Google Cloud Classic v6.57.0, May 30 23
Google Cloud Classic v6.57.0, May 30 23
gcp.compute.ForwardingRule
Explore with Pulumi AI
A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, portRange] tuple.
To get more information about ForwardingRule, see:
- API documentation
- How-to Guides
Example Usage
Internal Http Lb With Mig Backend
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.RegionInstanceGroupManager;
import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
import com.pulumi.gcp.compute.RegionUrlMap;
import com.pulumi.gcp.compute.RegionUrlMapArgs;
import com.pulumi.gcp.compute.RegionTargetHttpProxy;
import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.gcp.compute.Instance;
import com.pulumi.gcp.compute.InstanceArgs;
import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ilbNetwork = new Network("ilbNetwork", NetworkArgs.builder()
.autoCreateSubnetworks(false)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var proxySubnet = new Subnetwork("proxySubnet", SubnetworkArgs.builder()
.ipCidrRange("10.0.0.0/24")
.region("europe-west1")
.purpose("INTERNAL_HTTPS_LOAD_BALANCER")
.role("ACTIVE")
.network(ilbNetwork.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var ilbSubnet = new Subnetwork("ilbSubnet", SubnetworkArgs.builder()
.ipCidrRange("10.0.1.0/24")
.region("europe-west1")
.network(ilbNetwork.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()
.region("europe-west1")
.httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
.portSpecification("USE_SERVING_PORT")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()
.machineType("e2-small")
.tags("http-server")
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.network(ilbNetwork.id())
.subnetwork(ilbSubnet.id())
.accessConfigs()
.build())
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage("debian-cloud/debian-10")
.autoDelete(true)
.boot(true)
.build())
.metadata(Map.of("startup-script", """
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
"""))
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var mig = new RegionInstanceGroupManager("mig", RegionInstanceGroupManagerArgs.builder()
.region("europe-west1")
.versions(RegionInstanceGroupManagerVersionArgs.builder()
.instanceTemplate(instanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("vm")
.targetSize(2)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()
.region("europe-west1")
.protocol("HTTP")
.loadBalancingScheme("INTERNAL_MANAGED")
.timeoutSec(10)
.healthChecks(defaultRegionHealthCheck.id())
.backends(RegionBackendServiceBackendArgs.builder()
.group(mig.instanceGroup())
.balancingMode("UTILIZATION")
.capacityScaler(1)
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()
.region("europe-west1")
.defaultService(defaultRegionBackendService.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()
.region("europe-west1")
.urlMap(defaultRegionUrlMap.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var googleComputeForwardingRule = new ForwardingRule("googleComputeForwardingRule", ForwardingRuleArgs.builder()
.region("europe-west1")
.ipProtocol("TCP")
.loadBalancingScheme("INTERNAL_MANAGED")
.portRange("80")
.target(defaultRegionTargetHttpProxy.id())
.network(ilbNetwork.id())
.subnetwork(ilbSubnet.id())
.networkTier("PREMIUM")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.dependsOn(proxySubnet)
.build());
var fw_iap = new Firewall("fw-iap", FirewallArgs.builder()
.direction("INGRESS")
.network(ilbNetwork.id())
.sourceRanges(
"130.211.0.0/22",
"35.191.0.0/16",
"35.235.240.0/20")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var fw_ilb_to_backends = new Firewall("fw-ilb-to-backends", FirewallArgs.builder()
.direction("INGRESS")
.network(ilbNetwork.id())
.sourceRanges("10.0.0.0/24")
.targetTags("http-server")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.ports(
"80",
"443",
"8080")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var vm_test = new Instance("vm-test", InstanceArgs.builder()
.zone("europe-west1-b")
.machineType("e2-small")
.networkInterfaces(InstanceNetworkInterfaceArgs.builder()
.network(ilbNetwork.id())
.subnetwork(ilbSubnet.id())
.build())
.bootDisk(InstanceBootDiskArgs.builder()
.initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
.image("debian-cloud/debian-10")
.build())
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}
Coming soon!
Coming soon!
resources:
# Internal HTTP load balancer with a managed instance group backend
# VPC network
ilbNetwork:
type: gcp:compute:Network
properties:
autoCreateSubnetworks: false
options:
provider: ${["google-beta"]}
# proxy-only subnet
proxySubnet:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.0.0.0/24
region: europe-west1
purpose: INTERNAL_HTTPS_LOAD_BALANCER
role: ACTIVE
network: ${ilbNetwork.id}
options:
provider: ${["google-beta"]}
# backend subnet
ilbSubnet:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.0.1.0/24
region: europe-west1
network: ${ilbNetwork.id}
options:
provider: ${["google-beta"]}
# forwarding rule
googleComputeForwardingRule:
type: gcp:compute:ForwardingRule
properties:
region: europe-west1
ipProtocol: TCP
loadBalancingScheme: INTERNAL_MANAGED
portRange: '80'
target: ${defaultRegionTargetHttpProxy.id}
network: ${ilbNetwork.id}
subnetwork: ${ilbSubnet.id}
networkTier: PREMIUM
options:
provider: ${["google-beta"]}
dependson:
- ${proxySubnet}
# HTTP target proxy
defaultRegionTargetHttpProxy:
type: gcp:compute:RegionTargetHttpProxy
properties:
region: europe-west1
urlMap: ${defaultRegionUrlMap.id}
options:
provider: ${["google-beta"]}
# URL map
defaultRegionUrlMap:
type: gcp:compute:RegionUrlMap
properties:
region: europe-west1
defaultService: ${defaultRegionBackendService.id}
options:
provider: ${["google-beta"]}
# backend service
defaultRegionBackendService:
type: gcp:compute:RegionBackendService
properties:
region: europe-west1
protocol: HTTP
loadBalancingScheme: INTERNAL_MANAGED
timeoutSec: 10
healthChecks:
- ${defaultRegionHealthCheck.id}
backends:
- group: ${mig.instanceGroup}
balancingMode: UTILIZATION
capacityScaler: 1
options:
provider: ${["google-beta"]}
# instance template
instanceTemplate:
type: gcp:compute:InstanceTemplate
properties:
machineType: e2-small
tags:
- http-server
networkInterfaces:
- network: ${ilbNetwork.id}
subnetwork: ${ilbSubnet.id}
accessConfigs:
- {}
disks:
- sourceImage: debian-cloud/debian-10
autoDelete: true
boot: true
# install nginx and serve a simple web page
metadata:
startup-script: |
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
options:
provider: ${["google-beta"]}
# health check
defaultRegionHealthCheck:
type: gcp:compute:RegionHealthCheck
properties:
region: europe-west1
httpHealthCheck:
portSpecification: USE_SERVING_PORT
options:
provider: ${["google-beta"]}
# MIG
mig:
type: gcp:compute:RegionInstanceGroupManager
properties:
region: europe-west1
versions:
- instanceTemplate: ${instanceTemplate.id}
name: primary
baseInstanceName: vm
targetSize: 2
options:
provider: ${["google-beta"]}
# allow all access from IAP and health check ranges
fw-iap:
type: gcp:compute:Firewall
properties:
direction: INGRESS
network: ${ilbNetwork.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
- 35.235.240.0/20
allows:
- protocol: tcp
options:
provider: ${["google-beta"]}
# allow http from proxy subnet to backends
fw-ilb-to-backends:
type: gcp:compute:Firewall
properties:
direction: INGRESS
network: ${ilbNetwork.id}
sourceRanges:
- 10.0.0.0/24
targetTags:
- http-server
allows:
- protocol: tcp
ports:
- '80'
- '443'
- '8080'
options:
provider: ${["google-beta"]}
# test instance
vm-test:
type: gcp:compute:Instance
properties:
zone: europe-west1-b
machineType: e2-small
networkInterfaces:
- network: ${ilbNetwork.id}
subnetwork: ${ilbSubnet.id}
bootDisk:
initializeParams:
image: debian-cloud/debian-10
options:
provider: ${["google-beta"]}
Internal Tcp Udp Lb With Mig Backend
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.RegionInstanceGroupManager;
import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.gcp.compute.Instance;
import com.pulumi.gcp.compute.InstanceArgs;
import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var ilbNetwork = new Network("ilbNetwork", NetworkArgs.builder()
.autoCreateSubnetworks(false)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var ilbSubnet = new Subnetwork("ilbSubnet", SubnetworkArgs.builder()
.ipCidrRange("10.0.1.0/24")
.region("europe-west1")
.network(ilbNetwork.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()
.region("europe-west1")
.httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
.port("80")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()
.machineType("e2-small")
.tags(
"allow-ssh",
"allow-health-check")
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.network(ilbNetwork.id())
.subnetwork(ilbSubnet.id())
.accessConfigs()
.build())
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage("debian-cloud/debian-10")
.autoDelete(true)
.boot(true)
.build())
.metadata(Map.of("startup-script", """
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
"""))
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var mig = new RegionInstanceGroupManager("mig", RegionInstanceGroupManagerArgs.builder()
.region("europe-west1")
