Package com.pulumi.gcp.compute

Class ForwardingRule

  • public class ForwardingRule
extends com.pulumi.resources.CustomResource
    A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, portRange] tuple. To get more information about ForwardingRule, see: * [API documentation](https://cloud.google.com/compute/docs/reference/v1/forwardingRules) * How-to Guides * [Official Documentation](https://cloud.google.com/compute/docs/load-balancing/network/forwarding-rules) ## Example Usage ### Internal Http Lb With Mig Backend ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.compute.Network; import com.pulumi.gcp.compute.NetworkArgs; import com.pulumi.gcp.compute.Subnetwork; import com.pulumi.gcp.compute.SubnetworkArgs; import com.pulumi.gcp.compute.RegionHealthCheck; import com.pulumi.gcp.compute.RegionHealthCheckArgs; import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs; import com.pulumi.gcp.compute.InstanceTemplate; import com.pulumi.gcp.compute.InstanceTemplateArgs; import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs; import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs; import com.pulumi.gcp.compute.RegionInstanceGroupManager; import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs; import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs; import com.pulumi.gcp.compute.RegionBackendService; import com.pulumi.gcp.compute.RegionBackendServiceArgs; import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs; import com.pulumi.gcp.compute.RegionUrlMap; import com.pulumi.gcp.compute.RegionUrlMapArgs; import com.pulumi.gcp.compute.RegionTargetHttpProxy; import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs; import com.pulumi.gcp.compute.ForwardingRule; import com.pulumi.gcp.compute.ForwardingRuleArgs; import com.pulumi.gcp.compute.Firewall; import com.pulumi.gcp.compute.FirewallArgs; import com.pulumi.gcp.compute.inputs.FirewallAllowArgs; import com.pulumi.gcp.compute.Instance; import com.pulumi.gcp.compute.InstanceArgs; import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs; import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs; import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var ilbNetwork = new Network("ilbNetwork", NetworkArgs.builder() .autoCreateSubnetworks(false) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var proxySubnet = new Subnetwork("proxySubnet", SubnetworkArgs.builder() .ipCidrRange("10.0.0.0/24") .region("europe-west1") .purpose("REGIONAL_MANAGED_PROXY") .role("ACTIVE") .network(ilbNetwork.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var ilbSubnet = new Subnetwork("ilbSubnet", SubnetworkArgs.builder() .ipCidrRange("10.0.1.0/24") .region("europe-west1") .network(ilbNetwork.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder() .region("europe-west1") .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder() .portSpecification("USE_SERVING_PORT") .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder() .machineType("e2-small") .tags("http-server") .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder() .network(ilbNetwork.id()) .subnetwork(ilbSubnet.id()) .accessConfigs() .build()) .disks(InstanceTemplateDiskArgs.builder() .sourceImage("debian-cloud/debian-10") .autoDelete(true) .boot(true) .build()) .metadata(Map.of("startup-script", """ #! /bin/bash set -euo pipefail export DEBIAN_FRONTEND=noninteractive apt-get update apt-get install -y nginx-light jq NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname") IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip") METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])') cat <<EOF > /var/www/html/index.html <pre> Name: $NAME IP: $IP Metadata: $METADATA </pre> EOF """)) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var mig = new RegionInstanceGroupManager("mig", RegionInstanceGroupManagerArgs.builder() .region("europe-west1") .versions(RegionInstanceGroupManagerVersionArgs.builder() .instanceTemplate(instanceTemplate.id()) .name("primary") .build()) .baseInstanceName("vm") .targetSize(2) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder() .region("europe-west1") .protocol("HTTP") .loadBalancingScheme("INTERNAL_MANAGED") .timeoutSec(10) .healthChecks(defaultRegionHealthCheck.id()) .backends(RegionBackendServiceBackendArgs.builder() .group(mig.instanceGroup()) .balancingMode("UTILIZATION") .capacityScaler(1) .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder() .region("europe-west1") .defaultService(defaultRegionBackendService.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder() .region("europe-west1") .urlMap(defaultRegionUrlMap.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var googleComputeForwardingRule = new ForwardingRule("googleComputeForwardingRule", ForwardingRuleArgs.builder() .region("europe-west1") .ipProtocol("TCP") .loadBalancingScheme("INTERNAL_MANAGED") .portRange("80") .target(defaultRegionTargetHttpProxy.id()) .network(ilbNetwork.id()) .subnetwork(ilbSubnet.id()) .networkTier("PREMIUM") .build(), CustomResourceOptions.builder() .provider(google_beta) .dependsOn(proxySubnet) .build()); var fw_iap = new Firewall("fw-iap", FirewallArgs.builder() .direction("INGRESS") .network(ilbNetwork.id()) .sourceRanges( "130.211.0.0/22", "35.191.0.0/16", "35.235.240.0/20") .allows(FirewallAllowArgs.builder() .protocol("tcp") .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var fw_ilb_to_backends = new Firewall("fw-ilb-to-backends", FirewallArgs.builder() .direction("INGRESS") .network(ilbNetwork.id()) .sourceRanges("10.0.0.0/24") .targetTags("http-server") .allows(FirewallAllowArgs.builder() .protocol("tcp") .ports( "80", "443", "8080") .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var vm_test = new Instance("vm-test", InstanceArgs.builder() .zone("europe-west1-b") .machineType("e2-small") .networkInterfaces(InstanceNetworkInterfaceArgs.builder() .network(ilbNetwork.id()) .subnetwork(ilbSubnet.id()) .build()) .bootDisk(InstanceBootDiskArgs.builder() .initializeParams(InstanceBootDiskInitializeParamsArgs.builder() .image("debian-cloud/debian-10") .build()) .