1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. compute
  5. ForwardingRule
Google Cloud Classic v6.67.0 published on Wednesday, Sep 27, 2023 by Pulumi

gcp.compute.ForwardingRule

Explore with Pulumi AI

gcp logo
Google Cloud Classic v6.67.0 published on Wednesday, Sep 27, 2023 by Pulumi

    A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, portRange] tuple.

    To get more information about ForwardingRule, see:

    Example Usage

    Internal Http Lb With Mig Backend

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.InstanceTemplate;
    import com.pulumi.gcp.compute.InstanceTemplateArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
    import com.pulumi.gcp.compute.RegionInstanceGroupManager;
    import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
    import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
    import com.pulumi.gcp.compute.RegionUrlMap;
    import com.pulumi.gcp.compute.RegionUrlMapArgs;
    import com.pulumi.gcp.compute.RegionTargetHttpProxy;
    import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.Firewall;
    import com.pulumi.gcp.compute.FirewallArgs;
    import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
    import com.pulumi.gcp.compute.Instance;
    import com.pulumi.gcp.compute.InstanceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
    import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var ilbNetwork = new Network("ilbNetwork", NetworkArgs.builder()        
                .autoCreateSubnetworks(false)
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var proxySubnet = new Subnetwork("proxySubnet", SubnetworkArgs.builder()        
                .ipCidrRange("10.0.0.0/24")
                .region("europe-west1")
                .purpose("REGIONAL_MANAGED_PROXY")
                .role("ACTIVE")
                .network(ilbNetwork.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var ilbSubnet = new Subnetwork("ilbSubnet", SubnetworkArgs.builder()        
                .ipCidrRange("10.0.1.0/24")
                .region("europe-west1")
                .network(ilbNetwork.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
                .region("europe-west1")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .portSpecification("USE_SERVING_PORT")
                    .build())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
                .machineType("e2-small")
                .tags("http-server")
                .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                    .network(ilbNetwork.id())
                    .subnetwork(ilbSubnet.id())
                    .accessConfigs()
                    .build())
                .disks(InstanceTemplateDiskArgs.builder()
                    .sourceImage("debian-cloud/debian-10")
                    .autoDelete(true)
                    .boot(true)
                    .build())
                .metadata(Map.of("startup-script", """
    #! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
                """))
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var mig = new RegionInstanceGroupManager("mig", RegionInstanceGroupManagerArgs.builder()        
                .region("europe-west1")
                .versions(RegionInstanceGroupManagerVersionArgs.builder()
                    .instanceTemplate(instanceTemplate.id())
                    .name("primary")
                    .build())
                .baseInstanceName("vm")
                .targetSize(2)
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()        
                .region("europe-west1")
                .protocol("HTTP")
                .loadBalancingScheme("INTERNAL_MANAGED")
                .timeoutSec(10)
                .healthChecks(defaultRegionHealthCheck.id())
                .backends(RegionBackendServiceBackendArgs.builder()
                    .group(mig.instanceGroup())
                    .balancingMode("UTILIZATION")
                    .capacityScaler(1)
                    .build())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()        
                .region("europe-west1")
                .defaultService(defaultRegionBackendService.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()        
                .region("europe-west1")
                .urlMap(defaultRegionUrlMap.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var googleComputeForwardingRule = new ForwardingRule("googleComputeForwardingRule", ForwardingRuleArgs.builder()        
                .region("europe-west1")
                .ipProtocol("TCP")
                .loadBalancingScheme("INTERNAL_MANAGED")
                .portRange("80")
                .target(defaultRegionTargetHttpProxy.id())
                .network(ilbNetwork.id())
                .subnetwork(ilbSubnet.id())
                .networkTier("PREMIUM")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .dependsOn(proxySubnet)
                    .build());
    
            var fw_iap = new Firewall("fw-iap", FirewallArgs.builder()        
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .sourceRanges(            
                    "130.211.0.0/22",
                    "35.191.0.0/16",
                    "35.235.240.0/20")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var fw_ilb_to_backends = new Firewall("fw-ilb-to-backends", FirewallArgs.builder()        
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .sourceRanges("10.0.0.0/24")
                .targetTags("http-server")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports(                
                        "80",
                        "443",
                        "8080")
                    .build())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var vm_test = new Instance("vm-test", InstanceArgs.builder()        
                .zone("europe-west1-b")
                .machineType("e2-small")
                .networkInterfaces(InstanceNetworkInterfaceArgs.builder()
                    .network(ilbNetwork.id())
                    .subnetwork(ilbSubnet.id())
                    .build())
                .bootDisk(InstanceBootDiskArgs.builder()
                    .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
                        .image("debian-cloud/debian-10")
                        .build())
                    .build())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      # Internal HTTP load balancer with a managed instance group backend
    
      # VPC network
      ilbNetwork:
        type: gcp:compute:Network
        properties:
          autoCreateSubnetworks: false
        options:
          provider: ${["google-beta"]}
      # proxy-only subnet
      proxySubnet:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.0.0.0/24
          region: europe-west1
          purpose: REGIONAL_MANAGED_PROXY
          role: ACTIVE
          network: ${ilbNetwork.id}
        options:
          provider: ${["google-beta"]}
      # backend subnet
      ilbSubnet:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.0.1.0/24
          region: europe-west1
          network: ${ilbNetwork.id}
        options:
          provider: ${["google-beta"]}
      # forwarding rule
      googleComputeForwardingRule:
        type: gcp:compute:ForwardingRule
        properties:
          region: europe-west1
          ipProtocol: TCP
          loadBalancingScheme: INTERNAL_MANAGED
          portRange: '80'
          target: ${defaultRegionTargetHttpProxy.id}
          network: ${ilbNetwork.id}
          subnetwork: ${ilbSubnet.id}
          networkTier: PREMIUM
        options:
          provider: ${["google-beta"]}
          dependson:
            - ${proxySubnet}
      # HTTP target proxy
      defaultRegionTargetHttpProxy:
        type: gcp:compute:RegionTargetHttpProxy
        properties:
          region: europe-west1
          urlMap: ${defaultRegionUrlMap.id}
        options:
          provider: ${["google-beta"]}
      # URL map
      defaultRegionUrlMap:
        type: gcp:compute:RegionUrlMap
        properties:
          region: europe-west1
          defaultService: ${defaultRegionBackendService.id}
        options:
          provider: ${["google-beta"]}
      # backend service
      defaultRegionBackendService:
        type: gcp:compute:RegionBackendService
        properties:
          region: europe-west1
          protocol: HTTP
          loadBalancingScheme: INTERNAL_MANAGED
          timeoutSec: 10
          healthChecks:
            - ${defaultRegionHealthCheck.id}
          backends:
            - group: ${mig.instanceGroup}
              balancingMode: UTILIZATION
              capacityScaler: 1
        options:
          provider: ${["google-beta"]}
      # instance template
      instanceTemplate:
        type: gcp:compute:InstanceTemplate
        properties:
          machineType: e2-small
          tags:
            - http-server
          networkInterfaces:
            - network: ${ilbNetwork.id}
              subnetwork: ${ilbSubnet.id}
              accessConfigs:
                - {}
          disks:
            - sourceImage: debian-cloud/debian-10
              autoDelete: true
              boot: true
          # install nginx and serve a simple web page
          metadata:
            startup-script: |
              #! /bin/bash
              set -euo pipefail
    
              export DEBIAN_FRONTEND=noninteractive
              apt-get update
              apt-get install -y nginx-light jq
    
              NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
              IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
              METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
              cat <<EOF > /var/www/html/index.html
              <pre>
              Name: $NAME
              IP: $IP
              Metadata: $METADATA
              </pre>
              EOF          
        options:
          provider: ${["google-beta"]}
      # health check
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        properties:
          region: europe-west1
          httpHealthCheck:
            portSpecification: USE_SERVING_PORT
        options:
          provider: ${["google-beta"]}
      # MIG
      mig:
        type: gcp:compute:RegionInstanceGroupManager
        properties:
          region: europe-west1
          versions:
            - instanceTemplate: ${instanceTemplate.id}
              name: primary
          baseInstanceName: vm
          targetSize: 2
        options:
          provider: ${["google-beta"]}
      # allow all access from IAP and health check ranges
      fw-iap:
        type: gcp:compute:Firewall
        properties:
          direction: INGRESS
          network: ${ilbNetwork.id}
          sourceRanges:
            - 130.211.0.0/22
            - 35.191.0.0/16
            - 35.235.240.0/20
          allows:
            - protocol: tcp
        options:
          provider: ${["google-beta"]}
      # allow http from proxy subnet to backends
      fw-ilb-to-backends:
        type: gcp:compute:Firewall
        properties:
          direction: INGRESS
          network: ${ilbNetwork.id}
          sourceRanges:
            - 10.0.0.0/24
          targetTags:
            - http-server
          allows:
            - protocol: tcp
              ports:
                - '80'
                - '443'
                - '8080'
        options:
          provider: ${["google-beta"]}
      # test instance
      vm-test:
        type: gcp:compute:Instance
        properties:
          zone: europe-west1-b
          machineType: e2-small
          networkInterfaces:
            - network: ${ilbNetwork.id}
              subnetwork: ${ilbSubnet.id}
          bootDisk:
            initializeParams:
              image: debian-cloud/debian-10
        options:
          provider: ${["google-beta"]}
    

    Internal Tcp Udp Lb With Mig Backend

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.InstanceTemplate;
    import com.pulumi.gcp.compute.InstanceTemplateArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
    import com.pulumi.gcp.compute.RegionInstanceGroupManager;
    import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
    import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.Firewall;
    import com.pulumi.gcp.compute.FirewallArgs;
    import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
    import com.pulumi.gcp.compute.Instance;
    import com.pulumi.gcp.compute.InstanceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
    import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var ilbNetwork = new Network("ilbNetwork", NetworkArgs.builder()        
                .autoCreateSubnetworks(false)
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var ilbSubnet = new Subnetwork("ilbSubnet", SubnetworkArgs.builder()        
                .ipCidrRange("10.0.1.0/24")
                .region("europe-west1")
                .network(ilbNetwork.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
                .region("europe-west1")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
                .machineType("e2-small")
                .tags(            
                    "allow-ssh",
                    "allow-health-check")
                .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                    .network(ilbNetwork.id())
                    .subnetwork(ilbSubnet.id())
                    .accessConfigs()
                    .build())
                .disks(InstanceTemplateDiskArgs.builder()
                    .sourceImage("debian-cloud/debian-10")
                    .autoDelete(true)
                    .boot(true)
                    .build())
                .metadata(Map.of("startup-script", """
    #! /bin/bash
    set -euo pipefail
    
    export DEBIAN_FRONTEND=noninteractive
    apt-get update
    apt-get install -y nginx-light jq
    
    NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
    IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
    METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
    cat <<EOF > /var/www/html/index.html
    <pre>
    Name: $NAME
    IP: $IP
    Metadata: $METADATA
    </pre>
    EOF
                """))
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var mig = new RegionInstanceGroupManager("mig", RegionInstanceGroupManagerArgs.builder()        
                .region("europe-west1")
                .versions(RegionInstanceGroupManagerVersionArgs.builder()
                    .instanceTemplate(instanceTemplate.id())
                    .name("primary")
                    .build())
                .baseInstanceName("vm")
                .targetSize(2)
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()        
                .region("europe-west1")
                .protocol("TCP")
                .loadBalancingScheme("INTERNAL")
                .healthChecks(defaultRegionHealthCheck.id())
                .backends(RegionBackendServiceBackendArgs.builder()
                    .group(mig.instanceGroup())
                    .balancingMode("CONNECTION")
                    .build())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var googleComputeForwardingRule = new ForwardingRule("googleComputeForwardingRule", ForwardingRuleArgs.builder()        
                .backendService(defaultRegionBackendService.id())
                .region("europe-west1")
                .ipProtocol("TCP")
                .loadBalancingScheme("INTERNAL")
                .allPorts(true)
                .allowGlobalAccess(true)
                .network(ilbNetwork.id())
                .subnetwork(ilbSubnet.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var fwHc = new Firewall("fwHc", FirewallArgs.builder()        
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .sourceRanges(            
                    "130.211.0.0/22",
                    "35.191.0.0/16",
                    "35.235.240.0/20")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build())
                .targetTags("allow-health-check")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var fwIlbToBackends = new Firewall("fwIlbToBackends", FirewallArgs.builder()        
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .sourceRanges("10.0.1.0/24")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("udp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("icmp")
                        .build())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var fwIlbSsh = new Firewall("fwIlbSsh", FirewallArgs.builder()        
                .direction("INGRESS")
                .network(ilbNetwork.id())
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("22")
                    .build())
                .targetTags("allow-ssh")
                .sourceRanges("0.0.0.0/0")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var vmTest = new Instance("vmTest", InstanceArgs.builder()        
                .zone("europe-west1-b")
                .machineType("e2-small")
                .networkInterfaces(InstanceNetworkInterfaceArgs.builder()
                    .network(ilbNetwork.id())
                    .subnetwork(ilbSubnet.id())
                    .build())
                .bootDisk(InstanceBootDiskArgs.builder()
                    .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
                        .image("debian-cloud/debian-10")
                        .build())
                    .build())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      # Internal TCP/UDP load balancer with a managed instance group backend
    
      # VPC
      ilbNetwork:
        type: gcp:compute:Network
        properties:
          autoCreateSubnetworks: false
        options:
          provider: ${["google-beta"]}
      # backed subnet
      ilbSubnet:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.0.1.0/24
          region: europe-west1
          network: ${ilbNetwork.id}
        options:
          provider: ${["google-beta"]}
      # forwarding rule
      googleComputeForwardingRule:
        type: gcp:compute:ForwardingRule
        properties:
          backendService: ${defaultRegionBackendService.id}
          region: europe-west1
          ipProtocol: TCP
          loadBalancingScheme: INTERNAL
          allPorts: true
          allowGlobalAccess: true
          network: ${ilbNetwork.id}
          subnetwork: ${ilbSubnet.id}
        options:
          provider: ${["google-beta"]}
      # backend service
      defaultRegionBackendService:
        type: gcp:compute:RegionBackendService
        properties:
          region: europe-west1
          protocol: TCP
          loadBalancingScheme: INTERNAL
          healthChecks:
            - ${defaultRegionHealthCheck.id}
          backends:
            - group: ${mig.instanceGroup}
              balancingMode: CONNECTION
        options:
          provider: ${["google-beta"]}
      # instance template
      instanceTemplate:
        type: gcp:compute:InstanceTemplate
        properties:
          machineType: e2-small
          tags:
            - allow-ssh
            - allow-health-check
          networkInterfaces:
            - network: ${ilbNetwork.id}
              subnetwork: ${ilbSubnet.id}
              accessConfigs:
                - {}
          disks:
            - sourceImage: debian-cloud/debian-10
              autoDelete: true
              boot: true
          # install nginx and serve a simple web page
          metadata:
            startup-script: |
              #! /bin/bash
              set -euo pipefail
    
              export DEBIAN_FRONTEND=noninteractive
              apt-get update
              apt-get install -y nginx-light jq
    
              NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
              IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
              METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')
    
              cat <<EOF > /var/www/html/index.html
              <pre>
              Name: $NAME
              IP: $IP
              Metadata: $METADATA
              </pre>
              EOF          
        options:
          provider: ${["google-beta"]}
      # health check
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        properties:
          region: europe-west1
          httpHealthCheck:
            port: '80'
        options:
          provider: ${["google-beta"]}
      # MIG
      mig:
        type: gcp:compute:RegionInstanceGroupManager
        properties:
          region: europe-west1
          versions:
            - instanceTemplate: ${instanceTemplate.id}
              name: primary
          baseInstanceName: vm
          targetSize: 2
        options:
          provider: ${["google-beta"]}
      # allow all access from health check ranges
      fwHc:
        type: gcp:compute:Firewall
        properties:
          direction: INGRESS
          network: ${ilbNetwork.id}
          sourceRanges:
            - 130.211.0.0/22
            - 35.191.0.0/16
            - 35.235.240.0/20
          allows:
            - protocol: tcp
          targetTags:
            - allow-health-check
        options:
          provider: ${["google-beta"]}
      # allow communication within the subnet
      fwIlbToBackends:
        type: gcp:compute:Firewall
        properties:
          direction: INGRESS
          network: ${ilbNetwork.id}
          sourceRanges:
            - 10.0.1.0/24
          allows:
            - protocol: tcp
            - protocol: udp
            - protocol: icmp
        options:
          provider: ${["google-beta"]}
      # allow SSH
      fwIlbSsh:
        type: gcp:compute:Firewall
        properties:
          direction: INGRESS
          network: ${ilbNetwork.id}
          allows:
            - protocol: tcp
              ports:
                - '22'
          targetTags:
            - allow-ssh
          sourceRanges:
            - 0.0.0.0/0
        options:
          provider: ${["google-beta"]}
      # test instance
      vmTest:
        type: gcp:compute:Instance
        properties:
          zone: europe-west1-b
          machineType: e2-small
          networkInterfaces:
            - network: ${ilbNetwork.id}
              subnetwork: ${ilbSubnet.id}
          bootDisk:
            initializeParams:
              image: debian-cloud/debian-10
        options:
          provider: ${["google-beta"]}
    

    Forwarding Rule Externallb

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new RegionHealthCheck("hc", RegionHealthCheckArgs.builder()        
                .checkIntervalSec(1)
                .timeoutSec(1)
                .region("us-central1")
                .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()        
                .region("us-central1")
                .loadBalancingScheme("EXTERNAL")
                .healthChecks(hc.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .region("us-central1")
                .portRange(80)
                .backendService(backend.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      # Forwarding rule for External Network Load Balancing using Backend Services
      default:
        type: gcp:compute:ForwardingRule
        properties:
          region: us-central1
          portRange: 80
          backendService: ${backend.id}
        options:
          provider: ${["google-beta"]}
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          region: us-central1
          loadBalancingScheme: EXTERNAL
          healthChecks:
            - ${hc.id}
        options:
          provider: ${["google-beta"]}
      hc:
        type: gcp:compute:RegionHealthCheck
        properties:
          checkIntervalSec: 1
          timeoutSec: 1
          region: us-central1
          tcpHealthCheck:
            port: '80'
        options:
          provider: ${["google-beta"]}
    

    Forwarding Rule Global Internallb

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var defaultTargetPool = new Gcp.Compute.TargetPool("defaultTargetPool");
    
        var defaultForwardingRule = new Gcp.Compute.ForwardingRule("defaultForwardingRule", new()
        {
            Target = defaultTargetPool.Id,
            PortRange = "80",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		defaultTargetPool, err := compute.NewTargetPool(ctx, "defaultTargetPool", nil)
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewForwardingRule(ctx, "defaultForwardingRule", &compute.ForwardingRuleArgs{
    			Target:    defaultTargetPool.ID(),
    			PortRange: pulumi.String("80"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new HealthCheck("hc", HealthCheckArgs.builder()        
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()        
                .region("us-central1")
                .healthChecks(hc.id())
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
                .autoCreateSubnetworks(false)
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build());
    
            var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()        
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(backend.id())
                .allPorts(true)
                .allowGlobalAccess(true)
                .network(defaultNetwork.name())
                .subnetwork(defaultSubnetwork.name())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_gcp as gcp
    
    default_target_pool = gcp.compute.TargetPool("defaultTargetPool")
    default_forwarding_rule = gcp.compute.ForwardingRule("defaultForwardingRule",
        target=default_target_pool.id,
        port_range="80")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const defaultTargetPool = new gcp.compute.TargetPool("defaultTargetPool", {});
    const defaultForwardingRule = new gcp.compute.ForwardingRule("defaultForwardingRule", {
        target: defaultTargetPool.id,
        portRange: "80",
    });
    
    resources:
      # Forwarding rule for Internal Load Balancing
      defaultForwardingRule:
        type: gcp:compute:ForwardingRule
        properties:
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${backend.id}
          allPorts: true
          allowGlobalAccess: true
          network: ${defaultNetwork.name}
          subnetwork: ${defaultSubnetwork.name}
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          region: us-central1
          healthChecks:
            - ${hc.id}
      hc:
        type: gcp:compute:HealthCheck
        properties:
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
      defaultNetwork:
        type: gcp:compute:Network
        properties:
          autoCreateSubnetworks: false
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${defaultNetwork.id}
    