.versions(RegionInstanceGroupManagerVersionArgs.builder()
.instanceTemplate(instanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("vm")
.targetSize(2)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()
.region("europe-west1")
.protocol("TCP")
.loadBalancingScheme("INTERNAL")
.healthChecks(defaultRegionHealthCheck.id())
.backends(RegionBackendServiceBackendArgs.builder()
.group(mig.instanceGroup())
.balancingMode("CONNECTION")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var googleComputeForwardingRule = new ForwardingRule("googleComputeForwardingRule", ForwardingRuleArgs.builder()
.backendService(defaultRegionBackendService.id())
.region("europe-west1")
.ipProtocol("TCP")
.loadBalancingScheme("INTERNAL")
.allPorts(true)
.allowGlobalAccess(true)
.network(ilbNetwork.id())
.subnetwork(ilbSubnet.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var fwHc = new Firewall("fwHc", FirewallArgs.builder()
.direction("INGRESS")
.network(ilbNetwork.id())
.sourceRanges(
"130.211.0.0/22",
"35.191.0.0/16",
"35.235.240.0/20")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.build())
.targetTags("allow-health-check")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var fwIlbToBackends = new Firewall("fwIlbToBackends", FirewallArgs.builder()
.direction("INGRESS")
.network(ilbNetwork.id())
.sourceRanges("10.0.1.0/24")
.allows(
FirewallAllowArgs.builder()
.protocol("tcp")
.build(),
FirewallAllowArgs.builder()
.protocol("udp")
.build(),
FirewallAllowArgs.builder()
.protocol("icmp")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var fwIlbSsh = new Firewall("fwIlbSsh", FirewallArgs.builder()
.direction("INGRESS")
.network(ilbNetwork.id())
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.ports("22")
.build())
.targetTags("allow-ssh")
.sourceRanges("0.0.0.0/0")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var vmTest = new Instance("vmTest", InstanceArgs.builder()
.zone("europe-west1-b")
.machineType("e2-small")
.networkInterfaces(InstanceNetworkInterfaceArgs.builder()
.network(ilbNetwork.id())
.subnetwork(ilbSubnet.id())
.build())
.bootDisk(InstanceBootDiskArgs.builder()
.initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
.image("debian-cloud/debian-10")
.build())
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}
Coming soon!
Coming soon!
resources:
# Internal TCP/UDP load balancer with a managed instance group backend
# VPC
ilbNetwork:
type: gcp:compute:Network
properties:
autoCreateSubnetworks: false
options:
provider: ${["google-beta"]}
# backed subnet
ilbSubnet:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.0.1.0/24
region: europe-west1
network: ${ilbNetwork.id}
options:
provider: ${["google-beta"]}
# forwarding rule
googleComputeForwardingRule:
type: gcp:compute:ForwardingRule
properties:
backendService: ${defaultRegionBackendService.id}
region: europe-west1
ipProtocol: TCP
loadBalancingScheme: INTERNAL
allPorts: true
allowGlobalAccess: true
network: ${ilbNetwork.id}
subnetwork: ${ilbSubnet.id}
options:
provider: ${["google-beta"]}
# backend service
defaultRegionBackendService:
type: gcp:compute:RegionBackendService
properties:
region: europe-west1
protocol: TCP
loadBalancingScheme: INTERNAL
healthChecks:
- ${defaultRegionHealthCheck.id}
backends:
- group: ${mig.instanceGroup}
balancingMode: CONNECTION
options:
provider: ${["google-beta"]}
# instance template
instanceTemplate:
type: gcp:compute:InstanceTemplate
properties:
machineType: e2-small
tags:
- allow-ssh
- allow-health-check
networkInterfaces:
- network: ${ilbNetwork.id}
subnetwork: ${ilbSubnet.id}
accessConfigs:
- {}
disks:
- sourceImage: debian-cloud/debian-10
autoDelete: true
boot: true
# install nginx and serve a simple web page
metadata:
startup-script: |
#! /bin/bash
set -euo pipefail
export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq
NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
options:
provider: ${["google-beta"]}
# health check
defaultRegionHealthCheck:
type: gcp:compute:RegionHealthCheck
properties:
region: europe-west1
httpHealthCheck:
port: '80'
options:
provider: ${["google-beta"]}
# MIG
mig:
type: gcp:compute:RegionInstanceGroupManager
properties:
region: europe-west1
versions:
- instanceTemplate: ${instanceTemplate.id}
name: primary
baseInstanceName: vm
targetSize: 2
options:
provider: ${["google-beta"]}
# allow all access from health check ranges
fwHc:
type: gcp:compute:Firewall
properties:
direction: INGRESS
network: ${ilbNetwork.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
- 35.235.240.0/20
allows:
- protocol: tcp
targetTags:
- allow-health-check
options:
provider: ${["google-beta"]}
# allow communication within the subnet
fwIlbToBackends:
type: gcp:compute:Firewall
properties:
direction: INGRESS
network: ${ilbNetwork.id}
sourceRanges:
- 10.0.1.0/24
allows:
- protocol: tcp
- protocol: udp
- protocol: icmp
options:
provider: ${["google-beta"]}
# allow SSH
fwIlbSsh:
type: gcp:compute:Firewall
properties:
direction: INGRESS
network: ${ilbNetwork.id}
allows:
- protocol: tcp
ports:
- '22'
targetTags:
- allow-ssh
sourceRanges:
- 0.0.0.0/0
options:
provider: ${["google-beta"]}
# test instance
vmTest:
type: gcp:compute:Instance
properties:
zone: europe-west1-b
machineType: e2-small
networkInterfaces:
- network: ${ilbNetwork.id}
subnetwork: ${ilbSubnet.id}
bootDisk:
initializeParams:
image: debian-cloud/debian-10
options:
provider: ${["google-beta"]}
Forwarding Rule Externallb
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var hc = new RegionHealthCheck("hc", RegionHealthCheckArgs.builder()
.checkIntervalSec(1)
.timeoutSec(1)
.region("us-central1")
.tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()
.region("us-central1")
.loadBalancingScheme("EXTERNAL")
.healthChecks(hc.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
.region("us-central1")
.portRange(80)
.backendService(backend.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}
Coming soon!
Coming soon!
resources:
# Forwarding rule for External Network Load Balancing using Backend Services
default:
type: gcp:compute:ForwardingRule
properties:
region: us-central1
portRange: 80
backendService: ${backend.id}
options:
provider: ${["google-beta"]}
backend:
type: gcp:compute:RegionBackendService
properties:
region: us-central1
loadBalancingScheme: EXTERNAL
healthChecks:
- ${hc.id}
options:
provider: ${["google-beta"]}
hc:
type: gcp:compute:RegionHealthCheck
properties:
checkIntervalSec: 1
timeoutSec: 1
region: us-central1
tcpHealthCheck:
port: '80'
options:
provider: ${["google-beta"]}
Forwarding Rule Global Internallb
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var defaultTargetPool = new Gcp.Compute.TargetPool("defaultTargetPool");
var defaultForwardingRule = new Gcp.Compute.ForwardingRule("defaultForwardingRule", new()
{
Target = defaultTargetPool.Id,
PortRange = "80",
});
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
defaultTargetPool, err := compute.NewTargetPool(ctx, "defaultTargetPool", nil)
if err != nil {
return err
}
_, err = compute.NewForwardingRule(ctx, "defaultForwardingRule", &compute.ForwardingRuleArgs{
Target: defaultTargetPool.ID(),
PortRange: pulumi.String("80"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var hc = new HealthCheck("hc", HealthCheckArgs.builder()
.checkIntervalSec(1)
.timeoutSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()
.region("us-central1")
.healthChecks(hc.id())
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.network(defaultNetwork.id())
.build());
var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()
.region("us-central1")
.loadBalancingScheme("INTERNAL")
.backendService(backend.id())
.allPorts(true)
.allowGlobalAccess(true)
.network(defaultNetwork.name())
.subnetwork(defaultSubnetwork.name())
.build());
}
}
import pulumi
import pulumi_gcp as gcp
default_target_pool = gcp.compute.TargetPool("defaultTargetPool")
default_forwarding_rule = gcp.compute.ForwardingRule("defaultForwardingRule",
target=default_target_pool.id,
port_range="80")
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const defaultTargetPool = new gcp.compute.TargetPool("defaultTargetPool", {});
const defaultForwardingRule = new gcp.compute.ForwardingRule("defaultForwardingRule", {
target: defaultTargetPool.id,
portRange: "80",
});
resources:
# Forwarding rule for Internal Load Balancing
defaultForwardingRule:
type: gcp:compute:ForwardingRule
properties:
region: us-central1
loadBalancingScheme: INTERNAL
backendService: ${backend.id}
allPorts: true
allowGlobalAccess: true
network: ${defaultNetwork.name}
subnetwork: ${defaultSubnetwork.name}
backend:
type: gcp:compute:RegionBackendService
properties:
region: us-central1
healthChecks:
- ${hc.id}
hc:
type: gcp:compute:HealthCheck
properties:
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
defaultNetwork:
type: gcp:compute:Network
properties:
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${defaultNetwork.id}
Forwarding Rule Basic
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.TargetPool;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var defaultTargetPool = new TargetPool("defaultTargetPool");
var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()
.target(defaultTargetPool.id())
.portRange("80")
.build());
}
}
Coming soon!
