gcp.compute.ForwardingRule

Explore with Pulumi AI

A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, portRange] tuple.

To get more information about ForwardingRule, see:

Example Usage

Internal Http Lb With Mig Backend

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.RegionInstanceGroupManager;
import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
import com.pulumi.gcp.compute.RegionUrlMap;
import com.pulumi.gcp.compute.RegionUrlMapArgs;
import com.pulumi.gcp.compute.RegionTargetHttpProxy;
import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.gcp.compute.Instance;
import com.pulumi.gcp.compute.InstanceArgs;
import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var ilbNetwork = new Network("ilbNetwork", NetworkArgs.builder()        
            .autoCreateSubnetworks(false)
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var proxySubnet = new Subnetwork("proxySubnet", SubnetworkArgs.builder()        
            .ipCidrRange("10.0.0.0/24")
            .region("europe-west1")
            .purpose("INTERNAL_HTTPS_LOAD_BALANCER")
            .role("ACTIVE")
            .network(ilbNetwork.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var ilbSubnet = new Subnetwork("ilbSubnet", SubnetworkArgs.builder()        
            .ipCidrRange("10.0.1.0/24")
            .region("europe-west1")
            .network(ilbNetwork.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
            .region("europe-west1")
            .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                .portSpecification("USE_SERVING_PORT")
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
            .machineType("e2-small")
            .tags("http-server")
            .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                .network(ilbNetwork.id())
                .subnetwork(ilbSubnet.id())
                .accessConfigs()
                .build())
            .disks(InstanceTemplateDiskArgs.builder()
                .sourceImage("debian-cloud/debian-10")
                .autoDelete(true)
                .boot(true)
                .build())
            .metadata(Map.of("startup-script", """
#! /bin/bash
set -euo pipefail

export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq

NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')

cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
            """))
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var mig = new RegionInstanceGroupManager("mig", RegionInstanceGroupManagerArgs.builder()        
            .region("europe-west1")
            .versions(RegionInstanceGroupManagerVersionArgs.builder()
                .instanceTemplate(instanceTemplate.id())
                .name("primary")
                .build())
            .baseInstanceName("vm")
            .targetSize(2)
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()        
            .region("europe-west1")
            .protocol("HTTP")
            .loadBalancingScheme("INTERNAL_MANAGED")
            .timeoutSec(10)
            .healthChecks(defaultRegionHealthCheck.id())
            .backends(RegionBackendServiceBackendArgs.builder()
                .group(mig.instanceGroup())
                .balancingMode("UTILIZATION")
                .capacityScaler(1)
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()        
            .region("europe-west1")
            .defaultService(defaultRegionBackendService.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()        
            .region("europe-west1")
            .urlMap(defaultRegionUrlMap.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var googleComputeForwardingRule = new ForwardingRule("googleComputeForwardingRule", ForwardingRuleArgs.builder()        
            .region("europe-west1")
            .ipProtocol("TCP")
            .loadBalancingScheme("INTERNAL_MANAGED")
            .portRange("80")
            .target(defaultRegionTargetHttpProxy.id())
            .network(ilbNetwork.id())
            .subnetwork(ilbSubnet.id())
            .networkTier("PREMIUM")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .dependsOn(proxySubnet)
                .build());

        var fw_iap = new Firewall("fw-iap", FirewallArgs.builder()        
            .direction("INGRESS")
            .network(ilbNetwork.id())
            .sourceRanges(            
                "130.211.0.0/22",
                "35.191.0.0/16",
                "35.235.240.0/20")
            .allows(FirewallAllowArgs.builder()
                .protocol("tcp")
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var fw_ilb_to_backends = new Firewall("fw-ilb-to-backends", FirewallArgs.builder()        
            .direction("INGRESS")
            .network(ilbNetwork.id())
            .sourceRanges("10.0.0.0/24")
            .targetTags("http-server")
            .allows(FirewallAllowArgs.builder()
                .protocol("tcp")
                .ports(                
                    "80",
                    "443",
                    "8080")
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var vm_test = new Instance("vm-test", InstanceArgs.builder()        
            .zone("europe-west1-b")
            .machineType("e2-small")
            .networkInterfaces(InstanceNetworkInterfaceArgs.builder()
                .network(ilbNetwork.id())
                .subnetwork(ilbSubnet.id())
                .build())
            .bootDisk(InstanceBootDiskArgs.builder()
                .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
                    .image("debian-cloud/debian-10")
                    .build())
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

    }
}

Coming soon!

Coming soon!

resources:
  # Internal HTTP load balancer with a managed instance group backend

  # VPC network
  ilbNetwork:
    type: gcp:compute:Network
    properties:
      autoCreateSubnetworks: false
    options:
      provider: ${["google-beta"]}
  # proxy-only subnet
  proxySubnet:
    type: gcp:compute:Subnetwork
    properties:
      ipCidrRange: 10.0.0.0/24
      region: europe-west1
      purpose: INTERNAL_HTTPS_LOAD_BALANCER
      role: ACTIVE
      network: ${ilbNetwork.id}
    options:
      provider: ${["google-beta"]}
  # backend subnet
  ilbSubnet:
    type: gcp:compute:Subnetwork
    properties:
      ipCidrRange: 10.0.1.0/24
      region: europe-west1
      network: ${ilbNetwork.id}
    options:
      provider: ${["google-beta"]}
  # forwarding rule
  googleComputeForwardingRule:
    type: gcp:compute:ForwardingRule
    properties:
      region: europe-west1
      ipProtocol: TCP
      loadBalancingScheme: INTERNAL_MANAGED
      portRange: '80'
      target: ${defaultRegionTargetHttpProxy.id}
      network: ${ilbNetwork.id}
      subnetwork: ${ilbSubnet.id}
      networkTier: PREMIUM
    options:
      provider: ${["google-beta"]}
      dependson:
        - ${proxySubnet}
  # HTTP target proxy
  defaultRegionTargetHttpProxy:
    type: gcp:compute:RegionTargetHttpProxy
    properties:
      region: europe-west1
      urlMap: ${defaultRegionUrlMap.id}
    options:
      provider: ${["google-beta"]}
  # URL map
  defaultRegionUrlMap:
    type: gcp:compute:RegionUrlMap
    properties:
      region: europe-west1
      defaultService: ${defaultRegionBackendService.id}
    options:
      provider: ${["google-beta"]}
  # backend service
  defaultRegionBackendService:
    type: gcp:compute:RegionBackendService
    properties:
      region: europe-west1
      protocol: HTTP
      loadBalancingScheme: INTERNAL_MANAGED
      timeoutSec: 10
      healthChecks:
        - ${defaultRegionHealthCheck.id}
      backends:
        - group: ${mig.instanceGroup}
          balancingMode: UTILIZATION
          capacityScaler: 1
    options:
      provider: ${["google-beta"]}
  # instance template
  instanceTemplate:
    type: gcp:compute:InstanceTemplate
    properties:
      machineType: e2-small
      tags:
        - http-server
      networkInterfaces:
        - network: ${ilbNetwork.id}
          subnetwork: ${ilbSubnet.id}
          accessConfigs:
            - {}
      disks:
        - sourceImage: debian-cloud/debian-10
          autoDelete: true
          boot: true
      # install nginx and serve a simple web page
      metadata:
        startup-script: |
          #! /bin/bash
          set -euo pipefail

          export DEBIAN_FRONTEND=noninteractive
          apt-get update
          apt-get install -y nginx-light jq

          NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
          IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
          METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')

          cat <<EOF > /var/www/html/index.html
          <pre>
          Name: $NAME
          IP: $IP
          Metadata: $METADATA
          </pre>
          EOF          
    options:
      provider: ${["google-beta"]}
  # health check
  defaultRegionHealthCheck:
    type: gcp:compute:RegionHealthCheck
    properties:
      region: europe-west1
      httpHealthCheck:
        portSpecification: USE_SERVING_PORT
    options:
      provider: ${["google-beta"]}
  # MIG
  mig:
    type: gcp:compute:RegionInstanceGroupManager
    properties:
      region: europe-west1
      versions:
        - instanceTemplate: ${instanceTemplate.id}
          name: primary
      baseInstanceName: vm
      targetSize: 2
    options:
      provider: ${["google-beta"]}
  # allow all access from IAP and health check ranges
  fw-iap:
    type: gcp:compute:Firewall
    properties:
      direction: INGRESS
      network: ${ilbNetwork.id}
      sourceRanges:
        - 130.211.0.0/22
        - 35.191.0.0/16
        - 35.235.240.0/20
      allows:
        - protocol: tcp
    options:
      provider: ${["google-beta"]}
  # allow http from proxy subnet to backends
  fw-ilb-to-backends:
    type: gcp:compute:Firewall
    properties:
      direction: INGRESS
      network: ${ilbNetwork.id}
      sourceRanges:
        - 10.0.0.0/24
      targetTags:
        - http-server
      allows:
        - protocol: tcp
          ports:
            - '80'
            - '443'
            - '8080'
    options:
      provider: ${["google-beta"]}
  # test instance
  vm-test:
    type: gcp:compute:Instance
    properties:
      zone: europe-west1-b
      machineType: e2-small
      networkInterfaces:
        - network: ${ilbNetwork.id}
          subnetwork: ${ilbSubnet.id}
      bootDisk:
        initializeParams:
          image: debian-cloud/debian-10
    options:
      provider: ${["google-beta"]}

