import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * A NAT service created in a router. * * > **Note:** Recreating a `gcp.compute.Address` that is being used by `gcp.compute.RouterNat` will give a `resourceInUseByAnotherResource` error. * Use `lifecycle.create_before_destroy` on this address resource to avoid this type of error as shown in the Manual Ips example. * * To get more information about RouterNat, see: * * * [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/routers) * * How-to Guides * * [Google Cloud Router](https://cloud.google.com/router/docs/) * * ## Example Usage * * ### Router Nat Basic * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const net = new gcp.compute.Network("net", {name: "my-network"}); * const subnet = new gcp.compute.Subnetwork("subnet", { * name: "my-subnetwork", * network: net.id, * ipCidrRange: "10.0.0.0/16", * region: "us-central1", * }); * const router = new gcp.compute.Router("router", { * name: "my-router", * region: subnet.region, * network: net.id, * bgp: { * asn: 64514, * }, * }); * const nat = new gcp.compute.RouterNat("nat", { * name: "my-router-nat", * router: router.name, * region: router.region, * natIpAllocateOption: "AUTO_ONLY", * sourceSubnetworkIpRangesToNat: "ALL_SUBNETWORKS_ALL_IP_RANGES", * logConfig: { * enable: true, * filter: "ERRORS_ONLY", * }, * }); * ``` * ### Router Nat Rules * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const net = new gcp.compute.Network("net", { * name: "my-network", * autoCreateSubnetworks: false, * }); * const subnet = new gcp.compute.Subnetwork("subnet", { * name: "my-subnetwork", * network: net.id, * ipCidrRange: "10.0.0.0/16", * region: "us-central1", * }); * const router = new gcp.compute.Router("router", { * name: "my-router", * region: subnet.region, * network: net.id, * }); * const addr1 = new gcp.compute.Address("addr1", { * name: "nat-address1", * region: subnet.region, * }); * const addr2 = new gcp.compute.Address("addr2", { * name: "nat-address2", * region: subnet.region, * }); * const addr3 = new gcp.compute.Address("addr3", { * name: "nat-address3", * region: subnet.region, * }); * const natRules = new gcp.compute.RouterNat("nat_rules", { * name: "my-router-nat", * router: router.name, * region: router.region, * natIpAllocateOption: "MANUAL_ONLY", * natIps: [addr1.selfLink], * sourceSubnetworkIpRangesToNat: "LIST_OF_SUBNETWORKS", * subnetworks: [{ * name: subnet.id, * sourceIpRangesToNats: ["ALL_IP_RANGES"], * }], * rules: [{ * ruleNumber: 100, * description: "nat rules example", * match: "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')", * action: { * sourceNatActiveIps: [ * addr2.selfLink, * addr3.selfLink, * ], * }, * }], * enableEndpointIndependentMapping: false, * }); * ``` * ### Router Nat Private * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as gcp from "@pulumi/gcp"; * * const net = new gcp.compute.Network("net", {name: "my-network"}); * const subnet = new gcp.compute.Subnetwork("subnet", { * name: "my-subnetwork", * network: net.id, * ipCidrRange: "10.0.0.0/16", * region: "us-central1", * purpose: "PRIVATE_NAT", * }); * const router = new gcp.compute.Router("router", { * name: "my-router", * region: subnet.region, * network: net.id, * }); * const hub = new gcp.networkconnectivity.Hub("hub", { * name: "my-hub", * description: "vpc hub for inter vpc nat", * }); * const spoke = new gcp.networkconnectivity.Spoke("spoke", { * name: "my-spoke", * location: "global", * description: "vpc spoke for inter vpc nat", * hub: hub.id, * linkedVpcNetwork: { * excludeExportRanges: [ * "198.51.100.0/24", * "10.10.0.0/16", * ], * uri: net.selfLink, * }, * }); * const natType = new gcp.compute.RouterNat("nat_type", { * name: "my-router-nat", * router: router.name, * region: router.region, * sourceSubnetworkIpRangesToNat: "LIST_OF_SUBNETWORKS", * enableDynamicPortAllocation: false, * enableEndpointIndependentMapping: false, * minPortsPerVm: 32, * type: "PRIVATE", * subnetworks: [{ * name: subnet.id, * sourceIpRangesToNats: ["ALL_IP_RANGES"], * }], * rules: [{ * ruleNumber: 100, * description: "rule for private nat", * match: "nexthop.hub == \"//networkconnectivity.googleapis.com/projects/acm-test-proj-123/locations/global/hubs/my-hub\"", * action: { * sourceNatActiveRanges: [subnet.selfLink], * }, * }], * }); * ``` * * ## Import * * RouterNat can be imported using any of these accepted formats: * * * `projects/{{project}}/regions/{{region}}/routers/{{router}}/{{name}}` * * * `{{project}}/{{region}}/{{router}}/{{name}}` * * * `{{region}}/{{router}}/{{name}}` * * * `{{router}}/{{name}}` * * When using the `pulumi import` command, RouterNat can be imported using one of the formats above. For example: * * ```sh * $ pulumi import gcp:compute/routerNat:RouterNat default projects/{{project}}/regions/{{region}}/routers/{{router}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/routerNat:RouterNat default {{project}}/{{region}}/{{router}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/routerNat:RouterNat default {{region}}/{{router}}/{{name}} * ``` * * ```sh * $ pulumi import gcp:compute/routerNat:RouterNat default {{router}}/{{name}} * ``` */ export declare class RouterNat extends pulumi.CustomResource { /** * Get an existing RouterNat resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input, state?: RouterNatState, opts?: pulumi.CustomResourceOptions): RouterNat; /** * Returns true if the given object is an instance of RouterNat. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is RouterNat; /** * The network tier to use when automatically reserving NAT IP addresses. * Must be one of: PREMIUM, STANDARD. If not specified, then the current * project-level default tier is used. * Possible values are: `PREMIUM`, `STANDARD`. */ readonly autoNetworkTier: pulumi.Output; /** * A list of URLs of the IP resources to be drained. These IPs must be * valid static external IPs that have been assigned to the NAT. */ readonly drainNatIps: pulumi.Output; /** * Enable Dynamic Port Allocation. * If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. * If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. * If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. * If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. * Mutually exclusive with enableEndpointIndependentMapping. */ readonly enableDynamicPortAllocation: pulumi.Output; /** * Enable endpoint independent mapping. * For more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). */ readonly enableEndpointIndependentMapping: pulumi.Output; /** * Specifies the endpoint Types supported by the NAT Gateway. * Supported values include: * `ENDPOINT_TYPE_VM`, `ENDPOINT_TYPE_SWG`, * `ENDPOINT_TYPE_MANAGED_PROXY_LB`. */ readonly endpointTypes: pulumi.Output; /** * Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. */ readonly icmpIdleTimeoutSec: pulumi.Output; /** * Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. * Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY. */ readonly initialNatIps: pulumi.Output; /** * Configuration for logging on NAT * Structure is documented below. */ readonly logConfig: pulumi.Output; /** * Maximum number of ports allocated to a VM from this NAT. * This field can only be set when enableDynamicPortAllocation is enabled. */ readonly maxPortsPerVm: pulumi.Output; /** * Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set. */ readonly minPortsPerVm: pulumi.Output; /** * Name of the NAT service. The name must be 1-63 characters long and * comply with RFC1035. */ readonly name: pulumi.Output; /** * One or more subnetwork NAT configurations whose traffic should be translated by NAT64 Gateway. * Only used if `sourceSubnetworkIpRangesToNat64` is set to `LIST_OF_IPV6_SUBNETWORKS` * Structure is documented below. */ readonly nat64Subnetworks: pulumi.Output; /** * How external IPs should be allocated for this NAT. Valid values are * `AUTO_ONLY` for only allowing NAT IPs allocated by Google Cloud * Platform, or `MANUAL_ONLY` for only user-allocated NAT IP addresses. * Possible values are: `MANUAL_ONLY`, `AUTO_ONLY`. */ readonly natIpAllocateOption: pulumi.Output; /** * Self-links of NAT IPs. Only valid if natIpAllocateOption * is set to MANUAL_ONLY. * If this field is used alongside with a count created list of address resources `google_compute_address.foobar.