Coming soon!
resources:
defaultForwardingRule:
type: gcp:compute:ForwardingRule
properties:
target: ${defaultTargetPool.id}
portRange: '80'
defaultTargetPool:
type: gcp:compute:TargetPool
Forwarding Rule L3 Default
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var healthCheck = new RegionHealthCheck("healthCheck", RegionHealthCheckArgs.builder()
.region("us-central1")
.tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()
.port(80)
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var service = new RegionBackendService("service", RegionBackendServiceArgs.builder()
.region("us-central1")
.healthChecks(healthCheck.id())
.protocol("UNSPECIFIED")
.loadBalancingScheme("EXTERNAL")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var fwdRule = new ForwardingRule("fwdRule", ForwardingRuleArgs.builder()
.backendService(service.id())
.ipProtocol("L3_DEFAULT")
.allPorts(true)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}
Coming soon!
Coming soon!
resources:
fwdRule:
type: gcp:compute:ForwardingRule
properties:
backendService: ${service.id}
ipProtocol: L3_DEFAULT
allPorts: true
options:
provider: ${["google-beta"]}
service:
type: gcp:compute:RegionBackendService
properties:
region: us-central1
healthChecks:
- ${healthCheck.id}
protocol: UNSPECIFIED
loadBalancingScheme: EXTERNAL
options:
provider: ${["google-beta"]}
healthCheck:
type: gcp:compute:RegionHealthCheck
properties:
region: us-central1
tcpHealthCheck:
port: 80
options:
provider: ${["google-beta"]}
Forwarding Rule Internallb
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var hc = new HealthCheck("hc", HealthCheckArgs.builder()
.checkIntervalSec(1)
.timeoutSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build());
var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()
.region("us-central1")
.healthChecks(hc.id())
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.autoCreateSubnetworks(false)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.network(defaultNetwork.id())
.build());
var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()
.region("us-central1")
.loadBalancingScheme("INTERNAL")
.backendService(backend.id())
.allPorts(true)
.network(defaultNetwork.name())
.subnetwork(defaultSubnetwork.name())
.build());
}
}
Coming soon!
Coming soon!
resources:
# Forwarding rule for Internal Load Balancing
defaultForwardingRule:
type: gcp:compute:ForwardingRule
properties:
region: us-central1
loadBalancingScheme: INTERNAL
backendService: ${backend.id}
allPorts: true
network: ${defaultNetwork.name}
subnetwork: ${defaultSubnetwork.name}
backend:
type: gcp:compute:RegionBackendService
properties:
region: us-central1
healthChecks:
- ${hc.id}
hc:
type: gcp:compute:HealthCheck
properties:
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
defaultNetwork:
type: gcp:compute:Network
properties:
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${defaultNetwork.id}
Forwarding Rule Http Lb
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetImageArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.RegionInstanceGroupManager;
import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
import com.pulumi.gcp.compute.RegionUrlMap;
import com.pulumi.gcp.compute.RegionUrlMapArgs;
import com.pulumi.gcp.compute.RegionTargetHttpProxy;
import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
.family("debian-11")
.project("debian-cloud")
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.autoCreateSubnetworks(false)
.routingMode("REGIONAL")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.ipCidrRange("10.1.2.0/24")
.region("us-central1")
.network(defaultNetwork.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()
.machineType("e2-medium")
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.build())
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
.autoDelete(true)
.boot(true)
.build())
.tags(
"allow-ssh",
"load-balanced-backend")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder()
.region("us-central1")
.versions(RegionInstanceGroupManagerVersionArgs.builder()
.instanceTemplate(instanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("internal-glb")
.targetSize(1)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var fw1 = new Firewall("fw1", FirewallArgs.builder()
.network(defaultNetwork.id())
.sourceRanges("10.1.2.0/24")
.allows(
FirewallAllowArgs.builder()
.protocol("tcp")
.build(),
FirewallAllowArgs.builder()
.protocol("udp")
.build(),
FirewallAllowArgs.builder()
.protocol("icmp")
.build())
.direction("INGRESS")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var fw2 = new Firewall("fw2", FirewallArgs.builder()
.network(defaultNetwork.id())
.sourceRanges("0.0.0.0/0")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.ports("22")
.build())
.targetTags("allow-ssh")
.direction("INGRESS")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.dependsOn(fw1)
.build());
var fw3 = new Firewall("fw3", FirewallArgs.builder()
.network(defaultNetwork.id())
.sourceRanges(
"130.211.0.0/22",
"35.191.0.0/16")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.build())
.targetTags("load-balanced-backend")
.direction("INGRESS")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.dependsOn(fw2)
.build());
var fw4 = new Firewall("fw4", FirewallArgs.builder()
.network(defaultNetwork.id())
.sourceRanges("10.129.0.0/26")
.targetTags("load-balanced-backend")
.allows(
FirewallAllowArgs.builder()
.protocol("tcp")
.ports("80")
.build(),
FirewallAllowArgs.builder()
.protocol("tcp")
.ports("443")
.build(),
FirewallAllowArgs.builder()
.protocol("tcp")
.ports("8000")
.build())
.direction("INGRESS")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.dependsOn(fw3)
.build());
var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()
.region("us-central1")
.httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
.portSpecification("USE_SERVING_PORT")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.dependsOn(fw4)
.build());
var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()
.loadBalancingScheme("INTERNAL_MANAGED")
.backends(RegionBackendServiceBackendArgs.builder()
.group(rigm.instanceGroup())
.balancingMode("UTILIZATION")
.capacityScaler(1)
.build())
.region("us-central1")
.protocol("HTTP")
.timeoutSec(10)
.healthChecks(defaultRegionHealthCheck.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()
.region("us-central1")
.defaultService(defaultRegionBackendService.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()
.region("us-central1")
.urlMap(defaultRegionUrlMap.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var proxy = new Subnetwork("proxy", SubnetworkArgs.builder()
.ipCidrRange("10.129.0.0/26")
.region("us-central1")
.network(defaultNetwork.id())
.purpose("INTERNAL_HTTPS_LOAD_BALANCER")
.role("ACTIVE")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()
.region("us-central1")
.ipProtocol("TCP")
.loadBalancingScheme("INTERNAL_MANAGED")
.portRange("80")
.target(defaultRegionTargetHttpProxy.id())
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.networkTier("PREMIUM")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.dependsOn(proxy)
.build());
}
}
Coming soon!
