Namespace Pulumi.Gcp.Compute
Classes
Address
Represents an Address resource.
Each virtual machine instance has an ephemeral internal IP address and, optionally, an external IP address. To communicate between instances on the same network, you can use an instance's internal IP address. To communicate with the Internet and instances outside of the same network, you must specify the instance's external IP address.
Internal IP addresses are ephemeral and only belong to an instance for the lifetime of the instance; if the instance is deleted and recreated, the instance is assigned a new internal IP address, either by Compute Engine or by you. External IP addresses can be either ephemeral or static.
To get more information about Address, see:
- API documentation
- How-to Guides
- Reserving a Static External IP Address
- Reserving a Static Internal IP Address
Example Usage - Address Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var ipAddress = new Gcp.Compute.Address("ipAddress", new Gcp.Compute.AddressArgs
{
});
}
}
Example Usage - Address With Subnetwork
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var defaultNetwork = new Gcp.Compute.Network("defaultNetwork", new Gcp.Compute.NetworkArgs
{
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("defaultSubnetwork", new Gcp.Compute.SubnetworkArgs
{
IpCidrRange = "10.0.0.0/16",
Region = "us-central1",
Network = defaultNetwork.Id,
});
var internalWithSubnetAndAddress = new Gcp.Compute.Address("internalWithSubnetAndAddress", new Gcp.Compute.AddressArgs
{
Subnetwork = defaultSubnetwork.Id,
AddressType = "INTERNAL",
Address = "10.0.42.42",
Region = "us-central1",
});
}
}
Example Usage - Address With Gce Endpoint
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var internalWithGceEndpoint = new Gcp.Compute.Address("internalWithGceEndpoint", new Gcp.Compute.AddressArgs
{
AddressType = "INTERNAL",
Purpose = "GCE_ENDPOINT",
});
}
}
AddressArgs
AddressState
AttachedDisk
Persistent disks can be attached to a compute instance using the attached_disk
section within the compute instance configuration.
However there may be situations where managing the attached disks via the compute
instance config isn't preferable or possible, such as attaching dynamic
numbers of disks using the count variable.
To get more information about attaching disks, see:
- API documentation
- How-to Guides
- Adding a persistent disk
Note: When using gcp.compute.AttachedDisk you must use lifecycle.ignore_changes = ["attached_disk"] on the gcp.compute.Instance resource that has the disks attached. Otherwise the two resources will fight for control of the attached disk block.
AttachedDiskArgs
AttachedDiskState
Autoscalar
Represents an Autoscaler resource.
Autoscalers allow you to automatically scale virtual machine instances in managed instance groups according to an autoscaling policy that you define.
To get more information about Autoscaler, see:
- API documentation
- How-to Guides
- Autoscaling Groups of Instances
AutoscalarArgs
AutoscalarState
Autoscaler
Represents an Autoscaler resource.
Autoscalers allow you to automatically scale virtual machine instances in managed instance groups according to an autoscaling policy that you define.
To get more information about Autoscaler, see:
- API documentation
- How-to Guides
- Autoscaling Groups of Instances
AutoscalerArgs
AutoscalerState
BackendBucket
Backend buckets allow you to use Google Cloud Storage buckets with HTTP(S) load balancing.
An HTTP(S) load balancer can direct traffic to specified URLs to a backend bucket rather than a backend service. It can send requests for static content to a Cloud Storage bucket and requests for dynamic content to a virtual machine instance.
To get more information about BackendBucket, see:
Example Usage - Backend Bucket Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var imageBucket = new Gcp.Storage.Bucket("imageBucket", new Gcp.Storage.BucketArgs
{
Location = "EU",
});
var imageBackend = new Gcp.Compute.BackendBucket("imageBackend", new Gcp.Compute.BackendBucketArgs
{
Description = "Contains beautiful images",
BucketName = imageBucket.Name,
EnableCdn = true,
});
}
}
BackendBucketArgs
BackendBucketSignedUrlKey
A key for signing Cloud CDN signed URLs for BackendBuckets.
To get more information about BackendBucketSignedUrlKey, see:
- API documentation
- How-to Guides
- Using Signed URLs
Warning: All arguments including
key_valuewill be stored in the raw state as plain-text.
Example Usage - Backend Bucket Signed Url Key
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var bucket = new Gcp.Storage.Bucket("bucket", new Gcp.Storage.BucketArgs
{
Location = "EU",
});
var testBackend = new Gcp.Compute.BackendBucket("testBackend", new Gcp.Compute.BackendBucketArgs
{
Description = "Contains beautiful images",
BucketName = bucket.Name,
EnableCdn = true,
});
var backendKey = new Gcp.Compute.BackendBucketSignedUrlKey("backendKey", new Gcp.Compute.BackendBucketSignedUrlKeyArgs
{
KeyValue = "pPsVemX8GM46QVeezid6Rw==",
BackendBucket = testBackend.Name,
});
}
}
BackendBucketSignedUrlKeyArgs
BackendBucketSignedUrlKeyState
BackendBucketState
BackendService
A Backend Service defines a group of virtual machines that will serve traffic for load balancing. This resource is a global backend service, appropriate for external load balancing or self-managed internal load balancing. For managed internal load balancing, use a regional backend service instead.
Currently self-managed internal load balancing is only available in beta.
To get more information about BackendService, see:
- API documentation
- How-to Guides
- Official Documentation
Example Usage - Backend Service Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("defaultHttpHealthCheck", new Gcp.Compute.HttpHealthCheckArgs
{
RequestPath = "/",
CheckIntervalSec = 1,
TimeoutSec = 1,
});
var defaultBackendService = new Gcp.Compute.BackendService("defaultBackendService", new Gcp.Compute.BackendServiceArgs
{
HealthChecks =
{
defaultHttpHealthCheck.Id,
},
});
}
}
BackendServiceArgs
BackendServiceSignedUrlKey
A key for signing Cloud CDN signed URLs for Backend Services.
To get more information about BackendServiceSignedUrlKey, see:
- API documentation
- How-to Guides
- Using Signed URLs
Warning: All arguments including
key_valuewill be stored in the raw state as plain-text.
BackendServiceSignedUrlKeyArgs
BackendServiceSignedUrlKeyState
BackendServiceState
Disk
Persistent disks are durable storage devices that function similarly to the physical disks in a desktop or a server. Compute Engine manages the hardware behind these devices to ensure data redundancy and optimize performance for you. Persistent disks are available as either standard hard disk drives (HDD) or solid-state drives (SSD).
Persistent disks are located independently from your virtual machine instances, so you can detach or move persistent disks to keep your data even after you delete your instances. Persistent disk performance scales automatically with size, so you can resize your existing persistent disks or add more persistent disks to an instance to meet your performance and storage space requirements.
Add a persistent disk to your instance when you need reliable and affordable storage with consistent performance characteristics.
To get more information about Disk, see:
- API documentation
- How-to Guides
- Adding a persistent disk
Warning: All arguments including
disk_encryption_key.raw_keywill be stored in the raw state as plain-text. Read more about secrets in state.
Example Usage - Disk Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var @default = new Gcp.Compute.Disk("default", new Gcp.Compute.DiskArgs
{
Image = "debian-8-jessie-v20170523",
Labels =
{
{ "environment", "dev" },
},
PhysicalBlockSizeBytes = 4096,
Type = "pd-ssd",
Zone = "us-central1-a",
});
}
}
DiskArgs
DiskResourcePolicyAttachment
Adds existing resource policies to a disk. You can only add one policy which will be applied to this disk for scheduling snapshot creation.
Note: This resource does not support regional disks (
gcp.compute.RegionDisk). For regional disks, please refer to thegcp.compute.RegionDiskResourcePolicyAttachmentresource.
DiskResourcePolicyAttachmentArgs
DiskResourcePolicyAttachmentState
DiskState
ExternalVpnGateway
Represents a VPN gateway managed outside of GCP.
To get more information about ExternalVpnGateway, see:
ExternalVpnGatewayArgs
ExternalVpnGatewayState
Firewall
Each network has its own firewall controlling access to and from the instances.
All traffic to instances, even from other instances, is blocked by the firewall unless firewall rules are created to allow it.
The default network has automatically created firewall rules that are shown in default firewall rules. No manually created network has automatically created firewall rules except for a default "allow" rule for outgoing traffic and a default "deny" for incoming traffic. For all networks except the default network, you must create any firewall rules you need.
To get more information about Firewall, see:
- API documentation
- How-to Guides
- Official Documentation
FirewallArgs
FirewallState
ForwardingRule
A ForwardingRule resource. A ForwardingRule resource specifies which pool of target virtual machines to forward a packet to if it matches the given [IPAddress, IPProtocol, portRange] tuple.
To get more information about ForwardingRule, see:
- API documentation
- How-to Guides
- Official Documentation
Example Usage - Forwarding Rule Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var defaultTargetPool = new Gcp.Compute.TargetPool("defaultTargetPool", new Gcp.Compute.TargetPoolArgs
{
});
var defaultForwardingRule = new Gcp.Compute.ForwardingRule("defaultForwardingRule", new Gcp.Compute.ForwardingRuleArgs
{
Target = defaultTargetPool.Id,
PortRange = "80",
});
}
}
ForwardingRuleArgs
ForwardingRuleState
GetAddress
GetAddressArgs
GetAddressResult
GetBackendBucket
GetBackendBucketArgs
GetBackendBucketResult
GetBackendService
GetBackendServiceArgs
GetBackendServiceResult
GetCertificate
GetCertificateArgs
GetCertificateResult
GetDefaultServiceAccount
GetDefaultServiceAccountArgs
GetDefaultServiceAccountResult
GetForwardingRule
GetForwardingRuleArgs
GetForwardingRuleResult
GetGlobalAddress
GetGlobalAddressArgs
GetGlobalAddressResult
GetImage
GetImageArgs
GetImageResult
GetInstance
GetInstanceArgs
GetInstanceGroup
GetInstanceGroupArgs
GetInstanceGroupResult
GetInstanceResult
GetInstanceSerialPort
GetInstanceSerialPortArgs
GetInstanceSerialPortResult
GetLBIPRanges
GetLBIPRangesResult
GetNetblockIPRanges
GetNetblockIPRangesArgs
GetNetblockIPRangesResult
GetNetwork
GetNetworkArgs
GetNetworkEndpointGroup
GetNetworkEndpointGroupArgs
GetNetworkEndpointGroupResult
GetNetworkResult
GetNodeTypes
GetNodeTypesArgs
GetNodeTypesResult
GetRegionInstanceGroup
GetRegionInstanceGroupArgs
GetRegionInstanceGroupResult
GetRegions
GetRegionsArgs
GetRegionsResult
GetResourcePolicy
GetResourcePolicyArgs
GetResourcePolicyResult
GetRouter
GetRouterArgs
GetRouterResult
GetSSLPolicy
GetSSLPolicyArgs
GetSSLPolicyResult
GetSubnetwork
GetSubnetworkArgs
GetSubnetworkResult
GetVPNGateway
GetVPNGatewayArgs
GetVPNGatewayResult
GetZones
GetZonesArgs
GetZonesResult
GlobalAddress
Represents a Global Address resource. Global addresses are used for HTTP(S) load balancing.
