googleComputeGlobalForwardingRule
Represents a GlobalForwardingRule resource. Global forwarding rules are used to forward traffic to the correct load balancer for HTTP load balancing. Global forwarding rules can only be used for HTTP load balancing.
For more information, see https://cloud.google.com/compute/docs/load-balancing/http/
Example Usage - External Ssl Proxy Lb Mig Backend
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
import * as tls from "./.gen/providers/tls";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google, tls.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeGlobalAddressDefault =
new google.computeGlobalAddress.ComputeGlobalAddress(this, "default", {
name: "ssl-proxy-xlb-ip",
});
const googleComputeHealthCheckDefault =
new google.computeHealthCheck.ComputeHealthCheck(this, "default_1", {
check_interval_sec: 1,
name: "ssl-proxy-health-check",
tcp_health_check: [
{
port: "443",
},
],
timeout_sec: 1,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeHealthCheckDefault.overrideLogicalId("default");
const googleComputeNetworkDefault = new google.computeNetwork.ComputeNetwork(
this,
"default_2",
{
auto_create_subnetworks: false,
name: "ssl-proxy-xlb-network",
provider: "${google}",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeNetworkDefault.overrideLogicalId("default");
const googleComputeSubnetworkDefault =
new google.computeSubnetwork.ComputeSubnetwork(this, "default_3", {
ip_cidr_range: "10.0.1.0/24",
name: "ssl-proxy-xlb-subnet",
network: googleComputeNetworkDefault.id,
provider: "${google}",
region: "us-central1",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeSubnetworkDefault.overrideLogicalId("default");
const tlsPrivateKeyDefault = new tls.privateKey.PrivateKey(this, "default_4", {
algorithm: "RSA",
rsa_bits: 2048,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
tlsPrivateKeyDefault.overrideLogicalId("default");
const tlsSelfSignedCertDefault = new tls.selfSignedCert.SelfSignedCert(
this,
"default_5",
{
allowed_uses: ["key_encipherment", "digital_signature", "server_auth"],
dns_names: ["example.com"],
early_renewal_hours: 3,
key_algorithm: tlsPrivateKeyDefault.algorithm,
private_key_pem: tlsPrivateKeyDefault.privateKeyPem,
subject: [
{
common_name: "example.com",
organization: "ACME Examples, Inc",
},
],
validity_period_hours: 12,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
tlsSelfSignedCertDefault.overrideLogicalId("default");
const googleComputeFirewallDefault = new google.computeFirewall.ComputeFirewall(
this,
"default_6",
{
allow: [
{
protocol: "tcp",
},
],
direction: "INGRESS",
name: "ssl-proxy-xlb-fw-allow-hc",
network: googleComputeNetworkDefault.id,
provider: "${google}",
source_ranges: ["130.211.0.0/22", "35.191.0.0/16"],
target_tags: ["allow-health-check"],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeFirewallDefault.overrideLogicalId("default");
const googleComputeInstanceTemplateDefault =
new google.computeInstanceTemplate.ComputeInstanceTemplate(
this,
"default_7",
{
disk: [
{
auto_delete: true,
boot: true,
source_image: "debian-cloud/debian-10",
},
],
machine_type: "e2-small",
metadata: [
{
"startup-script":
'#! /bin/bash\nset -euo pipefail\nexport DEBIAN_FRONTEND=noninteractive\nsudo apt-get update\nsudo apt-get install -y apache2 jq\nsudo a2ensite default-ssl\nsudo a2enmod ssl\nsudo service apache2 restart\nNAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")\nIP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")\nMETADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq \'del(.["startup-script"])\')\ncat <<EOF > /var/www/html/index.html\n<h1>SSL Load Balancer</h1>\n<pre>\nName: $NAME\nIP: $IP\nMetadata: $METADATA\n</pre>\nEOF\n',
},
],
name: "ssl-proxy-xlb-mig-template",
network_interface: [
{
access_config: [{}],
network: googleComputeNetworkDefault.id,
subnetwork: googleComputeSubnetworkDefault.id,
},
],
provider: "${google}",
tags: ["allow-health-check"],
}
);
googleComputeInstanceTemplateDefault.addOverride("lifecycle", [
{
create_before_destroy: true,
},
]);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeInstanceTemplateDefault.overrideLogicalId("default");
const googleComputeSslCertificateDefault =
new google.computeSslCertificate.ComputeSslCertificate(this, "default_8", {
certificate: tlsSelfSignedCertDefault.certPem,