Coming soon!
resources:
# Forwarding rule for Internal Load Balancing
defaultForwardingRule:
type: gcp:compute:ForwardingRule
properties:
region: us-central1
ipProtocol: TCP
loadBalancingScheme: INTERNAL_MANAGED
portRange: '80'
target: ${defaultRegionTargetHttpProxy.id}
network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
networkTier: PREMIUM
options:
provider: ${["google-beta"]}
dependson:
- ${proxy}
defaultRegionTargetHttpProxy:
type: gcp:compute:RegionTargetHttpProxy
properties:
region: us-central1
urlMap: ${defaultRegionUrlMap.id}
options:
provider: ${["google-beta"]}
defaultRegionUrlMap:
type: gcp:compute:RegionUrlMap
properties:
region: us-central1
defaultService: ${defaultRegionBackendService.id}
options:
provider: ${["google-beta"]}
defaultRegionBackendService:
type: gcp:compute:RegionBackendService
properties:
loadBalancingScheme: INTERNAL_MANAGED
backends:
- group: ${rigm.instanceGroup}
balancingMode: UTILIZATION
capacityScaler: 1
region: us-central1
protocol: HTTP
timeoutSec: 10
healthChecks:
- ${defaultRegionHealthCheck.id}
options:
provider: ${["google-beta"]}
rigm:
type: gcp:compute:RegionInstanceGroupManager
properties:
region: us-central1
versions:
- instanceTemplate: ${instanceTemplate.id}
name: primary
baseInstanceName: internal-glb
targetSize: 1
options:
provider: ${["google-beta"]}
instanceTemplate:
type: gcp:compute:InstanceTemplate
properties:
machineType: e2-medium
networkInterfaces:
- network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
disks:
- sourceImage: ${debianImage.selfLink}
autoDelete: true
boot: true
tags:
- allow-ssh
- load-balanced-backend
options:
provider: ${["google-beta"]}
defaultRegionHealthCheck:
type: gcp:compute:RegionHealthCheck
properties:
region: us-central1
httpHealthCheck:
portSpecification: USE_SERVING_PORT
options:
provider: ${["google-beta"]}
dependson:
- ${fw4}
fw1:
type: gcp:compute:Firewall
properties:
network: ${defaultNetwork.id}
sourceRanges:
- 10.1.2.0/24
allows:
- protocol: tcp
- protocol: udp
- protocol: icmp
direction: INGRESS
options:
provider: ${["google-beta"]}
fw2:
type: gcp:compute:Firewall
properties:
network: ${defaultNetwork.id}
sourceRanges:
- 0.0.0.0/0
allows:
- protocol: tcp
ports:
- '22'
targetTags:
- allow-ssh
direction: INGRESS
options:
provider: ${["google-beta"]}
dependson:
- ${fw1}
fw3:
type: gcp:compute:Firewall
properties:
network: ${defaultNetwork.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
allows:
- protocol: tcp
targetTags:
- load-balanced-backend
direction: INGRESS
options:
provider: ${["google-beta"]}
dependson:
- ${fw2}
fw4:
type: gcp:compute:Firewall
properties:
network: ${defaultNetwork.id}
sourceRanges:
- 10.129.0.0/26
targetTags:
- load-balanced-backend
allows:
- protocol: tcp
ports:
- '80'
- protocol: tcp
ports:
- '443'
- protocol: tcp
ports:
- '8000'
direction: INGRESS
options:
provider: ${["google-beta"]}
dependson:
- ${fw3}
defaultNetwork:
type: gcp:compute:Network
properties:
autoCreateSubnetworks: false
routingMode: REGIONAL
options:
provider: ${["google-beta"]}
defaultSubnetwork:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.1.2.0/24
region: us-central1
network: ${defaultNetwork.id}
options:
provider: ${["google-beta"]}
proxy:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.129.0.0/26
region: us-central1
network: ${defaultNetwork.id}
purpose: INTERNAL_HTTPS_LOAD_BALANCER
role: ACTIVE
options:
provider: ${["google-beta"]}
variables:
debianImage:
fn::invoke:
Function: gcp:compute:getImage
Arguments:
family: debian-11
project: debian-cloud
Forwarding Rule Regional Http Xlb
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetImageArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.RegionInstanceGroupManager;
import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
import com.pulumi.gcp.compute.RegionUrlMap;
import com.pulumi.gcp.compute.RegionUrlMapArgs;
import com.pulumi.gcp.compute.RegionTargetHttpProxy;
import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
.family("debian-11")
.project("debian-cloud")
.build());
var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()
.autoCreateSubnetworks(false)
.routingMode("REGIONAL")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()
.ipCidrRange("10.1.2.0/24")
.region("us-central1")
.network(defaultNetwork.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()
.machineType("e2-medium")
.networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
.network(defaultNetwork.id())
.subnetwork(defaultSubnetwork.id())
.build())
.disks(InstanceTemplateDiskArgs.builder()
.sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
.autoDelete(true)
.boot(true)
.build())
.tags(
"allow-ssh",
"load-balanced-backend")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder()
.region("us-central1")
.versions(RegionInstanceGroupManagerVersionArgs.builder()
.instanceTemplate(instanceTemplate.id())
.name("primary")
.build())
.baseInstanceName("internal-glb")
.targetSize(1)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var fw1 = new Firewall("fw1", FirewallArgs.builder()
.network(defaultNetwork.id())
.sourceRanges("10.1.2.0/24")
.allows(
FirewallAllowArgs.builder()
.protocol("tcp")
.build(),
FirewallAllowArgs.builder()
.protocol("udp")
.build(),
FirewallAllowArgs.builder()
.protocol("icmp")
.build())
.direction("INGRESS")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var fw2 = new Firewall("fw2", FirewallArgs.builder()
.network(defaultNetwork.id())
.sourceRanges("0.0.0.0/0")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.ports("22")
.build())
.targetTags("allow-ssh")
.direction("INGRESS")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.dependsOn(fw1)
.build());
var fw3 = new Firewall("fw3", FirewallArgs.builder()
.network(defaultNetwork.id())
.sourceRanges(
"130.211.0.0/22",
"35.191.0.0/16")
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.build())
.targetTags("load-balanced-backend")
.direction("INGRESS")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.dependsOn(fw2)
.build());
var fw4 = new Firewall("fw4", FirewallArgs.builder()
.network(defaultNetwork.id())
.sourceRanges("10.129.0.0/26")
.targetTags("load-balanced-backend")
.allows(
FirewallAllowArgs.builder()
.protocol("tcp")
.ports("80")
.build(),
FirewallAllowArgs.builder()
.protocol("tcp")
.ports("443")
.build(),
FirewallAllowArgs.builder()
.protocol("tcp")
.ports("8000")
.build())
.direction("INGRESS")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.dependsOn(fw3)
.build());
var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()
.region("us-central1")
.httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
.portSpecification("USE_SERVING_PORT")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.dependsOn(fw4)
.build());
var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()
.loadBalancingScheme("EXTERNAL_MANAGED")
.backends(RegionBackendServiceBackendArgs.builder()
.group(rigm.instanceGroup())
.balancingMode("UTILIZATION")
.capacityScaler(1)
.build())
.region("us-central1")
.protocol("HTTP")
.timeoutSec(10)
.healthChecks(defaultRegionHealthCheck.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()
.region("us-central1")
.defaultService(defaultRegionBackendService.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()
.region("us-central1")
.urlMap(defaultRegionUrlMap.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultAddress = new Address("defaultAddress", AddressArgs.builder()
.region("us-central1")
.networkTier("STANDARD")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var proxy = new Subnetwork("proxy", SubnetworkArgs.builder()
.ipCidrRange("10.129.0.0/26")
.region("us-central1")
.network(defaultNetwork.id())
.purpose("REGIONAL_MANAGED_PROXY")
.role("ACTIVE")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()
.region("us-central1")
.ipProtocol("TCP")
.loadBalancingScheme("EXTERNAL_MANAGED")
.portRange("80")
.target(defaultRegionTargetHttpProxy.id())
.network(defaultNetwork.id())
.ipAddress(defaultAddress.id())
.networkTier("STANDARD")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.dependsOn(proxy)
.build());
}
}
Coming soon!
Coming soon!
