@pulumi/gcp
Version:
A Pulumi package for creating and managing Google Cloud Platform resources.
720 lines • 32.4 kB
TypeScript
import * as pulumi from "@pulumi/pulumi";
import * as inputs from "../types/input";
import * as outputs from "../types/output";
/**
* A NAT service created in a router.
*
* > **Note:** Recreating a `gcp.compute.Address` that is being used by `gcp.compute.RouterNat` will give a `resourceInUseByAnotherResource` error.
* Use `lifecycle.create_before_destroy` on this address resource to avoid this type of error as shown in the Manual Ips example.
*
* To get more information about RouterNat, see:
*
* * [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/routers)
* * How-to Guides
* * [Google Cloud Router](https://cloud.google.com/router/docs/)
*
* ## Example Usage
*
* ### Router Nat Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const net = new gcp.compute.Network("net", {name: "my-network"});
* const subnet = new gcp.compute.Subnetwork("subnet", {
* name: "my-subnetwork",
* network: net.id,
* ipCidrRange: "10.0.0.0/16",
* region: "us-central1",
* });
* const router = new gcp.compute.Router("router", {
* name: "my-router",
* region: subnet.region,
* network: net.id,
* bgp: {
* asn: 64514,
* },
* });
* const nat = new gcp.compute.RouterNat("nat", {
* name: "my-router-nat",
* router: router.name,
* region: router.region,
* natIpAllocateOption: "AUTO_ONLY",
* sourceSubnetworkIpRangesToNat: "ALL_SUBNETWORKS_ALL_IP_RANGES",
* logConfig: {
* enable: true,
* filter: "ERRORS_ONLY",
* },
* });
* ```
* ### Router Nat Rules
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const net = new gcp.compute.Network("net", {
* name: "my-network",
* autoCreateSubnetworks: false,
* });
* const subnet = new gcp.compute.Subnetwork("subnet", {
* name: "my-subnetwork",
* network: net.id,
* ipCidrRange: "10.0.0.0/16",
* region: "us-central1",
* });
* const router = new gcp.compute.Router("router", {
* name: "my-router",
* region: subnet.region,
* network: net.id,
* });
* const addr1 = new gcp.compute.Address("addr1", {
* name: "nat-address1",
* region: subnet.region,
* });
* const addr2 = new gcp.compute.Address("addr2", {
* name: "nat-address2",
* region: subnet.region,
* });
* const addr3 = new gcp.compute.Address("addr3", {
* name: "nat-address3",
* region: subnet.region,
* });
* const natRules = new gcp.compute.RouterNat("nat_rules", {
* name: "my-router-nat",
* router: router.name,
* region: router.region,
* natIpAllocateOption: "MANUAL_ONLY",
* natIps: [addr1.selfLink],
* sourceSubnetworkIpRangesToNat: "LIST_OF_SUBNETWORKS",
* subnetworks: [{
* name: subnet.id,
* sourceIpRangesToNats: ["ALL_IP_RANGES"],
* }],
* rules: [{
* ruleNumber: 100,
* description: "nat rules example",
* match: "inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')",
* action: {
* sourceNatActiveIps: [
* addr2.selfLink,
* addr3.selfLink,
* ],
* },
* }],
* enableEndpointIndependentMapping: false,
* });
* ```
* ### Router Nat Private
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
*
* const net = new gcp.compute.Network("net", {name: "my-network"});
* const subnet = new gcp.compute.Subnetwork("subnet", {
* name: "my-subnetwork",
* network: net.id,
* ipCidrRange: "10.0.0.0/16",
* region: "us-central1",
* purpose: "PRIVATE_NAT",
* });
* const router = new gcp.compute.Router("router", {
* name: "my-router",
* region: subnet.region,
* network: net.id,
* });
* const hub = new gcp.networkconnectivity.Hub("hub", {
* name: "my-hub",
* description: "vpc hub for inter vpc nat",
* });
* const spoke = new gcp.networkconnectivity.Spoke("spoke", {
* name: "my-spoke",
* location: "global",
* description: "vpc spoke for inter vpc nat",
* hub: hub.id,
* linkedVpcNetwork: {
* excludeExportRanges: [
* "198.51.100.0/24",
* "10.10.0.0/16",
* ],
* uri: net.selfLink,
* },
* });
* const natType = new gcp.compute.RouterNat("nat_type", {