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); } } ``` ### Internal Tcp Udp Lb With Mig Backend ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.compute.Network; import com.pulumi.gcp.compute.NetworkArgs; import com.pulumi.gcp.compute.Subnetwork; import com.pulumi.gcp.compute.SubnetworkArgs; import com.pulumi.gcp.compute.RegionHealthCheck; import com.pulumi.gcp.compute.RegionHealthCheckArgs; import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs; import com.pulumi.gcp.compute.InstanceTemplate; import com.pulumi.gcp.compute.InstanceTemplateArgs; import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs; import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs; import com.pulumi.gcp.compute.RegionInstanceGroupManager; import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs; import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs; import com.pulumi.gcp.compute.RegionBackendService; import com.pulumi.gcp.compute.RegionBackendServiceArgs; import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs; import com.pulumi.gcp.compute.ForwardingRule; import com.pulumi.gcp.compute.ForwardingRuleArgs; import com.pulumi.gcp.compute.Firewall; import com.pulumi.gcp.compute.FirewallArgs; import com.pulumi.gcp.compute.inputs.FirewallAllowArgs; import com.pulumi.gcp.compute.Instance; import com.pulumi.gcp.compute.InstanceArgs; import com.pulumi.gcp.compute.inputs.InstanceNetworkInterfaceArgs; import com.pulumi.gcp.compute.inputs.InstanceBootDiskArgs; import com.pulumi.gcp.compute.inputs.InstanceBootDiskInitializeParamsArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var ilbNetwork = new Network("ilbNetwork", NetworkArgs.builder() .autoCreateSubnetworks(false) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var ilbSubnet = new Subnetwork("ilbSubnet", SubnetworkArgs.builder() .ipCidrRange("10.0.1.0/24") .region("europe-west1") .network(ilbNetwork.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder() .region("europe-west1") .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder() .port("80") .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder() .machineType("e2-small") .tags( "allow-ssh", "allow-health-check") .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder() .network(ilbNetwork.id()) .subnetwork(ilbSubnet.id()) .accessConfigs() .build()) .disks(InstanceTemplateDiskArgs.builder() .sourceImage("debian-cloud/debian-10") .autoDelete(true) .boot(true) .build()) .metadata(Map.of("startup-script", """ #! /bin/bash set -euo pipefail export DEBIAN_FRONTEND=noninteractive apt-get update apt-get install -y nginx-light jq NAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname") IP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip") METADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq 'del(.["startup-script"])') cat <<EOF > /var/www/html/index.html <pre> Name: $NAME IP: $IP Metadata: $METADATA </pre> EOF """)) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var mig = new RegionInstanceGroupManager("mig", RegionInstanceGroupManagerArgs.builder() .region("europe-west1") .versions(RegionInstanceGroupManagerVersionArgs.builder() .instanceTemplate(instanceTemplate.id()) .name("primary") .build()) .baseInstanceName("vm") .targetSize(2) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder() .region("europe-west1") .protocol("TCP") .loadBalancingScheme("INTERNAL") .healthChecks(defaultRegionHealthCheck.id()) .backends(RegionBackendServiceBackendArgs.builder() .group(mig.instanceGroup()) .balancingMode("CONNECTION") .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var googleComputeForwardingRule = new ForwardingRule("googleComputeForwardingRule", ForwardingRuleArgs.builder() .backendService(defaultRegionBackendService.id()) .region("europe-west1") .ipProtocol("TCP") .loadBalancingScheme("INTERNAL") .allPorts(true) .allowGlobalAccess(true) .network(ilbNetwork.id()) .subnetwork(ilbSubnet.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var fwHc = new Firewall("fwHc", FirewallArgs.builder() .direction("INGRESS") .network(ilbNetwork.id()) .sourceRanges( "130.211.0.0/22", "35.191.0.0/16", "35.235.240.0/20") .allows(FirewallAllowArgs.builder() .protocol("tcp") .build()) .targetTags("allow-health-check") .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var fwIlbToBackends = new Firewall("fwIlbToBackends", FirewallArgs.builder() .direction("INGRESS") .network(ilbNetwork.id()) .sourceRanges("10.0.1.0/24") .allows( FirewallAllowArgs.builder() .protocol("tcp") .build(), FirewallAllowArgs.builder() .protocol("udp") .build(), FirewallAllowArgs.builder() .protocol("icmp") .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var fwIlbSsh = new Firewall("fwIlbSsh", FirewallArgs.builder() .direction("INGRESS") .network(ilbNetwork.id()) .allows(FirewallAllowArgs.builder() .protocol("tcp") .ports("22") .build()) .targetTags("allow-ssh") .sourceRanges("0.0.0.0/0") .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var vmTest = new Instance("vmTest", InstanceArgs.builder() .zone("europe-west1-b") .machineType("e2-small") .networkInterfaces(InstanceNetworkInterfaceArgs.builder() .network(ilbNetwork.id()) .subnetwork(ilbSubnet.id()) .build()) .bootDisk(InstanceBootDiskArgs.builder() .initializeParams(InstanceBootDiskInitializeParamsArgs.builder() .image("debian-cloud/debian-10") .build()) .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); } } ``` ### Forwarding Rule Externallb ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.compute.RegionHealthCheck; import com.pulumi.gcp.compute.RegionHealthCheckArgs; import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs; import com.pulumi.gcp.compute.RegionBackendService; import com.pulumi.gcp.compute.RegionBackendServiceArgs; import com.pulumi.gcp.compute.ForwardingRule; import com.pulumi.gcp.compute.ForwardingRuleArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var hc = new RegionHealthCheck("hc", RegionHealthCheckArgs.builder() .checkIntervalSec(1) .timeoutSec(1) .region("us-central1") .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder() .port("80") .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder() .region("us-central1") .loadBalancingScheme("EXTERNAL") .healthChecks(hc.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder() .region("us-central1") .portRange(80) .backendService(backend.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); } } ``` ### Forwarding Rule Global Internallb ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.compute.HealthCheck; import com.pulumi.gcp.compute.HealthCheckArgs; import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs; import com.pulumi.gcp.compute.RegionBackendService; import com.pulumi.gcp.compute.RegionBackendServiceArgs; import com.pulumi.gcp.compute.Network; import com.pulumi.gcp.compute.NetworkArgs; import com.pulumi.gcp.compute.Subnetwork; import com.pulumi.gcp.compute.SubnetworkArgs; import com.pulumi.gcp.compute.ForwardingRule; import com.pulumi.gcp.compute.ForwardingRuleArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var hc = new HealthCheck("hc", HealthCheckArgs.builder() .checkIntervalSec(1) .timeoutSec(1) .