resources:
# Forwarding rule for Regional External Load Balancing
defaultForwardingRule:
type: gcp:compute:ForwardingRule
properties:
region: us-central1
ipProtocol: TCP
loadBalancingScheme: EXTERNAL_MANAGED
portRange: '80'
target: ${defaultRegionTargetHttpProxy.id}
network: ${defaultNetwork.id}
ipAddress: ${defaultAddress.id}
networkTier: STANDARD
options:
provider: ${["google-beta"]}
dependson:
- ${proxy}
defaultRegionTargetHttpProxy:
type: gcp:compute:RegionTargetHttpProxy
properties:
region: us-central1
urlMap: ${defaultRegionUrlMap.id}
options:
provider: ${["google-beta"]}
defaultRegionUrlMap:
type: gcp:compute:RegionUrlMap
properties:
region: us-central1
defaultService: ${defaultRegionBackendService.id}
options:
provider: ${["google-beta"]}
defaultRegionBackendService:
type: gcp:compute:RegionBackendService
properties:
loadBalancingScheme: EXTERNAL_MANAGED
backends:
- group: ${rigm.instanceGroup}
balancingMode: UTILIZATION
capacityScaler: 1
region: us-central1
protocol: HTTP
timeoutSec: 10
healthChecks:
- ${defaultRegionHealthCheck.id}
options:
provider: ${["google-beta"]}
rigm:
type: gcp:compute:RegionInstanceGroupManager
properties:
region: us-central1
versions:
- instanceTemplate: ${instanceTemplate.id}
name: primary
baseInstanceName: internal-glb
targetSize: 1
options:
provider: ${["google-beta"]}
instanceTemplate:
type: gcp:compute:InstanceTemplate
properties:
machineType: e2-medium
networkInterfaces:
- network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
disks:
- sourceImage: ${debianImage.selfLink}
autoDelete: true
boot: true
tags:
- allow-ssh
- load-balanced-backend
options:
provider: ${["google-beta"]}
defaultRegionHealthCheck:
type: gcp:compute:RegionHealthCheck
properties:
region: us-central1
httpHealthCheck:
portSpecification: USE_SERVING_PORT
options:
provider: ${["google-beta"]}
dependson:
- ${fw4}
defaultAddress:
type: gcp:compute:Address
properties:
region: us-central1
networkTier: STANDARD
options:
provider: ${["google-beta"]}
fw1:
type: gcp:compute:Firewall
properties:
network: ${defaultNetwork.id}
sourceRanges:
- 10.1.2.0/24
allows:
- protocol: tcp
- protocol: udp
- protocol: icmp
direction: INGRESS
options:
provider: ${["google-beta"]}
fw2:
type: gcp:compute:Firewall
properties:
network: ${defaultNetwork.id}
sourceRanges:
- 0.0.0.0/0
allows:
- protocol: tcp
ports:
- '22'
targetTags:
- allow-ssh
direction: INGRESS
options:
provider: ${["google-beta"]}
dependson:
- ${fw1}
fw3:
type: gcp:compute:Firewall
properties:
network: ${defaultNetwork.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
allows:
- protocol: tcp
targetTags:
- load-balanced-backend
direction: INGRESS
options:
provider: ${["google-beta"]}
dependson:
- ${fw2}
fw4:
type: gcp:compute:Firewall
properties:
network: ${defaultNetwork.id}
sourceRanges:
- 10.129.0.0/26
targetTags:
- load-balanced-backend
allows:
- protocol: tcp
ports:
- '80'
- protocol: tcp
ports:
- '443'
- protocol: tcp
ports:
- '8000'
direction: INGRESS
options:
provider: ${["google-beta"]}
dependson:
- ${fw3}
defaultNetwork:
type: gcp:compute:Network
properties:
autoCreateSubnetworks: false
routingMode: REGIONAL
options:
provider: ${["google-beta"]}
defaultSubnetwork:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.1.2.0/24
region: us-central1
network: ${defaultNetwork.id}
options:
provider: ${["google-beta"]}
proxy:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.129.0.0/26
region: us-central1
network: ${defaultNetwork.id}
purpose: REGIONAL_MANAGED_PROXY
role: ACTIVE
options:
provider: ${["google-beta"]}
variables:
debianImage:
fn::invoke:
Function: gcp:compute:getImage
Arguments:
family: debian-11
project: debian-cloud
Forwarding Rule Vpc Psc
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var basic = new Gcp.Compute.Address("basic", new()
{
Region = "us-central1",
});
var externalRegionBackendService = new Gcp.Compute.RegionBackendService("externalRegionBackendService", new()
{
Region = "us-central1",
LoadBalancingScheme = "EXTERNAL",
});
var externalForwardingRule = new Gcp.Compute.ForwardingRule("externalForwardingRule", new()
{
Region = "us-central1",
IpAddress = basic.SelfLink,
BackendService = externalRegionBackendService.SelfLink,
LoadBalancingScheme = "EXTERNAL",
});
var steering = new Gcp.Compute.ForwardingRule("steering", new()
{
Region = "us-central1",
IpAddress = basic.SelfLink,
BackendService = externalRegionBackendService.SelfLink,
LoadBalancingScheme = "EXTERNAL",
SourceIpRanges = new[]
{
"34.121.88.0/24",
"35.187.239.137",
},
}, new CustomResourceOptions
{
DependsOn = new[]
{
externalForwardingRule,
},
});
});
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
basic, err := compute.NewAddress(ctx, "basic", &compute.AddressArgs{
Region: pulumi.String("us-central1"),
})
if err != nil {
return err
}
externalRegionBackendService, err := compute.NewRegionBackendService(ctx, "externalRegionBackendService", &compute.RegionBackendServiceArgs{
Region: pulumi.String("us-central1"),
LoadBalancingScheme: pulumi.String("EXTERNAL"),
})
if err != nil {
return err
}
externalForwardingRule, err := compute.NewForwardingRule(ctx, "externalForwardingRule", &compute.ForwardingRuleArgs{
Region: pulumi.String("us-central1"),
IpAddress: basic.SelfLink,
BackendService: externalRegionBackendService.SelfLink,
LoadBalancingScheme: pulumi.String("EXTERNAL"),
})
if err != nil {
return err
}
_, err = compute.NewForwardingRule(ctx, "steering", &compute.ForwardingRuleArgs{
Region: pulumi.String("us-central1"),
IpAddress: basic.SelfLink,
BackendService: externalRegionBackendService.SelfLink,
LoadBalancingScheme: pulumi.String("EXTERNAL"),
SourceIpRanges: pulumi.StringArray{
pulumi.String("34.121.88.0/24"),
pulumi.String("35.187.239.137"),
},
}, pulumi.DependsOn([]pulumi.Resource{
externalForwardingRule,
}))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.gcp.compute.ServiceAttachment;
import com.pulumi.gcp.compute.ServiceAttachmentArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var consumerNet = new Network("consumerNet", NetworkArgs.builder()
.autoCreateSubnetworks(false)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var consumerSubnet = new Subnetwork("consumerSubnet", SubnetworkArgs.builder()
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.network(consumerNet.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var consumerAddress = new Address("consumerAddress", AddressArgs.builder()
.region("us-central1")
.subnetwork(consumerSubnet.id())
.addressType("INTERNAL")
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var producerNet = new Network("producerNet", NetworkArgs.builder()
.autoCreateSubnetworks(false)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var pscProducerSubnet = new Subnetwork("pscProducerSubnet", SubnetworkArgs.builder()
.ipCidrRange("10.1.0.0/16")
.region("us-central1")
.purpose("PRIVATE_SERVICE_CONNECT")
.network(producerNet.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder()
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.network(producerNet.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var producerServiceHealthCheck = new HealthCheck("producerServiceHealthCheck", HealthCheckArgs.builder()
.checkIntervalSec(1)
.timeoutSec(1)
.tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
.port("80")
.build())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var producerServiceBackend = new RegionBackendService("producerServiceBackend", RegionBackendServiceArgs.builder()
.region("us-central1")
.healthChecks(producerServiceHealthCheck.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var producerTargetService = new ForwardingRule("producerTargetService", ForwardingRuleArgs.builder()
.region("us-central1")
.loadBalancingScheme("INTERNAL")
.backendService(producerServiceBackend.id())
.allPorts(true)
.network(producerNet.name())
.subnetwork(producerSubnet.name())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var producerServiceAttachment = new ServiceAttachment("producerServiceAttachment", ServiceAttachmentArgs.builder()
.region("us-central1")
.description("A service attachment configured with Terraform")
.enableProxyProtocol(true)
.connectionPreference("ACCEPT_AUTOMATIC")
.natSubnets(pscProducerSubnet.name())
.targetService(producerTargetService.id())
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()
.region("us-central1")
.loadBalancingScheme("")
.target(producerServiceAttachment.id())
.network(consumerNet.name())
.ipAddress(consumerAddress.id())
.allowPscGlobalAccess(true)
.build(), CustomResourceOptions.builder()
.provider(google_beta)
.build());
}
}
import pulumi
import pulumi_gcp as gcp
basic = gcp.compute.Address("basic", region="us-central1")
external_region_backend_service = gcp.compute.RegionBackendService("externalRegionBackendService",
region="us-central1",
load_balancing_scheme="EXTERNAL")
external_forwarding_rule = gcp.compute.ForwardingRule("externalForwardingRule",
region="us-central1",
ip_address=basic.self_link,
backend_service=external_region_backend_service.self_link,
load_balancing_scheme="EXTERNAL")
steering = gcp.compute.ForwardingRule("steering",
region="us-central1",
ip_address=basic.self_link,
backend_service=external_region_backend_service.self_link,
load_balancing_scheme="EXTERNAL",
source_ip_ranges=[
"34.121.88.0/24",
"35.187.239.137",
],
opts=pulumi.ResourceOptions(depends_on=[external_forwarding_rule]))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const basic = new gcp.compute.Address("basic", {region: "us-central1"});
const externalRegionBackendService = new gcp.compute.RegionBackendService("externalRegionBackendService", {
region: "us-central1",
loadBalancingScheme: "EXTERNAL",
});
const externalForwardingRule = new gcp.compute.ForwardingRule("externalForwardingRule", {
region: "us-central1",
ipAddress: basic.selfLink,
backendService: externalRegionBackendService.selfLink,