Internal Tcp Udp Lb With Mig Backend

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.RegionInstanceGroupManager;
import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.gcp.compute.Instance;
import com.pulumi.gcp.compute.InstanceArgs;
import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs;
import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var ilbNetwork = new Network("ilbNetwork", NetworkArgs.builder()        
            .autoCreateSubnetworks(false)
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var ilbSubnet = new Subnetwork("ilbSubnet", SubnetworkArgs.builder()        
            .ipCidrRange("10.0.1.0/24")
            .region("europe-west1")
            .network(ilbNetwork.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
            .region("europe-west1")
            .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                .port("80")
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
            .machineType("e2-small")
            .tags(            
                "allow-ssh",
                "allow-health-check")
            .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                .network(ilbNetwork.id())
                .subnetwork(ilbSubnet.id())
                .accessConfigs()
                .build())
            .disks(InstanceTemplateDiskArgs.builder()
                .sourceImage("debian-cloud/debian-10")
                .autoDelete(true)
                .boot(true)
                .build())
            .metadata(Map.of("startup-script", """
#! /bin/bash
set -euo pipefail

export DEBIAN_FRONTEND=noninteractive
apt-get update
apt-get install -y nginx-light jq

NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')

cat <<EOF > /var/www/html/index.html
<pre>
Name: $NAME
IP: $IP
Metadata: $METADATA
</pre>
EOF
            """))
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var mig = new RegionInstanceGroupManager("mig", RegionInstanceGroupManagerArgs.builder()        
            .region("europe-west1")
            .versions(RegionInstanceGroupManagerVersionArgs.builder()
                .instanceTemplate(instanceTemplate.id())
                .name("primary")
                .build())
            .baseInstanceName("vm")
            .targetSize(2)
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()        
            .region("europe-west1")
            .protocol("TCP")
            .loadBalancingScheme("INTERNAL")
            .healthChecks(defaultRegionHealthCheck.id())
            .backends(RegionBackendServiceBackendArgs.builder()
                .group(mig.instanceGroup())
                .balancingMode("CONNECTION")
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var googleComputeForwardingRule = new ForwardingRule("googleComputeForwardingRule", ForwardingRuleArgs.builder()        
            .backendService(defaultRegionBackendService.id())
            .region("europe-west1")
            .ipProtocol("TCP")
            .loadBalancingScheme("INTERNAL")
            .allPorts(true)
            .allowGlobalAccess(true)
            .network(ilbNetwork.id())
            .subnetwork(ilbSubnet.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var fwHc = new Firewall("fwHc", FirewallArgs.builder()        
            .direction("INGRESS")
            .network(ilbNetwork.id())
            .sourceRanges(            
                "130.211.0.0/22",
                "35.191.0.0/16",
                "35.235.240.0/20")
            .allows(FirewallAllowArgs.builder()
                .protocol("tcp")
                .build())
            .targetTags("allow-health-check")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var fwIlbToBackends = new Firewall("fwIlbToBackends", FirewallArgs.builder()        
            .direction("INGRESS")
            .network(ilbNetwork.id())
            .sourceRanges("10.0.1.0/24")
            .allows(            
                FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build(),
                FirewallAllowArgs.builder()
                    .protocol("udp")
                    .build(),
                FirewallAllowArgs.builder()
                    .protocol("icmp")
                    .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var fwIlbSsh = new Firewall("fwIlbSsh", FirewallArgs.builder()        
            .direction("INGRESS")
            .network(ilbNetwork.id())
            .allows(FirewallAllowArgs.builder()
                .protocol("tcp")
                .ports("22")
                .build())
            .targetTags("allow-ssh")
            .sourceRanges("0.0.0.0/0")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var vmTest = new Instance("vmTest", InstanceArgs.builder()        
            .zone("europe-west1-b")
            .machineType("e2-small")
            .networkInterfaces(InstanceNetworkInterfaceArgs.builder()
                .network(ilbNetwork.id())
                .subnetwork(ilbSubnet.id())
                .build())
            .bootDisk(InstanceBootDiskArgs.builder()
                .initializeParams(InstanceBootDiskInitializeParamsArgs.builder()
                    .image("debian-cloud/debian-10")
                    .build())
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

    }
}

Coming soon!

Coming soon!

resources:
  # Internal TCP/UDP load balancer with a managed instance group backend

  # VPC
  ilbNetwork:
    type: gcp:compute:Network
    properties:
      autoCreateSubnetworks: false
    options:
      provider: ${["google-beta"]}
  # backed subnet
  ilbSubnet:
    type: gcp:compute:Subnetwork
    properties:
      ipCidrRange: 10.0.1.0/24
      region: europe-west1
      network: ${ilbNetwork.id}
    options:
      provider: ${["google-beta"]}
  # forwarding rule
  googleComputeForwardingRule:
    type: gcp:compute:ForwardingRule
    properties:
      backendService: ${defaultRegionBackendService.id}
      region: europe-west1
      ipProtocol: TCP
      loadBalancingScheme: INTERNAL
      allPorts: true
      allowGlobalAccess: true
      network: ${ilbNetwork.id}
      subnetwork: ${ilbSubnet.id}
    options:
      provider: ${["google-beta"]}
  # backend service
  defaultRegionBackendService:
    type: gcp:compute:RegionBackendService
    properties:
      region: europe-west1
      protocol: TCP
      loadBalancingScheme: INTERNAL
      healthChecks:
        - ${defaultRegionHealthCheck.id}
      backends:
        - group: ${mig.instanceGroup}
          balancingMode: CONNECTION
    options:
      provider: ${["google-beta"]}
  # instance template
  instanceTemplate:
    type: gcp:compute:InstanceTemplate
    properties:
      machineType: e2-small
      tags:
        - allow-ssh
        - allow-health-check
      networkInterfaces:
        - network: ${ilbNetwork.id}
          subnetwork: ${ilbSubnet.id}
          accessConfigs:
            - {}
      disks:
        - sourceImage: debian-cloud/debian-10
          autoDelete: true
          boot: true
      # install nginx and serve a simple web page
      metadata:
        startup-script: |
          #! /bin/bash
          set -euo pipefail

          export DEBIAN_FRONTEND=noninteractive
          apt-get update
          apt-get install -y nginx-light jq

          NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")
          IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")
          METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])')

          cat <<EOF > /var/www/html/index.html
          <pre>
          Name: $NAME
          IP: $IP
          Metadata: $METADATA
          </pre>
          EOF          
    options:
      provider: ${["google-beta"]}
  # health check
  defaultRegionHealthCheck:
    type: gcp:compute:RegionHealthCheck
    properties:
      region: europe-west1
      httpHealthCheck:
        port: '80'
    options:
      provider: ${["google-beta"]}
  # MIG
  mig:
    type: gcp:compute:RegionInstanceGroupManager
    properties:
      region: europe-west1
      versions:
        - instanceTemplate: ${instanceTemplate.id}
          name: primary
      baseInstanceName: vm
      targetSize: 2
    options:
      provider: ${["google-beta"]}
  # allow all access from health check ranges
  fwHc:
    type: gcp:compute:Firewall
    properties:
      direction: INGRESS
      network: ${ilbNetwork.id}
      sourceRanges:
        - 130.211.0.0/22
        - 35.191.0.0/16
        - 35.235.240.0/20
      allows:
        - protocol: tcp
      targetTags:
        - allow-health-check
    options:
      provider: ${["google-beta"]}
  # allow communication within the subnet
  fwIlbToBackends:
    type: gcp:compute:Firewall
    properties:
      direction: INGRESS
      network: ${ilbNetwork.id}
      sourceRanges:
        - 10.0.1.0/24
      allows:
        - protocol: tcp
        - protocol: udp
        - protocol: icmp
    options:
      provider: ${["google-beta"]}
  # allow SSH
  fwIlbSsh:
    type: gcp:compute:Firewall
    properties:
      direction: INGRESS
      network: ${ilbNetwork.id}
      allows:
        - protocol: tcp
          ports:
            - '22'
      targetTags:
        - allow-ssh
      sourceRanges:
        - 0.0.0.0/0
    options:
      provider: ${["google-beta"]}
  # test instance
  vmTest:
    type: gcp:compute:Instance
    properties:
      zone: europe-west1-b
      machineType: e2-small
      networkInterfaces:
        - network: ${ilbNetwork.id}
          subnetwork: ${ilbSubnet.id}
      bootDisk:
        initializeParams:
          image: debian-cloud/debian-10
    options:
      provider: ${["google-beta"]}

Forwarding Rule Externallb

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var hc = new RegionHealthCheck("hc", RegionHealthCheckArgs.builder()        
            .checkIntervalSec(1)
            .timeoutSec(1)
            .region("us-central1")
            .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()
                .port("80")
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()        
            .region("us-central1")
            .loadBalancingScheme("EXTERNAL")
            .healthChecks(hc.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
            .region("us-central1")
            .portRange(80)
            .backendService(backend.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

    }
}

Coming soon!

Coming soon!

resources:
  # Forwarding rule for External Network Load Balancing using Backend Services
  default:
    type: gcp:compute:ForwardingRule
    properties:
      region: us-central1
      portRange: 80
      backendService: ${backend.id}
    options:
      provider: ${["google-beta"]}
  backend:
    type: gcp:compute:RegionBackendService
    properties:
      region: us-central1
      loadBalancingScheme: EXTERNAL
      healthChecks:
        - ${hc.id}
    options:
      provider: ${["google-beta"]}
  hc:
    type: gcp:compute:RegionHealthCheck
    properties:
      checkIntervalSec: 1
      timeoutSec: 1
      region: us-central1
      tcpHealthCheck:
        port: '80'
    options:
      provider: ${["google-beta"]}

Forwarding Rule Global Internallb

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var defaultTargetPool = new Gcp.Compute.TargetPool("defaultTargetPool");

    var defaultForwardingRule = new Gcp.Compute.ForwardingRule("defaultForwardingRule", new()
    {
        Target = defaultTargetPool.Id,
        PortRange = "80",
    });