To get more information about GlobalAddress, see:
- API documentation
- How-to Guides
- Reserving a Static External IP Address
Example Usage - Global Address Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var @default = new Gcp.Compute.GlobalAddress("default", new Gcp.Compute.GlobalAddressArgs
{
});
}
}
GlobalAddressArgs
GlobalAddressState
GlobalForwardingRule
Represents a GlobalForwardingRule resource. Global forwarding rules are used to forward traffic to the correct load balancer for HTTP load balancing. Global forwarding rules can only be used for HTTP load balancing.
For more information, see https://cloud.google.com/compute/docs/load-balancing/http/
GlobalForwardingRuleArgs
GlobalForwardingRuleState
GlobalNetworkEndpoint
A Global Network endpoint represents a IP address and port combination that exists outside of GCP. NOTE: Global network endpoints cannot be created outside of a global network endpoint group.
To get more information about GlobalNetworkEndpoint, see:
- API documentation
- How-to Guides
- Official Documentation
GlobalNetworkEndpointArgs
GlobalNetworkEndpointGroup
A global network endpoint group contains endpoints that reside outside of Google Cloud. Currently a global network endpoint group can only support a single endpoint.
To get more information about GlobalNetworkEndpointGroup, see:
- API documentation
- How-to Guides
- Official Documentation
Example Usage - Global Network Endpoint Group
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var neg = new Gcp.Compute.GlobalNetworkEndpointGroup("neg", new Gcp.Compute.GlobalNetworkEndpointGroupArgs
{
DefaultPort = "90",
NetworkEndpointType = "INTERNET_FQDN_PORT",
});
}
}
Example Usage - Global Network Endpoint Group Ip Address
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var neg = new Gcp.Compute.GlobalNetworkEndpointGroup("neg", new Gcp.Compute.GlobalNetworkEndpointGroupArgs
{
DefaultPort = 90,
NetworkEndpointType = "INTERNET_IP_PORT",
});
}
}
GlobalNetworkEndpointGroupArgs
GlobalNetworkEndpointGroupState
GlobalNetworkEndpointState
HaVpnGateway
Represents a VPN gateway running in GCP. This virtual device is managed by Google, but used only by you. This type of VPN Gateway allows for the creation of VPN solutions with higher availability than classic Target VPN Gateways.
To get more information about HaVpnGateway, see:
- API documentation
- How-to Guides
- Choosing a VPN
- Cloud VPN Overview
Example Usage - Ha Vpn Gateway Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var network1 = new Gcp.Compute.Network("network1", new Gcp.Compute.NetworkArgs
{
AutoCreateSubnetworks = false,
});
var haGateway1 = new Gcp.Compute.HaVpnGateway("haGateway1", new Gcp.Compute.HaVpnGatewayArgs
{
Region = "us-central1",
Network = network1.Id,
});
}
}
Example Usage - Ha Vpn Gateway Gcp To Gcp
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var network1 = new Gcp.Compute.Network("network1", new Gcp.Compute.NetworkArgs
{
RoutingMode = "GLOBAL",
AutoCreateSubnetworks = false,
});
var haGateway1 = new Gcp.Compute.HaVpnGateway("haGateway1", new Gcp.Compute.HaVpnGatewayArgs
{
Region = "us-central1",
Network = network1.Id,
});
var network2 = new Gcp.Compute.Network("network2", new Gcp.Compute.NetworkArgs
{
RoutingMode = "GLOBAL",
AutoCreateSubnetworks = false,
});
var haGateway2 = new Gcp.Compute.HaVpnGateway("haGateway2", new Gcp.Compute.HaVpnGatewayArgs
{
Region = "us-central1",
Network = network2.Id,
});
var network1Subnet1 = new Gcp.Compute.Subnetwork("network1Subnet1", new Gcp.Compute.SubnetworkArgs
{
IpCidrRange = "10.0.1.0/24",
Region = "us-central1",
Network = network1.Id,
});
var network1Subnet2 = new Gcp.Compute.Subnetwork("network1Subnet2", new Gcp.Compute.SubnetworkArgs
{
IpCidrRange = "10.0.2.0/24",
Region = "us-west1",
Network = network1.Id,
});
var network2Subnet1 = new Gcp.Compute.Subnetwork("network2Subnet1", new Gcp.Compute.SubnetworkArgs
{
IpCidrRange = "192.168.1.0/24",
Region = "us-central1",
Network = network2.Id,
});
var network2Subnet2 = new Gcp.Compute.Subnetwork("network2Subnet2", new Gcp.Compute.SubnetworkArgs
{
IpCidrRange = "192.168.2.0/24",
Region = "us-east1",
Network = network2.Id,
});
var router1 = new Gcp.Compute.Router("router1", new Gcp.Compute.RouterArgs
{
Network = network1.Name,
Bgp = new Gcp.Compute.Inputs.RouterBgpArgs
{
Asn = 64514,
},
});
var router2 = new Gcp.Compute.Router("router2", new Gcp.Compute.RouterArgs
{
Network = network2.Name,
Bgp = new Gcp.Compute.Inputs.RouterBgpArgs
{
Asn = 64515,
},
});
var tunnel1 = new Gcp.Compute.VPNTunnel("tunnel1", new Gcp.Compute.VPNTunnelArgs
{
Region = "us-central1",
VpnGateway = haGateway1.Id,
PeerGcpGateway = haGateway2.Id,
SharedSecret = "a secret message",
Router = router1.Id,
VpnGatewayInterface = 0,
});
var tunnel2 = new Gcp.Compute.VPNTunnel("tunnel2", new Gcp.Compute.VPNTunnelArgs
{
Region = "us-central1",
VpnGateway = haGateway1.Id,
PeerGcpGateway = haGateway2.Id,
SharedSecret = "a secret message",
Router = router1.Id,
VpnGatewayInterface = 1,
});
var tunnel3 = new Gcp.Compute.VPNTunnel("tunnel3", new Gcp.Compute.VPNTunnelArgs
{
Region = "us-central1",
VpnGateway = haGateway2.Id,
PeerGcpGateway = haGateway1.Id,
SharedSecret = "a secret message",
Router = router2.Id,
VpnGatewayInterface = 0,
});
var tunnel4 = new Gcp.Compute.VPNTunnel("tunnel4", new Gcp.Compute.VPNTunnelArgs
{
Region = "us-central1",
VpnGateway = haGateway2.Id,
PeerGcpGateway = haGateway1.Id,
SharedSecret = "a secret message",
Router = router2.Id,
VpnGatewayInterface = 1,
});
var router1Interface1 = new Gcp.Compute.RouterInterface("router1Interface1", new Gcp.Compute.RouterInterfaceArgs
{
Router = router1.Name,
Region = "us-central1",
IpRange = "169.254.0.1/30",
VpnTunnel = tunnel1.Name,
});
var router1Peer1 = new Gcp.Compute.RouterPeer("router1Peer1", new Gcp.Compute.RouterPeerArgs
{
Router = router1.Name,
Region = "us-central1",
PeerIpAddress = "169.254.0.2",
PeerAsn = 64515,
AdvertisedRoutePriority = 100,
Interface = router1Interface1.Name,
});
var router1Interface2 = new Gcp.Compute.RouterInterface("router1Interface2", new Gcp.Compute.RouterInterfaceArgs
{
Router = router1.Name,
Region = "us-central1",
IpRange = "169.254.1.1/30",
VpnTunnel = tunnel2.Name,
});
var router1Peer2 = new Gcp.Compute.RouterPeer("router1Peer2", new Gcp.Compute.RouterPeerArgs
{
Router = router1.Name,
Region = "us-central1",
PeerIpAddress = "169.254.1.2",
PeerAsn = 64515,
AdvertisedRoutePriority = 100,
Interface = router1Interface2.Name,
});
var router2Interface1 = new Gcp.Compute.RouterInterface("router2Interface1", new Gcp.Compute.RouterInterfaceArgs
{
Router = router2.Name,
Region = "us-central1",
IpRange = "169.254.0.1/30",
VpnTunnel = tunnel3.Name,
});
var router2Peer1 = new Gcp.Compute.RouterPeer("router2Peer1", new Gcp.Compute.RouterPeerArgs
{
Router = router2.Name,
Region = "us-central1",
PeerIpAddress = "169.254.0.2",
PeerAsn = 64514,
AdvertisedRoutePriority = 100,
Interface = router2Interface1.Name,
});
var router2Interface2 = new Gcp.Compute.RouterInterface("router2Interface2", new Gcp.Compute.RouterInterfaceArgs
{
Router = router2.Name,
Region = "us-central1",
IpRange = "169.254.1.1/30",
VpnTunnel = tunnel4.Name,
});
var router2Peer2 = new Gcp.Compute.RouterPeer("router2Peer2", new Gcp.Compute.RouterPeerArgs
{
Router = router2.Name,
Region = "us-central1",
PeerIpAddress = "169.254.1.2",
PeerAsn = 64514,
AdvertisedRoutePriority = 100,
Interface = router2Interface2.Name,
});
}
}
HaVpnGatewayArgs
HaVpnGatewayState
HealthCheck
Health Checks determine whether instances are responsive and able to do work. They are an important part of a comprehensive load balancing configuration, as they enable monitoring instances behind load balancers.
Health Checks poll instances at a specified interval. Instances that do not respond successfully to some number of probes in a row are marked as unhealthy. No new connections are sent to unhealthy instances, though existing connections will continue. The health check will continue to poll unhealthy instances. If an instance later responds successfully to some number of consecutive probes, it is marked healthy again and can receive new connections.