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder() .port("80") .build()) .build()); var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder() .region("us-central1") .healthChecks(hc.id()) .build()); var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder() .autoCreateSubnetworks(false) .build()); var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder() .ipCidrRange("10.0.0.0/16") .region("us-central1") .network(defaultNetwork.id()) .build()); var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder() .region("us-central1") .loadBalancingScheme("INTERNAL") .backendService(backend.id()) .allPorts(true) .allowGlobalAccess(true) .network(defaultNetwork.name()) .subnetwork(defaultSubnetwork.name()) .build()); } } ``` ### Forwarding Rule Basic ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.compute.TargetPool; import com.pulumi.gcp.compute.ForwardingRule; import com.pulumi.gcp.compute.ForwardingRuleArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var defaultTargetPool = new TargetPool("defaultTargetPool"); var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder() .target(defaultTargetPool.id()) .portRange("80") .build()); } } ``` ### Forwarding Rule L3 Default ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.compute.RegionHealthCheck; import com.pulumi.gcp.compute.RegionHealthCheckArgs; import com.pulumi.gcp.compute.inputs.RegionHealthCheckTcpHealthCheckArgs; import com.pulumi.gcp.compute.RegionBackendService; import com.pulumi.gcp.compute.RegionBackendServiceArgs; import com.pulumi.gcp.compute.ForwardingRule; import com.pulumi.gcp.compute.ForwardingRuleArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var healthCheck = new RegionHealthCheck("healthCheck", RegionHealthCheckArgs.builder() .region("us-central1") .tcpHealthCheck(RegionHealthCheckTcpHealthCheckArgs.builder() .port(80) .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var service = new RegionBackendService("service", RegionBackendServiceArgs.builder() .region("us-central1") .healthChecks(healthCheck.id()) .protocol("UNSPECIFIED") .loadBalancingScheme("EXTERNAL") .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var fwdRule = new ForwardingRule("fwdRule", ForwardingRuleArgs.builder() .backendService(service.id()) .ipProtocol("L3_DEFAULT") .allPorts(true) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); } } ``` ### Forwarding Rule Internallb ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.compute.HealthCheck; import com.pulumi.gcp.compute.HealthCheckArgs; import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs; import com.pulumi.gcp.compute.RegionBackendService; import com.pulumi.gcp.compute.RegionBackendServiceArgs; import com.pulumi.gcp.compute.Network; import com.pulumi.gcp.compute.NetworkArgs; import com.pulumi.gcp.compute.Subnetwork; import com.pulumi.gcp.compute.SubnetworkArgs; import com.pulumi.gcp.compute.ForwardingRule; import com.pulumi.gcp.compute.ForwardingRuleArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var hc = new HealthCheck("hc", HealthCheckArgs.builder() .checkIntervalSec(1) .timeoutSec(1) .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder() .port("80") .build()) .build()); var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder() .region("us-central1") .healthChecks(hc.id()) .build()); var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder() .autoCreateSubnetworks(false) .build()); var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder() .ipCidrRange("10.0.0.0/16") .region("us-central1") .network(defaultNetwork.id()) .build()); var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder() .region("us-central1") .loadBalancingScheme("INTERNAL") .backendService(backend.id()) .allPorts(true) .network(defaultNetwork.name()) .subnetwork(defaultSubnetwork.name()) .ipVersion("IPV4") .build()); } } ``` ### Forwarding Rule Http Lb ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.compute.ComputeFunctions; import com.pulumi.gcp.compute.inputs.GetImageArgs; import com.pulumi.gcp.compute.Network; import com.pulumi.gcp.compute.NetworkArgs; import com.pulumi.gcp.compute.Subnetwork; import com.pulumi.gcp.compute.SubnetworkArgs; import com.pulumi.gcp.compute.InstanceTemplate; import com.pulumi.gcp.compute.InstanceTemplateArgs; import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs; import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs; import com.pulumi.gcp.compute.RegionInstanceGroupManager; import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs; import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs; import com.pulumi.gcp.compute.Firewall; import com.pulumi.gcp.compute.FirewallArgs; import com.pulumi.gcp.compute.inputs.FirewallAllowArgs; import com.pulumi.gcp.compute.RegionHealthCheck; import com.pulumi.gcp.compute.RegionHealthCheckArgs; import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs; import com.pulumi.gcp.compute.RegionBackendService; import com.pulumi.gcp.compute.RegionBackendServiceArgs; import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs; import com.pulumi.gcp.compute.RegionUrlMap; import com.pulumi.gcp.compute.RegionUrlMapArgs; import com.pulumi.gcp.compute.RegionTargetHttpProxy; import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs; import com.pulumi.gcp.compute.ForwardingRule; import com.pulumi.gcp.compute.ForwardingRuleArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder() .family("debian-11") .project("debian-cloud") .build()); var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder() .autoCreateSubnetworks(false) .routingMode("REGIONAL") .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder() .ipCidrRange("10.1.2.0/24") .region("us-central1") .network(defaultNetwork.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder() .machineType("e2-medium") .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder() .network(defaultNetwork.id()) .subnetwork(defaultSubnetwork.id()) .build()) .disks(InstanceTemplateDiskArgs.builder() .sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink())) .autoDelete(true) .boot(true) .build()) .tags( "allow-ssh", "load-balanced-backend") .