import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * A ForwardingRule resource. A ForwardingRule resource specifies which pool * of target virtual machines to forward a packet to if it matches the given * [IPAddress, IPProtocol, portRange] tuple. * * To get more information about ForwardingRule, see: * * * [API documentation](https://cloud.google.com/compute/docs/reference/v1/forwardingRules) * * How-to Guides * * [Official Documentation](https://cloud.google.com/compute/docs/load-balancing/network/forwarding-rules) * * ## Example Usage * * ### Forwarding Rule Externallb * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const hc = new gcp.compute.RegionHealthCheck("hc", { * name: "check-website-backend", * checkIntervalSec: 1, * timeoutSec: 1, * region: "us-central1", * tcpHealthCheck: { * port: 80, * }, * }); * const backend = new gcp.compute.RegionBackendService("backend", { * name: "website-backend", * region: "us-central1", * loadBalancingScheme: "EXTERNAL", * healthChecks: hc.id, * }); * // Forwarding rule for External Network Load Balancing using Backend Services * const _default = new gcp.compute.ForwardingRule("default", { * name: "website-forwarding-rule", * region: "us-central1", * portRange: "80", * backendService: backend.id, * }); * ``` * ### Forwarding Rule Global Internallb * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const hc = new gcp.compute.HealthCheck("hc", { * name: "check-website-backend", * checkIntervalSec: 1, * timeoutSec: 1, * tcpHealthCheck: { * port: 80, * }, * }); * const backend = new gcp.compute.RegionBackendService("backend", { * name: "website-backend", * region: "us-central1", * healthChecks: hc.id, * }); * const defaultNetwork = new gcp.compute.Network("default", { * name: "website-net", * autoCreateSubnetworks: false, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "website-net", * ipCidrRange: "10.0.0.0/16", * region: "us-central1", * network: defaultNetwork.id, * }); * // Forwarding rule for Internal Load Balancing * const _default = new gcp.compute.ForwardingRule("default", { * name: "website-forwarding-rule", * region: "us-central1", * loadBalancingScheme: "INTERNAL", * backendService: backend.id, * allPorts: true, * allowGlobalAccess: true, * network: defaultNetwork.name, * subnetwork: defaultSubnetwork.name, * }); * ``` * ### Forwarding Rule Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const defaultTargetPool = new gcp.compute.TargetPool("default", {name: "website-target-pool"}); * const _default = new gcp.compute.ForwardingRule("default", { * name: "website-forwarding-rule", * target: defaultTargetPool.id, * portRange: "80", * }); * ``` * ### Forwarding Rule L3 Default * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const healthCheck = new gcp.compute.RegionHealthCheck("health_check", { * name: "health-check", * region: "us-central1", * tcpHealthCheck: { * port: 80, * }, * }); * const service = new gcp.compute.RegionBackendService("service", { * region: "us-central1", * name: "service", * healthChecks: healthCheck.id, * protocol: "UNSPECIFIED", * loadBalancingScheme: "EXTERNAL", * }); * const fwdRule = new gcp.compute.ForwardingRule("fwd_rule", { * name: "l3-forwarding-rule", * backendService: service.id, * ipProtocol: "L3_DEFAULT", * allPorts: true, * }); * ``` * ### Forwarding Rule Internallb * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const hc = new gcp.compute.HealthCheck("hc", { * name: "check-website-backend", * checkIntervalSec: 1, * timeoutSec: 1, * tcpHealthCheck: { * port: 80, * }, * }); * const backend = new gcp.compute.RegionBackendService("backend", { * name: "website-backend", * region: "us-central1", * healthChecks: hc.id, * }); * const defaultNetwork = new gcp.compute.Network("default", { * name: "website-net", * autoCreateSubnetworks: false, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "website-net", * ipCidrRange: "10.0.0.0/16", * region: "us-central1", * network: defaultNetwork.id, * }); * // Forwarding rule for Internal Load Balancing * const _default = new gcp.compute.ForwardingRule("default", { * name: "website-forwarding-rule", * region: "us-central1", * loadBalancingScheme: "INTERNAL", * backendService: backend.id, * allPorts: true, * network: defaultNetwork.name, * subnetwork: defaultSubnetwork.name, * ipVersion: "IPV4", * }); * ``` * ### Forwarding Rule Http Lb * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const debianImage = gcp.compute.getImage({ * family: "debian-11", * project: "debian-cloud", * }); * const defaultNetwork = new gcp.compute.Network("default", { * name: "website-net", * autoCreateSubnetworks: false, * routingMode: "REGIONAL", * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "website-net-default", * ipCidrRange: "10.1.2.0/24", * region: "us-central1", * network: defaultNetwork.id, * }); * const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", { * name: "template-website-backend", * machineType: "e2-medium", * networkInterfaces: [{ * network: defaultNetwork.id, * subnetwork: defaultSubnetwork.id, * }], * disks: [{ * sourceImage: debianImage.then(debianImage => debianImage.selfLink), * autoDelete: true, * boot: true, * }], * tags: [ * "allow-ssh", * "load-balanced-backend", * ], * }); * const rigm = new gcp.compute.RegionInstanceGroupManager("rigm", { * region: "us-central1", * name: "website-rigm", * versions: [{ * instanceTemplate: instanceTemplate.id, * name: "primary", * }], * baseInstanceName: "internal-glb", * targetSize: 1, * }); * const fw1 = new gcp.compute.Firewall("fw1", { * name: "website-fw-1", * network: defaultNetwork.id, * sourceRanges: ["10.1.2.0/24"], * allows: [ * { * protocol: "tcp", * }, * { * protocol: "udp", * }, * { * protocol: "icmp", * }, * ], * direction: "INGRESS", * }); * const fw2 = new gcp.compute.Firewall("fw2", { * name: "website-fw-2", * network: defaultNetwork.id, * sourceRanges: ["0.0.0.0/0"], * allows: [{ * protocol: "tcp", * ports: ["22"], * }], * targetTags: ["allow-ssh"], * direction: "INGRESS", * }, { * dependsOn: [fw1], * }); * const fw3 = new gcp.compute.Firewall("fw3", { * name: "website-fw-3", * network: defaultNetwork.id, * sourceRanges: [ * "130.211.0.0/22", * "35.191.0.0/16", * ], * allows: [{ * protocol: "tcp", * }], * targetTags: ["load-balanced-backend"], * direction: "INGRESS", * }, { * dependsOn: [fw2], * }); * const fw4 = new gcp.compute.Firewall("fw4", { * name: "website-fw-4", * network: defaultNetwork.id, * sourceRanges: ["10.129.0.0/26"], * targetTags: ["load-balanced-backend"], * allows: [ * { * protocol: "tcp", * ports: ["80"], * }, * { * protocol: "tcp", * ports: ["443"], * }, * { * protocol: "tcp", * ports: ["8000"], * }, * ], * direction: "INGRESS", * }, { * dependsOn: [fw3], * }); * const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", { * region: "us-central1", * name: "website-hc", * httpHealthCheck: { * portSpecification: "USE_SERVING_PORT", * }, * }, { * dependsOn: [fw4], * }); * const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", { * loadBalancingScheme: "INTERNAL_MANAGED", * backends: [{ * group: rigm.instanceGroup, * balancingMode: "UTILIZATION", * capacityScaler: 1, * }], * region: "us-central1", * name: "website-backend", * protocol: "HTTP", * timeoutSec: 10, * healthChecks: defaultRegionHealthCheck.id, * }); * const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", { * region: "us-central1", * name: "website-map", * defaultService: defaultRegionBackendService.id, * }); * const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", { * region: "us-central1", * name: "website-proxy", * urlMap: defaultRegionUrlMap.id, * }); * const proxy = new gcp.compute.Subnetwork("proxy", { * name: "website-net-proxy", * ipCidrRange: "10.129.0.0/26", * region: "us-central1", * network: defaultNetwork.id, * purpose: "REGIONAL_MANAGED_PROXY", * role: "ACTIVE", * }); * // Forwarding rule for Internal Load Balancing * const _default = new gcp.compute.ForwardingRule("default", { * name: "website-forwarding-rule", * region: "us-central1", * ipProtocol: "TCP", * loadBalancingScheme: "INTERNAL_MANAGED", * portRange: "80", * target: defaultRegionTargetHttpProxy.id, * network: defaultNetwork.id, * subnetwork: defaultSubnetwork.id, * networkTier: "PREMIUM", * }, { * dependsOn: [proxy], * }); * ``` * ### Forwarding Rule Regional Http Xlb * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const debianImage = gcp.compute.getImage({ * family: "debian-11", * project: "debian-cloud", * }); * const defaultNetwork = new gcp.compute.Network("default", { * name: "website-net", * autoCreateSubnetworks: false, * routingMode: "REGIONAL", * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "website-net-default", * ipCidrRange: "10.1.2.0/24", * region: "us-central1", * network: defaultNetwork.id, * }); * const instanceTemplate = new gcp.compute.InstanceTemplate("instance_template", { * name: "template-website-backend", * machineType: "e2-medium", * networkInterfaces: [{ * network: defaultNetwork.id, * subnetwork: defaultSubnetwork.id, * }], * disks: [{ * sourceImage: debianImage.then(debianImage => debianImage.selfLink), * autoDelete: true, * boot: true, * }], * tags: [ * "allow-ssh", * "load-balanced-backend", * ], * }); * const rigm = new gcp.compute.RegionInstanceGroupManager("rigm", { * region: "us-central1", * name: "website-rigm", * versions: [{ * instanceTemplate: instanceTemplate.id, * name: "primary", * }], * baseInstanceName: "internal-glb", * targetSize: 1, * }); * const fw1 = new gcp.compute.Firewall("fw1", { * name: "website-fw-1", * network: defaultNetwork.id, * sourceRanges: ["10.1.2.0/24"], * allows: [ * { * protocol: "tcp", * }, * { * protocol: "udp", * }, * { * protocol: "icmp", * }, * ], * direction: "INGRESS", * }); * const fw2 = new gcp.compute.Firewall("fw2", { * name: "website-fw-2", * network: defaultNetwork.id, * sourceRanges: ["0.0.0.0/0"], * allows: [{ * protocol: "tcp", * ports: ["22"], * }], * targetTags: ["allow-ssh"], * direction: "INGRESS", * }, { * dependsOn: [fw1], * }); * const fw3 = new gcp.compute.Firewall("fw3", { * name: "website-fw-3", * network: defaultNetwork.id, * sourceRanges: [ * "130.211.0.0/22", * "35.191.0.0/16", * ], * allows: [{ * protocol: "tcp", * }], * targetTags: ["load-balanced-backend"], * direction: "INGRESS", * }, { * dependsOn: [fw2], * }); * const fw4 = new gcp.compute.Firewall("fw4", { * name: "website-fw-4", * network: defaultNetwork.id, * sourceRanges: ["10.129.0.0/26"], * targetTags: ["load-balanced-backend"], * allows: [ * { * protocol: "tcp", * ports: ["80"], * }, * { * protocol: "tcp", * ports: ["443"], * }, * { * protocol: "tcp", * ports: ["8000"], * }, * ], * direction: "INGRESS", * }, { * dependsOn: [fw3], * }); * const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", { * region: "us-central1", * name: "website-hc", * httpHealthCheck: { * portSpecification: "USE_SERVING_PORT", * }, * }, { * dependsOn: [fw4], * }); * const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", { * loadBalancingScheme: "EXTERNAL_MANAGED", * backends: [{ * group: rigm.instanceGroup, * balancingMode: "UTILIZATION", * capacityScaler: 1, * }], * region: "us-central1", * name: "website-backend", * protocol: "HTTP", * timeoutSec: 10, * healthChecks: defaultRegionHealthCheck.id, * }); * const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", { * region: "us-central1", * name: "website-map", * defaultService: defaultRegionBackendService.id, * }); * const defaultRegionTargetHttpProxy = new gcp.compute.RegionTargetHttpProxy("default", { * region: "us-central1", * name: "website-proxy", * urlMap: defaultRegionUrlMap.id, * }); * const defaultAddress = new gcp.compute.Address("default", { * name: "website-ip-1", * region: "us-central1", * networkTier: "STANDARD", * }); * const proxy = new gcp.compute.Subnetwork("proxy", { * name: "website-net-proxy", * ipCidrRange: "10.129.0.0/26", * region: "us-central1", * network: defaultNetwork.id, * purpose: "REGIONAL_MANAGED_PROXY", * role: "ACTIVE", * }); * // Forwarding rule for Regional External Load Balancing * const _default = new gcp.compute.ForwardingRule("default", { * name: "website-forwarding-rule", * region: "us-central1", * ipProtocol: "TCP", * loadBalancingScheme: "EXTERNAL_MANAGED", * portRange: "80", * target: defaultRegionTargetHttpProxy.id, * network: defaultNetwork.id, * ipAddress: defaultAddress.address, * networkTier: "STANDARD", * }, { * dependsOn: [proxy], * }); * ``` * ### Forwarding Rule Vpc Psc * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * // Consumer service endpoint * const consumerNet = new gcp.compute.Network("consumer_net", { * name: "consumer-net", * autoCreateSubnetworks: false, * }); * const consumerSubnet = new gcp.compute.Subnetwork("consumer_subnet", { * name: "consumer-net", * ipCidrRange: "10.0.0.0/16", * region: "us-central1", * network: consumerNet.id, * }); * const consumerAddress = new gcp.compute.Address("consumer_address", { * name: "website-ip-1", * region: "us-central1", * subnetwork: consumerSubnet.id, * addressType: "INTERNAL", * }); * // Producer service attachment * const producerNet = new gcp.compute.Network("producer_net", { * name: "producer-net", * autoCreateSubnetworks: false, * }); * const pscProducerSubnet = new gcp.compute.Subnetwork("psc_producer_subnet", { * name: "producer-psc-net", * ipCidrRange: "10.1.0.0/16", * region: "us-central1", * purpose: "PRIVATE_SERVICE_CONNECT", * network: producerNet.id, * }); * const producerSubnet = new gcp.compute.Subnetwork("producer_subnet", { * name: "producer-net", * ipCidrRange: "10.0.0.0/16", * region: "us-central1", * network: producerNet.id, * }); * const producerServiceHealthCheck = new gcp.compute.HealthCheck("producer_service_health_check", { * name: "producer-service-health-check", * checkIntervalSec: 1, * timeoutSec: 1, * tcpHealthCheck: { * port: 80, * }, * }); * const producerServiceBackend = new gcp.compute.RegionBackendService("producer_service_backend", { * name: "producer-service-backend", * region: "us-central1", * healthChecks: producerServiceHealthCheck.id, * }); * const producerTargetService = new gcp.compute.ForwardingRule("producer_target_service", { * name: "producer-forwarding-rule", * region: "us-central1", * loadBalancingScheme: "INTERNAL", * backendService: producerServiceBackend.id, * allPorts: true, * network: producerNet.name, * subnetwork: producerSubnet.name, * }); * const producerServiceAttachment = new gcp.compute.ServiceAttachment("producer_service_attachment", { * name: "producer-service", * region: "us-central1", * description: "A service attachment configured with Terraform", * enableProxyProtocol: true, * connectionPreference: "ACCEPT_AUTOMATIC", * natSubnets: [pscProducerSubnet.name], * targetService: producerTargetService.id, * }); * // Forwarding rule for VPC private service connect * const _default = new gcp.compute.ForwardingRule("default", { * name: "psc-endpoint", * region: "us-central1", * loadBalancingScheme: "", * target: producerServiceAttachment.id, * network: consumerNet.name, * ipAddress: consumerAddress.id, * allowPscGlobalAccess: true, * }); * ``` * ### Forwarding Rule Vpc Psc No Automate