Docs Home
Google Cloud v8.21.0 published on Wednesday, Mar 5, 2025 by Pulumi
gcp.compute.RouterNat
Explore with Pulumi AI
A NAT service created in a router.
Note: Recreating a
gcp.compute.Addressthat is being used bygcp.compute.RouterNatwill give aresourceInUseByAnotherResourceerror. Uselifecycle.create_before_destroyon this address resource to avoid this type of error as shown in the Manual Ips example.
To get more information about RouterNat, see:
- API documentation
- How-to Guides
Example Usage
Router Nat Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const net = new gcp.compute.Network("net", {name: "my-network"});
const subnet = new gcp.compute.Subnetwork("subnet", {
name: "my-subnetwork",
network: net.id,
ipCidrRange: "10.0.0.0/16",
region: "us-central1",
});
const router = new gcp.compute.Router("router", {
name: "my-router",
region: subnet.region,
network: net.id,
bgp: {
asn: 64514,
},
});
const nat = new gcp.compute.RouterNat("nat", {
name: "my-router-nat",
router: router.name,
region: router.region,
natIpAllocateOption: "AUTO_ONLY",
sourceSubnetworkIpRangesToNat: "ALL_SUBNETWORKS_ALL_IP_RANGES",
logConfig: {
enable: true,
filter: "ERRORS_ONLY",
},
});
import pulumi
import pulumi_gcp as gcp
net = gcp.compute.Network("net", name="my-network")
subnet = gcp.compute.Subnetwork("subnet",
name="my-subnetwork",
network=net.id,
ip_cidr_range="10.0.0.0/16",
region="us-central1")
router = gcp.compute.Router("router",
name="my-router",
region=subnet.region,
network=net.id,
bgp={
"asn": 64514,
})
nat = gcp.compute.RouterNat("nat",
name="my-router-nat",
router=router.name,
region=router.region,
nat_ip_allocate_option="AUTO_ONLY",
source_subnetwork_ip_ranges_to_nat="ALL_SUBNETWORKS_ALL_IP_RANGES",
log_config={
"enable": True,
"filter": "ERRORS_ONLY",
})
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
net, err := compute.NewNetwork(ctx, "net", &compute.NetworkArgs{
Name: pulumi.String("my-network"),
})
if err != nil {
return err
}
subnet, err := compute.NewSubnetwork(ctx, "subnet", &compute.SubnetworkArgs{
Name: pulumi.String("my-subnetwork"),
Network: net.ID(),
IpCidrRange: pulumi.String("10.0.0.0/16"),
Region: pulumi.String("us-central1"),
})
if err != nil {
return err
}
router, err := compute.NewRouter(ctx, "router", &compute.RouterArgs{
Name: pulumi.String("my-router"),
Region: subnet.Region,
Network: net.ID(),
Bgp: &compute.RouterBgpArgs{
Asn: pulumi.Int(64514),
},
})
if err != nil {
return err
}
_, err = compute.NewRouterNat(ctx, "nat", &compute.RouterNatArgs{
Name: pulumi.String("my-router-nat"),
Router: router.Name,
Region: router.Region,
NatIpAllocateOption: pulumi.String("AUTO_ONLY"),
SourceSubnetworkIpRangesToNat: pulumi.String("ALL_SUBNETWORKS_ALL_IP_RANGES"),
LogConfig: &compute.RouterNatLogConfigArgs{
Enable: pulumi.Bool(true),
Filter: pulumi.String("ERRORS_ONLY"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var net = new Gcp.Compute.Network("net", new()
{
Name = "my-network",
});
var subnet = new Gcp.Compute.Subnetwork("subnet", new()
{
Name = "my-subnetwork",
Network = net.Id,
IpCidrRange = "10.0.0.0/16",
Region = "us-central1",
});
var router = new Gcp.Compute.Router("router", new()
{
Name = "my-router",
Region = subnet.Region,
Network = net.Id,
Bgp = new Gcp.Compute.Inputs.RouterBgpArgs
{
Asn = 64514,
},
});
var nat = new Gcp.Compute.RouterNat("nat", new()
{
Name = "my-router-nat",
Router = router.Name,
Region = router.Region,
NatIpAllocateOption = "AUTO_ONLY",
SourceSubnetworkIpRangesToNat = "ALL_SUBNETWORKS_ALL_IP_RANGES",
LogConfig = new Gcp.Compute.Inputs.RouterNatLogConfigArgs
{
Enable = true,
Filter = "ERRORS_ONLY",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.Router;
import com.pulumi.gcp.compute.RouterArgs;
import com.pulumi.gcp.compute.inputs.RouterBgpArgs;
import com.pulumi.gcp.compute.RouterNat;
import com.pulumi.gcp.compute.RouterNatArgs;
import com.pulumi.gcp.compute.inputs.RouterNatLogConfigArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var net = new Network("net", NetworkArgs.builder()
.name("my-network")
.build());
var subnet = new Subnetwork("subnet", SubnetworkArgs.builder()
.name("my-subnetwork")
.network(net.id())
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.build());
var router = new Router("router", RouterArgs.builder()
.name("my-router")
.region(subnet.region())
.network(net.id())
.bgp(RouterBgpArgs.builder()
.asn(64514)
.build())
.build());
var nat = new RouterNat("nat", RouterNatArgs.builder()
.name("my-router-nat")
.router(router.name())
.region(router.region())
.natIpAllocateOption("AUTO_ONLY")
.sourceSubnetworkIpRangesToNat("ALL_SUBNETWORKS_ALL_IP_RANGES")
.logConfig(RouterNatLogConfigArgs.builder()
.enable(true)
.filter("ERRORS_ONLY")
.build())
.build());
}
}
resources:
net:
type: gcp:compute:Network
properties:
name: my-network
subnet:
type: gcp:compute:Subnetwork
properties:
name: my-subnetwork
network: ${net.id}
ipCidrRange: 10.0.0.0/16
region: us-central1
router:
type: gcp:compute:Router
properties:
name: my-router
region: ${subnet.region}
network: ${net.id}
bgp:
asn: 64514
nat:
type: gcp:compute:RouterNat
properties:
name: my-router-nat
router: ${router.name}
region: ${router.region}
natIpAllocateOption: AUTO_ONLY
sourceSubnetworkIpRangesToNat: ALL_SUBNETWORKS_ALL_IP_RANGES
logConfig:
enable: true
filter: ERRORS_ONLY
Router Nat Rules
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const net = new gcp.compute.Network("net", {
name: "my-network",
autoCreateSubnetworks: false,
});
const subnet = new gcp.compute.Subnetwork("subnet", {
name: "my-subnetwork",
network: net.id,
ipCidrRange: "10.0.0.0/16",
region: "us-central1",
});
const router = new gcp.compute.Router("router", {
name: "my-router",
region: subnet.region,
network: net.id,
});
const addr1 = new gcp.compute.Address("addr1", {
name: "nat-address1",
region: subnet.region,
});
const addr2 = new gcp.compute.Address("addr2", {
name: "nat-address2",
region: subnet.region,
});
const addr3 = new gcp.compute.Address("addr3", {
name: "nat-address3",
region: subnet.region,
});
const natRules = new gcp.compute.RouterNat("nat_rules", {
name: "my-router-nat",
router: router.name,
region: router.region,
natIpAllocateOption: "MANUAL_ONLY",
natIps: [addr1.selfLink],
sourceSubnetworkIpRangesToNat: "LIST_OF_SUBNETWORKS",
subnetworks: [{
name: subnet.id,
sourceIpRangesToNats: ["ALL_IP_RANGES"],
}],
rules: [{
ruleNumber: 100,
description: "nat rules example",
match: "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')",
action: {
sourceNatActiveIps: [
addr2.selfLink,
addr3.selfLink,
],
},
}],
enableEndpointIndependentMapping: false,
});
import pulumi
import pulumi_gcp as gcp
net = gcp.compute.Network("net",
name="my-network",
auto_create_subnetworks=False)
subnet = gcp.compute.Subnetwork("subnet",
name="my-subnetwork",
network=net.id,
ip_cidr_range="10.0.0.0/16",
region="us-central1")
router = gcp.compute.Router("router",
name="my-router",
region=subnet.region,
network=net.id)
addr1 = gcp.compute.Address("addr1",
name="nat-address1",
region=subnet.region)
addr2 = gcp.compute.Address("addr2",
name="nat-address2",
region=subnet.region)
addr3 = gcp.compute.Address("addr3",
name="nat-address3",
region=subnet.region)
nat_rules = gcp.compute.RouterNat("nat_rules",
name="my-router-nat",
router=router.name,
region=router.region,
nat_ip_allocate_option="MANUAL_ONLY",
nat_ips=[addr1.self_link],
source_subnetwork_ip_ranges_to_nat="LIST_OF_SUBNETWORKS",
subnetworks=[{
"name": subnet.id,
"source_ip_ranges_to_nats": ["ALL_IP_RANGES"],
}],
rules=[{
"rule_number": 100,
"description": "nat rules example",
"match": "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')",
"action": {
"source_nat_active_ips": [
addr2.self_link,
addr3.self_link,
],
},
}],
enable_endpoint_independent_mapping=False)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
net, err := compute.NewNetwork(ctx, "net", &compute.NetworkArgs{
Name: pulumi.String("my-network"),
AutoCreateSubnetworks: pulumi.Bool(false),
})
if err != nil {
return err
}
subnet, err := compute.NewSubnetwork(ctx, "subnet", &compute.SubnetworkArgs{
Name: pulumi.String("my-subnetwork"),
Network: net.ID(),
IpCidrRange: pulumi.String("10.0.0.0/16"),
Region: pulumi.String("us-central1"),
})
if err != nil {
return err
}
router, err := compute.NewRouter(ctx, "router", &compute.RouterArgs{
Name: pulumi.String("my-router"),
Region: subnet.Region,
Network: net.ID(),
})
if err != nil {
return err
}
addr1, err := compute.NewAddress(ctx, "addr1", &compute.AddressArgs{
Name: pulumi.String("nat-address1"),
Region: subnet.Region,
})
if err != nil {
return err
}
addr2, err := compute.NewAddress(ctx, "addr2", &compute.AddressArgs{
Name: pulumi.String("nat-address2"),
Region: subnet.Region,
})
if err != nil {
return err
}
addr3, err := compute.NewAddress(ctx, "addr3", &compute.AddressArgs{
Name: pulumi.String("nat-address3"),
Region: subnet.Region,
})
if err != nil {
return err
}
_, err = compute.NewRouterNat(ctx, "nat_rules", &compute.RouterNatArgs{
Name: pulumi.String("my-router-nat"),
Router: router.Name,
Region: router.Region,
NatIpAllocateOption: pulumi.String("MANUAL_ONLY"),
NatIps: pulumi.StringArray{
addr1.SelfLink,
},
SourceSubnetworkIpRangesToNat: pulumi.String("LIST_OF_SUBNETWORKS"),
Subnetworks: compute.RouterNatSubnetworkArray{
&compute.RouterNatSubnetworkArgs{
Name: subnet.ID(),
SourceIpRangesToNats: pulumi.StringArray{
pulumi.String("ALL_IP_RANGES"),
},
},
},
Rules: compute.RouterNatRuleArray{
&compute.RouterNatRuleArgs{
RuleNumber: pulumi.Int(100),
Description: pulumi.String("nat rules example"),
Match: pulumi.String("inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')"),
