
        baseInstanceName: "vm",
        targetSize: 2,
    });
    // backend service
    const _default = new gcp.compute.RegionBackendService("default", {
        name: "l4-ilb-backend-subnet",
        region: "europe-west1",
        protocol: "TCP",
        loadBalancingScheme: "INTERNAL",
        healthChecks: defaultRegionHealthCheck.id,
        backends: [{
            group: mig.instanceGroup,
            balancingMode: "CONNECTION",
        }],
    });
    // forwarding rule
    const googleComputeForwardingRule = new gcp.compute.ForwardingRule("google_compute_forwarding_rule", {
        name: "l4-ilb-forwarding-rule",
        backendService: _default.id,
        region: "europe-west1",
        ipProtocol: "TCP",
        loadBalancingScheme: "INTERNAL",
        allPorts: true,
        allowGlobalAccess: true,
        network: ilbNetwork.id,
        subnetwork: ilbSubnet.id,
    });
    // allow all access from health check ranges
    const fwHc = new gcp.compute.Firewall("fw_hc", {
        name: "l4-ilb-fw-allow-hc",
        direction: "INGRESS",
        network: ilbNetwork.id,
        sourceRanges: [
            "130.211.0.0/22",
            "35.191.0.0/16",
            "35.235.240.0/20",
        ],
        allows: [{
            protocol: "tcp",
        }],
        targetTags: ["allow-health-check"],
    });
    // allow communication within the subnet 
    const fwIlbToBackends = new gcp.compute.Firewall("fw_ilb_to_backends", {
        name: "l4-ilb-fw-allow-ilb-to-backends",
        direction: "INGRESS",
        network: ilbNetwork.id,
        sourceRanges: ["10.0.1.0/24"],
        allows: [
            {
                protocol: "tcp",
            },
            {
                protocol: "udp",
            },
            {
                protocol: "icmp",
            },
        ],
    });
    // allow SSH
    const fwIlbSsh = new gcp.compute.Firewall("fw_ilb_ssh", {
        name: "l4-ilb-fw-ssh",
        direction: "INGRESS",
        network: ilbNetwork.id,
        allows: [{
            protocol: "tcp",
            ports: ["22"],
        }],
        targetTags: ["allow-ssh"],
        sourceRanges: ["0.0.0.0/0"],
    });
    // test instance
    const vmTest = new gcp.compute.Instance("vm_test", {
        name: "l4-ilb-test-vm",
        zone: "europe-west1-b",
        machineType: "e2-small",
        networkInterfaces: [{
            network: ilbNetwork.id,
            subnetwork: ilbSubnet.id,
        }],
        bootDisk: {
            initializeParams: {
                image: "debian-cloud/debian-10",
            },
        },
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    # Internal TCP/UDP load balancer with a managed instance group backend
    # VPC
    ilb_network = gcp.compute.Network("ilb_network",
        name="l4-ilb-network",
        auto_create_subnetworks=False)
    # backed subnet
    ilb_subnet = gcp.compute.Subnetwork("ilb_subnet",
        name="l4-ilb-subnet",
        ip_cidr_range="10.0.1.0/24",
        region="europe-west1",
        network=ilb_network.id)
    # health check
    default_region_health_check = gcp.compute.RegionHealthCheck("default",
        name="l4-ilb-hc",
        region="europe-west1",
        http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
            port=80,
        ))
    # instance template
    instance_template = gcp.compute.InstanceTemplate("instance_template",
        network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
            access_configs=[gcp.compute.InstanceTemplateNetworkInterfaceAccessConfigArgs()],
            network=ilb_network.id,
            subnetwork=ilb_subnet.id,
        )],
        name="l4-ilb-mig-template",
        machine_type="e2-small",
        tags=[
            "allow-ssh",
            "allow-health-check",
        ],
        disks=[gcp.compute.InstanceTemplateDiskArgs(
            source_image="debian-cloud/debian-10",
            auto_delete=True,
            boot=True,
        )],
        metadata={
            "startup-script": """#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    """,
        })
    # MIG
    mig = gcp.compute.RegionInstanceGroupManager("mig",
        name="l4-ilb-mig1",
        region="europe-west1",
        versions=[gcp.compute.RegionInstanceGroupManagerVersionArgs(
            instance_template=instance_template.id,
            name="primary",
        )],
        base_instance_name="vm",
        target_size=2)
    # backend service
    default = gcp.compute.RegionBackendService("default",
        name="l4-ilb-backend-subnet",
        region="europe-west1",
        protocol="TCP",
        load_balancing_scheme="INTERNAL",
        health_checks=default_region_health_check.id,
        backends=[gcp.compute.RegionBackendServiceBackendArgs(
            group=mig.instance_group,
            balancing_mode="CONNECTION",
        )])
    # forwarding rule
    google_compute_forwarding_rule = gcp.compute.ForwardingRule("google_compute_forwarding_rule",
        name="l4-ilb-forwarding-rule",
        backend_service=default.id,
        region="europe-west1",
        ip_protocol="TCP",
        load_balancing_scheme="INTERNAL",
        all_ports=True,
        allow_global_access=True,
        network=ilb_network.id,
        subnetwork=ilb_subnet.id)
    # allow all access from health check ranges
    fw_hc = gcp.compute.Firewall("fw_hc",
        name="l4-ilb-fw-allow-hc",
        direction="INGRESS",
        network=ilb_network.id,
        source_ranges=[
            "130.211.0.0/22",
            "35.191.0.0/16",
            "35.235.240.0/20",
        ],
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
        )],
        target_tags=["allow-health-check"])
    # allow communication within the subnet 
    fw_ilb_to_backends = gcp.compute.Firewall("fw_ilb_to_backends",
        name="l4-ilb-fw-allow-ilb-to-backends",
        direction="INGRESS",
        network=ilb_network.id,
        source_ranges=["10.0.1.0/24"],
        allows=[
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="udp",
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="icmp",
            ),
        ])
    # allow SSH
    fw_ilb_ssh = gcp.compute.Firewall("fw_ilb_ssh",
        name="l4-ilb-fw-ssh",
        direction="INGRESS",
        network=ilb_network.id,
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
            ports=["22"],
        )],
        target_tags=["allow-ssh"],
        source_ranges=["0.0.0.0/0"])
    # test instance
    vm_test = gcp.compute.Instance("vm_test",
        name="l4-ilb-test-vm",
        zone="europe-west1-b",
        machine_type="e2-small",
        network_interfaces=[gcp.compute.InstanceNetworkInterfaceArgs(
            network=ilb_network.id,
            subnetwork=ilb_subnet.id,
        )],
        boot_disk=gcp.compute.InstanceBootDiskArgs(
            initialize_params=gcp.compute.InstanceBootDiskInitializeParamsArgs(
                image="debian-cloud/debian-10",
            ),
        ))
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// Internal TCP/UDP load balancer with a managed instance group backend
    		// VPC
    		ilbNetwork, err := compute.NewNetwork(ctx, "ilb_network", &compute.NetworkArgs{
    			Name:                  pulumi.String("l4-ilb-network"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		// backed subnet
    		ilbSubnet, err := compute.NewSubnetwork(ctx, "ilb_subnet", &compute.SubnetworkArgs{
    			Name:        pulumi.String("l4-ilb-subnet"),
    			IpCidrRange: pulumi.String("10.0.1.0/24"),
    			Region:      pulumi.String("europe-west1"),
    			Network:     ilbNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// health check
    		defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
    			Name:   pulumi.String("l4-ilb-hc"),
    			Region: pulumi.String("europe-west1"),
    			HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// instance template
    		instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
    			NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
    				&compute.InstanceTemplateNetworkInterfaceArgs{
    					AccessConfigs: compute.InstanceTemplateNetworkInterfaceAccessConfigArray{
    						nil,
    					},
    					Network:    ilbNetwork.ID(),
    					Subnetwork: ilbSubnet.ID(),
    				},
    			},
    			Name:        pulumi.String("l4-ilb-mig-template"),
    			MachineType: pulumi.String("e2-small"),
    			Tags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    				pulumi.String("allow-health-check"),
    			},
    			Disks: compute.InstanceTemplateDiskArray{
    				&compute.InstanceTemplateDiskArgs{
    					SourceImage: pulumi.String("debian-cloud/debian-10"),
    					AutoDelete:  pulumi.Bool(true),
    					Boot:        pulumi.Bool(true),
    				},
    			},
    			Metadata: pulumi.Map{
    				"startup-script": pulumi.Any(`#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    `),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// MIG
    		mig, err := compute.NewRegionInstanceGroupManager(ctx, "mig", &compute.RegionInstanceGroupManagerArgs{
    			Name:   pulumi.String("l4-ilb-mig1"),
    			Region: pulumi.String("europe-west1"),
    			Versions: compute.RegionInstanceGroupManagerVersionArray{
    				&compute.RegionInstanceGroupManagerVersionArgs{
    					InstanceTemplate: instanceTemplate.ID(),
    					Name:             pulumi.String("primary"),
    				},
    			},
    			BaseInstanceName: pulumi.String("vm"),
    			TargetSize:       pulumi.Int(2),
    		})
    		if err != nil {
    			return err
    		}
    		// backend service
    		_, err = compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
    			Name:                pulumi.String("l4-ilb-backend-subnet"),
    			Region:              pulumi.String("europe-west1"),
    			Protocol:            pulumi.String("TCP"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			HealthChecks:        defaultRegionHealthCheck.ID(),
    			Backends: compute.RegionBackendServiceBackendArray{
    				&compute.RegionBackendServiceBackendArgs{
    					Group:         mig.InstanceGroup,
    					BalancingMode: pulumi.String("CONNECTION"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// forwarding rule
    		_, err = compute.NewForwardingRule(ctx, "google_compute_forwarding_rule", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("l4-ilb-forwarding-rule"),
    			BackendService:      _default.ID(),
    			Region:              pulumi.String("europe-west1"),
    			IpProtocol:          pulumi.String("TCP"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			AllPorts:            pulumi.Bool(true),
    			AllowGlobalAccess:   pulumi.Bool(true),
    			Network:             ilbNetwork.ID(),
    			Subnetwork:          ilbSubnet.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// allow all access from health check ranges
    		_, err = compute.NewFirewall(ctx, "fw_hc", &compute.FirewallArgs{
    			Name:      pulumi.String("l4-ilb-fw-allow-hc"),
    			Direction: pulumi.String("INGRESS"),
    			Network:   ilbNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("130.211.0.0/22"),
    				pulumi.String("35.191.0.0/16"),
    				pulumi.String("35.235.240.0/20"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("allow-health-check"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// allow communication within the subnet
    		_, err = compute.NewFirewall(ctx, "fw_ilb_to_backends", &compute.FirewallArgs{
    			Name:      pulumi.String("l4-ilb-fw-allow-ilb-to-backends"),
    			Direction: pulumi.String("INGRESS"),
    			Network:   ilbNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.0.1.0/24"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("udp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("icmp"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// allow SSH
    		_, err = compute.NewFirewall(ctx, "fw_ilb_ssh", &compute.FirewallArgs{
    			Name:      pulumi.String("l4-ilb-fw-ssh"),
    			Direction: pulumi.String("INGRESS"),
    			Network:   ilbNetwork.ID(),
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("22"),
    					},
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    			},
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("0.0.0.0/0"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		// test instance
    		_, err = compute.NewInstance(ctx, "vm_test", &compute.InstanceArgs{
    			Name:        pulumi.String("l4-ilb-test-vm"),
    			Zone:        pulumi.String("europe-west1-b"),
    			MachineType: pulumi.String("e2-small"),
    			NetworkInterfaces: compute.InstanceNetworkInterfaceArray{
    				&compute.InstanceNetworkInterfaceArgs{
    					Network:    ilbNetwork.ID(),
    					Subnetwork: ilbSubnet.ID(),
    				},
    			},
    			BootDisk: &compute.InstanceBootDiskArgs{
    				InitializeParams: &compute.InstanceBootDiskInitializeParamsArgs{
    					Image: pulumi.String("debian-cloud/debian-10"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        // Internal TCP/UDP load balancer with a managed instance group backend
        // VPC
        var ilbNetwork = new Gcp.Compute.Network("ilb_network", new()
        {
            Name = "l4-ilb-network",
            AutoCreateSubnetworks = false,
        });
    
        // backed subnet
        var ilbSubnet = new Gcp.Compute.Subnetwork("ilb_subnet", new()
        {
            Name = "l4-ilb-subnet",
            IpCidrRange = "10.0.1.0/24",
            Region = "europe-west1",
            Network = ilbNetwork.Id,
        });
    