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder() .region("us-central1") .versions(RegionInstanceGroupManagerVersionArgs.builder() .instanceTemplate(instanceTemplate.id()) .name("primary") .build()) .baseInstanceName("internal-glb") .targetSize(1) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var fw1 = new Firewall("fw1", FirewallArgs.builder() .network(defaultNetwork.id()) .sourceRanges("10.1.2.0/24") .allows( FirewallAllowArgs.builder() .protocol("tcp") .build(), FirewallAllowArgs.builder() .protocol("udp") .build(), FirewallAllowArgs.builder() .protocol("icmp") .build()) .direction("INGRESS") .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var fw2 = new Firewall("fw2", FirewallArgs.builder() .network(defaultNetwork.id()) .sourceRanges("0.0.0.0/0") .allows(FirewallAllowArgs.builder() .protocol("tcp") .ports("22") .build()) .targetTags("allow-ssh") .direction("INGRESS") .build(), CustomResourceOptions.builder() .provider(google_beta) .dependsOn(fw1) .build()); var fw3 = new Firewall("fw3", FirewallArgs.builder() .network(defaultNetwork.id()) .sourceRanges( "130.211.0.0/22", "35.191.0.0/16") .allows(FirewallAllowArgs.builder() .protocol("tcp") .build()) .targetTags("load-balanced-backend") .direction("INGRESS") .build(), CustomResourceOptions.builder() .provider(google_beta) .dependsOn(fw2) .build()); var fw4 = new Firewall("fw4", FirewallArgs.builder() .network(defaultNetwork.id()) .sourceRanges("10.129.0.0/26") .targetTags("load-balanced-backend") .allows( FirewallAllowArgs.builder() .protocol("tcp") .ports("80") .build(), FirewallAllowArgs.builder() .protocol("tcp") .ports("443") .build(), FirewallAllowArgs.builder() .protocol("tcp") .ports("8000") .build()) .direction("INGRESS") .build(), CustomResourceOptions.builder() .provider(google_beta) .dependsOn(fw3) .build()); var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder() .region("us-central1") .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder() .portSpecification("USE_SERVING_PORT") .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .dependsOn(fw4) .build()); var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder() .loadBalancingScheme("INTERNAL_MANAGED") .backends(RegionBackendServiceBackendArgs.builder() .group(rigm.instanceGroup()) .balancingMode("UTILIZATION") .capacityScaler(1) .build()) .region("us-central1") .protocol("HTTP") .timeoutSec(10) .healthChecks(defaultRegionHealthCheck.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder() .region("us-central1") .defaultService(defaultRegionBackendService.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder() .region("us-central1") .urlMap(defaultRegionUrlMap.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var proxy = new Subnetwork("proxy", SubnetworkArgs.builder() .ipCidrRange("10.129.0.0/26") .region("us-central1") .network(defaultNetwork.id()) .purpose("REGIONAL_MANAGED_PROXY") .role("ACTIVE") .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder() .region("us-central1") .ipProtocol("TCP") .loadBalancingScheme("INTERNAL_MANAGED") .portRange("80") .target(defaultRegionTargetHttpProxy.id()) .network(defaultNetwork.id()) .subnetwork(defaultSubnetwork.id()) .networkTier("PREMIUM") .build(), CustomResourceOptions.builder() .provider(google_beta) .dependsOn(proxy) .build()); } } ``` ### Forwarding Rule Regional Http Xlb ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.compute.ComputeFunctions; import com.pulumi.gcp.compute.inputs.GetImageArgs; import com.pulumi.gcp.compute.Network; import com.pulumi.gcp.compute.NetworkArgs; import com.pulumi.gcp.compute.Subnetwork; import com.pulumi.gcp.compute.SubnetworkArgs; import com.pulumi.gcp.compute.InstanceTemplate; import com.pulumi.gcp.compute.InstanceTemplateArgs; import com.pulumi.gcp.compute.inputs.InstanceTemplateNetworkInterfaceArgs; import com.pulumi.gcp.compute.inputs.InstanceTemplateDiskArgs; import com.pulumi.gcp.compute.RegionInstanceGroupManager; import com.pulumi.gcp.compute.RegionInstanceGroupManagerArgs; import com.pulumi.gcp.compute.inputs.RegionInstanceGroupManagerVersionArgs; import com.pulumi.gcp.compute.Firewall; import com.pulumi.gcp.compute.FirewallArgs; import com.pulumi.gcp.compute.inputs.FirewallAllowArgs; import com.pulumi.gcp.compute.RegionHealthCheck; import com.pulumi.gcp.compute.RegionHealthCheckArgs; import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs; import com.pulumi.gcp.compute.RegionBackendService; import com.pulumi.gcp.compute.RegionBackendServiceArgs; import com.pulumi.gcp.compute.inputs.RegionBackendServiceBackendArgs; import com.pulumi.gcp.compute.RegionUrlMap; import com.pulumi.gcp.compute.RegionUrlMapArgs; import com.pulumi.gcp.compute.RegionTargetHttpProxy; import com.pulumi.gcp.compute.RegionTargetHttpProxyArgs; import com.pulumi.gcp.compute.Address; import com.pulumi.gcp.compute.AddressArgs; import com.pulumi.gcp.compute.ForwardingRule; import com.pulumi.gcp.compute.ForwardingRuleArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { final var debianImage = ComputeFunctions.getImage(GetImageArgs.builder() .family("debian-11") .project("debian-cloud") .build()); var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder() .autoCreateSubnetworks(false) .routingMode("REGIONAL") .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder() .ipCidrRange("10.1.2.0/24") .region("us-central1") .network(defaultNetwork.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var instanceTemplate = new InstanceTemplate("instanceTemplate", InstanceTemplateArgs.builder() .machineType("e2-medium") .networkInterfaces(InstanceTemplateNetworkInterfaceArgs.builder() .network(defaultNetwork.id()) .subnetwork(defaultSubnetwork.id()) .build()) .disks(InstanceTemplateDiskArgs.builder() .sourceImage(debianImage.applyValue(getImageResult -> getImageResult.selfLink())) .autoDelete(true) .boot(true) .build()) .tags( "allow-ssh", "load-balanced-backend") .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var rigm = new RegionInstanceGroupManager("rigm", RegionInstanceGroupManagerArgs.builder() .region("us-central1") .versions(RegionInstanceGroupManagerVersionArgs.builder() .instanceTemplate(instanceTemplate.id()) .name("primary") .build()) .baseInstanceName("internal-glb") .targetSize(1) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var fw1 = new Firewall("fw1", FirewallArgs.builder() .network(defaultNetwork.id()) .sourceRanges("10.1.2.0/24") .allows( FirewallAllowArgs.builder() .protocol("tcp") .build(), FirewallAllowArgs.builder() .protocol("udp") .build(), FirewallAllowArgs.builder() .protocol("icmp") .build()) .direction("INGRESS") .