Action: &compute.RouterNatRuleActionArgs{
SourceNatActiveIps: pulumi.StringArray{
addr2.SelfLink,
addr3.SelfLink,
},
},
},
},
EnableEndpointIndependentMapping: pulumi.Bool(false),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var net = new Gcp.Compute.Network("net", new()
{
Name = "my-network",
AutoCreateSubnetworks = false,
});
var subnet = new Gcp.Compute.Subnetwork("subnet", new()
{
Name = "my-subnetwork",
Network = net.Id,
IpCidrRange = "10.0.0.0/16",
Region = "us-central1",
});
var router = new Gcp.Compute.Router("router", new()
{
Name = "my-router",
Region = subnet.Region,
Network = net.Id,
});
var addr1 = new Gcp.Compute.Address("addr1", new()
{
Name = "nat-address1",
Region = subnet.Region,
});
var addr2 = new Gcp.Compute.Address("addr2", new()
{
Name = "nat-address2",
Region = subnet.Region,
});
var addr3 = new Gcp.Compute.Address("addr3", new()
{
Name = "nat-address3",
Region = subnet.Region,
});
var natRules = new Gcp.Compute.RouterNat("nat_rules", new()
{
Name = "my-router-nat",
Router = router.Name,
Region = router.Region,
NatIpAllocateOption = "MANUAL_ONLY",
NatIps = new[]
{
addr1.SelfLink,
},
SourceSubnetworkIpRangesToNat = "LIST_OF_SUBNETWORKS",
Subnetworks = new[]
{
new Gcp.Compute.Inputs.RouterNatSubnetworkArgs
{
Name = subnet.Id,
SourceIpRangesToNats = new[]
{
"ALL_IP_RANGES",
},
},
},
Rules = new[]
{
new Gcp.Compute.Inputs.RouterNatRuleArgs
{
RuleNumber = 100,
Description = "nat rules example",
Match = "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')",
Action = new Gcp.Compute.Inputs.RouterNatRuleActionArgs
{
SourceNatActiveIps = new[]
{
addr2.SelfLink,
addr3.SelfLink,
},
},
},
},
EnableEndpointIndependentMapping = false,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.Router;
import com.pulumi.gcp.compute.RouterArgs;
import com.pulumi.gcp.compute.Address;
import com.pulumi.gcp.compute.AddressArgs;
import com.pulumi.gcp.compute.RouterNat;
import com.pulumi.gcp.compute.RouterNatArgs;
import com.pulumi.gcp.compute.inputs.RouterNatSubnetworkArgs;
import com.pulumi.gcp.compute.inputs.RouterNatRuleArgs;
import com.pulumi.gcp.compute.inputs.RouterNatRuleActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var net = new Network("net", NetworkArgs.builder()
.name("my-network")
.autoCreateSubnetworks(false)
.build());
var subnet = new Subnetwork("subnet", SubnetworkArgs.builder()
.name("my-subnetwork")
.network(net.id())
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.build());
var router = new Router("router", RouterArgs.builder()
.name("my-router")
.region(subnet.region())
.network(net.id())
.build());
var addr1 = new Address("addr1", AddressArgs.builder()
.name("nat-address1")
.region(subnet.region())
.build());
var addr2 = new Address("addr2", AddressArgs.builder()
.name("nat-address2")
.region(subnet.region())
.build());
var addr3 = new Address("addr3", AddressArgs.builder()
.name("nat-address3")
.region(subnet.region())
.build());
var natRules = new RouterNat("natRules", RouterNatArgs.builder()
.name("my-router-nat")
.router(router.name())
.region(router.region())
.natIpAllocateOption("MANUAL_ONLY")
.natIps(addr1.selfLink())
.sourceSubnetworkIpRangesToNat("LIST_OF_SUBNETWORKS")
.subnetworks(RouterNatSubnetworkArgs.builder()
.name(subnet.id())
.sourceIpRangesToNats("ALL_IP_RANGES")
.build())
.rules(RouterNatRuleArgs.builder()
.ruleNumber(100)
.description("nat rules example")
.match("inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')")
.action(RouterNatRuleActionArgs.builder()
.sourceNatActiveIps(
addr2.selfLink(),
addr3.selfLink())
.build())
.build())
.enableEndpointIndependentMapping(false)
.build());
}
}
resources:
net:
type: gcp:compute:Network
properties:
name: my-network
autoCreateSubnetworks: false
subnet:
type: gcp:compute:Subnetwork
properties:
name: my-subnetwork
network: ${net.id}
ipCidrRange: 10.0.0.0/16
region: us-central1
router:
type: gcp:compute:Router
properties:
name: my-router
region: ${subnet.region}
network: ${net.id}
addr1:
type: gcp:compute:Address
properties:
name: nat-address1
region: ${subnet.region}
addr2:
type: gcp:compute:Address
properties:
name: nat-address2
region: ${subnet.region}
addr3:
type: gcp:compute:Address
properties:
name: nat-address3
region: ${subnet.region}
natRules:
type: gcp:compute:RouterNat
name: nat_rules
properties:
name: my-router-nat
router: ${router.name}
region: ${router.region}
natIpAllocateOption: MANUAL_ONLY
natIps:
- ${addr1.selfLink}
sourceSubnetworkIpRangesToNat: LIST_OF_SUBNETWORKS
subnetworks:
- name: ${subnet.id}
sourceIpRangesToNats:
- ALL_IP_RANGES
rules:
- ruleNumber: 100
description: nat rules example
match: inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')
action:
sourceNatActiveIps:
- ${addr2.selfLink}
- ${addr3.selfLink}
enableEndpointIndependentMapping: false
Router Nat Private
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const net = new gcp.compute.Network("net", {name: "my-network"});
const subnet = new gcp.compute.Subnetwork("subnet", {
name: "my-subnetwork",
network: net.id,
ipCidrRange: "10.0.0.0/16",
region: "us-central1",
purpose: "PRIVATE_NAT",
});
const router = new gcp.compute.Router("router", {
name: "my-router",
region: subnet.region,
network: net.id,
});
const hub = new gcp.networkconnectivity.Hub("hub", {
name: "my-hub",
description: "vpc hub for inter vpc nat",
});
const spoke = new gcp.networkconnectivity.Spoke("spoke", {
name: "my-spoke",
location: "global",
description: "vpc spoke for inter vpc nat",
hub: hub.id,
linkedVpcNetwork: {
excludeExportRanges: [
"198.51.100.0/24",
"10.10.0.0/16",
],
uri: net.selfLink,
},
});
const natType = new gcp.compute.RouterNat("nat_type", {
name: "my-router-nat",
router: router.name,
region: router.region,
sourceSubnetworkIpRangesToNat: "LIST_OF_SUBNETWORKS",
enableDynamicPortAllocation: false,
enableEndpointIndependentMapping: false,
minPortsPerVm: 32,
type: "PRIVATE",
subnetworks: [{
name: subnet.id,
sourceIpRangesToNats: ["ALL_IP_RANGES"],
}],
rules: [{
ruleNumber: 100,
description: "rule for private nat",
match: "nexthop.hub == \"//networkconnectivity.googleapis.com/projects/acm-test-proj-123/locations/global/hubs/my-hub\"",
action: {
sourceNatActiveRanges: [subnet.selfLink],
},
}],
});
import pulumi
import pulumi_gcp as gcp
net = gcp.compute.Network("net", name="my-network")
subnet = gcp.compute.Subnetwork("subnet",
name="my-subnetwork",
network=net.id,
ip_cidr_range="10.0.0.0/16",
region="us-central1",
purpose="PRIVATE_NAT")
router = gcp.compute.Router("router",
name="my-router",
region=subnet.region,
network=net.id)
hub = gcp.networkconnectivity.Hub("hub",
name="my-hub",
description="vpc hub for inter vpc nat")
spoke = gcp.networkconnectivity.Spoke("spoke",
name="my-spoke",
location="global",
description="vpc spoke for inter vpc nat",
hub=hub.id,
linked_vpc_network={
"exclude_export_ranges": [
"198.51.100.0/24",
"10.10.0.0/16",
],
"uri": net.self_link,
})
nat_type = gcp.compute.RouterNat("nat_type",
name="my-router-nat",
router=router.name,
region=router.region,
source_subnetwork_ip_ranges_to_nat="LIST_OF_SUBNETWORKS",
enable_dynamic_port_allocation=False,
enable_endpoint_independent_mapping=False,
min_ports_per_vm=32,
type="PRIVATE",
subnetworks=[{
"name": subnet.id,
"source_ip_ranges_to_nats": ["ALL_IP_RANGES"],
}],
rules=[{
"rule_number": 100,
"description": "rule for private nat",
"match": "nexthop.hub == \"//networkconnectivity.googleapis.com/projects/acm-test-proj-123/locations/global/hubs/my-hub\"",
"action": {
"source_nat_active_ranges": [subnet.self_link],
},
}])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networkconnectivity"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
net, err := compute.NewNetwork(ctx, "net", &compute.NetworkArgs{
Name: pulumi.String("my-network"),
})
if err != nil {
return err
}
subnet, err := compute.NewSubnetwork(ctx, "subnet", &compute.SubnetworkArgs{
Name: pulumi.String("my-subnetwork"),
Network: net.ID(),
IpCidrRange: pulumi.String("10.0.0.0/16"),
Region: pulumi.String("us-central1"),
Purpose: pulumi.String("PRIVATE_NAT"),
})
if err != nil {
return err
}
router, err := compute.NewRouter(ctx, "router", &compute.RouterArgs{
Name: pulumi.String("my-router"),
Region: subnet.Region,
Network: net.ID(),
})
if err != nil {
return err
}
hub, err := networkconnectivity.NewHub(ctx, "hub", &networkconnectivity.HubArgs{
Name: pulumi.String("my-hub"),
Description: pulumi.String("vpc hub for inter vpc nat"),
})
if err != nil {
return err
}
_, err = networkconnectivity.NewSpoke(ctx, "spoke", &networkconnectivity.SpokeArgs{
Name: pulumi.String("my-spoke"),
Location: pulumi.String("global"),
Description: pulumi.String("vpc spoke for inter vpc nat"),
Hub: hub.ID(),
LinkedVpcNetwork: &networkconnectivity.SpokeLinkedVpcNetworkArgs{
ExcludeExportRanges: pulumi.StringArray{
pulumi.String("198.51.100.0/24"),
pulumi.String("10.10.0.0/16"),
},
Uri: net.SelfLink,
},
})
if err != nil {
return err
}
_, err = compute.NewRouterNat(ctx, "nat_type", &compute.RouterNatArgs{
Name: pulumi.String("my-router-nat"),
Router: router.Name,
Region: router.Region,
SourceSubnetworkIpRangesToNat: pulumi.String("LIST_OF_SUBNETWORKS"),
EnableDynamicPortAllocation: pulumi.Bool(false),
EnableEndpointIndependentMapping: pulumi.Bool(false),
MinPortsPerVm: pulumi.Int(32),
Type: pulumi.String("PRIVATE"),
Subnetworks: compute.RouterNatSubnetworkArray{
&compute.RouterNatSubnetworkArgs{
Name: subnet.ID(),
SourceIpRangesToNats: pulumi.StringArray{
pulumi.String("ALL_IP_RANGES"),
},
},
},
Rules: compute.RouterNatRuleArray{
&compute.RouterNatRuleArgs{
RuleNumber: pulumi.Int(100),