});
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		defaultTargetPool, err := compute.NewTargetPool(ctx, "defaultTargetPool", nil)
		if err != nil {
			return err
		}
		_, err = compute.NewForwardingRule(ctx, "defaultForwardingRule", &compute.ForwardingRuleArgs{
			Target:    defaultTargetPool.ID(),
			PortRange: pulumi.String("80"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var hc = new HealthCheck("hc", HealthCheckArgs.builder()        
            .checkIntervalSec(1)
            .timeoutSec(1)
            .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                .port("80")
                .build())
            .build());

        var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()        
            .region("us-central1")
            .healthChecks(hc.id())
            .build());

        var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
            .autoCreateSubnetworks(false)
            .build());

        var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
            .ipCidrRange("10.0.0.0/16")
            .region("us-central1")
            .network(defaultNetwork.id())
            .build());

        var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()        
            .region("us-central1")
            .loadBalancingScheme("INTERNAL")
            .backendService(backend.id())
            .allPorts(true)
            .allowGlobalAccess(true)
            .network(defaultNetwork.name())
            .subnetwork(defaultSubnetwork.name())
            .build());

    }
}
import pulumi
import pulumi_gcp as gcp

default_target_pool = gcp.compute.TargetPool("defaultTargetPool")
default_forwarding_rule = gcp.compute.ForwardingRule("defaultForwardingRule",
    target=default_target_pool.id,
    port_range="80")
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const defaultTargetPool = new gcp.compute.TargetPool("defaultTargetPool", {});
const defaultForwardingRule = new gcp.compute.ForwardingRule("defaultForwardingRule", {
    target: defaultTargetPool.id,
    portRange: "80",
});
resources:
  # Forwarding rule for Internal Load Balancing
  defaultForwardingRule:
    type: gcp:compute:ForwardingRule
    properties:
      region: us-central1
      loadBalancingScheme: INTERNAL
      backendService: ${backend.id}
      allPorts: true
      allowGlobalAccess: true
      network: ${defaultNetwork.name}
      subnetwork: ${defaultSubnetwork.name}
  backend:
    type: gcp:compute:RegionBackendService
    properties:
      region: us-central1
      healthChecks:
        - ${hc.id}
  hc:
    type: gcp:compute:HealthCheck
    properties:
      checkIntervalSec: 1
      timeoutSec: 1
      tcpHealthCheck:
        port: '80'
  defaultNetwork:
    type: gcp:compute:Network
    properties:
      autoCreateSubnetworks: false
  defaultSubnetwork:
    type: gcp:compute:Subnetwork
    properties:
      ipCidrRange: 10.0.0.0/16
      region: us-central1
      network: ${defaultNetwork.id}

Forwarding Rule Basic

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.TargetPool;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var defaultTargetPool = new TargetPool("defaultTargetPool");

        var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()        
            .target(defaultTargetPool.id())
            .portRange("80")
            .build());

    }
}

Coming soon!

Coming soon!

resources:
  defaultForwardingRule:
    type: gcp:compute:ForwardingRule
    properties:
      target: ${defaultTargetPool.id}
      portRange: '80'
  defaultTargetPool:
    type: gcp:compute:TargetPool

Forwarding Rule L3 Default

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var healthCheck = new RegionHealthCheck("healthCheck", RegionHealthCheckArgs.builder()        
            .region("us-central1")
            .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder()
                .port(80)
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var service = new RegionBackendService("service", RegionBackendServiceArgs.builder()        
            .region("us-central1")
            .healthChecks(healthCheck.id())
            .protocol("UNSPECIFIED")
            .loadBalancingScheme("EXTERNAL")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var fwdRule = new ForwardingRule("fwdRule", ForwardingRuleArgs.builder()        
            .backendService(service.id())
            .ipProtocol("L3_DEFAULT")
            .allPorts(true)
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

    }
}

Coming soon!

Coming soon!

resources:
  fwdRule:
    type: gcp:compute:ForwardingRule
    properties:
      backendService: ${service.id}
      ipProtocol: L3_DEFAULT
      allPorts: true
    options:
      provider: ${["google-beta"]}
  service:
    type: gcp:compute:RegionBackendService
    properties:
      region: us-central1
      healthChecks:
        - ${healthCheck.id}
      protocol: UNSPECIFIED
      loadBalancingScheme: EXTERNAL
    options:
      provider: ${["google-beta"]}
  healthCheck:
    type: gcp:compute:RegionHealthCheck
    properties:
      region: us-central1
      tcpHealthCheck:
        port: 80
    options:
      provider: ${["google-beta"]}

Forwarding Rule Internallb

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var hc = new HealthCheck("hc", HealthCheckArgs.builder()        
            .checkIntervalSec(1)
            .timeoutSec(1)
            .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                .port("80")
                .build())
            .build());

        var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder()        
            .region("us-central1")
            .healthChecks(hc.id())
            .build());

        var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
            .autoCreateSubnetworks(false)
            .build());

        var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
            .ipCidrRange("10.0.0.0/16")
            .region("us-central1")
            .network(defaultNetwork.id())
            .build());

        var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()        
            .region("us-central1")
            .loadBalancingScheme("INTERNAL")
            .backendService(backend.id())
            .allPorts(true)
            .network(defaultNetwork.name())
            .subnetwork(defaultSubnetwork.name())
            .build());

    }
}

Coming soon!

Coming soon!

resources:
  # Forwarding rule for Internal Load Balancing
  defaultForwardingRule:
    type: gcp:compute:ForwardingRule
    properties:
      region: us-central1
      loadBalancingScheme: INTERNAL
      backendService: ${backend.id}
      allPorts: true
      network: ${defaultNetwork.name}
      subnetwork: ${defaultSubnetwork.name}
  backend:
    type: gcp:compute:RegionBackendService
    properties:
      region: us-central1
      healthChecks:
        - ${hc.id}
  hc:
    type: gcp:compute:HealthCheck
    properties:
      checkIntervalSec: 1
      timeoutSec: 1
      tcpHealthCheck:
        port: '80'
  defaultNetwork:
    type: gcp:compute:Network
    properties:
      autoCreateSubnetworks: false
  defaultSubnetwork:
    type: gcp:compute:Subnetwork
    properties:
      ipCidrRange: 10.0.0.0/16
      region: us-central1
      network: ${defaultNetwork.id}

Forwarding Rule Http Lb

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetImageArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.RegionInstanceGroupManager;
import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
import com.pulumi.gcp.compute.RegionUrlMap;
import com.pulumi.gcp.compute.RegionUrlMapArgs;
import com.pulumi.gcp.compute.RegionTargetHttpProxy;
import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
            .family("debian-11")
            .project("debian-cloud")
            .build());

        var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
            .autoCreateSubnetworks(false)
            .routingMode("REGIONAL")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
            .ipCidrRange("10.1.2.0/24")
            .region("us-central1")
            .network(defaultNetwork.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
            .machineType("e2-medium")
            .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                .network(defaultNetwork.id())
                .subnetwork(defaultSubnetwork.id())
                .build())
            .disks(InstanceTemplateDiskArgs.builder()
                .sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
                .autoDelete(true)
                .boot(true)
                .build())
            .tags(            
                "allow-ssh",
                "load-balanced-backend")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder()        
            .region("us-central1")
            .versions(RegionInstanceGroupManagerVersionArgs.builder()
                .instanceTemplate(instanceTemplate.id())
                .name("primary")
                .build())
            .baseInstanceName("internal-glb")
            .targetSize(1)
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var fw1 = new Firewall("fw1", FirewallArgs.builder()        
            .network(defaultNetwork.id())
            .sourceRanges("10.1.2.0/24")
            .allows(            
                FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build(),
                FirewallAllowArgs.builder()
                    .protocol("udp")
                    .build(),
                FirewallAllowArgs.builder()
                    .protocol("icmp")
                    .build())
            .direction("INGRESS")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var fw2 = new Firewall("fw2", FirewallArgs.builder()        
            .network(defaultNetwork.id())
            .sourceRanges("0.0.0.0/0")
            .allows(FirewallAllowArgs.builder()
                .protocol("tcp")
                .ports("22")
                .build())
            .targetTags("allow-ssh")
            .direction("INGRESS")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .dependsOn(fw1)
                .build());

        var fw3 = new Firewall("fw3", FirewallArgs.builder()        
            .network(defaultNetwork.id())
            .sourceRanges(            
                "130.211.0.0/22",
                "35.191.0.0/16")
            .allows(FirewallAllowArgs.builder()
                .protocol("tcp")
                .build())
            .targetTags("load-balanced-backend")
            .direction("INGRESS")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .dependsOn(fw2)
                .build());

        var fw4 = new Firewall("fw4", FirewallArgs.builder()        
            .network(defaultNetwork.id())
            .sourceRanges("10.129.0.0/26")
            .targetTags("load-balanced-backend")
            .allows(            
                FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("80")
                    .build(),
                FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("443")
                    .build(),
                FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("8000")
                    .build())
            .direction("INGRESS")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .dependsOn(fw3)
                .build());

        var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
            .region("us-central1")
            .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                .portSpecification("USE_SERVING_PORT")
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .dependsOn(fw4)
                .build());

        var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()        
            .loadBalancingScheme("INTERNAL_MANAGED")
            .backends(RegionBackendServiceBackendArgs.builder()
                .group(rigm.instanceGroup())
                .balancingMode("UTILIZATION")
                .capacityScaler(1)
                .build())
            .region("us-central1")
            .protocol("HTTP")
            .timeoutSec(10)
            .healthChecks(defaultRegionHealthCheck.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()        
            .region("us-central1")
            .defaultService(defaultRegionBackendService.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()        
            .region("us-central1")
            .urlMap(defaultRegionUrlMap.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var proxy = new Subnetwork("proxy", SubnetworkArgs.builder()        
            .ipCidrRange("10.129.0.0/26")
            .region("us-central1")
            .network(defaultNetwork.id())
            .purpose("INTERNAL_HTTPS_LOAD_BALANCER")
            .role("ACTIVE")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()        
            .region("us-central1")
            .ipProtocol("TCP")
            .loadBalancingScheme("INTERNAL_MANAGED")
            .portRange("80")
            .target(defaultRegionTargetHttpProxy.id())
            .network(defaultNetwork.id())
            .subnetwork(defaultSubnetwork.id())
            .networkTier("PREMIUM")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .dependsOn(proxy)
                .build());

    }
}

Coming soon!