    Forwarding Rule Basic

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.TargetPool;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var defaultTargetPool = new TargetPool("defaultTargetPool");
    
            var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()        
                .target(defaultTargetPool.id())
                .portRange("80")
                .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      defaultForwardingRule:
        type: gcp:compute:ForwardingRule
        properties:
          target: ${defaultTargetPool.id}
          portRange: '80'
      defaultTargetPool:
        type: gcp:compute:TargetPool
    

    Forwarding Rule L3 Default

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var healthCheck = new RegionHealthCheck("healthCheck", RegionHealthCheckArgs.builder()        
                .region("us-central1")
                .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()
                    .port(80)
                    .build())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var service = new RegionBackendService("service", RegionBackendServiceArgs.builder()        
                .region("us-central1")
                .healthChecks(healthCheck.id())
                .protocol("UNSPECIFIED")
                .loadBalancingScheme("EXTERNAL")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var fwdRule = new ForwardingRule("fwdRule", ForwardingRuleArgs.builder()        
                .backendService(service.id())
                .ipProtocol("L3_DEFAULT")
                .allPorts(true)
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      fwdRule:
        type: gcp:compute:ForwardingRule
        properties:
          backendService: ${service.id}
          ipProtocol: L3_DEFAULT
          allPorts: true
        options:
          provider: ${["google-beta"]}
      service:
        type: gcp:compute:RegionBackendService
        properties:
          region: us-central1
          healthChecks:
            - ${healthCheck.id}
          protocol: UNSPECIFIED
          loadBalancingScheme: EXTERNAL
        options:
          provider: ${["google-beta"]}
      healthCheck:
        type: gcp:compute:RegionHealthCheck
        properties:
          region: us-central1
          tcpHealthCheck:
            port: 80
        options:
          provider: ${["google-beta"]}
    

    Forwarding Rule Internallb

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new HealthCheck("hc", HealthCheckArgs.builder()        
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()        
                .region("us-central1")
                .healthChecks(hc.id())
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
                .autoCreateSubnetworks(false)
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build());
    
            var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()        
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(backend.id())
                .allPorts(true)
                .network(defaultNetwork.name())
                .subnetwork(defaultSubnetwork.name())
                .ipVersion("IPV4")
                .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      # Forwarding rule for Internal Load Balancing
      defaultForwardingRule:
        type: gcp:compute:ForwardingRule
        properties:
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${backend.id}
          allPorts: true
          network: ${defaultNetwork.name}
          subnetwork: ${defaultSubnetwork.name}
          ipVersion: IPV4
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          region: us-central1
          healthChecks:
            - ${hc.id}
      hc:
        type: gcp:compute:HealthCheck
        properties:
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
      defaultNetwork:
        type: gcp:compute:Network
        properties:
          autoCreateSubnetworks: false
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${defaultNetwork.id}
    

    Forwarding Rule Http Lb

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.ComputeFunctions;
    import com.pulumi.gcp.compute.inputs.GetImageArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.InstanceTemplate;
    import com.pulumi.gcp.compute.InstanceTemplateArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
    import com.pulumi.gcp.compute.RegionInstanceGroupManager;
    import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
    import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
    import com.pulumi.gcp.compute.Firewall;
    import com.pulumi.gcp.compute.FirewallArgs;
    import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
    import com.pulumi.gcp.compute.RegionUrlMap;
    import com.pulumi.gcp.compute.RegionUrlMapArgs;
    import com.pulumi.gcp.compute.RegionTargetHttpProxy;
    import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
                .family("debian-11")
                .project("debian-cloud")
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
                .autoCreateSubnetworks(false)
                .routingMode("REGIONAL")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
                .ipCidrRange("10.1.2.0/24")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
                .machineType("e2-medium")
                .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                    .network(defaultNetwork.id())
                    .subnetwork(defaultSubnetwork.id())
                    .build())
                .disks(InstanceTemplateDiskArgs.builder()
                    .sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
                    .autoDelete(true)
                    .boot(true)
                    .build())
                .tags(            
                    "allow-ssh",
                    "load-balanced-backend")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder()        
                .region("us-central1")
                .versions(RegionInstanceGroupManagerVersionArgs.builder()
                    .instanceTemplate(instanceTemplate.id())
                    .name("primary")
                    .build())
                .baseInstanceName("internal-glb")
                .targetSize(1)
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var fw1 = new Firewall("fw1", FirewallArgs.builder()        
                .network(defaultNetwork.id())
                .sourceRanges("10.1.2.0/24")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("udp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("icmp")
                        .build())
                .direction("INGRESS")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var fw2 = new Firewall("fw2", FirewallArgs.builder()        
                .network(defaultNetwork.id())
                .sourceRanges("0.0.0.0/0")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("22")
                    .build())
                .targetTags("allow-ssh")
                .direction("INGRESS")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .dependsOn(fw1)
                    .build());
    
            var fw3 = new Firewall("fw3", FirewallArgs.builder()        
                .network(defaultNetwork.id())
                .sourceRanges(            
                    "130.211.0.0/22",
                    "35.191.0.0/16")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build())
                .targetTags("load-balanced-backend")
                .direction("INGRESS")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .dependsOn(fw2)
                    .build());
    
            var fw4 = new Firewall("fw4", FirewallArgs.builder()        
                .network(defaultNetwork.id())
                .sourceRanges("10.129.0.0/26")
                .targetTags("load-balanced-backend")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("80")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("443")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("8000")
                        .build())
                .direction("INGRESS")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .dependsOn(fw3)
                    .build());
    
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
                .region("us-central1")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .portSpecification("USE_SERVING_PORT")
                    .build())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .dependsOn(fw4)
                    .build());
    
            var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()        
                .loadBalancingScheme("INTERNAL_MANAGED")
                .backends(RegionBackendServiceBackendArgs.builder()
                    .group(rigm.instanceGroup())
                    .balancingMode("UTILIZATION")
                    .capacityScaler(1)
                    .build())
                .region("us-central1")
                .protocol("HTTP")
                .timeoutSec(10)
                .healthChecks(defaultRegionHealthCheck.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()        
                .region("us-central1")
                .defaultService(defaultRegionBackendService.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()        
                .region("us-central1")
                .urlMap(defaultRegionUrlMap.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var proxy = new Subnetwork("proxy", SubnetworkArgs.builder()        
                .ipCidrRange("10.129.0.0/26")
                .region("us-central1")
                .network(defaultNetwork.id())
                .purpose("REGIONAL_MANAGED_PROXY")
                .role("ACTIVE")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()        
                .region("us-central1")
                .ipProtocol("TCP")
                .loadBalancingScheme("INTERNAL_MANAGED")
                .portRange("80")
                .target(defaultRegionTargetHttpProxy.id())
                .network(defaultNetwork.id())
                .subnetwork(defaultSubnetwork.id())
                .networkTier("PREMIUM")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .dependsOn(proxy)
                    .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      # Forwarding rule for Internal Load Balancing
      defaultForwardingRule:
        type: gcp:compute:ForwardingRule
        properties:
          region: us-central1
          ipProtocol: TCP
          loadBalancingScheme: INTERNAL_MANAGED
          portRange: '80'
          target: ${defaultRegionTargetHttpProxy.id}
          network: ${defaultNetwork.id}
          subnetwork: ${defaultSubnetwork.id}
          networkTier: PREMIUM
        options:
          provider: ${["google-beta"]}
          dependson:
            - ${proxy}
      defaultRegionTargetHttpProxy:
        type: gcp:compute:RegionTargetHttpProxy
        properties:
          region: us-central1
          urlMap: ${defaultRegionUrlMap.id}
        options:
          provider: ${["google-beta"]}
      defaultRegionUrlMap:
        type: gcp:compute:RegionUrlMap
        properties:
          region: us-central1
          defaultService: ${defaultRegionBackendService.id}
        options:
          provider: ${["google-beta"]}
      defaultRegionBackendService:
        type: gcp:compute:RegionBackendService
        properties:
          loadBalancingScheme: INTERNAL_MANAGED
          backends:
            - group: ${rigm.instanceGroup}
              balancingMode: UTILIZATION
              capacityScaler: 1
          region: us-central1
          protocol: HTTP
          timeoutSec: 10
          healthChecks:
            - ${defaultRegionHealthCheck.id}
        options:
          provider: ${["google-beta"]}
      rigm:
        type: gcp:compute:RegionInstanceGroupManager
        properties:
          region: us-central1
          versions:
            - instanceTemplate: ${instanceTemplate.id}
              name: primary
          baseInstanceName: internal-glb
          targetSize: 1
        options:
          provider: ${["google-beta"]}
      instanceTemplate:
        type: gcp:compute:InstanceTemplate
        properties:
          machineType: e2-medium
          networkInterfaces:
            - network: ${defaultNetwork.id}
              subnetwork: ${defaultSubnetwork.id}
          disks:
            - sourceImage: ${debianImage.selfLink}
              autoDelete: true
              boot: true
          tags:
            - allow-ssh
            - load-balanced-backend
        options:
          provider: ${["google-beta"]}
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        properties:
          region: us-central1
          httpHealthCheck:
            portSpecification: USE_SERVING_PORT
        options:
          provider: ${["google-beta"]}
          dependson:
            - ${fw4}
      fw1:
        type: gcp:compute:Firewall
        properties:
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.1.2.0/24
          allows:
            - protocol: tcp
            - protocol: udp
            - protocol: icmp
          direction: INGRESS
        options:
          provider: ${["google-beta"]}
      fw2:
        type: gcp:compute:Firewall
        properties:
          network: ${defaultNetwork.id}
          sourceRanges:
            - 0.0.0.0/0
          allows:
            - protocol: tcp
              ports:
                - '22'
          targetTags:
            - allow-ssh
          direction: INGRESS
        options:
          provider: ${["google-beta"]}
          dependson:
            - ${fw1}
      fw3:
        type: gcp:compute:Firewall
        properties:
          network: ${defaultNetwork.id}
          sourceRanges:
            - 130.211.0.0/22
            - 35.191.0.0/16
          allows:
            - protocol: tcp
          targetTags:
            - load-balanced-backend
          direction: INGRESS
        options:
          provider: ${["google-beta"]}
          dependson:
            - ${fw2}
      fw4:
        type: gcp:compute:Firewall
        properties:
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.129.0.0/26
          targetTags:
            - load-balanced-backend
          allows:
            - protocol: tcp
              ports:
                - '80'
            - protocol: tcp
              ports:
                - '443'
            - protocol: tcp
              ports:
                - '8000'
          direction: INGRESS
        options:
          provider: ${["google-beta"]}
          dependson:
            - ${fw3}
      defaultNetwork:
        type: gcp:compute:Network
        properties:
          autoCreateSubnetworks: false
          routingMode: REGIONAL
        options:
          provider: ${["google-beta"]}
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.1.2.0/24
          region: us-central1
          network: ${defaultNetwork.id}
        options:
          provider: ${["google-beta"]}
      proxy:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.129.0.0/26
          region: us-central1
          network: ${defaultNetwork.id}
          purpose: REGIONAL_MANAGED_PROXY
          role: ACTIVE
        options:
          provider: ${["google-beta"]}
    variables:
      debianImage:
        fn::invoke:
          Function: gcp:compute:getImage
          Arguments:
            family: debian-11
            project: debian-cloud
    