Description: pulumi.String("rule for private nat"),
Match: pulumi.String("nexthop.hub == \"//networkconnectivity.googleapis.com/projects/acm-test-proj-123/locations/global/hubs/my-hub\""),
Action: &compute.RouterNatRuleActionArgs{
SourceNatActiveRanges: pulumi.StringArray{
subnet.SelfLink,
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var net = new Gcp.Compute.Network("net", new()
{
Name = "my-network",
});
var subnet = new Gcp.Compute.Subnetwork("subnet", new()
{
Name = "my-subnetwork",
Network = net.Id,
IpCidrRange = "10.0.0.0/16",
Region = "us-central1",
Purpose = "PRIVATE_NAT",
});
var router = new Gcp.Compute.Router("router", new()
{
Name = "my-router",
Region = subnet.Region,
Network = net.Id,
});
var hub = new Gcp.NetworkConnectivity.Hub("hub", new()
{
Name = "my-hub",
Description = "vpc hub for inter vpc nat",
});
var spoke = new Gcp.NetworkConnectivity.Spoke("spoke", new()
{
Name = "my-spoke",
Location = "global",
Description = "vpc spoke for inter vpc nat",
Hub = hub.Id,
LinkedVpcNetwork = new Gcp.NetworkConnectivity.Inputs.SpokeLinkedVpcNetworkArgs
{
ExcludeExportRanges = new[]
{
"198.51.100.0/24",
"10.10.0.0/16",
},
Uri = net.SelfLink,
},
});
var natType = new Gcp.Compute.RouterNat("nat_type", new()
{
Name = "my-router-nat",
Router = router.Name,
Region = router.Region,
SourceSubnetworkIpRangesToNat = "LIST_OF_SUBNETWORKS",
EnableDynamicPortAllocation = false,
EnableEndpointIndependentMapping = false,
MinPortsPerVm = 32,
Type = "PRIVATE",
Subnetworks = new[]
{
new Gcp.Compute.Inputs.RouterNatSubnetworkArgs
{
Name = subnet.Id,
SourceIpRangesToNats = new[]
{
"ALL_IP_RANGES",
},
},
},
Rules = new[]
{
new Gcp.Compute.Inputs.RouterNatRuleArgs
{
RuleNumber = 100,
Description = "rule for private nat",
Match = "nexthop.hub == \"//networkconnectivity.googleapis.com/projects/acm-test-proj-123/locations/global/hubs/my-hub\"",
Action = new Gcp.Compute.Inputs.RouterNatRuleActionArgs
{
SourceNatActiveRanges = new[]
{
subnet.SelfLink,
},
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.Subnetwork;
import com.pulumi.gcp.compute.SubnetworkArgs;
import com.pulumi.gcp.compute.Router;
import com.pulumi.gcp.compute.RouterArgs;
import com.pulumi.gcp.networkconnectivity.Hub;
import com.pulumi.gcp.networkconnectivity.HubArgs;
import com.pulumi.gcp.networkconnectivity.Spoke;
import com.pulumi.gcp.networkconnectivity.SpokeArgs;
import com.pulumi.gcp.networkconnectivity.inputs.SpokeLinkedVpcNetworkArgs;
import com.pulumi.gcp.compute.RouterNat;
import com.pulumi.gcp.compute.RouterNatArgs;
import com.pulumi.gcp.compute.inputs.RouterNatSubnetworkArgs;
import com.pulumi.gcp.compute.inputs.RouterNatRuleArgs;
import com.pulumi.gcp.compute.inputs.RouterNatRuleActionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var net = new Network("net", NetworkArgs.builder()
.name("my-network")
.build());
var subnet = new Subnetwork("subnet", SubnetworkArgs.builder()
.name("my-subnetwork")
.network(net.id())
.ipCidrRange("10.0.0.0/16")
.region("us-central1")
.purpose("PRIVATE_NAT")
.build());
var router = new Router("router", RouterArgs.builder()
.name("my-router")
.region(subnet.region())
.network(net.id())
.build());
var hub = new Hub("hub", HubArgs.builder()
.name("my-hub")
.description("vpc hub for inter vpc nat")
.build());
var spoke = new Spoke("spoke", SpokeArgs.builder()
.name("my-spoke")
.location("global")
.description("vpc spoke for inter vpc nat")
.hub(hub.id())
.linkedVpcNetwork(SpokeLinkedVpcNetworkArgs.builder()
.excludeExportRanges(
"198.51.100.0/24",
"10.10.0.0/16")
.uri(net.selfLink())
.build())
.build());
var natType = new RouterNat("natType", RouterNatArgs.builder()
.name("my-router-nat")
.router(router.name())
.region(router.region())
.sourceSubnetworkIpRangesToNat("LIST_OF_SUBNETWORKS")
.enableDynamicPortAllocation(false)
.enableEndpointIndependentMapping(false)
.minPortsPerVm(32)
.type("PRIVATE")
.subnetworks(RouterNatSubnetworkArgs.builder()
.name(subnet.id())
.sourceIpRangesToNats("ALL_IP_RANGES")
.build())
.rules(RouterNatRuleArgs.builder()
.ruleNumber(100)
.description("rule for private nat")
.match("nexthop.hub == \"//networkconnectivity.googleapis.com/projects/acm-test-proj-123/locations/global/hubs/my-hub\"")
.action(RouterNatRuleActionArgs.builder()
.sourceNatActiveRanges(subnet.selfLink())
.build())
.build())
.build());
}
}
resources:
net:
type: gcp:compute:Network
properties:
name: my-network
subnet:
type: gcp:compute:Subnetwork
properties:
name: my-subnetwork
network: ${net.id}
ipCidrRange: 10.0.0.0/16
region: us-central1
purpose: PRIVATE_NAT
router:
type: gcp:compute:Router
properties:
name: my-router
region: ${subnet.region}
network: ${net.id}
hub:
type: gcp:networkconnectivity:Hub
properties:
name: my-hub
description: vpc hub for inter vpc nat
spoke:
type: gcp:networkconnectivity:Spoke
properties:
name: my-spoke
location: global
description: vpc spoke for inter vpc nat
hub: ${hub.id}
linkedVpcNetwork:
excludeExportRanges:
- 198.51.100.0/24
- 10.10.0.0/16
uri: ${net.selfLink}
natType:
type: gcp:compute:RouterNat
name: nat_type
properties:
name: my-router-nat
router: ${router.name}
region: ${router.region}
sourceSubnetworkIpRangesToNat: LIST_OF_SUBNETWORKS
enableDynamicPortAllocation: false
enableEndpointIndependentMapping: false
minPortsPerVm: 32
type: PRIVATE
subnetworks:
- name: ${subnet.id}
sourceIpRangesToNats:
- ALL_IP_RANGES
rules:
- ruleNumber: 100
description: rule for private nat
match: nexthop.hub == "//networkconnectivity.googleapis.com/projects/acm-test-proj-123/locations/global/hubs/my-hub"
action:
sourceNatActiveRanges:
- ${subnet.selfLink}
Create RouterNat Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RouterNat(name: string, args: RouterNatArgs, opts?: CustomResourceOptions);@overload
def RouterNat(resource_name: str,
args: RouterNatArgs,
opts: Optional[ResourceOptions] = None)
@overload
def RouterNat(resource_name: str,
opts: Optional[ResourceOptions] = None,
router: Optional[str] = None,
source_subnetwork_ip_ranges_to_nat: Optional[str] = None,
nat_ips: Optional[Sequence[str]] = None,
endpoint_types: Optional[Sequence[str]] = None,
project: Optional[str] = None,
icmp_idle_timeout_sec: Optional[int] = None,
initial_nat_ips: Optional[Sequence[str]] = None,
log_config: Optional[RouterNatLogConfigArgs] = None,
max_ports_per_vm: Optional[int] = None,
min_ports_per_vm: Optional[int] = None,
region: Optional[str] = None,
nat_ip_allocate_option: Optional[str] = None,
udp_idle_timeout_sec: Optional[int] = None,
enable_endpoint_independent_mapping: Optional[bool] = None,
name: Optional[str] = None,
enable_dynamic_port_allocation: Optional[bool] = None,
rules: Optional[Sequence[RouterNatRuleArgs]] = None,
drain_nat_ips: Optional[Sequence[str]] = None,
subnetworks: Optional[Sequence[RouterNatSubnetworkArgs]] = None,
tcp_established_idle_timeout_sec: Optional[int] = None,
tcp_time_wait_timeout_sec: Optional[int] = None,
tcp_transitory_idle_timeout_sec: Optional[int] = None,
type: Optional[str] = None,
auto_network_tier: Optional[str] = None)func NewRouterNat(ctx *Context, name string, args RouterNatArgs, opts ...ResourceOption) (*RouterNat, error)public RouterNat(string name, RouterNatArgs args, CustomResourceOptions? opts = null)
public RouterNat(String name, RouterNatArgs args)
public RouterNat(String name, RouterNatArgs args, CustomResourceOptions options)
type: gcp:compute:RouterNat
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RouterNatArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RouterNatArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RouterNatArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RouterNatArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RouterNatArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var routerNatResource = new Gcp.Compute.RouterNat("routerNatResource", new()
{
Router = "string",
SourceSubnetworkIpRangesToNat = "string",
NatIps = new[]
{
"string",
},
EndpointTypes = new[]
{
"string",
},
Project = "string",
IcmpIdleTimeoutSec = 0,
InitialNatIps = new[]
{
"string",
},
LogConfig = new Gcp.Compute.Inputs.RouterNatLogConfigArgs
{
Enable = false,
Filter = "string",
},
MaxPortsPerVm = 0,
MinPortsPerVm = 0,
Region = "string",
NatIpAllocateOption = "string",
UdpIdleTimeoutSec = 0,
EnableEndpointIndependentMapping = false,
Name = "string",
EnableDynamicPortAllocation = false,
Rules = new[]
{
new Gcp.Compute.Inputs.RouterNatRuleArgs
{
Match = "string",
RuleNumber = 0,
Action = new Gcp.Compute.Inputs.RouterNatRuleActionArgs
{
SourceNatActiveIps = new[]
{
"string",
},
SourceNatActiveRanges = new[]
{
"string",
},
SourceNatDrainIps = new[]
{
"string",
},
SourceNatDrainRanges = new[]
{
"string",
},
},
Description = "string",
},
},
DrainNatIps = new[]
{
"string",
},
Subnetworks = new[]
{
new Gcp.Compute.Inputs.RouterNatSubnetworkArgs
{
Name = "string",
SourceIpRangesToNats = new[]
{
"string",
},
SecondaryIpRangeNames = new[]
{
"string",
},
},
},
TcpEstablishedIdleTimeoutSec = 0,
TcpTimeWaitTimeoutSec = 0,
TcpTransitoryIdleTimeoutSec = 0,
Type = "string",
AutoNetworkTier = "string",
});
example, err := compute.NewRouterNat(ctx, "routerNatResource", &compute.RouterNatArgs{
Router: pulumi.String("string"),
SourceSubnetworkIpRangesToNat: pulumi.String("string"),
NatIps: pulumi.StringArray{
pulumi.String("string"),
},
EndpointTypes: pulumi.StringArray{
pulumi.String("string"),
},
Project: pulumi.String("string"),
IcmpIdleTimeoutSec: pulumi.Int(0),
InitialNatIps: pulumi.StringArray{
pulumi.String("string"),
},
LogConfig: &compute.RouterNatLogConfigArgs{
Enable: pulumi.Bool(false),
Filter: pulumi.String("string"),
},
