Policy-based Routes are more powerful routes that route L4 network traffic based on not just destination IP, but also source IP, protocol and more. A Policy-based Route always take precedence when it conflicts with other types of routes.
To get more information about PolicyBasedRoute, see:
resource "google_network_connectivity_policy_based_route" "default" {
name = "my-pbr"
network = google_compute_network.my_network.id
filter {
protocol_version = "IPV4"
}
next_hop_other_routes = "DEFAULT_ROUTING"
}
resource "google_compute_network" "my_network" {
name = "my-network"
auto_create_subnetworks = false
}
resource "google_network_connectivity_policy_based_route" "default" {
name = "my-pbr"
description = "My routing policy"
network = google_compute_network.my_network.id
priority = 2302
filter {
protocol_version = "IPV4"
ip_protocol = "UDP"
src_range = "10.0.0.0/24"
dest_range = "0.0.0.0/0"
}
next_hop_ilb_ip = google_compute_global_address.ilb.address
virtual_machine {
tags = ["restricted"]
}
labels = {
env = "default"
}
}
resource "google_compute_network" "my_network" {
name = "my-network"
auto_create_subnetworks = false
}
# This example substitutes an arbitrary internal IP for an internal network
# load balancer for brevity. Consult https://cloud.google.com/load-balancing/docs/internal
# to set one up.
resource "google_compute_global_address" "ilb" {
name = "my-ilb"
}
The following arguments are supported:
name
-
(Required)
The name of the policy based route.
network
-
(Required)
Fully-qualified URL of the network that this route applies to, for example: projects/my-project/global/networks/my-network.
filter
-
(Required)
The filter to match L4 traffic.
Structure is documented below.
protocol_version
-
(Required)
Internet protocol versions this policy-based route applies to.
Possible values are: IPV4
.
ip_protocol
-
(Optional)
The IP protocol that this policy-based route applies to. Valid values are 'TCP', 'UDP', and 'ALL'. Default is 'ALL'.
src_range
-
(Optional)
The source IP range of outgoing packets that this policy-based route applies to. Default is "0.0.0.0/0" if protocol version is IPv4.
dest_range
-
(Optional)
The destination IP range of outgoing packets that this policy-based route applies to. Default is "0.0.0.0/0" if protocol version is IPv4.
description
-
(Optional)
An optional description of this resource.
labels
-
(Optional)
User-defined labels.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
next_hop_other_routes
-
(Optional)
Other routes that will be referenced to determine the next hop of the packet.
Possible values are: DEFAULT_ROUTING
.
next_hop_ilb_ip
-
(Optional)
The IP address of a global-access-enabled L4 ILB that is the next hop for matching packets.
priority
-
(Optional)
The priority of this policy-based route. Priority is used to break ties in cases where there are more than one matching policy-based routes found. In cases where multiple policy-based routes are matched, the one with the lowest-numbered priority value wins. The default value is 1000. The priority value must be from 1 to 65535, inclusive.
virtual_machine
-
(Optional)
VM instances to which this policy-based route applies to.
Structure is documented below.
interconnect_attachment
-
(Optional)
The interconnect attachments that this policy-based route applies to.
Structure is documented below.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
The virtual_machine
block supports:
tags
-
(Required)
A list of VM instance tags that this policy-based route applies to. VM instances that have ANY of tags specified here will install this PBR.The interconnect_attachment
block supports:
region
-
(Required)
Cloud region to install this policy-based route on for Interconnect attachments. Use all
to install it on all Interconnect attachments.In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/global/policyBasedRoutes/{{name}}
create_time
-
Time when the policy-based route was created.
update_time
-
Time when the policy-based route was created.
kind
-
Type of this resource.
warnings
-
If potential misconfigurations are detected for this route, this field will be populated with warning messages.
Structure is documented below.
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
code
-
(Output)
A warning code, if applicable.
data
-
(Output)
Metadata about this warning in key: value format. The key should provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement.
warning_message
-
(Output)
A human-readable description of the warning code.
This resource provides the following Timeouts configuration options:
create
- Default is 30 minutes.update
- Default is 30 minutes.delete
- Default is 30 minutes.PolicyBasedRoute can be imported using any of these accepted formats:
projects/{{project}}/locations/global/policyBasedRoutes/{{name}}
{{project}}/{{name}}
{{name}}
In Terraform v1.5.0 and later, use an import
block to import PolicyBasedRoute using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/global/policyBasedRoutes/{{name}}"
to = google_network_connectivity_policy_based_route.default
}
When using the terraform import
command, PolicyBasedRoute can be imported using one of the formats above. For example:
$ terraform import google_network_connectivity_policy_based_route.default projects/{{project}}/locations/global/policyBasedRoutes/{{name}}
$ terraform import google_network_connectivity_policy_based_route.default {{project}}/{{name}}
$ terraform import google_network_connectivity_policy_based_route.default {{name}}
This resource supports User Project Overrides.