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var fw2 = new Firewall("fw2", FirewallArgs.builder() .network(defaultNetwork.id()) .sourceRanges("0.0.0.0/0") .allows(FirewallAllowArgs.builder() .protocol("tcp") .ports("22") .build()) .targetTags("allow-ssh") .direction("INGRESS") .build(), CustomResourceOptions.builder() .provider(google_beta) .dependsOn(fw1) .build()); var fw3 = new Firewall("fw3", FirewallArgs.builder() .network(defaultNetwork.id()) .sourceRanges( "130.211.0.0/22", "35.191.0.0/16") .allows(FirewallAllowArgs.builder() .protocol("tcp") .build()) .targetTags("load-balanced-backend") .direction("INGRESS") .build(), CustomResourceOptions.builder() .provider(google_beta) .dependsOn(fw2) .build()); var fw4 = new Firewall("fw4", FirewallArgs.builder() .network(defaultNetwork.id()) .sourceRanges("10.129.0.0/26") .targetTags("load-balanced-backend") .allows( FirewallAllowArgs.builder() .protocol("tcp") .ports("80") .build(), FirewallAllowArgs.builder() .protocol("tcp") .ports("443") .build(), FirewallAllowArgs.builder() .protocol("tcp") .ports("8000") .build()) .direction("INGRESS") .build(), CustomResourceOptions.builder() .provider(google_beta) .dependsOn(fw3) .build()); var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder() .region("us-central1") .httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder() .portSpecification("USE_SERVING_PORT") .build()) .build(), CustomResourceOptions.builder() .provider(google_beta) .dependsOn(fw4) .build()); var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder() .loadBalancingScheme("EXTERNAL_MANAGED") .backends(RegionBackendServiceBackendArgs.builder() .group(rigm.instanceGroup()) .balancingMode("UTILIZATION") .capacityScaler(1) .build()) .region("us-central1") .protocol("HTTP") .timeoutSec(10) .healthChecks(defaultRegionHealthCheck.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder() .region("us-central1") .defaultService(defaultRegionBackendService.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultRegionTargetHttpProxy = new RegionTargetHttpProxy("defaultRegionTargetHttpProxy", RegionTargetHttpProxyArgs.builder() .region("us-central1") .urlMap(defaultRegionUrlMap.id()) .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultAddress = new Address("defaultAddress", AddressArgs.builder() .region("us-central1") .networkTier("STANDARD") .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var proxy = new Subnetwork("proxy", SubnetworkArgs.builder() .ipCidrRange("10.129.0.0/26") .region("us-central1") .network(defaultNetwork.id()) .purpose("REGIONAL_MANAGED_PROXY") .role("ACTIVE") .build(), CustomResourceOptions.builder() .provider(google_beta) .build()); var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder() .region("us-central1") .ipProtocol("TCP") .loadBalancingScheme("EXTERNAL_MANAGED") .portRange("80") .target(defaultRegionTargetHttpProxy.id()) .network(defaultNetwork.id()) .ipAddress(defaultAddress.id()) .networkTier("STANDARD") .build(), CustomResourceOptions.builder() .provider(google_beta) .dependsOn(proxy) .build()); } } ``` ### Forwarding Rule Vpc Psc ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.compute.Network; import com.pulumi.gcp.compute.NetworkArgs; import com.pulumi.gcp.compute.Subnetwork; import com.pulumi.gcp.compute.SubnetworkArgs; import com.pulumi.gcp.compute.Address; import com.pulumi.gcp.compute.AddressArgs; import com.pulumi.gcp.compute.HealthCheck; import com.pulumi.gcp.compute.HealthCheckArgs; import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs; import com.pulumi.gcp.compute.RegionBackendService; import com.pulumi.gcp.compute.RegionBackendServiceArgs; import com.pulumi.gcp.compute.ForwardingRule; import com.pulumi.gcp.compute.ForwardingRuleArgs; import com.pulumi.gcp.compute.ServiceAttachment; import com.pulumi.gcp.compute.ServiceAttachmentArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var consumerNet = new Network("consumerNet", NetworkArgs.builder() .autoCreateSubnetworks(false) .build()); var consumerSubnet = new Subnetwork("consumerSubnet", SubnetworkArgs.builder() .ipCidrRange("10.0.0.0/16") .region("us-central1") .network(consumerNet.id()) .build()); var consumerAddress = new Address("consumerAddress", AddressArgs.builder() .region("us-central1") .subnetwork(consumerSubnet.id()) .addressType("INTERNAL") .build()); var producerNet = new Network("producerNet", NetworkArgs.builder() .autoCreateSubnetworks(false) .build()); var pscProducerSubnet = new Subnetwork("pscProducerSubnet", SubnetworkArgs.builder() .ipCidrRange("10.1.0.0/16") .region("us-central1") .purpose("PRIVATE_SERVICE_CONNECT") .network(producerNet.id()) .build()); var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder() .ipCidrRange("10.0.0.0/16") .region("us-central1") .network(producerNet.id()) .build()); var producerServiceHealthCheck = new HealthCheck("producerServiceHealthCheck", HealthCheckArgs.builder() .checkIntervalSec(1) .timeoutSec(1) .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder() .port("80") .build()) .build()); var producerServiceBackend = new RegionBackendService("producerServiceBackend", RegionBackendServiceArgs.builder() .region("us-central1") .healthChecks(producerServiceHealthCheck.id()) .build()); var producerTargetService = new ForwardingRule("producerTargetService", ForwardingRuleArgs.builder() .region("us-central1") .loadBalancingScheme("INTERNAL") .backendService(producerServiceBackend.id()) .allPorts(true) .network(producerNet.name()) .subnetwork(producerSubnet.name()) .build()); var producerServiceAttachment = new ServiceAttachment("producerServiceAttachment", ServiceAttachmentArgs.builder() .region("us-central1") .description("A service attachment configured with Terraform") .enableProxyProtocol(true) .connectionPreference("ACCEPT_AUTOMATIC") .natSubnets(pscProducerSubnet.name()) .targetService(producerTargetService.id()) .build()); var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder() .region("us-central1") .loadBalancingScheme("") .target(producerServiceAttachment.id()) .network(consumerNet.name()) .ipAddress(consumerAddress.id()) .allowPscGlobalAccess(true) .build()); } } ``` ### Forwarding Rule Vpc Psc No Automate Dns ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.compute.Network; import com.pulumi.gcp.compute.NetworkArgs; import