To get more information about HealthCheck, see:
- API documentation
- How-to Guides
- Official Documentation
Example Usage - Health Check Tcp
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var tcp_health_check = new Gcp.Compute.HealthCheck("tcp-health-check", new Gcp.Compute.HealthCheckArgs
{
CheckIntervalSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
Port = "80",
},
TimeoutSec = 1,
});
}
}
Example Usage - Health Check Tcp Full
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var tcp_health_check = new Gcp.Compute.HealthCheck("tcp-health-check", new Gcp.Compute.HealthCheckArgs
{
CheckIntervalSec = 1,
Description = "Health check via tcp",
HealthyThreshold = 4,
TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
{
PortName = "health-check-port",
PortSpecification = "USE_NAMED_PORT",
ProxyHeader = "NONE",
Request = "ARE YOU HEALTHY?",
Response = "I AM HEALTHY",
},
TimeoutSec = 1,
UnhealthyThreshold = 5,
});
}
}
Example Usage - Health Check Ssl
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var ssl_health_check = new Gcp.Compute.HealthCheck("ssl-health-check", new Gcp.Compute.HealthCheckArgs
{
CheckIntervalSec = 1,
SslHealthCheck = new Gcp.Compute.Inputs.HealthCheckSslHealthCheckArgs
{
Port = "443",
},
TimeoutSec = 1,
});
}
}
Example Usage - Health Check Ssl Full
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var ssl_health_check = new Gcp.Compute.HealthCheck("ssl-health-check", new Gcp.Compute.HealthCheckArgs
{
CheckIntervalSec = 1,
Description = "Health check via ssl",
HealthyThreshold = 4,
SslHealthCheck = new Gcp.Compute.Inputs.HealthCheckSslHealthCheckArgs
{
PortName = "health-check-port",
PortSpecification = "USE_NAMED_PORT",
ProxyHeader = "NONE",
Request = "ARE YOU HEALTHY?",
Response = "I AM HEALTHY",
},
TimeoutSec = 1,
UnhealthyThreshold = 5,
});
}
}
Example Usage - Health Check Http
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var http_health_check = new Gcp.Compute.HealthCheck("http-health-check", new Gcp.Compute.HealthCheckArgs
{
CheckIntervalSec = 1,
HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs
{
Port = 80,
},
TimeoutSec = 1,
});
}
}
Example Usage - Health Check Http Full
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var http_health_check = new Gcp.Compute.HealthCheck("http-health-check", new Gcp.Compute.HealthCheckArgs
{
CheckIntervalSec = 1,
Description = "Health check via http",
HealthyThreshold = 4,
HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs
{
Host = "1.2.3.4",
PortName = "health-check-port",
PortSpecification = "USE_NAMED_PORT",
ProxyHeader = "NONE",
RequestPath = "/mypath",
Response = "I AM HEALTHY",
},
TimeoutSec = 1,
UnhealthyThreshold = 5,
});
}
}
Example Usage - Health Check Https
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var https_health_check = new Gcp.Compute.HealthCheck("https-health-check", new Gcp.Compute.HealthCheckArgs
{
CheckIntervalSec = 1,
HttpsHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpsHealthCheckArgs
{
Port = "443",
},
TimeoutSec = 1,
});
}
}
Example Usage - Health Check Https Full
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var https_health_check = new Gcp.Compute.HealthCheck("https-health-check", new Gcp.Compute.HealthCheckArgs
{
CheckIntervalSec = 1,
Description = "Health check via https",
HealthyThreshold = 4,
HttpsHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpsHealthCheckArgs
{
Host = "1.2.3.4",
PortName = "health-check-port",
PortSpecification = "USE_NAMED_PORT",
ProxyHeader = "NONE",
RequestPath = "/mypath",
Response = "I AM HEALTHY",
},
TimeoutSec = 1,
UnhealthyThreshold = 5,
});
}
}
Example Usage - Health Check Http2
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var http2_health_check = new Gcp.Compute.HealthCheck("http2-health-check", new Gcp.Compute.HealthCheckArgs
{
CheckIntervalSec = 1,
Http2HealthCheck = new Gcp.Compute.Inputs.HealthCheckHttp2HealthCheckArgs
{
Port = "443",
},
TimeoutSec = 1,
});
}
}
Example Usage - Health Check Http2 Full
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var http2_health_check = new Gcp.Compute.HealthCheck("http2-health-check", new Gcp.Compute.HealthCheckArgs
{
CheckIntervalSec = 1,
Description = "Health check via http2",
HealthyThreshold = 4,
Http2HealthCheck = new Gcp.Compute.Inputs.HealthCheckHttp2HealthCheckArgs
{
Host = "1.2.3.4",
PortName = "health-check-port",
PortSpecification = "USE_NAMED_PORT",
ProxyHeader = "NONE",
RequestPath = "/mypath",
Response = "I AM HEALTHY",
},
TimeoutSec = 1,
UnhealthyThreshold = 5,
});
}
}
HealthCheckArgs
HealthCheckState
HttpHealthCheck
An HttpHealthCheck resource. This resource defines a template for how individual VMs should be checked for health, via HTTP.
Note: gcp.compute.HttpHealthCheck is a legacy health check. The newer gcp.compute.HealthCheck should be preferred for all uses except Network Load Balancers which still require the legacy version.
To get more information about HttpHealthCheck, see:
- API documentation
- How-to Guides
- Adding Health Checks
Example Usage - Http Health Check Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var @default = new Gcp.Compute.HttpHealthCheck("default", new Gcp.Compute.HttpHealthCheckArgs
{
CheckIntervalSec = 1,
RequestPath = "/health_check",
TimeoutSec = 1,
});
}
}
HttpHealthCheckArgs
HttpHealthCheckState
HttpsHealthCheck
An HttpsHealthCheck resource. This resource defines a template for how individual VMs should be checked for health, via HTTPS.
Note: gcp.compute.HttpsHealthCheck is a legacy health check. The newer gcp.compute.HealthCheck should be preferred for all uses except Network Load Balancers which still require the legacy version.
To get more information about HttpsHealthCheck, see:
- API documentation
- How-to Guides
- Adding Health Checks
Example Usage - Https Health Check Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var @default = new Gcp.Compute.HttpsHealthCheck("default", new Gcp.Compute.HttpsHealthCheckArgs
{
CheckIntervalSec = 1,
RequestPath = "/health_check",
TimeoutSec = 1,
});
}
}
HttpsHealthCheckArgs
HttpsHealthCheckState
Image
Represents an Image resource.
Google Compute Engine uses operating system images to create the root persistent disks for your instances. You specify an image when you create an instance. Images contain a boot loader, an operating system, and a root file system. Linux operating system images are also capable of running containers on Compute Engine.
Images can be either public or custom.
Public images are provided and maintained by Google, open-source communities, and third-party vendors. By default, all projects have access to these images and can use them to create instances. Custom images are available only to your project. You can create a custom image from root persistent disks and other images. Then, use the custom image to create an instance.
To get more information about Image, see:
- API documentation
- How-to Guides
- Official Documentation
Example Usage - Image Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var example = new Gcp.Compute.Image("example", new Gcp.Compute.ImageArgs
{
RawDisk = new Gcp.Compute.Inputs.ImageRawDiskArgs
{
Source = "https://storage.googleapis.com/bosh-cpi-artifacts/bosh-stemcell-3262.4-google-kvm-ubuntu-trusty-go_agent-raw.tar.gz",
},
});
}
}
Example Usage - Image Guest Os
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var example = new Gcp.Compute.Image("example", new Gcp.Compute.ImageArgs
{
GuestOsFeatures =
{
new Gcp.Compute.Inputs.ImageGuestOsFeatureArgs
{
Type = "SECURE_BOOT",
},
new Gcp.Compute.Inputs.ImageGuestOsFeatureArgs
{
Type = "MULTI_IP_SUBNET",
},
},
RawDisk = new Gcp.Compute.Inputs.ImageRawDiskArgs
{
Source = "https://storage.googleapis.com/bosh-cpi-artifacts/bosh-stemcell-3262.4-google-kvm-ubuntu-trusty-go_agent-raw.tar.gz",
},
});
}
}
ImageArgs
ImageState
Instance
Manages a VM instance resource within GCE. For more information see the official documentation and API.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var @default = new Gcp.Compute.Instance("default", new Gcp.Compute.InstanceArgs
{
BootDisk = new Gcp.Compute.Inputs.InstanceBootDiskArgs
{
InitializeParams = new Gcp.Compute.Inputs.InstanceBootDiskInitializeParamsArgs
{
Image = "debian-cloud/debian-9",
},
},
MachineType = "n1-standard-1",
Metadata =
{
{ "foo", "bar" },
},
MetadataStartupScript = "echo hi > /test.txt",
NetworkInterfaces =
{
new Gcp.Compute.Inputs.InstanceNetworkInterfaceArgs
{
AccessConfig =
{
,
},
Network = "default",
},
},
ScratchDisks =
{
new Gcp.Compute.Inputs.InstanceScratchDiskArgs
{
Interface = "SCSI",
},
},
ServiceAccount = new Gcp.Compute.Inputs.InstanceServiceAccountArgs
{
Scopes =
{
"userinfo-email",
"compute-ro",
"storage-ro",
},
},
Tags =
{
"foo",
"bar",
},
Zone = "us-central1-a",
});
}
}
InstanceArgs
InstanceFromTemplate
Manages a VM instance resource within GCE. For more information see the official documentation and API.
This resource is specifically to create a compute instance from a given
source_instance_template. To create an instance without a template, use the
gcp.compute.Instance resource.
InstanceFromTemplateArgs
InstanceFromTemplateState
InstanceGroup
Creates a group of dissimilar Compute Engine virtual machine instances. For more information, see the official documentation and API
Example Usage - Empty instance group
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var test = new Gcp.Compute.InstanceGroup("test", new Gcp.Compute.InstanceGroupArgs
{
Description = "Test instance group",
Zone = "us-central1-a",
Network = google_compute_network.Default.Id,
});
}
}
InstanceGroupArgs
InstanceGroupManager
The Google Compute Engine Instance Group Manager API creates and manages pools of homogeneous Compute Engine virtual machine instances from a common instance template. For more information, see the official documentation and API
Note: Use gcp.compute.RegionInstanceGroupManager to create a regional (multi-zone) instance group manager.
InstanceGroupManagerArgs
InstanceGroupManagerState
InstanceGroupNamedPort
Mange the named ports setting for a managed instance group without managing the group as whole. This resource is primarily intended for use with GKE-generated groups that shouldn't otherwise be managed by other tools.
To get more information about InstanceGroupNamedPort, see:
- API documentation
- How-to Guides
- Official Documentation
InstanceGroupNamedPortArgs
InstanceGroupNamedPortState
InstanceGroupState
InstanceIAMBinding
Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:
gcp.compute.InstanceIAMPolicy: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.gcp.compute.InstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.gcp.compute.InstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.
Note:
gcp.compute.InstanceIAMPolicycannot be used in conjunction withgcp.compute.InstanceIAMBindingandgcp.compute.InstanceIAMMemberor they will fight over what your policy should be.
Note:
gcp.compute.InstanceIAMBindingresources can be used in conjunction withgcp.compute.InstanceIAMMemberresources only if they do not grant privilege to the same role.
google_compute_instance_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/compute.osLogin" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Compute.InstanceIAMPolicy("policy", new Gcp.Compute.InstanceIAMPolicyArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/compute.osLogin" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Compute.InstanceIAMPolicy("policy", new Gcp.Compute.InstanceIAMPolicyArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_compute_instance_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Compute.InstanceIAMBinding("binding", new Gcp.Compute.InstanceIAMBindingArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
Role = "roles/compute.osLogin",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Compute.InstanceIAMBinding("binding", new Gcp.Compute.InstanceIAMBindingArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
Role = "roles/compute.osLogin",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_compute_instance_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Compute.InstanceIAMMember("member", new Gcp.Compute.InstanceIAMMemberArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
Role = "roles/compute.osLogin",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Compute.InstanceIAMMember("member", new Gcp.Compute.InstanceIAMMemberArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
Role = "roles/compute.osLogin",
Member = "user:jane@example.com",
Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
InstanceIAMBindingArgs
InstanceIAMBindingState
InstanceIAMMember
Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:
gcp.compute.InstanceIAMPolicy: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.gcp.compute.InstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.gcp.compute.InstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.