name: "default-cert",
private_key: tlsPrivateKeyDefault.privateKeyPem,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeSslCertificateDefault.overrideLogicalId("default");
const googleComputeInstanceGroupManagerDefault =
new google.computeInstanceGroupManager.ComputeInstanceGroupManager(
this,
"default_9",
{
base_instance_name: "vm",
name: "ssl-proxy-xlb-mig1",
named_port: [
{
name: "tcp",
port: 443,
},
],
provider: "${google}",
target_size: 2,
version: [
{
instance_template: googleComputeInstanceTemplateDefault.id,
name: "primary",
},
],
zone: "us-central1-c",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeInstanceGroupManagerDefault.overrideLogicalId("default");
const googleComputeBackendServiceDefault =
new google.computeBackendService.ComputeBackendService(this, "default_10", {
backend: [
{
balancing_mode: "UTILIZATION",
capacity_scaler: 1,
group: googleComputeInstanceGroupManagerDefault.instanceGroup,
max_utilization: 1,
},
],
health_checks: [googleComputeHealthCheckDefault.id],
load_balancing_scheme: "EXTERNAL",
name: "ssl-proxy-xlb-backend-service",
port_name: "tcp",
protocol: "SSL",
timeout_sec: 10,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeBackendServiceDefault.overrideLogicalId("default");
const googleComputeTargetSslProxyDefault =
new google.computeTargetSslProxy.ComputeTargetSslProxy(this, "default_11", {
backend_service: googleComputeBackendServiceDefault.id,
name: "test-proxy",
ssl_certificates: [googleComputeSslCertificateDefault.id],
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeTargetSslProxyDefault.overrideLogicalId("default");
const googleComputeGlobalForwardingRuleDefault =
new google.computeGlobalForwardingRule.ComputeGlobalForwardingRule(
this,
"default_12",
{
ip_address: googleComputeGlobalAddressDefault.id,
ip_protocol: "TCP",
load_balancing_scheme: "EXTERNAL",
name: "ssl-proxy-xlb-forwarding-rule",
port_range: "443",
provider: "${google}",
target: googleComputeTargetSslProxyDefault.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeGlobalForwardingRuleDefault.overrideLogicalId("default");
Example Usage - External Tcp Proxy Lb Mig Backend
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeGlobalAddressDefault =
new google.computeGlobalAddress.ComputeGlobalAddress(this, "default", {
name: "tcp-proxy-xlb-ip",
provider: "${google-beta}",
});
const googleComputeHealthCheckDefault =
new google.computeHealthCheck.ComputeHealthCheck(this, "default_1", {
check_interval_sec: 1,
name: "tcp-proxy-health-check",
provider: "${google-beta}",
tcp_health_check: [
{
port: "80",
},
],
timeout_sec: 1,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeHealthCheckDefault.overrideLogicalId("default");
const googleComputeNetworkDefault = new google.computeNetwork.ComputeNetwork(
this,
"default_2",
{
auto_create_subnetworks: false,
name: "tcp-proxy-xlb-network",
provider: "${google-beta}",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeNetworkDefault.overrideLogicalId("default");
const googleComputeSubnetworkDefault =
new google.computeSubnetwork.ComputeSubnetwork(this, "default_3", {
ip_cidr_range: "10.0.1.0/24",
name: "tcp-proxy-xlb-subnet",
network: googleComputeNetworkDefault.id,
provider: "${google-beta}",
region: "us-central1",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeSubnetworkDefault.overrideLogicalId("default");
const googleComputeFirewallDefault = new google.computeFirewall.ComputeFirewall(
this,
"default_4",
{
allow: [
{
protocol: "tcp",
},
],
direction: "INGRESS",
name: "tcp-proxy-xlb-fw-allow-hc",
network: googleComputeNetworkDefault.id,
provider: "${google-beta}",
source_ranges: ["130.211.0.0/22", "35.191.0.0/16"],
target_tags: ["allow-health-check"],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeFirewallDefault.overrideLogicalId("default");
const googleComputeInstanceTemplateDefault =
new google.computeInstanceTemplate.ComputeInstanceTemplate(
this,
"default_5",
{
disk: [
{
auto_delete: true,
boot: true,
source_image: "debian-cloud/debian-10",
},
],
machine_type: "e2-small",
metadata: [
{
"startup-script":
'#! /bin/bash\nset -euo pipefail\nexport DEBIAN_FRONTEND=noninteractive\napt-get update\napt-get install -y nginx-light jq\nNAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")\nIP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")\nMETADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq \'del(.["startup-script"])\')\ncat <<EOF > /var/www/html/index.html\n<pre>\nName: $NAME\nIP: $IP\nMetadata: $METADATA\n</pre>\nEOF\n',
