Signed-off-by: Modular Magician <magic-modules@google.com>
5.7 KiB
layout | page_title | sidebar_current | description |
---|---|---|---|
Google: google_compute_router_nat | docs-google-compute-router-nat | Manages a Cloud NAT. |
google_compute_router_nat
Manages a Cloud NAT. For more information see the official documentation and API.
Example Usage
A simple NAT configuration: enable NAT for all Subnetworks associated with the Network associated with the given Router.
resource "google_compute_network" "default" {
name = "my-network"
}
resource "google_compute_subnetwork" "default" {
name = "my-subnet"
network = "${google_compute_network.default.self_link}"
ip_cidr_range = "10.0.0.0/16"
region = "us-central1"
}
resource "google_compute_router" "router" {
name = "router"
region = "${google_compute_subnetwork.default.region}"
network = "${google_compute_network.default.self_link}"
bgp {
asn = 64514
}
}
resource "google_compute_router_nat" "simple-nat" {
name = "nat-1"
router = "${google_compute_router.router.name}"
region = "us-central1"
nat_ip_allocate_option = "AUTO_ONLY"
source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
}
A production-like configuration: enable NAT for one Subnetwork and use a list of static external IP addresses.
resource "google_compute_network" "default" {
name = "my-network"
}
resource "google_compute_subnetwork" "default" {
name = "my-subnet"
network = "${google_compute_network.default.self_link}"
ip_cidr_range = "10.0.0.0/16"
region = "us-central1"
}
resource "google_compute_router" "router" {
name = "router"
region = "${google_compute_subnetwork.default.region}"
network = "${google_compute_network.default.self_link}"
bgp {
asn = 64514
}
}
resource "google_compute_address" "address" {
count = 2
name = "nat-external-address-${count.index}"
region = "us-central1"
}
resource "google_compute_router_nat" "advanced-nat" {
name = "nat-1"
router = "${google_compute_router.router.name}"
region = "us-central1"
nat_ip_allocate_option = "MANUAL_ONLY"
nat_ips = ["${google_compute_address.address.*.self_link}"]
source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
subnetwork {
name = "${google_compute_subnetwork.subnetwork.self_link}"
}
}
Argument Reference
The following arguments are supported:
-
name
- (Required) A unique name for Cloud NAT, required by GCE. Changing this forces a new NAT to be created. -
router
- (Required) The name of the router in which this NAT will be configured. Changing this forces a new NAT to be created. -
nat_ip_allocate_option
- (Required) How external IPs should be allocated for this NAT. Valid values areAUTO_ONLY
orMANUAL_ONLY
. Changing this forces a new NAT to be created. -
source_subnetwork_ip_ranges_to_nat
- (Required) How NAT should be configured per Subnetwork. Valid values include:ALL_SUBNETWORKS_ALL_IP_RANGES
,ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES
,LIST_OF_SUBNETWORKS
. Changing this forces a new NAT to be created.
-
nat_ips
- (Optional) List ofself_link
s of external IPs. Only valid ifnat_ip_allocate_option
is set toMANUAL_ONLY
. Changing this forces a new NAT to be created. -
subnetwork
- (Optional) One or more subnetwork NAT configurations. Only used ifsource_subnetwork_ip_ranges_to_nat
is set toLIST_OF_SUBNETWORKS
. See the section below for details on configuration. -
min_ports_per_vm
- (Optional) Minimum number of ports allocated to a VM from this NAT config. If not set, a default number of ports is allocated to a VM. Changing this forces a new NAT to be created. -
udp_idle_timeout_sec
- (Optional) Timeout (in seconds) for UDP connections. Defaults to 30s if not set. Changing this forces a new NAT to be created. -
icmp_idle_timeout_sec
- (Optional) Timeout (in seconds) for ICMP connections. Defaults to 30s if not set. Changing this forces a new NAT to be created. -
tcp_established_idle_timeout_sec
- (Optional) Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set. Changing this forces a new NAT to be created. -
tcp_transitory_idle_timeout_sec
- (Optional) Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set. Changing this forces a new NAT to be created. -
project
- (Optional) The ID of the project in which this NAT's router belongs. If it is not provided, the provider project is used. Changing this forces a new NAT to be created. -
region
- (Optional) The region this NAT's router sits in. If not specified, the project region will be used. Changing this forces a new NAT to be created.
The subnetwork
block supports:
-
name
- (Required) Theself_link
of the subnetwork to NAT. -
source_ip_ranges_to_nat
- (Required) List of options for which source IPs in the subnetwork should have NAT enabled. Supported values include:ALL_IP_RANGES
,LIST_OF_SECONDARY_IP_RANGES
,PRIMARY_IP_RANGE
-
secondary_ip_range_names
- (Optional) List of the secondary ranges of the subnetwork that are allowed to use NAT. This can be populated only ifLIST_OF_SECONDARY_IP_RANGES
is one of the values insource_ip_ranges_to_nat
.
Import
Router NATs can be imported using the region
, router
, and name
, e.g.
$ terraform import google_compute_router_nat.my-nat us-central1/router-1/nat-1