googleComputeRegionNetworkEndpointGroup
A regional NEG that can support Serverless Products.
Recreating a region network endpoint group that's in use by another resource will give a resourceInUseByAnotherResource error. Use lifecycleCreateBeforeDestroy to avoid this type of error.
To get more information about RegionNetworkEndpointGroup, see:
- API documentation
- How-to Guides
- Official Documentation
Example Usage - Region Network Endpoint Group Functions
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleStorageBucketBucket = new google.storageBucket.StorageBucket(
this,
"bucket",
{
location: "US",
name: "cloudfunctions-function-example-bucket",
}
);
const googleStorageBucketObjectArchive =
new google.storageBucketObject.StorageBucketObject(this, "archive", {
bucket: googleStorageBucketBucket.name,
name: "index.zip",
source: "path/to/index.zip",
});
const googleCloudfunctionsFunctionFunctionNeg =
new google.cloudfunctionsFunction.CloudfunctionsFunction(
this,
"function_neg",
{
available_memory_mb: 128,
description: "My function",
entry_point: "helloGET",
name: "function-neg",
runtime: "nodejs10",
source_archive_bucket: googleStorageBucketBucket.name,
source_archive_object: googleStorageBucketObjectArchive.name,
timeout: 60,
trigger_http: true,
}
);
const googleComputeRegionNetworkEndpointGroupFunctionNeg =
new google.computeRegionNetworkEndpointGroup.ComputeRegionNetworkEndpointGroup(
this,
"function_neg_3",
{
cloud_function: [
{
function: googleCloudfunctionsFunctionFunctionNeg.name,
},
],
name: "function-neg",
network_endpoint_type: "SERVERLESS",
region: "us-central1",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeRegionNetworkEndpointGroupFunctionNeg.overrideLogicalId(
"function_neg"
);
Example Usage - Region Network Endpoint Group Cloudrun
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleCloudRunServiceCloudrunNeg =
new google.cloudRunService.CloudRunService(this, "cloudrun_neg", {
location: "us-central1",
name: "cloudrun-neg",
template: [
{
spec: [
{
containers: [
{
image: "us-docker.pkg.dev/cloudrun/container/hello",
},
],
},
],
},
],
traffic: [
{
latest_revision: true,
percent: 100,
},
],
});
const googleComputeRegionNetworkEndpointGroupCloudrunNeg =
new google.computeRegionNetworkEndpointGroup.ComputeRegionNetworkEndpointGroup(
this,
"cloudrun_neg_1",
{
cloud_run: [
{
service: googleCloudRunServiceCloudrunNeg.name,
},
],
name: "cloudrun-neg",
network_endpoint_type: "SERVERLESS",
region: "us-central1",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeRegionNetworkEndpointGroupCloudrunNeg.overrideLogicalId(
"cloudrun_neg"
);
Example Usage - Region Network Endpoint Group Appengine
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleStorageBucketAppengineNeg = new google.storageBucket.StorageBucket(
this,
"appengine_neg",
{
location: "US",
name: "appengine-neg",
}
);
const googleStorageBucketObjectAppengineNeg =
new google.storageBucketObject.StorageBucketObject(this, "appengine_neg_1", {
bucket: googleStorageBucketAppengineNeg.name,
name: "hello-world.zip",
source: "./test-fixtures/appengine/hello-world.zip",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleStorageBucketObjectAppengineNeg.overrideLogicalId("appengine_neg");
const googleAppEngineFlexibleAppVersionAppengineNeg =
new google.appEngineFlexibleAppVersion.AppEngineFlexibleAppVersion(
this,
"appengine_neg_2",
{
automatic_scaling: [
{
cool_down_period: "120s",
cpu_utilization: [
{
target_utilization: 0.5,
},
],
},
],
deployment: [
{
zip: [
{
source_url: `https://storage.googleapis.com/\${${googleStorageBucketAppengineNeg.name}}/\${${googleStorageBucketObjectAppengineNeg.name}}`,
},
],
},
],
entrypoint: [
{
shell: "node ./app.js",
},
],
env_variables: [
{
port: "8080",
},
],
handlers: [
{
auth_fail_action: "AUTH_FAIL_ACTION_REDIRECT",
login: "LOGIN_REQUIRED",
security_level: "SECURE_ALWAYS",
static_files: [
{
path: "my-other-path",
upload_path_regex: ".*\\/my-path\\/*",
},
],
url_regex: ".*\\/my-path\\/*",
},
],
liveness_check: [
{
path: "/",
},
],
noop_on_destroy: true,
readiness_check: [
{
path: "/",
},
],
runtime: "nodejs",
service: "appengine-network-endpoint-group",