},
],
name: "tcp-proxy-xlb-mig-template",
network_interface: [
{
access_config: [{}],
network: googleComputeNetworkDefault.id,
subnetwork: googleComputeSubnetworkDefault.id,
},
],
provider: "${google-beta}",
tags: ["allow-health-check"],
}
);
googleComputeInstanceTemplateDefault.addOverride("lifecycle", [
{
create_before_destroy: true,
},
]);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeInstanceTemplateDefault.overrideLogicalId("default");
const googleComputeInstanceGroupManagerDefault =
new google.computeInstanceGroupManager.ComputeInstanceGroupManager(
this,
"default_6",
{
base_instance_name: "vm",
name: "tcp-proxy-xlb-mig1",
named_port: [
{
name: "tcp",
port: 80,
},
],
provider: "${google-beta}",
target_size: 2,
version: [
{
instance_template: googleComputeInstanceTemplateDefault.id,
name: "primary",
},
],
zone: "us-central1-c",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeInstanceGroupManagerDefault.overrideLogicalId("default");
const googleComputeBackendServiceDefault =
new google.computeBackendService.ComputeBackendService(this, "default_7", {
backend: [
{
balancing_mode: "UTILIZATION",
capacity_scaler: 1,
group: googleComputeInstanceGroupManagerDefault.instanceGroup,
max_utilization: 1,
},
],
health_checks: [googleComputeHealthCheckDefault.id],
load_balancing_scheme: "EXTERNAL",
name: "tcp-proxy-xlb-backend-service",
port_name: "tcp",
protocol: "TCP",
provider: "${google-beta}",
timeout_sec: 10,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeBackendServiceDefault.overrideLogicalId("default");
const googleComputeTargetTcpProxyDefault =
new google.computeTargetTcpProxy.ComputeTargetTcpProxy(this, "default_8", {
backend_service: googleComputeBackendServiceDefault.id,
name: "test-proxy-health-check",
provider: "${google-beta}",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeTargetTcpProxyDefault.overrideLogicalId("default");
const googleComputeGlobalForwardingRuleDefault =
new google.computeGlobalForwardingRule.ComputeGlobalForwardingRule(
this,
"default_9",
{
ip_address: googleComputeGlobalAddressDefault.id,
ip_protocol: "TCP",
load_balancing_scheme: "EXTERNAL",
name: "tcp-proxy-xlb-forwarding-rule",
port_range: "110",
provider: "${google-beta}",
target: googleComputeTargetTcpProxyDefault.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeGlobalForwardingRuleDefault.overrideLogicalId("default");
Example Usage - External Http Lb Mig Backend Custom Header
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeGlobalAddressDefault =
new google.computeGlobalAddress.ComputeGlobalAddress(this, "default", {
name: "l7-xlb-static-ip",
provider: "${google-beta}",
});
const googleComputeHealthCheckDefault =
new google.computeHealthCheck.ComputeHealthCheck(this, "default_1", {
http_health_check: [
{
port_specification: "USE_SERVING_PORT",
},
],
name: "l7-xlb-hc",
provider: "${google-beta}",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeHealthCheckDefault.overrideLogicalId("default");
const googleComputeNetworkDefault = new google.computeNetwork.ComputeNetwork(
this,
"default_2",
{
auto_create_subnetworks: false,
name: "l7-xlb-network",
provider: "${google-beta}",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeNetworkDefault.overrideLogicalId("default");
const googleComputeSubnetworkDefault =
new google.computeSubnetwork.ComputeSubnetwork(this, "default_3", {
ip_cidr_range: "10.0.1.0/24",
name: "l7-xlb-subnet",
network: googleComputeNetworkDefault.id,
provider: "${google-beta}",
region: "us-central1",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeSubnetworkDefault.overrideLogicalId("default");
const googleComputeFirewallDefault = new google.computeFirewall.ComputeFirewall(
this,
"default_4",
{
allow: [
{
protocol: "tcp",
},
],
direction: "INGRESS",
name: "l7-xlb-fw-allow-hc",
network: googleComputeNetworkDefault.id,
provider: "${google-beta}",
source_ranges: ["130.211.0.0/22", "35.191.0.0/16"],
target_tags: ["allow-health-check"],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeFirewallDefault.overrideLogicalId("default");
const googleComputeInstanceTemplateDefault =
new google.computeInstanceTemplate.ComputeInstanceTemplate(