Dns * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const consumerNet = new gcp.compute.Network("consumer_net", { * name: "consumer-net", * autoCreateSubnetworks: false, * }); * const consumerSubnet = new gcp.compute.Subnetwork("consumer_subnet", { * name: "consumer-net", * ipCidrRange: "10.0.0.0/16", * region: "us-central1", * network: consumerNet.id, * }); * const consumerAddress = new gcp.compute.Address("consumer_address", { * name: "website-ip-1", * region: "us-central1", * subnetwork: consumerSubnet.id, * addressType: "INTERNAL", * }); * const producerNet = new gcp.compute.Network("producer_net", { * name: "producer-net", * autoCreateSubnetworks: false, * }); * const pscProducerSubnet = new gcp.compute.Subnetwork("psc_producer_subnet", { * name: "producer-psc-net", * ipCidrRange: "10.1.0.0/16", * region: "us-central1", * purpose: "PRIVATE_SERVICE_CONNECT", * network: producerNet.id, * }); * const producerSubnet = new gcp.compute.Subnetwork("producer_subnet", { * name: "producer-net", * ipCidrRange: "10.0.0.0/16", * region: "us-central1", * network: producerNet.id, * }); * const producerServiceHealthCheck = new gcp.compute.HealthCheck("producer_service_health_check", { * name: "producer-service-health-check", * checkIntervalSec: 1, * timeoutSec: 1, * tcpHealthCheck: { * port: 80, * }, * }); * const producerServiceBackend = new gcp.compute.RegionBackendService("producer_service_backend", { * name: "producer-service-backend", * region: "us-central1", * healthChecks: producerServiceHealthCheck.id, * }); * const producerTargetService = new gcp.compute.ForwardingRule("producer_target_service", { * name: "producer-forwarding-rule", * region: "us-central1", * loadBalancingScheme: "INTERNAL", * backendService: producerServiceBackend.id, * allPorts: true, * network: producerNet.name, * subnetwork: producerSubnet.name, * }); * const producerServiceAttachment = new gcp.compute.ServiceAttachment("producer_service_attachment", { * name: "producer-service", * region: "us-central1", * description: "A service attachment configured with Terraform", * enableProxyProtocol: true, * connectionPreference: "ACCEPT_AUTOMATIC", * natSubnets: [pscProducerSubnet.name], * targetService: producerTargetService.id, * }); * const _default = new gcp.compute.ForwardingRule("default", { * name: "psc-endpoint", * region: "us-central1", * loadBalancingScheme: "", * target: producerServiceAttachment.id, * network: consumerNet.name, * ipAddress: consumerAddress.id, * allowPscGlobalAccess: true, * noAutomateDnsZone: true, * }); * ``` * ### Forwarding Rule Regional Steering * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const basic = new gcp.compute.Address("basic", { * name: "website-ip", * region: "us-central1", * }); * const external = new gcp.compute.RegionBackendService("external", { * name: "service-backend", * region: "us-central1", * loadBalancingScheme: "EXTERNAL", * }); * const externalForwardingRule = new gcp.compute.ForwardingRule("external", { * name: "external-forwarding-rule", * region: "us-central1", * ipAddress: basic.address, * backendService: external.selfLink, * loadBalancingScheme: "EXTERNAL", * }); * const steering = new gcp.compute.ForwardingRule("steering", { * name: "steering-rule", * region: "us-central1", * ipAddress: basic.address, * backendService: external.selfLink, * loadBalancingScheme: "EXTERNAL", * sourceIpRanges: [ * "34.121.88.0/24", * "35.187.239.137", * ], * }, { * dependsOn: [externalForwardingRule], * }); * ``` * ### Forwarding Rule Internallb Ipv6 * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const hc = new gcp.compute.HealthCheck("hc", { * name: "check-ilb-ipv6-backend", * checkIntervalSec: 1, * timeoutSec: 1, * tcpHealthCheck: { * port: 80, * }, * }); * const backend = new gcp.compute.RegionBackendService("backend", { * name: "ilb-ipv6-backend", * region: "us-central1", * healthChecks: hc.id, * }); * const defaultNetwork = new gcp.compute.Network("default", { * name: "net-ipv6", * autoCreateSubnetworks: false, * enableUlaInternalIpv6: true, * }); * const defaultSubnetwork = new gcp.compute.Subnetwork("default", { * name: "subnet-internal-ipv6", * ipCidrRange: "10.0.0.0/16", * region: "us-central1", * stackType: "IPV4_IPV6", * ipv6AccessType: "INTERNAL", * network: defaultNetwork.id, * }); * // Forwarding rule for Internal Load Balancing * const _default = new gcp.compute.ForwardingRule("default", { * name: "ilb-ipv6-forwarding-rule", * region: "us-central1", * loadBalancingScheme: "INTERNAL", * backendService: backend.id, * allPorts: true, * network: defaultNetwork.name, * subnetwork: defaultSubnetwork.name, * ipVersion: "IPV6", * }); * ``` * * ## Import * * ForwardingRule can be imported using any of these accepted formats: * * * `projects/{{project}}/regions/{{region}}/forwardingRules/{{name}}` * * * `{{project}}/{{region}}/{{name}}` * * * `{{region}}/{{name}}` * * * `{{name}}` * * When using the `pulumi import` command, ForwardingRule can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/forwardingRule:ForwardingRule default projects/{{project}}/regions/{{region}}/forwardingRules/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{project}}/{{region}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{region}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/forwardingRule:ForwardingRule default {{name}} * ``` */ export declare class ForwardingRule extends pulumi.CustomResource { /** * Get an existing ForwardingRule resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: ForwardingRuleState, opts?: pulumi.CustomResourceOptions): ForwardingRule; /** * Returns true if the given object is an instance of ForwardingRule. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ForwardingRule; /** * The `ports`, `portRange`, and `allPorts` fields are mutually exclusive. * Only packets addressed to ports in the specified range will be forwarded * to the backends configured with this forwarding rule. * The `allPorts` field has the following limitations: * * It requires that the forwarding rule `IPProtocol` be TCP, UDP, SCTP, or * L3_DEFAULT. * * It's applicable only to the following products: internal passthrough * Network Load Balancers, backend service-based external passthrough Network * Load Balancers, and internal and external protocol forwarding. * * Set this field to true to allow packets addressed to any port or packets * lacking destination port information (for example, UDP fragments after the * first fragment) to be forwarded to the backends configured with this * forwarding rule. The L3_DEFAULT protocol requires `allPorts` be set to * true. */ readonly allPorts: pulumi.Output; /** * This field is used along with the `backendService` field for * internal load balancing or with the `target` field for internal * TargetInstance. * If the field is set to `TRUE`, clients can access ILB from all * regions. * Otherwise only allows access from clients in the same region as the * internal load balancer. */ readonly allowGlobalAccess: pulumi.Output; /** * This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region. */ readonly allowPscGlobalAccess: pulumi.Output; /** * Identifies the backend service to which the forwarding rule sends traffic. * Required for Internal TCP/UDP Load Balancing and Network Load Balancing; * must be omitted for all other load balancer types. */ readonly backendService: pulumi.Output; /** * [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified. */ readonly baseForwardingRule: pulumi.Output; /** * Creation timestamp in RFC3339 text format. */ readonly