version_id: "v1",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleAppEngineFlexibleAppVersionAppengineNeg.overrideLogicalId(
"appengine_neg"
);
const googleComputeRegionNetworkEndpointGroupAppengineNeg =
new google.computeRegionNetworkEndpointGroup.ComputeRegionNetworkEndpointGroup(
this,
"appengine_neg_3",
{
app_engine: [
{
service: googleAppEngineFlexibleAppVersionAppengineNeg.service,
version: googleAppEngineFlexibleAppVersionAppengineNeg.versionId,
},
],
name: "appengine-neg",
network_endpoint_type: "SERVERLESS",
region: "us-central1",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeRegionNetworkEndpointGroupAppengineNeg.overrideLogicalId(
"appengine_neg"
);
Example Usage - Region Network Endpoint Group Psc
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
new google.computeRegionNetworkEndpointGroup.ComputeRegionNetworkEndpointGroup(
this,
"psc_neg",
{
name: "psc-neg",
network_endpoint_type: "PRIVATE_SERVICE_CONNECT",
psc_target_service: "asia-northeast3-cloudkms.googleapis.com",
region: "asia-northeast3",
}
);
Example Usage - Region Network Endpoint Group Psc Service Attachment
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeHealthCheckDefault =
new google.computeHealthCheck.ComputeHealthCheck(this, "default", {
check_interval_sec: 1,
name: "psc-healthcheck",
tcp_health_check: [
{
port: "80",
},
],
timeout_sec: 1,
});
const googleComputeNetworkDefault = new google.computeNetwork.ComputeNetwork(
this,
"default_1",
{
name: "psc-network",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeNetworkDefault.overrideLogicalId("default");
const googleComputeRegionBackendServiceDefault =
new google.computeRegionBackendService.ComputeRegionBackendService(
this,
"default_2",
{
health_checks: [googleComputeHealthCheckDefault.id],
name: "psc-backend",
region: "europe-west4",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeRegionBackendServiceDefault.overrideLogicalId("default");
const googleComputeSubnetworkDefault =
new google.computeSubnetwork.ComputeSubnetwork(this, "default_3", {
ip_cidr_range: "10.0.0.0/16",
name: "psc-subnetwork",
network: googleComputeNetworkDefault.id,
region: "europe-west4",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeSubnetworkDefault.overrideLogicalId("default");
const googleComputeSubnetworkPscSubnetwork =
new google.computeSubnetwork.ComputeSubnetwork(this, "psc_subnetwork", {
ip_cidr_range: "10.1.0.0/16",
name: "psc-subnetwork-nat",
network: googleComputeNetworkDefault.id,
purpose: "PRIVATE_SERVICE_CONNECT",
region: "europe-west4",
});
const googleComputeForwardingRuleDefault =
new google.computeForwardingRule.ComputeForwardingRule(this, "default_5", {
all_ports: true,
backend_service: googleComputeRegionBackendServiceDefault.id,
load_balancing_scheme: "INTERNAL",
name: "psc-forwarding-rule",
network: googleComputeNetworkDefault.name,
region: "europe-west4",
subnetwork: googleComputeSubnetworkDefault.name,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeForwardingRuleDefault.overrideLogicalId("default");
const googleComputeServiceAttachmentDefault =
new google.computeServiceAttachment.ComputeServiceAttachment(
this,
"default_6",
{
connection_preference: "ACCEPT_AUTOMATIC",
description: "A service attachment configured with Terraform",
enable_proxy_protocol: false,
name: "psc-service-attachment",
nat_subnets: [googleComputeSubnetworkPscSubnetwork.selfLink],
region: "europe-west4",
target_service: googleComputeForwardingRuleDefault.selfLink,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeServiceAttachmentDefault.overrideLogicalId("default");
new google.computeRegionNetworkEndpointGroup.ComputeRegionNetworkEndpointGroup(
this,
"psc_neg_service_attachment",
{
name: "psc-neg",
network: googleComputeNetworkDefault.selfLink,
network_endpoint_type: "PRIVATE_SERVICE_CONNECT",
psc_target_service: googleComputeServiceAttachmentDefault.selfLink,
region: "europe-west4",
subnetwork: googleComputeSubnetworkDefault.selfLink,
}
);
Argument Reference
The following arguments are supported:
-
name- (Required) Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression[aZ]([AZ09]*[aZ09])?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. -
region- (Required) A reference to the region where the Serverless NEGs Reside.