        // health check
        var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
        {
            Name = "l4-ilb-hc",
            Region = "europe-west1",
            HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        // instance template
        var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
        {
            NetworkInterfaces = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
                {
                    AccessConfigs = new[]
                    {
                        null,
                    },
                    Network = ilbNetwork.Id,
                    Subnetwork = ilbSubnet.Id,
                },
            },
            Name = "l4-ilb-mig-template",
            MachineType = "e2-small",
            Tags = new[]
            {
                "allow-ssh",
                "allow-health-check",
            },
            Disks = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
                {
                    SourceImage = "debian-cloud/debian-10",
                    AutoDelete = true,
                    Boot = true,
                },
            },
            Metadata = 
            {
                { "startup-script", @"#! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/hostname"")
    IP=$(curl -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip"")
    METADATA=$(curl -f -H ""Metadata-Flavor: Google"" ""http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True"" | jq 'del(.[""startup-script""])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
    " },
            },
        });
    
        // MIG
        var mig = new Gcp.Compute.RegionInstanceGroupManager("mig", new()
        {
            Name = "l4-ilb-mig1",
            Region = "europe-west1",
            Versions = new[]
            {
                new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs
                {
                    InstanceTemplate = instanceTemplate.Id,
                    Name = "primary",
                },
            },
            BaseInstanceName = "vm",
            TargetSize = 2,
        });
    
        // backend service
        var @default = new Gcp.Compute.RegionBackendService("default", new()
        {
            Name = "l4-ilb-backend-subnet",
            Region = "europe-west1",
            Protocol = "TCP",
            LoadBalancingScheme = "INTERNAL",
            HealthChecks = defaultRegionHealthCheck.Id,
            Backends = new[]
            {
                new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs
                {
                    Group = mig.InstanceGroup,
                    BalancingMode = "CONNECTION",
                },
            },
        });
    
        // forwarding rule
        var googleComputeForwardingRule = new Gcp.Compute.ForwardingRule("google_compute_forwarding_rule", new()
        {
            Name = "l4-ilb-forwarding-rule",
            BackendService = @default.Id,
            Region = "europe-west1",
            IpProtocol = "TCP",
            LoadBalancingScheme = "INTERNAL",
            AllPorts = true,
            AllowGlobalAccess = true,
            Network = ilbNetwork.Id,
            Subnetwork = ilbSubnet.Id,
        });
    
        // allow all access from health check ranges
        var fwHc = new Gcp.Compute.Firewall("fw_hc", new()
        {
            Name = "l4-ilb-fw-allow-hc",
            Direction = "INGRESS",
            Network = ilbNetwork.Id,
            SourceRanges = new[]
            {
                "130.211.0.0/22",
                "35.191.0.0/16",
                "35.235.240.0/20",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
            },
            TargetTags = new[]
            {
                "allow-health-check",
            },
        });
    
        // allow communication within the subnet 
        var fwIlbToBackends = new Gcp.Compute.Firewall("fw_ilb_to_backends", new()
        {
            Name = "l4-ilb-fw-allow-ilb-to-backends",
            Direction = "INGRESS",
            Network = ilbNetwork.Id,
            SourceRanges = new[]
            {
                "10.0.1.0/24",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "udp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "icmp",
                },
            },
        });
    
        // allow SSH
        var fwIlbSsh = new Gcp.Compute.Firewall("fw_ilb_ssh", new()
        {
            Name = "l4-ilb-fw-ssh",
            Direction = "INGRESS",
            Network = ilbNetwork.Id,
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "22",
                    },
                },
            },
            TargetTags = new[]
            {
                "allow-ssh",
            },
            SourceRanges = new[]
            {
                "0.0.0.0/0",
            },
        });
    
        // test instance
        var vmTest = new Gcp.Compute.Instance("vm_test", new()
        {
            Name = "l4-ilb-test-vm",
            Zone = "europe-west1-b",
            MachineType = "e2-small",
            NetworkInterfaces = new[]
            {
                new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
                {
                    Network = ilbNetwork.Id,
                    Subnetwork = ilbSubnet.Id,
                },
            },
            BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
            {
                InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
                {
                    Image = "debian-cloud/debian-10",
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.InstanceTemplate;
    import com.pulumi.gcp.compute.InstanceTemplateArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
    import com.pulumi.gcp.compute.RegionInstanceGroupManager;
    import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
    import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.Firewall;
    import com.pulumi.gcp.compute.FirewallArgs;
    import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
    import com.pulumi.gcp.compute.Instance;
    import com.pulumi.gcp.compute.InstanceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
    import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // Internal TCP/UDP load balancer with a managed instance group backend
            // VPC
            var ilbNetwork = new Network("ilbNetwork", NetworkArgs.builder()        
                .name("l4-ilb-network")
                .autoCreateSubnetworks(false)
                .build());
    
            // backed subnet
            var ilbSubnet = new Subnetwork("ilbSubnet", SubnetworkArgs.builder()        
                .name("l4-ilb-subnet")
                .ipCidrRange("10.0.1.0/24")
                .region("europe-west1")
                .network(ilbNetwork.id())
                .build());
    
            // health check
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
                .name("l4-ilb-hc")
                .region("europe-west1")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            // instance template
            var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
                .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                    .accessConfigs()
                    .network(ilbNetwork.id())
                    .subnetwork(ilbSubnet.id())
                    .build())
                .name("l4-ilb-mig-template")
                .machineType("e2-small")
                .tags(            
                    "allow-ssh",
                    "allow-health-check")
                .disks(InstanceTemplateDiskArgs.builder()
                    .sourceImage("debian-cloud/debian-10")
                    .autoDelete(true)
                    .boot(true)
                    .build())
                .metadata(Map.of("startup-script", """
    #! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
                """))
                .build());
    
            // MIG
            var mig = new RegionInstanceGroupManager("mig", RegionInstanceGroupManagerArgs.builder()        
                .name("l4-ilb-mig1")
                .region("europe-west1")
                .versions(RegionInstanceGroupManagerVersionArgs.builder()
                    .instanceTemplate(instanceTemplate.id())
                    .name("primary")
                    .build())
                .baseInstanceName("vm")
                .targetSize(2)
                .build());
    
            // backend service
            var default_ = new RegionBackendService("default", RegionBackendServiceArgs.builder()        
                .name("l4-ilb-backend-subnet")
                .region("europe-west1")
                .protocol("TCP")
                .loadBalancingScheme("INTERNAL")
                .healthChecks(defaultRegionHealthCheck.id())
                .backends(RegionBackendServiceBackendArgs.builder()
                    .group(mig.instanceGroup())
                    .balancingMode("CONNECTION")
                    .build())
                .build());
    
            // forwarding rule
            var googleComputeForwardingRule = new ForwardingRule("googleComputeForwardingRule", ForwardingRuleArgs.builder()        
                .name("l4-ilb-forwarding-rule")
                .backendService(default_.id())
                .region("europe-west1")
                .ipProtocol("TCP")
                .loadBalancingScheme("INTERNAL")
                .allPorts(true)
                .allowGlobalAccess(true)
                .network(ilbNetwork.id())
                .subnetwork(ilbSubnet.id())
                .build());
    
            // allow all access from health check ranges
            var fwHc = new Firewall("fwHc", FirewallArgs.builder()        
                .name("l4-ilb-fw-allow-hc")
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .sourceRanges(            
                    "130.211.0.0/22",
                    "35.191.0.0/16",
                    "35.235.240.0/20")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build())
                .targetTags("allow-health-check")
                .build());
    
            // allow communication within the subnet 
            var fwIlbToBackends = new Firewall("fwIlbToBackends", FirewallArgs.builder()        
                .name("l4-ilb-fw-allow-ilb-to-backends")
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .sourceRanges("10.0.1.0/24")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("udp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("icmp")
                        .build())
                .build());
    
            // allow SSH
            var fwIlbSsh = new Firewall("fwIlbSsh", FirewallArgs.builder()        
                .name("l4-ilb-fw-ssh")
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("22")
                    .build())
                .targetTags("allow-ssh")
                .sourceRanges("0.0.0.0/0")
                .build());
    
            // test instance
            var vmTest = new Instance("vmTest", InstanceArgs.builder()        
                .name("l4-ilb-test-vm")
                .zone("europe-west1-b")
                .machineType("e2-small")
                .networkInterfaces(InstanceNetworkInterfaceArgs.builder()
                    .network(ilbNetwork.id())
                    .subnetwork(ilbSubnet.id())
                    .build())
                .bootDisk(InstanceBootDiskArgs.builder()
                    .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
                        .image("debian-cloud/debian-10")
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      # Internal TCP/UDP load balancer with a managed instance group backend
    
      # VPC
      ilbNetwork:
        type: gcp:compute:Network
        name: ilb_network
        properties:
          name: l4-ilb-network
          autoCreateSubnetworks: false
      # backed subnet
      ilbSubnet:
        type: gcp:compute:Subnetwork
        name: ilb_subnet
        properties:
          name: l4-ilb-subnet
          ipCidrRange: 10.0.1.0/24
          region: europe-west1
          network: ${ilbNetwork.id}
      # forwarding rule
      googleComputeForwardingRule:
        type: gcp:compute:ForwardingRule
        name: google_compute_forwarding_rule
        properties:
          name: l4-ilb-forwarding-rule
          backendService: ${default.id}
          region: europe-west1
          ipProtocol: TCP
          loadBalancingScheme: INTERNAL
          allPorts: true
          allowGlobalAccess: true
          network: ${ilbNetwork.id}
          subnetwork: ${ilbSubnet.id}
      # backend service
      default:
        type: gcp:compute:RegionBackendService
        properties:
          name: l4-ilb-backend-subnet
          region: europe-west1
          protocol: TCP
          loadBalancingScheme: INTERNAL
          healthChecks: ${defaultRegionHealthCheck.id}
          backends:
            - group: ${mig.instanceGroup}
              balancingMode: CONNECTION
      # instance template
      instanceTemplate:
        type: gcp:compute:InstanceTemplate
        name: instance_template
        properties:
          networkInterfaces:
            - accessConfigs:
                - {}
              network: ${ilbNetwork.id}
              subnetwork: ${ilbSubnet.id}
          name: l4-ilb-mig-template
          machineType: e2-small
          tags:
            - allow-ssh
            - allow-health-check
          disks:
            - sourceImage: debian-cloud/debian-10
              autoDelete: true
              boot: true
          metadata:
            startup-script: |
              #! /bin/bash
              set -euo pipefail
    
              export DEBIAN_FRONTEND=noninteractive
              apt-get update
              apt-get install -y nginx-light jq
    
              NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
              IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
              METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
              cat <<EOF > /var/www/html/index.html
              <pre>
              Name: $NAME
              IP: $IP
              Metadata: $METADATA
              </pre>
              EOF          
      # health check
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        name: default
        properties:
          name: l4-ilb-hc
          region: europe-west1
          httpHealthCheck:
            port: '80'
      # MIG
      mig:
        type: gcp:compute:RegionInstanceGroupManager
        properties:
          name: l4-ilb-mig1
          region: europe-west1
          versions:
            - instanceTemplate: ${instanceTemplate.id}
              name: primary
          baseInstanceName: vm
          targetSize: 2
      # allow all access from health check ranges
      fwHc:
        type: gcp:compute:Firewall
        name: fw_hc
        properties:
          name: l4-ilb-fw-allow-hc
          direction: INGRESS
          network: ${ilbNetwork.id}
          sourceRanges:
            - 130.211.0.0/22
            - 35.191.0.0/16
            - 35.235.240.0/20
          allows:
            - protocol: tcp
          targetTags:
            - allow-health-check
      # allow communication within the subnet
      fwIlbToBackends:
        type: gcp:compute:Firewall
        name: fw_ilb_to_backends
        properties:
          name: l4-ilb-fw-allow-ilb-to-backends
          direction: INGRESS
          network: ${ilbNetwork.id}
          sourceRanges:
            - 10.0.1.0/24
          allows:
            - protocol: tcp
            - protocol: udp
            - protocol: icmp
      # allow SSH
      fwIlbSsh:
        type: gcp:compute:Firewall
        name: fw_ilb_ssh
        properties:
          name: l4-ilb-fw-ssh
          direction: INGRESS
          network: ${ilbNetwork.id}
          allows:
            - protocol: tcp
              ports:
                - '22'
          targetTags:
            - allow-ssh
          sourceRanges:
            - 0.0.0.0/0
      # test instance
      vmTest:
        type: gcp:compute:Instance
        name: vm_test
        properties:
          name: l4-ilb-test-vm
          zone: europe-west1-b
          machineType: e2-small
          networkInterfaces:
            - network: ${ilbNetwork.id}
              subnetwork: ${ilbSubnet.id}
          bootDisk:
            initializeParams:
              image: debian-cloud/debian-10
    