creationTimestamp: pulumi.Output; /** * An optional description of this resource. Provide this property when * you create the resource. */ readonly description: pulumi.Output; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ readonly effectiveLabels: pulumi.Output<{ [key: string]: string; }>; /** * The unique identifier number for the resource. This identifier is defined by the server. */ readonly forwardingRuleId: pulumi.Output; /** * IP address for which this forwarding rule accepts traffic. When a client * sends traffic to this IP address, the forwarding rule directs the traffic * to the referenced `target` or `backendService`. * While creating a forwarding rule, specifying an `IPAddress` is * required under the following circumstances: * * When the `target` is set to `targetGrpcProxy` and * `validateForProxyless` is set to `true`, the * `IPAddress` should be set to `0.0.0.0`. * * When the `target` is a Private Service Connect Google APIs * bundle, you must specify an `IPAddress`. * Otherwise, you can optionally specify an IP address that references an * existing static (reserved) IP address resource. When omitted, Google Cloud * assigns an ephemeral IP address. * Use one of the following formats to specify an IP address while creating a * forwarding rule: * * IP address number, as in `100.1.2.3` * * IPv6 address range, as in `2600:1234::/96` * * Full resource URL, as in * `https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name` * * Partial URL or by name, as in: * * `projects/project_id/regions/region/addresses/address-name` * * `regions/region/addresses/address-name` * * `global/addresses/address-name` * * `address-name` * The forwarding rule's `target` or `backendService`, * and in most cases, also the `loadBalancingScheme`, determine the * type of IP address that you can use. For detailed information, see * [IP address * specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). * When reading an `IPAddress`, the API always returns the IP * address number. */ readonly ipAddress: pulumi.Output; /** * Resource reference of a PublicDelegatedPrefix. The PDP must be a sub-PDP * in EXTERNAL_IPV6_FORWARDING_RULE_CREATION mode. * Use one of the following formats to specify a sub-PDP when creating an * IPv6 NetLB forwarding rule using BYOIP: * Full resource URL, as in: * * `https://www.googleapis.com/compute/v1/projects/{{projectId}}/regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}` * Partial URL, as in: * * `projects/{{projectId}}/regions/region/publicDelegatedPrefixes/{{sub-pdp-name}}` * * `regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}` */ readonly ipCollection: pulumi.Output; /** * The IP protocol to which this rule applies. * For protocol forwarding, valid * options are `TCP`, `UDP`, `ESP`, * `AH`, `SCTP`, `ICMP` and * `L3_DEFAULT`. * The valid IP protocols are different for different load balancing products * as described in [Load balancing * features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). * A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or * backend service with UNSPECIFIED protocol. * A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. * Possible values are: `TCP`, `UDP`, `ESP`, `AH`, `SCTP`, `ICMP`, `L3_DEFAULT`. */ readonly ipProtocol: pulumi.Output; /** * The IP address version that will be used by this forwarding rule. * Valid options are IPV4 and IPV6. * If not set, the IPv4 address will be used by default. * Possible values are: `IPV4`, `IPV6`. */ readonly ipVersion: pulumi.Output; /** * Indicates whether or not this load balancer can be used as a collector for * packet mirroring. To prevent mirroring loops, instances behind this * load balancer will not have their traffic mirrored even if a * `PacketMirroring` rule applies to them. * This can only be set to true for load balancers that have their * `loadBalancingScheme` set to `INTERNAL`. */ readonly isMirroringCollector: pulumi.Output; /** * The fingerprint used for optimistic locking of this resource. Used * internally during updates. */ readonly labelFingerprint: pulumi.Output; /** * Labels to apply to this forwarding rule. A list of key->value pairs. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ readonly labels: pulumi.Output<{ [key: string]: string; } | undefined>; /** * Specifies the forwarding rule type. * Note that an empty string value (`""`) is also supported for some use * cases, for example PSC (private service connection) regional forwarding * rules. * For more information about forwarding rules, refer to * [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). * Default value is `EXTERNAL`. * Possible values are: `EXTERNAL`, `EXTERNAL_MANAGED`, `INTERNAL`, `INTERNAL_MANAGED`. */ readonly loadBalancingScheme: pulumi.Output; /** * Name of the resource; provided by the client when the resource is created. * The name must be 1-63 characters long, and comply with * [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). * Specifically, the name must be 1-63 characters long and match the regular * expression `a-z?` which means the first * character must be a lowercase letter, and all following characters must * be a dash, lowercase letter, or digit, except the last character, which * cannot be a dash. * For Private Service Connect forwarding rules that forward traffic to Google * APIs, the forwarding rule name must be a 1-20 characters string with * lowercase letters and numbers and must start with a letter. */ readonly name: pulumi.Output; /** * This field is not used for external load balancing. * For Internal TCP/UDP Load Balancing, this field identifies the network that * the load balanced IP should belong to for this Forwarding Rule. * If the subnetwork is specified, the network of the subnetwork will be used. * If neither subnetwork nor this field is specified, the default network will * be used. * For Private Service Connect forwarding rules that forward traffic to Google * APIs, a network must be provided. */ readonly network: pulumi.Output; /** * This signifies the networking tier used for configuring * this load balancer and can only take the following values: * `PREMIUM`, `STANDARD`. * For regional ForwardingRule, the valid values are `PREMIUM` and * `STANDARD`. For GlobalForwardingRule, the valid value is * `PREMIUM`. * If this field is not specified, it is assumed to be `PREMIUM`. * If `IPAddress` is specified, this value must be equal to the * networkTier of the Address. * Possible values are: `PREMIUM`, `STANDARD`. */ readonly networkTier: pulumi.Output; /** * This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. */ readonly noAutomateDnsZone: pulumi.Output; /** * The `ports`, `portRange`, and `allPorts` fields are mutually exclusive. * Only packets addressed to ports in the specified range will be forwarded * to the backends configured with this forwarding rule. * The `portRange` field has the following limitations: * * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, * and * * It's applicable only to the following products: external passthrough * Network Load Balancers, internal and external proxy Network Load * Balancers, internal and external Application Load Balancers, external * protocol forwarding, and Classic VPN. * * Some products have restrictions on what ports can be used. See * [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications) * for details. * For external forwarding rules, two or more forwarding rules cannot use the * same `[IPAddress, IPProtocol]` pair, and cannot have overlapping * `portRange`s. * For internal forwarding rules within the same