Expand description
A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, portRange] tuple.
To get more information about ForwardingRule, see:
- API documentation
- How-to Guides
§Example Usage
§Forwarding Rule Externallb
resources:
# Forwarding rule for External Network Load Balancing using Backend Services
default:
type: gcp:compute:ForwardingRule
properties:
name: website-forwarding-rule
region: us-central1
portRange: 80
backendService: ${backend.id}
backend:
type: gcp:compute:RegionBackendService
properties:
name: website-backend
region: us-central1
loadBalancingScheme: EXTERNAL
healthChecks: ${hc.id}
hc:
type: gcp:compute:RegionHealthCheck
properties:
name: check-website-backend
checkIntervalSec: 1
timeoutSec: 1
region: us-central1
tcpHealthCheck:
port: '80'§Forwarding Rule Global Internallb
resources:
# Forwarding rule for Internal Load Balancing
default:
type: gcp:compute:ForwardingRule
properties:
name: website-forwarding-rule
region: us-central1
loadBalancingScheme: INTERNAL
backendService: ${backend.id}
allPorts: true
allowGlobalAccess: true
network: ${defaultNetwork.name}
subnetwork: ${defaultSubnetwork.name}
backend:
type: gcp:compute:RegionBackendService
properties:
name: website-backend
region: us-central1
healthChecks: ${hc.id}
hc:
type: gcp:compute:HealthCheck
properties:
name: check-website-backend
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
defaultNetwork:
type: gcp:compute:Network
name: default
properties:
name: website-net
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: website-net
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${defaultNetwork.id}§Forwarding Rule Basic
ⓘ
use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
let default = forwarding_rule::create(
"default",
ForwardingRuleArgs::builder()
.name("website-forwarding-rule")
.port_range("80")
.target("${defaultTargetPool.id}")
.build_struct(),
);
let defaultTargetPool = target_pool::create(
"defaultTargetPool",
TargetPoolArgs::builder().name("website-target-pool").build_struct(),
);
}§Forwarding Rule L3 Default
ⓘ
use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
let fwdRule = forwarding_rule::create(
"fwdRule",
ForwardingRuleArgs::builder()
.all_ports(true)
.backend_service("${service.id}")
.ip_protocol("L3_DEFAULT")
.name("l3-forwarding-rule")
.build_struct(),
);
let healthCheck = region_health_check::create(
"healthCheck",
RegionHealthCheckArgs::builder()
.name("health-check")
.region("us-central1")
.tcp_health_check(
RegionHealthCheckTcpHealthCheck::builder().port(80).build_struct(),
)
.build_struct(),
);
let service = region_backend_service::create(
"service",
RegionBackendServiceArgs::builder()
.health_checks("${healthCheck.id}")
.load_balancing_scheme("EXTERNAL")
.name("service")
.protocol("UNSPECIFIED")
.region("us-central1")
.build_struct(),
);
}§Forwarding Rule Internallb
resources:
# Forwarding rule for Internal Load Balancing
default:
type: gcp:compute:ForwardingRule
properties:
name: website-forwarding-rule
region: us-central1
loadBalancingScheme: INTERNAL
backendService: ${backend.id}
allPorts: true
network: ${defaultNetwork.name}
subnetwork: ${defaultSubnetwork.name}
ipVersion: IPV4
backend:
type: gcp:compute:RegionBackendService
properties:
name: website-backend
region: us-central1
healthChecks: ${hc.id}
hc:
type: gcp:compute:HealthCheck
properties:
name: check-website-backend
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
defaultNetwork:
type: gcp:compute:Network
name: default
properties:
name: website-net
autoCreateSubnetworks: false
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: website-net
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${defaultNetwork.id}§Forwarding Rule Http Lb