Note:
gcp.compute.InstanceIAMPolicycannot be used in conjunction withgcp.compute.InstanceIAMBindingandgcp.compute.InstanceIAMMemberor they will fight over what your policy should be.
Note:
gcp.compute.InstanceIAMBindingresources can be used in conjunction withgcp.compute.InstanceIAMMemberresources only if they do not grant privilege to the same role.
google_compute_instance_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/compute.osLogin" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Compute.InstanceIAMPolicy("policy", new Gcp.Compute.InstanceIAMPolicyArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/compute.osLogin" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Compute.InstanceIAMPolicy("policy", new Gcp.Compute.InstanceIAMPolicyArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_compute_instance_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Compute.InstanceIAMBinding("binding", new Gcp.Compute.InstanceIAMBindingArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
Role = "roles/compute.osLogin",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Compute.InstanceIAMBinding("binding", new Gcp.Compute.InstanceIAMBindingArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
Role = "roles/compute.osLogin",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_compute_instance_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Compute.InstanceIAMMember("member", new Gcp.Compute.InstanceIAMMemberArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
Role = "roles/compute.osLogin",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Compute.InstanceIAMMember("member", new Gcp.Compute.InstanceIAMMemberArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
Role = "roles/compute.osLogin",
Member = "user:jane@example.com",
Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
InstanceIAMMemberArgs
InstanceIAMMemberState
InstanceIAMPolicy
Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:
gcp.compute.InstanceIAMPolicy: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.gcp.compute.InstanceIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.gcp.compute.InstanceIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.
Note:
gcp.compute.InstanceIAMPolicycannot be used in conjunction withgcp.compute.InstanceIAMBindingandgcp.compute.InstanceIAMMemberor they will fight over what your policy should be.
Note:
gcp.compute.InstanceIAMBindingresources can be used in conjunction withgcp.compute.InstanceIAMMemberresources only if they do not grant privilege to the same role.
google_compute_instance_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/compute.osLogin" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Compute.InstanceIAMPolicy("policy", new Gcp.Compute.InstanceIAMPolicyArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/compute.osLogin" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Compute.InstanceIAMPolicy("policy", new Gcp.Compute.InstanceIAMPolicyArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_compute_instance_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Compute.InstanceIAMBinding("binding", new Gcp.Compute.InstanceIAMBindingArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
Role = "roles/compute.osLogin",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Compute.InstanceIAMBinding("binding", new Gcp.Compute.InstanceIAMBindingArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
Role = "roles/compute.osLogin",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_compute_instance_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Compute.InstanceIAMMember("member", new Gcp.Compute.InstanceIAMMemberArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
Role = "roles/compute.osLogin",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Compute.InstanceIAMMember("member", new Gcp.Compute.InstanceIAMMemberArgs
{
Project = google_compute_instance.Default.Project,
Zone = google_compute_instance.Default.Zone,
InstanceName = google_compute_instance.Default.Name,
Role = "roles/compute.osLogin",
Member = "user:jane@example.com",
Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
InstanceIAMPolicyArgs
InstanceIAMPolicyState
InstanceState
InstanceTemplate
Manages a VM instance template resource within GCE. For more information see the official documentation and API.
InstanceTemplateArgs
InstanceTemplateState
InterconnectAttachment
Represents an InterconnectAttachment (VLAN attachment) resource. For more information, see Creating VLAN Attachments.
Example Usage - Interconnect Attachment Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var foobar = new Gcp.Compute.Router("foobar", new Gcp.Compute.RouterArgs
{
Network = google_compute_network.Foobar.Name,
});
var onPrem = new Gcp.Compute.InterconnectAttachment("onPrem", new Gcp.Compute.InterconnectAttachmentArgs
{
Interconnect = "my-interconnect-id",
Router = foobar.Id,
});
}
}
InterconnectAttachmentArgs
InterconnectAttachmentState
MachineImage
Represents a MachineImage resource. Machine images store all the configuration, metadata, permissions, and data from one or more disks required to create a Virtual machine (VM) instance.
To get more information about MachineImage, see:
- API documentation
- How-to Guides
- Official Documentation
MachineImageArgs
MachineImageState
ManagedSslCertificate
An SslCertificate resource, used for HTTPS load balancing. This resource represents a certificate for which the certificate secrets are created and managed by Google.
For a resource where you provide the key, see the SSL Certificate resource.
To get more information about ManagedSslCertificate, see:
- API documentation
- How-to Guides
- Official Documentation
Warning: This resource should be used with extreme caution! Provisioning an SSL certificate is complex. Ensure that you understand the lifecycle of a certificate before attempting complex tasks like cert rotation automatically. This resource will "return" as soon as the certificate object is created, but post-creation the certificate object will go through a "provisioning" process. The provisioning process can complete only when the domain name for which the certificate is created points to a target pool which, itself, points at the certificate. Depending on your DNS provider, this may take some time, and migrating from self-managed certificates to Google-managed certificates may entail some downtime while the certificate provisions.
In conclusion: Be extremely cautious.
ManagedSslCertificateArgs
ManagedSslCertificateState
MangedSslCertificate
MangedSslCertificateArgs
MangedSslCertificateState
Network
Manages a VPC network or legacy network resource on GCP.
To get more information about Network, see:
- API documentation
- How-to Guides
- Official Documentation
Example Usage - Network Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var vpcNetwork = new Gcp.Compute.Network("vpcNetwork", new Gcp.Compute.NetworkArgs
{
});
}
}
NetworkArgs
NetworkEndpoint
A Network endpoint represents a IP address and port combination that is part of a specific network endpoint group (NEG). NEGs are zonals collection of these endpoints for GCP resources within a single subnet. NOTE: Network endpoints cannot be created outside of a network endpoint group.
To get more information about NetworkEndpoint, see:
- API documentation
- How-to Guides
- Official Documentation
NetworkEndpointArgs
NetworkEndpointGroup
Network endpoint groups (NEGs) are zonal resources that represent collections of IP address and port combinations for GCP resources within a single subnet. Each IP address and port combination is called a network endpoint.
Network endpoint groups can be used as backends in backend services for HTTP(S), TCP proxy, and SSL proxy load balancers. You cannot use NEGs as a backend with internal load balancers. Because NEG backends allow you to specify IP addresses and ports, you can distribute traffic in a granular fashion among applications or containers running within VM instances.
To get more information about NetworkEndpointGroup, see:
- API documentation
- How-to Guides
- Official Documentation
Example Usage - Network Endpoint Group
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var defaultNetwork = new Gcp.Compute.Network("defaultNetwork", new Gcp.Compute.NetworkArgs
{
AutoCreateSubnetworks = false,
});
var defaultSubnetwork = new Gcp.Compute.Subnetwork("defaultSubnetwork", new Gcp.Compute.SubnetworkArgs
{
IpCidrRange = "10.0.0.0/16",
Region = "us-central1",
Network = defaultNetwork.Id,
});
var neg = new Gcp.Compute.NetworkEndpointGroup("neg", new Gcp.Compute.NetworkEndpointGroupArgs
{
Network = defaultNetwork.Id,
Subnetwork = defaultSubnetwork.Id,
DefaultPort = "90",
Zone = "us-central1-a",
});
}
}
NetworkEndpointGroupArgs
NetworkEndpointGroupState
NetworkEndpointState
NetworkPeering
Manages a network peering within GCE. For more information see the official documentation and API.
Both network must create a peering with each other for the peering to be functional.
Subnets IP ranges across peered VPC networks cannot overlap.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var @default = new Gcp.Compute.Network("default", new Gcp.Compute.NetworkArgs
{
AutoCreateSubnetworks = "false",
});
var other = new Gcp.Compute.Network("other", new Gcp.Compute.NetworkArgs
{
AutoCreateSubnetworks = "false",
});
var peering1 = new Gcp.Compute.NetworkPeering("peering1", new Gcp.Compute.NetworkPeeringArgs
{
Network = @default.Id,
PeerNetwork = other.Id,
});
var peering2 = new Gcp.Compute.NetworkPeering("peering2", new Gcp.Compute.NetworkPeeringArgs
{
Network = other.Id,
PeerNetwork = @default.Id,
});
}
}
NetworkPeeringArgs
NetworkPeeringRoutesConfig
Manage a network peering's route settings without managing the peering as a whole. This resource is primarily intended for use with GCP-generated peerings that shouldn't otherwise be managed by other tools. Deleting this resource is a no-op and the peering will not be modified.
To get more information about NetworkPeeringRoutesConfig, see:
- API documentation
- How-to Guides
- Official Documentation
Example Usage - Network Peering Routes Config Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var networkPrimary = new Gcp.Compute.Network("networkPrimary", new Gcp.Compute.NetworkArgs
{
AutoCreateSubnetworks = "false",
});
var networkSecondary = new Gcp.Compute.Network("networkSecondary", new Gcp.Compute.NetworkArgs
{
AutoCreateSubnetworks = "false",
});
var peeringPrimary = new Gcp.Compute.NetworkPeering("peeringPrimary", new Gcp.Compute.NetworkPeeringArgs
{
Network = networkPrimary.Id,
PeerNetwork = networkSecondary.Id,
ImportCustomRoutes = true,
ExportCustomRoutes = true,
});
var peeringPrimaryRoutes = new Gcp.Compute.NetworkPeeringRoutesConfig("peeringPrimaryRoutes", new Gcp.Compute.NetworkPeeringRoutesConfigArgs
{
Peering = peeringPrimary.Name,
Network = networkPrimary.Name,
ImportCustomRoutes = true,
ExportCustomRoutes = true,
});
var peeringSecondary = new Gcp.Compute.NetworkPeering("peeringSecondary", new Gcp.Compute.NetworkPeeringArgs
{
Network = networkSecondary.Id,
PeerNetwork = networkPrimary.Id,
});
}
}
NetworkPeeringRoutesConfigArgs
NetworkPeeringRoutesConfigState
NetworkPeeringState
NetworkState
NodeGroup
Represents a NodeGroup resource to manage a group of sole-tenant nodes.
To get more information about NodeGroup, see:
- API documentation
- How-to Guides
- Sole-Tenant Nodes
Warning: Due to limitations of the API, this provider cannot update the number of nodes in a node group and changes to node group size either through provider config or through external changes will cause the provider to delete and recreate the node group.
