published on Thursday, Mar 12, 2026 by Pulumi
published on Thursday, Mar 12, 2026 by Pulumi
Use this data source to get the IP addresses from different special IP ranges on Google Cloud Platform.
Example Usage
Cloud Ranges
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const netblock = gcp.compute.getNetblockIPRanges({});
export const cidrBlocks = netblock.then(netblock => netblock.cidrBlocks);
export const cidrBlocksIpv4 = netblock.then(netblock => netblock.cidrBlocksIpv4s);
export const cidrBlocksIpv6 = netblock.then(netblock => netblock.cidrBlocksIpv6s);
import pulumi
import pulumi_gcp as gcp
netblock = gcp.compute.get_netblock_ip_ranges()
pulumi.export("cidrBlocks", netblock.cidr_blocks)
pulumi.export("cidrBlocksIpv4", netblock.cidr_blocks_ipv4s)
pulumi.export("cidrBlocksIpv6", netblock.cidr_blocks_ipv6s)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
netblock, err := compute.GetNetblockIPRanges(ctx, &compute.GetNetblockIPRangesArgs{}, nil)
if err != nil {
return err
}
ctx.Export("cidrBlocks", netblock.CidrBlocks)
ctx.Export("cidrBlocksIpv4", netblock.CidrBlocksIpv4s)
ctx.Export("cidrBlocksIpv6", netblock.CidrBlocksIpv6s)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var netblock = Gcp.Compute.GetNetblockIPRanges.Invoke();
return new Dictionary<string, object?>
{
["cidrBlocks"] = netblock.Apply(getNetblockIPRangesResult => getNetblockIPRangesResult.CidrBlocks),
["cidrBlocksIpv4"] = netblock.Apply(getNetblockIPRangesResult => getNetblockIPRangesResult.CidrBlocksIpv4s),
["cidrBlocksIpv6"] = netblock.Apply(getNetblockIPRangesResult => getNetblockIPRangesResult.CidrBlocksIpv6s),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetNetblockIPRangesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var netblock = ComputeFunctions.getNetblockIPRanges(GetNetblockIPRangesArgs.builder()
.build());
ctx.export("cidrBlocks", netblock.cidrBlocks());
ctx.export("cidrBlocksIpv4", netblock.cidrBlocksIpv4s());
ctx.export("cidrBlocksIpv6", netblock.cidrBlocksIpv6s());
}
}
variables:
netblock:
fn::invoke:
function: gcp:compute:getNetblockIPRanges
arguments: {}
outputs:
cidrBlocks: ${netblock.cidrBlocks}
cidrBlocksIpv4: ${netblock.cidrBlocksIpv4s}
cidrBlocksIpv6: ${netblock.cidrBlocksIpv6s}
Allow Health Checks
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const legacy_hcs = gcp.compute.getNetblockIPRanges({
rangeType: "legacy-health-checkers",
});
const _default = new gcp.compute.Network("default", {name: "test-network"});
const allow_hcs = new gcp.compute.Firewall("allow-hcs", {
name: "allow-hcs",
network: _default.name,
allows: [{
protocol: "tcp",
ports: ["80"],
}],
sourceRanges: legacy_hcs.then(legacy_hcs => legacy_hcs.cidrBlocksIpv4s),
});
import pulumi
import pulumi_gcp as gcp
legacy_hcs = gcp.compute.get_netblock_ip_ranges(range_type="legacy-health-checkers")
default = gcp.compute.Network("default", name="test-network")
allow_hcs = gcp.compute.Firewall("allow-hcs",
name="allow-hcs",
network=default.name,
allows=[{
"protocol": "tcp",
"ports": ["80"],
}],
source_ranges=legacy_hcs.cidr_blocks_ipv4s)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
legacy_hcs, err := compute.GetNetblockIPRanges(ctx, &compute.GetNetblockIPRangesArgs{
RangeType: pulumi.StringRef("legacy-health-checkers"),
}, nil)
if err != nil {
return err
}
_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
Name: pulumi.String("test-network"),
})
if err != nil {
return err
}
_, err = compute.NewFirewall(ctx, "allow-hcs", &compute.FirewallArgs{
Name: pulumi.String("allow-hcs"),
Network: _default.Name,
Allows: compute.FirewallAllowArray{
&compute.FirewallAllowArgs{
Protocol: pulumi.String("tcp"),
Ports: pulumi.StringArray{
pulumi.String("80"),
},
},
},
SourceRanges: interface{}(legacy_hcs.CidrBlocksIpv4s),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var legacy_hcs = Gcp.Compute.GetNetblockIPRanges.Invoke(new()
{
RangeType = "legacy-health-checkers",
});
var @default = new Gcp.Compute.Network("default", new()
{
Name = "test-network",
});
var allow_hcs = new Gcp.Compute.Firewall("allow-hcs", new()
{
Name = "allow-hcs",
Network = @default.Name,
Allows = new[]
{
new Gcp.Compute.Inputs.FirewallAllowArgs
{
Protocol = "tcp",
Ports = new[]
{
"80",
},
},
},
SourceRanges = legacy_hcs.Apply(legacy_hcs => legacy_hcs.Apply(getNetblockIPRangesResult => getNetblockIPRangesResult.CidrBlocksIpv4s)),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.ComputeFunctions;