com.pulumi.gcp.compute.Subnetwork; import com.pulumi.gcp.compute.SubnetworkArgs; import com.pulumi.gcp.compute.Address; import com.pulumi.gcp.compute.AddressArgs; import com.pulumi.gcp.compute.HealthCheck; import com.pulumi.gcp.compute.HealthCheckArgs; import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs; import com.pulumi.gcp.compute.RegionBackendService; import com.pulumi.gcp.compute.RegionBackendServiceArgs; import com.pulumi.gcp.compute.ForwardingRule; import com.pulumi.gcp.compute.ForwardingRuleArgs; import com.pulumi.gcp.compute.ServiceAttachment; import com.pulumi.gcp.compute.ServiceAttachmentArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var consumerNet = new Network("consumerNet", NetworkArgs.builder() .autoCreateSubnetworks(false) .build()); var consumerSubnet = new Subnetwork("consumerSubnet", SubnetworkArgs.builder() .ipCidrRange("10.0.0.0/16") .region("us-central1") .network(consumerNet.id()) .build()); var consumerAddress = new Address("consumerAddress", AddressArgs.builder() .region("us-central1") .subnetwork(consumerSubnet.id()) .addressType("INTERNAL") .build()); var producerNet = new Network("producerNet", NetworkArgs.builder() .autoCreateSubnetworks(false) .build()); var pscProducerSubnet = new Subnetwork("pscProducerSubnet", SubnetworkArgs.builder() .ipCidrRange("10.1.0.0/16") .region("us-central1") .purpose("PRIVATE_SERVICE_CONNECT") .network(producerNet.id()) .build()); var producerSubnet = new Subnetwork("producerSubnet", SubnetworkArgs.builder() .ipCidrRange("10.0.0.0/16") .region("us-central1") .network(producerNet.id()) .build()); var producerServiceHealthCheck = new HealthCheck("producerServiceHealthCheck", HealthCheckArgs.builder() .checkIntervalSec(1) .timeoutSec(1) .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder() .port("80") .build()) .build()); var producerServiceBackend = new RegionBackendService("producerServiceBackend", RegionBackendServiceArgs.builder() .region("us-central1") .healthChecks(producerServiceHealthCheck.id()) .build()); var producerTargetService = new ForwardingRule("producerTargetService", ForwardingRuleArgs.builder() .region("us-central1") .loadBalancingScheme("INTERNAL") .backendService(producerServiceBackend.id()) .allPorts(true) .network(producerNet.name()) .subnetwork(producerSubnet.name()) .build()); var producerServiceAttachment = new ServiceAttachment("producerServiceAttachment", ServiceAttachmentArgs.builder() .region("us-central1") .description("A service attachment configured with Terraform") .enableProxyProtocol(true) .connectionPreference("ACCEPT_AUTOMATIC") .natSubnets(pscProducerSubnet.name()) .targetService(producerTargetService.id()) .build()); var default_ = new ForwardingRule("default", ForwardingRuleArgs.builder() .region("us-central1") .loadBalancingScheme("") .target(producerServiceAttachment.id()) .network(consumerNet.name()) .ipAddress(consumerAddress.id()) .allowPscGlobalAccess(true) .noAutomateDnsZone(true) .build()); } } ``` ### Forwarding Rule Regional Steering ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.compute.Address; import com.pulumi.gcp.compute.AddressArgs; import com.pulumi.gcp.compute.RegionBackendService; import com.pulumi.gcp.compute.RegionBackendServiceArgs; import com.pulumi.gcp.compute.ForwardingRule; import com.pulumi.gcp.compute.ForwardingRuleArgs; import com.pulumi.resources.CustomResourceOptions; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var basic = new Address("basic", AddressArgs.builder() .region("us-central1") .build()); var externalRegionBackendService = new RegionBackendService("externalRegionBackendService", RegionBackendServiceArgs.builder() .region("us-central1") .loadBalancingScheme("EXTERNAL") .build()); var externalForwardingRule = new ForwardingRule("externalForwardingRule", ForwardingRuleArgs.builder() .region("us-central1") .ipAddress(basic.selfLink()) .backendService(externalRegionBackendService.selfLink()) .loadBalancingScheme("EXTERNAL") .build()); var steering = new ForwardingRule("steering", ForwardingRuleArgs.builder() .region("us-central1") .ipAddress(basic.selfLink()) .backendService(externalRegionBackendService.selfLink()) .loadBalancingScheme("EXTERNAL") .sourceIpRanges( "34.121.88.0/24", "35.187.239.137") .build(), CustomResourceOptions.builder() .dependsOn(externalForwardingRule) .build()); } } ``` ### Forwarding Rule Internallb Ipv6 ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.gcp.compute.HealthCheck; import com.pulumi.gcp.compute.HealthCheckArgs; import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs; import com.pulumi.gcp.compute.RegionBackendService; import com.pulumi.gcp.compute.RegionBackendServiceArgs; import com.pulumi.gcp.compute.Network; import com.pulumi.gcp.compute.NetworkArgs; import com.pulumi.gcp.compute.Subnetwork; import com.pulumi.gcp.compute.SubnetworkArgs; import com.pulumi.gcp.compute.ForwardingRule; import com.pulumi.gcp.compute.ForwardingRuleArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var hc = new HealthCheck("hc", HealthCheckArgs.builder() .checkIntervalSec(1) .timeoutSec(1) .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder() .port("80") .build()) .build()); var backend = new RegionBackendService("backend", RegionBackendServiceArgs.builder() .region("us-central1") .healthChecks(hc.id()) .build()); var defaultNetwork = new Network("defaultNetwork", NetworkArgs.builder() .autoCreateSubnetworks(false) .enableUlaInternalIpv6(true) .build()); var defaultSubnetwork = new Subnetwork("defaultSubnetwork", SubnetworkArgs.builder() .ipCidrRange("10.0.0.0/16") .region("us-central1") .stackType("IPV4_IPV6") .ipv6AccessType("INTERNAL") .network(defaultNetwork.id()) .build()); var defaultForwardingRule = new ForwardingRule("defaultForwardingRule", ForwardingRuleArgs.builder() .region("us-central1") .loadBalancingScheme("INTERNAL") .backendService(backend.id()) .allPorts(true) .network(defaultNetwork.name()) .subnetwork(defaultSubnetwork.name()) .ipVersion("IPV6") .build()); } } ``` ## Import ForwardingRule can be imported using any of these accepted formats ```sh $ pulumi import gcp:compute/forwardingRule:ForwardingRule default projects/{{project}}/regions/{{region}}/forwardingRules/{{name}} ``` ```sh $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{project}}/{{region}}/{{name}} ``` ```sh $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{region}}/{{name}} ``` ```sh $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{name}} ```