* name: "my-router-nat",
* router: router.name,
* region: router.region,
* sourceSubnetworkIpRangesToNat: "LIST_OF_SUBNETWORKS",
* enableDynamicPortAllocation: false,
* enableEndpointIndependentMapping: false,
* minPortsPerVm: 32,
* type: "PRIVATE",
* subnetworks: [{
* name: subnet.id,
* sourceIpRangesToNats: ["ALL_IP_RANGES"],
* }],
* rules: [{
* ruleNumber: 100,
* description: "rule for private nat",
* match: "nexthop.hub == \"//networkconnectivity.googleapis.com/projects/acm-test-proj-123/locations/global/hubs/my-hub\"",
* action: {
* sourceNatActiveRanges: [subnet.selfLink],
* },
* }],
* });
* ```
*
* ## Import
*
* RouterNat can be imported using any of these accepted formats:
*
* * `projects/{{project}}/regions/{{region}}/routers/{{router}}/{{name}}`
* * `{{project}}/{{region}}/{{router}}/{{name}}`
* * `{{region}}/{{router}}/{{name}}`
* * `{{router}}/{{name}}`
*
* When using the `pulumi import` command, RouterNat can be imported using one of the formats above. For example:
*
* ```sh
* $ pulumi import gcp:compute/routerNat:RouterNat default projects/{{project}}/regions/{{region}}/routers/{{router}}/{{name}}
* $ pulumi import gcp:compute/routerNat:RouterNat default {{project}}/{{region}}/{{router}}/{{name}}
* $ pulumi import gcp:compute/routerNat:RouterNat default {{region}}/{{router}}/{{name}}
* $ pulumi import gcp:compute/routerNat:RouterNat default {{router}}/{{name}}
* ```
*/
export declare class RouterNat extends pulumi.CustomResource {
/**
* Get an existing RouterNat resource's state with the given name, ID, and optional extra
* properties used to qualify the lookup.
*
* @param name The _unique_ name of the resulting resource.
* @param id The _unique_ provider ID of the resource to lookup.
* @param state Any extra arguments used during the lookup.
* @param opts Optional settings to control the behavior of the CustomResource.
*/
static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RouterNatState, opts?: pulumi.CustomResourceOptions): RouterNat;
/**
* Returns true if the given object is an instance of RouterNat. This is designed to work even
* when multiple copies of the Pulumi SDK have been loaded into the same process.
*/
static isInstance(obj: any): obj is RouterNat;
/**
* The network tier to use when automatically reserving NAT IP addresses.
* Must be one of: PREMIUM, STANDARD. If not specified, then the current
* project-level default tier is used.
* Possible values are: `PREMIUM`, `STANDARD`.
*/
readonly autoNetworkTier: pulumi.Output<string>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
readonly deletionPolicy: pulumi.Output<string>;
/**
* A list of URLs of the IP resources to be drained. These IPs must be
* valid static external IPs that have been assigned to the NAT.
*/
readonly drainNatIps: pulumi.Output<string[]>;
/**
* Enable Dynamic Port Allocation.
* If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.
* If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.
* If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.
* If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.
* Mutually exclusive with enableEndpointIndependentMapping.
*/
readonly enableDynamicPortAllocation: pulumi.Output<boolean>;
/**
* Enable endpoint independent mapping.
* For more information see the [official documentation](https://docs.cloud.google.com/nat/docs/public-nat#specs-rfcs).
*/
readonly enableEndpointIndependentMapping: pulumi.Output<boolean>;
/**
* Specifies the endpoint Types supported by the NAT Gateway.
* Supported values include:
* `ENDPOINT_TYPE_VM`, `ENDPOINT_TYPE_SWG`,
* `ENDPOINT_TYPE_MANAGED_PROXY_LB`.
*/
readonly endpointTypes: pulumi.Output<string[]>;
/**
* Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
*/
readonly icmpIdleTimeoutSec: pulumi.Output<number | undefined>;
/**
* Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource.
* Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
*/
readonly initialNatIps: pulumi.Output<string[] | undefined>;
/**
* Configuration for logging on NAT
* Structure is documented below.
*/
readonly logConfig: pulumi.Output<outputs.compute.RouterNatLogConfig | undefined>;
/**
* Maximum number of ports allocated to a VM from this NAT.
* This field can only be set when enableDynamicPortAllocation is enabled.
*/
readonly maxPortsPerVm: pulumi.Output<number | undefined>;
/**
* Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
*/
readonly minPortsPerVm: pulumi.Output<number>;
/**
* Name of the NAT service. The name must be 1-63 characters long and
* comply with RFC1035.
*/
readonly name: pulumi.Output<string>;
/**
* One or more subnetwork NAT configurations whose traffic should be translated by NAT64 Gateway.
* Only used if `sourceSubnetworkIpRangesToNat64` is set to `LIST_OF_IPV6_SUBNETWORKS`
* Structure is documented below.
*/
readonly nat64Subnetworks: pulumi.Output<outputs.compute.RouterNatNat64Subnetwork[] | undefined>;
/**
* How external IPs should be allocated for this NAT. Valid values are
* `AUTO_ONLY` for only allowing NAT IPs allocated by Google Cloud
* Platform, or `MANUAL_ONLY` for only user-allocated NAT IP addresses.
* Possible values are: `MANUAL_ONLY`, `AUTO_ONLY`.
*/
readonly natIpAllocateOption: pulumi.Output<string | undefined>;
/**
* Self-links of NAT IPs. Only valid if natIpAllocateOption
* is set to MANUAL_ONLY.
* If this field is used alongside with a count created list of address resources `google_compute_address.foobar.*.self_link`,
* the access level resource for the address resource must have a `lifecycle` block with `createBeforeDestroy = true` so
* the number of resources can be increased/decreased without triggering the `resourceInUseByAnotherResource` error.
*/
readonly natIps: pulumi.Output<string[]>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
readonly project: pulumi.Output<string>;
/**
* Region where the router and NAT reside.
*/
readonly region: pulumi.Output<string>;
/**
* The name of the Cloud Router in which this NAT will be configured.
*/
readonly router: pulumi.Output<string>;
/**
* A list of rules associated with this NAT.
* Structure is documented below.
*/
readonly rules: pulumi.Output<outputs.compute.RouterNatRule[] | undefined>;
/**
* How NAT should be configured per Subnetwork.
* If `ALL_SUBNETWORKS_ALL_IP_RANGES`, all of the
* IP ranges in every Subnetwork are allowed to Nat.
* If `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, all of the primary IP
* ranges in every Subnetwork are allowed to Nat.
* `LIST_OF_SUBNETWORKS`: A list of Subnetworks are allowed to Nat
* (specified in the field subnetwork below). Note that if this field
* contains ALL_SUBNETWORKS_ALL_IP_RANGES or
* ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any
* other RouterNat section in any Router for this network in this region.
* Possible values are: `ALL_SUBNETWORKS_ALL_IP_RANGES`, `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, `LIST_OF_SUBNETWORKS`.
*/
readonly sourceSubnetworkIpRangesToNat: pulumi.Output<string>;
/**
* Specify the Nat option for NAT64, which can take one of the following values:
* ALL_IPV6_SUBNETWORKS: All of the IP ranges in every Subnetwork are allowed to Nat.
* LIST_OF_IPV6_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field nat64Subnetwork below).
* Note that if this field contains NAT64_ALL_V6_SUBNETWORKS no other Router.Nat section in this region can also enable NAT64 for any Subnetworks in this network.
* Other Router.Nat sections can still be present to enable NAT44 only.
* Possible values are: `ALL_IPV6_SUBNETWORKS`, `LIST_OF_IPV6_SUBNETWORKS`.
*/
readonly sourceSubnetworkIpRangesToNat64: pulumi.Output<string | undefined>;
/**
* One or more subnetwork NAT configurations. Only used if
* `sourceSubnetworkIpRangesToNat` is set to `LIST_OF_SUBNETWORKS`
* Structure is documented below.