Coming soon!

resources:
  # Forwarding rule for Internal Load Balancing
  defaultForwardingRule:
    type: gcp:compute:ForwardingRule
    properties:
      region: us-central1
      ipProtocol: TCP
      loadBalancingScheme: INTERNAL_MANAGED
      portRange: '80'
      target: ${defaultRegionTargetHttpProxy.id}
      network: ${defaultNetwork.id}
      subnetwork: ${defaultSubnetwork.id}
      networkTier: PREMIUM
    options:
      provider: ${["google-beta"]}
      dependson:
        - ${proxy}
  defaultRegionTargetHttpProxy:
    type: gcp:compute:RegionTargetHttpProxy
    properties:
      region: us-central1
      urlMap: ${defaultRegionUrlMap.id}
    options:
      provider: ${["google-beta"]}
  defaultRegionUrlMap:
    type: gcp:compute:RegionUrlMap
    properties:
      region: us-central1
      defaultService: ${defaultRegionBackendService.id}
    options:
      provider: ${["google-beta"]}
  defaultRegionBackendService:
    type: gcp:compute:RegionBackendService
    properties:
      loadBalancingScheme: INTERNAL_MANAGED
      backends:
        - group: ${rigm.instanceGroup}
          balancingMode: UTILIZATION
          capacityScaler: 1
      region: us-central1
      protocol: HTTP
      timeoutSec: 10
      healthChecks:
        - ${defaultRegionHealthCheck.id}
    options:
      provider: ${["google-beta"]}
  rigm:
    type: gcp:compute:RegionInstanceGroupManager
    properties:
      region: us-central1
      versions:
        - instanceTemplate: ${instanceTemplate.id}
          name: primary
      baseInstanceName: internal-glb
      targetSize: 1
    options:
      provider: ${["google-beta"]}
  instanceTemplate:
    type: gcp:compute:InstanceTemplate
    properties:
      machineType: e2-medium
      networkInterfaces:
        - network: ${defaultNetwork.id}
          subnetwork: ${defaultSubnetwork.id}
      disks:
        - sourceImage: ${debianImage.selfLink}
          autoDelete: true
          boot: true
      tags:
        - allow-ssh
        - load-balanced-backend
    options:
      provider: ${["google-beta"]}
  defaultRegionHealthCheck:
    type: gcp:compute:RegionHealthCheck
    properties:
      region: us-central1
      httpHealthCheck:
        portSpecification: USE_SERVING_PORT
    options:
      provider: ${["google-beta"]}
      dependson:
        - ${fw4}
  fw1:
    type: gcp:compute:Firewall
    properties:
      network: ${defaultNetwork.id}
      sourceRanges:
        - 10.1.2.0/24
      allows:
        - protocol: tcp
        - protocol: udp
        - protocol: icmp
      direction: INGRESS
    options:
      provider: ${["google-beta"]}
  fw2:
    type: gcp:compute:Firewall
    properties:
      network: ${defaultNetwork.id}
      sourceRanges:
        - 0.0.0.0/0
      allows:
        - protocol: tcp
          ports:
            - '22'
      targetTags:
        - allow-ssh
      direction: INGRESS
    options:
      provider: ${["google-beta"]}
      dependson:
        - ${fw1}
  fw3:
    type: gcp:compute:Firewall
    properties:
      network: ${defaultNetwork.id}
      sourceRanges:
        - 130.211.0.0/22
        - 35.191.0.0/16
      allows:
        - protocol: tcp
      targetTags:
        - load-balanced-backend
      direction: INGRESS
    options:
      provider: ${["google-beta"]}
      dependson:
        - ${fw2}
  fw4:
    type: gcp:compute:Firewall
    properties:
      network: ${defaultNetwork.id}
      sourceRanges:
        - 10.129.0.0/26
      targetTags:
        - load-balanced-backend
      allows:
        - protocol: tcp
          ports:
            - '80'
        - protocol: tcp
          ports:
            - '443'
        - protocol: tcp
          ports:
            - '8000'
      direction: INGRESS
    options:
      provider: ${["google-beta"]}
      dependson:
        - ${fw3}
  defaultNetwork:
    type: gcp:compute:Network
    properties:
      autoCreateSubnetworks: false
      routingMode: REGIONAL
    options:
      provider: ${["google-beta"]}
  defaultSubnetwork:
    type: gcp:compute:Subnetwork
    properties:
      ipCidrRange: 10.1.2.0/24
      region: us-central1
      network: ${defaultNetwork.id}
    options:
      provider: ${["google-beta"]}
  proxy:
    type: gcp:compute:Subnetwork
    properties:
      ipCidrRange: 10.129.0.0/26
      region: us-central1
      network: ${defaultNetwork.id}
      purpose: INTERNAL_HTTPS_LOAD_BALANCER
      role: ACTIVE
    options:
      provider: ${["google-beta"]}
variables:
  debianImage:
    fn::invoke:
      Function: gcp:compute:getImage
      Arguments:
        family: debian-11
        project: debian-cloud

Forwarding Rule Regional Http Xlb

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetImageArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.InstanceTemplate;
import com.pulumi.gcp.compute.InstanceTemplateArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs;
import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs;
import com.pulumi.gcp.compute.RegionInstanceGroupManager;
import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs;
import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs;
import com.pulumi.gcp.compute.RegionUrlMap;
import com.pulumi.gcp.compute.RegionUrlMapArgs;
import com.pulumi.gcp.compute.RegionTargetHttpProxy;
import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder()
            .family("debian-11")
            .project("debian-cloud")
            .build());

        var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder()        
            .autoCreateSubnetworks(false)
            .routingMode("REGIONAL")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder()        
            .ipCidrRange("10.1.2.0/24")
            .region("us-central1")
            .network(defaultNetwork.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder()        
            .machineType("e2-medium")
            .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder()
                .network(defaultNetwork.id())
                .subnetwork(defaultSubnetwork.id())
                .build())
            .disks(InstanceTemplateDiskArgs.builder()
                .sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink()))
                .autoDelete(true)
                .boot(true)
                .build())
            .tags(            
                "allow-ssh",
                "load-balanced-backend")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder()        
            .region("us-central1")
            .versions(RegionInstanceGroupManagerVersionArgs.builder()
                .instanceTemplate(instanceTemplate.id())
                .name("primary")
                .build())
            .baseInstanceName("internal-glb")
            .targetSize(1)
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var fw1 = new Firewall("fw1", FirewallArgs.builder()        
            .network(defaultNetwork.id())
            .sourceRanges("10.1.2.0/24")
            .allows(            
                FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .build(),
                FirewallAllowArgs.builder()
                    .protocol("udp")
                    .build(),
                FirewallAllowArgs.builder()
                    .protocol("icmp")
                    .build())
            .direction("INGRESS")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var fw2 = new Firewall("fw2", FirewallArgs.builder()        
            .network(defaultNetwork.id())
            .sourceRanges("0.0.0.0/0")
            .allows(FirewallAllowArgs.builder()
                .protocol("tcp")
                .ports("22")
                .build())
            .targetTags("allow-ssh")
            .direction("INGRESS")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .dependsOn(fw1)
                .build());

        var fw3 = new Firewall("fw3", FirewallArgs.builder()        
            .network(defaultNetwork.id())
            .sourceRanges(            
                "130.211.0.0/22",
                "35.191.0.0/16")
            .allows(FirewallAllowArgs.builder()
                .protocol("tcp")
                .build())
            .targetTags("load-balanced-backend")
            .direction("INGRESS")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .dependsOn(fw2)
                .build());

        var fw4 = new Firewall("fw4", FirewallArgs.builder()        
            .network(defaultNetwork.id())
            .sourceRanges("10.129.0.0/26")
            .targetTags("load-balanced-backend")
            .allows(            
                FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("80")
                    .build(),
                FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("443")
                    .build(),
                FirewallAllowArgs.builder()
                    .protocol("tcp")
                    .ports("8000")
                    .build())
            .direction("INGRESS")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .dependsOn(fw3)
                .build());

        var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()        
            .region("us-central1")
            .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
                .portSpecification("USE_SERVING_PORT")
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .dependsOn(fw4)
                .build());

        var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()        
            .loadBalancingScheme("EXTERNAL_MANAGED")
            .backends(RegionBackendServiceBackendArgs.builder()
                .group(rigm.instanceGroup())
                .balancingMode("UTILIZATION")
                .capacityScaler(1)
                .build())
            .region("us-central1")
            .protocol("HTTP")
            .timeoutSec(10)
            .healthChecks(defaultRegionHealthCheck.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()        
            .region("us-central1")
            .defaultService(defaultRegionBackendService.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder()        
            .region("us-central1")
            .urlMap(defaultRegionUrlMap.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultAddress = new Address("defaultAddress", AddressArgs.builder()        
            .region("us-central1")
            .networkTier("STANDARD")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var proxy = new Subnetwork("proxy", SubnetworkArgs.builder()        
            .ipCidrRange("10.129.0.0/26")
            .region("us-central1")
            .network(defaultNetwork.id())
            .purpose("REGIONAL_MANAGED_PROXY")
            .role("ACTIVE")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder()        
            .region("us-central1")
            .ipProtocol("TCP")
            .loadBalancingScheme("EXTERNAL_MANAGED")
            .portRange("80")
            .target(defaultRegionTargetHttpProxy.id())
            .network(defaultNetwork.id())
            .ipAddress(defaultAddress.id())
            .networkTier("STANDARD")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .dependsOn(proxy)
                .build());

    }
}

Coming soon!