    Forwarding Rule Regional Http Xlb

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.ComputeFunctions;
    import com.pulumi.gcp.compute.inputs.GetImageArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.InstanceTemplate;
    import com.pulumi.gcp.compute.InstanceTemplateArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
    import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
    import com.pulumi.gcp.compute.RegionInstanceGroupManager;
    import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
    import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
    import com.pulumi.gcp.compute.Firewall;
    import com.pulumi.gcp.compute.FirewallArgs;
    import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
    import com.pulumi.gcp.compute.RegionHealthCheck;
    import com.pulumi.gcp.compute.RegionHealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
    import com.pulumi.gcp.compute.RegionUrlMap;
    import com.pulumi.gcp.compute.RegionUrlMapArgs;
    import com.pulumi.gcp.compute.RegionTargetHttpProxy;
    import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
    import com.pulumi.gcp.compute.Address;
    import com.pulumi.gcp.compute.AddressArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
                .family("debian-11")
                .project("debian-cloud")
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
                .autoCreateSubnetworks(false)
                .routingMode("REGIONAL")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
                .ipCidrRange("10.1.2.0/24")
                .region("us-central1")
                .network(defaultNetwork.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
                .machineType("e2-medium")
                .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                    .network(defaultNetwork.id())
                    .subnetwork(defaultSubnetwork.id())
                    .build())
                .disks(InstanceTemplateDiskArgs.builder()
                    .sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
                    .autoDelete(true)
                    .boot(true)
                    .build())
                .tags(            
                    "allow-ssh",
                    "load-balanced-backend")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder()        
                .region("us-central1")
                .versions(RegionInstanceGroupManagerVersionArgs.builder()
                    .instanceTemplate(instanceTemplate.id())
                    .name("primary")
                    .build())
                .baseInstanceName("internal-glb")
                .targetSize(1)
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var fw1 = new Firewall("fw1", FirewallArgs.builder()        
                .network(defaultNetwork.id())
                .sourceRanges("10.1.2.0/24")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("udp")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("icmp")
                        .build())
                .direction("INGRESS")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var fw2 = new Firewall("fw2", FirewallArgs.builder()        
                .network(defaultNetwork.id())
                .sourceRanges("0.0.0.0/0")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("22")
                    .build())
                .targetTags("allow-ssh")
                .direction("INGRESS")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .dependsOn(fw1)
                    .build());
    
            var fw3 = new Firewall("fw3", FirewallArgs.builder()        
                .network(defaultNetwork.id())
                .sourceRanges(            
                    "130.211.0.0/22",
                    "35.191.0.0/16")
                .allows(FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build())
                .targetTags("load-balanced-backend")
                .direction("INGRESS")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .dependsOn(fw2)
                    .build());
    
            var fw4 = new Firewall("fw4", FirewallArgs.builder()        
                .network(defaultNetwork.id())
                .sourceRanges("10.129.0.0/26")
                .targetTags("load-balanced-backend")
                .allows(            
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("80")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("443")
                        .build(),
                    FirewallAllowArgs.builder()
                        .protocol("tcp")
                        .ports("8000")
                        .build())
                .direction("INGRESS")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .dependsOn(fw3)
                    .build());
    
            var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
                .region("us-central1")
                .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                    .portSpecification("USE_SERVING_PORT")
                    .build())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .dependsOn(fw4)
                    .build());
    
            var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()        
                .loadBalancingScheme("EXTERNAL_MANAGED")
                .backends(RegionBackendServiceBackendArgs.builder()
                    .group(rigm.instanceGroup())
                    .balancingMode("UTILIZATION")
                    .capacityScaler(1)
                    .build())
                .region("us-central1")
                .protocol("HTTP")
                .timeoutSec(10)
                .healthChecks(defaultRegionHealthCheck.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()        
                .region("us-central1")
                .defaultService(defaultRegionBackendService.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()        
                .region("us-central1")
                .urlMap(defaultRegionUrlMap.id())
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultAddress = new Address("defaultAddress", AddressArgs.builder()        
                .region("us-central1")
                .networkTier("STANDARD")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var proxy = new Subnetwork("proxy", SubnetworkArgs.builder()        
                .ipCidrRange("10.129.0.0/26")
                .region("us-central1")
                .network(defaultNetwork.id())
                .purpose("REGIONAL_MANAGED_PROXY")
                .role("ACTIVE")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .build());
    
            var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()        
                .region("us-central1")
                .ipProtocol("TCP")
                .loadBalancingScheme("EXTERNAL_MANAGED")
                .portRange("80")
                .target(defaultRegionTargetHttpProxy.id())
                .network(defaultNetwork.id())
                .ipAddress(defaultAddress.id())
                .networkTier("STANDARD")
                .build(), CustomResourceOptions.builder()
                    .provider(google_beta)
                    .dependsOn(proxy)
                    .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      # Forwarding rule for Regional External Load Balancing
      defaultForwardingRule:
        type: gcp:compute:ForwardingRule
        properties:
          region: us-central1
          ipProtocol: TCP
          loadBalancingScheme: EXTERNAL_MANAGED
          portRange: '80'
          target: ${defaultRegionTargetHttpProxy.id}
          network: ${defaultNetwork.id}
          ipAddress: ${defaultAddress.id}
          networkTier: STANDARD
        options:
          provider: ${["google-beta"]}
          dependson:
            - ${proxy}
      defaultRegionTargetHttpProxy:
        type: gcp:compute:RegionTargetHttpProxy
        properties:
          region: us-central1
          urlMap: ${defaultRegionUrlMap.id}
        options:
          provider: ${["google-beta"]}
      defaultRegionUrlMap:
        type: gcp:compute:RegionUrlMap
        properties:
          region: us-central1
          defaultService: ${defaultRegionBackendService.id}
        options:
          provider: ${["google-beta"]}
      defaultRegionBackendService:
        type: gcp:compute:RegionBackendService
        properties:
          loadBalancingScheme: EXTERNAL_MANAGED
          backends:
            - group: ${rigm.instanceGroup}
              balancingMode: UTILIZATION
              capacityScaler: 1
          region: us-central1
          protocol: HTTP
          timeoutSec: 10
          healthChecks:
            - ${defaultRegionHealthCheck.id}
        options:
          provider: ${["google-beta"]}
      rigm:
        type: gcp:compute:RegionInstanceGroupManager
        properties:
          region: us-central1
          versions:
            - instanceTemplate: ${instanceTemplate.id}
              name: primary
          baseInstanceName: internal-glb
          targetSize: 1
        options:
          provider: ${["google-beta"]}
      instanceTemplate:
        type: gcp:compute:InstanceTemplate
        properties:
          machineType: e2-medium
          networkInterfaces:
            - network: ${defaultNetwork.id}
              subnetwork: ${defaultSubnetwork.id}
          disks:
            - sourceImage: ${debianImage.selfLink}
              autoDelete: true
              boot: true
          tags:
            - allow-ssh
            - load-balanced-backend
        options:
          provider: ${["google-beta"]}
      defaultRegionHealthCheck:
        type: gcp:compute:RegionHealthCheck
        properties:
          region: us-central1
          httpHealthCheck:
            portSpecification: USE_SERVING_PORT
        options:
          provider: ${["google-beta"]}
          dependson:
            - ${fw4}
      defaultAddress:
        type: gcp:compute:Address
        properties:
          region: us-central1
          networkTier: STANDARD
        options:
          provider: ${["google-beta"]}
      fw1:
        type: gcp:compute:Firewall
        properties:
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.1.2.0/24
          allows:
            - protocol: tcp
            - protocol: udp
            - protocol: icmp
          direction: INGRESS
        options:
          provider: ${["google-beta"]}
      fw2:
        type: gcp:compute:Firewall
        properties:
          network: ${defaultNetwork.id}
          sourceRanges:
            - 0.0.0.0/0
          allows:
            - protocol: tcp
              ports:
                - '22'
          targetTags:
            - allow-ssh
          direction: INGRESS
        options:
          provider: ${["google-beta"]}
          dependson:
            - ${fw1}
      fw3:
        type: gcp:compute:Firewall
        properties:
          network: ${defaultNetwork.id}
          sourceRanges:
            - 130.211.0.0/22
            - 35.191.0.0/16
          allows:
            - protocol: tcp
          targetTags:
            - load-balanced-backend
          direction: INGRESS
        options:
          provider: ${["google-beta"]}
          dependson:
            - ${fw2}
      fw4:
        type: gcp:compute:Firewall
        properties:
          network: ${defaultNetwork.id}
          sourceRanges:
            - 10.129.0.0/26
          targetTags:
            - load-balanced-backend
          allows:
            - protocol: tcp
              ports:
                - '80'
            - protocol: tcp
              ports:
                - '443'
            - protocol: tcp
              ports:
                - '8000'
          direction: INGRESS
        options:
          provider: ${["google-beta"]}
          dependson:
            - ${fw3}
      defaultNetwork:
        type: gcp:compute:Network
        properties:
          autoCreateSubnetworks: false
          routingMode: REGIONAL
        options:
          provider: ${["google-beta"]}
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.1.2.0/24
          region: us-central1
          network: ${defaultNetwork.id}
        options:
          provider: ${["google-beta"]}
      proxy:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.129.0.0/26
          region: us-central1
          network: ${defaultNetwork.id}
          purpose: REGIONAL_MANAGED_PROXY
          role: ACTIVE
        options:
          provider: ${["google-beta"]}
    variables:
      debianImage:
        fn::invoke:
          Function: gcp:compute:getImage
          Arguments:
            family: debian-11
            project: debian-cloud
    