MaxPortsPerVm: pulumi.Int(0),
MinPortsPerVm: pulumi.Int(0),
Region: pulumi.String("string"),
NatIpAllocateOption: pulumi.String("string"),
UdpIdleTimeoutSec: pulumi.Int(0),
EnableEndpointIndependentMapping: pulumi.Bool(false),
Name: pulumi.String("string"),
EnableDynamicPortAllocation: pulumi.Bool(false),
Rules: compute.RouterNatRuleArray{
&compute.RouterNatRuleArgs{
Match: pulumi.String("string"),
RuleNumber: pulumi.Int(0),
Action: &compute.RouterNatRuleActionArgs{
SourceNatActiveIps: pulumi.StringArray{
pulumi.String("string"),
},
SourceNatActiveRanges: pulumi.StringArray{
pulumi.String("string"),
},
SourceNatDrainIps: pulumi.StringArray{
pulumi.String("string"),
},
SourceNatDrainRanges: pulumi.StringArray{
pulumi.String("string"),
},
},
Description: pulumi.String("string"),
},
},
DrainNatIps: pulumi.StringArray{
pulumi.String("string"),
},
Subnetworks: compute.RouterNatSubnetworkArray{
&compute.RouterNatSubnetworkArgs{
Name: pulumi.String("string"),
SourceIpRangesToNats: pulumi.StringArray{
pulumi.String("string"),
},
SecondaryIpRangeNames: pulumi.StringArray{
pulumi.String("string"),
},
},
},
TcpEstablishedIdleTimeoutSec: pulumi.Int(0),
TcpTimeWaitTimeoutSec: pulumi.Int(0),
TcpTransitoryIdleTimeoutSec: pulumi.Int(0),
Type: pulumi.String("string"),
AutoNetworkTier: pulumi.String("string"),
})
var routerNatResource = new RouterNat("routerNatResource", RouterNatArgs.builder()
.router("string")
.sourceSubnetworkIpRangesToNat("string")
.natIps("string")
.endpointTypes("string")
.project("string")
.icmpIdleTimeoutSec(0)
.initialNatIps("string")
.logConfig(RouterNatLogConfigArgs.builder()
.enable(false)
.filter("string")
.build())
.maxPortsPerVm(0)
.minPortsPerVm(0)
.region("string")
.natIpAllocateOption("string")
.udpIdleTimeoutSec(0)
.enableEndpointIndependentMapping(false)
.name("string")
.enableDynamicPortAllocation(false)
.rules(RouterNatRuleArgs.builder()
.match("string")
.ruleNumber(0)
.action(RouterNatRuleActionArgs.builder()
.sourceNatActiveIps("string")
.sourceNatActiveRanges("string")
.sourceNatDrainIps("string")
.sourceNatDrainRanges("string")
.build())
.description("string")
.build())
.drainNatIps("string")
.subnetworks(RouterNatSubnetworkArgs.builder()
.name("string")
.sourceIpRangesToNats("string")
.secondaryIpRangeNames("string")
.build())
.tcpEstablishedIdleTimeoutSec(0)
.tcpTimeWaitTimeoutSec(0)
.tcpTransitoryIdleTimeoutSec(0)
.type("string")
.autoNetworkTier("string")
.build());
router_nat_resource = gcp.compute.RouterNat("routerNatResource",
router="string",
source_subnetwork_ip_ranges_to_nat="string",
nat_ips=["string"],
endpoint_types=["string"],
project="string",
icmp_idle_timeout_sec=0,
initial_nat_ips=["string"],
log_config={
"enable": False,
"filter": "string",
},
max_ports_per_vm=0,
min_ports_per_vm=0,
region="string",
nat_ip_allocate_option="string",
udp_idle_timeout_sec=0,
enable_endpoint_independent_mapping=False,
name="string",
enable_dynamic_port_allocation=False,
rules=[{
"match": "string",
"rule_number": 0,
"action": {
"source_nat_active_ips": ["string"],
"source_nat_active_ranges": ["string"],
"source_nat_drain_ips": ["string"],
"source_nat_drain_ranges": ["string"],
},
"description": "string",
}],
drain_nat_ips=["string"],
subnetworks=[{
"name": "string",
"source_ip_ranges_to_nats": ["string"],
"secondary_ip_range_names": ["string"],
}],
tcp_established_idle_timeout_sec=0,
tcp_time_wait_timeout_sec=0,
tcp_transitory_idle_timeout_sec=0,
type="string",
auto_network_tier="string")
const routerNatResource = new gcp.compute.RouterNat("routerNatResource", {
router: "string",
sourceSubnetworkIpRangesToNat: "string",
natIps: ["string"],
endpointTypes: ["string"],
project: "string",
icmpIdleTimeoutSec: 0,
initialNatIps: ["string"],
logConfig: {
enable: false,
filter: "string",
},
maxPortsPerVm: 0,
minPortsPerVm: 0,
region: "string",
natIpAllocateOption: "string",
udpIdleTimeoutSec: 0,
enableEndpointIndependentMapping: false,
name: "string",
enableDynamicPortAllocation: false,
rules: [{
match: "string",
ruleNumber: 0,
action: {
sourceNatActiveIps: ["string"],
sourceNatActiveRanges: ["string"],
sourceNatDrainIps: ["string"],
sourceNatDrainRanges: ["string"],
},
description: "string",
}],
drainNatIps: ["string"],
subnetworks: [{
name: "string",
sourceIpRangesToNats: ["string"],
secondaryIpRangeNames: ["string"],
}],
tcpEstablishedIdleTimeoutSec: 0,
tcpTimeWaitTimeoutSec: 0,
tcpTransitoryIdleTimeoutSec: 0,
type: "string",
autoNetworkTier: "string",
});
type: gcp:compute:RouterNat
properties:
autoNetworkTier: string
drainNatIps:
- string
enableDynamicPortAllocation: false
enableEndpointIndependentMapping: false
endpointTypes:
- string
icmpIdleTimeoutSec: 0
initialNatIps:
- string
logConfig:
enable: false
filter: string
maxPortsPerVm: 0
minPortsPerVm: 0
name: string
natIpAllocateOption: string
natIps:
- string
project: string
region: string
router: string
rules:
- action:
sourceNatActiveIps:
- string
sourceNatActiveRanges:
- string
sourceNatDrainIps:
- string
sourceNatDrainRanges:
- string
description: string
match: string
ruleNumber: 0
sourceSubnetworkIpRangesToNat: string
subnetworks:
- name: string
secondaryIpRangeNames:
- string
sourceIpRangesToNats:
- string
tcpEstablishedIdleTimeoutSec: 0
tcpTimeWaitTimeoutSec: 0
tcpTransitoryIdleTimeoutSec: 0
type: string
udpIdleTimeoutSec: 0
RouterNat Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The RouterNat resource accepts the following input properties:
- Router string
- The name of the Cloud Router in which this NAT will be configured.
- Source
Subnetwork stringIp Ranges To Nat - How NAT should be configured per Subnetwork.
If
ALL_SUBNETWORKS_ALL_IP_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. IfALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat.LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values are:ALL_SUBNETWORKS_ALL_IP_RANGES,ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES,LIST_OF_SUBNETWORKS. - Auto
Network stringTier - The network tier to use when automatically reserving NAT IP addresses.
Must be one of: PREMIUM, STANDARD. If not specified, then the current
project-level default tier is used.
Possible values are:
PREMIUM,STANDARD. - Drain
Nat List<string>Ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.
- Enable
Dynamic boolPort Allocation - Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping.
- Enable
Endpoint boolIndependent Mapping - Enable endpoint independent mapping. For more information see the official documentation.
- Endpoint
Types List<string> - Specifies the endpoint Types supported by the NAT Gateway.
Supported values include:
ENDPOINT_TYPE_VM,ENDPOINT_TYPE_SWG,ENDPOINT_TYPE_MANAGED_PROXY_LB. - Icmp
Idle intTimeout Sec - Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
- Initial
Nat List<string>Ips - Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
- Log
Config RouterNat Log Config - Configuration for logging on NAT Structure is documented below.
- Max
Ports intPer Vm - Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled.
- Min
Ports intPer Vm - Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
- Name string
- Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.
- Nat
Ip stringAllocate Option - How external IPs should be allocated for this NAT. Valid values are
AUTO_ONLYfor only allowing NAT IPs allocated by Google Cloud Platform, orMANUAL_ONLYfor only user-allocated NAT IP addresses. Possible values are:MANUAL_ONLY,AUTO_ONLY. - Nat
Ips List<string> - Self-links of NAT IPs. Only valid if natIpAllocateOption
is set to MANUAL_ONLY.
If this field is used alongside with a count created list of address resources
google_compute_address.foobar.*.self_link, the access level resource for the address resource must have alifecycleblock withcreate_before_destroy = trueso the number of resources can be increased/decreased without triggering theresourceInUseByAnotherResourceerror. - Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Region string
- Region where the router and NAT reside.
- Rules
List<Router
Nat Rule> - A list of rules associated with this NAT. Structure is documented below.
- Subnetworks
List<Router
Nat Subnetwork> - One or more subnetwork NAT configurations. Only used if
source_subnetwork_ip_ranges_to_natis set toLIST_OF_SUBNETWORKSStructure is documented below. - Tcp
Established intIdle Timeout Sec - Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.
- Tcp
Time intWait Timeout Sec - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.
- Tcp
Transitory intIdle Timeout Sec - Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.
- Type string
- Indicates whether this NAT is used for public or private IP translation.
If unspecified, it defaults to PUBLIC.
If
PUBLICNAT used for public IP translation. IfPRIVATENAT used for private IP translation. Default value isPUBLIC. Possible values are:PUBLIC,PRIVATE. - Udp
Idle intTimeout Sec - Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
- Router string
- The name of the Cloud Router in which this NAT will be configured.
- Source
Subnetwork stringIp Ranges To Nat - How NAT should be configured per Subnetwork.
If
ALL_SUBNETWORKS_ALL_IP_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. IfALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat.LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values are:ALL_SUBNETWORKS_ALL_IP_RANGES,ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES,LIST_OF_SUBNETWORKS. - Auto
Network stringTier - The network tier to use when automatically reserving NAT IP addresses.
Must be one of: PREMIUM, STANDARD. If not specified, then the current
project-level default tier is used.