resources:
# Forwarding rule for Internal Load Balancing
default:
type: gcp:compute:ForwardingRule
properties:
name: website-forwarding-rule
region: us-central1
ipProtocol: TCP
loadBalancingScheme: INTERNAL_MANAGED
portRange: '80'
target: ${defaultRegionTargetHttpProxy.id}
network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
networkTier: PREMIUM
options:
dependsOn:
- ${proxy}
defaultRegionTargetHttpProxy:
type: gcp:compute:RegionTargetHttpProxy
name: default
properties:
region: us-central1
name: website-proxy
urlMap: ${defaultRegionUrlMap.id}
defaultRegionUrlMap:
type: gcp:compute:RegionUrlMap
name: default
properties:
region: us-central1
name: website-map
defaultService: ${defaultRegionBackendService.id}
defaultRegionBackendService:
type: gcp:compute:RegionBackendService
name: default
properties:
loadBalancingScheme: INTERNAL_MANAGED
backends:
- group: ${rigm.instanceGroup}
balancingMode: UTILIZATION
capacityScaler: 1
region: us-central1
name: website-backend
protocol: HTTP
timeoutSec: 10
healthChecks: ${defaultRegionHealthCheck.id}
rigm:
type: gcp:compute:RegionInstanceGroupManager
properties:
region: us-central1
name: website-rigm
versions:
- instanceTemplate: ${instanceTemplate.id}
name: primary
baseInstanceName: internal-glb
targetSize: 1
instanceTemplate:
type: gcp:compute:InstanceTemplate
name: instance_template
properties:
name: template-website-backend
machineType: e2-medium
networkInterfaces:
- network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
disks:
- sourceImage: ${debianImage.selfLink}
autoDelete: true
boot: true
tags:
- allow-ssh
- load-balanced-backend
defaultRegionHealthCheck:
type: gcp:compute:RegionHealthCheck
name: default
properties:
region: us-central1
name: website-hc
httpHealthCheck:
portSpecification: USE_SERVING_PORT
options:
dependsOn:
- ${fw4}
fw1:
type: gcp:compute:Firewall
properties:
name: website-fw-1
network: ${defaultNetwork.id}
sourceRanges:
- 10.1.2.0/24
allows:
- protocol: tcp
- protocol: udp
- protocol: icmp
direction: INGRESS
fw2:
type: gcp:compute:Firewall
properties:
name: website-fw-2
network: ${defaultNetwork.id}
sourceRanges:
- 0.0.0.0/0
allows:
- protocol: tcp
ports:
- '22'
targetTags:
- allow-ssh
direction: INGRESS
options:
dependsOn:
- ${fw1}
fw3:
type: gcp:compute:Firewall
properties:
name: website-fw-3
network: ${defaultNetwork.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
allows:
- protocol: tcp
targetTags:
- load-balanced-backend
direction: INGRESS
options:
dependsOn:
- ${fw2}
fw4:
type: gcp:compute:Firewall
properties:
name: website-fw-4
network: ${defaultNetwork.id}
sourceRanges:
- 10.129.0.0/26
targetTags:
- load-balanced-backend
allows:
- protocol: tcp
ports:
- '80'
- protocol: tcp
ports:
- '443'
- protocol: tcp
ports:
- '8000'
direction: INGRESS
options:
dependsOn:
- ${fw3}
defaultNetwork:
type: gcp:compute:Network
name: default
properties:
name: website-net
autoCreateSubnetworks: false
routingMode: REGIONAL
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: website-net-default
ipCidrRange: 10.1.2.0/24
region: us-central1
network: ${defaultNetwork.id}
proxy:
type: gcp:compute:Subnetwork
properties:
name: website-net-proxy
ipCidrRange: 10.129.0.0/26
region: us-central1
network: ${defaultNetwork.id}
purpose: REGIONAL_MANAGED_PROXY
role: ACTIVE
variables:
debianImage:
fn::invoke:
function: gcp:compute:getImage
arguments:
family: debian-11
project: debian-cloud§Forwarding Rule Regional Http Xlb
resources:
# Forwarding rule for Regional External Load Balancing
default:
type: gcp:compute:ForwardingRule
properties:
name: website-forwarding-rule
region: us-central1