*/
readonly subnetworks: pulumi.Output<outputs.compute.RouterNatSubnetwork[] | undefined>;
/**
* Timeout (in seconds) for TCP established connections.
* Defaults to 1200s if not set.
*/
readonly tcpEstablishedIdleTimeoutSec: pulumi.Output<number | undefined>;
/**
* Timeout (in seconds) for TCP connections that are in TIME_WAIT state.
* Defaults to 120s if not set.
*/
readonly tcpTimeWaitTimeoutSec: pulumi.Output<number | undefined>;
/**
* Timeout (in seconds) for TCP transitory connections.
* Defaults to 30s if not set.
*/
readonly tcpTransitoryIdleTimeoutSec: pulumi.Output<number | undefined>;
/**
* Indicates whether this NAT is used for public or private IP translation.
* If unspecified, it defaults to PUBLIC.
* If `PUBLIC` NAT used for public IP translation.
* If `PRIVATE` NAT used for private IP translation.
* Default value is `PUBLIC`.
* Possible values are: `PUBLIC`, `PRIVATE`.
*/
readonly type: pulumi.Output<string | undefined>;
/**
* Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
*/
readonly udpIdleTimeoutSec: pulumi.Output<number | undefined>;
/**
* Create a RouterNat resource with the given unique name, arguments, and options.
*
* @param name The _unique_ name of the resource.
* @param args The arguments to use to populate this resource's properties.
* @param opts A bag of options that control this resource's behavior.
*/
constructor(name: string, args: RouterNatArgs, opts?: pulumi.CustomResourceOptions);
}
/**
* Input properties used for looking up and filtering RouterNat resources.
*/
export interface RouterNatState {
/**
* The network tier to use when automatically reserving NAT IP addresses.
* Must be one of: PREMIUM, STANDARD. If not specified, then the current
* project-level default tier is used.
* Possible values are: `PREMIUM`, `STANDARD`.
*/
autoNetworkTier?: pulumi.Input<string | undefined>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
deletionPolicy?: pulumi.Input<string | undefined>;
/**
* A list of URLs of the IP resources to be drained. These IPs must be
* valid static external IPs that have been assigned to the NAT.
*/
drainNatIps?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* Enable Dynamic Port Allocation.
* If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.
* If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.
* If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.
* If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.
* Mutually exclusive with enableEndpointIndependentMapping.
*/
enableDynamicPortAllocation?: pulumi.Input<boolean | undefined>;
/**
* Enable endpoint independent mapping.
* For more information see the [official documentation](https://docs.cloud.google.com/nat/docs/public-nat#specs-rfcs).
*/
enableEndpointIndependentMapping?: pulumi.Input<boolean | undefined>;
/**
* Specifies the endpoint Types supported by the NAT Gateway.
* Supported values include:
* `ENDPOINT_TYPE_VM`, `ENDPOINT_TYPE_SWG`,
* `ENDPOINT_TYPE_MANAGED_PROXY_LB`.
*/
endpointTypes?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
*/
icmpIdleTimeoutSec?: pulumi.Input<number | undefined>;
/**
* Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource.
* Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
*/
initialNatIps?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* Configuration for logging on NAT
* Structure is documented below.
*/
logConfig?: pulumi.Input<inputs.compute.RouterNatLogConfig | undefined>;
/**
* Maximum number of ports allocated to a VM from this NAT.
* This field can only be set when enableDynamicPortAllocation is enabled.
*/
maxPortsPerVm?: pulumi.Input<number | undefined>;
/**
* Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
*/
minPortsPerVm?: pulumi.Input<number | undefined>;
/**
* Name of the NAT service. The name must be 1-63 characters long and
* comply with RFC1035.
*/
name?: pulumi.Input<string | undefined>;
/**
* One or more subnetwork NAT configurations whose traffic should be translated by NAT64 Gateway.
* Only used if `sourceSubnetworkIpRangesToNat64` is set to `LIST_OF_IPV6_SUBNETWORKS`
* Structure is documented below.