this,
"default_5",
{
disk: [
{
auto_delete: true,
boot: true,
source_image: "debian-cloud/debian-10",
},
],
machine_type: "e2-small",
metadata: [
{
"startup-script":
'#! /bin/bash\nset -euo pipefail\n\nexport DEBIAN_FRONTEND=noninteractive\napt-get update\napt-get install -y nginx-light jq\n\nNAME=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/hostname")\nIP=$(curl -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/ip")\nMETADATA=$(curl -f -H "Metadata-Flavor: Google" "http://metadata.google.internal/computeMetadata/v1/instance/attributes/?recursive=True" | jq \'del(.["startup-script"])\')\n\ncat <<EOF > /var/www/html/index.html\n<pre>\nName: $NAME\nIP: $IP\nMetadata: $METADATA\n</pre>\nEOF\n',
},
],
name: "l7-xlb-mig-template",
network_interface: [
{
access_config: [{}],
network: googleComputeNetworkDefault.id,
subnetwork: googleComputeSubnetworkDefault.id,
},
],
provider: "${google-beta}",
tags: ["allow-health-check"],
}
);
googleComputeInstanceTemplateDefault.addOverride("lifecycle", [
{
create_before_destroy: true,
},
]);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeInstanceTemplateDefault.overrideLogicalId("default");
const googleComputeInstanceGroupManagerDefault =
new google.computeInstanceGroupManager.ComputeInstanceGroupManager(
this,
"default_6",
{
base_instance_name: "vm",
name: "l7-xlb-mig1",
named_port: [
{
name: "http",
port: 8080,
},
],
provider: "${google-beta}",
target_size: 2,
version: [
{
instance_template: googleComputeInstanceTemplateDefault.id,
name: "primary",
},
],
zone: "us-central1-c",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeInstanceGroupManagerDefault.overrideLogicalId("default");
const googleComputeBackendServiceDefault =
new google.computeBackendService.ComputeBackendService(this, "default_7", {
backend: [
{
balancing_mode: "UTILIZATION",
capacity_scaler: 1,
group: googleComputeInstanceGroupManagerDefault.instanceGroup,
},
],
custom_request_headers: [
"X-Client-Geo-Location: {client_region_subdivision}, {client_city}",
],
custom_response_headers: ["X-Cache-Hit: {cdn_cache_status}"],
enable_cdn: true,
health_checks: [googleComputeHealthCheckDefault.id],
load_balancing_scheme: "EXTERNAL",
name: "l7-xlb-backend-service",
port_name: "my-port",
protocol: "HTTP",
provider: "${google-beta}",
timeout_sec: 10,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeBackendServiceDefault.overrideLogicalId("default");
const googleComputeUrlMapDefault = new google.computeUrlMap.ComputeUrlMap(
this,
"default_8",
{
default_service: googleComputeBackendServiceDefault.id,
name: "l7-xlb-url-map",
provider: "${google-beta}",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeUrlMapDefault.overrideLogicalId("default");
const googleComputeTargetHttpProxyDefault =
new google.computeTargetHttpProxy.ComputeTargetHttpProxy(this, "default_9", {
name: "l7-xlb-target-http-proxy",
provider: "${google-beta}",
url_map: googleComputeUrlMapDefault.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeTargetHttpProxyDefault.overrideLogicalId("default");
const googleComputeGlobalForwardingRuleDefault =
new google.computeGlobalForwardingRule.ComputeGlobalForwardingRule(
this,
"default_10",
{
ip_address: googleComputeGlobalAddressDefault.id,
ip_protocol: "TCP",
load_balancing_scheme: "EXTERNAL",
name: "l7-xlb-forwarding-rule",
port_range: "80",
provider: "${google-beta}",
target: googleComputeTargetHttpProxyDefault.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeGlobalForwardingRuleDefault.overrideLogicalId("default");
Example Usage - Global Forwarding Rule Http
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeHttpHealthCheckDefault =
new google.computeHttpHealthCheck.ComputeHttpHealthCheck(this, "default", {
check_interval_sec: 1,
name: "check-backend",
request_path: "/",
timeout_sec: 1,
});
const googleComputeBackendServiceDefault =
new google.computeBackendService.ComputeBackendService(this, "default_1", {
health_checks: [googleComputeHttpHealthCheckDefault.id],
name: "backend",
port_name: "http",
protocol: "HTTP",
timeout_sec: 10,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeBackendServiceDefault.overrideLogicalId("default");
const googleComputeUrlMapDefault = new google.computeUrlMap.ComputeUrlMap(
this,
"default_2",
{
default_service: googleComputeBackendServiceDefault.id,