Example Usage - Node Group Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var central1a = Output.Create(Gcp.Compute.GetNodeTypes.InvokeAsync(new Gcp.Compute.GetNodeTypesArgs
{
Zone = "us-central1-a",
}));
var soletenant_tmpl = new Gcp.Compute.NodeTemplate("soletenant-tmpl", new Gcp.Compute.NodeTemplateArgs
{
Region = "us-central1",
NodeType = central1a.Apply(central1a => central1a.Names[0]),
});
var nodes = new Gcp.Compute.NodeGroup("nodes", new Gcp.Compute.NodeGroupArgs
{
Zone = "us-central1-a",
Description = "example gcp.compute.NodeGroup for the Google Provider",
Size = 1,
NodeTemplate = soletenant_tmpl.Id,
});
}
}
NodeGroupArgs
NodeGroupState
NodeTemplate
Represents a NodeTemplate resource. Node templates specify properties for creating sole-tenant nodes, such as node type, vCPU and memory requirements, node affinity labels, and region.
To get more information about NodeTemplate, see:
- API documentation
- How-to Guides
- Sole-Tenant Nodes
Example Usage - Node Template Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var central1a = Output.Create(Gcp.Compute.GetNodeTypes.InvokeAsync(new Gcp.Compute.GetNodeTypesArgs
{
Zone = "us-central1-a",
}));
var template = new Gcp.Compute.NodeTemplate("template", new Gcp.Compute.NodeTemplateArgs
{
Region = "us-central1",
NodeType = central1a.Apply(central1a => central1a.Names[0]),
});
}
}
NodeTemplateArgs
NodeTemplateState
PacketMirroring
Packet Mirroring mirrors traffic to and from particular VM instances. You can use the collected traffic to help you detect security threats and monitor application performance.
To get more information about PacketMirroring, see:
- API documentation
- How-to Guides
- Using Packet Mirroring
PacketMirroringArgs
PacketMirroringState
PerInstanceConfig
A config defined for a single managed instance that belongs to an instance group manager. It preserves the instance name across instance group manager operations and can define stateful disks or metadata that are unique to the instance.
To get more information about PerInstanceConfig, see:
- API documentation
- How-to Guides
- Official Documentation
PerInstanceConfigArgs
PerInstanceConfigState
ProjectDefaultNetworkTier
Configures the Google Compute Engine Default Network Tier for a project.
For more information, see, the Project API documentation.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var @default = new Gcp.Compute.ProjectDefaultNetworkTier("default", new Gcp.Compute.ProjectDefaultNetworkTierArgs
{
NetworkTier = "PREMIUM",
});
}
}
ProjectDefaultNetworkTierArgs
ProjectDefaultNetworkTierState
ProjectMetadata
Authoritatively manages metadata common to all instances for a project in GCE. For more information see the official documentation and API.
Note: This resource manages all project-level metadata including project-level ssh keys. Keys unset in config but set on the server will be removed. If you want to manage only single key/value pairs within the project metadata rather than the entire set, then use google_compute_project_metadata_item.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var @default = new Gcp.Compute.ProjectMetadata("default", new Gcp.Compute.ProjectMetadataArgs
{
Metadata =
{
{ "13", "42" },
{ "fizz", "buzz" },
{ "foo", "bar" },
},
});
}
}
ProjectMetadataArgs
ProjectMetadataItem
Manages a single key/value pair on metadata common to all instances for
a project in GCE. Using gcp.compute.ProjectMetadataItem lets you
manage a single key/value setting in the provider rather than the entire
project metadata map.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var @default = new Gcp.Compute.ProjectMetadataItem("default", new Gcp.Compute.ProjectMetadataItemArgs
{
Key = "my_metadata",
Value = "my_value",
});
}
}
ProjectMetadataItemArgs
ProjectMetadataItemState
ProjectMetadataState
RegionAutoscaler
Represents an Autoscaler resource.
Autoscalers allow you to automatically scale virtual machine instances in managed instance groups according to an autoscaling policy that you define.
To get more information about RegionAutoscaler, see:
- API documentation
- How-to Guides
- Autoscaling Groups of Instances
RegionAutoscalerArgs
RegionAutoscalerState
RegionBackendService
A Region Backend Service defines a regionally-scoped group of virtual machines that will serve traffic for load balancing.
To get more information about RegionBackendService, see:
- API documentation
- How-to Guides
- Internal TCP/UDP Load Balancing
RegionBackendServiceArgs
RegionBackendServiceState
RegionDisk
Persistent disks are durable storage devices that function similarly to the physical disks in a desktop or a server. Compute Engine manages the hardware behind these devices to ensure data redundancy and optimize performance for you. Persistent disks are available as either standard hard disk drives (HDD) or solid-state drives (SSD).
Persistent disks are located independently from your virtual machine instances, so you can detach or move persistent disks to keep your data even after you delete your instances. Persistent disk performance scales automatically with size, so you can resize your existing persistent disks or add more persistent disks to an instance to meet your performance and storage space requirements.
Add a persistent disk to your instance when you need reliable and affordable storage with consistent performance characteristics.
To get more information about RegionDisk, see:
Warning: All arguments including
disk_encryption_key.raw_keywill be stored in the raw state as plain-text. Read more about secrets in state.
Example Usage - Region Disk Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var disk = new Gcp.Compute.Disk("disk", new Gcp.Compute.DiskArgs
{
Image = "debian-cloud/debian-9",
Size = 50,
Type = "pd-ssd",
Zone = "us-central1-a",
});
var snapdisk = new Gcp.Compute.Snapshot("snapdisk", new Gcp.Compute.SnapshotArgs
{
SourceDisk = disk.Name,
Zone = "us-central1-a",
});
var regiondisk = new Gcp.Compute.RegionDisk("regiondisk", new Gcp.Compute.RegionDiskArgs
{
Snapshot = snapdisk.Id,
Type = "pd-ssd",
Region = "us-central1",
PhysicalBlockSizeBytes = 4096,
ReplicaZones =
{
"us-central1-a",
"us-central1-f",
},
});
}
}
RegionDiskArgs
RegionDiskResourcePolicyAttachment
Adds existing resource policies to a disk. You can only add one policy which will be applied to this disk for scheduling snapshot creation.
Note: This resource does not support zonal disks (
gcp.compute.Disk). For zonal disks, please refer to thegcp.compute.DiskResourcePolicyAttachmentresource.
RegionDiskResourcePolicyAttachmentArgs
RegionDiskResourcePolicyAttachmentState
RegionDiskState
RegionHealthCheck
Health Checks determine whether instances are responsive and able to do work. They are an important part of a comprehensive load balancing configuration, as they enable monitoring instances behind load balancers.
Health Checks poll instances at a specified interval. Instances that do not respond successfully to some number of probes in a row are marked as unhealthy. No new connections are sent to unhealthy instances, though existing connections will continue. The health check will continue to poll unhealthy instances. If an instance later responds successfully to some number of consecutive probes, it is marked healthy again and can receive new connections.
To get more information about RegionHealthCheck, see:
- API documentation
- How-to Guides
- Official Documentation
Example Usage - Region Health Check Tcp
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var tcp_region_health_check = new Gcp.Compute.RegionHealthCheck("tcp-region-health-check", new Gcp.Compute.RegionHealthCheckArgs
{
CheckIntervalSec = 1,
TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs
{
Port = "80",
},
TimeoutSec = 1,
});
}
}
Example Usage - Region Health Check Tcp Full
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var tcp_region_health_check = new Gcp.Compute.RegionHealthCheck("tcp-region-health-check", new Gcp.Compute.RegionHealthCheckArgs
{
CheckIntervalSec = 1,
Description = "Health check via tcp",
HealthyThreshold = 4,
TcpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckTcpHealthCheckArgs
{
PortName = "health-check-port",
PortSpecification = "USE_NAMED_PORT",
ProxyHeader = "NONE",
Request = "ARE YOU HEALTHY?",
Response = "I AM HEALTHY",
},
TimeoutSec = 1,
UnhealthyThreshold = 5,
});
}
}
Example Usage - Region Health Check Ssl
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var ssl_region_health_check = new Gcp.Compute.RegionHealthCheck("ssl-region-health-check", new Gcp.Compute.RegionHealthCheckArgs
{
CheckIntervalSec = 1,
SslHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckSslHealthCheckArgs
{
Port = "443",
},
TimeoutSec = 1,
});
}
}
Example Usage - Region Health Check Ssl Full
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var ssl_region_health_check = new Gcp.Compute.RegionHealthCheck("ssl-region-health-check", new Gcp.Compute.RegionHealthCheckArgs
{
CheckIntervalSec = 1,
Description = "Health check via ssl",
HealthyThreshold = 4,
SslHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckSslHealthCheckArgs
{
PortName = "health-check-port",
PortSpecification = "USE_NAMED_PORT",
ProxyHeader = "NONE",
Request = "ARE YOU HEALTHY?",
Response = "I AM HEALTHY",
},
TimeoutSec = 1,
UnhealthyThreshold = 5,
});
}
}
Example Usage - Region Health Check Http
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var http_region_health_check = new Gcp.Compute.RegionHealthCheck("http-region-health-check", new Gcp.Compute.RegionHealthCheckArgs
{
CheckIntervalSec = 1,
HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
{
Port = "80",
},
TimeoutSec = 1,
});
}
}
Example Usage - Region Health Check Http Full
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var http_region_health_check = new Gcp.Compute.RegionHealthCheck("http-region-health-check", new Gcp.Compute.RegionHealthCheckArgs
{
CheckIntervalSec = 1,
Description = "Health check via http",
HealthyThreshold = 4,
HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
{
Host = "1.2.3.4",
PortName = "health-check-port",
PortSpecification = "USE_NAMED_PORT",
ProxyHeader = "NONE",
RequestPath = "/mypath",
Response = "I AM HEALTHY",
},
TimeoutSec = 1,
UnhealthyThreshold = 5,
});
}
}
Example Usage - Region Health Check Https
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var https_region_health_check = new Gcp.Compute.RegionHealthCheck("https-region-health-check", new Gcp.Compute.RegionHealthCheckArgs
{
CheckIntervalSec = 1,
HttpsHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpsHealthCheckArgs
{
Port = "443",
},
TimeoutSec = 1,
});
}
}
Example Usage - Region Health Check Https Full
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var https_region_health_check = new Gcp.Compute.RegionHealthCheck("https-region-health-check", new Gcp.Compute.RegionHealthCheckArgs
{
CheckIntervalSec = 1,
Description = "Health check via https",
HealthyThreshold = 4,
HttpsHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpsHealthCheckArgs
{
Host = "1.2.3.4",
PortName = "health-check-port",
PortSpecification = "USE_NAMED_PORT",
ProxyHeader = "NONE",
RequestPath = "/mypath",
Response = "I AM HEALTHY",
},
TimeoutSec = 1,
UnhealthyThreshold = 5,
});
}
}
Example Usage - Region Health Check Http2
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var http2_region_health_check = new Gcp.Compute.RegionHealthCheck("http2-region-health-check", new Gcp.Compute.RegionHealthCheckArgs
{
CheckIntervalSec = 1,
Http2HealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttp2HealthCheckArgs
{
Port = "443",
},
TimeoutSec = 1,
});
}
}
Example Usage - Region Health Check Http2 Full
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var http2_region_health_check = new Gcp.Compute.RegionHealthCheck("http2-region-health-check", new Gcp.Compute.RegionHealthCheckArgs
{
CheckIntervalSec = 1,
Description = "Health check via http2",
HealthyThreshold = 4,
Http2HealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttp2HealthCheckArgs
{
Host = "1.2.3.4",
PortName = "health-check-port",
PortSpecification = "USE_NAMED_PORT",
ProxyHeader = "NONE",
RequestPath = "/mypath",
Response = "I AM HEALTHY",
},
TimeoutSec = 1,
UnhealthyThreshold = 5,
});
}
}
RegionHealthCheckArgs
RegionHealthCheckState
RegionInstanceGroupManager
The Google Compute Engine Regional Instance Group Manager API creates and manages pools of homogeneous Compute Engine virtual machine instances from a common instance template. For more information, see the official documentation and API
Note: Use gcp.compute.InstanceGroupManager to create a single-zone instance group manager.