VPC network, two or more * forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair, and * cannot have overlapping `portRange`s. * @pattern: \d+(?:-\d+)? */ readonly portRange: pulumi.Output; /** * The `ports`, `portRange`, and `allPorts` fields are mutually exclusive. * Only packets addressed to ports in the specified range will be forwarded * to the backends configured with this forwarding rule. * The `ports` field has the following limitations: * * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, * and * * It's applicable only to the following products: internal passthrough * Network Load Balancers, backend service-based external passthrough Network * Load Balancers, and internal protocol forwarding. * * You can specify a list of up to five ports by number, separated by * commas. The ports can be contiguous or discontiguous. * For external forwarding rules, two or more forwarding rules cannot use the * same `[IPAddress, IPProtocol]` pair if they share at least one port * number. * For internal forwarding rules within the same VPC network, two or more * forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair if * they share at least one port number. * @pattern: \d+(?:-\d+)? */ readonly ports: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * The PSC connection id of the PSC Forwarding Rule. */ readonly pscConnectionId: pulumi.Output; /** * The PSC connection status of the PSC Forwarding Rule. Possible values: `STATUS_UNSPECIFIED`, `PENDING`, `ACCEPTED`, `REJECTED`, `CLOSED` */ readonly pscConnectionStatus: pulumi.Output; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ readonly pulumiLabels: pulumi.Output<{ [key: string]: string; }>; readonly recreateClosedPsc: pulumi.Output; /** * A reference to the region where the regional forwarding rule resides. * This field is not applicable to global forwarding rules. */ readonly region: pulumi.Output; /** * The URI of the created resource. */ readonly selfLink: pulumi.Output; /** * Service Directory resources to register this forwarding rule with. * Currently, only supports a single Service Directory resource. * Structure is documented below. */ readonly serviceDirectoryRegistrations: pulumi.Output; /** * An optional prefix to the service name for this Forwarding Rule. * If specified, will be the first label of the fully qualified service * name. * The label must be 1-63 characters long, and comply with RFC1035. * Specifically, the label must be 1-63 characters long and match the * regular expression `a-z?` which means the first * character must be a lowercase letter, and all following characters * must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. * This field is only used for INTERNAL load balancing. */ readonly serviceLabel: pulumi.Output; /** * The internal fully qualified service name for this Forwarding Rule. * This field is only used for INTERNAL load balancing. */ readonly serviceName: pulumi.Output; /** * If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). */ readonly sourceIpRanges: pulumi.Output; /** * This field identifies the subnetwork that the load balanced IP should * belong to for this Forwarding Rule, used in internal load balancing and * network load balancing with IPv6. * If the network specified is in auto subnet mode, this field is optional. * However, a subnetwork must be specified if the network is in custom subnet * mode or when creating external forwarding rule with IPv6. */ readonly subnetwork: pulumi.Output; /** * The URL of the target resource to receive the matched traffic. For * regional forwarding rules, this target must be in the same region as the * forwarding rule. For global forwarding rules, this target must be a global * load balancing resource. * The forwarded traffic must be of a type appropriate to the target object. * * For load balancers, see the "Target" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). * For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. */ readonly target: pulumi.Output; /** * Create a ForwardingRule resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args?: ForwardingRuleArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ForwardingRule resources. */ export interface ForwardingRuleState { /** * The `ports`, `portRange`, and `allPorts` fields are mutually exclusive. * Only packets addressed to ports in the specified range will be forwarded * to the backends configured with this forwarding rule. * The `allPorts` field has the following limitations: * * It requires that the forwarding rule `IPProtocol` be TCP, UDP, SCTP, or * L3_DEFAULT. * * It's applicable only to the following products: internal passthrough * Network Load Balancers, backend service-based external passthrough Network * Load Balancers, and internal and external protocol forwarding. * * Set this field to true to allow packets addressed to any port or packets * lacking destination port information (for example, UDP fragments after the * first fragment) to be forwarded to the backends configured with this * forwarding rule. The L3_DEFAULT protocol requires `allPorts` be set to * true. */ allPorts?: pulumi.Input; /** * This field is used along with the `backendService` field for * internal load balancing or with the `target` field for internal * TargetInstance. * If the field is set to `TRUE`, clients can access ILB from all * regions. * Otherwise only allows access from clients in the same region as the * internal load balancer. */ allowGlobalAccess?: pulumi.Input; /** * This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region. */ allowPscGlobalAccess?: pulumi.Input; /** * Identifies the backend service to which the forwarding rule sends traffic. * Required for Internal TCP/UDP Load Balancing and Network Load Balancing; * must be omitted for all other load balancer types. */ backendService?: pulumi.Input; /** * [Output Only] The URL for the corresponding base Forwarding Rule. By base Forwarding Rule, we mean the Forwarding Rule that has the same IP address, protocol, and port settings with the current Forwarding Rule, but without sourceIPRanges specified. Always empty if the current Forwarding Rule does not have sourceIPRanges specified. */ baseForwardingRule?: pulumi.Input; /** * Creation timestamp in RFC3339 text format. */ creationTimestamp?: pulumi.Input; /** * An optional description of this resource. Provide this property when * you create the resource. */ description?: pulumi.Input; /** * All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Pulumi, other clients and services. */ effectiveLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * The unique identifier number for the resource. This identifier is defined by the server. */ forwardingRuleId?: pulumi.Input; /** * IP address for which this forwarding rule accepts traffic. When a client * sends traffic to this IP address, the forwarding rule directs the traffic * to the referenced `target` or `backendService`. * While creating a forwarding rule, specifying an `IPAddress` is * required under the following circumstances: * * When the `target` is set to `targetGrpcProxy` and * `validateForProxyless` is set to `true`, the * `IPAddress` should be set to `0.0.0.0`. * * When the `target` is a Private Service Connect Google APIs * bundle, you must specify an `IPAddress`. * Otherwise, you can optionally specify an IP address that references an * existing static (reserved) IP address resource. When omitted, Google Cloud * assigns an ephemeral IP address. * Use one of the following formats to specify an IP address while creating a * forwarding