Coming soon!

resources:
  # Forwarding rule for Regional External Load Balancing
  defaultForwardingRule:
    type: gcp:compute:ForwardingRule
    properties:
      region: us-central1
      ipProtocol: TCP
      loadBalancingScheme: EXTERNAL_MANAGED
      portRange: '80'
      target: ${defaultRegionTargetHttpProxy.id}
      network: ${defaultNetwork.id}
      ipAddress: ${defaultAddress.id}
      networkTier: STANDARD
    options:
      provider: ${["google-beta"]}
      dependson:
        - ${proxy}
  defaultRegionTargetHttpProxy:
    type: gcp:compute:RegionTargetHttpProxy
    properties:
      region: us-central1
      urlMap: ${defaultRegionUrlMap.id}
    options:
      provider: ${["google-beta"]}
  defaultRegionUrlMap:
    type: gcp:compute:RegionUrlMap
    properties:
      region: us-central1
      defaultService: ${defaultRegionBackendService.id}
    options:
      provider: ${["google-beta"]}
  defaultRegionBackendService:
    type: gcp:compute:RegionBackendService
    properties:
      loadBalancingScheme: EXTERNAL_MANAGED
      backends:
        - group: ${rigm.instanceGroup}
          balancingMode: UTILIZATION
          capacityScaler: 1
      region: us-central1
      protocol: HTTP
      timeoutSec: 10
      healthChecks:
        - ${defaultRegionHealthCheck.id}
    options:
      provider: ${["google-beta"]}
  rigm:
    type: gcp:compute:RegionInstanceGroupManager
    properties:
      region: us-central1
      versions:
        - instanceTemplate: ${instanceTemplate.id}
          name: primary
      baseInstanceName: internal-glb
      targetSize: 1
    options:
      provider: ${["google-beta"]}
  instanceTemplate:
    type: gcp:compute:InstanceTemplate
    properties:
      machineType: e2-medium
      networkInterfaces:
        - network: ${defaultNetwork.id}
          subnetwork: ${defaultSubnetwork.id}
      disks:
        - sourceImage: ${debianImage.selfLink}
          autoDelete: true
          boot: true
      tags:
        - allow-ssh
        - load-balanced-backend
    options:
      provider: ${["google-beta"]}
  defaultRegionHealthCheck:
    type: gcp:compute:RegionHealthCheck
    properties:
      region: us-central1
      httpHealthCheck:
        portSpecification: USE_SERVING_PORT
    options:
      provider: ${["google-beta"]}
      dependson:
        - ${fw4}
  defaultAddress:
    type: gcp:compute:Address
    properties:
      region: us-central1
      networkTier: STANDARD
    options:
      provider: ${["google-beta"]}
  fw1:
    type: gcp:compute:Firewall
    properties:
      network: ${defaultNetwork.id}
      sourceRanges:
        - 10.1.2.0/24
      allows:
        - protocol: tcp
        - protocol: udp
        - protocol: icmp
      direction: INGRESS
    options:
      provider: ${["google-beta"]}
  fw2:
    type: gcp:compute:Firewall
    properties:
      network: ${defaultNetwork.id}
      sourceRanges:
        - 0.0.0.0/0
      allows:
        - protocol: tcp
          ports:
            - '22'
      targetTags:
        - allow-ssh
      direction: INGRESS
    options:
      provider: ${["google-beta"]}
      dependson:
        - ${fw1}
  fw3:
    type: gcp:compute:Firewall
    properties:
      network: ${defaultNetwork.id}
      sourceRanges:
        - 130.211.0.0/22
        - 35.191.0.0/16
      allows:
        - protocol: tcp
      targetTags:
        - load-balanced-backend
      direction: INGRESS
    options:
      provider: ${["google-beta"]}
      dependson:
        - ${fw2}
  fw4:
    type: gcp:compute:Firewall
    properties:
      network: ${defaultNetwork.id}
      sourceRanges:
        - 10.129.0.0/26
      targetTags:
        - load-balanced-backend
      allows:
        - protocol: tcp
          ports:
            - '80'
        - protocol: tcp
          ports:
            - '443'
        - protocol: tcp
          ports:
            - '8000'
      direction: INGRESS
    options:
      provider: ${["google-beta"]}
      dependson:
        - ${fw3}
  defaultNetwork:
    type: gcp:compute:Network
    properties:
      autoCreateSubnetworks: false
      routingMode: REGIONAL
    options:
      provider: ${["google-beta"]}
  defaultSubnetwork:
    type: gcp:compute:Subnetwork
    properties:
      ipCidrRange: 10.1.2.0/24
      region: us-central1
      network: ${defaultNetwork.id}
    options:
      provider: ${["google-beta"]}
  proxy:
    type: gcp:compute:Subnetwork
    properties:
      ipCidrRange: 10.129.0.0/26
      region: us-central1
      network: ${defaultNetwork.id}
      purpose: REGIONAL_MANAGED_PROXY
      role: ACTIVE
    options:
      provider: ${["google-beta"]}
variables:
  debianImage:
    fn::invoke:
      Function: gcp:compute:getImage
      Arguments:
        family: debian-11
        project: debian-cloud

Forwarding Rule Vpc Psc

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var basic = new Gcp.Compute.Address("basic", new()
    {
        Region = "us-central1",
    });

    var externalRegionBackendService = new Gcp.Compute.RegionBackendService("externalRegionBackendService", new()
    {
        Region = "us-central1",
        LoadBalancingScheme = "EXTERNAL",
    });

    var externalForwardingRule = new Gcp.Compute.ForwardingRule("externalForwardingRule", new()
    {
        Region = "us-central1",
        IpAddress = basic.SelfLink,
        BackendService = externalRegionBackendService.SelfLink,
        LoadBalancingScheme = "EXTERNAL",
    });

    var steering = new Gcp.Compute.ForwardingRule("steering", new()
    {
        Region = "us-central1",
        IpAddress = basic.SelfLink,
        BackendService = externalRegionBackendService.SelfLink,
        LoadBalancingScheme = "EXTERNAL",
        SourceIpRanges = new[]
        {
            "34.121.88.0/24",
            "35.187.239.137",
        },
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            externalForwardingRule,
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		basic, err := compute.NewAddress(ctx, "basic", &compute.AddressArgs{
			Region: pulumi.String("us-central1"),
		})
		if err != nil {
			return err
		}
		externalRegionBackendService, err := compute.NewRegionBackendService(ctx, "externalRegionBackendService", &compute.RegionBackendServiceArgs{
			Region:              pulumi.String("us-central1"),
			LoadBalancingScheme: pulumi.String("EXTERNAL"),
		})
		if err != nil {
			return err
		}
		externalForwardingRule, err := compute.NewForwardingRule(ctx, "externalForwardingRule", &compute.ForwardingRuleArgs{
			Region:              pulumi.String("us-central1"),
			IpAddress:           basic.SelfLink,
			BackendService:      externalRegionBackendService.SelfLink,
			LoadBalancingScheme: pulumi.String("EXTERNAL"),
		})
		if err != nil {
			return err
		}
		_, err = compute.NewForwardingRule(ctx, "steering", &compute.ForwardingRuleArgs{
			Region:              pulumi.String("us-central1"),
			IpAddress:           basic.SelfLink,
			BackendService:      externalRegionBackendService.SelfLink,
			LoadBalancingScheme: pulumi.String("EXTERNAL"),
			SourceIpRanges: pulumi.StringArray{
				pulumi.String("34.121.88.0/24"),
				pulumi.String("35.187.239.137"),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			externalForwardingRule,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.gcp.compute.ServiceAttachment;
import com.pulumi.gcp.compute.ServiceAttachmentArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var consumerNet = new Network("consumerNet", NetworkArgs.builder()        
            .autoCreateSubnetworks(false)
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var consumerSubnet = new Subnetwork("consumerSubnet", SubnetworkArgs.builder()        
            .ipCidrRange("10.0.0.0/16")
            .region("us-central1")
            .network(consumerNet.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var consumerAddress = new Address("consumerAddress", AddressArgs.builder()        
            .region("us-central1")
            .subnetwork(consumerSubnet.id())
            .addressType("INTERNAL")
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var producerNet = new Network("producerNet", NetworkArgs.builder()        
            .autoCreateSubnetworks(false)
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var pscProducerSubnet = new Subnetwork("pscProducerSubnet", SubnetworkArgs.builder()        
            .ipCidrRange("10.1.0.0/16")
            .region("us-central1")
            .purpose("PRIVATE_SERVICE_CONNECT")
            .network(producerNet.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder()        
            .ipCidrRange("10.0.0.0/16")
            .region("us-central1")
            .network(producerNet.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var producerServiceHealthCheck = new HealthCheck("producerServiceHealthCheck", HealthCheckArgs.builder()        
            .checkIntervalSec(1)
            .timeoutSec(1)
            .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                .port("80")
                .build())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var producerServiceBackend = new RegionBackendService("producerServiceBackend", RegionBackendServiceArgs.builder()        
            .region("us-central1")
            .healthChecks(producerServiceHealthCheck.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var producerTargetService = new ForwardingRule("producerTargetService", ForwardingRuleArgs.builder()        
            .region("us-central1")
            .loadBalancingScheme("INTERNAL")
            .backendService(producerServiceBackend.id())
            .allPorts(true)
            .network(producerNet.name())
            .subnetwork(producerSubnet.name())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var producerServiceAttachment = new ServiceAttachment("producerServiceAttachment", ServiceAttachmentArgs.builder()        
            .region("us-central1")
            .description("A service attachment configured with Terraform")
            .enableProxyProtocol(true)
            .connectionPreference("ACCEPT_AUTOMATIC")
            .natSubnets(pscProducerSubnet.name())
            .targetService(producerTargetService.id())
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

        var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder()        
            .region("us-central1")
            .loadBalancingScheme("")
            .target(producerServiceAttachment.id())
            .network(consumerNet.name())
            .ipAddress(consumerAddress.id())
            .allowPscGlobalAccess(true)
            .build(), CustomResourceOptions.builder()
                .provider(google_beta)
                .build());