    Forwarding Rule Vpc Psc

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.Address;
    import com.pulumi.gcp.compute.AddressArgs;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.ServiceAttachment;
    import com.pulumi.gcp.compute.ServiceAttachmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var consumerNet = new Network("consumerNet", NetworkArgs.builder()        
                .autoCreateSubnetworks(false)
                .build());
    
            var consumerSubnet = new Subnetwork("consumerSubnet", SubnetworkArgs.builder()        
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(consumerNet.id())
                .build());
    
            var consumerAddress = new Address("consumerAddress", AddressArgs.builder()        
                .region("us-central1")
                .subnetwork(consumerSubnet.id())
                .addressType("INTERNAL")
                .build());
    
            var producerNet = new Network("producerNet", NetworkArgs.builder()        
                .autoCreateSubnetworks(false)
                .build());
    
            var pscProducerSubnet = new Subnetwork("pscProducerSubnet", SubnetworkArgs.builder()        
                .ipCidrRange("10.1.0.0/16")
                .region("us-central1")
                .purpose("PRIVATE_SERVICE_CONNECT")
                .network(producerNet.id())
                .build());
    
            var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder()        
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(producerNet.id())
                .build());
    
            var producerServiceHealthCheck = new HealthCheck("producerServiceHealthCheck", HealthCheckArgs.builder()        
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var producerServiceBackend = new RegionBackendService("producerServiceBackend", RegionBackendServiceArgs.builder()        
                .region("us-central1")
                .healthChecks(producerServiceHealthCheck.id())
                .build());
    
            var producerTargetService = new ForwardingRule("producerTargetService", ForwardingRuleArgs.builder()        
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(producerServiceBackend.id())
                .allPorts(true)
                .network(producerNet.name())
                .subnetwork(producerSubnet.name())
                .build());
    
            var producerServiceAttachment = new ServiceAttachment("producerServiceAttachment", ServiceAttachmentArgs.builder()        
                .region("us-central1")
                .description("A service attachment configured with Terraform")
                .enableProxyProtocol(true)
                .connectionPreference("ACCEPT_AUTOMATIC")
                .natSubnets(pscProducerSubnet.name())
                .targetService(producerTargetService.id())
                .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .region("us-central1")
                .loadBalancingScheme("")
                .target(producerServiceAttachment.id())
                .network(consumerNet.name())
                .ipAddress(consumerAddress.id())
                .allowPscGlobalAccess(true)
                .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      # Forwarding rule for VPC private service connect
      default: # Consumer service endpoint
        type: gcp:compute:ForwardingRule
        properties:
          region: us-central1
          loadBalancingScheme:
          target: ${producerServiceAttachment.id}
          network: ${consumerNet.name}
          ipAddress: ${consumerAddress.id}
          allowPscGlobalAccess: true
      consumerNet:
        type: gcp:compute:Network
        properties:
          autoCreateSubnetworks: false
      consumerSubnet:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${consumerNet.id}
      consumerAddress: # Producer service attachment
        type: gcp:compute:Address
        properties:
          region: us-central1
          subnetwork: ${consumerSubnet.id}
          addressType: INTERNAL
      producerNet:
        type: gcp:compute:Network
        properties:
          autoCreateSubnetworks: false
      producerSubnet:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${producerNet.id}
      pscProducerSubnet:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.1.0.0/16
          region: us-central1
          purpose: PRIVATE_SERVICE_CONNECT
          network: ${producerNet.id}
      producerServiceAttachment:
        type: gcp:compute:ServiceAttachment
        properties:
          region: us-central1
          description: A service attachment configured with Terraform
          enableProxyProtocol: true
          connectionPreference: ACCEPT_AUTOMATIC
          natSubnets:
            - ${pscProducerSubnet.name}
          targetService: ${producerTargetService.id}
      producerTargetService:
        type: gcp:compute:ForwardingRule
        properties:
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${producerServiceBackend.id}
          allPorts: true
          network: ${producerNet.name}
          subnetwork: ${producerSubnet.name}
      producerServiceBackend:
        type: gcp:compute:RegionBackendService
        properties:
          region: us-central1
          healthChecks:
            - ${producerServiceHealthCheck.id}
      producerServiceHealthCheck:
        type: gcp:compute:HealthCheck
        properties:
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
    

    Forwarding Rule Vpc Psc No Automate Dns

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Gcp = Pulumi.Gcp;
    
    return await Deployment.RunAsync(() => 
    {
        var basic = new Gcp.Compute.Address("basic", new()
        {
            Region = "us-central1",
        });
    
        var externalRegionBackendService = new Gcp.Compute.RegionBackendService("externalRegionBackendService", new()
        {
            Region = "us-central1",
            LoadBalancingScheme = "EXTERNAL",
        });
    
        var externalForwardingRule = new Gcp.Compute.ForwardingRule("externalForwardingRule", new()
        {
            Region = "us-central1",
            IpAddress = basic.SelfLink,
            BackendService = externalRegionBackendService.SelfLink,
            LoadBalancingScheme = "EXTERNAL",
        });
    
        var steering = new Gcp.Compute.ForwardingRule("steering", new()
        {
            Region = "us-central1",
            IpAddress = basic.SelfLink,
            BackendService = externalRegionBackendService.SelfLink,
            LoadBalancingScheme = "EXTERNAL",
            SourceIpRanges = new[]
            {
                "34.121.88.0/24",
                "35.187.239.137",
            },
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                externalForwardingRule,
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/compute"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		basic, err := compute.NewAddress(ctx, "basic", &compute.AddressArgs{
    			Region: pulumi.String("us-central1"),
    		})
    		if err != nil {
    			return err
    		}
    		externalRegionBackendService, err := compute.NewRegionBackendService(ctx, "externalRegionBackendService", &compute.RegionBackendServiceArgs{
    			Region:              pulumi.String("us-central1"),
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    		})
    		if err != nil {
    			return err
    		}
    		externalForwardingRule, err := compute.NewForwardingRule(ctx, "externalForwardingRule", &compute.ForwardingRuleArgs{
    			Region:              pulumi.String("us-central1"),
    			IpAddress:           basic.SelfLink,
    			BackendService:      externalRegionBackendService.SelfLink,
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = compute.NewForwardingRule(ctx, "steering", &compute.ForwardingRuleArgs{
    			Region:              pulumi.String("us-central1"),
    			IpAddress:           basic.SelfLink,
    			BackendService:      externalRegionBackendService.SelfLink,
    			LoadBalancingScheme: pulumi.String("EXTERNAL"),
    			SourceIpRanges: pulumi.StringArray{
    				pulumi.String("34.121.88.0/24"),
    				pulumi.String("35.187.239.137"),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			externalForwardingRule,
    		}))
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.Address;
    import com.pulumi.gcp.compute.AddressArgs;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.gcp.compute.ServiceAttachment;
    import com.pulumi.gcp.compute.ServiceAttachmentArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var consumerNet = new Network("consumerNet", NetworkArgs.builder()        
                .autoCreateSubnetworks(false)
                .build());
    
            var consumerSubnet = new Subnetwork("consumerSubnet", SubnetworkArgs.builder()        
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(consumerNet.id())
                .build());
    
            var consumerAddress = new Address("consumerAddress", AddressArgs.builder()        
                .region("us-central1")
                .subnetwork(consumerSubnet.id())
                .addressType("INTERNAL")
                .build());
    
            var producerNet = new Network("producerNet", NetworkArgs.builder()        
                .autoCreateSubnetworks(false)
                .build());
    
            var pscProducerSubnet = new Subnetwork("pscProducerSubnet", SubnetworkArgs.builder()        
                .ipCidrRange("10.1.0.0/16")
                .region("us-central1")
                .purpose("PRIVATE_SERVICE_CONNECT")
                .network(producerNet.id())
                .build());
    
            var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder()        
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .network(producerNet.id())
                .build());
    
            var producerServiceHealthCheck = new HealthCheck("producerServiceHealthCheck", HealthCheckArgs.builder()        
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var producerServiceBackend = new RegionBackendService("producerServiceBackend", RegionBackendServiceArgs.builder()        
                .region("us-central1")
                .healthChecks(producerServiceHealthCheck.id())
                .build());
    
            var producerTargetService = new ForwardingRule("producerTargetService", ForwardingRuleArgs.builder()        
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(producerServiceBackend.id())
                .allPorts(true)
                .network(producerNet.name())
                .subnetwork(producerSubnet.name())
                .build());
    
            var producerServiceAttachment = new ServiceAttachment("producerServiceAttachment", ServiceAttachmentArgs.builder()        
                .region("us-central1")
                .description("A service attachment configured with Terraform")
                .enableProxyProtocol(true)
                .connectionPreference("ACCEPT_AUTOMATIC")
                .natSubnets(pscProducerSubnet.name())
                .targetService(producerTargetService.id())
                .build());
    
            var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
                .region("us-central1")
                .loadBalancingScheme("")
                .target(producerServiceAttachment.id())
                .network(consumerNet.name())
                .ipAddress(consumerAddress.id())
                .allowPscGlobalAccess(true)
                .noAutomateDnsZone(true)
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_gcp as gcp
    
    basic = gcp.compute.Address("basic", region="us-central1")
    external_region_backend_service = gcp.compute.RegionBackendService("externalRegionBackendService",
        region="us-central1",
        load_balancing_scheme="EXTERNAL")
    external_forwarding_rule = gcp.compute.ForwardingRule("externalForwardingRule",
        region="us-central1",
        ip_address=basic.self_link,
        backend_service=external_region_backend_service.self_link,
        load_balancing_scheme="EXTERNAL")
    steering = gcp.compute.ForwardingRule("steering",
        region="us-central1",
        ip_address=basic.self_link,
        backend_service=external_region_backend_service.self_link,
        load_balancing_scheme="EXTERNAL",
        source_ip_ranges=[
            "34.121.88.0/24",
            "35.187.239.137",
        ],
        opts=pulumi.ResourceOptions(depends_on=[external_forwarding_rule]))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as gcp from "@pulumi/gcp";
    