Possible values are:
PREMIUM,STANDARD. - Drain
Nat []stringIps - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.
- Enable
Dynamic boolPort Allocation - Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping.
- Enable
Endpoint boolIndependent Mapping - Enable endpoint independent mapping. For more information see the official documentation.
- Endpoint
Types []string - Specifies the endpoint Types supported by the NAT Gateway.
Supported values include:
ENDPOINT_TYPE_VM,ENDPOINT_TYPE_SWG,ENDPOINT_TYPE_MANAGED_PROXY_LB. - Icmp
Idle intTimeout Sec - Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
- Initial
Nat []stringIps - Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
- Log
Config RouterNat Log Config Args - Configuration for logging on NAT Structure is documented below.
- Max
Ports intPer Vm - Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled.
- Min
Ports intPer Vm - Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
- Name string
- Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.
- Nat
Ip stringAllocate Option - How external IPs should be allocated for this NAT. Valid values are
AUTO_ONLYfor only allowing NAT IPs allocated by Google Cloud Platform, orMANUAL_ONLYfor only user-allocated NAT IP addresses. Possible values are:MANUAL_ONLY,AUTO_ONLY. - Nat
Ips []string - Self-links of NAT IPs. Only valid if natIpAllocateOption
is set to MANUAL_ONLY.
If this field is used alongside with a count created list of address resources
google_compute_address.foobar.*.self_link, the access level resource for the address resource must have alifecycleblock withcreate_before_destroy = trueso the number of resources can be increased/decreased without triggering theresourceInUseByAnotherResourceerror. - Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Region string
- Region where the router and NAT reside.
- Rules
[]Router
Nat Rule Args - A list of rules associated with this NAT. Structure is documented below.
- Subnetworks
[]Router
Nat Subnetwork Args - One or more subnetwork NAT configurations. Only used if
source_subnetwork_ip_ranges_to_natis set toLIST_OF_SUBNETWORKSStructure is documented below. - Tcp
Established intIdle Timeout Sec - Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.
- Tcp
Time intWait Timeout Sec - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.
- Tcp
Transitory intIdle Timeout Sec - Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.
- Type string
- Indicates whether this NAT is used for public or private IP translation.
If unspecified, it defaults to PUBLIC.
If
PUBLICNAT used for public IP translation. IfPRIVATENAT used for private IP translation. Default value isPUBLIC. Possible values are:PUBLIC,PRIVATE. - Udp
Idle intTimeout Sec - Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
- router String
- The name of the Cloud Router in which this NAT will be configured.
- source
Subnetwork StringIp Ranges To Nat - How NAT should be configured per Subnetwork.
If
ALL_SUBNETWORKS_ALL_IP_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. IfALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat.LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values are:ALL_SUBNETWORKS_ALL_IP_RANGES,ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES,LIST_OF_SUBNETWORKS. - auto
Network StringTier - The network tier to use when automatically reserving NAT IP addresses.
Must be one of: PREMIUM, STANDARD. If not specified, then the current
project-level default tier is used.
Possible values are:
PREMIUM,STANDARD. - drain
Nat List<String>Ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.
- enable
Dynamic BooleanPort Allocation - Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping.
- enable
Endpoint BooleanIndependent Mapping - Enable endpoint independent mapping. For more information see the official documentation.
- endpoint
Types List<String> - Specifies the endpoint Types supported by the NAT Gateway.
Supported values include:
ENDPOINT_TYPE_VM,ENDPOINT_TYPE_SWG,ENDPOINT_TYPE_MANAGED_PROXY_LB. - icmp
Idle IntegerTimeout Sec - Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
- initial
Nat List<String>Ips - Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
- log
Config RouterNat Log Config - Configuration for logging on NAT Structure is documented below.
- max
Ports IntegerPer Vm - Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled.
- min
Ports IntegerPer Vm - Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
- name String
- Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.
- nat
Ip StringAllocate Option - How external IPs should be allocated for this NAT. Valid values are
AUTO_ONLYfor only allowing NAT IPs allocated by Google Cloud Platform, orMANUAL_ONLYfor only user-allocated NAT IP addresses. Possible values are:MANUAL_ONLY,AUTO_ONLY. - nat
Ips List<String> - Self-links of NAT IPs. Only valid if natIpAllocateOption
is set to MANUAL_ONLY.
If this field is used alongside with a count created list of address resources
google_compute_address.foobar.*.self_link, the access level resource for the address resource must have alifecycleblock withcreate_before_destroy = trueso the number of resources can be increased/decreased without triggering theresourceInUseByAnotherResourceerror. - project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region String
- Region where the router and NAT reside.
- rules
List<Router
Nat Rule> - A list of rules associated with this NAT. Structure is documented below.
- subnetworks
List<Router
Nat Subnetwork> - One or more subnetwork NAT configurations. Only used if
source_subnetwork_ip_ranges_to_natis set toLIST_OF_SUBNETWORKSStructure is documented below. - tcp
Established IntegerIdle Timeout Sec - Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.
- tcp
Time IntegerWait Timeout Sec - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.
- tcp
Transitory IntegerIdle Timeout Sec - Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.
- type String
- Indicates whether this NAT is used for public or private IP translation.
If unspecified, it defaults to PUBLIC.
If
PUBLICNAT used for public IP translation. IfPRIVATENAT used for private IP translation. Default value isPUBLIC. Possible values are:PUBLIC,PRIVATE. - udp
Idle IntegerTimeout Sec - Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
- router string
- The name of the Cloud Router in which this NAT will be configured.
- source
Subnetwork stringIp Ranges To Nat - How NAT should be configured per Subnetwork.
If
ALL_SUBNETWORKS_ALL_IP_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. IfALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat.LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values are:ALL_SUBNETWORKS_ALL_IP_RANGES,ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES,LIST_OF_SUBNETWORKS. - auto
Network stringTier - The network tier to use when automatically reserving NAT IP addresses.
Must be one of: PREMIUM, STANDARD. If not specified, then the current
project-level default tier is used.
Possible values are:
PREMIUM,STANDARD. - drain
Nat string[]Ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.
- enable
Dynamic booleanPort Allocation - Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping.
- enable
Endpoint booleanIndependent Mapping - Enable endpoint independent mapping. For more information see the official documentation.
- endpoint
Types string[] - Specifies the endpoint Types supported by the NAT Gateway.
Supported values include:
ENDPOINT_TYPE_VM,ENDPOINT_TYPE_SWG,ENDPOINT_TYPE_MANAGED_PROXY_LB. - icmp
Idle numberTimeout Sec - Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
- initial
Nat string[]Ips - Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
- log
Config RouterNat Log Config - Configuration for logging on NAT Structure is documented below.
- max
Ports numberPer Vm - Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled.
- min
Ports numberPer Vm - Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
- name string
- Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.
- nat
Ip stringAllocate Option - How external IPs should be allocated for this NAT. Valid values are
AUTO_ONLYfor only allowing NAT IPs allocated by Google Cloud Platform, orMANUAL_ONLYfor only user-allocated NAT IP addresses. Possible values are:MANUAL_ONLY,AUTO_ONLY. - nat
Ips string[] - Self-links of NAT IPs. Only valid if natIpAllocateOption
is set to MANUAL_ONLY.
If this field is used alongside with a count created list of address resources
google_compute_address.foobar.*.self_link, the access level resource for the address resource must have alifecycleblock withcreate_before_destroy = trueso the number of resources can be increased/decreased without triggering theresourceInUseByAnotherResourceerror. - project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region string
- Region where the router and NAT reside.
- rules
Router
Nat Rule[] - A list of rules associated with this NAT. Structure is documented below.
- subnetworks
Router
Nat Subnetwork[] - One or more subnetwork NAT configurations. Only used if
source_subnetwork_ip_ranges_to_natis set toLIST_OF_SUBNETWORKSStructure is documented below. - tcp
Established numberIdle Timeout Sec - Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.
- tcp
Time numberWait Timeout Sec - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.
- tcp
Transitory numberIdle Timeout Sec - Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.
- type string
- Indicates whether this NAT is used for public or private IP translation.
If unspecified, it defaults to PUBLIC.
If
PUBLICNAT used for public IP translation. IfPRIVATENAT used for private IP translation. Default value isPUBLIC. Possible values are:PUBLIC,PRIVATE. - udp
Idle numberTimeout Sec - Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
- router str
- The name of the Cloud Router in which this NAT will be configured.
- source_
subnetwork_ strip_ ranges_ to_ nat - How NAT should be configured per Subnetwork.
If
ALL_SUBNETWORKS_ALL_IP_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. IfALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat.LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values are:ALL_SUBNETWORKS_ALL_IP_RANGES,ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES,LIST_OF_SUBNETWORKS. - auto_
network_ strtier - The network tier to use when automatically reserving NAT IP addresses.
Must be one of: PREMIUM, STANDARD. If not specified, then the current
project-level default tier is used.
Possible values are:
PREMIUM,STANDARD. - drain_
nat_ Sequence[str]ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.
- enable_
dynamic_ boolport_ allocation - Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping.
- enable_
endpoint_ boolindependent_ mapping - Enable endpoint independent mapping. For more information see the official documentation.
- endpoint_
types Sequence[str] - Specifies the endpoint Types supported by the NAT Gateway.
Supported values include:
ENDPOINT_TYPE_VM,ENDPOINT_TYPE_SWG,ENDPOINT_TYPE_MANAGED_PROXY_LB. - icmp_
idle_ inttimeout_ sec - Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
- initial_
nat_ Sequence[str]ips - Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
- log_
config RouterNat Log Config Args - Configuration for logging on NAT Structure is documented below.
- max_
ports_ intper_ vm - Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled.
- min_
ports_ intper_ vm - Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
- name str
- Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.
- nat_
ip_ strallocate_ option - How external IPs should be allocated for this NAT. Valid values are
AUTO_ONLYfor only allowing NAT IPs allocated by Google Cloud Platform, orMANUAL_ONLYfor only user-allocated NAT IP addresses. Possible values are:MANUAL_ONLY,AUTO_ONLY. - nat_
ips Sequence[str] - Self-links of NAT IPs. Only valid if natIpAllocateOption
is set to MANUAL_ONLY.
If this field is used alongside with a count created list of address resources
google_compute_address.foobar.*.self_link, the access level resource for the address resource must have alifecycleblock withcreate_before_destroy = trueso the number of resources can be increased/decreased without triggering theresourceInUseByAnotherResourceerror. - project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region str
- Region where the router and NAT reside.
- rules
Sequence[Router
Nat Rule Args] - A list of rules associated with this NAT. Structure is documented below.
- subnetworks
Sequence[Router
Nat Subnetwork Args] - One or more subnetwork NAT configurations. Only used if
source_subnetwork_ip_ranges_to_natis set toLIST_OF_SUBNETWORKSStructure is documented below. - tcp_
established_ intidle_ timeout_ sec - Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.
- tcp_
time_ intwait_ timeout_ sec - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.
- tcp_
transitory_ intidle_ timeout_ sec - Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.
- type str
- Indicates whether this NAT is used for public or private IP translation.
If unspecified, it defaults to PUBLIC.
If
PUBLICNAT used for public IP translation. IfPRIVATENAT used for private IP translation. Default value isPUBLIC. Possible values are:PUBLIC,PRIVATE. - udp_
idle_ inttimeout_ sec - Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
- router String
- The name of the Cloud Router in which this NAT will be configured.