rule: * * IP address number, as in `100.1.2.3` * * IPv6 address range, as in `2600:1234::/96` * * Full resource URL, as in * `https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name` * * Partial URL or by name, as in: * * `projects/project_id/regions/region/addresses/address-name` * * `regions/region/addresses/address-name` * * `global/addresses/address-name` * * `address-name` * The forwarding rule's `target` or `backendService`, * and in most cases, also the `loadBalancingScheme`, determine the * type of IP address that you can use. For detailed information, see * [IP address * specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). * When reading an `IPAddress`, the API always returns the IP * address number. */ ipAddress?: pulumi.Input; /** * Resource reference of a PublicDelegatedPrefix. The PDP must be a sub-PDP * in EXTERNAL_IPV6_FORWARDING_RULE_CREATION mode. * Use one of the following formats to specify a sub-PDP when creating an * IPv6 NetLB forwarding rule using BYOIP: * Full resource URL, as in: * * `https://www.googleapis.com/compute/v1/projects/{{projectId}}/regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}` * Partial URL, as in: * * `projects/{{projectId}}/regions/region/publicDelegatedPrefixes/{{sub-pdp-name}}` * * `regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}` */ ipCollection?: pulumi.Input; /** * The IP protocol to which this rule applies. * For protocol forwarding, valid * options are `TCP`, `UDP`, `ESP`, * `AH`, `SCTP`, `ICMP` and * `L3_DEFAULT`. * The valid IP protocols are different for different load balancing products * as described in [Load balancing * features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). * A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or * backend service with UNSPECIFIED protocol. * A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. * Possible values are: `TCP`, `UDP`, `ESP`, `AH`, `SCTP`, `ICMP`, `L3_DEFAULT`. */ ipProtocol?: pulumi.Input; /** * The IP address version that will be used by this forwarding rule. * Valid options are IPV4 and IPV6. * If not set, the IPv4 address will be used by default. * Possible values are: `IPV4`, `IPV6`. */ ipVersion?: pulumi.Input; /** * Indicates whether or not this load balancer can be used as a collector for * packet mirroring. To prevent mirroring loops, instances behind this * load balancer will not have their traffic mirrored even if a * `PacketMirroring` rule applies to them. * This can only be set to true for load balancers that have their * `loadBalancingScheme` set to `INTERNAL`. */ isMirroringCollector?: pulumi.Input; /** * The fingerprint used for optimistic locking of this resource. Used * internally during updates. */ labelFingerprint?: pulumi.Input; /** * Labels to apply to this forwarding rule. A list of key->value pairs. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies the forwarding rule type. * Note that an empty string value (`""`) is also supported for some use * cases, for example PSC (private service connection) regional forwarding * rules. * For more information about forwarding rules, refer to * [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). * Default value is `EXTERNAL`. * Possible values are: `EXTERNAL`, `EXTERNAL_MANAGED`, `INTERNAL`, `INTERNAL_MANAGED`. */ loadBalancingScheme?: pulumi.Input; /** * Name of the resource; provided by the client when the resource is created. * The name must be 1-63 characters long, and comply with * [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). * Specifically, the name must be 1-63 characters long and match the regular * expression `a-z?` which means the first * character must be a lowercase letter, and all following characters must * be a dash, lowercase letter, or digit, except the last character, which * cannot be a dash. * For Private Service Connect forwarding rules that forward traffic to Google * APIs, the forwarding rule name must be a 1-20 characters string with * lowercase letters and numbers and must start with a letter. */ name?: pulumi.Input; /** * This field is not used for external load balancing. * For Internal TCP/UDP Load Balancing, this field identifies the network that * the load balanced IP should belong to for this Forwarding Rule. * If the subnetwork is specified, the network of the subnetwork will be used. * If neither subnetwork nor this field is specified, the default network will * be used. * For Private Service Connect forwarding rules that forward traffic to Google * APIs, a network must be provided. */ network?: pulumi.Input; /** * This signifies the networking tier used for configuring * this load balancer and can only take the following values: * `PREMIUM`, `STANDARD`. * For regional ForwardingRule, the valid values are `PREMIUM` and * `STANDARD`. For GlobalForwardingRule, the valid value is * `PREMIUM`. * If this field is not specified, it is assumed to be `PREMIUM`. * If `IPAddress` is specified, this value must be equal to the * networkTier of the Address. * Possible values are: `PREMIUM`, `STANDARD`. */ networkTier?: pulumi.Input; /** * This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. */ noAutomateDnsZone?: pulumi.Input; /** * The `ports`, `portRange`, and `allPorts` fields are mutually exclusive. * Only packets addressed to ports in the specified range will be forwarded * to the backends configured with this forwarding rule. * The `portRange` field has the following limitations: * * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, * and * * It's applicable only to the following products: external passthrough * Network Load Balancers, internal and external proxy Network Load * Balancers, internal and external Application Load Balancers, external * protocol forwarding, and Classic VPN. * * Some products have restrictions on what ports can be used. See * [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications) * for details. * For external forwarding rules, two or more forwarding rules cannot use the * same `[IPAddress, IPProtocol]` pair, and cannot have overlapping * `portRange`s. * For internal forwarding rules within the same VPC network, two or more * forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair, and * cannot have overlapping `portRange`s. * @pattern: \d+(?:-\d+)? */ portRange?: pulumi.Input; /** * The `ports`, `portRange`, and `allPorts` fields are mutually exclusive. * Only packets addressed to ports in the specified range will be forwarded * to the backends configured with this forwarding rule. * The `ports` field has the following limitations: * * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, * and * * It's applicable only to the following products: internal passthrough * Network Load Balancers, backend service-based external passthrough Network * Load Balancers, and internal protocol forwarding. * * You can specify a list of up to five ports by number, separated by * commas. The ports can be contiguous or discontiguous. * For external forwarding rules, two or more forwarding rules cannot use the * same `[IPAddress, IPProtocol]` pair if they share at least one port * number. * For internal forwarding rules within the same VPC network, two or more * forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair if * they share at least one port number. * @pattern: \d+(?:-\d+)? */ ports?: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * The PSC connection id of the PSC Forwarding Rule. */ pscConnectionId?: pulumi.Input; /** * The PSC connection status of the PSC Forwarding Rule. Possible values: `STATUS_UNSPECIFIED`, `PENDING`, `ACCEPTED`, `REJECTED`, `CLOSED` */ pscConnectionStatus?: pulumi.Input; /** * The combination of labels configured directly on the resource * and default labels configured on the provider. */ pulumiLabels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; recreateClosedPsc?: pulumi.Input; /** * A reference to the region where the regional forwarding rule resides. * This field is not applicable to global forwarding rules. */ region?: pulumi.Input; /** * The URI of the created resource. */ selfLink?: pulumi.Input; /** * Service Directory resources to register this forwarding rule with. * Currently, only supports a single Service Directory resource. * Structure is documented below. */ serviceDirectoryRegistrations?: pulumi.Input; /** * An optional prefix to the service name for this Forwarding Rule. * If specified, will be the first label of the fully qualified service * name. * The label must be 1-63 characters long, and comply with RFC1035. * Specifically, the label must be 1-63 characters long and match the * regular expression `a-z?