    const basic = new gcp.compute.Address("basic", {region: "us-central1"});
    const externalRegionBackendService = new gcp.compute.RegionBackendService("externalRegionBackendService", {
        region: "us-central1",
        loadBalancingScheme: "EXTERNAL",
    });
    const externalForwardingRule = new gcp.compute.ForwardingRule("externalForwardingRule", {
        region: "us-central1",
        ipAddress: basic.selfLink,
        backendService: externalRegionBackendService.selfLink,
        loadBalancingScheme: "EXTERNAL",
    });
    const steering = new gcp.compute.ForwardingRule("steering", {
        region: "us-central1",
        ipAddress: basic.selfLink,
        backendService: externalRegionBackendService.selfLink,
        loadBalancingScheme: "EXTERNAL",
        sourceIpRanges: [
            "34.121.88.0/24",
            "35.187.239.137",
        ],
    }, {
        dependsOn: [externalForwardingRule],
    });
    
    resources:
      default:
        type: gcp:compute:ForwardingRule
        properties:
          region: us-central1
          loadBalancingScheme:
          target: ${producerServiceAttachment.id}
          network: ${consumerNet.name}
          ipAddress: ${consumerAddress.id}
          allowPscGlobalAccess: true
          noAutomateDnsZone: true
      consumerNet:
        type: gcp:compute:Network
        properties:
          autoCreateSubnetworks: false
      consumerSubnet:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${consumerNet.id}
      consumerAddress:
        type: gcp:compute:Address
        properties:
          region: us-central1
          subnetwork: ${consumerSubnet.id}
          addressType: INTERNAL
      producerNet:
        type: gcp:compute:Network
        properties:
          autoCreateSubnetworks: false
      producerSubnet:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          network: ${producerNet.id}
      pscProducerSubnet:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.1.0.0/16
          region: us-central1
          purpose: PRIVATE_SERVICE_CONNECT
          network: ${producerNet.id}
      producerServiceAttachment:
        type: gcp:compute:ServiceAttachment
        properties:
          region: us-central1
          description: A service attachment configured with Terraform
          enableProxyProtocol: true
          connectionPreference: ACCEPT_AUTOMATIC
          natSubnets:
            - ${pscProducerSubnet.name}
          targetService: ${producerTargetService.id}
      producerTargetService:
        type: gcp:compute:ForwardingRule
        properties:
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${producerServiceBackend.id}
          allPorts: true
          network: ${producerNet.name}
          subnetwork: ${producerSubnet.name}
      producerServiceBackend:
        type: gcp:compute:RegionBackendService
        properties:
          region: us-central1
          healthChecks:
            - ${producerServiceHealthCheck.id}
      producerServiceHealthCheck:
        type: gcp:compute:HealthCheck
        properties:
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
    

    Forwarding Rule Regional Steering

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.Address;
    import com.pulumi.gcp.compute.AddressArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import com.pulumi.resources.CustomResourceOptions;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var basic = new Address("basic", AddressArgs.builder()        
                .region("us-central1")
                .build());
    
            var externalRegionBackendService = new RegionBackendService("externalRegionBackendService", RegionBackendServiceArgs.builder()        
                .region("us-central1")
                .loadBalancingScheme("EXTERNAL")
                .build());
    
            var externalForwardingRule = new ForwardingRule("externalForwardingRule", ForwardingRuleArgs.builder()        
                .region("us-central1")
                .ipAddress(basic.selfLink())
                .backendService(externalRegionBackendService.selfLink())
                .loadBalancingScheme("EXTERNAL")
                .build());
    
            var steering = new ForwardingRule("steering", ForwardingRuleArgs.builder()        
                .region("us-central1")
                .ipAddress(basic.selfLink())
                .backendService(externalRegionBackendService.selfLink())
                .loadBalancingScheme("EXTERNAL")
                .sourceIpRanges(            
                    "34.121.88.0/24",
                    "35.187.239.137")
                .build(), CustomResourceOptions.builder()
                    .dependsOn(externalForwardingRule)
                    .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      steering:
        type: gcp:compute:ForwardingRule
        properties:
          region: us-central1
          ipAddress: ${basic.selfLink}
          backendService: ${externalRegionBackendService.selfLink}
          loadBalancingScheme: EXTERNAL
          sourceIpRanges:
            - 34.121.88.0/24
            - 35.187.239.137
        options:
          dependson:
            - ${externalForwardingRule}
      basic:
        type: gcp:compute:Address
        properties:
          region: us-central1
      externalRegionBackendService:
        type: gcp:compute:RegionBackendService
        properties:
          region: us-central1
          loadBalancingScheme: EXTERNAL
      externalForwardingRule:
        type: gcp:compute:ForwardingRule
        properties:
          region: us-central1
          ipAddress: ${basic.selfLink}
          backendService: ${externalRegionBackendService.selfLink}
          loadBalancingScheme: EXTERNAL
    

    Forwarding Rule Internallb Ipv6

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.compute.HealthCheck;
    import com.pulumi.gcp.compute.HealthCheckArgs;
    import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
    import com.pulumi.gcp.compute.RegionBackendService;
    import com.pulumi.gcp.compute.RegionBackendServiceArgs;
    import com.pulumi.gcp.compute.Network;
    import com.pulumi.gcp.compute.NetworkArgs;
    import com.pulumi.gcp.compute.Subnetwork;
    import com.pulumi.gcp.compute.SubnetworkArgs;
    import com.pulumi.gcp.compute.ForwardingRule;
    import com.pulumi.gcp.compute.ForwardingRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var hc = new HealthCheck("hc", HealthCheckArgs.builder()        
                .checkIntervalSec(1)
                .timeoutSec(1)
                .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                    .port("80")
                    .build())
                .build());
    
            var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()        
                .region("us-central1")
                .healthChecks(hc.id())
                .build());
    
            var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
                .autoCreateSubnetworks(false)
                .enableUlaInternalIpv6(true)
                .build());
    
            var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
                .ipCidrRange("10.0.0.0/16")
                .region("us-central1")
                .stackType("IPV4_IPV6")
                .ipv6AccessType("INTERNAL")
                .network(defaultNetwork.id())
                .build());
    
            var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()        
                .region("us-central1")
                .loadBalancingScheme("INTERNAL")
                .backendService(backend.id())
                .allPorts(true)
                .network(defaultNetwork.name())
                .subnetwork(defaultSubnetwork.name())
                .ipVersion("IPV6")
                .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      # Forwarding rule for Internal Load Balancing
      defaultForwardingRule:
        type: gcp:compute:ForwardingRule
        properties:
          region: us-central1
          loadBalancingScheme: INTERNAL
          backendService: ${backend.id}
          allPorts: true
          network: ${defaultNetwork.name}
          subnetwork: ${defaultSubnetwork.name}
          ipVersion: IPV6
      backend:
        type: gcp:compute:RegionBackendService
        properties:
          region: us-central1
          healthChecks:
            - ${hc.id}
      hc:
        type: gcp:compute:HealthCheck
        properties:
          checkIntervalSec: 1
          timeoutSec: 1
          tcpHealthCheck:
            port: '80'
      defaultNetwork:
        type: gcp:compute:Network
        properties:
          autoCreateSubnetworks: false
          enableUlaInternalIpv6: true
      defaultSubnetwork:
        type: gcp:compute:Subnetwork
        properties:
          ipCidrRange: 10.0.0.0/16
          region: us-central1
          stackType: IPV4_IPV6
          ipv6AccessType: INTERNAL
          network: ${defaultNetwork.id}
    

    Create ForwardingRule Resource

    new ForwardingRule(name: string, args?: ForwardingRuleArgs, opts?: CustomResourceOptions);
    @overload
    def ForwardingRule(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       all_ports: Optional[bool] = None,
                       allow_global_access: Optional[bool] = None,
                       allow_psc_global_access: Optional[bool] = None,
                       backend_service: Optional[str] = None,
                       description: Optional[str] = None,
                       ip_address: Optional[str] = None,
                       ip_protocol: Optional[str] = None,
                       ip_version: Optional[str] = None,
                       is_mirroring_collector: Optional[bool] = None,
                       labels: Optional[Mapping[str, str]] = None,
                       load_balancing_scheme: Optional[str] = None,
                       name: Optional[str] = None,
                       network: Optional[str] = None,
                       network_tier: Optional[str] = None,
                       no_automate_dns_zone: Optional[bool] = None,
                       port_range: Optional[str] = None,
                       ports: Optional[Sequence[str]] = None,
                       project: Optional[str] = None,
                       region: Optional[str] = None,
                       service_directory_registrations: Optional[Sequence[ForwardingRuleServiceDirectoryRegistrationArgs]] = None,
                       service_label: Optional[str] = None,
                       source_ip_ranges: Optional[Sequence[str]] = None,
                       subnetwork: Optional[str] = None,
                       target: Optional[str] = None)
    @overload
    def ForwardingRule(resource_name: str,
                       args: Optional[ForwardingRuleArgs] = None,
                       opts: Optional[ResourceOptions] = None)
    func NewForwardingRule(ctx *Context, name string, args *ForwardingRuleArgs, opts ...ResourceOption) (*ForwardingRule, error)
    public ForwardingRule(string name, ForwardingRuleArgs? args = null, CustomResourceOptions? opts = null)
    public ForwardingRule(String name, ForwardingRuleArgs args)
    public ForwardingRule(String name, ForwardingRuleArgs args, CustomResourceOptions options)
    
    type: gcp:compute:ForwardingRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ForwardingRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    ForwardingRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ForwardingRule resource accepts the following input properties:

    AllPorts bool

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. This option should be set to TRUE when the Forwarding Rule IPProtocol is set to L3_DEFAULT. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.
    AllowGlobalAccess bool

    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

    AllowPscGlobalAccess bool

    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

    BackendService string

    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

    Description string

    An optional description of this resource. Provide this property when you create the resource.

    IpAddress string

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    IpProtocol string

    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

    IpVersion string

    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.