description: "a description",
host_rule: [
{
hosts: ["mysite.com"],
path_matcher: "allpaths",
},
],
name: "url-map-target-proxy",
path_matcher: [
{
default_service: googleComputeBackendServiceDefault.id,
name: "allpaths",
path_rule: [
{
paths: ["/*"],
service: googleComputeBackendServiceDefault.id,
},
],
},
],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeUrlMapDefault.overrideLogicalId("default");
const googleComputeTargetHttpProxyDefault =
new google.computeTargetHttpProxy.ComputeTargetHttpProxy(this, "default_3", {
description: "a description",
name: "target-proxy",
url_map: googleComputeUrlMapDefault.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeTargetHttpProxyDefault.overrideLogicalId("default");
const googleComputeGlobalForwardingRuleDefault =
new google.computeGlobalForwardingRule.ComputeGlobalForwardingRule(
this,
"default_4",
{
name: "global-rule",
port_range: "80",
target: googleComputeTargetHttpProxyDefault.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeGlobalForwardingRuleDefault.overrideLogicalId("default");
Example Usage - Global Forwarding Rule Internal
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeHealthCheckDefault =
new google.computeHealthCheck.ComputeHealthCheck(this, "default", {
check_interval_sec: 1,
name: "check-backend",
provider: "${google-beta}",
tcp_health_check: [
{
port: "80",
},
],
timeout_sec: 1,
});
const dataGoogleComputeImageDebianImage =
new google.dataGoogleComputeImage.DataGoogleComputeImage(
this,
"debian_image",
{
family: "debian-11",
project: "debian-cloud",
provider: "${google-beta}",
}
);
const googleComputeInstanceTemplateInstanceTemplate =
new google.computeInstanceTemplate.ComputeInstanceTemplate(
this,
"instance_template",
{
disk: [
{
auto_delete: true,
boot: true,
source_image: dataGoogleComputeImageDebianImage.selfLink,
},
],
machine_type: "e2-medium",
name: "template-backend",
network_interface: [
{
network: "default",
},
],
provider: "${google-beta}",
}
);
const googleComputeInstanceGroupManagerIgm =
new google.computeInstanceGroupManager.ComputeInstanceGroupManager(
this,
"igm",
{
base_instance_name: "internal-glb",
name: "igm-internal",
provider: "${google-beta}",
target_size: 1,
version: [
{
instance_template: googleComputeInstanceTemplateInstanceTemplate.id,
name: "primary",
},
],
zone: "us-central1-f",
}
);
const googleComputeBackendServiceDefault =
new google.computeBackendService.ComputeBackendService(this, "default_4", {
backend: [
{
balancing_mode: "RATE",
capacity_scaler: 0.4,
group: googleComputeInstanceGroupManagerIgm.instanceGroup,
max_rate_per_instance: 50,
},
],
health_checks: [googleComputeHealthCheckDefault.id],
load_balancing_scheme: "INTERNAL_SELF_MANAGED",
name: "backend",
port_name: "http",
protocol: "HTTP",
provider: "${google-beta}",
timeout_sec: 10,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeBackendServiceDefault.overrideLogicalId("default");
const googleComputeUrlMapDefault = new google.computeUrlMap.ComputeUrlMap(
this,
"default_5",
{
default_service: googleComputeBackendServiceDefault.id,
description: "a description",
host_rule: [
{
hosts: ["mysite.com"],
path_matcher: "allpaths",
},
],
name: "url-map-target-proxy",
path_matcher: [
{
default_service: googleComputeBackendServiceDefault.id,
name: "allpaths",
path_rule: [
{
paths: ["/*"],
service: googleComputeBackendServiceDefault.id,
},
],
},
],
provider: "${google-beta}",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeUrlMapDefault.overrideLogicalId("default");
const googleComputeTargetHttpProxyDefault =
new google.computeTargetHttpProxy.ComputeTargetHttpProxy(this, "default_6", {
description: "a description",
name: "target-proxy",
provider: "${google-beta}",
url_map: googleComputeUrlMapDefault.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeTargetHttpProxyDefault.overrideLogicalId("default");
const googleComputeGlobalForwardingRuleDefault =
new google.computeGlobalForwardingRule.ComputeGlobalForwardingRule(
this,
"default_7",
{
ip_address: "0.0.0.0",
load_balancing_scheme: "INTERNAL_SELF_MANAGED",
metadata_filters: [
{
filter_labels: [
{
name: "PLANET",
value: "MARS",
},
],
filter_match_criteria: "MATCH_ANY",
},
],
name: "global-rule",
port_range: "80",
provider: "${google-beta}",
target: googleComputeTargetHttpProxyDefault.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeGlobalForwardingRuleDefault.overrideLogicalId("default");