    }
}
import pulumi
import pulumi_gcp as gcp

basic = gcp.compute.Address("basic", region="us-central1")
external_region_backend_service = gcp.compute.RegionBackendService("externalRegionBackendService",
    region="us-central1",
    load_balancing_scheme="EXTERNAL")
external_forwarding_rule = gcp.compute.ForwardingRule("externalForwardingRule",
    region="us-central1",
    ip_address=basic.self_link,
    backend_service=external_region_backend_service.self_link,
    load_balancing_scheme="EXTERNAL")
steering = gcp.compute.ForwardingRule("steering",
    region="us-central1",
    ip_address=basic.self_link,
    backend_service=external_region_backend_service.self_link,
    load_balancing_scheme="EXTERNAL",
    source_ip_ranges=[
        "34.121.88.0/24",
        "35.187.239.137",
    ],
    opts=pulumi.ResourceOptions(depends_on=[external_forwarding_rule]))
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const basic = new gcp.compute.Address("basic", {region: "us-central1"});
const externalRegionBackendService = new gcp.compute.RegionBackendService("externalRegionBackendService", {
    region: "us-central1",
    loadBalancingScheme: "EXTERNAL",
});
const externalForwardingRule = new gcp.compute.ForwardingRule("externalForwardingRule", {
    region: "us-central1",
    ipAddress: basic.selfLink,
    backendService: externalRegionBackendService.selfLink,
    loadBalancingScheme: "EXTERNAL",
});
const steering = new gcp.compute.ForwardingRule("steering", {
    region: "us-central1",
    ipAddress: basic.selfLink,
    backendService: externalRegionBackendService.selfLink,
    loadBalancingScheme: "EXTERNAL",
    sourceIpRanges: [
        "34.121.88.0/24",
        "35.187.239.137",
    ],
}, {
    dependsOn: [externalForwardingRule],
});
resources:
  # Forwarding rule for VPC private service connect
  default: # Consumer service endpoint
    type: gcp:compute:ForwardingRule
    properties:
      region: us-central1
      loadBalancingScheme:
      target: ${producerServiceAttachment.id}
      network: ${consumerNet.name}
      ipAddress: ${consumerAddress.id}
      allowPscGlobalAccess: true
    options:
      provider: ${["google-beta"]}
  consumerNet:
    type: gcp:compute:Network
    properties:
      autoCreateSubnetworks: false
    options:
      provider: ${["google-beta"]}
  consumerSubnet:
    type: gcp:compute:Subnetwork
    properties:
      ipCidrRange: 10.0.0.0/16
      region: us-central1
      network: ${consumerNet.id}
    options:
      provider: ${["google-beta"]}
  consumerAddress: # Producer service attachment
    type: gcp:compute:Address
    properties:
      region: us-central1
      subnetwork: ${consumerSubnet.id}
      addressType: INTERNAL
    options:
      provider: ${["google-beta"]}
  producerNet:
    type: gcp:compute:Network
    properties:
      autoCreateSubnetworks: false
    options:
      provider: ${["google-beta"]}
  producerSubnet:
    type: gcp:compute:Subnetwork
    properties:
      ipCidrRange: 10.0.0.0/16
      region: us-central1
      network: ${producerNet.id}
    options:
      provider: ${["google-beta"]}
  pscProducerSubnet:
    type: gcp:compute:Subnetwork
    properties:
      ipCidrRange: 10.1.0.0/16
      region: us-central1
      purpose: PRIVATE_SERVICE_CONNECT
      network: ${producerNet.id}
    options:
      provider: ${["google-beta"]}
  producerServiceAttachment:
    type: gcp:compute:ServiceAttachment
    properties:
      region: us-central1
      description: A service attachment configured with Terraform
      enableProxyProtocol: true
      connectionPreference: ACCEPT_AUTOMATIC
      natSubnets:
        - ${pscProducerSubnet.name}
      targetService: ${producerTargetService.id}
    options:
      provider: ${["google-beta"]}
  producerTargetService:
    type: gcp:compute:ForwardingRule
    properties:
      region: us-central1
      loadBalancingScheme: INTERNAL
      backendService: ${producerServiceBackend.id}
      allPorts: true
      network: ${producerNet.name}
      subnetwork: ${producerSubnet.name}
    options:
      provider: ${["google-beta"]}
  producerServiceBackend:
    type: gcp:compute:RegionBackendService
    properties:
      region: us-central1
      healthChecks:
        - ${producerServiceHealthCheck.id}
    options:
      provider: ${["google-beta"]}
  producerServiceHealthCheck:
    type: gcp:compute:HealthCheck
    properties:
      checkIntervalSec: 1
      timeoutSec: 1
      tcpHealthCheck:
        port: '80'
    options:
      provider: ${["google-beta"]}

Forwarding Rule Regional Steering

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.ForwardingRule;
import com.pulumi.gcp.compute.ForwardingRuleArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var basic = new Address("basic", AddressArgs.builder()        
            .region("us-central1")
            .build());

        var externalRegionBackendService = new RegionBackendService("externalRegionBackendService", RegionBackendServiceArgs.builder()        
            .region("us-central1")
            .loadBalancingScheme("EXTERNAL")
            .build());

        var externalForwardingRule = new ForwardingRule("externalForwardingRule", ForwardingRuleArgs.builder()        
            .region("us-central1")
            .ipAddress(basic.selfLink())
            .backendService(externalRegionBackendService.selfLink())
            .loadBalancingScheme("EXTERNAL")
            .build());

        var steering = new ForwardingRule("steering", ForwardingRuleArgs.builder()        
            .region("us-central1")
            .ipAddress(basic.selfLink())
            .backendService(externalRegionBackendService.selfLink())
            .loadBalancingScheme("EXTERNAL")
            .sourceIpRanges(            
                "34.121.88.0/24",
                "35.187.239.137")
            .build(), CustomResourceOptions.builder()
                .dependsOn(externalForwardingRule)
                .build());

    }
}

Coming soon!

Coming soon!

resources:
  steering:
    type: gcp:compute:ForwardingRule
    properties:
      region: us-central1
      ipAddress: ${basic.selfLink}
      backendService: ${externalRegionBackendService.selfLink}
      loadBalancingScheme: EXTERNAL
      sourceIpRanges:
        - 34.121.88.0/24
        - 35.187.239.137
    options:
      dependson:
        - ${externalForwardingRule}
  basic:
    type: gcp:compute:Address
    properties:
      region: us-central1
  externalRegionBackendService:
    type: gcp:compute:RegionBackendService
    properties:
      region: us-central1
      loadBalancingScheme: EXTERNAL
  externalForwardingRule:
    type: gcp:compute:ForwardingRule
    properties:
      region: us-central1
      ipAddress: ${basic.selfLink}
      backendService: ${externalRegionBackendService.selfLink}
      loadBalancingScheme: EXTERNAL

Create ForwardingRule Resource

new ForwardingRule(name: string, args?: ForwardingRuleArgs, opts?: CustomResourceOptions);
@overload
def ForwardingRule(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   all_ports: Optional[bool] = None,
                   allow_global_access: Optional[bool] = None,
                   allow_psc_global_access: Optional[bool] = None,
                   backend_service: Optional[str] = None,
                   description: Optional[str] = None,
                   ip_address: Optional[str] = None,
                   ip_protocol: Optional[str] = None,
                   is_mirroring_collector: Optional[bool] = None,
                   labels: Optional[Mapping[str, str]] = None,
                   load_balancing_scheme: Optional[str] = None,
                   name: Optional[str] = None,
                   network: Optional[str] = None,
                   network_tier: Optional[str] = None,
                   port_range: Optional[str] = None,
                   ports: Optional[Sequence[str]] = None,
                   project: Optional[str] = None,
                   region: Optional[str] = None,
                   service_directory_registrations: Optional[Sequence[ForwardingRuleServiceDirectoryRegistrationArgs]] = None,
                   service_label: Optional[str] = None,
                   source_ip_ranges: Optional[Sequence[str]] = None,
                   subnetwork: Optional[str] = None,
                   target: Optional[str] = None)
@overload
def ForwardingRule(resource_name: str,
                   args: Optional[ForwardingRuleArgs] = None,
                   opts: Optional[ResourceOptions] = None)
func NewForwardingRule(ctx *Context, name string, args *ForwardingRuleArgs, opts ...ResourceOption) (*ForwardingRule, error)
public ForwardingRule(string name, ForwardingRuleArgs? args = null, CustomResourceOptions? opts = null)
public ForwardingRule(String name, ForwardingRuleArgs args)
public ForwardingRule(String name, ForwardingRuleArgs args, CustomResourceOptions options)
type: gcp:compute:ForwardingRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args ForwardingRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ForwardingRuleArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ForwardingRuleArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ForwardingRuleArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args ForwardingRuleArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

ForwardingRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The ForwardingRule resource accepts the following input properties:

AllPorts bool

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.

Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.

AllowGlobalAccess bool

This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

AllowPscGlobalAccess bool

This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

BackendService string

Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

Description string

An optional description of this resource. Provide this property when you create the resource.

IpAddress string

IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

  • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
  • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

  • IP address number, as in 100.1.2.3
  • IPv6 address range, as in 2600:1234::/96
  • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
  • Partial URL or by name, as in:
  • projects/project_id/regions/region/addresses/address-name
  • regions/region/addresses/address-name
  • global/addresses/address-name
  • address-name

The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

IpProtocol string

The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

IsMirroringCollector bool

Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

Labels Dictionary<string, string>

Labels to apply to this forwarding rule. A list of key->value pairs.

LoadBalancingScheme string

Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

Name string

Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


Network string

This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

NetworkTier string

This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

PortRange string

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

Ports List<string>

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.

You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Region string

A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

ServiceDirectoryRegistrations List<ForwardingRuleServiceDirectoryRegistrationArgs>

Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

ServiceLabel string

An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

SourceIpRanges List<string>

If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

Subnetwork string

This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

Target string

The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

AllPorts bool

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.

Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.

AllowGlobalAccess bool

This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

AllowPscGlobalAccess bool

This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

BackendService string

Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

Description string

An optional description of this resource. Provide this property when you create the resource.

IpAddress string

IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

  • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
  • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

  • IP address number, as in 100.1.2.3
  • IPv6 address range, as in 2600:1234::/96
  • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
  • Partial URL or by name, as in:
  • projects/project_id/regions/region/addresses/address-name
  • regions/region/addresses/address-name
  • global/addresses/address-name
  • address-name

The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

IpProtocol string

The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

IsMirroringCollector bool

Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

Labels map[string]string

Labels to apply to this forwarding rule. A list of key->value pairs.