    IsMirroringCollector bool

    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

    Labels Dictionary<string, string>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    LoadBalancingScheme string

    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

    Name string

    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    Network string

    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

    NetworkTier string

    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

    NoAutomateDnsZone bool

    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.

    PortRange string

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

    Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

    Ports List<string>

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, internal protocol forwarding and when protocol is not L3_DEFAULT.

    You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

    Project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    Region string

    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

    ServiceDirectoryRegistrations List<ForwardingRuleServiceDirectoryRegistration>

    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

    ServiceLabel string

    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

    SourceIpRanges List<string>

    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

    Subnetwork string

    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

    Target string

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    AllPorts bool

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. This option should be set to TRUE when the Forwarding Rule IPProtocol is set to L3_DEFAULT. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.
    AllowGlobalAccess bool

    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

    AllowPscGlobalAccess bool

    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

    BackendService string

    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

    Description string

    An optional description of this resource. Provide this property when you create the resource.

    IpAddress string

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    IpProtocol string

    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

    IpVersion string

    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.

    IsMirroringCollector bool

    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

    Labels map[string]string

    Labels to apply to this forwarding rule. A list of key->value pairs.

    LoadBalancingScheme string

    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

    Name string

    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    Network string

    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

    NetworkTier string

    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

    NoAutomateDnsZone bool

    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.

    PortRange string

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

    Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

    Ports []string

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, internal protocol forwarding and when protocol is not L3_DEFAULT.

    You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

    Project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    Region string

    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

    ServiceDirectoryRegistrations []ForwardingRuleServiceDirectoryRegistrationArgs

    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

    ServiceLabel string

    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

    SourceIpRanges []string

    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

    Subnetwork string

    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

    Target string

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    allPorts Boolean

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. This option should be set to TRUE when the Forwarding Rule IPProtocol is set to L3_DEFAULT. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.
    allowGlobalAccess Boolean

    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

    allowPscGlobalAccess Boolean

    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

    backendService String

    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

    description String

    An optional description of this resource. Provide this property when you create the resource.

    ipAddress String

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ipProtocol String

    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

    ipVersion String

    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.

    isMirroringCollector Boolean

    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

    labels Map<String,String>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    loadBalancingScheme String

    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

    name String

    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network String

    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

    networkTier String

    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

    noAutomateDnsZone Boolean

    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.

    portRange String

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

    Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

    ports List<String>

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, internal protocol forwarding and when protocol is not L3_DEFAULT.

    You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

    project String

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    region String

    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

    serviceDirectoryRegistrations List<ForwardingRuleServiceDirectoryRegistration>

    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

    serviceLabel String

    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

    sourceIpRanges List<String>

    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

    subnetwork String

    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

    target String

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    allPorts boolean

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. This option should be set to TRUE when the Forwarding Rule IPProtocol is set to L3_DEFAULT. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.
    allowGlobalAccess boolean

    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

    allowPscGlobalAccess boolean

    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

    backendService string

    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

    description string

    An optional description of this resource. Provide this property when you create the resource.

    ipAddress string

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ipProtocol string

    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

    ipVersion string

    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.

    isMirroringCollector boolean

    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

    labels {[key: string]: string}

    Labels to apply to this forwarding rule. A list of key->value pairs.

    loadBalancingScheme string

    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

    name string

    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network string

    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

    networkTier string

    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

    noAutomateDnsZone boolean

    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.

    portRange string

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

    Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

    ports string[]

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, internal protocol forwarding and when protocol is not L3_DEFAULT.

    You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

    project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    region string

    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

    serviceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistration[]

    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

    serviceLabel string

    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

    sourceIpRanges string[]

    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

    subnetwork string

    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

    target string

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    all_ports bool

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. This option should be set to TRUE when the Forwarding Rule IPProtocol is set to L3_DEFAULT. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.
    allow_global_access bool

    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

    allow_psc_global_access bool

    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

    backend_service str

    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

    description str

    An optional description of this resource. Provide this property when you create the resource.

    ip_address str

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ip_protocol str

    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

    ip_version str

    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.

    is_mirroring_collector bool

    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

    labels Mapping[str, str]

    Labels to apply to this forwarding rule. A list of key->value pairs.

    load_balancing_scheme str

    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

    name str

    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network str

    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

    network_tier str

    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

    no_automate_dns_zone bool

    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.

    port_range str

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

    Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

    ports Sequence[str]

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, internal protocol forwarding and when protocol is not L3_DEFAULT.

    You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

    project str

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    region str

    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

    service_directory_registrations Sequence[ForwardingRuleServiceDirectoryRegistrationArgs]

    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

    service_label str

    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

    source_ip_ranges Sequence[str]

    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

    subnetwork str

    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

    target str

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    allPorts Boolean

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. This option should be set to TRUE when the Forwarding Rule IPProtocol is set to L3_DEFAULT. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.
    allowGlobalAccess Boolean

    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

    allowPscGlobalAccess Boolean

    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

    backendService String

    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

    description String

    An optional description of this resource. Provide this property when you create the resource.

    ipAddress String

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ipProtocol String

    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

    ipVersion String

    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.

    isMirroringCollector Boolean

    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

    labels Map<String>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    loadBalancingScheme String

    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

    name String

    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network String

    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

    networkTier String

    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

    noAutomateDnsZone Boolean

    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.

    portRange String

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

    Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

    ports List<String>

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, internal protocol forwarding and when protocol is not L3_DEFAULT.

    You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

    project String

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    region String

    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

    serviceDirectoryRegistrations List<Property Map>

    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

    serviceLabel String

    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

    sourceIpRanges List<String>

    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

    subnetwork String

    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

    target String

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ForwardingRule resource produces the following output properties:

    BaseForwardingRule string

    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

    CreationTimestamp string

    Creation timestamp in RFC3339 text format.

    Id string

    The provider-assigned unique ID for this managed resource.

    LabelFingerprint string

    The fingerprint used for optimistic locking of this resource. Used internally during updates.

    PscConnectionId string

    The PSC connection id of the PSC Forwarding Rule.

    PscConnectionStatus string

    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

    SelfLink string

    The URI of the created resource.

    ServiceName string

    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

    BaseForwardingRule string

    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

    CreationTimestamp string

    Creation timestamp in RFC3339 text format.

    Id string

    The provider-assigned unique ID for this managed resource.

    LabelFingerprint string

    The fingerprint used for optimistic locking of this resource. Used internally during updates.

    PscConnectionId string

    The PSC connection id of the PSC Forwarding Rule.

    PscConnectionStatus string

    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

    SelfLink string

    The URI of the created resource.

    ServiceName string

    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

    baseForwardingRule String

    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

    creationTimestamp String

    Creation timestamp in RFC3339 text format.

    id String

    The provider-assigned unique ID for this managed resource.

    labelFingerprint String

    The fingerprint used for optimistic locking of this resource. Used internally during updates.

    pscConnectionId String

    The PSC connection id of the PSC Forwarding Rule.

    pscConnectionStatus String

    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

    selfLink String

    The URI of the created resource.

    serviceName String

    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

    baseForwardingRule string

    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

    creationTimestamp string

    Creation timestamp in RFC3339 text format.

    id string

    The provider-assigned unique ID for this managed resource.

    labelFingerprint string

    The fingerprint used for optimistic locking of this resource. Used internally during updates.

    pscConnectionId string

    The PSC connection id of the PSC Forwarding Rule.

    pscConnectionStatus string

    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

    selfLink string

    The URI of the created resource.

    serviceName string

    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

    base_forwarding_rule str

    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

    creation_timestamp str

    Creation timestamp in RFC3339 text format.

    id str

    The provider-assigned unique ID for this managed resource.

    label_fingerprint str

    The fingerprint used for optimistic locking of this resource. Used internally during updates.

    psc_connection_id str

    The PSC connection id of the PSC Forwarding Rule.

    psc_connection_status str

    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

    self_link str

    The URI of the created resource.

    service_name str

    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

    baseForwardingRule String

    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

    creationTimestamp String

    Creation timestamp in RFC3339 text format.

    id String

    The provider-assigned unique ID for this managed resource.

    labelFingerprint String

    The fingerprint used for optimistic locking of this resource. Used internally during updates.

    pscConnectionId String

    The PSC connection id of the PSC Forwarding Rule.

    pscConnectionStatus String

    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

    selfLink String

    The URI of the created resource.

    serviceName String

    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

    Look up Existing ForwardingRule Resource

    Get an existing ForwardingRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ForwardingRuleState, opts?: CustomResourceOptions): ForwardingRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            all_ports: Optional[bool] = None,
            allow_global_access: Optional[bool] = None,
            allow_psc_global_access: Optional[bool] = None,
            backend_service: Optional[str] = None,
            base_forwarding_rule: Optional[str] = None,
            creation_timestamp: Optional[str] = None,
            description: Optional[str] = None,
            ip_address: Optional[str] = None,
            ip_protocol: Optional[str] = None,
            ip_version: Optional[str] = None,
            is_mirroring_collector: Optional[bool] = None,
            label_fingerprint: Optional[str] = None,
            labels: Optional[Mapping[str, str]] = None,
            load_balancing_scheme: Optional[str] = None,
            name: Optional[str] = None,
            network: Optional[str] = None,
            network_tier: Optional[str] = None,
            no_automate_dns_zone: Optional[bool] = None,
            port_range: Optional[str] = None,
            ports: Optional[Sequence[str]] = None,
            project: Optional[str] = None,
            psc_connection_id: Optional[str] = None,
            psc_connection_status: Optional[str] = None,
            region: Optional[str] = None,
            self_link: Optional[str] = None,
            service_directory_registrations: Optional[Sequence[ForwardingRuleServiceDirectoryRegistrationArgs]] = None,
            service_label: Optional[str] = None,
            service_name: Optional[str] = None,
            source_ip_ranges: Optional[Sequence[str]] = None,
            subnetwork: Optional[str] = None,
            target: Optional[str] = None) -> ForwardingRule
    func GetForwardingRule(ctx *Context, name string, id IDInput, state *ForwardingRuleState, opts ...ResourceOption) (*ForwardingRule, error)
    public static ForwardingRule Get(string name, Input<string> id, ForwardingRuleState? state, CustomResourceOptions? opts = null)
    public static ForwardingRule get(String name, Output<String> id, ForwardingRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    AllPorts bool

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. This option should be set to TRUE when the Forwarding Rule IPProtocol is set to L3_DEFAULT. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.
    AllowGlobalAccess bool

    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

    AllowPscGlobalAccess bool

    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

    BackendService string

    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

    BaseForwardingRule string

    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

    CreationTimestamp string

    Creation timestamp in RFC3339 text format.