Example Usage - Global Forwarding Rule External Managed
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeBackendServiceDefault =
new google.computeBackendService.ComputeBackendService(this, "default", {
load_balancing_scheme: "EXTERNAL_MANAGED",
name: "backend",
port_name: "http",
protocol: "HTTP",
timeout_sec: 10,
});
const googleComputeUrlMapDefault = new google.computeUrlMap.ComputeUrlMap(
this,
"default_1",
{
default_service: googleComputeBackendServiceDefault.id,
description: "a description",
host_rule: [
{
hosts: ["mysite.com"],
path_matcher: "allpaths",
},
],
name: "url-map-target-proxy",
path_matcher: [
{
default_service: googleComputeBackendServiceDefault.id,
name: "allpaths",
path_rule: [
{
paths: ["/*"],
service: googleComputeBackendServiceDefault.id,
},
],
},
],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeUrlMapDefault.overrideLogicalId("default");
const googleComputeTargetHttpProxyDefault =
new google.computeTargetHttpProxy.ComputeTargetHttpProxy(this, "default_2", {
description: "a description",
name: "target-proxy",
url_map: googleComputeUrlMapDefault.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeTargetHttpProxyDefault.overrideLogicalId("default");
const googleComputeGlobalForwardingRuleDefault =
new google.computeGlobalForwardingRule.ComputeGlobalForwardingRule(
this,
"default_3",
{
load_balancing_scheme: "EXTERNAL_MANAGED",
name: "global-rule",
port_range: "80",
target: googleComputeTargetHttpProxyDefault.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeGlobalForwardingRuleDefault.overrideLogicalId("default");
Example Usage - Global Forwarding Rule Hybrid
import * as cdktf from "cdktf";
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
/*Terraform Variables are not always the best fit for getting inputs in the context of Terraform CDK.
You can read more about this at https://cdk.tf/variables*/
const subnetworkCidr = new cdktf.TerraformVariable(this, "subnetwork_cidr", {
default: "10.0.0.0/24",
});
const googleComputeHealthCheckDefault =
new google.computeHealthCheck.ComputeHealthCheck(this, "default", {
check_interval_sec: 1,
name: "health-check",
tcp_health_check: [
{
port: "80",
},
],
timeout_sec: 1,
});
const googleComputeNetworkDefault = new google.computeNetwork.ComputeNetwork(
this,
"default_2",
{
name: "my-network",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeNetworkDefault.overrideLogicalId("default");
const googleComputeNetworkInternal = new google.computeNetwork.ComputeNetwork(
this,
"internal",
{
auto_create_subnetworks: false,
name: "my-internal-network",
}
);
const googleComputeNetworkEndpointGroupDefault =
new google.computeNetworkEndpointGroup.ComputeNetworkEndpointGroup(
this,
"default_4",
{
default_port: "90",
name: "default-neg",
network: googleComputeNetworkDefault.id,
network_endpoint_type: "GCE_VM_IP_PORT",
zone: "us-central1-a",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeNetworkEndpointGroupDefault.overrideLogicalId("default");
const googleComputeNetworkEndpointGroupHybrid =
new google.computeNetworkEndpointGroup.ComputeNetworkEndpointGroup(
this,
"hybrid",
{
default_port: "90",
name: "hybrid-neg",
network: googleComputeNetworkDefault.id,
network_endpoint_type: "NON_GCP_PRIVATE_IP_PORT",
zone: "us-central1-a",
}
);
const googleComputeSubnetworkInternal =
new google.computeSubnetwork.ComputeSubnetwork(this, "internal_6", {
ip_cidr_range: subnetworkCidr.value,
name: "my-subnetwork",
network: googleComputeNetworkInternal.id,
private_ip_google_access: true,
region: "us-central1",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeSubnetworkInternal.overrideLogicalId("internal");
const googleComputeBackendServiceDefault =
new google.computeBackendService.ComputeBackendService(this, "default_7", {
backend: [
{
balancing_mode: "RATE",
group: googleComputeNetworkEndpointGroupDefault.id,
max_rate_per_endpoint: 10,
},
],
health_checks: [googleComputeHealthCheckDefault.id],
name: "backend-default",
port_name: "http",
protocol: "HTTP",
timeout_sec: 10,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeBackendServiceDefault.overrideLogicalId("default");
const googleComputeBackendServiceHybrid =
new google.computeBackendService.ComputeBackendService(this, "hybrid_8", {
backend: [
{
