mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-15 07:27:15 +00:00
48a2cf8a27
<!-- This change is generated by MagicModules. --> /cc @rileykarson
167 lines
5.7 KiB
Markdown
167 lines
5.7 KiB
Markdown
---
|
|
layout: "google"
|
|
page_title: "Google: google_compute_router_nat"
|
|
sidebar_current: "docs-google-compute-router-nat"
|
|
description: |-
|
|
Manages a Cloud NAT.
|
|
---
|
|
|
|
# google\_compute\_router\_nat
|
|
|
|
Manages a Cloud NAT. For more information see
|
|
[the official documentation](https://cloud.google.com/nat/docs/overview)
|
|
and
|
|
[API](https://cloud.google.com/compute/docs/reference/rest/beta/routers).
|
|
|
|
## Example Usage
|
|
|
|
A simple NAT configuration: enable NAT for all Subnetworks associated with
|
|
the Network associated with the given Router.
|
|
|
|
```hcl
|
|
resource "google_compute_network" "default" {
|
|
name = "my-network"
|
|
}
|
|
|
|
resource "google_compute_subnetwork" "default" {
|
|
name = "my-subnet"
|
|
network = "${google_compute_network.default.self_link}"
|
|
ip_cidr_range = "10.0.0.0/16"
|
|
region = "us-central1"
|
|
}
|
|
|
|
resource "google_compute_router" "router" {
|
|
name = "router"
|
|
region = "${google_compute_subnetwork.default.region}"
|
|
network = "${google_compute_network.default.self_link}"
|
|
bgp {
|
|
asn = 64514
|
|
}
|
|
}
|
|
|
|
resource "google_compute_router_nat" "simple-nat" {
|
|
name = "nat-1"
|
|
router = "${google_compute_router.router.name}"
|
|
region = "us-central1"
|
|
nat_ip_allocate_option = "AUTO_ONLY"
|
|
source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"
|
|
}
|
|
```
|
|
|
|
A production-like configuration: enable NAT for one Subnetwork and use a list of
|
|
static external IP address.
|
|
|
|
```hcl
|
|
resource "google_compute_network" "default" {
|
|
name = "my-network"
|
|
}
|
|
|
|
resource "google_compute_subnetwork" "default" {
|
|
name = "my-subnet"
|
|
network = "${google_compute_network.default.self_link}"
|
|
ip_cidr_range = "10.0.0.0/16"
|
|
region = "us-central1"
|
|
}
|
|
|
|
resource "google_compute_router" "router" {
|
|
name = "router"
|
|
region = "${google_compute_subnetwork.default.region}"
|
|
network = "${google_compute_network.default.self_link}"
|
|
bgp {
|
|
asn = 64514
|
|
}
|
|
}
|
|
|
|
resource "google_compute_address" "address" {
|
|
count = 2
|
|
name = "nat-external-address-${count.index}"
|
|
region = "us-central1"
|
|
}
|
|
|
|
resource "google_compute_router_nat" "advanced-nat" {
|
|
name = "nat-1"
|
|
router = "${google_compute_router.router.name}"
|
|
region = "us-central1"
|
|
nat_ip_allocate_option = "MANUAL_ONLY"
|
|
nat_ips = ["${google_compute_address.address.*.self_link}"]
|
|
source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
|
|
subnetwork {
|
|
name = "${google_compute_subnetwork.subnetwork.self_link}"
|
|
}
|
|
}
|
|
```
|
|
|
|
## Argument Reference
|
|
|
|
The following arguments are supported:
|
|
|
|
* `name` - (Required) A unique name for Cloud NAT, required by GCE. Changing
|
|
this forces a new NAT to be created.
|
|
|
|
* `router` - (Required) The name of the router in which this NAT will be configured.
|
|
Changing this forces a new NAT to be created.
|
|
|
|
* `nat_ip_allocate_option` - (Required) How external IPs should be allocated for
|
|
this NAT. Valid values are `AUTO_ONLY` or `MANUAL_ONLY`. Changing this forces
|
|
a new NAT to be created.
|
|
|
|
* `source_subnetwork_ip_ranges_to_nat` - (Required) How NAT should be configured
|
|
per Subnetwork. Valid values include: `ALL_SUBNETWORKS_ALL_IP_RANGES`,
|
|
`ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES`, `LIST_OF_SUBNETWORKS`. Changing
|
|
this forces a new NAT to be created.
|
|
|
|
- - -
|
|
|
|
* `nat_ips` - (Optional) List of `self_link`s of external IPs. Only valid if
|
|
`nat_ip_allocate_option` is set to `MANUAL_ONLY`. Changing this forces a
|
|
new NAT to be created.
|
|
|
|
* `subnetwork` - (Optional) One or more subnetwork NAT configurations. Only used
|
|
if `source_subnetwork_ip_ranges_to_nat` is set to `LIST_OF_SUBNETWORKS`. See
|
|
the section below for details on configuration.
|
|
|
|
* `min_ports_per_vm` - (Optional) Minimum number of ports allocated to a VM
|
|
from this NAT config. If not set, a default number of ports is allocated to a VM.
|
|
Changing this forces a new NAT to be created.
|
|
|
|
* `udp_idle_timeout_sec` - (Optional) Timeout (in seconds) for UDP connections.
|
|
Defaults to 30s if not set. Changing this forces a new NAT to be created.
|
|
|
|
* `icmp_idle_timeout_sec` - (Optional) Timeout (in seconds) for ICMP connections.
|
|
Defaults to 30s if not set. Changing this forces a new NAT to be created.
|
|
|
|
* `tcp_established_idle_timeout_sec` - (Optional) Timeout (in seconds) for TCP
|
|
established connections. Defaults to 1200s if not set. Changing this forces
|
|
a new NAT to be created.
|
|
|
|
* `tcp_transitory_idle_timeout_sec` - (Optional) Timeout (in seconds) for TCP
|
|
transitory connections. Defaults to 30s if not set. Changing this forces a
|
|
new NAT to be created.
|
|
|
|
* `project` - (Optional) The ID of the project in which this NAT's router belongs. If it
|
|
is not provided, the provider project is used. Changing this forces a new NAT to be created.
|
|
|
|
* `region` - (Optional) The region this NAT's router sits in. If not specified,
|
|
the project region will be used. Changing this forces a new NAT to be
|
|
created.
|
|
|
|
The `subnetwork` block supports:
|
|
|
|
* `name` - (Required) The `self_link` of the subnetwork to NAT.
|
|
|
|
* `source_ip_ranges_to_nat` - (Required) List of options for which source IPs in the subnetwork
|
|
should have NAT enabled. Supported values include: `ALL_IP_RANGES`,
|
|
`LIST_OF_SECONDARY_IP_RANGES`, `PRIMARY_IP_RANGE`
|
|
|
|
* `secondary_ip_range_names` - (Optional) List of the secondary ranges of the subnetwork
|
|
that are allowed to use NAT. This can be populated only if
|
|
`LIST_OF_SECONDARY_IP_RANGES` is one of the values in `source_ip_ranges_to_nat`.
|
|
|
|
## Import
|
|
|
|
Router NATs can be imported using the `region`, `router`, and `name`, e.g.
|
|
|
|
```
|
|
$ terraform import google_compute_router_nat.my-nat us-central1/router-1/nat-1
|
|
```
|