    Forwarding Rule Externallb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const hc = new gcp.compute.RegionHealthCheck("hc", {
        name: "check-website-backend",
        checkIntervalSec: 1,
        timeoutSec: 1,
        region: "us-central1",
        tcpHealthCheck: {
            port: 80,
        },
    });
    const backend = new gcp.compute.RegionBackendService("backend", {
        name: "website-backend",
        region: "us-central1",
        loadBalancingScheme: "EXTERNAL",
        healthChecks: hc.id,
    });
    // Forwarding rule for External Network Load Balancing using Backend Services
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        portRange: "80",
        backendService: backend.id,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    hc = gcp.compute.RegionHealthCheck("hc",
        name="check-website-backend",
        check_interval_sec=1,
        timeout_sec=1,
        region="us-central1",
        tcp_health_check=gcp.compute.RegionHealthCheckTcpHealthCheckArgs(
            port=80,
        ))
    backend = gcp.compute.RegionBackendService("backend",
        name="website-backend",
        region="us-central1",
        load_balancing_scheme="EXTERNAL",
        health_checks=hc.id)
    # Forwarding rule for External Network Load Balancing using Backend Services
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        port_range="80",
        backend_service=backend.id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		hc, err := compute.NewRegionHealthCheck(ctx, "hc", &compute.RegionHealthCheckArgs{
    			Name:             pulumi.String("check-website-backend"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			Region:           pulumi.String("us-central1"),
    			TcpHealthCheck: &compute.RegionHealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
    			Name:                pulumi.String("website-backend"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    			HealthChecks:        hc.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for External Network Load Balancing using Backend Services
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:           pulumi.String("website-forwarding-rule"),
    			Region:         pulumi.String("us-central1"),
    			PortRange:      pulumi.String("80"),
    			BackendService: backend.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var hc = new Gcp.Compute.RegionHealthCheck("hc", new()
        {
            Name = "check-website-backend",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            Region = "us-central1",
            TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var backend = new Gcp.Compute.RegionBackendService("backend", new()
        {
            Name = "website-backend",
            Region = "us-central1",
            LoadBalancingScheme = "EXTERNAL",
            HealthChecks = hc.Id,
        });
    
        // Forwarding rule for External Network Load Balancing using Backend Services
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            PortRange = "80",
            BackendService = backend.Id,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new RegionHealthCheck("hc", RegionHealthCheckArgs.builder()        
                .name("check-website-backend")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .region("us-central1")
                .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()        
                .name("website-backend")
                .region("us-central1")
                .loadBalancingScheme("EXTERNAL")
                .healthChecks(hc.id())
                .build());
    
            // Forwarding rule for External Network Load Balancing using Backend Services
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("website-forwarding-rule")
                .region("us-central1")
                .portRange(80)
                .backendService(backend.id())
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for External Network Load Balancing using Backend Services
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          portRange: 80
          backendService: ${backend.id}
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          name: website-backend
          region: us-central1
          loadBalancingScheme: EXTERNAL
          healthChecks: ${hc.id}
      hc:
        type: gcp:compute:RegionHealthCheck
        properties:
          name: check-website-backend
          checkIntervalSec: 1
          timeoutSec: 1
          region: us-central1
          tcpHealthCheck:
            port: '80'
    

    Forwarding Rule Global Internallb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const hc = new gcp.compute.HealthCheck("hc", {
        name: "check-website-backend",
        checkIntervalSec: 1,
        timeoutSec: 1,
        tcpHealthCheck: {
            port: 80,
        },
    });
    const backend = new gcp.compute.RegionBackendService("backend", {
        name: "website-backend",
        region: "us-central1",
        healthChecks: hc.id,
    });
    const defaultNetwork = new gcp.compute.Network("default", {
        name: "website-net",
        autoCreateSubnetworks: false,
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "website-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: defaultNetwork.id,
    });
    // Forwarding rule for Internal Load Balancing
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        loadBalancingScheme: "INTERNAL",
        backendService: backend.id,
        allPorts: true,
        allowGlobalAccess: true,
        network: defaultNetwork.name,
        subnetwork: defaultSubnetwork.name,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    hc = gcp.compute.HealthCheck("hc",
        name="check-website-backend",
        check_interval_sec=1,
        timeout_sec=1,
        tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
            port=80,
        ))
    backend = gcp.compute.RegionBackendService("backend",
        name="website-backend",
        region="us-central1",
        health_checks=hc.id)
    default_network = gcp.compute.Network("default",
        name="website-net",
        auto_create_subnetworks=False)
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="website-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=default_network.id)
    # Forwarding rule for Internal Load Balancing
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        load_balancing_scheme="INTERNAL",
        backend_service=backend.id,
        all_ports=True,
        allow_global_access=True,
        network=default_network.name,
        subnetwork=default_subnetwork.name)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		hc, err := compute.NewHealthCheck(ctx, "hc", &compute.HealthCheckArgs{
    			Name:             pulumi.String("check-website-backend"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
    			Name:         pulumi.String("website-backend"),
    			Region:       pulumi.String("us-central1"),
    			HealthChecks: hc.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("website-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net"),
    			IpCidrRange: pulumi.String("10.0.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for Internal Load Balancing
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("website-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			BackendService:      backend.ID(),
    			AllPorts:            pulumi.Bool(true),
    			AllowGlobalAccess:   pulumi.Bool(true),
    			Network:             defaultNetwork.Name,
    			Subnetwork:          defaultSubnetwork.Name,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var hc = new Gcp.Compute.HealthCheck("hc", new()
        {
            Name = "check-website-backend",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var backend = new Gcp.Compute.RegionBackendService("backend", new()
        {
            Name = "website-backend",
            Region = "us-central1",
            HealthChecks = hc.Id,
        });
    
        var defaultNetwork = new Gcp.Compute.Network("default", new()
        {
            Name = "website-net",
            AutoCreateSubnetworks = false,
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "website-net",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            Network = defaultNetwork.Id,
        });
    
        // Forwarding rule for Internal Load Balancing
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            LoadBalancingScheme = "INTERNAL",
            BackendService = backend.Id,
            AllPorts = true,
            AllowGlobalAccess = true,
            Network = defaultNetwork.Name,
            Subnetwork = defaultSubnetwork.Name,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new HealthCheck("hc", HealthCheckArgs.builder()        
                .name("check-website-backend")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()        
                .name("website-backend")
                .region("us-central1")
                .healthChecks(hc.id())
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
                .name("website-net")
                .autoCreateSubnetworks(false)
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
                .name("website-net")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build());
    
            // Forwarding rule for Internal Load Balancing
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("website-forwarding-rule")
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(backend.id())
                .allPorts(true)
                .allowGlobalAccess(true)
                .network(defaultNetwork.name())
                .subnetwork(defaultSubnetwork.name())
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for Internal Load Balancing
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${backend.id}
          allPorts: true
          allowGlobalAccess: true
          network: ${defaultNetwork.name}
          subnetwork: ${defaultSubnetwork.name}
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          name: website-backend
          region: us-central1
          healthChecks: ${hc.id}
      hc:
        type: gcp:compute:HealthCheck
        properties:
          name: check-website-backend
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
      defaultNetwork:
        type: gcp:compute:Network
        name: default
        properties:
          name: website-net
          autoCreateSubnetworks: false
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: website-net
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${defaultNetwork.id}
    

    Forwarding Rule Basic

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const defaultTargetPool = new gcp.compute.TargetPool("default", {name: "website-target-pool"});
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        target: defaultTargetPool.id,
        portRange: "80",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    default_target_pool = gcp.compute.TargetPool("default", name="website-target-pool")
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        target=default_target_pool.id,
        port_range="80")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		defaultTargetPool, err := compute.NewTargetPool(ctx, "default", &compute.TargetPoolArgs{
    			Name: pulumi.String("website-target-pool"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:      pulumi.String("website-forwarding-rule"),
    			Target:    defaultTargetPool.ID(),
    			PortRange: pulumi.String("80"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var defaultTargetPool = new Gcp.Compute.TargetPool("default", new()
        {
            Name = "website-target-pool",
        });
    
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Target = defaultTargetPool.Id,
            PortRange = "80",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.TargetPool;
    import com.pulumi.gcp.compute.TargetPoolArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var defaultTargetPool = new TargetPool("defaultTargetPool", TargetPoolArgs.builder()        
                .name("website-target-pool")
                .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("website-forwarding-rule")
                .target(defaultTargetPool.id())
                .portRange("80")
                .build());
    
        }
    }
    
    resources:
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          target: ${defaultTargetPool.id}
          portRange: '80'
      defaultTargetPool:
        type: gcp:compute:TargetPool
        name: default
        properties:
          name: website-target-pool
    

    Forwarding Rule L3 Default

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const healthCheck = new gcp.compute.RegionHealthCheck("health_check", {
        name: "health-check",
        region: "us-central1",
        tcpHealthCheck: {
            port: 80,
        },
    });
    const service = new gcp.compute.RegionBackendService("service", {
        region: "us-central1",
        name: "service",
        healthChecks: healthCheck.id,
        protocol: "UNSPECIFIED",
        loadBalancingScheme: "EXTERNAL",
    });
    const fwdRule = new gcp.compute.ForwardingRule("fwd_rule", {
        name: "l3-forwarding-rule",
        backendService: service.id,
        ipProtocol: "L3_DEFAULT",
        allPorts: true,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    health_check = gcp.compute.RegionHealthCheck("health_check",
        name="health-check",
        region="us-central1",
        tcp_health_check=gcp.compute.RegionHealthCheckTcpHealthCheckArgs(
            port=80,
        ))
    service = gcp.compute.RegionBackendService("service",
        region="us-central1",
        name="service",
        health_checks=health_check.id,
        protocol="UNSPECIFIED",
        load_balancing_scheme="EXTERNAL")
    fwd_rule = gcp.compute.ForwardingRule("fwd_rule",
        name="l3-forwarding-rule",
        backend_service=service.id,
        ip_protocol="L3_DEFAULT",
        all_ports=True)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		healthCheck, err := compute.NewRegionHealthCheck(ctx, "health_check", &compute.RegionHealthCheckArgs{
    			Name:   pulumi.String("health-check"),
    			Region: pulumi.String("us-central1"),
    			TcpHealthCheck: &compute.RegionHealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		service, err := compute.NewRegionBackendService(ctx, "service", &compute.RegionBackendServiceArgs{
    			Region:              pulumi.String("us-central1"),
    			Name:                pulumi.String("service"),
    			HealthChecks:        healthCheck.ID(),
    			Protocol:            pulumi.String("UNSPECIFIED"),
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewForwardingRule(ctx, "fwd_rule", &compute.ForwardingRuleArgs{
    			Name:           pulumi.String("l3-forwarding-rule"),
    			BackendService: service.ID(),
    			IpProtocol:     pulumi.String("L3_DEFAULT"),
    			AllPorts:       pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var healthCheck = new Gcp.Compute.RegionHealthCheck("health_check", new()
        {
            Name = "health-check",
            Region = "us-central1",
            TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var service = new Gcp.Compute.RegionBackendService("service", new()
        {
            Region = "us-central1",
            Name = "service",
            HealthChecks = healthCheck.Id,
            Protocol = "UNSPECIFIED",
            LoadBalancingScheme = "EXTERNAL",
        });
    
        var fwdRule = new Gcp.Compute.ForwardingRule("fwd_rule", new()
        {
            Name = "l3-forwarding-rule",
            BackendService = service.Id,
            IpProtocol = "L3_DEFAULT",
            AllPorts = true,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var healthCheck = new RegionHealthCheck("healthCheck", RegionHealthCheckArgs.builder()        
                .name("health-check")
                .region("us-central1")
                .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()
                    .port(80)
                    .build())
                .build());
    
            var service = new RegionBackendService("service", RegionBackendServiceArgs.builder()        
                .region("us-central1")
                .name("service")
                .healthChecks(healthCheck.id())
                .protocol("UNSPECIFIED")
                .loadBalancingScheme("EXTERNAL")
                .build());
    
            var fwdRule = new ForwardingRule("fwdRule", ForwardingRuleArgs.builder()        
                .name("l3-forwarding-rule")
                .backendService(service.id())
                .ipProtocol("L3_DEFAULT")
                .allPorts(true)
                .build());
    