ipProtocol: TCP
loadBalancingScheme: EXTERNAL_MANAGED
portRange: '80'
target: ${defaultRegionTargetHttpProxy.id}
network: ${defaultNetwork.id}
ipAddress: ${defaultAddress.address}
networkTier: STANDARD
options:
dependsOn:
- ${proxy}
defaultRegionTargetHttpProxy:
type: gcp:compute:RegionTargetHttpProxy
name: default
properties:
region: us-central1
name: website-proxy
urlMap: ${defaultRegionUrlMap.id}
defaultRegionUrlMap:
type: gcp:compute:RegionUrlMap
name: default
properties:
region: us-central1
name: website-map
defaultService: ${defaultRegionBackendService.id}
defaultRegionBackendService:
type: gcp:compute:RegionBackendService
name: default
properties:
loadBalancingScheme: EXTERNAL_MANAGED
backends:
- group: ${rigm.instanceGroup}
balancingMode: UTILIZATION
capacityScaler: 1
region: us-central1
name: website-backend
protocol: HTTP
timeoutSec: 10
healthChecks: ${defaultRegionHealthCheck.id}
rigm:
type: gcp:compute:RegionInstanceGroupManager
properties:
region: us-central1
name: website-rigm
versions:
- instanceTemplate: ${instanceTemplate.id}
name: primary
baseInstanceName: internal-glb
targetSize: 1
instanceTemplate:
type: gcp:compute:InstanceTemplate
name: instance_template
properties:
name: template-website-backend
machineType: e2-medium
networkInterfaces:
- network: ${defaultNetwork.id}
subnetwork: ${defaultSubnetwork.id}
disks:
- sourceImage: ${debianImage.selfLink}
autoDelete: true
boot: true
tags:
- allow-ssh
- load-balanced-backend
defaultRegionHealthCheck:
type: gcp:compute:RegionHealthCheck
name: default
properties:
region: us-central1
name: website-hc
httpHealthCheck:
portSpecification: USE_SERVING_PORT
options:
dependsOn:
- ${fw4}
defaultAddress:
type: gcp:compute:Address
name: default
properties:
name: website-ip-1
region: us-central1
networkTier: STANDARD
fw1:
type: gcp:compute:Firewall
properties:
name: website-fw-1
network: ${defaultNetwork.id}
sourceRanges:
- 10.1.2.0/24
allows:
- protocol: tcp
- protocol: udp
- protocol: icmp
direction: INGRESS
fw2:
type: gcp:compute:Firewall
properties:
name: website-fw-2
network: ${defaultNetwork.id}
sourceRanges:
- 0.0.0.0/0
allows:
- protocol: tcp
ports:
- '22'
targetTags:
- allow-ssh
direction: INGRESS
options:
dependsOn:
- ${fw1}
fw3:
type: gcp:compute:Firewall
properties:
name: website-fw-3
network: ${defaultNetwork.id}
sourceRanges:
- 130.211.0.0/22
- 35.191.0.0/16
allows:
- protocol: tcp
targetTags:
- load-balanced-backend
direction: INGRESS
options:
dependsOn:
- ${fw2}
fw4:
type: gcp:compute:Firewall
properties:
name: website-fw-4
network: ${defaultNetwork.id}
sourceRanges:
- 10.129.0.0/26
targetTags:
- load-balanced-backend
allows:
- protocol: tcp
ports:
- '80'
- protocol: tcp
ports:
- '443'
- protocol: tcp
ports:
- '8000'
direction: INGRESS
options:
dependsOn:
- ${fw3}
defaultNetwork:
type: gcp:compute:Network
name: default
properties:
name: website-net
autoCreateSubnetworks: false
routingMode: REGIONAL
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: website-net-default
ipCidrRange: 10.1.2.0/24
region: us-central1
network: ${defaultNetwork.id}
proxy:
type: gcp:compute:Subnetwork
properties:
name: website-net-proxy
ipCidrRange: 10.129.0.0/26
region: us-central1
network: ${defaultNetwork.id}
purpose: REGIONAL_MANAGED_PROXY
role: ACTIVE
variables:
debianImage:
fn::invoke:
function: gcp:compute:getImage
arguments:
family: debian-11
project: debian-cloud§Forwarding Rule Vpc Psc
resources:
# Forwarding rule for VPC private service connect
default:
type: gcp:compute:ForwardingRule
properties:
name: psc-endpoint
region: us-central1
loadBalancingScheme: ""
target: ${producerServiceAttachment.id}
network: ${consumerNet.name}