balancing_mode: "RATE",
group: googleComputeNetworkEndpointGroupHybrid.id,
max_rate_per_endpoint: 10,
},
],
health_checks: [googleComputeHealthCheckDefault.id],
name: "backend-hybrid",
port_name: "http",
protocol: "HTTP",
timeout_sec: 10,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeBackendServiceHybrid.overrideLogicalId("hybrid");
new google.computeNetworkEndpoint.ComputeNetworkEndpoint(
this,
"hybrid-endpoint",
{
ip_address: "127.0.0.1",
network_endpoint_group: googleComputeNetworkEndpointGroupHybrid.name,
port: googleComputeNetworkEndpointGroupHybrid.defaultPort,
}
);
const googleComputeNetworkEndpointGroupInternal =
new google.computeNetworkEndpointGroup.ComputeNetworkEndpointGroup(
this,
"internal_10",
{
name: "internal-neg",
network: googleComputeNetworkInternal.id,
network_endpoint_type: "GCE_VM_IP",
subnetwork: googleComputeSubnetworkInternal.id,
zone: "us-central1-a",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeNetworkEndpointGroupInternal.overrideLogicalId("internal");
const googleComputeUrlMapDefault = new google.computeUrlMap.ComputeUrlMap(
this,
"default_11",
{
default_service: googleComputeBackendServiceDefault.id,
description: "a description",
host_rule: [
{
hosts: ["mysite.com"],
path_matcher: "allpaths",
},
],
name: "url-map-target-proxy",
path_matcher: [
{
default_service: googleComputeBackendServiceDefault.id,
name: "allpaths",
path_rule: [
{
paths: ["/*"],
service: googleComputeBackendServiceDefault.id,
},
{
paths: ["/hybrid"],
service: googleComputeBackendServiceHybrid.id,
},
],
},
],
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeUrlMapDefault.overrideLogicalId("default");
const googleComputeTargetHttpProxyDefault =
new google.computeTargetHttpProxy.ComputeTargetHttpProxy(this, "default_12", {
description: "a description",
name: "target-proxy",
url_map: googleComputeUrlMapDefault.id,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeTargetHttpProxyDefault.overrideLogicalId("default");
const googleComputeGlobalForwardingRuleDefault =
new google.computeGlobalForwardingRule.ComputeGlobalForwardingRule(
this,
"default_13",
{
name: "global-rule",
port_range: "80",
target: googleComputeTargetHttpProxyDefault.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeGlobalForwardingRuleDefault.overrideLogicalId("default");
Example Usage - Private Service Connect Google Apis
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeNetworkNetwork = new google.computeNetwork.ComputeNetwork(
this,
"network",
{
auto_create_subnetworks: false,
name: "my-network",
project: "my-project-name",
provider: "${google-beta}",
}
);
new google.computeSubnetwork.ComputeSubnetwork(this, "vpc_subnetwork", {
ip_cidr_range: "10.2.0.0/16",
name: "my-subnetwork",
network: googleComputeNetworkNetwork.id,
private_ip_google_access: true,
project: googleComputeNetworkNetwork.project,
provider: "${google-beta}",
region: "us-central1",
});
const googleComputeGlobalAddressDefault =
new google.computeGlobalAddress.ComputeGlobalAddress(this, "default", {
address: "100.100.100.106",
address_type: "INTERNAL",
name: "global-psconnect-ip",
network: googleComputeNetworkNetwork.id,
project: googleComputeNetworkNetwork.project,
provider: "${google-beta}",
purpose: "PRIVATE_SERVICE_CONNECT",
});
const googleComputeGlobalForwardingRuleDefault =
new google.computeGlobalForwardingRule.ComputeGlobalForwardingRule(
this,
"default_3",
{
ip_address: googleComputeGlobalAddressDefault.id,
load_balancing_scheme: "",
name: "globalrule",
network: googleComputeNetworkNetwork.id,
project: googleComputeNetworkNetwork.project,
provider: "${google-beta}",
target: "all-apis",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeGlobalForwardingRuleDefault.overrideLogicalId("default");
Argument Reference
The following arguments are supported:
-
name- (Required) Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression[aZ]([AZ09]*[aZ09])?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. -
target- (Required) The URL of the target resource to receive the matched traffic. The forwarded traffic must be of a type appropriate to the target object. For INTERNAL_SELF_MANAGED load balancing, only HTTP and HTTPS targets are valid. (Beta only) For global address with a purpose of PRIVATE_SERVICE_CONNECT and addressType of INTERNAL, only "all-apis" and "vpc-sc" are valid.