        }
    }
    
    resources:
      fwdRule:
        type: gcp:compute:ForwardingRule
        name: fwd_rule
        properties:
          name: l3-forwarding-rule
          backendService: ${service.id}
          ipProtocol: L3_DEFAULT
          allPorts: true
      service:
        type: gcp:compute:RegionBackendService
        properties:
          region: us-central1
          name: service
          healthChecks: ${healthCheck.id}
          protocol: UNSPECIFIED
          loadBalancingScheme: EXTERNAL
      healthCheck:
        type: gcp:compute:RegionHealthCheck
        name: health_check
        properties:
          name: health-check
          region: us-central1
          tcpHealthCheck:
            port: 80
    

    Forwarding Rule Internallb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const hc = new gcp.compute.HealthCheck("hc", {
        name: "check-website-backend",
        checkIntervalSec: 1,
        timeoutSec: 1,
        tcpHealthCheck: {
            port: 80,
        },
    });
    const backend = new gcp.compute.RegionBackendService("backend", {
        name: "website-backend",
        region: "us-central1",
        healthChecks: hc.id,
    });
    const defaultNetwork = new gcp.compute.Network("default", {
        name: "website-net",
        autoCreateSubnetworks: false,
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "website-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: defaultNetwork.id,
    });
    // Forwarding rule for Internal Load Balancing
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        loadBalancingScheme: "INTERNAL",
        backendService: backend.id,
        allPorts: true,
        network: defaultNetwork.name,
        subnetwork: defaultSubnetwork.name,
        ipVersion: "IPV4",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    hc = gcp.compute.HealthCheck("hc",
        name="check-website-backend",
        check_interval_sec=1,
        timeout_sec=1,
        tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
            port=80,
        ))
    backend = gcp.compute.RegionBackendService("backend",
        name="website-backend",
        region="us-central1",
        health_checks=hc.id)
    default_network = gcp.compute.Network("default",
        name="website-net",
        auto_create_subnetworks=False)
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="website-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=default_network.id)
    # Forwarding rule for Internal Load Balancing
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        load_balancing_scheme="INTERNAL",
        backend_service=backend.id,
        all_ports=True,
        network=default_network.name,
        subnetwork=default_subnetwork.name,
        ip_version="IPV4")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		hc, err := compute.NewHealthCheck(ctx, "hc", &compute.HealthCheckArgs{
    			Name:             pulumi.String("check-website-backend"),
    			CheckIntervalSec: pulumi.Int(1),
    			TimeoutSec:       pulumi.Int(1),
    			TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
    				Port: pulumi.Int(80),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		backend, err := compute.NewRegionBackendService(ctx, "backend", &compute.RegionBackendServiceArgs{
    			Name:         pulumi.String("website-backend"),
    			Region:       pulumi.String("us-central1"),
    			HealthChecks: hc.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("website-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net"),
    			IpCidrRange: pulumi.String("10.0.0.0/16"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for Internal Load Balancing
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("website-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("INTERNAL"),
    			BackendService:      backend.ID(),
    			AllPorts:            pulumi.Bool(true),
    			Network:             defaultNetwork.Name,
    			Subnetwork:          defaultSubnetwork.Name,
    			IpVersion:           pulumi.String("IPV4"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var hc = new Gcp.Compute.HealthCheck("hc", new()
        {
            Name = "check-website-backend",
            CheckIntervalSec = 1,
            TimeoutSec = 1,
            TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
            {
                Port = 80,
            },
        });
    
        var backend = new Gcp.Compute.RegionBackendService("backend", new()
        {
            Name = "website-backend",
            Region = "us-central1",
            HealthChecks = hc.Id,
        });
    
        var defaultNetwork = new Gcp.Compute.Network("default", new()
        {
            Name = "website-net",
            AutoCreateSubnetworks = false,
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "website-net",
            IpCidrRange = "10.0.0.0/16",
            Region = "us-central1",
            Network = defaultNetwork.Id,
        });
    
        // Forwarding rule for Internal Load Balancing
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            LoadBalancingScheme = "INTERNAL",
            BackendService = backend.Id,
            AllPorts = true,
            Network = defaultNetwork.Name,
            Subnetwork = defaultSubnetwork.Name,
            IpVersion = "IPV4",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new HealthCheck("hc", HealthCheckArgs.builder()        
                .name("check-website-backend")
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()        
                .name("website-backend")
                .region("us-central1")
                .healthChecks(hc.id())
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
                .name("website-net")
                .autoCreateSubnetworks(false)
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
                .name("website-net")
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build());
    
            // Forwarding rule for Internal Load Balancing
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("website-forwarding-rule")
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(backend.id())
                .allPorts(true)
                .network(defaultNetwork.name())
                .subnetwork(defaultSubnetwork.name())
                .ipVersion("IPV4")
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for Internal Load Balancing
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${backend.id}
          allPorts: true
          network: ${defaultNetwork.name}
          subnetwork: ${defaultSubnetwork.name}
          ipVersion: IPV4
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          name: website-backend
          region: us-central1
          healthChecks: ${hc.id}
      hc:
        type: gcp:compute:HealthCheck
        properties:
          name: check-website-backend
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
      defaultNetwork:
        type: gcp:compute:Network
        name: default
        properties:
          name: website-net
          autoCreateSubnetworks: false
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: website-net
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${defaultNetwork.id}
    

    Forwarding Rule Http Lb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const debianImage = gcp.compute.getImage({
        family: "debian-11",
        project: "debian-cloud",
    });
    const defaultNetwork = new gcp.compute.Network("default", {
        name: "website-net",
        autoCreateSubnetworks: false,
        routingMode: "REGIONAL",
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "website-net-default",
        ipCidrRange: "10.1.2.0/24",
        region: "us-central1",
        network: defaultNetwork.id,
    });
    const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
        name: "template-website-backend",
        machineType: "e2-medium",
        networkInterfaces: [{
            network: defaultNetwork.id,
            subnetwork: defaultSubnetwork.id,
        }],
        disks: [{
            sourceImage: debianImage.then(debianImage => debianImage.selfLink),
            autoDelete: true,
            boot: true,
        }],
        tags: [
            "allow-ssh",
            "load-balanced-backend",
        ],
    });
    const rigm = new gcp.compute.RegionInstanceGroupManager("rigm", {
        region: "us-central1",
        name: "website-rigm",
        versions: [{
            instanceTemplate: instanceTemplate.id,
            name: "primary",
        }],
        baseInstanceName: "internal-glb",
        targetSize: 1,
    });
    const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
        region: "us-central1",
        name: "website-hc",
        httpHealthCheck: {
            portSpecification: "USE_SERVING_PORT",
        },
    });
    const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", {
        loadBalancingScheme: "INTERNAL_MANAGED",
        backends: [{
            group: rigm.instanceGroup,
            balancingMode: "UTILIZATION",
            capacityScaler: 1,
        }],
        region: "us-central1",
        name: "website-backend",
        protocol: "HTTP",
        timeoutSec: 10,
        healthChecks: defaultRegionHealthCheck.id,
    });
    const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", {
        region: "us-central1",
        name: "website-map",
        defaultService: defaultRegionBackendService.id,
    });
    const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", {
        region: "us-central1",
        name: "website-proxy",
        urlMap: defaultRegionUrlMap.id,
    });
    // Forwarding rule for Internal Load Balancing
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        ipProtocol: "TCP",
        loadBalancingScheme: "INTERNAL_MANAGED",
        portRange: "80",
        target: defaultRegionTargetHttpProxy.id,
        network: defaultNetwork.id,
        subnetwork: defaultSubnetwork.id,
        networkTier: "PREMIUM",
    });
    const fw1 = new gcp.compute.Firewall("fw1", {
        name: "website-fw-1",
        network: defaultNetwork.id,
        sourceRanges: ["10.1.2.0/24"],
        allows: [
            {
                protocol: "tcp",
            },
            {
                protocol: "udp",
            },
            {
                protocol: "icmp",
            },
        ],
        direction: "INGRESS",
    });
    const fw2 = new gcp.compute.Firewall("fw2", {
        name: "website-fw-2",
        network: defaultNetwork.id,
        sourceRanges: ["0.0.0.0/0"],
        allows: [{
            protocol: "tcp",
            ports: ["22"],
        }],
        targetTags: ["allow-ssh"],
        direction: "INGRESS",
    });
    const fw3 = new gcp.compute.Firewall("fw3", {
        name: "website-fw-3",
        network: defaultNetwork.id,
        sourceRanges: [
            "130.211.0.0/22",
            "35.191.0.0/16",
        ],
        allows: [{
            protocol: "tcp",
        }],
        targetTags: ["load-balanced-backend"],
        direction: "INGRESS",
    });
    const fw4 = new gcp.compute.Firewall("fw4", {
        name: "website-fw-4",
        network: defaultNetwork.id,
        sourceRanges: ["10.129.0.0/26"],
        targetTags: ["load-balanced-backend"],
        allows: [
            {
                protocol: "tcp",
                ports: ["80"],
            },
            {
                protocol: "tcp",
                ports: ["443"],
            },
            {
                protocol: "tcp",
                ports: ["8000"],
            },
        ],
        direction: "INGRESS",
    });
    const proxy = new gcp.compute.Subnetwork("proxy", {
        name: "website-net-proxy",
        ipCidrRange: "10.129.0.0/26",
        region: "us-central1",
        network: defaultNetwork.id,
        purpose: "REGIONAL_MANAGED_PROXY",
        role: "ACTIVE",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    debian_image = gcp.compute.get_image(family="debian-11",
        project="debian-cloud")
    default_network = gcp.compute.Network("default",
        name="website-net",
        auto_create_subnetworks=False,
        routing_mode="REGIONAL")
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="website-net-default",
        ip_cidr_range="10.1.2.0/24",
        region="us-central1",
        network=default_network.id)
    instance_template = gcp.compute.InstanceTemplate("instance_template",
        name="template-website-backend",
        machine_type="e2-medium",
        network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
            network=default_network.id,
            subnetwork=default_subnetwork.id,
        )],
        disks=[gcp.compute.InstanceTemplateDiskArgs(
            source_image=debian_image.self_link,
            auto_delete=True,
            boot=True,
        )],
        tags=[
            "allow-ssh",
            "load-balanced-backend",
        ])
    rigm = gcp.compute.RegionInstanceGroupManager("rigm",
        region="us-central1",
        name="website-rigm",
        versions=[gcp.compute.RegionInstanceGroupManagerVersionArgs(
            instance_template=instance_template.id,
            name="primary",
        )],
        base_instance_name="internal-glb",
        target_size=1)
    default_region_health_check = gcp.compute.RegionHealthCheck("default",
        region="us-central1",
        name="website-hc",
        http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
            port_specification="USE_SERVING_PORT",
        ))
    default_region_backend_service = gcp.compute.RegionBackendService("default",
        load_balancing_scheme="INTERNAL_MANAGED",
        backends=[gcp.compute.RegionBackendServiceBackendArgs(
            group=rigm.instance_group,
            balancing_mode="UTILIZATION",
            capacity_scaler=1,
        )],
        region="us-central1",
        name="website-backend",
        protocol="HTTP",
        timeout_sec=10,
        health_checks=default_region_health_check.id)
    default_region_url_map = gcp.compute.RegionUrlMap("default",
        region="us-central1",
        name="website-map",
        default_service=default_region_backend_service.id)
    default_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy("default",
        region="us-central1",
        name="website-proxy",
        url_map=default_region_url_map.id)
    # Forwarding rule for Internal Load Balancing
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        ip_protocol="TCP",
        load_balancing_scheme="INTERNAL_MANAGED",
        port_range="80",
        target=default_region_target_http_proxy.id,
        network=default_network.id,
        subnetwork=default_subnetwork.id,
        network_tier="PREMIUM")
    fw1 = gcp.compute.Firewall("fw1",
        name="website-fw-1",
        network=default_network.id,
        source_ranges=["10.1.2.0/24"],
        allows=[
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="udp",
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="icmp",
            ),
        ],
        direction="INGRESS")
    fw2 = gcp.compute.Firewall("fw2",
        name="website-fw-2",
        network=default_network.id,
        source_ranges=["0.0.0.0/0"],
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
            ports=["22"],
        )],
        target_tags=["allow-ssh"],
        direction="INGRESS")
    fw3 = gcp.compute.Firewall("fw3",
        name="website-fw-3",
        network=default_network.id,
        source_ranges=[
            "130.211.0.0/22",
            "35.191.0.0/16",
        ],
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
        )],
        target_tags=["load-balanced-backend"],
        direction="INGRESS")
    fw4 = gcp.compute.Firewall("fw4",
        name="website-fw-4",
        network=default_network.id,
        source_ranges=["10.129.0.0/26"],
        target_tags=["load-balanced-backend"],
        allows=[
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
                ports=["80"],
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
                ports=["443"],
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
                ports=["8000"],
            ),
        ],
        direction="INGRESS")
    proxy = gcp.compute.Subnetwork("proxy",
        name="website-net-proxy",
        ip_cidr_range="10.129.0.0/26",
        region="us-central1",
        network=default_network.id,
        purpose="REGIONAL_MANAGED_PROXY",
        role="ACTIVE")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		debianImage, err := compute.LookupImage(ctx, &compute.LookupImageArgs{
    			Family:  pulumi.StringRef("debian-11"),
    			Project: pulumi.StringRef("debian-cloud"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("website-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    			RoutingMode:           pulumi.String("REGIONAL"),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net-default"),
    			IpCidrRange: pulumi.String("10.1.2.0/24"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
    			Name:        pulumi.String("template-website-backend"),
    			MachineType: pulumi.String("e2-medium"),
    			NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
    				&compute.InstanceTemplateNetworkInterfaceArgs{
    					Network:    defaultNetwork.ID(),
    					Subnetwork: defaultSubnetwork.ID(),
    				},
    			},
    			Disks: compute.InstanceTemplateDiskArray{
    				&compute.InstanceTemplateDiskArgs{
    					SourceImage: pulumi.String(debianImage.SelfLink),
    					AutoDelete:  pulumi.Bool(true),
    					Boot:        pulumi.Bool(true),
    				},
    			},
    			Tags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    				pulumi.String("load-balanced-backend"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		rigm, err := compute.NewRegionInstanceGroupManager(ctx, "rigm", &compute.RegionInstanceGroupManagerArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-rigm"),
    			Versions: compute.RegionInstanceGroupManagerVersionArray{
    				&compute.RegionInstanceGroupManagerVersionArgs{
    					InstanceTemplate: instanceTemplate.ID(),
    					Name:             pulumi.String("primary"),
    				},
    			},
    			BaseInstanceName: pulumi.String("internal-glb"),
    			TargetSize:       pulumi.Int(1),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-hc"),
    			HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
    				PortSpecification: pulumi.String("USE_SERVING_PORT"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionBackendService, err := compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
    			LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    			Backends: compute.RegionBackendServiceBackendArray{
    				&compute.RegionBackendServiceBackendArgs{
    					Group:          rigm.InstanceGroup,
    					BalancingMode:  pulumi.String("UTILIZATION"),
    					CapacityScaler: pulumi.Float64(1),
    				},
    			},
    			Region:       pulumi.String("us-central1"),
    			Name:         pulumi.String("website-backend"),
    			Protocol:     pulumi.String("HTTP"),
    			TimeoutSec:   pulumi.Int(10),
    			HealthChecks: defaultRegionHealthCheck.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{
    			Region:         pulumi.String("us-central1"),
    			Name:           pulumi.String("website-map"),
    			DefaultService: defaultRegionBackendService.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-proxy"),
    			UrlMap: defaultRegionUrlMap.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for Internal Load Balancing
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("website-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			IpProtocol:          pulumi.String("TCP"),
    			LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
    			PortRange:           pulumi.String("80"),
    			Target:              defaultRegionTargetHttpProxy.ID(),
    			Network:             defaultNetwork.ID(),
    			Subnetwork:          defaultSubnetwork.ID(),
    			NetworkTier:         pulumi.String("PREMIUM"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw1", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-1"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.1.2.0/24"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("udp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("icmp"),
    				},
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw2", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-2"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("0.0.0.0/0"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("22"),
    					},
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw3", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-3"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("130.211.0.0/22"),
    				pulumi.String("35.191.0.0/16"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("load-balanced-backend"),
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw4", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-4"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.129.0.0/26"),
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("load-balanced-backend"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("80"),
    					},
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("443"),
    					},
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("8000"),
    					},
    				},
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewSubnetwork(ctx, "proxy", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net-proxy"),
    			IpCidrRange: pulumi.String("10.129.0.0/26"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    			Purpose:     pulumi.String("REGIONAL_MANAGED_PROXY"),
    			Role:        pulumi.String("ACTIVE"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var debianImage = Gcp.Compute.GetImage.Invoke(new()
        {
            Family = "debian-11",
            Project = "debian-cloud",
        });
    