*.self_link`, * the access level resource for the address resource must have a `lifecycle` block with `createBeforeDestroy = true` so * the number of resources can be increased/decreased without triggering the `resourceInUseByAnotherResource` error. */ readonly natIps: pulumi.Output; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ readonly project: pulumi.Output; /** * Region where the router and NAT reside. */ readonly region: pulumi.Output; /** * The name of the Cloud Router in which this NAT will be configured. */ readonly router: pulumi.Output; /** * A list of rules associated with this NAT. * Structure is documented below. */ readonly rules: pulumi.Output; /** * How NAT should be configured per Subnetwork. * If `ALL_SUBNETWORKS_ALL_IP_RANGES`, all of the * IP ranges in every Subnetwork are allowed to Nat. * If `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, all of the primary IP * ranges in every Subnetwork are allowed to Nat. * `LIST_OF_SUBNETWORKS`: A list of Subnetworks are allowed to Nat * (specified in the field subnetwork below). Note that if this field * contains ALL_SUBNETWORKS_ALL_IP_RANGES or * ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any * other RouterNat section in any Router for this network in this region. * Possible values are: `ALL_SUBNETWORKS_ALL_IP_RANGES`, `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, `LIST_OF_SUBNETWORKS`. */ readonly sourceSubnetworkIpRangesToNat: pulumi.Output; /** * Specify the Nat option for NAT64, which can take one of the following values: * ALL_IPV6_SUBNETWORKS: All of the IP ranges in every Subnetwork are allowed to Nat. * LIST_OF_IPV6_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field nat64Subnetwork below). * Note that if this field contains NAT64_ALL_V6_SUBNETWORKS no other Router.Nat section in this region can also enable NAT64 for any Subnetworks in this network. * Other Router.Nat sections can still be present to enable NAT44 only. * Possible values are: `ALL_IPV6_SUBNETWORKS`, `LIST_OF_IPV6_SUBNETWORKS`. */ readonly sourceSubnetworkIpRangesToNat64: pulumi.Output; /** * One or more subnetwork NAT configurations. Only used if * `sourceSubnetworkIpRangesToNat` is set to `LIST_OF_SUBNETWORKS` * Structure is documented below. */ readonly subnetworks: pulumi.Output; /** * Timeout (in seconds) for TCP established connections. * Defaults to 1200s if not set. */ readonly tcpEstablishedIdleTimeoutSec: pulumi.Output; /** * Timeout (in seconds) for TCP connections that are in TIME_WAIT state. * Defaults to 120s if not set. */ readonly tcpTimeWaitTimeoutSec: pulumi.Output; /** * Timeout (in seconds) for TCP transitory connections. * Defaults to 30s if not set. */ readonly tcpTransitoryIdleTimeoutSec: pulumi.Output; /** * Indicates whether this NAT is used for public or private IP translation. * If unspecified, it defaults to PUBLIC. * If `PUBLIC` NAT used for public IP translation. * If `PRIVATE` NAT used for private IP translation. * Default value is `PUBLIC`. * Possible values are: `PUBLIC`, `PRIVATE`. */ readonly type: pulumi.Output; /** * Timeout (in seconds) for UDP connections. Defaults to 30s if not set. */ readonly udpIdleTimeoutSec: pulumi.Output; /** * Create a RouterNat resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: RouterNatArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering RouterNat resources. */ export interface