LoadBalancingScheme string

Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

Name string

Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


Network string

This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

NetworkTier string

This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

PortRange string

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

Ports []string

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.

You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Region string

A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

ServiceDirectoryRegistrations []ForwardingRuleServiceDirectoryRegistrationArgs

Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

ServiceLabel string

An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

SourceIpRanges []string

If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

Subnetwork string

This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

Target string

The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

allPorts Boolean

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.

Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.

allowGlobalAccess Boolean

This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

allowPscGlobalAccess Boolean

This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

backendService String

Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

description String

An optional description of this resource. Provide this property when you create the resource.

ipAddress String

IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

  • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
  • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

  • IP address number, as in 100.1.2.3
  • IPv6 address range, as in 2600:1234::/96
  • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
  • Partial URL or by name, as in:
  • projects/project_id/regions/region/addresses/address-name
  • regions/region/addresses/address-name
  • global/addresses/address-name
  • address-name

The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

ipProtocol String

The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

isMirroringCollector Boolean

Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

labels Map<String,String>

Labels to apply to this forwarding rule. A list of key->value pairs.

loadBalancingScheme String

Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

name String

Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


network String

This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

networkTier String

This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

portRange String

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

ports List<String>

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.

You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

region String

A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

serviceDirectoryRegistrations List<ForwardingRuleServiceDirectoryRegistrationArgs>

Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

serviceLabel String

An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

sourceIpRanges List<String>

If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

subnetwork String

This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

target String

The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

allPorts boolean

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.

Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.

allowGlobalAccess boolean

This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

allowPscGlobalAccess boolean

This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

backendService string

Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

description string

An optional description of this resource. Provide this property when you create the resource.

ipAddress string

IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

  • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
  • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

  • IP address number, as in 100.1.2.3
  • IPv6 address range, as in 2600:1234::/96
  • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
  • Partial URL or by name, as in:
  • projects/project_id/regions/region/addresses/address-name
  • regions/region/addresses/address-name
  • global/addresses/address-name
  • address-name

The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

ipProtocol string

The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

isMirroringCollector boolean

Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

labels {[key: string]: string}

Labels to apply to this forwarding rule. A list of key->value pairs.

loadBalancingScheme string

Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

name string

Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


network string

This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

networkTier string

This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

portRange string

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

ports string[]

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.

You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

region string

A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

serviceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrationArgs[]

Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

serviceLabel string

An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

sourceIpRanges string[]

If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

subnetwork string

This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

target string

The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

all_ports bool

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.

Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.

allow_global_access bool

This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

allow_psc_global_access bool

This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

backend_service str

Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

description str

An optional description of this resource. Provide this property when you create the resource.

ip_address str

IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

  • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
  • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

  • IP address number, as in 100.1.2.3
  • IPv6 address range, as in 2600:1234::/96
  • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
  • Partial URL or by name, as in:
  • projects/project_id/regions/region/addresses/address-name
  • regions/region/addresses/address-name
  • global/addresses/address-name
  • address-name

The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

ip_protocol str

The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

is_mirroring_collector bool

Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

labels Mapping[str, str]

Labels to apply to this forwarding rule. A list of key->value pairs.

load_balancing_scheme str

Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

name str

Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


network str

This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

network_tier str

This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

port_range str

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

ports Sequence[str]

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.

You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

region str

A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

service_directory_registrations Sequence[ForwardingRuleServiceDirectoryRegistrationArgs]

Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

service_label str

An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

source_ip_ranges Sequence[str]

If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

subnetwork str

This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

target str

The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

allPorts Boolean

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.

Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.

allowGlobalAccess Boolean

This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

allowPscGlobalAccess Boolean

This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

backendService String

Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

description String

An optional description of this resource. Provide this property when you create the resource.

ipAddress String

IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

  • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
  • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

  • IP address number, as in 100.1.2.3
  • IPv6 address range, as in 2600:1234::/96
  • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
  • Partial URL or by name, as in:
  • projects/project_id/regions/region/addresses/address-name
  • regions/region/addresses/address-name
  • global/addresses/address-name
  • address-name

The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

ipProtocol String

The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

isMirroringCollector Boolean

Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

labels Map<String>

Labels to apply to this forwarding rule. A list of key->value pairs.

loadBalancingScheme String

Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

name String

Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


network String

This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

networkTier String

This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

portRange String

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

ports List<String>

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.

You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

region String

A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

serviceDirectoryRegistrations List<Property Map>

Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

serviceLabel String

An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

sourceIpRanges List<String>

If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

subnetwork String

This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

target String

The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

Outputs

All input properties are implicitly available as output properties. Additionally, the ForwardingRule resource produces the following output properties:

BaseForwardingRule string

[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

CreationTimestamp string

Creation timestamp in RFC3339 text format.

Id string

The provider-assigned unique ID for this managed resource.

LabelFingerprint string

The fingerprint used for optimistic locking of this resource. Used internally during updates.

PscConnectionId string

The PSC connection id of the PSC Forwarding Rule.

PscConnectionStatus string

The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

SelfLink string

The URI of the created resource.

ServiceName string

The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

BaseForwardingRule string

[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

CreationTimestamp string

Creation timestamp in RFC3339 text format.

Id string

The provider-assigned unique ID for this managed resource.

LabelFingerprint string

The fingerprint used for optimistic locking of this resource. Used internally during updates.

PscConnectionId string

The PSC connection id of the PSC Forwarding Rule.

PscConnectionStatus string

The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

SelfLink string

The URI of the created resource.

ServiceName string

The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

baseForwardingRule String

[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

creationTimestamp String

Creation timestamp in RFC3339 text format.

id String

The provider-assigned unique ID for this managed resource.

labelFingerprint String

The fingerprint used for optimistic locking of this resource. Used internally during updates.

pscConnectionId String

The PSC connection id of the PSC Forwarding Rule.

pscConnectionStatus String

The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

selfLink String

The URI of the created resource.

serviceName String

The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

baseForwardingRule string

[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

creationTimestamp string

Creation timestamp in RFC3339 text format.

id string

The provider-assigned unique ID for this managed resource.

labelFingerprint string

The fingerprint used for optimistic locking of this resource. Used internally during updates.

pscConnectionId string

The PSC connection id of the PSC Forwarding Rule.

pscConnectionStatus string

The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

selfLink string

The URI of the created resource.

serviceName string

The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

base_forwarding_rule str

[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

creation_timestamp str

Creation timestamp in RFC3339 text format.

id str

The provider-assigned unique ID for this managed resource.

label_fingerprint str

The fingerprint used for optimistic locking of this resource. Used internally during updates.

psc_connection_id str

The PSC connection id of the PSC Forwarding Rule.

psc_connection_status str

The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

self_link str

The URI of the created resource.

service_name str

The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

baseForwardingRule String

[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

creationTimestamp String

Creation timestamp in RFC3339 text format.

id String

The provider-assigned unique ID for this managed resource.

labelFingerprint String

The fingerprint used for optimistic locking of this resource. Used internally during updates.

pscConnectionId String

The PSC connection id of the PSC Forwarding Rule.

pscConnectionStatus String

The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

selfLink String

The URI of the created resource.

serviceName String

The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

Look up Existing ForwardingRule Resource

Get an existing ForwardingRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ForwardingRuleState, opts?: CustomResourceOptions): ForwardingRule
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        all_ports: Optional[bool] = None,
        allow_global_access: Optional[bool] = None,
        allow_psc_global_access: Optional[bool] = None,
        backend_service: Optional[str] = None,
        base_forwarding_rule: Optional[str] = None,
        creation_timestamp: Optional[str] = None,
        description: Optional[str] = None,
        ip_address: Optional[str] = None,
        ip_protocol: Optional[str] = None,
        is_mirroring_collector: Optional[bool] = None,
        label_fingerprint: Optional[str] = None,
        labels: Optional[Mapping[str, str]] = None,
        load_balancing_scheme: Optional[str] = None,
        name: Optional[str] = None,
        network: Optional[str] = None,
        network_tier: Optional[str] = None,
        port_range: Optional[str] = None,
        ports: Optional[Sequence[str]] = None,
        project: Optional[str] = None,
        psc_connection_id: Optional[str] = None,
        psc_connection_status: Optional[str] = None,
        region: Optional[str] = None,
        self_link: Optional[str] = None,
        service_directory_registrations: Optional[Sequence[ForwardingRuleServiceDirectoryRegistrationArgs]] = None,
        service_label: Optional[str] = None,
        service_name: Optional[str] = None,
        source_ip_ranges: Optional[Sequence[str]] = None,
        subnetwork: Optional[str] = None,
        target: Optional[str] = None) -> ForwardingRule
func GetForwardingRule(ctx *Context, name string, id IDInput, state *ForwardingRuleState, opts ...ResourceOption) (*ForwardingRule, error)
public static ForwardingRule Get(string name, Input<string> id, ForwardingRuleState? state, CustomResourceOptions? opts = null)
public static ForwardingRule get(String name, Output<String> id, ForwardingRuleState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AllPorts bool

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.

Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.

AllowGlobalAccess bool

This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

AllowPscGlobalAccess bool

This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

BackendService string

Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

BaseForwardingRule string

[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

CreationTimestamp string

Creation timestamp in RFC3339 text format.

Description string

An optional description of this resource. Provide this property when you create the resource.

IpAddress string

IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

  • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
  • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

  • IP address number, as in 100.1.2.3
  • IPv6 address range, as in 2600:1234::/96
  • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
  • Partial URL or by name, as in:
  • projects/project_id/regions/region/addresses/address-name
  • regions/region/addresses/address-name
  • global/addresses/address-name
  • address-name

The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

IpProtocol string

The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

IsMirroringCollector bool

Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

LabelFingerprint string

The fingerprint used for optimistic locking of this resource. Used internally during updates.