import com.pulumi.gcp.compute.inputs.GetNetblockIPRangesArgs;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Firewall;
import com.pulumi.gcp.compute.FirewallArgs;
import com.pulumi.gcp.compute.inputs.FirewallAllowArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var legacy-hcs = ComputeFunctions.getNetblockIPRanges(GetNetblockIPRangesArgs.builder()
.rangeType("legacy-health-checkers")
.build());
var default_ = new Network("default", NetworkArgs.builder()
.name("test-network")
.build());
var allow_hcs = new Firewall("allow-hcs", FirewallArgs.builder()
.name("allow-hcs")
.network(default_.name())
.allows(FirewallAllowArgs.builder()
.protocol("tcp")
.ports("80")
.build())
.sourceRanges(legacy_hcs.cidrBlocksIpv4s())
.build());
}
}
resources:
allow-hcs:
type: gcp:compute:Firewall
properties:
name: allow-hcs
network: ${default.name}
allows:
- protocol: tcp
ports:
- '80'
sourceRanges: ${["legacy-hcs"].cidrBlocksIpv4s}
default:
type: gcp:compute:Network
properties:
name: test-network
variables:
legacy-hcs:
fn::invoke:
function: gcp:compute:getNetblockIPRanges
arguments:
rangeType: legacy-health-checkers
Using getNetblockIPRanges
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getNetblockIPRanges(args: GetNetblockIPRangesArgs, opts?: InvokeOptions): Promise<GetNetblockIPRangesResult>
function getNetblockIPRangesOutput(args: GetNetblockIPRangesOutputArgs, opts?: InvokeOptions): Output<GetNetblockIPRangesResult>def get_netblock_ip_ranges(range_type: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetNetblockIPRangesResult
def get_netblock_ip_ranges_output(range_type: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetNetblockIPRangesResult]func GetNetblockIPRanges(ctx *Context, args *GetNetblockIPRangesArgs, opts ...InvokeOption) (*GetNetblockIPRangesResult, error)
func GetNetblockIPRangesOutput(ctx *Context, args *GetNetblockIPRangesOutputArgs, opts ...InvokeOption) GetNetblockIPRangesResultOutput> Note: This function is named GetNetblockIPRanges in the Go SDK.
public static class GetNetblockIPRanges
{
public static Task<GetNetblockIPRangesResult> InvokeAsync(GetNetblockIPRangesArgs args, InvokeOptions? opts = null)
public static Output<GetNetblockIPRangesResult> Invoke(GetNetblockIPRangesInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetNetblockIPRangesResult> getNetblockIPRanges(GetNetblockIPRangesArgs args, InvokeOptions options)
public static Output<GetNetblockIPRangesResult> getNetblockIPRanges(GetNetblockIPRangesArgs args, InvokeOptions options)
fn::invoke:
function: gcp:compute/getNetblockIPRanges:getNetblockIPRanges
arguments:
# arguments dictionaryThe following arguments are supported:
- Range
Type string The type of range for which to provide results.
Defaults to
cloud-netblocks. The followingrange_types are supported:cloud-netblocks- Corresponds to the IP addresses used for resources on Google Cloud Platform. More details.google-netblocks- Corresponds to IP addresses used for Google services. More details.restricted-googleapis- Corresponds to the IP addresses used for Private Google Access only for services that support VPC Service Controls API access. These ranges are for DNS configuration. More details.restricted-googleapis-with-directconnectivity- Corresponds to the IP addresses used for Private Google Access only for services that support VPC Service Controls API access. These ranges are for routing and firewall configurations. More details.private-googleapis- Corresponds to the IP addresses used for Private Google Access, including services that do not support VPC Service Controls. These ranges are for DNS configuration. More details.private-googleapis-with-directconnectivity- Corresponds to the IP addresses used for Private Google Access, including services that do not support VPC Service Controls. These ranges are for routing and firewall configurations. More details.dns-forwarders- Corresponds to the IP addresses used to originate Cloud DNS outbound forwarding. More details.iap-forwarders- Corresponds to the IP addresses used for Cloud IAP for TCP forwarding. More details.health-checkers- Corresponds to the IP addresses used for health checking in Cloud Load Balancing. More details.legacy-health-checkers- Corresponds to the IP addresses used for legacy style health checkers (used by Network Load Balancing). More details.