RouterNatState { /** * The network tier to use when automatically reserving NAT IP addresses. * Must be one of: PREMIUM, STANDARD. If not specified, then the current * project-level default tier is used. * Possible values are: `PREMIUM`, `STANDARD`. */ autoNetworkTier?: pulumi.Input; /** * A list of URLs of the IP resources to be drained. These IPs must be * valid static external IPs that have been assigned to the NAT. */ drainNatIps?: pulumi.Input[]>; /** * Enable Dynamic Port Allocation. * If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. * If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. * If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. * If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. * Mutually exclusive with enableEndpointIndependentMapping. */ enableDynamicPortAllocation?: pulumi.Input; /** * Enable endpoint independent mapping. * For more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). */ enableEndpointIndependentMapping?: pulumi.Input; /** * Specifies the endpoint Types supported by the NAT Gateway. * Supported values include: * `ENDPOINT_TYPE_VM`, `ENDPOINT_TYPE_SWG`, * `ENDPOINT_TYPE_MANAGED_PROXY_LB`. */ endpointTypes?: pulumi.Input[]>; /** * Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. */ icmpIdleTimeoutSec?: pulumi.Input; /** * Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. * Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY. */ initialNatIps?: pulumi.Input[]>; /** * Configuration for logging on NAT * Structure is documented below. */ logConfig?: pulumi.Input; /** * Maximum number of ports allocated to a VM from this NAT. * This field can only be set when enableDynamicPortAllocation is enabled. */ maxPortsPerVm?: pulumi.Input; /** * Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set. */ minPortsPerVm?: pulumi.Input; /** * Name of the NAT service. The name must be 1-63 characters long and * comply with RFC1035. */ name?: pulumi.Input; /** * One or more subnetwork NAT configurations whose traffic should be translated by NAT64 Gateway. * Only used if `sourceSubnetworkIpRangesToNat64` is set to `LIST_OF_IPV6_SUBNETWORKS` * Structure is documented below. */ nat64Subnetworks?: pulumi.Input[]>; /** * How external IPs should be allocated for this NAT. Valid values are * `AUTO_ONLY` for only allowing NAT IPs allocated by Google Cloud * Platform, or `MANUAL_ONLY` for only user-allocated NAT IP addresses. * Possible values are: `MANUAL_ONLY`, `AUTO_ONLY`. */ natIpAllocateOption?: pulumi.Input; /** * Self-links of NAT IPs. Only valid if natIpAllocateOption * is set to MANUAL_ONLY. * If this field is used alongside with a count created list of address resources `google_compute_address.foobar.*.self_link`, * the access level resource for the address resource must have a `lifecycle` block with `createBeforeDestroy = true` so * the number of resources can be increased/decreased without triggering the `resourceInUseByAnotherResource` error. */ natIps?: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Region where the router and NAT reside. */ region?: pulumi.Input; /** * The name of the Cloud Router in which this NAT will be configured. */ router?: pulumi.Input; /** * A list of rules associated with this NAT. * Structure is documented below. */ rules?: pulumi.Input[]>; /** * How NAT should be configured per Subnetwork. * If `ALL_SUBNETWORKS_ALL_IP_RANGES`, all of the * IP ranges in every Subnetwork are allowed to Nat. * If `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, all of the primary IP * ranges in every Subnetwork are allowed to Nat. * `LIST_OF_SUBNETWORKS`: A list of Subnetworks are allowed to Nat * (specified in the field subnetwork below). Note that if this field * contains ALL_SUBNETWORKS_ALL_IP_RANGES or * ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any * other RouterNat section in any Router for this network in this region. * Possible values