RegionInstanceGroupManagerArgs
RegionInstanceGroupManagerState
RegionPerInstanceConfig
A config defined for a single managed instance that belongs to an instance group manager. It preserves the instance name across instance group manager operations and can define stateful disks or metadata that are unique to the instance. This resource works with regional instance group managers.
To get more information about RegionPerInstanceConfig, see:
- API documentation
- How-to Guides
- Official Documentation
RegionPerInstanceConfigArgs
RegionPerInstanceConfigState
RegionSslCertificate
A RegionSslCertificate resource, used for HTTPS load balancing. This resource provides a mechanism to upload an SSL key and certificate to the load balancer to serve secure connections from the user.
To get more information about RegionSslCertificate, see:
- API documentation
- How-to Guides
- Official Documentation
Warning: All arguments including
certificateandprivate_keywill be stored in the raw state as plain-text. Read more about secrets in state.
Example Usage - Region Ssl Certificate Basic
using System.IO;
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var @default = new Gcp.Compute.RegionSslCertificate("default", new Gcp.Compute.RegionSslCertificateArgs
{
Region = "us-central1",
NamePrefix = "my-certificate-",
Description = "a description",
PrivateKey = File.ReadAllText("path/to/private.key"),
Certificate = File.ReadAllText("path/to/certificate.crt"),
});
}
}
RegionSslCertificateArgs
RegionSslCertificateState
RegionTargetHttpProxy
Represents a RegionTargetHttpProxy resource, which is used by one or more forwarding rules to route incoming HTTP requests to a URL map.
To get more information about RegionTargetHttpProxy, see:
- API documentation
- How-to Guides
- Official Documentation
RegionTargetHttpProxyArgs
RegionTargetHttpProxyState
RegionTargetHttpsProxy
Represents a RegionTargetHttpsProxy resource, which is used by one or more forwarding rules to route incoming HTTPS requests to a URL map.
To get more information about RegionTargetHttpsProxy, see:
- API documentation
- How-to Guides
- Official Documentation
RegionTargetHttpsProxyArgs
RegionTargetHttpsProxyState
RegionUrlMap
UrlMaps are used to route requests to a backend service based on rules that you define for the host and path of an incoming URL.
RegionUrlMapArgs
RegionUrlMapState
Reservation
Represents a reservation resource. A reservation ensures that capacity is held in a specific zone even if the reserved VMs are not running.
Reservations apply only to Compute Engine, Cloud Dataproc, and Google
Kubernetes Engine VM usage.Reservations do not apply to f1-micro or
g1-small machine types, preemptible VMs, sole tenant nodes, or other
services not listed above
like Cloud SQL and Dataflow.
To get more information about Reservation, see:
- API documentation
- How-to Guides
- Reserving zonal resources
Example Usage - Reservation Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var gceReservation = new Gcp.Compute.Reservation("gceReservation", new Gcp.Compute.ReservationArgs
{
SpecificReservation = new Gcp.Compute.Inputs.ReservationSpecificReservationArgs
{
Count = 1,
InstanceProperties = new Gcp.Compute.Inputs.ReservationSpecificReservationInstancePropertiesArgs
{
MachineType = "n2-standard-2",
MinCpuPlatform = "Intel Cascade Lake",
},
},
Zone = "us-central1-a",
});
}
}
ReservationArgs
ReservationState
ResourcePolicy
A policy that can be attached to a resource to specify or schedule actions on that resource.
Example Usage - Resource Policy Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var foo = new Gcp.Compute.ResourcePolicy("foo", new Gcp.Compute.ResourcePolicyArgs
{
Region = "us-central1",
SnapshotSchedulePolicy = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyArgs
{
Schedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleArgs
{
DailySchedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleDailyScheduleArgs
{
DaysInCycle = 1,
StartTime = "04:00",
},
},
},
});
}
}
Example Usage - Resource Policy Full
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var bar = new Gcp.Compute.ResourcePolicy("bar", new Gcp.Compute.ResourcePolicyArgs
{
Region = "us-central1",
SnapshotSchedulePolicy = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyArgs
{
RetentionPolicy = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyRetentionPolicyArgs
{
MaxRetentionDays = 10,
OnSourceDiskDelete = "KEEP_AUTO_SNAPSHOTS",
},
Schedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleArgs
{
HourlySchedule = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicyScheduleHourlyScheduleArgs
{
HoursInCycle = 20,
StartTime = "23:00",
},
},
SnapshotProperties = new Gcp.Compute.Inputs.ResourcePolicySnapshotSchedulePolicySnapshotPropertiesArgs
{
GuestFlush = true,
Labels =
{
{ "myLabel", "value" },
},
StorageLocations = "us",
},
},
});
}
}
Example Usage - Resource Policy Placement Policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var baz = new Gcp.Compute.ResourcePolicy("baz", new Gcp.Compute.ResourcePolicyArgs
{
GroupPlacementPolicy = new Gcp.Compute.Inputs.ResourcePolicyGroupPlacementPolicyArgs
{
Collocation = "COLLOCATED",
VmCount = 2,
},
Region = "us-central1",
});
}
}
ResourcePolicyArgs
ResourcePolicyState
Route
Represents a Route resource.
A route is a rule that specifies how certain packets should be handled by the virtual network. Routes are associated with virtual machines by tag, and the set of routes for a particular virtual machine is called its routing table. For each packet leaving a virtual machine, the system searches that virtual machine's routing table for a single best matching route.
Routes match packets by destination IP address, preferring smaller or more specific ranges over larger ones. If there is a tie, the system selects the route with the smallest priority value. If there is still a tie, it uses the layer three and four packet headers to select just one of the remaining matching routes. The packet is then forwarded as specified by the next_hop field of the winning route -- either to another virtual machine destination, a virtual machine gateway or a Compute Engine-operated gateway. Packets that do not match any route in the sending virtual machine's routing table will be dropped.
A Route resource must have exactly one specification of either nextHopGateway, nextHopInstance, nextHopIp, nextHopVpnTunnel, or nextHopIlb.
To get more information about Route, see:
- API documentation
- How-to Guides
- Using Routes
Example Usage - Route Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var defaultNetwork = new Gcp.Compute.Network("defaultNetwork", new Gcp.Compute.NetworkArgs
{
});
var defaultRoute = new Gcp.Compute.Route("defaultRoute", new Gcp.Compute.RouteArgs
{
DestRange = "15.0.0.0/24",
Network = defaultNetwork.Name,
NextHopIp = "10.132.1.5",
Priority = 100,
});
}
}
RouteArgs
Router
Represents a Router resource.
To get more information about Router, see:
- API documentation
- How-to Guides
- Google Cloud Router
Example Usage - Router Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var foobarNetwork = new Gcp.Compute.Network("foobarNetwork", new Gcp.Compute.NetworkArgs
{
AutoCreateSubnetworks = false,
});
var foobarRouter = new Gcp.Compute.Router("foobarRouter", new Gcp.Compute.RouterArgs
{
Network = foobarNetwork.Name,
Bgp = new Gcp.Compute.Inputs.RouterBgpArgs
{
Asn = 64514,
AdvertiseMode = "CUSTOM",
AdvertisedGroups =
{
"ALL_SUBNETS",
},
Advertised_ip_ranges =
{
{
{ "range", "1.2.3.4" },
},
{
{ "range", "6.7.0.0/16" },
},
},
},
});
}
}
RouterArgs
RouterInterface
Manages a Cloud Router interface. For more information see the official documentation and API.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var foobar = new Gcp.Compute.RouterInterface("foobar", new Gcp.Compute.RouterInterfaceArgs
{
IpRange = "169.254.1.1/30",
Region = "us-central1",
Router = "router-1",
VpnTunnel = "tunnel-1",
});
}
}
RouterInterfaceArgs
RouterInterfaceState
RouterNat
A NAT service created in a router.
To get more information about RouterNat, see:
- API documentation
- How-to Guides
- Google Cloud Router
RouterNatArgs
RouterNatState
RouterPeer
BGP information that must be configured into the routing stack to establish BGP peering. This information must specify the peer ASN and either the interface name, IP address, or peer IP address. Please refer to RFC4273.
To get more information about RouterBgpPeer, see:
- API documentation
- How-to Guides
- Google Cloud Router
Example Usage - Router Peer Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var peer = new Gcp.Compute.RouterPeer("peer", new Gcp.Compute.RouterPeerArgs
{
AdvertisedRoutePriority = 100,
Interface = "interface-1",
PeerAsn = 65513,
PeerIpAddress = "169.254.1.2",
Region = "us-central1",
Router = "my-router",
});
}
}
RouterPeerArgs
RouterPeerState
RouterState
RouteState
SecurityPolicy
A Security Policy defines an IP blacklist or whitelist that protects load balanced Google Cloud services by denying or permitting traffic from specified IP ranges. For more information see the official documentation and the API.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var policy = new Gcp.Compute.SecurityPolicy("policy", new Gcp.Compute.SecurityPolicyArgs
{
Rules =
{
new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
{
Action = "deny(403)",
Description = "Deny access to IPs in 9.9.9.0/24",
Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
{
Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
{
SrcIpRanges =
{
"9.9.9.0/24",
},
},
VersionedExpr = "SRC_IPS_V1",
},
Priority = "1000",
},
new Gcp.Compute.Inputs.SecurityPolicyRuleArgs
{
Action = "allow",
Description = "default rule",
Match = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchArgs
{
Config = new Gcp.Compute.Inputs.SecurityPolicyRuleMatchConfigArgs
{
SrcIpRanges =
{
"*",
},
},
VersionedExpr = "SRC_IPS_V1",
},
Priority = "2147483647",
},
},
});
}
}
SecurityPolicyArgs
SecurityPolicyState
SecurityScanConfig
A ScanConfig resource contains the configurations to launch a scan.