loadBalancingScheme: "EXTERNAL",
});
const steering = new gcp.compute.ForwardingRule("steering", {
region: "us-central1",
ipAddress: basic.selfLink,
backendService: externalRegionBackendService.selfLink,
loadBalancingScheme: "EXTERNAL",
sourceIpRanges: [
"34.121.88.0/24",
"35.187.239.137",
],
}, {
dependsOn: [externalForwardingRule],
});
resources:
# Forwarding rule for VPC private service connect
default: # Consumer service endpoint
type: gcp:compute:ForwardingRule
properties:
region: us-central1
loadBalancingScheme:
target: ${producerServiceAttachment.id}
network: ${consumerNet.name}
ipAddress: ${consumerAddress.id}
allowPscGlobalAccess: true
options:
provider: ${["google-beta"]}
consumerNet:
type: gcp:compute:Network
properties:
autoCreateSubnetworks: false
options:
provider: ${["google-beta"]}
consumerSubnet:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${consumerNet.id}
options:
provider: ${["google-beta"]}
consumerAddress: # Producer service attachment
type: gcp:compute:Address
properties:
region: us-central1
subnetwork: ${consumerSubnet.id}
addressType: INTERNAL
options:
provider: ${["google-beta"]}
producerNet:
type: gcp:compute:Network
properties:
autoCreateSubnetworks: false
options:
provider: ${["google-beta"]}
producerSubnet:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${producerNet.id}
options:
provider: ${["google-beta"]}
pscProducerSubnet:
type: gcp:compute:Subnetwork
properties:
ipCidrRange: 10.1.0.0/16
region: us-central1
purpose: PRIVATE_SERVICE_CONNECT
network: ${producerNet.id}
options:
provider: ${["google-beta"]}
producerServiceAttachment:
type: gcp:compute:ServiceAttachment
properties:
region: us-central1
description: A service attachment configured with Terraform
enableProxyProtocol: true
connectionPreference: ACCEPT_AUTOMATIC
natSubnets:
- ${pscProducerSubnet.name}
targetService: ${producerTargetService.id}
options:
provider: ${["google-beta"]}
producerTargetService:
type: gcp:compute:ForwardingRule
properties:
region: us-central1
loadBalancingScheme: INTERNAL
backendService: ${producerServiceBackend.id}
allPorts: true
network: ${producerNet.name}
subnetwork: ${producerSubnet.name}
options:
provider: ${["google-beta"]}
producerServiceBackend:
type: gcp:compute:RegionBackendService
properties:
region: us-central1
healthChecks:
- ${producerServiceHealthCheck.id}
options:
provider: ${["google-beta"]}
producerServiceHealthCheck:
type: gcp:compute:HealthCheck
properties:
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
options:
provider: ${["google-beta"]}
Forwarding Rule Regional Steering
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var basic = new Address("basic", AddressArgs.builder()
.region("us-central1")
.build());
var externalRegionBackendService = new RegionBackendService("externalRegionBackendService", RegionBackendServiceArgs.builder()
.region("us-central1")
.loadBalancingScheme("EXTERNAL")
.build());
var externalForwardingRule = new ForwardingRule("externalForwardingRule", ForwardingRuleArgs.builder()
.region("us-central1")
.ipAddress(basic.selfLink())
.backendService(externalRegionBackendService.selfLink())
.loadBalancingScheme("EXTERNAL")
.build());
var steering = new ForwardingRule("steering", ForwardingRuleArgs.builder()
.region("us-central1")
.ipAddress(basic.selfLink())
.backendService(externalRegionBackendService.selfLink())
.loadBalancingScheme("EXTERNAL")
.sourceIpRanges(
"34.121.88.0/24",
"35.187.239.137")
.build(), CustomResourceOptions.builder()
.dependsOn(externalForwardingRule)
.build());
}
}
Coming soon!
Coming soon!
resources:
steering:
type: gcp:compute:ForwardingRule
properties:
region: us-central1
ipAddress: ${basic.selfLink}
backendService: ${externalRegionBackendService.selfLink}
loadBalancingScheme: EXTERNAL
sourceIpRanges:
- 34.121.88.0/24
- 35.187.239.137
options:
dependson:
- ${externalForwardingRule}
basic:
type: gcp:compute:Address
properties:
region: us-central1
externalRegionBackendService:
type: gcp:compute:RegionBackendService
properties:
region: us-central1
loadBalancingScheme: EXTERNAL
externalForwardingRule:
type: gcp:compute:ForwardingRule
properties:
region: us-central1
ipAddress: ${basic.selfLink}
backendService: ${externalRegionBackendService.selfLink}
loadBalancingScheme: EXTERNAL
Create ForwardingRule Resource
new ForwardingRule(name: string, args?: ForwardingRuleArgs, opts?: CustomResourceOptions);
@overload
def ForwardingRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
all_ports: Optional[bool] = None,
allow_global_access: Optional[bool] = None,
allow_psc_global_access: Optional[bool] = None,
backend_service: Optional[str] = None,
description: Optional[str] = None,
ip_address: Optional[str] = None,
ip_protocol: Optional[str] = None,
is_mirroring_collector: Optional[bool] = None,
labels: Optional[Mapping[str, str]] = None,
load_balancing_scheme: Optional[str] = None,
name: Optional[str] = None,
network: Optional[str] = None,
network_tier: Optional[str] = None,
port_range: Optional[str] = None,
ports: Optional[Sequence[str]] = None,
project: Optional[str] = None,
region: Optional[str] = None,
service_directory_registrations: Optional[Sequence[ForwardingRuleServiceDirectoryRegistrationArgs]] = None,
service_label: Optional[str] = None,
source_ip_ranges: Optional[Sequence[str]] = None,
subnetwork: Optional[str] = None,
target: Optional[str] = None)
@overload
def ForwardingRule(resource_name: str,
args: Optional[ForwardingRuleArgs] = None,
opts: Optional[ResourceOptions] = None)
func NewForwardingRule(ctx *Context, name string, args *ForwardingRuleArgs, opts ...ResourceOption) (*ForwardingRule, error)
public ForwardingRule(string name, ForwardingRuleArgs? args = null, CustomResourceOptions? opts = null)
public ForwardingRule(String name, ForwardingRuleArgs args)
public ForwardingRule(String name, ForwardingRuleArgs args, CustomResourceOptions options)
type: gcp:compute:ForwardingRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ForwardingRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ForwardingRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ForwardingRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ForwardingRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ForwardingRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
ForwardingRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The ForwardingRule resource accepts the following input properties:
- All
Ports bool This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.
Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The
ports
,port_range
, andallPorts
fields are mutually exclusive.- If
- Allow
Global boolAccess This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.- Allow
Psc boolGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Backend
Service string Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- Description string
An optional description of this resource. Provide this property when you create the resource.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
.- Is
Mirroring boolCollector Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
.- Labels Dictionary<string, string>
Labels to apply to this forwarding rule. A list of key->value pairs.
- Load
Balancing stringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
.- Name string
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- Network string
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- Network
Tier string This signifies the networking tier used for configuring this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
.- Port
Range string This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.
Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The
ports
andport_range
fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.- If
- Ports List<string>
This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.
You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same
[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. Theports
andport_range
fields are mutually exclusive.- If
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Region string
A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- Service
Directory List<ForwardingRegistrations Rule Service Directory Registration Args> Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Service
Label string An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.- Source
Ip List<string>Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- All
Ports bool This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.
Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The
ports
,port_range
, andallPorts
fields are mutually exclusive.- If
- Allow
Global boolAccess This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.- Allow
Psc boolGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Backend
Service string Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- Description string
An optional description of this resource. Provide this property when you create the resource.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
.- Is
Mirroring boolCollector Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
.- Labels map[string]string
Labels to apply to this forwarding rule. A list of key->value pairs.
- Load
Balancing stringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
.- Name string
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- Network string
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- Network
Tier string This signifies the networking tier used for configuring this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
.- Port
Range string This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.
Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The
ports
andport_range
fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.- If
- Ports []string
This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.