ipAddress: ${consumerAddress.id}
allowPscGlobalAccess: true
# Consumer service endpoint
consumerNet:
type: gcp:compute:Network
name: consumer_net
properties:
name: consumer-net
autoCreateSubnetworks: false
consumerSubnet:
type: gcp:compute:Subnetwork
name: consumer_subnet
properties:
name: consumer-net
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${consumerNet.id}
consumerAddress:
type: gcp:compute:Address
name: consumer_address
properties:
name: website-ip-1
region: us-central1
subnetwork: ${consumerSubnet.id}
addressType: INTERNAL
# Producer service attachment
producerNet:
type: gcp:compute:Network
name: producer_net
properties:
name: producer-net
autoCreateSubnetworks: false
producerSubnet:
type: gcp:compute:Subnetwork
name: producer_subnet
properties:
name: producer-net
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${producerNet.id}
pscProducerSubnet:
type: gcp:compute:Subnetwork
name: psc_producer_subnet
properties:
name: producer-psc-net
ipCidrRange: 10.1.0.0/16
region: us-central1
purpose: PRIVATE_SERVICE_CONNECT
network: ${producerNet.id}
producerServiceAttachment:
type: gcp:compute:ServiceAttachment
name: producer_service_attachment
properties:
name: producer-service
region: us-central1
description: A service attachment configured with Terraform
enableProxyProtocol: true
connectionPreference: ACCEPT_AUTOMATIC
natSubnets:
- ${pscProducerSubnet.name}
targetService: ${producerTargetService.id}
producerTargetService:
type: gcp:compute:ForwardingRule
name: producer_target_service
properties:
name: producer-forwarding-rule
region: us-central1
loadBalancingScheme: INTERNAL
backendService: ${producerServiceBackend.id}
allPorts: true
network: ${producerNet.name}
subnetwork: ${producerSubnet.name}
producerServiceBackend:
type: gcp:compute:RegionBackendService
name: producer_service_backend
properties:
name: producer-service-backend
region: us-central1
healthChecks: ${producerServiceHealthCheck.id}
producerServiceHealthCheck:
type: gcp:compute:HealthCheck
name: producer_service_health_check
properties:
name: producer-service-health-check
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'§Forwarding Rule Vpc Psc No Automate Dns
resources:
default:
type: gcp:compute:ForwardingRule
properties:
name: psc-endpoint
region: us-central1
loadBalancingScheme: ""
target: ${producerServiceAttachment.id}
network: ${consumerNet.name}
ipAddress: ${consumerAddress.id}
allowPscGlobalAccess: true
noAutomateDnsZone: true
consumerNet:
type: gcp:compute:Network
name: consumer_net
properties:
name: consumer-net
autoCreateSubnetworks: false
consumerSubnet:
type: gcp:compute:Subnetwork
name: consumer_subnet
properties:
name: consumer-net
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${consumerNet.id}
consumerAddress:
type: gcp:compute:Address
name: consumer_address
properties:
name: website-ip-1
region: us-central1
subnetwork: ${consumerSubnet.id}
addressType: INTERNAL
producerNet:
type: gcp:compute:Network
name: producer_net
properties:
name: producer-net
autoCreateSubnetworks: false
producerSubnet:
type: gcp:compute:Subnetwork
name: producer_subnet
properties:
name: producer-net
ipCidrRange: 10.0.0.0/16
region: us-central1
network: ${producerNet.id}
pscProducerSubnet:
type: gcp:compute:Subnetwork
name: psc_producer_subnet
properties:
name: producer-psc-net
ipCidrRange: 10.1.0.0/16
region: us-central1
purpose: PRIVATE_SERVICE_CONNECT
network: ${producerNet.id}
producerServiceAttachment:
type: gcp:compute:ServiceAttachment
name: producer_service_attachment
properties:
name: producer-service
region: us-central1
description: A service attachment configured with Terraform
enableProxyProtocol: true