-
description- (Optional) An optional description of this resource. Provide this property when you create the resource. -
networkEndpointType- (Optional) Type of network endpoints in this network endpoint group. Defaults to SERVERLESS Default value isserverless. Possible values areserverlessandprivateServiceConnect. -
pscTargetService- (Optional) The target service url used to set up private service connection to a Google API or a PSC Producer Service Attachment. -
network- (Optional) This field is only used for PSC. The URL of the network to which all network endpoints in the NEG belong. Uses "default" project network if unspecified. -
subnetwork- (Optional) This field is only used for PSC. Optional URL of the subnetwork to which all network endpoints in the NEG belong. -
cloudRun- (Optional) Only valid when networkEndpointType is "SERVERLESS". Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. -
appEngine- (Optional) Only valid when networkEndpointType is "SERVERLESS". Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. -
cloudFunction- (Optional) Only valid when networkEndpointType is "SERVERLESS". Only one of cloud_run, app_engine, cloud_function or serverless_deployment may be set. Structure is documented below. -
serverlessDeployment- (Optional, Beta) Only valid when networkEndpointType is "SERVERLESS". Only one of cloudRun, appEngine, cloudFunction or serverlessDeployment may be set. Structure is documented below. -
project- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
-
service- (Optional) Cloud Run service is the main resource of Cloud Run. The service must be 1-63 characters long, and comply with RFC1035. Example value: "run-service". -
tag- (Optional) Cloud Run tag represents the "named-revision" to provide additional fine-grained traffic routing information. The tag must be 1-63 characters long, and comply with RFC1035. Example value: "revision-0010". -
urlMask- (Optional) A template to parse service and tag fields from a request URL. URL mask allows for routing to multiple Run services without having to create multiple network endpoint groups and backend services. For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" an be backed by the same Serverless Network Endpoint Group (NEG) with URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } and { service="bar2", tag="foo2" } respectively.
-
service- (Optional) Optional serving service. The service name must be 1-63 characters long, and comply with RFC1035. Example value: "default", "my-service". -
version- (Optional) Optional serving version. The version must be 1-63 characters long, and comply with RFC1035. Example value: "v1", "v2". -
urlMask- (Optional) A template to parse service and version fields from a request URL. URL mask allows for routing to multiple App Engine services without having to create multiple Network Endpoint Groups and backend services. For example, the request URLs "foo1-dot-appname.appspot.com/v1" and "foo1-dot-appname.appspot.com/v2" can be backed by the same Serverless NEG with URL mask "-dot-appname.appspot.com/". The URL mask will parse them to { service = "foo1", version = "v1" } and { service = "foo1", version = "v2" } respectively.
The cloudFunction block supports:
-
function- (Optional) A user-defined name of the Cloud Function. The function name is case-sensitive and must be 1-63 characters long. Example value: "func1". -
urlMask- (Optional) A template to parse function field from a request URL. URL mask allows for routing to multiple Cloud Functions without having to create multiple Network Endpoint Groups and backend services. For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" can be backed by the same Serverless NEG with URL mask "/". The URL mask will parse them to { function = "function1" } and { function = "function2" } respectively.
The serverlessDeployment block supports:
-
platform- (Required) The platform of the NEG backend target(s). Possible values: API Gateway: apigateway.googleapis.com -
resource- (Optional) The user-defined name of the workload/instance. This value must be provided explicitly or in the urlMask. The resource identified by this value is platform-specific and is as follows: API Gateway: The gateway ID, App Engine: The service name, Cloud Functions: The function name, Cloud Run: The service name -
version- (Optional) The optional resource version. The version identified by this value is platform-specific and is follows: API Gateway: Unused, App Engine: The service version, Cloud Functions: Unused, Cloud Run: The service tag -
urlMask- (Optional) A template to parse platform-specific fields from a request URL. URL mask allows for routing to multiple resources on the same serverless platform without having to create multiple Network Endpoint Groups and backend resources. The fields parsed by this template are platform-specific and are as follows: API Gateway: The gateway ID, App Engine: The service and version, Cloud Functions: The function name, Cloud Run: The service and tag
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
id- an identifier for the resource with formatprojects/{{project}}/regions/{{region}}/networkEndpointGroups/{{name}}selfLink- The URI of the created resource.
Timeouts
This resource provides the following Timeouts configuration options:
create- Default is 20 minutes.delete- Default is 20 minutes.
Import
RegionNetworkEndpointGroup can be imported using any of these accepted formats:
$ terraform import google_compute_region_network_endpoint_group.default projects/{{project}}/regions/{{region}}/networkEndpointGroups/{{name}}
$ terraform import google_compute_region_network_endpoint_group.default {{project}}/{{region}}/{{name}}
$ terraform import google_compute_region_network_endpoint_group.default {{region}}/{{name}}
$ terraform import google_compute_region_network_endpoint_group.default {{name}}
User Project Overrides
This resource supports User Project Overrides.