You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same
[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. Theports
andport_range
fields are mutually exclusive.- If
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Region string
A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- Service
Directory []ForwardingRegistrations Rule Service Directory Registration Args Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Service
Label string An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.- Source
Ip []stringRanges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all
Ports Boolean This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.
Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The
ports
,port_range
, andallPorts
fields are mutually exclusive.- If
- allow
Global BooleanAccess This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.- allow
Psc BooleanGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend
Service String Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- description String
An optional description of this resource. Provide this property when you create the resource.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
.- is
Mirroring BooleanCollector Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
.- labels Map<String,String>
Labels to apply to this forwarding rule. A list of key->value pairs.
- load
Balancing StringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
.- name String
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network String
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network
Tier String This signifies the networking tier used for configuring this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
.- port
Range String This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.
Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The
ports
andport_range
fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.- If
- ports List<String>
This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.
You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same
[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. Theports
andport_range
fields are mutually exclusive.- If
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region String
A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- service
Directory List<ForwardingRegistrations Rule Service Directory Registration Args> Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service
Label String An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.- source
Ip List<String>Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all
Ports boolean This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.
Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The
ports
,port_range
, andallPorts
fields are mutually exclusive.- If
- allow
Global booleanAccess This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.- allow
Psc booleanGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend
Service string Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- description string
An optional description of this resource. Provide this property when you create the resource.
- ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol string The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
.- is
Mirroring booleanCollector Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
.- labels {[key: string]: string}
Labels to apply to this forwarding rule. A list of key->value pairs.
- load
Balancing stringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
.- name string
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network string
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network
Tier string This signifies the networking tier used for configuring this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
.- port
Range string This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.
Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The
ports
andport_range
fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.- If
- ports string[]
This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.
You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same
[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. Theports
andport_range
fields are mutually exclusive.- If
- project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region string
A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- service
Directory ForwardingRegistrations Rule Service Directory Registration Args[] Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service
Label string An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.- source
Ip string[]Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork string
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all_
ports bool This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.
Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The
ports
,port_range
, andallPorts
fields are mutually exclusive.- If
- allow_
global_ boolaccess This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.- allow_
psc_ boolglobal_ access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend_
service str Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- description str
An optional description of this resource. Provide this property when you create the resource.
- ip_
address str IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip_
protocol str The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
.- is_
mirroring_ boolcollector Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
.- labels Mapping[str, str]
Labels to apply to this forwarding rule. A list of key->value pairs.
- load_
balancing_ strscheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
.- name str
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network str
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network_
tier str This signifies the networking tier used for configuring this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
.- port_
range str This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.
Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The
ports
andport_range
fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.- If
- ports Sequence[str]
This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.
You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same
[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. Theports
andport_range
fields are mutually exclusive.- If
- project str
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region str
A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- service_
directory_ Sequence[Forwardingregistrations Rule Service Directory Registration Args] Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service_
label str An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.- source_
ip_ Sequence[str]ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork str
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target str
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all
Ports Boolean This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.
Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The
ports
,port_range
, andallPorts
fields are mutually exclusive.- If
- allow
Global BooleanAccess This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.- allow
Psc BooleanGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend
Service String Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- description String
An optional description of this resource. Provide this property when you create the resource.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
.- is
Mirroring BooleanCollector Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
.- labels Map<String>
Labels to apply to this forwarding rule. A list of key->value pairs.
- load
Balancing StringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
.- name String
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network String
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network
Tier String This signifies the networking tier used for configuring this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
.- port
Range String This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.
Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The
ports
andport_range
fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.- If
- ports List<String>
This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.
You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same
[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. Theports
andport_range
fields are mutually exclusive.- If
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region String
A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- service
Directory List<Property Map>Registrations Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service
Label String An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.- source
Ip List<String>Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
Outputs
All input properties are implicitly available as output properties. Additionally, the ForwardingRule resource produces the following output properties:
- Base
Forwarding stringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Creation
Timestamp string Creation timestamp in RFC3339 text format.
- Id string
The provider-assigned unique ID for this managed resource.
- Label
Fingerprint string The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Psc
Connection stringId The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Self
Link string The URI of the created resource.
- Service
Name string The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- Base
Forwarding stringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Creation
Timestamp string Creation timestamp in RFC3339 text format.
- Id string
The provider-assigned unique ID for this managed resource.
- Label
Fingerprint string The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Psc
Connection stringId The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Self
Link string The URI of the created resource.
- Service
Name string The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- base
Forwarding StringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation
Timestamp String Creation timestamp in RFC3339 text format.
- id String
The provider-assigned unique ID for this managed resource.
- label
Fingerprint String The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection StringId The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- self
Link String The URI of the created resource.
- service
Name String The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- base
Forwarding stringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation
Timestamp string Creation timestamp in RFC3339 text format.
- id string
The provider-assigned unique ID for this managed resource.
- label
Fingerprint string The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection stringId The PSC connection id of the PSC Forwarding Rule.
- psc
Connection stringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- self
Link string The URI of the created resource.
- service
Name string The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- base_
forwarding_ strrule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation_
timestamp str Creation timestamp in RFC3339 text format.
- id str
The provider-assigned unique ID for this managed resource.
- label_
fingerprint str The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc_
connection_ strid The PSC connection id of the PSC Forwarding Rule.
- psc_
connection_ strstatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- self_
link str The URI of the created resource.
- service_
name str The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- base
Forwarding StringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation
Timestamp String Creation timestamp in RFC3339 text format.
- id String
The provider-assigned unique ID for this managed resource.
- label
Fingerprint String The fingerprint used for optimistic locking of this resource. Used internally during updates.
- psc
Connection StringId The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- self
Link String The URI of the created resource.
- service
Name String The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
Look up Existing ForwardingRule Resource
Get an existing ForwardingRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ForwardingRuleState, opts?: CustomResourceOptions): ForwardingRule
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
all_ports: Optional[bool] = None,
allow_global_access: Optional[bool] = None,
allow_psc_global_access: Optional[bool] = None,
backend_service: Optional[str] = None,
base_forwarding_rule: Optional[str] = None,
creation_timestamp: Optional[str] = None,
description: Optional[str] = None,
ip_address: Optional[str] = None,
ip_protocol: Optional[str] = None,
is_mirroring_collector: Optional[bool] = None,
label_fingerprint: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
load_balancing_scheme: Optional[str] = None,
name: Optional[str] = None,
network: Optional[str] = None,
network_tier: Optional[str] = None,
port_range: Optional[str] = None,
ports: Optional[Sequence[str]] = None,
project: Optional[str] = None,
psc_connection_id: Optional[str] = None,
psc_connection_status: Optional[str] = None,
region: Optional[str] = None,
self_link: Optional[str] = None,
service_directory_registrations: Optional[Sequence[ForwardingRuleServiceDirectoryRegistrationArgs]] = None,
service_label: Optional[str] = None,
service_name: Optional[str] = None,
source_ip_ranges: Optional[Sequence[str]] = None,
subnetwork: Optional[str] = None,
target: Optional[str] = None) -> ForwardingRule
func GetForwardingRule(ctx *Context, name string, id IDInput, state *ForwardingRuleState, opts ...ResourceOption) (*ForwardingRule, error)
public static ForwardingRule Get(string name, Input<string> id, ForwardingRuleState? state, CustomResourceOptions? opts = null)
public static ForwardingRule get(String name, Output<String> id, ForwardingRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- All
Ports bool This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.
Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The
ports
,port_range
, andallPorts
fields are mutually exclusive.- If
- Allow
Global boolAccess This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.- Allow
Psc boolGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Backend
Service string Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- Base
Forwarding stringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Creation
Timestamp string Creation timestamp in RFC3339 text format.
- Description string
An optional description of this resource. Provide this property when you create the resource.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
.- Is
Mirroring boolCollector Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
.- Label
Fingerprint string The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Labels Dictionary<string, string>
Labels to apply to this forwarding rule. A list of key->value pairs.
- Load
Balancing stringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
.- Name string
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- Network string
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- Network
Tier string This signifies the networking tier used for configuring this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
.- Port
Range string This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.
Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The
ports
andport_range
fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.- If
- Ports List<string>
This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.
You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same
[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. Theports
andport_range
fields are mutually exclusive.- If
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Psc
Connection stringId The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Region string
A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- Self
Link string The URI of the created resource.
- Service
Directory List<ForwardingRegistrations Rule Service Directory Registration Args> Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Service
Label string An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.- Service
Name string The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- Source
Ip List<string>Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- All
Ports bool This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.
Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The
ports
,port_range
, andallPorts
fields are mutually exclusive.- If
- Allow
Global boolAccess This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.- Allow
Psc boolGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- Backend
Service string Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- Base
Forwarding stringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- Creation
Timestamp string Creation timestamp in RFC3339 text format.