*/
nat64Subnetworks?: pulumi.Input<pulumi.Input<inputs.compute.RouterNatNat64Subnetwork>[] | undefined>;
/**
* How external IPs should be allocated for this NAT. Valid values are
* `AUTO_ONLY` for only allowing NAT IPs allocated by Google Cloud
* Platform, or `MANUAL_ONLY` for only user-allocated NAT IP addresses.
* Possible values are: `MANUAL_ONLY`, `AUTO_ONLY`.
*/
natIpAllocateOption?: pulumi.Input<string | undefined>;
/**
* Self-links of NAT IPs. Only valid if natIpAllocateOption
* is set to MANUAL_ONLY.
* If this field is used alongside with a count created list of address resources `google_compute_address.foobar.*.self_link`,
* the access level resource for the address resource must have a `lifecycle` block with `createBeforeDestroy = true` so
* the number of resources can be increased/decreased without triggering the `resourceInUseByAnotherResource` error.
*/
natIps?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string | undefined>;
/**
* Region where the router and NAT reside.
*/
region?: pulumi.Input<string | undefined>;
/**
* The name of the Cloud Router in which this NAT will be configured.
*/
router?: pulumi.Input<string | undefined>;
/**
* A list of rules associated with this NAT.
* Structure is documented below.
*/
rules?: pulumi.Input<pulumi.Input<inputs.compute.RouterNatRule>[] | undefined>;
/**
* How NAT should be configured per Subnetwork.
* If `ALL_SUBNETWORKS_ALL_IP_RANGES`, all of the
* IP ranges in every Subnetwork are allowed to Nat.
* If `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, all of the primary IP
* ranges in every Subnetwork are allowed to Nat.
* `LIST_OF_SUBNETWORKS`: A list of Subnetworks are allowed to Nat
* (specified in the field subnetwork below). Note that if this field
* contains ALL_SUBNETWORKS_ALL_IP_RANGES or
* ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any
* other RouterNat section in any Router for this network in this region.
* Possible values are: `ALL_SUBNETWORKS_ALL_IP_RANGES`, `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, `LIST_OF_SUBNETWORKS`.
*/
sourceSubnetworkIpRangesToNat?: pulumi.Input<string | undefined>;
/**
* Specify the Nat option for NAT64, which can take one of the following values:
* ALL_IPV6_SUBNETWORKS: All of the IP ranges in every Subnetwork are allowed to Nat.
* LIST_OF_IPV6_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field nat64Subnetwork below).
* Note that if this field contains NAT64_ALL_V6_SUBNETWORKS no other Router.Nat section in this region can also enable NAT64 for any Subnetworks in this network.
* Other Router.Nat sections can still be present to enable NAT44 only.
* Possible values are: `ALL_IPV6_SUBNETWORKS`, `LIST_OF_IPV6_SUBNETWORKS`.
*/
sourceSubnetworkIpRangesToNat64?: pulumi.Input<string | undefined>;
/**
* One or more subnetwork NAT configurations. Only used if
* `sourceSubnetworkIpRangesToNat` is set to `LIST_OF_SUBNETWORKS`
* Structure is documented below.
*/
subnetworks?: pulumi.Input<pulumi.Input<inputs.compute.RouterNatSubnetwork>[] | undefined>;
/**
* Timeout (in seconds) for TCP established connections.
* Defaults to 1200s if not set.
*/
tcpEstablishedIdleTimeoutSec?: pulumi.Input<number | undefined>;
/**
* Timeout (in seconds) for TCP connections that are in TIME_WAIT state.
* Defaults to 120s if not set.
*/
tcpTimeWaitTimeoutSec?: pulumi.Input<number | undefined>;
/**
* Timeout (in seconds) for TCP transitory connections.
* Defaults to 30s if not set.
*/
tcpTransitoryIdleTimeoutSec?: pulumi.Input<number | undefined>;
/**
* Indicates whether this NAT is used for public or private IP translation.
* If unspecified, it defaults to PUBLIC.
* If `PUBLIC` NAT used for public IP translation.
* If `PRIVATE` NAT used for private IP translation.
* Default value is `PUBLIC`.