        var defaultNetwork = new Gcp.Compute.Network("default", new()
        {
            Name = "website-net",
            AutoCreateSubnetworks = false,
            RoutingMode = "REGIONAL",
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "website-net-default",
            IpCidrRange = "10.1.2.0/24",
            Region = "us-central1",
            Network = defaultNetwork.Id,
        });
    
        var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
        {
            Name = "template-website-backend",
            MachineType = "e2-medium",
            NetworkInterfaces = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
                {
                    Network = defaultNetwork.Id,
                    Subnetwork = defaultSubnetwork.Id,
                },
            },
            Disks = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
                {
                    SourceImage = debianImage.Apply(getImageResult => getImageResult.SelfLink),
                    AutoDelete = true,
                    Boot = true,
                },
            },
            Tags = new[]
            {
                "allow-ssh",
                "load-balanced-backend",
            },
        });
    
        var rigm = new Gcp.Compute.RegionInstanceGroupManager("rigm", new()
        {
            Region = "us-central1",
            Name = "website-rigm",
            Versions = new[]
            {
                new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs
                {
                    InstanceTemplate = instanceTemplate.Id,
                    Name = "primary",
                },
            },
            BaseInstanceName = "internal-glb",
            TargetSize = 1,
        });
    
        var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
        {
            Region = "us-central1",
            Name = "website-hc",
            HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
            {
                PortSpecification = "USE_SERVING_PORT",
            },
        });
    
        var defaultRegionBackendService = new Gcp.Compute.RegionBackendService("default", new()
        {
            LoadBalancingScheme = "INTERNAL_MANAGED",
            Backends = new[]
            {
                new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs
                {
                    Group = rigm.InstanceGroup,
                    BalancingMode = "UTILIZATION",
                    CapacityScaler = 1,
                },
            },
            Region = "us-central1",
            Name = "website-backend",
            Protocol = "HTTP",
            TimeoutSec = 10,
            HealthChecks = defaultRegionHealthCheck.Id,
        });
    
        var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new()
        {
            Region = "us-central1",
            Name = "website-map",
            DefaultService = defaultRegionBackendService.Id,
        });
    
        var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy("default", new()
        {
            Region = "us-central1",
            Name = "website-proxy",
            UrlMap = defaultRegionUrlMap.Id,
        });
    
        // Forwarding rule for Internal Load Balancing
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            IpProtocol = "TCP",
            LoadBalancingScheme = "INTERNAL_MANAGED",
            PortRange = "80",
            Target = defaultRegionTargetHttpProxy.Id,
            Network = defaultNetwork.Id,
            Subnetwork = defaultSubnetwork.Id,
            NetworkTier = "PREMIUM",
        });
    
        var fw1 = new Gcp.Compute.Firewall("fw1", new()
        {
            Name = "website-fw-1",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "10.1.2.0/24",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "udp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "icmp",
                },
            },
            Direction = "INGRESS",
        });
    
        var fw2 = new Gcp.Compute.Firewall("fw2", new()
        {
            Name = "website-fw-2",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "0.0.0.0/0",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "22",
                    },
                },
            },
            TargetTags = new[]
            {
                "allow-ssh",
            },
            Direction = "INGRESS",
        });
    
        var fw3 = new Gcp.Compute.Firewall("fw3", new()
        {
            Name = "website-fw-3",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "130.211.0.0/22",
                "35.191.0.0/16",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
            },
            TargetTags = new[]
            {
                "load-balanced-backend",
            },
            Direction = "INGRESS",
        });
    
        var fw4 = new Gcp.Compute.Firewall("fw4", new()
        {
            Name = "website-fw-4",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "10.129.0.0/26",
            },
            TargetTags = new[]
            {
                "load-balanced-backend",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "80",
                    },
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "443",
                    },
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "8000",
                    },
                },
            },
            Direction = "INGRESS",
        });
    
        var proxy = new Gcp.Compute.Subnetwork("proxy", new()
        {
            Name = "website-net-proxy",
            IpCidrRange = "10.129.0.0/26",
            Region = "us-central1",
            Network = defaultNetwork.Id,
            Purpose = "REGIONAL_MANAGED_PROXY",
            Role = "ACTIVE",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.ComputeFunctions;
    import com.pulumi.gcp.compute.inputs.GetImageArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.InstanceTemplate;
    import com.pulumi.gcp.compute.InstanceTemplateArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
    import com.pulumi.gcp.compute.RegionInstanceGroupManager;
    import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
    import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
    import com.pulumi.gcp.compute.RegionUrlMap;
    import com.pulumi.gcp.compute.RegionUrlMapArgs;
    import com.pulumi.gcp.compute.RegionTargetHttpProxy;
    import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.Firewall;
    import com.pulumi.gcp.compute.FirewallArgs;
    import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
                .family("debian-11")
                .project("debian-cloud")
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
                .name("website-net")
                .autoCreateSubnetworks(false)
                .routingMode("REGIONAL")
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
                .name("website-net-default")
                .ipCidrRange("10.1.2.0/24")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build());
    
            var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
                .name("template-website-backend")
                .machineType("e2-medium")
                .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                    .network(defaultNetwork.id())
                    .subnetwork(defaultSubnetwork.id())
                    .build())
                .disks(InstanceTemplateDiskArgs.builder()
                    .sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
                    .autoDelete(true)
                    .boot(true)
                    .build())
                .tags(            
                    "allow-ssh",
                    "load-balanced-backend")
                .build());
    
            var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder()        
                .region("us-central1")
                .name("website-rigm")
                .versions(RegionInstanceGroupManagerVersionArgs.builder()
                    .instanceTemplate(instanceTemplate.id())
                    .name("primary")
                    .build())
                .baseInstanceName("internal-glb")
                .targetSize(1)
                .build());
    
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
                .region("us-central1")
                .name("website-hc")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .portSpecification("USE_SERVING_PORT")
                    .build())
                .build());
    
            var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()        
                .loadBalancingScheme("INTERNAL_MANAGED")
                .backends(RegionBackendServiceBackendArgs.builder()
                    .group(rigm.instanceGroup())
                    .balancingMode("UTILIZATION")
                    .capacityScaler(1)
                    .build())
                .region("us-central1")
                .name("website-backend")
                .protocol("HTTP")
                .timeoutSec(10)
                .healthChecks(defaultRegionHealthCheck.id())
                .build());
    
            var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()        
                .region("us-central1")
                .name("website-map")
                .defaultService(defaultRegionBackendService.id())
                .build());
    
            var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()        
                .region("us-central1")
                .name("website-proxy")
                .urlMap(defaultRegionUrlMap.id())
                .build());
    