- source
Subnetwork StringIp Ranges To Nat - How NAT should be configured per Subnetwork.
If
ALL_SUBNETWORKS_ALL_IP_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. IfALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat.LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values are:ALL_SUBNETWORKS_ALL_IP_RANGES,ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES,LIST_OF_SUBNETWORKS. - auto
Network StringTier - The network tier to use when automatically reserving NAT IP addresses.
Must be one of: PREMIUM, STANDARD. If not specified, then the current
project-level default tier is used.
Possible values are:
PREMIUM,STANDARD. - drain
Nat List<String>Ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.
- enable
Dynamic BooleanPort Allocation - Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping.
- enable
Endpoint BooleanIndependent Mapping - Enable endpoint independent mapping. For more information see the official documentation.
- endpoint
Types List<String> - Specifies the endpoint Types supported by the NAT Gateway.
Supported values include:
ENDPOINT_TYPE_VM,ENDPOINT_TYPE_SWG,ENDPOINT_TYPE_MANAGED_PROXY_LB. - icmp
Idle NumberTimeout Sec - Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
- initial
Nat List<String>Ips - Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
- log
Config Property Map - Configuration for logging on NAT Structure is documented below.
- max
Ports NumberPer Vm - Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled.
- min
Ports NumberPer Vm - Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
- name String
- Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.
- nat
Ip StringAllocate Option - How external IPs should be allocated for this NAT. Valid values are
AUTO_ONLYfor only allowing NAT IPs allocated by Google Cloud Platform, orMANUAL_ONLYfor only user-allocated NAT IP addresses. Possible values are:MANUAL_ONLY,AUTO_ONLY. - nat
Ips List<String> - Self-links of NAT IPs. Only valid if natIpAllocateOption
is set to MANUAL_ONLY.
If this field is used alongside with a count created list of address resources
google_compute_address.foobar.*.self_link, the access level resource for the address resource must have alifecycleblock withcreate_before_destroy = trueso the number of resources can be increased/decreased without triggering theresourceInUseByAnotherResourceerror. - project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region String
- Region where the router and NAT reside.
- rules List<Property Map>
- A list of rules associated with this NAT. Structure is documented below.
- subnetworks List<Property Map>
- One or more subnetwork NAT configurations. Only used if
source_subnetwork_ip_ranges_to_natis set toLIST_OF_SUBNETWORKSStructure is documented below. - tcp
Established NumberIdle Timeout Sec - Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.
- tcp
Time NumberWait Timeout Sec - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.
- tcp
Transitory NumberIdle Timeout Sec - Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.
- type String
- Indicates whether this NAT is used for public or private IP translation.
If unspecified, it defaults to PUBLIC.
If
PUBLICNAT used for public IP translation. IfPRIVATENAT used for private IP translation. Default value isPUBLIC. Possible values are:PUBLIC,PRIVATE. - udp
Idle NumberTimeout Sec - Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
Outputs
All input properties are implicitly available as output properties. Additionally, the RouterNat resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing RouterNat Resource
Get an existing RouterNat resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RouterNatState, opts?: CustomResourceOptions): RouterNat@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
auto_network_tier: Optional[str] = None,
drain_nat_ips: Optional[Sequence[str]] = None,
enable_dynamic_port_allocation: Optional[bool] = None,
enable_endpoint_independent_mapping: Optional[bool] = None,
endpoint_types: Optional[Sequence[str]] = None,
icmp_idle_timeout_sec: Optional[int] = None,
initial_nat_ips: Optional[Sequence[str]] = None,
log_config: Optional[RouterNatLogConfigArgs] = None,
max_ports_per_vm: Optional[int] = None,
min_ports_per_vm: Optional[int] = None,
name: Optional[str] = None,
nat_ip_allocate_option: Optional[str] = None,
nat_ips: Optional[Sequence[str]] = None,
project: Optional[str] = None,
region: Optional[str] = None,
router: Optional[str] = None,
rules: Optional[Sequence[RouterNatRuleArgs]] = None,
source_subnetwork_ip_ranges_to_nat: Optional[str] = None,
subnetworks: Optional[Sequence[RouterNatSubnetworkArgs]] = None,
tcp_established_idle_timeout_sec: Optional[int] = None,
tcp_time_wait_timeout_sec: Optional[int] = None,
tcp_transitory_idle_timeout_sec: Optional[int] = None,
type: Optional[str] = None,
udp_idle_timeout_sec: Optional[int] = None) -> RouterNatfunc GetRouterNat(ctx *Context, name string, id IDInput, state *RouterNatState, opts ...ResourceOption) (*RouterNat, error)public static RouterNat Get(string name, Input<string> id, RouterNatState? state, CustomResourceOptions? opts = null)public static RouterNat get(String name, Output<String> id, RouterNatState state, CustomResourceOptions options)resources: _: type: gcp:compute:RouterNat get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Auto
Network stringTier - The network tier to use when automatically reserving NAT IP addresses.
Must be one of: PREMIUM, STANDARD. If not specified, then the current
project-level default tier is used.
Possible values are:
PREMIUM,STANDARD. - Drain
Nat List<string>Ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.
- Enable
Dynamic boolPort Allocation - Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping.
- Enable
Endpoint boolIndependent Mapping - Enable endpoint independent mapping. For more information see the official documentation.
- Endpoint
Types List<string> - Specifies the endpoint Types supported by the NAT Gateway.
Supported values include:
ENDPOINT_TYPE_VM,ENDPOINT_TYPE_SWG,ENDPOINT_TYPE_MANAGED_PROXY_LB. - Icmp
Idle intTimeout Sec - Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
- Initial
Nat List<string>Ips - Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
- Log
Config RouterNat Log Config - Configuration for logging on NAT Structure is documented below.
- Max
Ports intPer Vm - Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled.
- Min
Ports intPer Vm - Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
- Name string
- Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.
- Nat
Ip stringAllocate Option - How external IPs should be allocated for this NAT. Valid values are
AUTO_ONLYfor only allowing NAT IPs allocated by Google Cloud Platform, orMANUAL_ONLYfor only user-allocated NAT IP addresses. Possible values are:MANUAL_ONLY,AUTO_ONLY. - Nat
Ips List<string> - Self-links of NAT IPs. Only valid if natIpAllocateOption
is set to MANUAL_ONLY.
If this field is used alongside with a count created list of address resources
google_compute_address.foobar.*.self_link, the access level resource for the address resource must have alifecycleblock withcreate_before_destroy = trueso the number of resources can be increased/decreased without triggering theresourceInUseByAnotherResourceerror. - Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Region string
- Region where the router and NAT reside.
- Router string
- The name of the Cloud Router in which this NAT will be configured.
- Rules
List<Router
Nat Rule> - A list of rules associated with this NAT. Structure is documented below.
- Source
Subnetwork stringIp Ranges To Nat - How NAT should be configured per Subnetwork.
If
ALL_SUBNETWORKS_ALL_IP_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. IfALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat.LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values are:ALL_SUBNETWORKS_ALL_IP_RANGES,ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES,LIST_OF_SUBNETWORKS. - Subnetworks
List<Router
Nat Subnetwork> - One or more subnetwork NAT configurations. Only used if
source_subnetwork_ip_ranges_to_natis set toLIST_OF_SUBNETWORKSStructure is documented below. - Tcp
Established intIdle Timeout Sec - Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.
- Tcp
Time intWait Timeout Sec - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.
- Tcp
Transitory intIdle Timeout Sec - Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.
- Type string
- Indicates whether this NAT is used for public or private IP translation.
If unspecified, it defaults to PUBLIC.
If
PUBLICNAT used for public IP translation. IfPRIVATENAT used for private IP translation. Default value isPUBLIC. Possible values are:PUBLIC,PRIVATE. - Udp
Idle intTimeout Sec - Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
- Auto
Network stringTier - The network tier to use when automatically reserving NAT IP addresses.
Must be one of: PREMIUM, STANDARD. If not specified, then the current
project-level default tier is used.
Possible values are:
PREMIUM,STANDARD. - Drain
Nat []stringIps - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.
- Enable
Dynamic boolPort Allocation - Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping.
- Enable
Endpoint boolIndependent Mapping - Enable endpoint independent mapping. For more information see the official documentation.
- Endpoint
Types []string - Specifies the endpoint Types supported by the NAT Gateway.
Supported values include:
ENDPOINT_TYPE_VM,ENDPOINT_TYPE_SWG,ENDPOINT_TYPE_MANAGED_PROXY_LB. - Icmp
Idle intTimeout Sec - Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
- Initial
Nat []stringIps - Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
- Log
Config RouterNat Log Config Args - Configuration for logging on NAT Structure is documented below.
- Max
Ports intPer Vm - Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled.
- Min
Ports intPer Vm - Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
- Name string
- Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.
- Nat
Ip stringAllocate Option - How external IPs should be allocated for this NAT. Valid values are
AUTO_ONLYfor only allowing NAT IPs allocated by Google Cloud Platform, orMANUAL_ONLYfor only user-allocated NAT IP addresses. Possible values are:MANUAL_ONLY,AUTO_ONLY. - Nat
Ips []string - Self-links of NAT IPs. Only valid if natIpAllocateOption
is set to MANUAL_ONLY.
If this field is used alongside with a count created list of address resources
google_compute_address.foobar.*.self_link, the access level resource for the address resource must have alifecycleblock withcreate_before_destroy = trueso the number of resources can be increased/decreased without triggering theresourceInUseByAnotherResourceerror. - Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Region string
- Region where the router and NAT reside.
- Router string
- The name of the Cloud Router in which this NAT will be configured.
- Rules
[]Router
Nat Rule Args - A list of rules associated with this NAT. Structure is documented below.
- Source
Subnetwork stringIp Ranges To Nat - How NAT should be configured per Subnetwork.
If
ALL_SUBNETWORKS_ALL_IP_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. IfALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat.LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values are:ALL_SUBNETWORKS_ALL_IP_RANGES,ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES,LIST_OF_SUBNETWORKS. - Subnetworks
[]Router
Nat Subnetwork Args - One or more subnetwork NAT configurations. Only used if
source_subnetwork_ip_ranges_to_natis set toLIST_OF_SUBNETWORKSStructure is documented below. - Tcp
Established intIdle Timeout Sec - Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.
- Tcp
Time intWait Timeout Sec - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.
- Tcp
Transitory intIdle Timeout Sec - Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.
- Type string
- Indicates whether this NAT is used for public or private IP translation.
If unspecified, it defaults to PUBLIC.
If
PUBLICNAT used for public IP translation. IfPRIVATENAT used for private IP translation. Default value isPUBLIC. Possible values are:PUBLIC,PRIVATE. - Udp
Idle intTimeout Sec - Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
- auto
Network StringTier - The network tier to use when automatically reserving NAT IP addresses.
Must be one of: PREMIUM, STANDARD. If not specified, then the current
project-level default tier is used.
Possible values are:
PREMIUM,STANDARD. - drain
Nat List<String>Ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.
- enable
Dynamic BooleanPort Allocation - Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping.
- enable
Endpoint BooleanIndependent Mapping - Enable endpoint independent mapping. For more information see the official documentation.