* Possible values are: `PUBLIC`, `PRIVATE`.
*/
type?: pulumi.Input<string | undefined>;
/**
* Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
*/
udpIdleTimeoutSec?: pulumi.Input<number | undefined>;
}
/**
* The set of arguments for constructing a RouterNat resource.
*/
export interface RouterNatArgs {
/**
* The network tier to use when automatically reserving NAT IP addresses.
* Must be one of: PREMIUM, STANDARD. If not specified, then the current
* project-level default tier is used.
* Possible values are: `PREMIUM`, `STANDARD`.
*/
autoNetworkTier?: pulumi.Input<string | undefined>;
/**
* Whether Terraform will be prevented from destroying the resource. Defaults to DELETE.
* When a 'terraform destroy' or 'pulumi up' would delete the resource,
* the command will fail if this field is set to "PREVENT" in Terraform state.
* When set to "ABANDON", the command will remove the resource from Terraform
* management without updating or deleting the resource in the API.
* When set to "DELETE", deleting the resource is allowed.
*/
deletionPolicy?: pulumi.Input<string | undefined>;
/**
* A list of URLs of the IP resources to be drained. These IPs must be
* valid static external IPs that have been assigned to the NAT.
*/
drainNatIps?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* Enable Dynamic Port Allocation.
* If minPortsPerVm is set, minPortsPerVm must be set to a power of two greater than or equal to 32.
* If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config.
* If maxPortsPerVm is set, maxPortsPerVm must be set to a power of two greater than minPortsPerVm.
* If maxPortsPerVm is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.
* Mutually exclusive with enableEndpointIndependentMapping.
*/
enableDynamicPortAllocation?: pulumi.Input<boolean | undefined>;
/**
* Enable endpoint independent mapping.
* For more information see the [official documentation](https://docs.cloud.google.com/nat/docs/public-nat#specs-rfcs).
*/
enableEndpointIndependentMapping?: pulumi.Input<boolean | undefined>;
/**
* Specifies the endpoint Types supported by the NAT Gateway.
* Supported values include:
* `ENDPOINT_TYPE_VM`, `ENDPOINT_TYPE_SWG`,
* `ENDPOINT_TYPE_MANAGED_PROXY_LB`.
*/
endpointTypes?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.
*/
icmpIdleTimeoutSec?: pulumi.Input<number | undefined>;
/**
* Self-links of NAT IPs to be used as initial value for creation alongside a RouterNatAddress resource.
* Conflicts with natIps and drainNatIps. Only valid if natIpAllocateOption is set to MANUAL_ONLY.
*/
initialNatIps?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* Configuration for logging on NAT
* Structure is documented below.
*/
logConfig?: pulumi.Input<inputs.compute.RouterNatLogConfig | undefined>;
/**
* Maximum number of ports allocated to a VM from this NAT.
* This field can only be set when enableDynamicPortAllocation is enabled.
*/
maxPortsPerVm?: pulumi.Input<number | undefined>;
/**
* Minimum number of ports allocated to a VM from this NAT. Defaults to 64 for static port allocation and 32 dynamic port allocation if not set.
*/
minPortsPerVm?: pulumi.Input<number | undefined>;
/**
* Name of the NAT service. The name must be 1-63 characters long and
* comply with RFC1035.
*/
name?: pulumi.Input<string | undefined>;
/**
* One or more subnetwork NAT configurations whose traffic should be translated by NAT64 Gateway.
* Only used if `sourceSubnetworkIpRangesToNat64` is set to `LIST_OF_IPV6_SUBNETWORKS`
* Structure is documented below.
*/
nat64Subnetworks?: pulumi.Input<pulumi.Input<inputs.compute.RouterNatNat64Subnetwork>[] | undefined>;
/**
* How external IPs should be allocated for this NAT. Valid values are
* `AUTO_ONLY` for only allowing NAT IPs allocated by Google Cloud
* Platform, or `MANUAL_ONLY` for only user-allocated NAT IP addresses.
* Possible values are: `MANUAL_ONLY`, `AUTO_ONLY`.