-
description- (Optional) An optional description of this resource. Provide this property when you create the resource. -
ipAddress- (Optional) The IP address that this forwarding rule serves. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the target that you specify in the forwarding rule. The loadBalancingScheme and the forwarding rule's target determine the type of IP address that you can use. For detailed information, refer to IP address specifications. An address can be specified either by a literal IP address or a reference to an existing Address resource. If you don't specify a reserved IP address, an ephemeral IP address is assigned. The value must be set to 0.0.0.0 when the target is a targetGrpcProxy that has validateForProxyless field set to true. For Private Service Connect forwarding rules that forward traffic to Google APIs, IP address must be provided. -
ipProtocol- (Optional) The IP protocol to which this rule applies. When the load balancing scheme is INTERNAL_SELF_MANAGED, only TCP is valid. This field must not be set if the global address is configured as a purpose of PRIVATE_SERVICE_CONNECT and addressType of INTERNAL Possible values aretcp,udp,esp,ah,sctp, andicmp. -
ipVersion- (Optional) The IP Version that will be used by this global forwarding rule. Possible values areipv4andipv6. -
labels- (Optional, Beta) Labels to apply to this forwarding rule. A list of key->value pairs. -
loadBalancingScheme- (Optional) This signifies what the GlobalForwardingRule will be used for. The value of INTERNAL_SELF_MANAGED means that this will be used for Internal Global HTTP(S) LB. The value of EXTERNAL means that this will be used for External Global Load Balancing (HTTP(S) LB, External TCP/UDP LB, SSL Proxy). The value of EXTERNAL_MANAGED means that this will be used for Global external HTTP(S) load balancers. (Beta only) Note: This field must be set "" if the global address is configured as a purpose of PRIVATE_SERVICE_CONNECT and addressType of INTERNAL. Default value isexternal. Possible values areexternal,externalManaged, andinternalSelfManaged. -
metadataFilters- (Optional) Opaque filter criteria used by Loadbalancer to restrict routing configuration to a limited set xDS compliant clients. In their xDS requests to Loadbalancer, xDS clients present node metadata. If a match takes place, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels in the provided metadata. metadataFilters specified here can be overridden by those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED. Structure is documented below. -
network- (Optional, Beta) This field is not used for external load balancing. For INTERNAL_SELF_MANAGED load balancing, this field identifies the network that the load balanced IP should belong to for this global forwarding rule. If this field is not specified, the default network will be used. -
portRange- (Optional) This field is used along with the target field for TargetHttpProxy, TargetHttpsProxy, TargetSslProxy, TargetTcpProxy, TargetVpnGateway, TargetPool, TargetInstance. Applicable only when IPProtocol is TCP, UDP, or SCTP, only packets addressed to ports in the specified range will be forwarded to target. Forwarding rules with the same [IPAddress, IPProtocol] pair must have disjoint port ranges. Some types of forwarding target have constraints on the acceptable ports:- TargetHttpProxy: 80, 8080
- TargetHttpsProxy: 443
- TargetTcpProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222
- TargetSslProxy: 25, 43, 110, 143, 195, 443, 465, 587, 700, 993, 995, 1883, 5222
- TargetVpnGateway: 500, 4500
-
project- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
The metadataFilters block supports:
-
filterMatchCriteria- (Required) Specifies how individual filterLabel matches within the list of filterLabels contribute towards the overall metadataFilter match. MATCH_ANY - At least one of the filterLabels must have a matching label in the provided metadata. MATCH_ALL - All filterLabels must have matching labels in the provided metadata. Possible values arematchAnyandmatchAll. -
filterLabels- (Required) The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries. Structure is documented below.
The filterLabels block supports:
-
name- (Required) Name of the metadata label. The length must be between 1 and 1024 characters, inclusive. -
value- (Required) The value that the label must match. The value has a maximum length of 1024 characters.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
id- an identifier for the resource with formatprojects/{{project}}/global/forwardingRules/{{name}} -
labelFingerprint- (Beta) The fingerprint used for optimistic locking of this resource. Used internally during updates. -
selfLink- The URI of the created resource.
Timeouts
This resource provides the following Timeouts configuration options:
create- Default is 20 minutes.update- Default is 20 minutes.delete- Default is 20 minutes.
Import
GlobalForwardingRule can be imported using any of these accepted formats:
$ terraform import google_compute_global_forwarding_rule.default projects/{{project}}/global/forwardingRules/{{name}}
$ terraform import google_compute_global_forwarding_rule.default {{project}}/{{name}}
$ terraform import google_compute_global_forwarding_rule.default {{name}}
User Project Overrides
This resource supports User Project Overrides.