- endpoint
Types List<String> - Specifies the endpoint Types supported by the NAT Gateway.
Supported values include:
ENDPOINT_TYPE_VM,ENDPOINT_TYPE_SWG,ENDPOINT_TYPE_MANAGED_PROXY_LB. - icmp
Idle IntegerTimeout Sec - Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
- initial
Nat List<String>Ips - Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
- log
Config RouterNat Log Config - Configuration for logging on NAT Structure is documented below.
- max
Ports IntegerPer Vm - Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled.
- min
Ports IntegerPer Vm - Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
- name String
- Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.
- nat
Ip StringAllocate Option - How external IPs should be allocated for this NAT. Valid values are
AUTO_ONLYfor only allowing NAT IPs allocated by Google Cloud Platform, orMANUAL_ONLYfor only user-allocated NAT IP addresses. Possible values are:MANUAL_ONLY,AUTO_ONLY. - nat
Ips List<String> - Self-links of NAT IPs. Only valid if natIpAllocateOption
is set to MANUAL_ONLY.
If this field is used alongside with a count created list of address resources
google_compute_address.foobar.*.self_link, the access level resource for the address resource must have alifecycleblock withcreate_before_destroy = trueso the number of resources can be increased/decreased without triggering theresourceInUseByAnotherResourceerror. - project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region String
- Region where the router and NAT reside.
- router String
- The name of the Cloud Router in which this NAT will be configured.
- rules
List<Router
Nat Rule> - A list of rules associated with this NAT. Structure is documented below.
- source
Subnetwork StringIp Ranges To Nat - How NAT should be configured per Subnetwork.
If
ALL_SUBNETWORKS_ALL_IP_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. IfALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat.LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values are:ALL_SUBNETWORKS_ALL_IP_RANGES,ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES,LIST_OF_SUBNETWORKS. - subnetworks
List<Router
Nat Subnetwork> - One or more subnetwork NAT configurations. Only used if
source_subnetwork_ip_ranges_to_natis set toLIST_OF_SUBNETWORKSStructure is documented below. - tcp
Established IntegerIdle Timeout Sec - Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.
- tcp
Time IntegerWait Timeout Sec - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.
- tcp
Transitory IntegerIdle Timeout Sec - Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.
- type String
- Indicates whether this NAT is used for public or private IP translation.
If unspecified, it defaults to PUBLIC.
If
PUBLICNAT used for public IP translation. IfPRIVATENAT used for private IP translation. Default value isPUBLIC. Possible values are:PUBLIC,PRIVATE. - udp
Idle IntegerTimeout Sec - Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
- auto
Network stringTier - The network tier to use when automatically reserving NAT IP addresses.
Must be one of: PREMIUM, STANDARD. If not specified, then the current
project-level default tier is used.
Possible values are:
PREMIUM,STANDARD. - drain
Nat string[]Ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.
- enable
Dynamic booleanPort Allocation - Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping.
- enable
Endpoint booleanIndependent Mapping - Enable endpoint independent mapping. For more information see the official documentation.
- endpoint
Types string[] - Specifies the endpoint Types supported by the NAT Gateway.
Supported values include:
ENDPOINT_TYPE_VM,ENDPOINT_TYPE_SWG,ENDPOINT_TYPE_MANAGED_PROXY_LB. - icmp
Idle numberTimeout Sec - Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
- initial
Nat string[]Ips - Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
- log
Config RouterNat Log Config - Configuration for logging on NAT Structure is documented below.
- max
Ports numberPer Vm - Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled.
- min
Ports numberPer Vm - Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
- name string
- Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.
- nat
Ip stringAllocate Option - How external IPs should be allocated for this NAT. Valid values are
AUTO_ONLYfor only allowing NAT IPs allocated by Google Cloud Platform, orMANUAL_ONLYfor only user-allocated NAT IP addresses. Possible values are:MANUAL_ONLY,AUTO_ONLY. - nat
Ips string[] - Self-links of NAT IPs. Only valid if natIpAllocateOption
is set to MANUAL_ONLY.
If this field is used alongside with a count created list of address resources
google_compute_address.foobar.*.self_link, the access level resource for the address resource must have alifecycleblock withcreate_before_destroy = trueso the number of resources can be increased/decreased without triggering theresourceInUseByAnotherResourceerror. - project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region string
- Region where the router and NAT reside.
- router string
- The name of the Cloud Router in which this NAT will be configured.
- rules
Router
Nat Rule[] - A list of rules associated with this NAT. Structure is documented below.
- source
Subnetwork stringIp Ranges To Nat - How NAT should be configured per Subnetwork.
If
ALL_SUBNETWORKS_ALL_IP_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. IfALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat.LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values are:ALL_SUBNETWORKS_ALL_IP_RANGES,ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES,LIST_OF_SUBNETWORKS. - subnetworks
Router
Nat Subnetwork[] - One or more subnetwork NAT configurations. Only used if
source_subnetwork_ip_ranges_to_natis set toLIST_OF_SUBNETWORKSStructure is documented below. - tcp
Established numberIdle Timeout Sec - Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.
- tcp
Time numberWait Timeout Sec - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.
- tcp
Transitory numberIdle Timeout Sec - Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.
- type string
- Indicates whether this NAT is used for public or private IP translation.
If unspecified, it defaults to PUBLIC.
If
PUBLICNAT used for public IP translation. IfPRIVATENAT used for private IP translation. Default value isPUBLIC. Possible values are:PUBLIC,PRIVATE. - udp
Idle numberTimeout Sec - Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
- auto_
network_ strtier - The network tier to use when automatically reserving NAT IP addresses.
Must be one of: PREMIUM, STANDARD. If not specified, then the current
project-level default tier is used.
Possible values are:
PREMIUM,STANDARD. - drain_
nat_ Sequence[str]ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.
- enable_
dynamic_ boolport_ allocation - Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping.
- enable_
endpoint_ boolindependent_ mapping - Enable endpoint independent mapping. For more information see the official documentation.
- endpoint_
types Sequence[str] - Specifies the endpoint Types supported by the NAT Gateway.
Supported values include:
ENDPOINT_TYPE_VM,ENDPOINT_TYPE_SWG,ENDPOINT_TYPE_MANAGED_PROXY_LB. - icmp_
idle_ inttimeout_ sec - Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
- initial_
nat_ Sequence[str]ips - Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
- log_
config RouterNat Log Config Args - Configuration for logging on NAT Structure is documented below.
- max_
ports_ intper_ vm - Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled.
- min_
ports_ intper_ vm - Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
- name str
- Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.
- nat_
ip_ strallocate_ option - How external IPs should be allocated for this NAT. Valid values are
AUTO_ONLYfor only allowing NAT IPs allocated by Google Cloud Platform, orMANUAL_ONLYfor only user-allocated NAT IP addresses. Possible values are:MANUAL_ONLY,AUTO_ONLY. - nat_
ips Sequence[str] - Self-links of NAT IPs. Only valid if natIpAllocateOption
is set to MANUAL_ONLY.
If this field is used alongside with a count created list of address resources
google_compute_address.foobar.*.self_link, the access level resource for the address resource must have alifecycleblock withcreate_before_destroy = trueso the number of resources can be increased/decreased without triggering theresourceInUseByAnotherResourceerror. - project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region str
- Region where the router and NAT reside.
- router str
- The name of the Cloud Router in which this NAT will be configured.
- rules
Sequence[Router
Nat Rule Args] - A list of rules associated with this NAT. Structure is documented below.
- source_
subnetwork_ strip_ ranges_ to_ nat - How NAT should be configured per Subnetwork.
If
ALL_SUBNETWORKS_ALL_IP_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. IfALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat.LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values are:ALL_SUBNETWORKS_ALL_IP_RANGES,ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES,LIST_OF_SUBNETWORKS. - subnetworks
Sequence[Router
Nat Subnetwork Args] - One or more subnetwork NAT configurations. Only used if
source_subnetwork_ip_ranges_to_natis set toLIST_OF_SUBNETWORKSStructure is documented below. - tcp_
established_ intidle_ timeout_ sec - Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.
- tcp_
time_ intwait_ timeout_ sec - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.
- tcp_
transitory_ intidle_ timeout_ sec - Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.
- type str
- Indicates whether this NAT is used for public or private IP translation.
If unspecified, it defaults to PUBLIC.
If
PUBLICNAT used for public IP translation. IfPRIVATENAT used for private IP translation. Default value isPUBLIC. Possible values are:PUBLIC,PRIVATE. - udp_
idle_ inttimeout_ sec - Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
- auto
Network StringTier - The network tier to use when automatically reserving NAT IP addresses.
Must be one of: PREMIUM, STANDARD. If not specified, then the current
project-level default tier is used.
Possible values are:
PREMIUM,STANDARD. - drain
Nat List<String>Ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.
- enable
Dynamic BooleanPort Allocation - Enable Dynamic Port Allocation. If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm. If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config. Mutually exclusive with enableEndpointIndependentMapping.
- enable
Endpoint BooleanIndependent Mapping - Enable endpoint independent mapping. For more information see the official documentation.
- endpoint
Types List<String> - Specifies the endpoint Types supported by the NAT Gateway.
Supported values include:
ENDPOINT_TYPE_VM,ENDPOINT_TYPE_SWG,ENDPOINT_TYPE_MANAGED_PROXY_LB. - icmp
Idle NumberTimeout Sec - Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
- initial
Nat List<String>Ips - Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource. Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
- log
Config Property Map - Configuration for logging on NAT Structure is documented below.
- max
Ports NumberPer Vm - Maximum number of ports allocated to a VM from this NAT. This field can only be set when enableDynamicPortAllocation is enabled.
- min
Ports NumberPer Vm - Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
- name String
- Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.
- nat
Ip StringAllocate Option - How external IPs should be allocated for this NAT. Valid values are
AUTO_ONLYfor only allowing NAT IPs allocated by Google Cloud Platform, orMANUAL_ONLYfor only user-allocated NAT IP addresses. Possible values are:MANUAL_ONLY,AUTO_ONLY. - nat
Ips List<String> - Self-links of NAT IPs. Only valid if natIpAllocateOption
is set to MANUAL_ONLY.
If this field is used alongside with a count created list of address resources
google_compute_address.foobar.*.self_link, the access level resource for the address resource must have alifecycleblock withcreate_before_destroy = trueso the number of resources can be increased/decreased without triggering theresourceInUseByAnotherResourceerror. - project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region String
- Region where the router and NAT reside.
- router String
- The name of the Cloud Router in which this NAT will be configured.
- rules List<Property Map>
- A list of rules associated with this NAT. Structure is documented below.
- source
Subnetwork StringIp Ranges To Nat - How NAT should be configured per Subnetwork.
If
ALL_SUBNETWORKS_ALL_IP_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. IfALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat.LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region. Possible values are:ALL_SUBNETWORKS_ALL_IP_RANGES,ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES,LIST_OF_SUBNETWORKS. - subnetworks List<Property Map>
- One or more subnetwork NAT configurations. Only used if
source_subnetwork_ip_ranges_to_natis set toLIST_OF_SUBNETWORKSStructure is documented below. - tcp
Established NumberIdle Timeout Sec - Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.