    • Nested Class Summary

      • Nested classes/interfaces inherited from class com.pulumi.resources.CustomResource

        com.pulumi.resources.CustomResource.CustomResourceInternal

      • Nested classes/interfaces inherited from class com.pulumi.resources.Resource

        com.pulumi.resources.Resource.LazyField<T extends java.lang.Object>, com.pulumi.resources.Resource.LazyFields, com.pulumi.resources.Resource.ResourceInternal

    • Field Summary

      • Fields inherited from class com.pulumi.resources.Resource

        childResources, remote

    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> allowGlobalAccess()  
      com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> allowPscGlobalAccess()  
      com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> allPorts()  
      com.pulumi.core.Output<java.util.Optional<java.lang.String>> backendService()  
      com.pulumi.core.Output<java.lang.String> baseForwardingRule()  
      com.pulumi.core.Output<java.lang.String> creationTimestamp()  
      com.pulumi.core.Output<java.util.Optional<java.lang.String>> description()  
      static ForwardingRule get​(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, ForwardingRuleState state, com.pulumi.resources.CustomResourceOptions options)
      Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
      com.pulumi.core.Output<java.lang.String> ipAddress()  
      com.pulumi.core.Output<java.lang.String> ipProtocol()  
      com.pulumi.core.Output<java.lang.String> ipVersion()  
      com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> isMirroringCollector()  
      com.pulumi.core.Output<java.lang.String> labelFingerprint()  
      com.pulumi.core.Output<java.util.Optional<java.util.Map<java.lang.String,​java.lang.String>>> labels()  
      com.pulumi.core.Output<java.util.Optional<java.lang.String>> loadBalancingScheme()  
      com.pulumi.core.Output<java.lang.String> name()  
      com.pulumi.core.Output<java.lang.String> network()  
      com.pulumi.core.Output<java.lang.String> networkTier()  
      com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> noAutomateDnsZone()  
      com.pulumi.core.Output<java.lang.String> portRange()  
      com.pulumi.core.Output<java.util.Optional<java.util.List<java.lang.String>>> ports()  
      com.pulumi.core.Output<java.lang.String> project()  
      com.pulumi.core.Output<java.lang.String> pscConnectionId()  
      com.pulumi.core.Output<java.lang.String> pscConnectionStatus()  
      com.pulumi.core.Output<java.lang.String> region()  
      com.pulumi.core.Output<java.lang.String> selfLink()  
      com.pulumi.core.Output<java.util.List<ForwardingRuleServiceDirectoryRegistration>> serviceDirectoryRegistrations()  
      com.pulumi.core.Output<java.util.Optional<java.lang.String>> serviceLabel()  
      com.pulumi.core.Output<java.lang.String> serviceName()  
      com.pulumi.core.Output<java.util.Optional<java.util.List<java.lang.String>>> sourceIpRanges()  
      com.pulumi.core.Output<java.lang.String> subnetwork()  
      com.pulumi.core.Output<java.util.Optional<java.lang.String>> target()  

      • Methods inherited from class com.pulumi.resources.CustomResource

        getId, id, idFuture

      • Methods inherited from class com.pulumi.resources.Resource

        getChildResources, getResourceName, getResourceType, getUrn, pulumiChildResources, pulumiResourceName, pulumiResourceType, urn

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • ForwardingRule

        public ForwardingRule​(java.lang.String name)
        Parameters:
        name - The _unique_ name of the resulting resource.

      • ForwardingRule

        public ForwardingRule​(java.lang.String name,
                      @Nullable
                      ForwardingRuleArgs args)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.

      • ForwardingRule

        public ForwardingRule​(java.lang.String name,
                      @Nullable
                      ForwardingRuleArgs args,
                      @Nullable
                      com.pulumi.resources.CustomResourceOptions options)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.
        options - A bag of options that control this resource's behavior.

    • Method Detail

      • allPorts

        public com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> allPorts()
        Returns:
        This field can only be used: * If `IPProtocol` is one of TCP, UDP, or SCTP. * By internal TCP/UDP load balancers, backend service-based network load balancers, and internal and external protocol forwarding. This option should be set to TRUE when the Forwarding Rule IPProtocol is set to L3_DEFAULT. Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The `ports`, `port_range`, and `allPorts` fields are mutually exclusive.

      • allowGlobalAccess

        public com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> allowGlobalAccess()
        Returns:
        This field is used along with the `backend_service` field for internal load balancing or with the `target` field for internal TargetInstance. If the field is set to `TRUE`, clients can access ILB from all regions. Otherwise only allows access from clients in the same region as the internal load balancer.

      • allowPscGlobalAccess

        public com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> allowPscGlobalAccess()
        Returns:
        This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.

      • backendService

        public com.pulumi.core.Output<java.util.Optional<java.lang.String>> backendService()
        Returns:
        Identifies the backend service to which the forwarding rule sends traffic. Required for Internal TCP/UDP Load Balancing and Network Load Balancing; must be omitted for all other load balancer types.

      • baseForwardingRule

        public com.pulumi.core.Output<java.lang.String> baseForwardingRule()
        Returns:
        [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified.

      • creationTimestamp

        public com.pulumi.core.Output<java.lang.String> creationTimestamp()
        Returns:
        Creation timestamp in RFC3339 text format.

      • description

        public com.pulumi.core.Output<java.util.Optional<java.lang.String>> description()
        Returns:
        An optional description of this resource. Provide this property when you create the resource.

      • ipAddress

        public com.pulumi.core.Output<java.lang.String> ipAddress()
        Returns:
        IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced `target` or `backendService`. While creating a forwarding rule, specifying an `IPAddress` is required under the following circumstances: * When the `target` is set to `targetGrpcProxy` and `validateForProxyless` is set to `true`, the `IPAddress` should be set to `0.0.0.0`. * When the `target` is a Private Service Connect Google APIs bundle, you must specify an `IPAddress`. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: * IP address number, as in `100.1.2.3` * IPv6 address range, as in `2600:1234::/96` * Full resource URL, as in `https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name` * Partial URL or by name, as in: * `projects/project_id/regions/region/addresses/address-name` * `regions/region/addresses/address-name` * `global/addresses/address-name` * `address-name` The forwarding rule's `target` or `backendService`, and in most cases, also the `loadBalancingScheme`, determine the type of IP address that you can use. For detailed information, see [IP address specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). When reading an `IPAddress`, the API always returns the IP address number.

      • ipProtocol

        public com.pulumi.core.Output<java.lang.String> ipProtocol()
        Returns:
        The IP protocol to which this rule applies. For protocol forwarding, valid options are `TCP`, `UDP`, `ESP`, `AH`, `SCTP`, `ICMP` and `L3_DEFAULT`. The valid IP protocols are different for different load balancing products as described in [Load balancing features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or backend service with UNSPECIFIED protocol. A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. Possible values are: `TCP`, `UDP`, `ESP`, `AH`, `SCTP`, `ICMP`, `L3_DEFAULT`.