- Range
Type string The type of range for which to provide results.
Defaults to
cloud-netblocks. The followingrange_types are supported:cloud-netblocks- Corresponds to the IP addresses used for resources on Google Cloud Platform. More details.google-netblocks- Corresponds to IP addresses used for Google services. More details.restricted-googleapis- Corresponds to the IP addresses used for Private Google Access only for services that support VPC Service Controls API access. These ranges are for DNS configuration. More details.restricted-googleapis-with-directconnectivity- Corresponds to the IP addresses used for Private Google Access only for services that support VPC Service Controls API access. These ranges are for routing and firewall configurations. More details.private-googleapis- Corresponds to the IP addresses used for Private Google Access, including services that do not support VPC Service Controls. These ranges are for DNS configuration. More details.private-googleapis-with-directconnectivity- Corresponds to the IP addresses used for Private Google Access, including services that do not support VPC Service Controls. These ranges are for routing and firewall configurations. More details.dns-forwarders- Corresponds to the IP addresses used to originate Cloud DNS outbound forwarding. More details.iap-forwarders- Corresponds to the IP addresses used for Cloud IAP for TCP forwarding. More details.health-checkers- Corresponds to the IP addresses used for health checking in Cloud Load Balancing. More details.legacy-health-checkers- Corresponds to the IP addresses used for legacy style health checkers (used by Network Load Balancing). More details.
- range
Type String The type of range for which to provide results.
Defaults to
cloud-netblocks. The followingrange_types are supported:cloud-netblocks- Corresponds to the IP addresses used for resources on Google Cloud Platform. More details.google-netblocks- Corresponds to IP addresses used for Google services. More details.restricted-googleapis- Corresponds to the IP addresses used for Private Google Access only for services that support VPC Service Controls API access. These ranges are for DNS configuration. More details.restricted-googleapis-with-directconnectivity- Corresponds to the IP addresses used for Private Google Access only for services that support VPC Service Controls API access. These ranges are for routing and firewall configurations. More details.private-googleapis- Corresponds to the IP addresses used for Private Google Access, including services that do not support VPC Service Controls. These ranges are for DNS configuration. More details.private-googleapis-with-directconnectivity- Corresponds to the IP addresses used for Private Google Access, including services that do not support VPC Service Controls. These ranges are for routing and firewall configurations. More details.dns-forwarders- Corresponds to the IP addresses used to originate Cloud DNS outbound forwarding. More details.iap-forwarders- Corresponds to the IP addresses used for Cloud IAP for TCP forwarding. More details.health-checkers- Corresponds to the IP addresses used for health checking in Cloud Load Balancing. More details.legacy-health-checkers- Corresponds to the IP addresses used for legacy style health checkers (used by Network Load Balancing). More details.
- range
Type string The type of range for which to provide results.
Defaults to
cloud-netblocks. The followingrange_types are supported:cloud-netblocks- Corresponds to the IP addresses used for resources on Google Cloud Platform. More details.google-netblocks- Corresponds to IP addresses used for Google services. More details.restricted-googleapis- Corresponds to the IP addresses used for Private Google Access only for services that support VPC Service Controls API access. These ranges are for DNS configuration. More details.restricted-googleapis-with-directconnectivity- Corresponds to the IP addresses used for Private Google Access only for services that support VPC Service Controls API access. These ranges are for routing and firewall configurations. More details.private-googleapis- Corresponds to the IP addresses used for Private Google Access, including services that do not support VPC Service Controls. These ranges are for DNS configuration. More details.private-googleapis-with-directconnectivity- Corresponds to the IP addresses used for Private Google Access, including services that do not support VPC Service Controls. These ranges are for routing and firewall configurations. More details.dns-forwarders- Corresponds to the IP addresses used to originate Cloud DNS outbound forwarding. More details.iap-forwarders- Corresponds to the IP addresses used for Cloud IAP for TCP forwarding. More details.health-checkers- Corresponds to the IP addresses used for health checking in Cloud Load Balancing. More details.legacy-health-checkers- Corresponds to the IP addresses used for legacy style health checkers (used by Network Load Balancing). More details.
- range_
type str The type of range for which to provide results.