Labels Dictionary<string, string>

Labels to apply to this forwarding rule. A list of key->value pairs.

LoadBalancingScheme string

Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

Name string

Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


Network string

This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

NetworkTier string

This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

PortRange string

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

Ports List<string>

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.

You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

PscConnectionId string

The PSC connection id of the PSC Forwarding Rule.

PscConnectionStatus string

The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

Region string

A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

SelfLink string

The URI of the created resource.

ServiceDirectoryRegistrations List<ForwardingRuleServiceDirectoryRegistrationArgs>

Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

ServiceLabel string

An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

ServiceName string

The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

SourceIpRanges List<string>

If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

Subnetwork string

This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

Target string

The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

AllPorts bool

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.

Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.

AllowGlobalAccess bool

This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

AllowPscGlobalAccess bool

This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

BackendService string

Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

BaseForwardingRule string

[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

CreationTimestamp string

Creation timestamp in RFC3339 text format.

Description string

An optional description of this resource. Provide this property when you create the resource.

IpAddress string

IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

  • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
  • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

  • IP address number, as in 100.1.2.3
  • IPv6 address range, as in 2600:1234::/96
  • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
  • Partial URL or by name, as in:
  • projects/project_id/regions/region/addresses/address-name
  • regions/region/addresses/address-name
  • global/addresses/address-name
  • address-name

The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

IpProtocol string

The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

IsMirroringCollector bool

Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

LabelFingerprint string

The fingerprint used for optimistic locking of this resource. Used internally during updates.

Labels map[string]string

Labels to apply to this forwarding rule. A list of key->value pairs.

LoadBalancingScheme string

Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

Name string

Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


Network string

This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

NetworkTier string

This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

PortRange string

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

Ports []string

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.

You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

PscConnectionId string

The PSC connection id of the PSC Forwarding Rule.

PscConnectionStatus string

The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

Region string

A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

SelfLink string

The URI of the created resource.

ServiceDirectoryRegistrations []ForwardingRuleServiceDirectoryRegistrationArgs

Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

ServiceLabel string

An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

ServiceName string

The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

SourceIpRanges []string

If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

Subnetwork string

This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

Target string

The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

allPorts Boolean

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.

Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.

allowGlobalAccess Boolean

This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

allowPscGlobalAccess Boolean

This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

backendService String

Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

baseForwardingRule String

[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

creationTimestamp String

Creation timestamp in RFC3339 text format.

description String

An optional description of this resource. Provide this property when you create the resource.

ipAddress String

IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

  • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
  • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

  • IP address number, as in 100.1.2.3
  • IPv6 address range, as in 2600:1234::/96
  • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
  • Partial URL or by name, as in:
  • projects/project_id/regions/region/addresses/address-name
  • regions/region/addresses/address-name
  • global/addresses/address-name
  • address-name

The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

ipProtocol String

The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

isMirroringCollector Boolean

Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

labelFingerprint String

The fingerprint used for optimistic locking of this resource. Used internally during updates.

labels Map<String,String>

Labels to apply to this forwarding rule. A list of key->value pairs.

loadBalancingScheme String

Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

name String

Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


network String

This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

networkTier String

This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

portRange String

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

ports List<String>

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.

You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

pscConnectionId String

The PSC connection id of the PSC Forwarding Rule.

pscConnectionStatus String

The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

region String

A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

selfLink String

The URI of the created resource.

serviceDirectoryRegistrations List<ForwardingRuleServiceDirectoryRegistrationArgs>

Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

serviceLabel String

An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

serviceName String

The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

sourceIpRanges List<String>

If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

subnetwork String

This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

target String

The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

allPorts boolean

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.

Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.

allowGlobalAccess boolean

This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

allowPscGlobalAccess boolean

This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

backendService string

Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

baseForwardingRule string

[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

creationTimestamp string

Creation timestamp in RFC3339 text format.

description string

An optional description of this resource. Provide this property when you create the resource.

ipAddress string

IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

  • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
  • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

  • IP address number, as in 100.1.2.3
  • IPv6 address range, as in 2600:1234::/96
  • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
  • Partial URL or by name, as in:
  • projects/project_id/regions/region/addresses/address-name
  • regions/region/addresses/address-name
  • global/addresses/address-name
  • address-name

The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

ipProtocol string

The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

isMirroringCollector boolean

Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

labelFingerprint string

The fingerprint used for optimistic locking of this resource. Used internally during updates.

labels {[key: string]: string}

Labels to apply to this forwarding rule. A list of key->value pairs.

loadBalancingScheme string

Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

name string

Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


network string

This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

networkTier string

This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

portRange string

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

ports string[]

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.

You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

pscConnectionId string

The PSC connection id of the PSC Forwarding Rule.

pscConnectionStatus string

The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

region string

A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

selfLink string

The URI of the created resource.

serviceDirectoryRegistrations ForwardingRuleServiceDirectoryRegistrationArgs[]

Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

serviceLabel string

An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

serviceName string

The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

sourceIpRanges string[]

If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

subnetwork string

This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

target string

The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

all_ports bool

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.

Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.

allow_global_access bool

This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

allow_psc_global_access bool

This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

backend_service str

Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

base_forwarding_rule str

[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

creation_timestamp str

Creation timestamp in RFC3339 text format.

description str

An optional description of this resource. Provide this property when you create the resource.

ip_address str

IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

  • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
  • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

  • IP address number, as in 100.1.2.3
  • IPv6 address range, as in 2600:1234::/96
  • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
  • Partial URL or by name, as in:
  • projects/project_id/regions/region/addresses/address-name
  • regions/region/addresses/address-name
  • global/addresses/address-name
  • address-name

The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

ip_protocol str

The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

is_mirroring_collector bool

Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

label_fingerprint str

The fingerprint used for optimistic locking of this resource. Used internally during updates.

labels Mapping[str, str]

Labels to apply to this forwarding rule. A list of key->value pairs.

load_balancing_scheme str

Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

name str

Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


network str

This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

network_tier str

This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

port_range str

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

ports Sequence[str]

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.

You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

psc_connection_id str

The PSC connection id of the PSC Forwarding Rule.

psc_connection_status str

The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

region str

A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

self_link str

The URI of the created resource.

service_directory_registrations Sequence[ForwardingRuleServiceDirectoryRegistrationArgs]

Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

service_label str

An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

service_name str

The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

source_ip_ranges Sequence[str]

If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

subnetwork str

This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

target str

The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

allPorts Boolean

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding.

Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The ports, port_range, and allPorts fields are mutually exclusive.

allowGlobalAccess Boolean

This field is used along with the backend_service field for internal load balancing or with the target field for internal TargetInstance. If the field is set to TRUE, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

allowPscGlobalAccess Boolean

This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

backendService String

Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

baseForwardingRule String

[Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

creationTimestamp String

Creation timestamp in RFC3339 text format.

description String

An optional description of this resource. Provide this property when you create the resource.

ipAddress String

IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances:

  • When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0.
  • When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress.

Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule:

  • IP address number, as in 100.1.2.3
  • IPv6 address range, as in 2600:1234::/96
  • Full resource URL, as in https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name
  • Partial URL or by name, as in:
  • projects/project_id/regions/region/addresses/address-name
  • regions/region/addresses/address-name
  • global/addresses/address-name
  • address-name

The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see IP address specifications. When reading an IPAddress, the API always returns the IP address number.

ipProtocol String

The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in Load balancing features. Possible values are: TCP, UDP, ESP, AH, SCTP, ICMP, L3_DEFAULT.

isMirroringCollector Boolean

Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.

labelFingerprint String

The fingerprint used for optimistic locking of this resource. Used internally during updates.

labels Map<String>

Labels to apply to this forwarding rule. A list of key->value pairs.

loadBalancingScheme String

Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts. Default value is EXTERNAL. Possible values are: EXTERNAL, EXTERNAL_MANAGED, INTERNAL, INTERNAL_MANAGED.

name String

Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.


network String

This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

networkTier String

This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address. Possible values are: PREMIUM, STANDARD.

portRange String

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See port specifications for details.

Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports and port_range fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges.

ports List<String>

This field can only be used:

  • If IPProtocol is one of TCP, UDP, or SCTP.
  • By internal TCP/UDP load balancers, backend service-based network load balancers, and internal protocol forwarding.

You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot share any values defined in ports. The ports and port_range fields are mutually exclusive.

project String

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

pscConnectionId String

The PSC connection id of the PSC Forwarding Rule.

pscConnectionStatus String

The PSC connection status of the PSC Forwarding Rule. Possible values: STATUS_UNSPECIFIED, PENDING, ACCEPTED, REJECTED, CLOSED

region String

A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

selfLink String

The URI of the created resource.

serviceDirectoryRegistrations List<Property Map>

Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

serviceLabel String

An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

serviceName String

The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

sourceIpRanges List<String>

If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

subnetwork String

This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

target String

The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object.

For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

Supporting Types

ForwardingRuleServiceDirectoryRegistration

Namespace string

Service Directory namespace to register the forwarding rule under.

Service string

Service Directory service to register the forwarding rule under.

Namespace string

Service Directory namespace to register the forwarding rule under.

Service string

Service Directory service to register the forwarding rule under.

namespace String

Service Directory namespace to register the forwarding rule under.

service String

Service Directory service to register the forwarding rule under.

namespace string

Service Directory namespace to register the forwarding rule under.

service string

Service Directory service to register the forwarding rule under.

namespace str

Service Directory namespace to register the forwarding rule under.

service str

Service Directory service to register the forwarding rule under.

namespace String

Service Directory namespace to register the forwarding rule under.

service String

Service Directory service to register the forwarding rule under.

Import

ForwardingRule can be imported using any of these accepted formats

 $ pulumi import gcp:compute/forwardingRule:ForwardingRule default projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}
 $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{project}}/{{region}}/{{name}}
 $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{region}}/{{name}}
 $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{name}}

Package Details

Repository
Google Cloud (GCP) Classic pulumi/pulumi-gcp
License
Apache-2.0
Notes

This Pulumi package is based on the google-beta Terraform Provider.