` which means the first * character must be a lowercase letter, and all following characters * must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. * This field is only used for INTERNAL load balancing. */ serviceLabel?: pulumi.Input; /** * The internal fully qualified service name for this Forwarding Rule. * This field is only used for INTERNAL load balancing. */ serviceName?: pulumi.Input; /** * If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). */ sourceIpRanges?: pulumi.Input[]>; /** * This field identifies the subnetwork that the load balanced IP should * belong to for this Forwarding Rule, used in internal load balancing and * network load balancing with IPv6. * If the network specified is in auto subnet mode, this field is optional. * However, a subnetwork must be specified if the network is in custom subnet * mode or when creating external forwarding rule with IPv6. */ subnetwork?: pulumi.Input; /** * The URL of the target resource to receive the matched traffic. For * regional forwarding rules, this target must be in the same region as the * forwarding rule. For global forwarding rules, this target must be a global * load balancing resource. * The forwarded traffic must be of a type appropriate to the target object. * * For load balancers, see the "Target" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). * For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. */ target?: pulumi.Input; } /** * The set of arguments for constructing a ForwardingRule resource. */ export interface ForwardingRuleArgs { /** * The `ports`, `portRange`, and `allPorts` fields are mutually exclusive. * Only packets addressed to ports in the specified range will be forwarded * to the backends configured with this forwarding rule. * The `allPorts` field has the following limitations: * * It requires that the forwarding rule `IPProtocol` be TCP, UDP, SCTP, or * L3_DEFAULT. * * It's applicable only to the following products: internal passthrough * Network Load Balancers, backend service-based external passthrough Network * Load Balancers, and internal and external protocol forwarding. * * Set this field to true to allow packets addressed to any port or packets * lacking destination port information (for example, UDP fragments after the * first fragment) to be forwarded to the backends configured with this * forwarding rule. The L3_DEFAULT protocol requires `allPorts` be set to * true. */ allPorts?: pulumi.Input; /** * This field is used along with the `backendService` field for * internal load balancing or with the `target` field for internal * TargetInstance. * If the field is set to `TRUE`, clients can access ILB from all * regions. * Otherwise only allows access from clients in the same region as the * internal load balancer. */ allowGlobalAccess?: pulumi.Input; /** * This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region. */ allowPscGlobalAccess?: pulumi.Input; /** * Identifies the backend service to which the forwarding rule sends traffic. * Required for Internal TCP/UDP Load Balancing and Network Load Balancing; * must be omitted for all other load balancer types. */ backendService?: pulumi.Input; /** * An optional description of this resource. Provide this property when * you create the resource. */ description?: pulumi.Input; /** * IP address for which this forwarding rule accepts traffic. When a client * sends traffic to this IP address, the forwarding rule directs the traffic * to the referenced `target` or `backendService`. * While creating a forwarding rule, specifying an `IPAddress` is * required under the following circumstances: * * When the `target` is set to `targetGrpcProxy` and * `validateForProxyless` is set to `true`, the * `IPAddress` should be set to `0.0.0.0`. * * When the `target` is a Private Service Connect Google APIs * bundle, you must specify an `IPAddress`. * Otherwise, you can optionally specify an IP address that references an * existing static (reserved) IP address resource. When omitted, Google Cloud * assigns an ephemeral IP address. * Use one of the following formats to specify an IP address while creating a * forwarding rule: * * IP address number, as in `100.1.2.3` * * IPv6 address range, as in `2600:1234::/96` * * Full resource URL, as in * `https://www.googleapis.com/compute/v1/projects/project_id/regions/region/addresses/address-name` * * Partial URL or by name, as in: * * `projects/project_id/regions/region/addresses/address-name` * * `regions/region/addresses/address-name` * * `global/addresses/address-name` * * `address-name` * The forwarding rule's `target` or `backendService`, * and in most cases, also the `loadBalancingScheme`, determine the * type of IP address that you can use. For detailed information, see * [IP address * specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). * When reading an `IPAddress`, the API always returns the IP * address number. */ ipAddress?: pulumi.Input; /** * Resource reference of a PublicDelegatedPrefix. The PDP must be a sub-PDP * in EXTERNAL_IPV6_FORWARDING_RULE_CREATION mode. * Use one of the following formats to specify a sub-PDP when creating an * IPv6 NetLB forwarding rule using BYOIP: * Full resource URL, as in: * * `https://www.googleapis.com/compute/v1/projects/{{projectId}}/regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}` * Partial URL, as in: * * `projects/{{projectId}}/regions/region/publicDelegatedPrefixes/{{sub-pdp-name}}` * * `regions/{{region}}/publicDelegatedPrefixes/{{sub-pdp-name}}` */ ipCollection?: pulumi.Input; /** * The IP protocol to which this rule applies. * For protocol forwarding, valid * options are `TCP`, `UDP`, `ESP`, * `AH`, `SCTP`, `ICMP` and * `L3_DEFAULT`. * The valid IP protocols are different for different load balancing products * as described in [Load balancing * features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends). * A Forwarding Rule with protocol L3_DEFAULT can attach with target instance or * backend service with UNSPECIFIED protocol. * A forwarding rule with "L3_DEFAULT" IPProtocal cannot be attached to a backend service with TCP or UDP. * Possible values are: `TCP`, `UDP`, `ESP`, `AH`, `SCTP`, `ICMP`, `L3_DEFAULT`. */ ipProtocol?: pulumi.Input; /** * The IP address version that will be used by this forwarding rule. * Valid options are IPV4 and IPV6. * If not set, the IPv4 address will be used by default. * Possible values are: `IPV4`, `IPV6`. */ ipVersion?: pulumi.Input; /** * Indicates whether or not this load balancer can