- tcp
Time NumberWait Timeout Sec - Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.
- tcp
Transitory NumberIdle Timeout Sec - Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.
- type String
- Indicates whether this NAT is used for public or private IP translation.
If unspecified, it defaults to PUBLIC.
If
PUBLICNAT used for public IP translation. IfPRIVATENAT used for private IP translation. Default value isPUBLIC. Possible values are:PUBLIC,PRIVATE. - udp
Idle NumberTimeout Sec - Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
Supporting Types
RouterNatLogConfig, RouterNatLogConfigArgs
RouterNatRule, RouterNatRuleArgs
- Match string
- CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. If it evaluates to true, the corresponding action is enforced. The following examples are valid match expressions for public NAT: "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" The following example is a valid match expression for private NAT: "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'"
- Rule
Number int - An integer uniquely identifying a rule in the list. The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.
- Action
Router
Nat Rule Action - The action to be enforced for traffic that matches this rule. Structure is documented below.
- Description string
- An optional description of this rule.
- Match string
- CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. If it evaluates to true, the corresponding action is enforced. The following examples are valid match expressions for public NAT: "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" The following example is a valid match expression for private NAT: "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'"
- Rule
Number int - An integer uniquely identifying a rule in the list. The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.
- Action
Router
Nat Rule Action - The action to be enforced for traffic that matches this rule. Structure is documented below.
- Description string
- An optional description of this rule.
- match String
- CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. If it evaluates to true, the corresponding action is enforced. The following examples are valid match expressions for public NAT: "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" The following example is a valid match expression for private NAT: "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'"
- rule
Number Integer - An integer uniquely identifying a rule in the list. The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.
- action
Router
Nat Rule Action - The action to be enforced for traffic that matches this rule. Structure is documented below.
- description String
- An optional description of this rule.
- match string
- CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. If it evaluates to true, the corresponding action is enforced. The following examples are valid match expressions for public NAT: "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" The following example is a valid match expression for private NAT: "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'"
- rule
Number number - An integer uniquely identifying a rule in the list. The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.
- action
Router
Nat Rule Action - The action to be enforced for traffic that matches this rule. Structure is documented below.
- description string
- An optional description of this rule.
- match str
- CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. If it evaluates to true, the corresponding action is enforced. The following examples are valid match expressions for public NAT: "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" The following example is a valid match expression for private NAT: "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'"
- rule_
number int - An integer uniquely identifying a rule in the list. The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.
- action
Router
Nat Rule Action - The action to be enforced for traffic that matches this rule. Structure is documented below.
- description str
- An optional description of this rule.
- match String
- CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. If it evaluates to true, the corresponding action is enforced. The following examples are valid match expressions for public NAT: "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')" "destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'" The following example is a valid match expression for private NAT: "nexthop.hub == 'https://networkconnectivity.googleapis.com/v1alpha1/projects/my-project/global/hub/hub-1'"
- rule
Number Number - An integer uniquely identifying a rule in the list. The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.
- action Property Map
- The action to be enforced for traffic that matches this rule. Structure is documented below.
- description String
- An optional description of this rule.
RouterNatRuleAction, RouterNatRuleActionArgs
- Source
Nat List<string>Active Ips - A list of URLs of the IP resources used for this NAT rule. These IP addresses must be valid static external IP addresses assigned to the project. This field is used for public NAT.
- Source
Nat List<string>Active Ranges - A list of URLs of the subnetworks used as source ranges for this NAT Rule. These subnetworks must have purpose set to PRIVATE_NAT. This field is used for private NAT.
- Source
Nat List<string>Drain Ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT rule only. This field is used for public NAT.
- Source
Nat List<string>Drain Ranges - A list of URLs of subnetworks representing source ranges to be drained. This is only supported on patch/update, and these subnetworks must have previously been used as active ranges in this NAT Rule. This field is used for private NAT.
- Source
Nat []stringActive Ips - A list of URLs of the IP resources used for this NAT rule. These IP addresses must be valid static external IP addresses assigned to the project. This field is used for public NAT.
- Source
Nat []stringActive Ranges - A list of URLs of the subnetworks used as source ranges for this NAT Rule. These subnetworks must have purpose set to PRIVATE_NAT. This field is used for private NAT.
- Source
Nat []stringDrain Ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT rule only. This field is used for public NAT.
- Source
Nat []stringDrain Ranges - A list of URLs of subnetworks representing source ranges to be drained. This is only supported on patch/update, and these subnetworks must have previously been used as active ranges in this NAT Rule. This field is used for private NAT.
- source
Nat List<String>Active Ips - A list of URLs of the IP resources used for this NAT rule. These IP addresses must be valid static external IP addresses assigned to the project. This field is used for public NAT.
- source
Nat List<String>Active Ranges - A list of URLs of the subnetworks used as source ranges for this NAT Rule. These subnetworks must have purpose set to PRIVATE_NAT. This field is used for private NAT.
- source
Nat List<String>Drain Ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT rule only. This field is used for public NAT.
- source
Nat List<String>Drain Ranges - A list of URLs of subnetworks representing source ranges to be drained. This is only supported on patch/update, and these subnetworks must have previously been used as active ranges in this NAT Rule. This field is used for private NAT.
- source
Nat string[]Active Ips - A list of URLs of the IP resources used for this NAT rule. These IP addresses must be valid static external IP addresses assigned to the project. This field is used for public NAT.
- source
Nat string[]Active Ranges - A list of URLs of the subnetworks used as source ranges for this NAT Rule. These subnetworks must have purpose set to PRIVATE_NAT. This field is used for private NAT.
- source
Nat string[]Drain Ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT rule only. This field is used for public NAT.
- source
Nat string[]Drain Ranges - A list of URLs of subnetworks representing source ranges to be drained. This is only supported on patch/update, and these subnetworks must have previously been used as active ranges in this NAT Rule. This field is used for private NAT.
- source_
nat_ Sequence[str]active_ ips - A list of URLs of the IP resources used for this NAT rule. These IP addresses must be valid static external IP addresses assigned to the project. This field is used for public NAT.
- source_
nat_ Sequence[str]active_ ranges - A list of URLs of the subnetworks used as source ranges for this NAT Rule. These subnetworks must have purpose set to PRIVATE_NAT. This field is used for private NAT.
- source_
nat_ Sequence[str]drain_ ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT rule only. This field is used for public NAT.
- source_
nat_ Sequence[str]drain_ ranges - A list of URLs of subnetworks representing source ranges to be drained. This is only supported on patch/update, and these subnetworks must have previously been used as active ranges in this NAT Rule. This field is used for private NAT.
- source
Nat List<String>Active Ips - A list of URLs of the IP resources used for this NAT rule. These IP addresses must be valid static external IP addresses assigned to the project. This field is used for public NAT.
- source
Nat List<String>Active Ranges - A list of URLs of the subnetworks used as source ranges for this NAT Rule. These subnetworks must have purpose set to PRIVATE_NAT. This field is used for private NAT.
- source
Nat List<String>Drain Ips - A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT rule only. This field is used for public NAT.
- source
Nat List<String>Drain Ranges - A list of URLs of subnetworks representing source ranges to be drained. This is only supported on patch/update, and these subnetworks must have previously been used as active ranges in this NAT Rule. This field is used for private NAT.
RouterNatSubnetwork, RouterNatSubnetworkArgs
- Name string
- Self-link of subnetwork to NAT
- Source
Ip List<string>Ranges To Nats - List of options for which source IPs in the subnetwork
should have NAT enabled. Supported values include:
ALL_IP_RANGES,LIST_OF_SECONDARY_IP_RANGES,PRIMARY_IP_RANGE. - Secondary
Ip List<string>Range Names - List of the secondary ranges of the subnetwork that are allowed
to use NAT. This can be populated only if
LIST_OF_SECONDARY_IP_RANGESis one of the values in sourceIpRangesToNat
- Name string
- Self-link of subnetwork to NAT
- Source
Ip []stringRanges To Nats - List of options for which source IPs in the subnetwork
should have NAT enabled. Supported values include:
ALL_IP_RANGES,LIST_OF_SECONDARY_IP_RANGES,PRIMARY_IP_RANGE. - Secondary
Ip []stringRange Names - List of the secondary ranges of the subnetwork that are allowed
to use NAT. This can be populated only if
LIST_OF_SECONDARY_IP_RANGESis one of the values in sourceIpRangesToNat
- name String
- Self-link of subnetwork to NAT
- source
Ip List<String>Ranges To Nats - List of options for which source IPs in the subnetwork
should have NAT enabled. Supported values include:
ALL_IP_RANGES,LIST_OF_SECONDARY_IP_RANGES,PRIMARY_IP_RANGE. - secondary
Ip List<String>Range Names - List of the secondary ranges of the subnetwork that are allowed
to use NAT. This can be populated only if
LIST_OF_SECONDARY_IP_RANGESis one of the values in sourceIpRangesToNat
- name string
- Self-link of subnetwork to NAT
- source
Ip string[]Ranges To Nats - List of options for which source IPs in the subnetwork
should have NAT enabled. Supported values include:
ALL_IP_RANGES,LIST_OF_SECONDARY_IP_RANGES,PRIMARY_IP_RANGE. - secondary
Ip string[]Range Names - List of the secondary ranges of the subnetwork that are allowed
to use NAT. This can be populated only if
LIST_OF_SECONDARY_IP_RANGESis one of the values in sourceIpRangesToNat
- name str
- Self-link of subnetwork to NAT
- source_
ip_ Sequence[str]ranges_ to_ nats - List of options for which source IPs in the subnetwork
should have NAT enabled. Supported values include:
ALL_IP_RANGES,LIST_OF_SECONDARY_IP_RANGES,PRIMARY_IP_RANGE. - secondary_
ip_ Sequence[str]range_ names - List of the secondary ranges of the subnetwork that are allowed
to use NAT. This can be populated only if
LIST_OF_SECONDARY_IP_RANGESis one of the values in sourceIpRangesToNat
- name String
- Self-link of subnetwork to NAT
- source
Ip List<String>Ranges To Nats - List of options for which source IPs in the subnetwork
should have NAT enabled. Supported values include:
ALL_IP_RANGES,LIST_OF_SECONDARY_IP_RANGES,PRIMARY_IP_RANGE. - secondary
Ip List<String>Range Names - List of the secondary ranges of the subnetwork that are allowed
to use NAT. This can be populated only if
LIST_OF_SECONDARY_IP_RANGESis one of the values in sourceIpRangesToNat
Import
RouterNat can be imported using any of these accepted formats:
projects/{{project}}/regions/{{region}}/routers/{{router}}/{{name}}{{project}}/{{region}}/{{router}}/{{name}}{{region}}/{{router}}/{{name}}{{router}}/{{name}}
When using the pulumi import command, RouterNat can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/routerNat:RouterNat default projects/{{project}}/regions/{{region}}/routers/{{router}}/{{name}}
$ pulumi import gcp:compute/routerNat:RouterNat default {{project}}/{{region}}/{{router}}/{{name}}
$ pulumi import gcp:compute/routerNat:RouterNat default {{region}}/{{router}}/{{name}}
$ pulumi import gcp:compute/routerNat:RouterNat default {{router}}/{{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.