google_compute_target_instance

Represents a TargetInstance resource which defines an endpoint instance that terminates traffic of certain protocols. In particular, they are used in Protocol Forwarding, where forwarding rules can send packets to a non-NAT'ed target instance. Each target instance contains a single virtual machine instance that receives and handles traffic from the corresponding forwarding rules.

To get more information about TargetInstance, see:

Open in Cloud Shell

Example Usage - Target Instance Basic

resource "google_compute_target_instance" "default" {
  name     = "target"
  instance = google_compute_instance.target-vm.id
}

data "google_compute_image" "vmimage" {
  family  = "debian-11"
  project = "debian-cloud"
}

resource "google_compute_instance" "target-vm" {
  name         = "target-vm"
  machine_type = "e2-medium"
  zone         = "us-central1-a"

  boot_disk {
    initialize_params {
      image = data.google_compute_image.vmimage.self_link
    }
  }

  network_interface {
    network = "default"
  }
}
Open in Cloud Shell

Example Usage - Target Instance Custom Network

resource "google_compute_target_instance" "custom_network" {
  provider = google-beta
  name     = "custom-network"
  instance = google_compute_instance.target-vm.id
  network  = data.google_compute_network.target-vm.self_link
}

data "google_compute_network" "target-vm" {
  provider = google-beta
  name = "default"
}

data "google_compute_image" "vmimage" {
  provider = google-beta
  family  = "debian-10"
  project = "debian-cloud"
}

resource "google_compute_instance" "target-vm" {
  provider = google-beta
  name         = "custom-network-target-vm"
  machine_type = "e2-medium"
  zone         = "us-central1-a"

  boot_disk {
    initialize_params {
      image = data.google_compute_image.vmimage.self_link
    }
  }

  network_interface {
    network = "default"
  }
}
Open in Cloud Shell

Example Usage - Target Instance With Security Policy

resource "google_compute_network" "default" {
  provider                = google-beta
  name                    = "custom-default-network"
  auto_create_subnetworks = false
  routing_mode            = "REGIONAL"
}

resource "google_compute_subnetwork" "default" {
  provider                   = google-beta
  name                       = "custom-default-subnet"
  ip_cidr_range              = "10.1.2.0/24"
  network                    = google_compute_network.default.id
  private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS"
  purpose                    = "PRIVATE"
  region                     = "southamerica-west1"
  stack_type                 = "IPV4_ONLY"
}

data "google_compute_image" "vmimage" {
  provider = google-beta
  family   = "debian-11"
  project  = "debian-cloud"
}

resource "google_compute_instance" "target-vm" {
  provider     = google-beta
  name         = "target-vm"
  machine_type = "e2-medium"
  zone         = "southamerica-west1-a"

  boot_disk {
    initialize_params {
      image = data.google_compute_image.vmimage.self_link
    }
  }

  network_interface {       
    network = google_compute_network.default.self_link
    subnetwork = google_compute_subnetwork.default.self_link
    access_config {
    }
  }
}

resource "google_compute_region_security_policy" "policyddosprotection" {
  provider    = google-beta
  region      = "southamerica-west1"
  name        = "tf-test-policyddos%{random_suffix}"
  description = "ddos protection security policy to set target instance"
  type        = "CLOUD_ARMOR_NETWORK"
  ddos_protection_config {
    ddos_protection = "ADVANCED_PREVIEW"
  }
}

resource "google_compute_network_edge_security_service" "edge_sec_service" {
  provider        = google-beta
  region          = "southamerica-west1"
  name            = "tf-test-edgesec%{random_suffix}"
  security_policy = google_compute_region_security_policy.policyddosprotection.self_link
}

resource "google_compute_region_security_policy" "regionsecuritypolicy" {
  provider    = google-beta
  name        = "region-secpolicy"
  region      = "southamerica-west1"
  description = "basic security policy for target instance"
  type        = "CLOUD_ARMOR_NETWORK"
  depends_on  = [google_compute_network_edge_security_service.edge_sec_service]
}

resource "google_compute_target_instance" "default" {
  provider        = google-beta
  name            = "target-instance"
  zone            = "southamerica-west1-a"
  instance        = google_compute_instance.target-vm.id
  security_policy = google_compute_region_security_policy.regionsecuritypolicy.self_link
}

Argument Reference

The following arguments are supported:


Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

TargetInstance can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import TargetInstance using one of the formats above. For example:

import {
  id = "projects/{{project}}/zones/{{zone}}/targetInstances/{{name}}"
  to = google_compute_target_instance.default
}

When using the terraform import command, TargetInstance can be imported using one of the formats above. For example:

$ terraform import google_compute_target_instance.default projects/{{project}}/zones/{{zone}}/targetInstances/{{name}}
$ terraform import google_compute_target_instance.default {{project}}/{{zone}}/{{name}}
$ terraform import google_compute_target_instance.default {{zone}}/{{name}}
$ terraform import google_compute_target_instance.default {{name}}

User Project Overrides

This resource supports User Project Overrides.