be used as a collector for * packet mirroring. To prevent mirroring loops, instances behind this * load balancer will not have their traffic mirrored even if a * `PacketMirroring` rule applies to them. * This can only be set to true for load balancers that have their * `loadBalancingScheme` set to `INTERNAL`. */ isMirroringCollector?: pulumi.Input; /** * Labels to apply to this forwarding rule. A list of key->value pairs. * * **Note**: This field is non-authoritative, and will only manage the labels present in your configuration. * Please refer to the field `effectiveLabels` for all of the labels present on the resource. */ labels?: pulumi.Input<{ [key: string]: pulumi.Input; }>; /** * Specifies the forwarding rule type. * Note that an empty string value (`""`) is also supported for some use * cases, for example PSC (private service connection) regional forwarding * rules. * For more information about forwarding rules, refer to * [Forwarding rule concepts](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts). * Default value is `EXTERNAL`. * Possible values are: `EXTERNAL`, `EXTERNAL_MANAGED`, `INTERNAL`, `INTERNAL_MANAGED`. */ loadBalancingScheme?: pulumi.Input; /** * Name of the resource; provided by the client when the resource is created. * The name must be 1-63 characters long, and comply with * [RFC1035](https://www.ietf.org/rfc/rfc1035.txt). * Specifically, the name must be 1-63 characters long and match the regular * expression `a-z?` which means the first * character must be a lowercase letter, and all following characters must * be a dash, lowercase letter, or digit, except the last character, which * cannot be a dash. * For Private Service Connect forwarding rules that forward traffic to Google * APIs, the forwarding rule name must be a 1-20 characters string with * lowercase letters and numbers and must start with a letter. */ name?: pulumi.Input; /** * This field is not used for external load balancing. * For Internal TCP/UDP Load Balancing, this field identifies the network that * the load balanced IP should belong to for this Forwarding Rule. * If the subnetwork is specified, the network of the subnetwork will be used. * If neither subnetwork nor this field is specified, the default network will * be used. * For Private Service Connect forwarding rules that forward traffic to Google * APIs, a network must be provided. */ network?: pulumi.Input; /** * This signifies the networking tier used for configuring * this load balancer and can only take the following values: * `PREMIUM`, `STANDARD`. * For regional ForwardingRule, the valid values are `PREMIUM` and * `STANDARD`. For GlobalForwardingRule, the valid value is * `PREMIUM`. * If this field is not specified, it is assumed to be `PREMIUM`. * If `IPAddress` is specified, this value must be equal to the * networkTier of the Address. * Possible values are: `PREMIUM`, `STANDARD`. */ networkTier?: pulumi.Input; /** * This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. */ noAutomateDnsZone?: pulumi.Input; /** * The `ports`, `portRange`, and `allPorts` fields are mutually exclusive. * Only packets addressed to ports in the specified range will be forwarded * to the backends configured with this forwarding rule. * The `portRange` field has the following limitations: * * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, * and * * It's applicable only to the following products: external passthrough * Network Load Balancers, internal and external proxy Network Load * Balancers, internal and external Application Load Balancers, external * protocol forwarding, and Classic VPN. * * Some products have restrictions on what ports can be used. See * [port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#port_specifications) * for details. * For external forwarding rules, two or more forwarding rules cannot use the * same `[IPAddress, IPProtocol]` pair, and cannot have overlapping * `portRange`s. * For internal forwarding rules within the same VPC network, two or more * forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair, and * cannot have overlapping `portRange`s. * @pattern: \d+(?:-\d+)? */ portRange?: pulumi.Input; /** * The `ports`, `portRange`, and `allPorts` fields are mutually exclusive. * Only packets addressed to ports in the specified range will be forwarded * to the backends configured with this forwarding rule. * The `ports` field has the following limitations: * * It requires that the forwarding rule `IPProtocol` be TCP, UDP, or SCTP, * and * * It's applicable only to the following products: internal passthrough * Network Load Balancers, backend service-based external passthrough Network * Load Balancers, and internal protocol forwarding. * * You can specify a list of up to five ports by number, separated by * commas. The ports can be contiguous or discontiguous. * For external forwarding rules, two or more forwarding rules cannot use the * same `[IPAddress, IPProtocol]` pair if they share at least one port * number. * For internal forwarding rules within the same VPC network, two or more * forwarding rules cannot use the same `[IPAddress, IPProtocol]` pair if * they share at least one port number. * @pattern: \d+(?:-\d+)? */ ports?: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; recreateClosedPsc?: pulumi.Input; /** * A reference to the region where the regional forwarding rule resides. * This field is not applicable to global forwarding rules. */ region?: pulumi.Input; /** * Service Directory resources to register this forwarding rule with. * Currently, only supports a single Service Directory resource. * Structure is documented below. */ serviceDirectoryRegistrations?: pulumi.Input; /** * An optional prefix to the service name for this Forwarding Rule. * If specified, will be the first label of the fully qualified service * name. * The label must be 1-63 characters long, and comply with RFC1035. * Specifically, the label must be 1-63 characters long and match the * regular expression `a-z?` which means the first * character must be a lowercase letter, and all following characters * must be a dash, lowercase letter, or digit, except the last * character, which cannot be a dash. * This field is only used for INTERNAL load balancing. */ serviceLabel?: pulumi.Input; /** * If not empty, this Forwarding Rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a Forwarding Rule can only have up to 64 source IP ranges, and this field can only be used with a regional Forwarding Rule whose scheme is EXTERNAL. Each sourceIpRange entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24). */ sourceIpRanges?: pulumi.Input[]>; /** * This field identifies the subnetwork that the load balanced IP should * belong to for this Forwarding Rule, used in internal load balancing and * network load balancing with IPv6. * If the network specified is in auto subnet mode, this field is optional. * However, a subnetwork must be specified if the network is in custom subnet * mode or when creating external forwarding rule with IPv6. */ subnetwork?: pulumi.Input; /** * The URL of the target resource to receive the matched traffic. For * regional forwarding rules, this target must be in the same region as the * forwarding rule. For global forwarding rules, this target must be a global * load balancing resource. * The forwarded traffic must be of a type appropriate to the target object. * * For load balancers, see the "Target" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). * For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. */ target?: pulumi.Input; }