*/
natIpAllocateOption?: pulumi.Input<string | undefined>;
/**
* Self-links of NAT IPs. Only valid if natIpAllocateOption
* is set to MANUAL_ONLY.
* If this field is used alongside with a count created list of address resources `google_compute_address.foobar.*.self_link`,
* the access level resource for the address resource must have a `lifecycle` block with `createBeforeDestroy = true` so
* the number of resources can be increased/decreased without triggering the `resourceInUseByAnotherResource` error.
*/
natIps?: pulumi.Input<pulumi.Input<string>[] | undefined>;
/**
* The ID of the project in which the resource belongs.
* If it is not provided, the provider project is used.
*/
project?: pulumi.Input<string | undefined>;
/**
* Region where the router and NAT reside.
*/
region?: pulumi.Input<string | undefined>;
/**
* The name of the Cloud Router in which this NAT will be configured.
*/
router: pulumi.Input<string>;
/**
* A list of rules associated with this NAT.
* Structure is documented below.
*/
rules?: pulumi.Input<pulumi.Input<inputs.compute.RouterNatRule>[] | undefined>;
/**
* How NAT should be configured per Subnetwork.
* If `ALL_SUBNETWORKS_ALL_IP_RANGES`, all of the
* IP ranges in every Subnetwork are allowed to Nat.
* If `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, all of the primary IP
* ranges in every Subnetwork are allowed to Nat.
* `LIST_OF_SUBNETWORKS`: A list of Subnetworks are allowed to Nat
* (specified in the field subnetwork below). Note that if this field
* contains ALL_SUBNETWORKS_ALL_IP_RANGES or
* ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any
* other RouterNat section in any Router for this network in this region.
* Possible values are: `ALL_SUBNETWORKS_ALL_IP_RANGES`, `ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, `LIST_OF_SUBNETWORKS`.
*/
sourceSubnetworkIpRangesToNat: pulumi.Input<string>;
/**
* Specify the Nat option for NAT64, which can take one of the following values:
* ALL_IPV6_SUBNETWORKS: All of the IP ranges in every Subnetwork are allowed to Nat.
* LIST_OF_IPV6_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field nat64Subnetwork below).
* Note that if this field contains NAT64_ALL_V6_SUBNETWORKS no other Router.Nat section in this region can also enable NAT64 for any Subnetworks in this network.
* Other Router.Nat sections can still be present to enable NAT44 only.
* Possible values are: `ALL_IPV6_SUBNETWORKS`, `LIST_OF_IPV6_SUBNETWORKS`.
*/
sourceSubnetworkIpRangesToNat64?: pulumi.Input<string | undefined>;
/**
* One or more subnetwork NAT configurations. Only used if
* `sourceSubnetworkIpRangesToNat` is set to `LIST_OF_SUBNETWORKS`
* Structure is documented below.
*/
subnetworks?: pulumi.Input<pulumi.Input<inputs.compute.RouterNatSubnetwork>[] | undefined>;
/**
* Timeout (in seconds) for TCP established connections.
* Defaults to 1200s if not set.
*/
tcpEstablishedIdleTimeoutSec?: pulumi.Input<number | undefined>;
/**
* Timeout (in seconds) for TCP connections that are in TIME_WAIT state.
* Defaults to 120s if not set.
*/
tcpTimeWaitTimeoutSec?: pulumi.Input<number | undefined>;
/**
* Timeout (in seconds) for TCP transitory connections.
* Defaults to 30s if not set.
*/
tcpTransitoryIdleTimeoutSec?: pulumi.Input<number | undefined>;
/**
* Indicates whether this NAT is used for public or private IP translation.
* If unspecified, it defaults to PUBLIC.
* If `PUBLIC` NAT used for public IP translation.
* If `PRIVATE` NAT used for private IP translation.
* Default value is `PUBLIC`.
* Possible values are: `PUBLIC`, `PRIVATE`.
*/
type?: pulumi.Input<string | undefined>;
/**
* Timeout (in seconds) for UDP connections. Defaults to 30s if not set.
*/
udpIdleTimeoutSec?: pulumi.Input<number | undefined>;
}
//# sourceMappingURL=routerNat.d.ts.map