To get more information about ScanConfig, see:
- API documentation
- How-to Guides
- Using Cloud Security Scanner
Warning: All arguments including
authentication.google_account.passwordandauthentication.custom_account.passwordwill be stored in the raw state as plain-text.Read more about secrets in state
Example Usage - Scan Config Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var scannerStaticIp = new Gcp.Compute.Address("scannerStaticIp", new Gcp.Compute.AddressArgs
{
});
var scan_config = new Gcp.Compute.SecurityScanConfig("scan-config", new Gcp.Compute.SecurityScanConfigArgs
{
DisplayName = "scan-config",
StartingUrls =
{
scannerStaticIp.IPAddress.Apply(address => $"http://{address}"),
},
TargetPlatforms =
{
"COMPUTE",
},
});
}
}
SecurityScanConfigArgs
SecurityScanConfigState
SharedVPCHostProject
Enables the Google Compute Engine Shared VPC feature for a project, assigning it as a Shared VPC host project.
For more information, see, the Project API documentation, where the Shared VPC feature is referred to by its former name "XPN".
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
// A host project provides network resources to associated service projects.
var host = new Gcp.Compute.SharedVPCHostProject("host", new Gcp.Compute.SharedVPCHostProjectArgs
{
Project = "host-project-id",
});
// A service project gains access to network resources provided by its
// associated host project.
var service1 = new Gcp.Compute.SharedVPCServiceProject("service1", new Gcp.Compute.SharedVPCServiceProjectArgs
{
HostProject = host.Project,
ServiceProject = "service-project-id-1",
});
var service2 = new Gcp.Compute.SharedVPCServiceProject("service2", new Gcp.Compute.SharedVPCServiceProjectArgs
{
HostProject = host.Project,
ServiceProject = "service-project-id-2",
});
}
}
SharedVPCHostProjectArgs
SharedVPCHostProjectState
SharedVPCServiceProject
Enables the Google Compute Engine Shared VPC feature for a project, assigning it as a Shared VPC service project associated with a given host project.
For more information, see, the Project API documentation, where the Shared VPC feature is referred to by its former name "XPN".
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var service1 = new Gcp.Compute.SharedVPCServiceProject("service1", new Gcp.Compute.SharedVPCServiceProjectArgs
{
HostProject = "host-project-id",
ServiceProject = "service-project-id-1",
});
}
}
SharedVPCServiceProjectArgs
SharedVPCServiceProjectState
Snapshot
Represents a Persistent Disk Snapshot resource.
Use snapshots to back up data from your persistent disks. Snapshots are different from public images and custom images, which are used primarily to create instances or configure instance templates. Snapshots are useful for periodic backup of the data on your persistent disks. You can create snapshots from persistent disks even while they are attached to running instances.
Snapshots are incremental, so you can create regular snapshots on a persistent disk faster and at a much lower cost than if you regularly created a full image of the disk.
To get more information about Snapshot, see:
- API documentation
- How-to Guides
- Official Documentation
Warning: All arguments including
snapshot_encryption_key.raw_keyandsource_disk_encryption_key.raw_keywill be stored in the raw state as plain-text. Read more about secrets in state.
Example Usage - Snapshot Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var debian = Output.Create(Gcp.Compute.GetImage.InvokeAsync(new Gcp.Compute.GetImageArgs
{
Family = "debian-9",
Project = "debian-cloud",
}));
var persistent = new Gcp.Compute.Disk("persistent", new Gcp.Compute.DiskArgs
{
Image = debian.Apply(debian => debian.SelfLink),
Size = 10,
Type = "pd-ssd",
Zone = "us-central1-a",
});
var snapshot = new Gcp.Compute.Snapshot("snapshot", new Gcp.Compute.SnapshotArgs
{
SourceDisk = persistent.Name,
Zone = "us-central1-a",
Labels =
{
{ "my_label", "value" },
},
});
}
}
SnapshotArgs
SnapshotState
SSLCertificate
An SslCertificate resource, used for HTTPS load balancing. This resource provides a mechanism to upload an SSL key and certificate to the load balancer to serve secure connections from the user.
To get more information about SslCertificate, see:
- API documentation
- How-to Guides
- Official Documentation
Warning: All arguments including
certificateandprivate_keywill be stored in the raw state as plain-text. Read more about secrets in state.
Example Usage - Ssl Certificate Basic
using System.IO;
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var @default = new Gcp.Compute.SSLCertificate("default", new Gcp.Compute.SSLCertificateArgs
{
NamePrefix = "my-certificate-",
Description = "a description",
PrivateKey = File.ReadAllText("path/to/private.key"),
Certificate = File.ReadAllText("path/to/certificate.crt"),
});
}
}
SSLCertificateArgs
SSLCertificateState
SSLPolicy
Represents a SSL policy. SSL policies give you the ability to control the features of SSL that your SSL proxy or HTTPS load balancer negotiates.
To get more information about SslPolicy, see:
- API documentation
- How-to Guides
- Using SSL Policies
Example Usage - Ssl Policy Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var prod_ssl_policy = new Gcp.Compute.SSLPolicy("prod-ssl-policy", new Gcp.Compute.SSLPolicyArgs
{
Profile = "MODERN",
});
var nonprod_ssl_policy = new Gcp.Compute.SSLPolicy("nonprod-ssl-policy", new Gcp.Compute.SSLPolicyArgs
{
MinTlsVersion = "TLS_1_2",
Profile = "MODERN",
});
var custom_ssl_policy = new Gcp.Compute.SSLPolicy("custom-ssl-policy", new Gcp.Compute.SSLPolicyArgs
{
CustomFeatures =
{
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
},
MinTlsVersion = "TLS_1_2",
Profile = "CUSTOM",
});
}
}
SSLPolicyArgs
SSLPolicyState
Subnetwork
A VPC network is a virtual version of the traditional physical networks that exist within and between physical data centers. A VPC network provides connectivity for your Compute Engine virtual machine (VM) instances, Container Engine containers, App Engine Flex services, and other network-related resources.
Each GCP project contains one or more VPC networks. Each VPC network is a global entity spanning all GCP regions. This global VPC network allows VM instances and other resources to communicate with each other via internal, private IP addresses.
Each VPC network is subdivided into subnets, and each subnet is contained within a single region. You can have more than one subnet in a region for a given VPC network. Each subnet has a contiguous private RFC1918 IP space. You create instances, containers, and the like in these subnets. When you create an instance, you must create it in a subnet, and the instance draws its internal IP address from that subnet.
Virtual machine (VM) instances in a VPC network can communicate with instances in all other subnets of the same VPC network, regardless of region, using their RFC1918 private IP addresses. You can isolate portions of the network, even entire subnets, using firewall rules.
To get more information about Subnetwork, see:
- API documentation
- How-to Guides
- Private Google Access
- Cloud Networking
Example Usage - Subnetwork Internal L7lb
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var custom_test = new Gcp.Compute.Network("custom-test", new Gcp.Compute.NetworkArgs
{
AutoCreateSubnetworks = false,
});
var network_for_l7lb = new Gcp.Compute.Subnetwork("network-for-l7lb", new Gcp.Compute.SubnetworkArgs
{
IpCidrRange = "10.0.0.0/22",
Region = "us-central1",
Purpose = "INTERNAL_HTTPS_LOAD_BALANCER",
Role = "ACTIVE",
Network = custom_test.Id,
});
}
}
SubnetworkArgs
SubnetworkIAMBinding
Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:
gcp.compute.SubnetworkIAMPolicy: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.gcp.compute.SubnetworkIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.gcp.compute.SubnetworkIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.
Note:
gcp.compute.SubnetworkIAMPolicycannot be used in conjunction withgcp.compute.SubnetworkIAMBindingandgcp.compute.SubnetworkIAMMemberor they will fight over what your policy should be.
Note:
gcp.compute.SubnetworkIAMBindingresources can be used in conjunction withgcp.compute.SubnetworkIAMMemberresources only if they do not grant privilege to the same role.
google_compute_subnetwork_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/compute.networkUser" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Compute.SubnetworkIAMPolicy("policy", new Gcp.Compute.SubnetworkIAMPolicyArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/compute.networkUser" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Compute.SubnetworkIAMPolicy("policy", new Gcp.Compute.SubnetworkIAMPolicyArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_compute_subnetwork_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Compute.SubnetworkIAMBinding("binding", new Gcp.Compute.SubnetworkIAMBindingArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
Role = "roles/compute.networkUser",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Compute.SubnetworkIAMBinding("binding", new Gcp.Compute.SubnetworkIAMBindingArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
Role = "roles/compute.networkUser",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_compute_subnetwork_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Compute.SubnetworkIAMMember("member", new Gcp.Compute.SubnetworkIAMMemberArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
Role = "roles/compute.networkUser",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Compute.SubnetworkIAMMember("member", new Gcp.Compute.SubnetworkIAMMemberArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
Role = "roles/compute.networkUser",
Member = "user:jane@example.com",
Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
SubnetworkIAMBindingArgs
SubnetworkIAMBindingState
SubnetworkIAMMember
Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:
gcp.compute.SubnetworkIAMPolicy: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.gcp.compute.SubnetworkIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.gcp.compute.SubnetworkIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.
Note:
gcp.compute.SubnetworkIAMPolicycannot be used in conjunction withgcp.compute.SubnetworkIAMBindingandgcp.compute.SubnetworkIAMMemberor they will fight over what your policy should be.
Note:
gcp.compute.SubnetworkIAMBindingresources can be used in conjunction withgcp.compute.SubnetworkIAMMemberresources only if they do not grant privilege to the same role.
google_compute_subnetwork_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/compute.networkUser" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Compute.SubnetworkIAMPolicy("policy", new Gcp.Compute.SubnetworkIAMPolicyArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/compute.networkUser" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Compute.SubnetworkIAMPolicy("policy", new Gcp.Compute.SubnetworkIAMPolicyArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_compute_subnetwork_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Compute.SubnetworkIAMBinding("binding", new Gcp.Compute.SubnetworkIAMBindingArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
Role = "roles/compute.networkUser",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Compute.SubnetworkIAMBinding("binding", new Gcp.Compute.SubnetworkIAMBindingArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
Role = "roles/compute.networkUser",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_compute_subnetwork_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Compute.SubnetworkIAMMember("member", new Gcp.Compute.SubnetworkIAMMemberArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
Role = "roles/compute.networkUser",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Compute.SubnetworkIAMMember("member", new Gcp.Compute.SubnetworkIAMMemberArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
Role = "roles/compute.networkUser",
Member = "user:jane@example.com",
Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
SubnetworkIAMMemberArgs
SubnetworkIAMMemberState
SubnetworkIAMPolicy
Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:
gcp.compute.SubnetworkIAMPolicy: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.gcp.compute.SubnetworkIAMBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.gcp.compute.SubnetworkIAMMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.
Note:
gcp.compute.SubnetworkIAMPolicycannot be used in conjunction withgcp.compute.SubnetworkIAMBindingandgcp.compute.SubnetworkIAMMemberor they will fight over what your policy should be.