connectionPreference: ACCEPT_AUTOMATIC
natSubnets:
- ${pscProducerSubnet.name}
targetService: ${producerTargetService.id}
producerTargetService:
type: gcp:compute:ForwardingRule
name: producer_target_service
properties:
name: producer-forwarding-rule
region: us-central1
loadBalancingScheme: INTERNAL
backendService: ${producerServiceBackend.id}
allPorts: true
network: ${producerNet.name}
subnetwork: ${producerSubnet.name}
producerServiceBackend:
type: gcp:compute:RegionBackendService
name: producer_service_backend
properties:
name: producer-service-backend
region: us-central1
healthChecks: ${producerServiceHealthCheck.id}
producerServiceHealthCheck:
type: gcp:compute:HealthCheck
name: producer_service_health_check
properties:
name: producer-service-health-check
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'§Forwarding Rule Regional Steering
ⓘ
use pulumi_wasm_rust::Output;
use pulumi_wasm_rust::{add_export, pulumi_main};
#[pulumi_main]
fn test_main() -> Result<(), Error> {
let basic = address::create(
"basic",
AddressArgs::builder().name("website-ip").region("us-central1").build_struct(),
);
let external = region_backend_service::create(
"external",
RegionBackendServiceArgs::builder()
.load_balancing_scheme("EXTERNAL")
.name("service-backend")
.region("us-central1")
.build_struct(),
);
let externalForwardingRule = forwarding_rule::create(
"externalForwardingRule",
ForwardingRuleArgs::builder()
.backend_service("${external.selfLink}")
.ip_address("${basic.address}")
.load_balancing_scheme("EXTERNAL")
.name("external-forwarding-rule")
.region("us-central1")
.build_struct(),
);
let steering = forwarding_rule::create(
"steering",
ForwardingRuleArgs::builder()
.backend_service("${external.selfLink}")
.ip_address("${basic.address}")
.load_balancing_scheme("EXTERNAL")
.name("steering-rule")
.region("us-central1")
.source_ip_ranges(vec!["34.121.88.0/24", "35.187.239.137",])
.build_struct(),
);
}§Forwarding Rule Internallb Ipv6
resources:
# Forwarding rule for Internal Load Balancing
default:
type: gcp:compute:ForwardingRule
properties:
name: ilb-ipv6-forwarding-rule
region: us-central1
loadBalancingScheme: INTERNAL
backendService: ${backend.id}
allPorts: true
network: ${defaultNetwork.name}
subnetwork: ${defaultSubnetwork.name}
ipVersion: IPV6
backend:
type: gcp:compute:RegionBackendService
properties:
name: ilb-ipv6-backend
region: us-central1
healthChecks: ${hc.id}
hc:
type: gcp:compute:HealthCheck
properties:
name: check-ilb-ipv6-backend
checkIntervalSec: 1
timeoutSec: 1
tcpHealthCheck:
port: '80'
defaultNetwork:
type: gcp:compute:Network
name: default
properties:
name: net-ipv6
autoCreateSubnetworks: false
enableUlaInternalIpv6: true
defaultSubnetwork:
type: gcp:compute:Subnetwork
name: default
properties:
name: subnet-internal-ipv6
ipCidrRange: 10.0.0.0/16
region: us-central1
stackType: IPV4_IPV6
ipv6AccessType: INTERNAL
network: ${defaultNetwork.id}§Import
ForwardingRule can be imported using any of these accepted formats:
-
projects/{{project}}/regions/{{region}}/forwardingRules/{{name}} -
{{project}}/{{region}}/{{name}} -
{{region}}/{{name}} -
{{name}}
When using the pulumi import command, ForwardingRule can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/forwardingRule:ForwardingRule default projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{project}}/{{region}}/{{name}}$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{region}}/{{name}}$ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{name}}Structs§
- Use builder syntax to set the inputs and finish with
build_struct().
Functions§
- Registers a new resource with the given unique name and arguments