googleComputeServiceAttachment
Represents a ServiceAttachment resource.
To get more information about ServiceAttachment, see:
Example Usage - Service Attachment Basic
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeAddressPscIlbConsumerAddress =
new google.computeAddress.ComputeAddress(this, "psc_ilb_consumer_address", {
address_type: "INTERNAL",
name: "psc-ilb-consumer-address",
region: "us-west2",
subnetwork: "default",
});
const googleComputeHealthCheckProducerServiceHealthCheck =
new google.computeHealthCheck.ComputeHealthCheck(
this,
"producer_service_health_check",
{
check_interval_sec: 1,
name: "producer-service-health-check",
tcp_health_check: [
{
port: "80",
},
],
timeout_sec: 1,
}
);
const googleComputeNetworkPscIlbNetwork =
new google.computeNetwork.ComputeNetwork(this, "psc_ilb_network", {
auto_create_subnetworks: false,
name: "psc-ilb-network",
});
const googleComputeRegionBackendServiceProducerServiceBackend =
new google.computeRegionBackendService.ComputeRegionBackendService(
this,
"producer_service_backend",
{
health_checks: [googleComputeHealthCheckProducerServiceHealthCheck.id],
name: "producer-service",
region: "us-west2",
}
);
const googleComputeSubnetworkPscIlbNat =
new google.computeSubnetwork.ComputeSubnetwork(this, "psc_ilb_nat", {
ip_cidr_range: "10.1.0.0/16",
name: "psc-ilb-nat",
network: googleComputeNetworkPscIlbNetwork.id,
purpose: "PRIVATE_SERVICE_CONNECT",
region: "us-west2",
});
const googleComputeSubnetworkPscIlbProducerSubnetwork =
new google.computeSubnetwork.ComputeSubnetwork(
this,
"psc_ilb_producer_subnetwork",
{
ip_cidr_range: "10.0.0.0/16",
name: "psc-ilb-producer-subnetwork",
network: googleComputeNetworkPscIlbNetwork.id,
region: "us-west2",
}
);
const googleComputeForwardingRulePscIlbTargetService =
new google.computeForwardingRule.ComputeForwardingRule(
this,
"psc_ilb_target_service",
{
all_ports: true,
backend_service:
googleComputeRegionBackendServiceProducerServiceBackend.id,
load_balancing_scheme: "INTERNAL",
name: "producer-forwarding-rule",
network: googleComputeNetworkPscIlbNetwork.name,
region: "us-west2",
subnetwork: googleComputeSubnetworkPscIlbProducerSubnetwork.name,
}
);
const googleComputeServiceAttachmentPscIlbServiceAttachment =
new google.computeServiceAttachment.ComputeServiceAttachment(
this,
"psc_ilb_service_attachment",
{
connection_preference: "ACCEPT_AUTOMATIC",
description: "A service attachment configured with Terraform",
domain_names: ["gcp.tfacc.hashicorptest.com."],
enable_proxy_protocol: true,
name: "my-psc-ilb",
nat_subnets: [googleComputeSubnetworkPscIlbNat.id],
region: "us-west2",
target_service: googleComputeForwardingRulePscIlbTargetService.id,
}
);
new google.computeForwardingRule.ComputeForwardingRule(
this,
"psc_ilb_consumer",
{
ip_address: googleComputeAddressPscIlbConsumerAddress.id,
load_balancing_scheme: "",
name: "psc-ilb-consumer-forwarding-rule",
network: "default",
region: "us-west2",
target: googleComputeServiceAttachmentPscIlbServiceAttachment.id,
}
);
Example Usage - Service Attachment Explicit Projects
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeAddressPscIlbConsumerAddress =
new google.computeAddress.ComputeAddress(this, "psc_ilb_consumer_address", {
address_type: "INTERNAL",
name: "psc-ilb-consumer-address",
region: "us-west2",
subnetwork: "default",
});
const googleComputeHealthCheckProducerServiceHealthCheck =
new google.computeHealthCheck.ComputeHealthCheck(
this,
"producer_service_health_check",
{
check_interval_sec: 1,
name: "producer-service-health-check",
tcp_health_check: [
{
port: "80",
},
],
timeout_sec: 1,
}
);
const googleComputeNetworkPscIlbNetwork =
new google.computeNetwork.ComputeNetwork(this, "psc_ilb_network", {
auto_create_subnetworks: false,
name: "psc-ilb-network",
});
const googleComputeRegionBackendServiceProducerServiceBackend =
new google.computeRegionBackendService.ComputeRegionBackendService(
this,
"producer_service_backend",
{
health_checks: [googleComputeHealthCheckProducerServiceHealthCheck.id],
name: "producer-service",
region: "us-west2",
}
);
const googleComputeSubnetworkPscIlbNat =
new google.computeSubnetwork.ComputeSubnetwork(this, "psc_ilb_nat", {
ip_cidr_range: "10.1.0.0/16",
name: "psc-ilb-nat",
network: googleComputeNetworkPscIlbNetwork.id,
purpose: "PRIVATE_SERVICE_CONNECT",
region: "us-west2",
});
const googleComputeSubnetworkPscIlbProducerSubnetwork =
new google.computeSubnetwork.ComputeSubnetwork(
this,
"psc_ilb_producer_subnetwork",
{
ip_cidr_range: "10.0.0.0/16",
name: "psc-ilb-producer-subnetwork",
network: googleComputeNetworkPscIlbNetwork.id,