Note:
gcp.compute.SubnetworkIAMBindingresources can be used in conjunction withgcp.compute.SubnetworkIAMMemberresources only if they do not grant privilege to the same role.
google_compute_subnetwork_iam_policy
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/compute.networkUser" },
{ "members",
{
"user:jane@example.com",
} },
},
},
}));
var policy = new Gcp.Compute.SubnetworkIAMPolicy("policy", new Gcp.Compute.SubnetworkIAMPolicyArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
{
Binding =
{
{
{ "role", "roles/compute.networkUser" },
{ "members",
{
"user:jane@example.com",
} },
{ "condition",
{
{ "title", "expires_after_2019_12_31" },
{ "description", "Expiring at midnight of 2019-12-31" },
{ "expression", "request.time < timestamp(\"2020-01-01T00:00:00Z\")" },
} },
},
},
}));
var policy = new Gcp.Compute.SubnetworkIAMPolicy("policy", new Gcp.Compute.SubnetworkIAMPolicyArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
PolicyData = admin.Apply(admin => admin.PolicyData),
});
}
}
google_compute_subnetwork_iam_binding
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Compute.SubnetworkIAMBinding("binding", new Gcp.Compute.SubnetworkIAMBindingArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
Role = "roles/compute.networkUser",
Members =
{
"user:jane@example.com",
},
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var binding = new Gcp.Compute.SubnetworkIAMBinding("binding", new Gcp.Compute.SubnetworkIAMBindingArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
Role = "roles/compute.networkUser",
Members =
{
"user:jane@example.com",
},
Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
google_compute_subnetwork_iam_member
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Compute.SubnetworkIAMMember("member", new Gcp.Compute.SubnetworkIAMMemberArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
Role = "roles/compute.networkUser",
Member = "user:jane@example.com",
});
}
}
With IAM Conditions:
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var member = new Gcp.Compute.SubnetworkIAMMember("member", new Gcp.Compute.SubnetworkIAMMemberArgs
{
Project = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Project,
Region = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Region,
Subnetwork = google_compute_subnetwork.Network_with_private_secondary_ip_ranges.Name,
Role = "roles/compute.networkUser",
Member = "user:jane@example.com",
Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs
{
Title = "expires_after_2019_12_31",
Description = "Expiring at midnight of 2019-12-31",
Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")",
},
});
}
}
SubnetworkIAMPolicyArgs
SubnetworkIAMPolicyState
SubnetworkState
TargetHttpProxy
Represents a TargetHttpProxy resource, which is used by one or more global forwarding rule to route incoming HTTP requests to a URL map.
To get more information about TargetHttpProxy, see:
- API documentation
- How-to Guides
- Official Documentation
TargetHttpProxyArgs
TargetHttpProxyState
TargetHttpsProxy
Represents a TargetHttpsProxy resource, which is used by one or more global forwarding rule to route incoming HTTPS requests to a URL map.
To get more information about TargetHttpsProxy, see:
- API documentation
- How-to Guides
- Official Documentation
TargetHttpsProxyArgs
TargetHttpsProxyState
TargetInstance
Represents a TargetInstance resource which defines an endpoint instance that terminates traffic of certain protocols. In particular, they are used in Protocol Forwarding, where forwarding rules can send packets to a non-NAT'ed target instance. Each target instance contains a single virtual machine instance that receives and handles traffic from the corresponding forwarding rules.
To get more information about TargetInstance, see:
- API documentation
- How-to Guides
- Using Protocol Forwarding
TargetInstanceArgs
TargetInstanceState
TargetPool
Manages a Target Pool within GCE. This is a collection of instances used as target of a network load balancer (Forwarding Rule). For more information see the official documentation and API.
Example Usage
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("defaultHttpHealthCheck", new Gcp.Compute.HttpHealthCheckArgs
{
RequestPath = "/",
CheckIntervalSec = 1,
TimeoutSec = 1,
});
var defaultTargetPool = new Gcp.Compute.TargetPool("defaultTargetPool", new Gcp.Compute.TargetPoolArgs
{
Instances =
{
"us-central1-a/myinstance1",
"us-central1-b/myinstance2",
},
HealthChecks =
{
defaultHttpHealthCheck.Name,
},
});
}
}
TargetPoolArgs
TargetPoolState
TargetSSLProxy
Represents a TargetSslProxy resource, which is used by one or more global forwarding rule to route incoming SSL requests to a backend service.
To get more information about TargetSslProxy, see:
TargetSSLProxyArgs
TargetSSLProxyState
TargetTCPProxy
Represents a TargetTcpProxy resource, which is used by one or more global forwarding rule to route incoming TCP requests to a Backend service.
To get more information about TargetTcpProxy, see:
TargetTCPProxyArgs
TargetTCPProxyState
URLMap
UrlMaps are used to route requests to a backend service based on rules that you define for the host and path of an incoming URL.
To get more information about UrlMap, see:
URLMapArgs
URLMapState
VPNGateway
Represents a VPN gateway running in GCP. This virtual device is managed by Google, but used only by you.
To get more information about VpnGateway, see:
Example Usage - Target Vpn Gateway Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var network1 = new Gcp.Compute.Network("network1", new Gcp.Compute.NetworkArgs
{
});
var targetGateway = new Gcp.Compute.VPNGateway("targetGateway", new Gcp.Compute.VPNGatewayArgs
{
Network = network1.Id,
});
var vpnStaticIp = new Gcp.Compute.Address("vpnStaticIp", new Gcp.Compute.AddressArgs
{
});
var frEsp = new Gcp.Compute.ForwardingRule("frEsp", new Gcp.Compute.ForwardingRuleArgs
{
IpProtocol = "ESP",
IpAddress = vpnStaticIp.IPAddress,
Target = targetGateway.Id,
});
var frUdp500 = new Gcp.Compute.ForwardingRule("frUdp500", new Gcp.Compute.ForwardingRuleArgs
{
IpProtocol = "UDP",
PortRange = "500",
IpAddress = vpnStaticIp.IPAddress,
Target = targetGateway.Id,
});
var frUdp4500 = new Gcp.Compute.ForwardingRule("frUdp4500", new Gcp.Compute.ForwardingRuleArgs
{
IpProtocol = "UDP",
PortRange = "4500",
IpAddress = vpnStaticIp.IPAddress,
Target = targetGateway.Id,
});
var tunnel1 = new Gcp.Compute.VPNTunnel("tunnel1", new Gcp.Compute.VPNTunnelArgs
{
PeerIp = "15.0.0.120",
SharedSecret = "a secret message",
TargetVpnGateway = targetGateway.Id,
});
var route1 = new Gcp.Compute.Route("route1", new Gcp.Compute.RouteArgs
{
Network = network1.Name,
DestRange = "15.0.0.0/24",
Priority = 1000,
NextHopVpnTunnel = tunnel1.Id,
});
}
}
VPNGatewayArgs
VPNGatewayState
VPNTunnel
VPN tunnel resource.
To get more information about VpnTunnel, see:
- API documentation
- How-to Guides
- Cloud VPN Overview
- Networks and Tunnel Routing
Warning: All arguments including
shared_secretwill be stored in the raw state as plain-text.
Example Usage - Vpn Tunnel Basic
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var network1 = new Gcp.Compute.Network("network1", new Gcp.Compute.NetworkArgs
{
});
var targetGateway = new Gcp.Compute.VPNGateway("targetGateway", new Gcp.Compute.VPNGatewayArgs
{
Network = network1.Id,
});
var vpnStaticIp = new Gcp.Compute.Address("vpnStaticIp", new Gcp.Compute.AddressArgs
{
});
var frEsp = new Gcp.Compute.ForwardingRule("frEsp", new Gcp.Compute.ForwardingRuleArgs
{
IpProtocol = "ESP",
IpAddress = vpnStaticIp.IPAddress,
Target = targetGateway.Id,
});
var frUdp500 = new Gcp.Compute.ForwardingRule("frUdp500", new Gcp.Compute.ForwardingRuleArgs
{
IpProtocol = "UDP",
PortRange = "500",
IpAddress = vpnStaticIp.IPAddress,
Target = targetGateway.Id,
});
var frUdp4500 = new Gcp.Compute.ForwardingRule("frUdp4500", new Gcp.Compute.ForwardingRuleArgs
{
IpProtocol = "UDP",
PortRange = "4500",
IpAddress = vpnStaticIp.IPAddress,
Target = targetGateway.Id,
});
var tunnel1 = new Gcp.Compute.VPNTunnel("tunnel1", new Gcp.Compute.VPNTunnelArgs
{
PeerIp = "15.0.0.120",
SharedSecret = "a secret message",
TargetVpnGateway = targetGateway.Id,
});
var route1 = new Gcp.Compute.Route("route1", new Gcp.Compute.RouteArgs
{
Network = network1.Name,
DestRange = "15.0.0.0/24",
Priority = 1000,
NextHopVpnTunnel = tunnel1.Id,
});
}
}
Example Usage - Vpn Tunnel Beta
using Pulumi;
using Gcp = Pulumi.Gcp;
class MyStack : Stack
{
public MyStack()
{
var network1 = new Gcp.Compute.Network("network1", new Gcp.Compute.NetworkArgs
{
});
var targetGateway = new Gcp.Compute.VPNGateway("targetGateway", new Gcp.Compute.VPNGatewayArgs
{
Network = network1.Id,
});
var vpnStaticIp = new Gcp.Compute.Address("vpnStaticIp", new Gcp.Compute.AddressArgs
{
});
var frEsp = new Gcp.Compute.ForwardingRule("frEsp", new Gcp.Compute.ForwardingRuleArgs
{
IpProtocol = "ESP",
IpAddress = vpnStaticIp.IPAddress,
Target = targetGateway.Id,
});
var frUdp500 = new Gcp.Compute.ForwardingRule("frUdp500", new Gcp.Compute.ForwardingRuleArgs
{
IpProtocol = "UDP",
PortRange = "500",
IpAddress = vpnStaticIp.IPAddress,
Target = targetGateway.Id,
});
var frUdp4500 = new Gcp.Compute.ForwardingRule("frUdp4500", new Gcp.Compute.ForwardingRuleArgs
{
IpProtocol = "UDP",
PortRange = "4500",
IpAddress = vpnStaticIp.IPAddress,
Target = targetGateway.Id,
});
var tunnel1 = new Gcp.Compute.VPNTunnel("tunnel1", new Gcp.Compute.VPNTunnelArgs
{
PeerIp = "15.0.0.120",
SharedSecret = "a secret message",
TargetVpnGateway = targetGateway.Id,
Labels =
{
{ "foo", "bar" },
},
});
var route1 = new Gcp.Compute.Route("route1", new Gcp.Compute.RouteArgs
{
Network = network1.Name,
DestRange = "15.0.0.0/24",
Priority = 1000,
NextHopVpnTunnel = tunnel1.Id,
});
}
}