            // Forwarding rule for Internal Load Balancing
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("website-forwarding-rule")
                .region("us-central1")
                .ipProtocol("TCP")
                .loadBalancingScheme("INTERNAL_MANAGED")
                .portRange("80")
                .target(defaultRegionTargetHttpProxy.id())
                .network(defaultNetwork.id())
                .subnetwork(defaultSubnetwork.id())
                .networkTier("PREMIUM")
                .build());
    
            var fw1 = new Firewall("fw1", FirewallArgs.builder()        
                .name("website-fw-1")
                .network(defaultNetwork.id())
                .sourceRanges("10.1.2.0/24")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("udp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("icmp")
                        .build())
                .direction("INGRESS")
                .build());
    
            var fw2 = new Firewall("fw2", FirewallArgs.builder()        
                .name("website-fw-2")
                .network(defaultNetwork.id())
                .sourceRanges("0.0.0.0/0")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("22")
                    .build())
                .targetTags("allow-ssh")
                .direction("INGRESS")
                .build());
    
            var fw3 = new Firewall("fw3", FirewallArgs.builder()        
                .name("website-fw-3")
                .network(defaultNetwork.id())
                .sourceRanges(            
                    "130.211.0.0/22",
                    "35.191.0.0/16")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build())
                .targetTags("load-balanced-backend")
                .direction("INGRESS")
                .build());
    
            var fw4 = new Firewall("fw4", FirewallArgs.builder()        
                .name("website-fw-4")
                .network(defaultNetwork.id())
                .sourceRanges("10.129.0.0/26")
                .targetTags("load-balanced-backend")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("80")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("443")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("8000")
                        .build())
                .direction("INGRESS")
                .build());
    
            var proxy = new Subnetwork("proxy", SubnetworkArgs.builder()        
                .name("website-net-proxy")
                .ipCidrRange("10.129.0.0/26")
                .region("us-central1")
                .network(defaultNetwork.id())
                .purpose("REGIONAL_MANAGED_PROXY")
                .role("ACTIVE")
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for Internal Load Balancing
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          ipProtocol: TCP
          loadBalancingScheme: INTERNAL_MANAGED
          portRange: '80'
          target: ${defaultRegionTargetHttpProxy.id}
          network: ${defaultNetwork.id}
          subnetwork: ${defaultSubnetwork.id}
          networkTier: PREMIUM
      defaultRegionTargetHttpProxy:
        type: gcp:compute:RegionTargetHttpProxy
        name: default
        properties:
          region: us-central1
          name: website-proxy
          urlMap: ${defaultRegionUrlMap.id}
      defaultRegionUrlMap:
        type: gcp:compute:RegionUrlMap
        name: default
        properties:
          region: us-central1
          name: website-map
          defaultService: ${defaultRegionBackendService.id}
      defaultRegionBackendService:
        type: gcp:compute:RegionBackendService
        name: default
        properties:
          loadBalancingScheme: INTERNAL_MANAGED
          backends:
            - group: ${rigm.instanceGroup}
              balancingMode: UTILIZATION
              capacityScaler: 1
          region: us-central1
          name: website-backend
          protocol: HTTP
          timeoutSec: 10
          healthChecks: ${defaultRegionHealthCheck.id}
      rigm:
        type: gcp:compute:RegionInstanceGroupManager
        properties:
          region: us-central1
          name: website-rigm
          versions:
            - instanceTemplate: ${instanceTemplate.id}
              name: primary
          baseInstanceName: internal-glb
          targetSize: 1
      instanceTemplate:
        type: gcp:compute:InstanceTemplate
        name: instance_template
        properties:
          name: template-website-backend
          machineType: e2-medium
          networkInterfaces:
            - network: ${defaultNetwork.id}
              subnetwork: ${defaultSubnetwork.id}
          disks:
            - sourceImage: ${debianImage.selfLink}
              autoDelete: true
              boot: true
          tags:
            - allow-ssh
            - load-balanced-backend
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        name: default
        properties:
          region: us-central1
          name: website-hc
          httpHealthCheck:
            portSpecification: USE_SERVING_PORT
      fw1:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-1
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.1.2.0/24
          allows:
            - protocol: tcp
            - protocol: udp
            - protocol: icmp
          direction: INGRESS
      fw2:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-2
          network: ${defaultNetwork.id}
          sourceRanges:
            - 0.0.0.0/0
          allows:
            - protocol: tcp
              ports:
                - '22'
          targetTags:
            - allow-ssh
          direction: INGRESS
      fw3:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-3
          network: ${defaultNetwork.id}
          sourceRanges:
            - 130.211.0.0/22
            - 35.191.0.0/16
          allows:
            - protocol: tcp
          targetTags:
            - load-balanced-backend
          direction: INGRESS
      fw4:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-4
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.129.0.0/26
          targetTags:
            - load-balanced-backend
          allows:
            - protocol: tcp
              ports:
                - '80'
            - protocol: tcp
              ports:
                - '443'
            - protocol: tcp
              ports:
                - '8000'
          direction: INGRESS
      defaultNetwork:
        type: gcp:compute:Network
        name: default
        properties:
          name: website-net
          autoCreateSubnetworks: false
          routingMode: REGIONAL
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: website-net-default
          ipCidrRange: 10.1.2.0/24
          region: us-central1
          network: ${defaultNetwork.id}
      proxy:
        type: gcp:compute:Subnetwork
        properties:
          name: website-net-proxy
          ipCidrRange: 10.129.0.0/26
          region: us-central1
          network: ${defaultNetwork.id}
          purpose: REGIONAL_MANAGED_PROXY
          role: ACTIVE
    variables:
      debianImage:
        fn::invoke:
          Function: gcp:compute:getImage
          Arguments:
            family: debian-11
            project: debian-cloud
    

    Forwarding Rule Regional Http Xlb

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const debianImage = gcp.compute.getImage({
        family: "debian-11",
        project: "debian-cloud",
    });
    const defaultNetwork = new gcp.compute.Network("default", {
        name: "website-net",
        autoCreateSubnetworks: false,
        routingMode: "REGIONAL",
    });
    const defaultSubnetwork = new gcp.compute.Subnetwork("default", {
        name: "website-net-default",
        ipCidrRange: "10.1.2.0/24",
        region: "us-central1",
        network: defaultNetwork.id,
    });
    const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", {
        name: "template-website-backend",
        machineType: "e2-medium",
        networkInterfaces: [{
            network: defaultNetwork.id,
            subnetwork: defaultSubnetwork.id,
        }],
        disks: [{
            sourceImage: debianImage.then(debianImage => debianImage.selfLink),
            autoDelete: true,
            boot: true,
        }],
        tags: [
            "allow-ssh",
            "load-balanced-backend",
        ],
    });
    const rigm = new gcp.compute.RegionInstanceGroupManager("rigm", {
        region: "us-central1",
        name: "website-rigm",
        versions: [{
            instanceTemplate: instanceTemplate.id,
            name: "primary",
        }],
        baseInstanceName: "internal-glb",
        targetSize: 1,
    });
    const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
        region: "us-central1",
        name: "website-hc",
        httpHealthCheck: {
            portSpecification: "USE_SERVING_PORT",
        },
    });
    const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", {
        loadBalancingScheme: "EXTERNAL_MANAGED",
        backends: [{
            group: rigm.instanceGroup,
            balancingMode: "UTILIZATION",
            capacityScaler: 1,
        }],
        region: "us-central1",
        name: "website-backend",
        protocol: "HTTP",
        timeoutSec: 10,
        healthChecks: defaultRegionHealthCheck.id,
    });
    const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", {
        region: "us-central1",
        name: "website-map",
        defaultService: defaultRegionBackendService.id,
    });
    const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", {
        region: "us-central1",
        name: "website-proxy",
        urlMap: defaultRegionUrlMap.id,
    });
    const defaultAddress = new gcp.compute.Address("default", {
        name: "website-ip-1",
        region: "us-central1",
        networkTier: "STANDARD",
    });
    // Forwarding rule for Regional External Load Balancing
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "website-forwarding-rule",
        region: "us-central1",
        ipProtocol: "TCP",
        loadBalancingScheme: "EXTERNAL_MANAGED",
        portRange: "80",
        target: defaultRegionTargetHttpProxy.id,
        network: defaultNetwork.id,
        ipAddress: defaultAddress.id,
        networkTier: "STANDARD",
    });
    const fw1 = new gcp.compute.Firewall("fw1", {
        name: "website-fw-1",
        network: defaultNetwork.id,
        sourceRanges: ["10.1.2.0/24"],
        allows: [
            {
                protocol: "tcp",
            },
            {
                protocol: "udp",
            },
            {
                protocol: "icmp",
            },
        ],
        direction: "INGRESS",
    });
    const fw2 = new gcp.compute.Firewall("fw2", {
        name: "website-fw-2",
        network: defaultNetwork.id,
        sourceRanges: ["0.0.0.0/0"],
        allows: [{
            protocol: "tcp",
            ports: ["22"],
        }],
        targetTags: ["allow-ssh"],
        direction: "INGRESS",
    });
    const fw3 = new gcp.compute.Firewall("fw3", {
        name: "website-fw-3",
        network: defaultNetwork.id,
        sourceRanges: [
            "130.211.0.0/22",
            "35.191.0.0/16",
        ],
        allows: [{
            protocol: "tcp",
        }],
        targetTags: ["load-balanced-backend"],
        direction: "INGRESS",
    });
    const fw4 = new gcp.compute.Firewall("fw4", {
        name: "website-fw-4",
        network: defaultNetwork.id,
        sourceRanges: ["10.129.0.0/26"],
        targetTags: ["load-balanced-backend"],
        allows: [
            {
                protocol: "tcp",
                ports: ["80"],
            },
            {
                protocol: "tcp",
                ports: ["443"],
            },
            {
                protocol: "tcp",
                ports: ["8000"],
            },
        ],
        direction: "INGRESS",
    });
    const proxy = new gcp.compute.Subnetwork("proxy", {
        name: "website-net-proxy",
        ipCidrRange: "10.129.0.0/26",
        region: "us-central1",
        network: defaultNetwork.id,
        purpose: "REGIONAL_MANAGED_PROXY",
        role: "ACTIVE",
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    debian_image = gcp.compute.get_image(family="debian-11",
        project="debian-cloud")
    default_network = gcp.compute.Network("default",
        name="website-net",
        auto_create_subnetworks=False,
        routing_mode="REGIONAL")
    default_subnetwork = gcp.compute.Subnetwork("default",
        name="website-net-default",
        ip_cidr_range="10.1.2.0/24",
        region="us-central1",
        network=default_network.id)
    instance_template = gcp.compute.InstanceTemplate("instance_template",
        name="template-website-backend",
        machine_type="e2-medium",
        network_interfaces=[gcp.compute.InstanceTemplateNetworkInterfaceArgs(
            network=default_network.id,
            subnetwork=default_subnetwork.id,
        )],
        disks=[gcp.compute.InstanceTemplateDiskArgs(
            source_image=debian_image.self_link,
            auto_delete=True,
            boot=True,
        )],
        tags=[
            "allow-ssh",
            "load-balanced-backend",
        ])
    rigm = gcp.compute.RegionInstanceGroupManager("rigm",
        region="us-central1",
        name="website-rigm",
        versions=[gcp.compute.RegionInstanceGroupManagerVersionArgs(
            instance_template=instance_template.id,
            name="primary",
        )],
        base_instance_name="internal-glb",
        target_size=1)
    default_region_health_check = gcp.compute.RegionHealthCheck("default",
        region="us-central1",
        name="website-hc",
        http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
            port_specification="USE_SERVING_PORT",
        ))
    default_region_backend_service = gcp.compute.RegionBackendService("default",
        load_balancing_scheme="EXTERNAL_MANAGED",
        backends=[gcp.compute.RegionBackendServiceBackendArgs(
            group=rigm.instance_group,
            balancing_mode="UTILIZATION",
            capacity_scaler=1,
        )],
        region="us-central1",
        name="website-backend",
        protocol="HTTP",
        timeout_sec=10,
        health_checks=default_region_health_check.id)
    default_region_url_map = gcp.compute.RegionUrlMap("default",
        region="us-central1",
        name="website-map",
        default_service=default_region_backend_service.id)
    default_region_target_http_proxy = gcp.compute.RegionTargetHttpProxy("default",
        region="us-central1",
        name="website-proxy",
        url_map=default_region_url_map.id)
    default_address = gcp.compute.Address("default",
        name="website-ip-1",
        region="us-central1",
        network_tier="STANDARD")
    # Forwarding rule for Regional External Load Balancing
    default = gcp.compute.ForwardingRule("default",
        name="website-forwarding-rule",
        region="us-central1",
        ip_protocol="TCP",
        load_balancing_scheme="EXTERNAL_MANAGED",
        port_range="80",
        target=default_region_target_http_proxy.id,
        network=default_network.id,
        ip_address=default_address.id,
        network_tier="STANDARD")
    fw1 = gcp.compute.Firewall("fw1",
        name="website-fw-1",
        network=default_network.id,
        source_ranges=["10.1.2.0/24"],
        allows=[
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="udp",
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="icmp",
            ),
        ],
        direction="INGRESS")
    fw2 = gcp.compute.Firewall("fw2",
        name="website-fw-2",
        network=default_network.id,
        source_ranges=["0.0.0.0/0"],
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
            ports=["22"],
        )],
        target_tags=["allow-ssh"],
        direction="INGRESS")
    fw3 = gcp.compute.Firewall("fw3",
        name="website-fw-3",
        network=default_network.id,
        source_ranges=[
            "130.211.0.0/22",
            "35.191.0.0/16",
        ],
        allows=[gcp.compute.FirewallAllowArgs(
            protocol="tcp",
        )],
        target_tags=["load-balanced-backend"],
        direction="INGRESS")
    fw4 = gcp.compute.Firewall("fw4",
        name="website-fw-4",
        network=default_network.id,
        source_ranges=["10.129.0.0/26"],
        target_tags=["load-balanced-backend"],
        allows=[
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
                ports=["80"],
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
                ports=["443"],
            ),
            gcp.compute.FirewallAllowArgs(
                protocol="tcp",
                ports=["8000"],
            ),
        ],
        direction="INGRESS")
    proxy = gcp.compute.Subnetwork("proxy",
        name="website-net-proxy",
        ip_cidr_range="10.129.0.0/26",
        region="us-central1",
        network=default_network.id,
        purpose="REGIONAL_MANAGED_PROXY",
        role="ACTIVE")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		debianImage, err := compute.LookupImage(ctx, &compute.LookupImageArgs{
    			Family:  pulumi.StringRef("debian-11"),
    			Project: pulumi.StringRef("debian-cloud"),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		defaultNetwork, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
    			Name:                  pulumi.String("website-net"),
    			AutoCreateSubnetworks: pulumi.Bool(false),
    			RoutingMode:           pulumi.String("REGIONAL"),
    		})
    		if err != nil {
    			return err
    		}
    		defaultSubnetwork, err := compute.NewSubnetwork(ctx, "default", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net-default"),
    			IpCidrRange: pulumi.String("10.1.2.0/24"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		instanceTemplate, err := compute.NewInstanceTemplate(ctx, "instance_template", &compute.InstanceTemplateArgs{
    			Name:        pulumi.String("template-website-backend"),
    			MachineType: pulumi.String("e2-medium"),
    			NetworkInterfaces: compute.InstanceTemplateNetworkInterfaceArray{
    				&compute.InstanceTemplateNetworkInterfaceArgs{
    					Network:    defaultNetwork.ID(),
    					Subnetwork: defaultSubnetwork.ID(),
    				},
    			},
    			Disks: compute.InstanceTemplateDiskArray{
    				&compute.InstanceTemplateDiskArgs{
    					SourceImage: pulumi.String(debianImage.SelfLink),
    					AutoDelete:  pulumi.Bool(true),
    					Boot:        pulumi.Bool(true),
    				},
    			},
    			Tags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    				pulumi.String("load-balanced-backend"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		rigm, err := compute.NewRegionInstanceGroupManager(ctx, "rigm", &compute.RegionInstanceGroupManagerArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-rigm"),
    			Versions: compute.RegionInstanceGroupManagerVersionArray{
    				&compute.RegionInstanceGroupManagerVersionArgs{
    					InstanceTemplate: instanceTemplate.ID(),
    					Name:             pulumi.String("primary"),
    				},
    			},
    			BaseInstanceName: pulumi.String("internal-glb"),
    			TargetSize:       pulumi.Int(1),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-hc"),
    			HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
    				PortSpecification: pulumi.String("USE_SERVING_PORT"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionBackendService, err := compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
    			LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
    			Backends: compute.RegionBackendServiceBackendArray{
    				&compute.RegionBackendServiceBackendArgs{
    					Group:          rigm.InstanceGroup,
    					BalancingMode:  pulumi.String("UTILIZATION"),
    					CapacityScaler: pulumi.Float64(1),
    				},
    			},
    			Region:       pulumi.String("us-central1"),
    			Name:         pulumi.String("website-backend"),
    			Protocol:     pulumi.String("HTTP"),
    			TimeoutSec:   pulumi.Int(10),
    			HealthChecks: defaultRegionHealthCheck.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{
    			Region:         pulumi.String("us-central1"),
    			Name:           pulumi.String("website-map"),
    			DefaultService: defaultRegionBackendService.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultRegionTargetHttpProxy, err := compute.NewRegionTargetHttpProxy(ctx, "default", &compute.RegionTargetHttpProxyArgs{
    			Region: pulumi.String("us-central1"),
    			Name:   pulumi.String("website-proxy"),
    			UrlMap: defaultRegionUrlMap.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		defaultAddress, err := compute.NewAddress(ctx, "default", &compute.AddressArgs{
    			Name:        pulumi.String("website-ip-1"),
    			Region:      pulumi.String("us-central1"),
    			NetworkTier: pulumi.String("STANDARD"),
    		})
    		if err != nil {
    			return err
    		}
    		// Forwarding rule for Regional External Load Balancing
    		_, err = compute.NewForwardingRule(ctx, "default", &compute.ForwardingRuleArgs{
    			Name:                pulumi.String("website-forwarding-rule"),
    			Region:              pulumi.String("us-central1"),
    			IpProtocol:          pulumi.String("TCP"),
    			LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
    			PortRange:           pulumi.String("80"),
    			Target:              defaultRegionTargetHttpProxy.ID(),
    			Network:             defaultNetwork.ID(),
    			IpAddress:           defaultAddress.ID(),
    			NetworkTier:         pulumi.String("STANDARD"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw1", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-1"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.1.2.0/24"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("udp"),
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("icmp"),
    				},
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw2", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-2"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("0.0.0.0/0"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("22"),
    					},
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("allow-ssh"),
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw3", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-3"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("130.211.0.0/22"),
    				pulumi.String("35.191.0.0/16"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    				},
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("load-balanced-backend"),
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewFirewall(ctx, "fw4", &compute.FirewallArgs{
    			Name:    pulumi.String("website-fw-4"),
    			Network: defaultNetwork.ID(),
    			SourceRanges: pulumi.StringArray{
    				pulumi.String("10.129.0.0/26"),
    			},
    			TargetTags: pulumi.StringArray{
    				pulumi.String("load-balanced-backend"),
    			},
    			Allows: compute.FirewallAllowArray{
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("80"),
    					},
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("443"),
    					},
    				},
    				&compute.FirewallAllowArgs{
    					Protocol: pulumi.String("tcp"),
    					Ports: pulumi.StringArray{
    						pulumi.String("8000"),
    					},
    				},
    			},
    			Direction: pulumi.String("INGRESS"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewSubnetwork(ctx, "proxy", &compute.SubnetworkArgs{
    			Name:        pulumi.String("website-net-proxy"),
    			IpCidrRange: pulumi.String("10.129.0.0/26"),
    			Region:      pulumi.String("us-central1"),
    			Network:     defaultNetwork.ID(),
    			Purpose:     pulumi.String("REGIONAL_MANAGED_PROXY"),
    			Role:        pulumi.String("ACTIVE"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var debianImage = Gcp.Compute.GetImage.Invoke(new()
        {
            Family = "debian-11",
            Project = "debian-cloud",
        });
    