    Description string

    An optional description of this resource. Provide this property when you create the resource.

    IpAddress string

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    IpProtocol string

    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

    IpVersion string

    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.

    IsMirroringCollector bool

    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

    LabelFingerprint string

    The fingerprint used for optimistic locking of this resource. Used internally during updates.

    Labels Dictionary<string, string>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    LoadBalancingScheme string

    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

    Name string

    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    Network string

    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

    NetworkTier string

    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

    NoAutomateDnsZone bool

    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.

    PortRange string

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

    Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

    Ports List<string>

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, internal protocol forwarding and when protocol is not L3_DEFAULT.

    You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

    Project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    PscConnectionId string

    The PSC connection id of the PSC Forwarding Rule.

    PscConnectionStatus string

    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

    Region string

    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

    SelfLink string

    The URI of the created resource.

    ServiceDirectoryRegistrations List<ForwardingRuleServiceDirectoryRegistration>

    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

    ServiceLabel string

    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

    ServiceName string

    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

    SourceIpRanges List<string>

    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

    Subnetwork string

    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

    Target string

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    AllPorts bool

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. This option should be set to TRUE when the Forwarding Rule IPProtocol is set to L3_DEFAULT. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.
    AllowGlobalAccess bool

    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

    AllowPscGlobalAccess bool

    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

    BackendService string

    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

    BaseForwardingRule string

    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

    CreationTimestamp string

    Creation timestamp in RFC3339 text format.

    Description string

    An optional description of this resource. Provide this property when you create the resource.

    IpAddress string

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    IpProtocol string

    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

    IpVersion string

    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.

    IsMirroringCollector bool

    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

    LabelFingerprint string

    The fingerprint used for optimistic locking of this resource. Used internally during updates.

    Labels map[string]string

    Labels to apply to this forwarding rule. A list of key->value pairs.

    LoadBalancingScheme string

    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

    Name string

    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    Network string

    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

    NetworkTier string

    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

    NoAutomateDnsZone bool

    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.

    PortRange string

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

    Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

    Ports []string

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, internal protocol forwarding and when protocol is not L3_DEFAULT.

    You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

    Project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    PscConnectionId string

    The PSC connection id of the PSC Forwarding Rule.

    PscConnectionStatus string

    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

    Region string

    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

    SelfLink string

    The URI of the created resource.

    ServiceDirectoryRegistrations []ForwardingRuleServiceDirectoryRegistrationArgs

    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

    ServiceLabel string

    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

    ServiceName string

    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

    SourceIpRanges []string

    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

    Subnetwork string

    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

    Target string

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    allPorts Boolean

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. This option should be set to TRUE when the Forwarding Rule IPProtocol is set to L3_DEFAULT. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.
    allowGlobalAccess Boolean

    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

    allowPscGlobalAccess Boolean

    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

    backendService String

    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

    baseForwardingRule String

    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

    creationTimestamp String

    Creation timestamp in RFC3339 text format.

    description String

    An optional description of this resource. Provide this property when you create the resource.

    ipAddress String

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ipProtocol String

    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

    ipVersion String

    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.

    isMirroringCollector Boolean

    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

    labelFingerprint String

    The fingerprint used for optimistic locking of this resource. Used internally during updates.

    labels Map<String,String>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    loadBalancingScheme String

    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

    name String

    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network String

    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

    networkTier String

    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

    noAutomateDnsZone Boolean

    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.

    portRange String

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

    Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

    ports List<String>

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, internal protocol forwarding and when protocol is not L3_DEFAULT.

    You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

    project String

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    pscConnectionId String

    The PSC connection id of the PSC Forwarding Rule.

    pscConnectionStatus String

    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

    region String

    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

    selfLink String

    The URI of the created resource.

    serviceDirectoryRegistrations List<ForwardingRuleServiceDirectoryRegistration>

    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

    serviceLabel String

    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

    serviceName String

    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

    sourceIpRanges List<String>

    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

    subnetwork String

    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

    target String

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    allPorts boolean

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. This option should be set to TRUE when the Forwarding Rule IPProtocol is set to L3_DEFAULT. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.
    allowGlobalAccess boolean

    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

    allowPscGlobalAccess boolean

    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

    backendService string

    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

    baseForwardingRule string

    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

    creationTimestamp string

    Creation timestamp in RFC3339 text format.

    description string

    An optional description of this resource. Provide this property when you create the resource.

    ipAddress string

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ipProtocol string

    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

    ipVersion string

    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.

    isMirroringCollector boolean

    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

    labelFingerprint string

    The fingerprint used for optimistic locking of this resource. Used internally during updates.

    labels {[key: string]: string}

    Labels to apply to this forwarding rule. A list of key->value pairs.

    loadBalancingScheme string

    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

    name string

    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network string

    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

    networkTier string

    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

    noAutomateDnsZone boolean

    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.

    portRange string

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

    Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

    ports string[]

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, internal protocol forwarding and when protocol is not L3_DEFAULT.

    You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

    project string

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    pscConnectionId string

    The PSC connection id of the PSC Forwarding Rule.

    pscConnectionStatus string

    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

    region string

    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

    selfLink string

    The URI of the created resource.

    serviceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistration[]

    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

    serviceLabel string

    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

    serviceName string

    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

    sourceIpRanges string[]

    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

    subnetwork string

    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

    target string

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    all_ports bool

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. This option should be set to TRUE when the Forwarding Rule IPProtocol is set to L3_DEFAULT. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.
    allow_global_access bool

    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

    allow_psc_global_access bool

    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

    backend_service str

    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

    base_forwarding_rule str

    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

    creation_timestamp str

    Creation timestamp in RFC3339 text format.

    description str

    An optional description of this resource. Provide this property when you create the resource.

    ip_address str

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ip_protocol str

    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

    ip_version str

    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.

    is_mirroring_collector bool

    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

    label_fingerprint str

    The fingerprint used for optimistic locking of this resource. Used internally during updates.

    labels Mapping[str, str]

    Labels to apply to this forwarding rule. A list of key->value pairs.

    load_balancing_scheme str

    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

    name str

    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network str

    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

    network_tier str

    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

    no_automate_dns_zone bool

    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.

    port_range str

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

    Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

    ports Sequence[str]

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, internal protocol forwarding and when protocol is not L3_DEFAULT.

    You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

    project str

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    psc_connection_id str

    The PSC connection id of the PSC Forwarding Rule.

    psc_connection_status str

    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

    region str

    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

    self_link str

    The URI of the created resource.

    service_directory_registrations Sequence[ForwardingRuleServiceDirectoryRegistrationArgs]

    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

    service_label str

    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

    service_name str

    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

    source_ip_ranges Sequence[str]

    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

    subnetwork str

    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

    target str

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    allPorts Boolean

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. This option should be set to TRUE when the Forwarding Rule IPProtocol is set to L3_DEFAULT. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.
    allowGlobalAccess Boolean

    This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

    allowPscGlobalAccess Boolean

    This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

    backendService String

    Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

    baseForwardingRule String

    [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

    creationTimestamp String

    Creation timestamp in RFC3339 text format.

    description String

    An optional description of this resource. Provide this property when you create the resource.

    ipAddress String

    IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

    • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
    • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

    Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

    • IP address number, as in 100.1.2.3
    • IPv6 address range, as in 2600:1234::/96
    • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
    • Partial URL or by name, as in:
    • projects/project_id/regions/region/addresses/address-name
    • regions/region/addresses/address-name
    • global/addresses/address-name
    • address-name

    The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

    ipProtocol String

    The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

    ipVersion String

    The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: IPV4, IPV6.

    isMirroringCollector Boolean

    Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

    labelFingerprint String

    The fingerprint used for optimistic locking of this resource. Used internally during updates.

    labels Map<String>

    Labels to apply to this forwarding rule. A list of key->value pairs.

    loadBalancingScheme String

    Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

    name String

    Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


    network String

    This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

    networkTier String

    This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

    noAutomateDnsZone Boolean

    This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.

    portRange String

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

    Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

    ports List<String>

    This field can only be used:

    • If IPProtocol is one of TCP, UDP, or SCTP.
    • By internal TCP/UDP load balancers, backend service-based network load balancers, internal protocol forwarding and when protocol is not L3_DEFAULT.

    You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

    project String

    The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

    pscConnectionId String

    The PSC connection id of the PSC Forwarding Rule.

    pscConnectionStatus String

    The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

    region String

    A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

    selfLink String

    The URI of the created resource.

    serviceDirectoryRegistrations List<Property Map>

    Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

    serviceLabel String

    An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

    serviceName String

    The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

    sourceIpRanges List<String>

    If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

    subnetwork String

    This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

    target String

    The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

    For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

    Supporting Types

    ForwardingRuleServiceDirectoryRegistration, ForwardingRuleServiceDirectoryRegistrationArgs

    Namespace string

    Service Directory namespace to register the forwarding rule under.

    Service string

    Service Directory service to register the forwarding rule under.

    Namespace string

    Service Directory namespace to register the forwarding rule under.

    Service string

    Service Directory service to register the forwarding rule under.

    namespace String

    Service Directory namespace to register the forwarding rule under.

    service String

    Service Directory service to register the forwarding rule under.

    namespace string

    Service Directory namespace to register the forwarding rule under.

    service string

    Service Directory service to register the forwarding rule under.

    namespace str

    Service Directory namespace to register the forwarding rule under.

    service str

    Service Directory service to register the forwarding rule under.

    namespace String

    Service Directory namespace to register the forwarding rule under.

    service String

    Service Directory service to register the forwarding rule under.

    Import

    ForwardingRule can be imported using any of these accepted formats

     $ pulumi import gcp:compute/forwardingRule:ForwardingRule default projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}
    
     $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{project}}/{{region}}/{{name}}
    
     $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{region}}/{{name}}
    
     $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{name}}
    

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the google-beta Terraform Provider.

    gcp logo
    Google Cloud Classic v6.67.0 published on Wednesday, Sep 27, 2023 by Pulumi