Defaults to
cloud-netblocks. The followingrange_types are supported:cloud-netblocks- Corresponds to the IP addresses used for resources on Google Cloud Platform. More details.google-netblocks- Corresponds to IP addresses used for Google services. More details.restricted-googleapis- Corresponds to the IP addresses used for Private Google Access only for services that support VPC Service Controls API access. These ranges are for DNS configuration. More details.restricted-googleapis-with-directconnectivity- Corresponds to the IP addresses used for Private Google Access only for services that support VPC Service Controls API access. These ranges are for routing and firewall configurations. More details.private-googleapis- Corresponds to the IP addresses used for Private Google Access, including services that do not support VPC Service Controls. These ranges are for DNS configuration. More details.private-googleapis-with-directconnectivity- Corresponds to the IP addresses used for Private Google Access, including services that do not support VPC Service Controls. These ranges are for routing and firewall configurations. More details.dns-forwarders- Corresponds to the IP addresses used to originate Cloud DNS outbound forwarding. More details.iap-forwarders- Corresponds to the IP addresses used for Cloud IAP for TCP forwarding. More details.health-checkers- Corresponds to the IP addresses used for health checking in Cloud Load Balancing. More details.legacy-health-checkers- Corresponds to the IP addresses used for legacy style health checkers (used by Network Load Balancing). More details.
- range
Type String The type of range for which to provide results.
Defaults to
cloud-netblocks. The followingrange_types are supported:cloud-netblocks- Corresponds to the IP addresses used for resources on Google Cloud Platform. More details.google-netblocks- Corresponds to IP addresses used for Google services. More details.restricted-googleapis- Corresponds to the IP addresses used for Private Google Access only for services that support VPC Service Controls API access. These ranges are for DNS configuration. More details.restricted-googleapis-with-directconnectivity- Corresponds to the IP addresses used for Private Google Access only for services that support VPC Service Controls API access. These ranges are for routing and firewall configurations. More details.private-googleapis- Corresponds to the IP addresses used for Private Google Access, including services that do not support VPC Service Controls. These ranges are for DNS configuration. More details.private-googleapis-with-directconnectivity- Corresponds to the IP addresses used for Private Google Access, including services that do not support VPC Service Controls. These ranges are for routing and firewall configurations. More details.dns-forwarders- Corresponds to the IP addresses used to originate Cloud DNS outbound forwarding. More details.iap-forwarders- Corresponds to the IP addresses used for Cloud IAP for TCP forwarding. More details.health-checkers- Corresponds to the IP addresses used for health checking in Cloud Load Balancing. More details.legacy-health-checkers- Corresponds to the IP addresses used for legacy style health checkers (used by Network Load Balancing). More details.
getNetblockIPRanges Result
The following output properties are available:
- Cidr
Blocks List<string> - Retrieve list of all CIDR blocks.
- Cidr
Blocks List<string>Ipv4s - Retrieve list of the IPv4 CIDR blocks
- Cidr
Blocks List<string>Ipv6s - Retrieve list of the IPv6 CIDR blocks, if available.
- Id string
- The provider-assigned unique ID for this managed resource.
- Range
Type string
- Cidr
Blocks []string - Retrieve list of all CIDR blocks.
- Cidr
Blocks []stringIpv4s - Retrieve list of the IPv4 CIDR blocks
- Cidr
Blocks []stringIpv6s - Retrieve list of the IPv6 CIDR blocks, if available.
- Id string
- The provider-assigned unique ID for this managed resource.
- Range
Type string
- cidr
Blocks List<String> - Retrieve list of all CIDR blocks.
- cidr
Blocks List<String>Ipv4s - Retrieve list of the IPv4 CIDR blocks
- cidr
Blocks List<String>Ipv6s - Retrieve list of the IPv6 CIDR blocks, if available.
- id String
- The provider-assigned unique ID for this managed resource.
- range
Type String
- cidr
Blocks string[] - Retrieve list of all CIDR blocks.
- cidr
Blocks string[]Ipv4s - Retrieve list of the IPv4 CIDR blocks
- cidr
Blocks string[]Ipv6s - Retrieve list of the IPv6 CIDR blocks, if available.
- id string
- The provider-assigned unique ID for this managed resource.
- range
Type string
- cidr_
blocks Sequence[str] - Retrieve list of all CIDR blocks.
- cidr_
blocks_ Sequence[str]ipv4s - Retrieve list of the IPv4 CIDR blocks
- cidr_
blocks_ Sequence[str]ipv6s - Retrieve list of the IPv6 CIDR blocks, if available.
- id str
- The provider-assigned unique ID for this managed resource.
- range_
type str
- cidr
Blocks List<String> - Retrieve list of all CIDR blocks.
- cidr
Blocks List<String>Ipv4s - Retrieve list of the IPv4 CIDR blocks
- cidr
Blocks List<String>Ipv6s - Retrieve list of the IPv6 CIDR blocks, if available.
- id String
- The provider-assigned unique ID for this managed resource.
- range
Type String
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.
published on Thursday, Mar 12, 2026 by Pulumi