        var defaultNetwork = new Gcp.Compute.Network("default", new()
        {
            Name = "website-net",
            AutoCreateSubnetworks = false,
            RoutingMode = "REGIONAL",
        });
    
        var defaultSubnetwork = new Gcp.Compute.Subnetwork("default", new()
        {
            Name = "website-net-default",
            IpCidrRange = "10.1.2.0/24",
            Region = "us-central1",
            Network = defaultNetwork.Id,
        });
    
        var instanceTemplate = new Gcp.Compute.InstanceTemplate("instance_template", new()
        {
            Name = "template-website-backend",
            MachineType = "e2-medium",
            NetworkInterfaces = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateNetworkInterfaceArgs
                {
                    Network = defaultNetwork.Id,
                    Subnetwork = defaultSubnetwork.Id,
                },
            },
            Disks = new[]
            {
                new Gcp.Compute.Inputs.InstanceTemplateDiskArgs
                {
                    SourceImage = debianImage.Apply(getImageResult => getImageResult.SelfLink),
                    AutoDelete = true,
                    Boot = true,
                },
            },
            Tags = new[]
            {
                "allow-ssh",
                "load-balanced-backend",
            },
        });
    
        var rigm = new Gcp.Compute.RegionInstanceGroupManager("rigm", new()
        {
            Region = "us-central1",
            Name = "website-rigm",
            Versions = new[]
            {
                new Gcp.Compute.Inputs.RegionInstanceGroupManagerVersionArgs
                {
                    InstanceTemplate = instanceTemplate.Id,
                    Name = "primary",
                },
            },
            BaseInstanceName = "internal-glb",
            TargetSize = 1,
        });
    
        var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
        {
            Region = "us-central1",
            Name = "website-hc",
            HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
            {
                PortSpecification = "USE_SERVING_PORT",
            },
        });
    
        var defaultRegionBackendService = new Gcp.Compute.RegionBackendService("default", new()
        {
            LoadBalancingScheme = "EXTERNAL_MANAGED",
            Backends = new[]
            {
                new Gcp.Compute.Inputs.RegionBackendServiceBackendArgs
                {
                    Group = rigm.InstanceGroup,
                    BalancingMode = "UTILIZATION",
                    CapacityScaler = 1,
                },
            },
            Region = "us-central1",
            Name = "website-backend",
            Protocol = "HTTP",
            TimeoutSec = 10,
            HealthChecks = defaultRegionHealthCheck.Id,
        });
    
        var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new()
        {
            Region = "us-central1",
            Name = "website-map",
            DefaultService = defaultRegionBackendService.Id,
        });
    
        var defaultRegionTargetHttpProxy = new Gcp.Compute.RegionTargetHttpProxy("default", new()
        {
            Region = "us-central1",
            Name = "website-proxy",
            UrlMap = defaultRegionUrlMap.Id,
        });
    
        var defaultAddress = new Gcp.Compute.Address("default", new()
        {
            Name = "website-ip-1",
            Region = "us-central1",
            NetworkTier = "STANDARD",
        });
    
        // Forwarding rule for Regional External Load Balancing
        var @default = new Gcp.Compute.ForwardingRule("default", new()
        {
            Name = "website-forwarding-rule",
            Region = "us-central1",
            IpProtocol = "TCP",
            LoadBalancingScheme = "EXTERNAL_MANAGED",
            PortRange = "80",
            Target = defaultRegionTargetHttpProxy.Id,
            Network = defaultNetwork.Id,
            IpAddress = defaultAddress.Id,
            NetworkTier = "STANDARD",
        });
    
        var fw1 = new Gcp.Compute.Firewall("fw1", new()
        {
            Name = "website-fw-1",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "10.1.2.0/24",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "udp",
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "icmp",
                },
            },
            Direction = "INGRESS",
        });
    
        var fw2 = new Gcp.Compute.Firewall("fw2", new()
        {
            Name = "website-fw-2",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "0.0.0.0/0",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "22",
                    },
                },
            },
            TargetTags = new[]
            {
                "allow-ssh",
            },
            Direction = "INGRESS",
        });
    
        var fw3 = new Gcp.Compute.Firewall("fw3", new()
        {
            Name = "website-fw-3",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "130.211.0.0/22",
                "35.191.0.0/16",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                },
            },
            TargetTags = new[]
            {
                "load-balanced-backend",
            },
            Direction = "INGRESS",
        });
    
        var fw4 = new Gcp.Compute.Firewall("fw4", new()
        {
            Name = "website-fw-4",
            Network = defaultNetwork.Id,
            SourceRanges = new[]
            {
                "10.129.0.0/26",
            },
            TargetTags = new[]
            {
                "load-balanced-backend",
            },
            Allows = new[]
            {
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "80",
                    },
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "443",
                    },
                },
                new Gcp.Compute.Inputs.FirewallAllowArgs
                {
                    Protocol = "tcp",
                    Ports = new[]
                    {
                        "8000",
                    },
                },
            },
            Direction = "INGRESS",
        });
    
        var proxy = new Gcp.Compute.Subnetwork("proxy", new()
        {
            Name = "website-net-proxy",
            IpCidrRange = "10.129.0.0/26",
            Region = "us-central1",
            Network = defaultNetwork.Id,
            Purpose = "REGIONAL_MANAGED_PROXY",
            Role = "ACTIVE",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.ComputeFunctions;
    import com.pulumi.gcp.compute.inputs.GetImageArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.InstanceTemplate;
    import com.pulumi.gcp.compute.InstanceTemplateArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
    import com.pulumi.gcp.compute.RegionInstanceGroupManager;
    import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
    import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
    import com.pulumi.gcp.compute.RegionUrlMap;
    import com.pulumi.gcp.compute.RegionUrlMapArgs;
    import com.pulumi.gcp.compute.RegionTargetHttpProxy;
    import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
    import com.pulumi.gcp.compute.Address;
    import com.pulumi.gcp.compute.AddressArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.Firewall;
    import com.pulumi.gcp.compute.FirewallArgs;
    import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
                .family("debian-11")
                .project("debian-cloud")
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
                .name("website-net")
                .autoCreateSubnetworks(false)
                .routingMode("REGIONAL")
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
                .name("website-net-default")
                .ipCidrRange("10.1.2.0/24")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build());
    
            var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
                .name("template-website-backend")
                .machineType("e2-medium")
                .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                    .network(defaultNetwork.id())
                    .subnetwork(defaultSubnetwork.id())
                    .build())
                .disks(InstanceTemplateDiskArgs.builder()
                    .sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
                    .autoDelete(true)
                    .boot(true)
                    .build())
                .tags(            
                    "allow-ssh",
                    "load-balanced-backend")
                .build());
    
            var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder()        
                .region("us-central1")
                .name("website-rigm")
                .versions(RegionInstanceGroupManagerVersionArgs.builder()
                    .instanceTemplate(instanceTemplate.id())
                    .name("primary")
                    .build())
                .baseInstanceName("internal-glb")
                .targetSize(1)
                .build());
    