are: `ALL_SUBNETWORKS_ALL_IP_RANGES`, `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, `LIST_OF_SUBNETWORKS`. */ sourceSubnetworkIpRangesToNat?: pulumi.Input; /** * Specify the Nat option for NAT64, which can take one of the following values: * ALL_IPV6_SUBNETWORKS: All of the IP ranges in every Subnetwork are allowed to Nat. * LIST_OF_IPV6_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field nat64Subnetwork below). * Note that if this field contains NAT64_ALL_V6_SUBNETWORKS no other Router.Nat section in this region can also enable NAT64 for any Subnetworks in this network. * Other Router.Nat sections can still be present to enable NAT44 only. * Possible values are: `ALL_IPV6_SUBNETWORKS`, `LIST_OF_IPV6_SUBNETWORKS`. */ sourceSubnetworkIpRangesToNat64?: pulumi.Input; /** * One or more subnetwork NAT configurations. Only used if * `sourceSubnetworkIpRangesToNat` is set to `LIST_OF_SUBNETWORKS` * Structure is documented below. */ subnetworks?: pulumi.Input[]>; /** * Timeout (in seconds) for TCP established connections. * Defaults to 1200s if not set. */ tcpEstablishedIdleTimeoutSec?: pulumi.Input; /** * Timeout (in seconds) for TCP connections that are in TIME_WAIT state. * Defaults to 120s if not set. */ tcpTimeWaitTimeoutSec?: pulumi.Input; /** * Timeout (in seconds) for TCP transitory connections. * Defaults to 30s if not set. */ tcpTransitoryIdleTimeoutSec?: pulumi.Input; /** * Indicates whether this NAT is used for public or private IP translation. * If unspecified, it defaults to PUBLIC. * If `PUBLIC` NAT used for public IP translation. * If `PRIVATE` NAT used for private IP translation. * Default value is `PUBLIC`. * Possible values are: `PUBLIC`, `PRIVATE`. */ type?: pulumi.Input; /** * Timeout (in seconds) for UDP connections. Defaults to 30s if not set. */ udpIdleTimeoutSec?: pulumi.Input; } /** * The set of arguments for constructing a RouterNat resource. */ export interface RouterNatArgs { /** * The network tier to use when automatically reserving NAT IP addresses. * Must be one of: PREMIUM, STANDARD. If not specified, then the current * project-level default tier is used. * Possible values are: `PREMIUM`, `STANDARD`. */ autoNetworkTier?: pulumi.Input; /** * A list of URLs of the IP resources to be drained. These IPs must be * valid static external IPs that have been assigned to the NAT. */ drainNatIps?: pulumi.Input[]>; /** * Enable Dynamic Port Allocation. * If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. * If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. * If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. * If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. * Mutually exclusive with enableEndpointIndependentMapping. */ enableDynamicPortAllocation?: pulumi.Input; /** * Enable endpoint independent mapping. * For more information see the [official documentation](https://cloud.google.com/nat/docs/overview#specs-rfcs). */ enableEndpointIndependentMapping?: pulumi.Input; /** * Specifies the endpoint Types supported by the NAT Gateway. * Supported values include: * `ENDPOINT_TYPE_VM`, `ENDPOINT_TYPE_SWG`, * `ENDPOINT_TYPE_MANAGED_PROXY_LB`. */ endpointTypes?: pulumi.Input[]>; /** * Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. */ icmpIdleTimeoutSec?: pulumi.Input; /** * Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. * Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY. */ initialNatIps?: pulumi.Input[]>; /** * Configuration for logging on NAT * Structure is documented below. */ logConfig?: pulumi.Input; /** * Maximum number of ports allocated to a VM from this NAT. * This field can only be set when enableDynamicPortAllocation is enabled. */ maxPortsPerVm?: pulumi.Input; /** * Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set. */ minPortsPerVm?: pulumi.Input; /** * Name of the NAT service. The name must be 1-63 characters long and * comply with RFC1035. */ name?: pulumi.Input; /** * One or more subnetwork NAT configurations whose traffic should be translated by NAT64 Gateway. * Only used if `sourceSubnetworkIpRangesToNat64` is set to `LIST_OF_IPV6_SUBNETWORKS` * Structure is documented below. */ nat64Subnetworks?: pulumi.Input[]>; /** * How external IPs should be allocated for this NAT. Valid values are * `AUTO_ONLY` for only allowing NAT IPs allocated by Google Cloud * Platform, or `MANUAL_ONLY` for only user-allocated NAT IP addresses. * Possible values are: `MANUAL_ONLY`, `AUTO_ONLY`. */ natIpAllocateOption?: pulumi.Input; /** * Self-links of NAT IPs. Only valid if natIpAllocateOption * is set to MANUAL_ONLY. * If this field is used alongside with a count created list of address resources `google_compute_address.foobar.*.self_link`, * the access level resource for the address resource must have a `lifecycle` block with `createBeforeDestroy = true` so * the number of resources can be increased/decreased without triggering the `resourceInUseByAnotherResource` error. */ natIps?: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. * If it is not provided, the provider project is used. */ project?: pulumi.Input; /** * Region where the router and NAT reside. */ region?: pulumi.Input; /** * The name of the Cloud Router in which this NAT will be configured. */ router: pulumi.Input; /** * A list of rules associated with this NAT. * Structure is documented below. */ rules?: pulumi.Input[]>; /** * How NAT should be configured per Subnetwork. * If `ALL_SUBNETWORKS_ALL_IP_RANGES`, all of the * IP ranges in every Subnetwork are allowed to Nat. * If `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, all of the primary IP * ranges in every Subnetwork are allowed to Nat. * `LIST_OF_SUBNETWORKS`: A list of Subnetworks are allowed to Nat * (specified in the field subnetwork below). Note that if this field * contains ALL_SUBNETWORKS_ALL_IP_RANGES or * ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any * other RouterNat section in any Router for this network in this region. * Possible values are: `ALL_SUBNETWORKS_ALL_IP_RANGES`, `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, `LIST_OF_SUBNETWORKS`. */ sourceSubnetworkIpRangesToNat: pulumi.Input; /** * Specify the Nat option for NAT64, which can take one of the following values: * ALL_IPV6_SUBNETWORKS: All of the IP ranges in every Subnetwork are allowed to Nat. * LIST_OF_IPV6_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field nat64Subnetwork below). * Note that if this field contains NAT64_ALL_V6_SUBNETWORKS no other Router.Nat section in this region can also enable NAT64 for any Subnetworks in this network. * Other Router.Nat sections can still be present to enable NAT44 only. * Possible values are: `ALL_IPV6_SUBNETWORKS`, `LIST_OF_IPV6_SUBNETWORKS`. */ sourceSubnetworkIpRangesToNat64?: pulumi.Input; /** * One or more subnetwork NAT configurations. Only used if * `sourceSubnetworkIpRangesToNat` is set to `LIST_OF_SUBNETWORKS` * Structure is documented below. */ subnetworks?: pulumi.Input[]>; /** * Timeout (in seconds) for TCP established connections. * Defaults to 1200s if not set. */ tcpEstablishedIdleTimeoutSec?: pulumi.Input; /** * Timeout (in seconds) for TCP connections that are in TIME_WAIT state. * Defaults to 120s if not set. */ tcpTimeWaitTimeoutSec?: pulumi.Input; /** * Timeout (in seconds) for TCP transitory connections. * Defaults to 30s if not set. */ tcpTransitoryIdleTimeoutSec?: pulumi.Input; /** * Indicates whether this NAT is used for public or private IP translation. * If unspecified, it defaults to PUBLIC. * If `PUBLIC` NAT used for public IP translation. * If `PRIVATE` NAT used for private IP translation. * Default value is `PUBLIC`. * Possible values are: `PUBLIC`, `PRIVATE`. */ type?: pulumi.Input; /** * Timeout (in seconds) for UDP connections. Defaults to 30s if not set. */ udpIdleTimeoutSec?: pulumi.Input; }