region: "us-west2",
}
);
const googleComputeForwardingRulePscIlbTargetService =
new google.computeForwardingRule.ComputeForwardingRule(
this,
"psc_ilb_target_service",
{
all_ports: true,
backend_service:
googleComputeRegionBackendServiceProducerServiceBackend.id,
load_balancing_scheme: "INTERNAL",
name: "producer-forwarding-rule",
network: googleComputeNetworkPscIlbNetwork.name,
region: "us-west2",
subnetwork: googleComputeSubnetworkPscIlbProducerSubnetwork.name,
}
);
const googleComputeServiceAttachmentPscIlbServiceAttachment =
new google.computeServiceAttachment.ComputeServiceAttachment(
this,
"psc_ilb_service_attachment",
{
connection_preference: "ACCEPT_MANUAL",
consumer_accept_lists: [
{
connection_limit: 4,
project_id_or_num: "658859330310",
},
],
consumer_reject_lists: ["673497134629", "482878270665"],
description: "A service attachment configured with Terraform",
domain_names: ["gcp.tfacc.hashicorptest.com."],
enable_proxy_protocol: true,
name: "my-psc-ilb",
nat_subnets: [googleComputeSubnetworkPscIlbNat.id],
region: "us-west2",
target_service: googleComputeForwardingRulePscIlbTargetService.id,
}
);
new google.computeForwardingRule.ComputeForwardingRule(
this,
"psc_ilb_consumer",
{
ip_address: googleComputeAddressPscIlbConsumerAddress.id,
load_balancing_scheme: "",
name: "psc-ilb-consumer-forwarding-rule",
network: "default",
region: "us-west2",
target: googleComputeServiceAttachmentPscIlbServiceAttachment.id,
}
);
Argument Reference
The following arguments are supported:
-
name- (Required) Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression[aZ]([AZ09]*[aZ09])?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. -
connectionPreference- (Required) The connection preference to use for this service attachment. Valid values include "ACCEPT_AUTOMATIC", "ACCEPT_MANUAL". -
targetService- (Required) The URL of a forwarding rule that represents the service identified by this service attachment. -
natSubnets- (Required) An array of subnets that is provided for NAT in this service attachment. -
enableProxyProtocol- (Required) If true, enable the proxy protocol which is for supplying client TCP/IP address data in TCP connections that traverse proxies on their way to destination servers.
-
description- (Optional) An optional description of this resource. -
domainNames- (Optional) If specified, the domain name will be used during the integration between the PSC connected endpoints and the Cloud DNS. For example, this is a valid domain name: "p.mycompany.com.". Current max number of domain names supported is 1. -
consumerRejectLists- (Optional) An array of projects that are not allowed to connect to this service attachment. -
consumerAcceptLists- (Optional) An array of projects that are allowed to connect to this service attachment. Structure is documented below. -
region- (Optional) URL of the region where the resource resides. -
project- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
The consumerAcceptLists block supports:
-
projectIdOrNum- (Required) A project that is allowed to connect to this service attachment. -
connectionLimit- (Required) The number of consumer forwarding rules the consumer project can create.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
id- an identifier for the resource with formatprojects/{{project}}/regions/{{region}}/serviceAttachments/{{name}} -
fingerprint- Fingerprint of this resource. This field is used internally during updates of this resource. -
connectedEndpoints- An array of the consumer forwarding rules connected to this service attachment. Structure is documented below. -
selfLink- The URI of the created resource.
The connectedEndpoints block contains:
-
endpoint- (Output) The URL of the consumer forwarding rule. -
status- (Output) The status of the connection from the consumer forwarding rule to this service attachment.
Timeouts
This resource provides the following Timeouts configuration options:
create- Default is 20 minutes.update- Default is 20 minutes.delete- Default is 20 minutes.
Import
ServiceAttachment can be imported using any of these accepted formats:
$ terraform import google_compute_service_attachment.default projects/{{project}}/regions/{{region}}/serviceAttachments/{{name}}
$ terraform import google_compute_service_attachment.default {{project}}/{{region}}/{{name}}
$ terraform import google_compute_service_attachment.default {{region}}/{{name}}
$ terraform import google_compute_service_attachment.default {{name}}
User Project Overrides
This resource supports User Project Overrides.