- Description string
An optional description of this resource. Provide this property when you create the resource.
- Ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- Ip
Protocol string The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
.- Is
Mirroring boolCollector Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
.- Label
Fingerprint string The fingerprint used for optimistic locking of this resource. Used internally during updates.
- Labels map[string]string
Labels to apply to this forwarding rule. A list of key->value pairs.
- Load
Balancing stringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
.- Name string
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- Network string
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- Network
Tier string This signifies the networking tier used for configuring this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
.- Port
Range string This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.
Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The
ports
andport_range
fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.- If
- Ports []string
This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.
You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same
[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. Theports
andport_range
fields are mutually exclusive.- If
- Project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Psc
Connection stringId The PSC connection id of the PSC Forwarding Rule.
- Psc
Connection stringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- Region string
A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- Self
Link string The URI of the created resource.
- Service
Directory []ForwardingRegistrations Rule Service Directory Registration Args Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- Service
Label string An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.- Service
Name string The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- Source
Ip []stringRanges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- Subnetwork string
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- Target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all
Ports Boolean This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.
Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The
ports
,port_range
, andallPorts
fields are mutually exclusive.- If
- allow
Global BooleanAccess This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.- allow
Psc BooleanGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend
Service String Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- base
Forwarding StringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation
Timestamp String Creation timestamp in RFC3339 text format.
- description String
An optional description of this resource. Provide this property when you create the resource.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
.- is
Mirroring BooleanCollector Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
.- label
Fingerprint String The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Map<String,String>
Labels to apply to this forwarding rule. A list of key->value pairs.
- load
Balancing StringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
.- name String
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network String
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network
Tier String This signifies the networking tier used for configuring this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
.- port
Range String This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.
Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The
ports
andport_range
fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.- If
- ports List<String>
This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.
You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same
[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. Theports
andport_range
fields are mutually exclusive.- If
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection StringId The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- region String
A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- self
Link String The URI of the created resource.
- service
Directory List<ForwardingRegistrations Rule Service Directory Registration Args> Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service
Label String An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.- service
Name String The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- source
Ip List<String>Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all
Ports boolean This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.
Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The
ports
,port_range
, andallPorts
fields are mutually exclusive.- If
- allow
Global booleanAccess This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.- allow
Psc booleanGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend
Service string Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- base
Forwarding stringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation
Timestamp string Creation timestamp in RFC3339 text format.
- description string
An optional description of this resource. Provide this property when you create the resource.
- ip
Address string IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol string The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
.- is
Mirroring booleanCollector Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
.- label
Fingerprint string The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels {[key: string]: string}
Labels to apply to this forwarding rule. A list of key->value pairs.
- load
Balancing stringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
.- name string
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network string
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network
Tier string This signifies the networking tier used for configuring this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
.- port
Range string This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.
Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The
ports
andport_range
fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.- If
- ports string[]
This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.
You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same
[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. Theports
andport_range
fields are mutually exclusive.- If
- project string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection stringId The PSC connection id of the PSC Forwarding Rule.
- psc
Connection stringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- region string
A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- self
Link string The URI of the created resource.
- service
Directory ForwardingRegistrations Rule Service Directory Registration Args[] Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service
Label string An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.- service
Name string The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- source
Ip string[]Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork string
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target string
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all_
ports bool This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.
Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The
ports
,port_range
, andallPorts
fields are mutually exclusive.- If
- allow_
global_ boolaccess This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.- allow_
psc_ boolglobal_ access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend_
service str Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- base_
forwarding_ strrule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation_
timestamp str Creation timestamp in RFC3339 text format.
- description str
An optional description of this resource. Provide this property when you create the resource.
- ip_
address str IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip_
protocol str The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
.- is_
mirroring_ boolcollector Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
.- label_
fingerprint str The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Mapping[str, str]
Labels to apply to this forwarding rule. A list of key->value pairs.
- load_
balancing_ strscheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
.- name str
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network str
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network_
tier str This signifies the networking tier used for configuring this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
.- port_
range str This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.
Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The
ports
andport_range
fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.- If
- ports Sequence[str]
This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.
You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same
[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. Theports
andport_range
fields are mutually exclusive.- If
- project str
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc_
connection_ strid The PSC connection id of the PSC Forwarding Rule.
- psc_
connection_ strstatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- region str
A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- self_
link str The URI of the created resource.
- service_
directory_ Sequence[Forwardingregistrations Rule Service Directory Registration Args] Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service_
label str An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.- service_
name str The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- source_
ip_ Sequence[str]ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork str
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target str
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
- all
Ports Boolean This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.
Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The
ports
,port_range
, andallPorts
fields are mutually exclusive.- If
- allow
Global BooleanAccess This field is used along with the
backend_service
field for internal load balancing or with thetarget
field for internal TargetInstance. If the field is set toTRUE
, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.- allow
Psc BooleanGlobal Access This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.
- backend
Service String Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.
- base
Forwarding StringRule [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.
- creation
Timestamp String Creation timestamp in RFC3339 text format.
- description String
An optional description of this resource. Provide this property when you create the resource.
- ip
Address String IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced
target
orbackendService
. While creating a forwarding rule, specifying anIPAddress
is required under the following circumstances:- When the
target
is set totargetGrpcProxy
andvalidateForProxyless
is set totrue
, theIPAddress
should be set to0.0.0.0
. - When the
target
is a Private Service Connect Google APIs bundle, you must specify anIPAddress
.
Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:
- IP address number, as in
100.1.2.3
- IPv6 address range, as in
2600:1234::/96
- Full resource URL, as in
https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
- Partial URL or by name, as in:
projects/project_id/regions/region/addresses/address-name
regions/region/addresses/address-name
global/addresses/address-name
address-name
The forwarding rule's
target
orbackendService
, and in most cases, also theloadBalancingScheme
, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading anIPAddress
, the API always returns the IP address number.- When the
- ip
Protocol String The IP protocol to which this rule applies. For protocol forwarding, valid options are
TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
andL3_DEFAULT
. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are:TCP
,UDP
,ESP
,AH
,SCTP
,ICMP
,L3_DEFAULT
.- is
Mirroring BooleanCollector Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a
PacketMirroring
rule applies to them. This can only be set to true for load balancers that have theirloadBalancingScheme
set toINTERNAL
.- label
Fingerprint String The fingerprint used for optimistic locking of this resource. Used internally during updates.
- labels Map<String>
Labels to apply to this forwarding rule. A list of key->value pairs.
- load
Balancing StringScheme Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is
EXTERNAL
. Possible values are:EXTERNAL
,EXTERNAL_MANAGED
,INTERNAL
,INTERNAL_MANAGED
.- name String
Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.- network String
This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.
- network
Tier String This signifies the networking tier used for configuring this load balancer and can only take the following values:
PREMIUM
,STANDARD
. For regional ForwardingRule, the valid values arePREMIUM
andSTANDARD
. For GlobalForwardingRule, the valid value isPREMIUM
. If this field is not specified, it is assumed to bePREMIUM
. IfIPAddress
is specified, this value must be equal to the networkTier of the Address. Possible values are:PREMIUM
,STANDARD
.- port
Range String This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.
Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The
ports
andport_range
fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot have overlappingportRange
s.- If
- ports List<String>
This field can only be used:
- If
IPProtocol
is one of TCP, UDP, or SCTP. - By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.
You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same
[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same[IPAddress, IPProtocol]
pair, and cannot share any values defined inports
. Theports
andport_range
fields are mutually exclusive.- If
- project String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- psc
Connection StringId The PSC connection id of the PSC Forwarding Rule.
- psc
Connection StringStatus The PSC connection status of the PSC Forwarding Rule. Possible values:
STATUS_UNSPECIFIED
,PENDING
,ACCEPTED
,REJECTED
,CLOSED
- region String
A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.
- self
Link String The URI of the created resource.
- service
Directory List<Property Map>Registrations Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.
- service
Label String An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.- service
Name String The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.
- source
Ip List<String>Ranges If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).
- subnetwork String
This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.
- target String
The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.
- For load balancers, see the "Target" column in Port specifications.
- For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle:
vpc-sc
- APIs that support VPC Service Controls.all-apis
- All supported Google APIs.
For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.
Supporting Types
ForwardingRuleServiceDirectoryRegistration
Import
ForwardingRule can be imported using any of these accepted formats
$ pulumi import gcp:compute/forwardingRule:ForwardingRule default projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}
$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{project}}/{{region}}/{{name}}
$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{region}}/{{name}}
$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{name}}
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
google-beta
Terraform Provider.