      • ipVersion

        public com.pulumi.core.Output<java.lang.String> ipVersion()
        Returns:
        The IP address version that will be used by this forwarding rule. Valid options are IPV4 and IPV6. If not set, the IPv4 address will be used by default. Possible values are: `IPV4`, `IPV6`.

      • isMirroringCollector

        public com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> isMirroringCollector()
        Returns:
        Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a `PacketMirroring` rule applies to them. This can only be set to true for load balancers that have their `loadBalancingScheme` set to `INTERNAL`.

      • labelFingerprint

        public com.pulumi.core.Output<java.lang.String> labelFingerprint()
        Returns:
        The fingerprint used for optimistic locking of this resource. Used internally during updates.

      • labels

        public com.pulumi.core.Output<java.util.Optional<java.util.Map<java.lang.String,​java.lang.String>>> labels()
        Returns:
        Labels to apply to this forwarding rule. A list of key->value pairs.

      • loadBalancingScheme

        public com.pulumi.core.Output<java.util.Optional<java.lang.String>> loadBalancingScheme()
        Returns:
        Specifies the forwarding rule type. For more information about forwarding rules, refer to [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). Default value is `EXTERNAL`. Possible values are: `EXTERNAL`, `EXTERNAL_MANAGED`, `INTERNAL`, `INTERNAL_MANAGED`.

      • name

        public com.pulumi.core.Output<java.lang.String> name()
        Returns:
        Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). Specifically, the name must be 1-63 characters long and match the regular expression `a-z?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter. ***

      • network

        public com.pulumi.core.Output<java.lang.String> network()
        Returns:
        This field is not used for external load balancing. For Internal TCP/UDP Load Balancing, this field identifies the network that the load balanced IP should belong to for this Forwarding Rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.

      • networkTier

        public com.pulumi.core.Output<java.lang.String> networkTier()
        Returns:
        This signifies the networking tier used for configuring this load balancer and can only take the following values: `PREMIUM`, `STANDARD`. For regional ForwardingRule, the valid values are `PREMIUM` and `STANDARD`. For GlobalForwardingRule, the valid value is `PREMIUM`. If this field is not specified, it is assumed to be `PREMIUM`. If `IPAddress` is specified, this value must be equal to the networkTier of the Address. Possible values are: `PREMIUM`, `STANDARD`.

      • noAutomateDnsZone

        public com.pulumi.core.Output<java.util.Optional<java.lang.Boolean>> noAutomateDnsZone()
        Returns:
        This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field.

      • portRange

        public com.pulumi.core.Output<java.lang.String> portRange()
        Returns:
        This field can only be used: * If `IPProtocol` is one of TCP, UDP, or SCTP. * By backend service-based network load balancers, target pool-based network load balancers, internal proxy load balancers, external proxy load balancers, Traffic Director, external protocol forwarding, and Classic VPN. Some products have restrictions on what ports can be used. See [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications) for details. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The `ports` and `port_range` fields are mutually exclusive. For external forwarding rules, two or more forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair, and cannot have overlapping `portRange`s. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair, and cannot have overlapping `portRange`s.

      • ports

        public com.pulumi.core.Output<java.util.Optional<java.util.List<java.lang.String>>> ports()
        Returns:
        This field can only be used: * If `IPProtocol` is one of TCP, UDP, or SCTP. * By internal TCP/UDP load balancers, backend service-based network load balancers, internal protocol forwarding and when protocol is not L3_DEFAULT. You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. Only packets addressed to these ports will be forwarded to the backends configured with this forwarding rule. For external forwarding rules, two or more forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair, and cannot share any values defined in `ports`. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair, and cannot share any values defined in `ports`. The `ports` and `port_range` fields are mutually exclusive.

      • project

        public com.pulumi.core.Output<java.lang.String> project()
        Returns:
        The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

      • pscConnectionId

        public com.pulumi.core.Output<java.lang.String> pscConnectionId()
        Returns:
        The PSC connection id of the PSC Forwarding Rule.

      • pscConnectionStatus

        public com.pulumi.core.Output<java.lang.String> pscConnectionStatus()
        Returns:
        The PSC connection status of the PSC Forwarding Rule. Possible values: `STATUS_UNSPECIFIED`, `PENDING`, `ACCEPTED`, `REJECTED`, `CLOSED`

      • region

        public com.pulumi.core.Output<java.lang.String> region()
        Returns:
        A reference to the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules.

      • selfLink

        public com.pulumi.core.Output<java.lang.String> selfLink()
        Returns:
        The URI of the created resource.

      • serviceDirectoryRegistrations

        public com.pulumi.core.Output<java.util.List<ForwardingRuleServiceDirectoryRegistration>> serviceDirectoryRegistrations()
        Returns:
        Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource. Structure is documented below.

      • serviceLabel

        public com.pulumi.core.Output<java.util.Optional<java.lang.String>> serviceLabel()
        Returns:
        An optional prefix to the service name for this Forwarding Rule. If specified, will be the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression `a-z?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for INTERNAL load balancing.

      • serviceName

        public com.pulumi.core.Output<java.lang.String> serviceName()
        Returns:
        The internal fully qualified service name for this Forwarding Rule. This field is only used for INTERNAL load balancing.

      • sourceIpRanges

        public com.pulumi.core.Output<java.util.Optional<java.util.List<java.lang.String>>> sourceIpRanges()
        Returns:
        If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).

      • subnetwork

        public com.pulumi.core.Output<java.lang.String> subnetwork()
        Returns:
        This field identifies the subnetwork that the load balanced IP should belong to for this Forwarding Rule, used in internal load balancing and network load balancing with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.

      • target

        public com.pulumi.core.Output<java.util.Optional<java.lang.String>> target()
        Returns:
        The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object. * For load balancers, see the "Target" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). * For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle: * `vpc-sc` - [ APIs that support VPC Service Controls](https://cloud.google.com/vpc-service-controls/docs/supported-products). * `all-apis` - [All supported Google APIs](https://cloud.google.com/vpc/docs/private-service-connect#supported-apis). For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment.

      • get

        public static ForwardingRule get​(java.lang.String name,
                                 com.pulumi.core.Output<java.lang.String> id,
                                 @Nullable
                                 ForwardingRuleState state,
                                 @Nullable
                                 com.pulumi.resources.CustomResourceOptions options)
        Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
        Parameters:
        name - The _unique_ name of the resulting resource.
        id - The _unique_ provider ID of the resource to lookup.
        state -
        options - Optional settings to control the behavior of the CustomResource.