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
                .region("us-central1")
                .name("website-hc")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .portSpecification("USE_SERVING_PORT")
                    .build())
                .build());
    
            var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()        
                .loadBalancingScheme("EXTERNAL_MANAGED")
                .backends(RegionBackendServiceBackendArgs.builder()
                    .group(rigm.instanceGroup())
                    .balancingMode("UTILIZATION")
                    .capacityScaler(1)
                    .build())
                .region("us-central1")
                .name("website-backend")
                .protocol("HTTP")
                .timeoutSec(10)
                .healthChecks(defaultRegionHealthCheck.id())
                .build());
    
            var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()        
                .region("us-central1")
                .name("website-map")
                .defaultService(defaultRegionBackendService.id())
                .build());
    
            var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()        
                .region("us-central1")
                .name("website-proxy")
                .urlMap(defaultRegionUrlMap.id())
                .build());
    
            var defaultAddress = new Address("defaultAddress", AddressArgs.builder()        
                .name("website-ip-1")
                .region("us-central1")
                .networkTier("STANDARD")
                .build());
    
            // Forwarding rule for Regional External Load Balancing
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .name("website-forwarding-rule")
                .region("us-central1")
                .ipProtocol("TCP")
                .loadBalancingScheme("EXTERNAL_MANAGED")
                .portRange("80")
                .target(defaultRegionTargetHttpProxy.id())
                .network(defaultNetwork.id())
                .ipAddress(defaultAddress.id())
                .networkTier("STANDARD")
                .build());
    
            var fw1 = new Firewall("fw1", FirewallArgs.builder()        
                .name("website-fw-1")
                .network(defaultNetwork.id())
                .sourceRanges("10.1.2.0/24")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("udp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("icmp")
                        .build())
                .direction("INGRESS")
                .build());
    
            var fw2 = new Firewall("fw2", FirewallArgs.builder()        
                .name("website-fw-2")
                .network(defaultNetwork.id())
                .sourceRanges("0.0.0.0/0")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("22")
                    .build())
                .targetTags("allow-ssh")
                .direction("INGRESS")
                .build());
    
            var fw3 = new Firewall("fw3", FirewallArgs.builder()        
                .name("website-fw-3")
                .network(defaultNetwork.id())
                .sourceRanges(            
                    "130.211.0.0/22",
                    "35.191.0.0/16")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build())
                .targetTags("load-balanced-backend")
                .direction("INGRESS")
                .build());
    
            var fw4 = new Firewall("fw4", FirewallArgs.builder()        
                .name("website-fw-4")
                .network(defaultNetwork.id())
                .sourceRanges("10.129.0.0/26")
                .targetTags("load-balanced-backend")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("80")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("443")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("8000")
                        .build())
                .direction("INGRESS")
                .build());
    
            var proxy = new Subnetwork("proxy", SubnetworkArgs.builder()        
                .name("website-net-proxy")
                .ipCidrRange("10.129.0.0/26")
                .region("us-central1")
                .network(defaultNetwork.id())
                .purpose("REGIONAL_MANAGED_PROXY")
                .role("ACTIVE")
                .build());
    
        }
    }
    
    resources:
      # Forwarding rule for Regional External Load Balancing
      default:
        type: gcp:compute:ForwardingRule
        properties:
          name: website-forwarding-rule
          region: us-central1
          ipProtocol: TCP
          loadBalancingScheme: EXTERNAL_MANAGED
          portRange: '80'
          target: ${defaultRegionTargetHttpProxy.id}
          network: ${defaultNetwork.id}
          ipAddress: ${defaultAddress.id}
          networkTier: STANDARD
      defaultRegionTargetHttpProxy:
        type: gcp:compute:RegionTargetHttpProxy
        name: default
        properties:
          region: us-central1
          name: website-proxy
          urlMap: ${defaultRegionUrlMap.id}
      defaultRegionUrlMap:
        type: gcp:compute:RegionUrlMap
        name: default
        properties:
          region: us-central1
          name: website-map
          defaultService: ${defaultRegionBackendService.id}
      defaultRegionBackendService:
        type: gcp:compute:RegionBackendService
        name: default
        properties:
          loadBalancingScheme: EXTERNAL_MANAGED
          backends:
            - group: ${rigm.instanceGroup}
              balancingMode: UTILIZATION
              capacityScaler: 1
          region: us-central1
          name: website-backend
          protocol: HTTP
          timeoutSec: 10
          healthChecks: ${defaultRegionHealthCheck.id}
      rigm:
        type: gcp:compute:RegionInstanceGroupManager
        properties:
          region: us-central1
          name: website-rigm
          versions:
            - instanceTemplate: ${instanceTemplate.id}
              name: primary
          baseInstanceName: internal-glb
          targetSize: 1
      instanceTemplate:
        type: gcp:compute:InstanceTemplate
        name: instance_template
        properties:
          name: template-website-backend
          machineType: e2-medium
          networkInterfaces:
            - network: ${defaultNetwork.id}
              subnetwork: ${defaultSubnetwork.id}
          disks:
            - sourceImage: ${debianImage.selfLink}
              autoDelete: true
              boot: true
          tags:
            - allow-ssh
            - load-balanced-backend
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        name: default
        properties:
          region: us-central1
          name: website-hc
          httpHealthCheck:
            portSpecification: USE_SERVING_PORT
      defaultAddress:
        type: gcp:compute:Address
        name: default
        properties:
          name: website-ip-1
          region: us-central1
          networkTier: STANDARD
      fw1:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-1
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.1.2.0/24
          allows:
            - protocol: tcp
            - protocol: udp
            - protocol: icmp
          direction: INGRESS
      fw2:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-2
          network: ${defaultNetwork.id}
          sourceRanges:
            - 0.0.0.0/0
          allows:
            - protocol: tcp
              ports:
                - '22'
          targetTags:
            - allow-ssh
          direction: INGRESS
      fw3:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-3
          network: ${defaultNetwork.id}
          sourceRanges:
            - 130.211.0.0/22
            - 35.191.0.0/16
          allows:
            - protocol: tcp
          targetTags:
            - load-balanced-backend
          direction: INGRESS
      fw4:
        type: gcp:compute:Firewall
        properties:
          name: website-fw-4
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.129.0.0/26
          targetTags:
            - load-balanced-backend
          allows:
            - protocol: tcp
              ports:
                - '80'
            - protocol: tcp
              ports:
                - '443'
            - protocol: tcp
              ports:
                - '8000'
          direction: INGRESS
      defaultNetwork:
        type: gcp:compute:Network
        name: default
        properties:
          name: website-net
          autoCreateSubnetworks: false
          routingMode: REGIONAL
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        name: default
        properties:
          name: website-net-default
          ipCidrRange: 10.1.2.0/24
          region: us-central1
          network: ${defaultNetwork.id}
      proxy:
        type: gcp:compute:Subnetwork
        properties:
          name: website-net-proxy
          ipCidrRange: 10.129.0.0/26
          region: us-central1
          network: ${defaultNetwork.id}
          purpose: REGIONAL_MANAGED_PROXY
          role: ACTIVE
    variables:
      debianImage:
        fn::invoke:
          Function: gcp:compute:getImage
          Arguments:
            family: debian-11
            project: debian-cloud
    

    Forwarding Rule Vpc Psc

    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    // Consumer service endpoint
    const consumerNet = new gcp.compute.Network("consumer_net", {
        name: "consumer-net",
        autoCreateSubnetworks: false,
    });
    const consumerSubnet = new gcp.compute.Subnetwork("consumer_subnet", {
        name: "consumer-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: consumerNet.id,
    });
    const consumerAddress = new gcp.compute.Address("consumer_address", {
        name: "website-ip-1",
        region: "us-central1",
        subnetwork: consumerSubnet.id,
        addressType: "INTERNAL",
    });
    // Producer service attachment
    const producerNet = new gcp.compute.Network("producer_net", {
        name: "producer-net",
        autoCreateSubnetworks: false,
    });
    const pscProducerSubnet = new gcp.compute.Subnetwork("psc_producer_subnet", {
        name: "producer-psc-net",
        ipCidrRange: "10.1.0.0/16",
        region: "us-central1",
        purpose: "PRIVATE_SERVICE_CONNECT",
        network: producerNet.id,
    });
    const producerSubnet = new gcp.compute.Subnetwork("producer_subnet", {
        name: "producer-net",
        ipCidrRange: "10.0.0.0/16",
        region: "us-central1",
        network: producerNet.id,
    });
    const producerServiceHealthCheck = new gcp.compute.HealthCheck("producer_service_health_check", {
        name: "producer-service-health-check",
        checkIntervalSec: 1,
        timeoutSec: 1,
        tcpHealthCheck: {
            port: 80,
        },
    });
    const producerServiceBackend = new gcp.compute.RegionBackendService("producer_service_backend", {
        name: "producer-service-backend",
        region: "us-central1",
        healthChecks: producerServiceHealthCheck.id,
    });
    const producerTargetService = new gcp.compute.ForwardingRule("producer_target_service", {
        name: "producer-forwarding-rule",
        region: "us-central1",
        loadBalancingScheme: "INTERNAL",
        backendService: producerServiceBackend.id,
        allPorts: true,
        network: producerNet.name,
        subnetwork: producerSubnet.name,
    });
    const producerServiceAttachment = new gcp.compute.ServiceAttachment("producer_service_attachment", {
        name: "producer-service",
        region: "us-central1",
        description: "A service attachment configured with Terraform",
        enableProxyProtocol: true,
        connectionPreference: "ACCEPT_AUTOMATIC",
        natSubnets: [pscProducerSubnet.name],
        targetService: producerTargetService.id,
    });
    // Forwarding rule for VPC private service connect
    const _default = new gcp.compute.ForwardingRule("default", {
        name: "psc-endpoint",
        region: "us-central1",
        loadBalancingScheme: "",
        target: producerServiceAttachment.id,
        network: consumerNet.name,
        ipAddress: consumerAddress.id,
        allowPscGlobalAccess: true,
    });
    
    import pulumi
    import pulumi_gcp as gcp
    
    # Consumer service endpoint
    consumer_net = gcp.compute.Network("consumer_net",
        name="consumer-net",
        auto_create_subnetworks=False)
    consumer_subnet = gcp.compute.Subnetwork("consumer_subnet",
        name="consumer-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=consumer_net.id)
    consumer_address = gcp.compute.Address("consumer_address",
        name="website-ip-1",
        region="us-central1",
        subnetwork=consumer_subnet.id,
        address_type="INTERNAL")
    # Producer service attachment
    producer_net = gcp.compute.Network("producer_net",
        name="producer-net",
        auto_create_subnetworks=False)
    psc_producer_subnet = gcp.compute.Subnetwork("psc_producer_subnet",
        name="producer-psc-net",
        ip_cidr_range="10.1.0.0/16",
        region="us-central1",
        purpose="PRIVATE_SERVICE_CONNECT",
        network=producer_net.id)
    producer_subnet = gcp.compute.Subnetwork("producer_subnet",
        name="producer-net",
        ip_cidr_range="10.0.0.0/16",
        region="us-central1",
        network=producer_net.id)
    producer_service_health_check = gcp.compute.HealthCheck("producer_service_health_check",
        name="producer-service-health-check",
        check_interval_sec=1,
        timeout_sec=1,
        tcp_health_check=gcp.compute.HealthCheckTcpHealthCheckArgs(
            port=80,
        ))
    producer_service_backend = gcp.compute.RegionBackendService("producer_service_backend",
        name="producer-service-backend",
        region="us-central1",
        health_checks=producer_service_health_check.id)
    producer_target_service = gcp.compute.ForwardingRule("producer_target_service",
        name="producer-forwarding-rule",
        region="us-central1",
        load_balancing_scheme="INTERNAL",
        backend_service=producer_service_backend.id,
        all_ports=True,
        network=producer_net.name,
        subnetwork=producer_subnet.name)
    producer_service_attachment = gcp.compute.ServiceAttachment("producer_service_attachment",
        name="producer-service",
        region="us-central1",
        description="A service attachment configured with Terraform",
        enable_proxy_protocol=True,
        connection_preference="ACCEPT_AUTOMATIC",
        nat_subnets=[psc_producer_subnet.name],
        target_service=producer_target_service.id)
    # Forwarding rule for VPC private service connect
    default = gcp.compute.ForwardingRule("default",
        name="psc-endpoint",
        region="us-central1",