1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. compute
  5. BackendService
Google Cloud v8.26.0 published on Thursday, Apr 10, 2025 by Pulumi

gcp.compute.BackendService

Explore with Pulumi AI

A Backend Service defines a group of virtual machines that will serve traffic for load balancing. This resource is a global backend service, appropriate for external load balancing or self-managed internal load balancing. For managed internal load balancing, use a regional backend service instead.

Currently self-managed internal load balancing is only available in beta.

To get more information about BackendService, see:

Warning: All arguments including the following potentially sensitive values will be stored in the raw state as plain text: iap.oauth2_client_secret, iap.oauth2_client_secret_sha256, security_settings.aws_v4_authentication.access_key.

Example Usage

Backend Service Basic

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", {
    name: "health-check",
    requestPath: "/",
    checkIntervalSec: 1,
    timeoutSec: 1,
});
const _default = new gcp.compute.BackendService("default", {
    name: "backend-service",
    healthChecks: defaultHttpHealthCheck.id,
});
Copy
import pulumi
import pulumi_gcp as gcp

default_http_health_check = gcp.compute.HttpHealthCheck("default",
    name="health-check",
    request_path="/",
    check_interval_sec=1,
    timeout_sec=1)
default = gcp.compute.BackendService("default",
    name="backend-service",
    health_checks=default_http_health_check.id)
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		defaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, "default", &compute.HttpHealthCheckArgs{
			Name:             pulumi.String("health-check"),
			RequestPath:      pulumi.String("/"),
			CheckIntervalSec: pulumi.Int(1),
			TimeoutSec:       pulumi.Int(1),
		})
		if err != nil {
			return err
		}
		_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:         pulumi.String("backend-service"),
			HealthChecks: defaultHttpHealthCheck.ID(),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("default", new()
    {
        Name = "health-check",
        RequestPath = "/",
        CheckIntervalSec = 1,
        TimeoutSec = 1,
    });

    var @default = new Gcp.Compute.BackendService("default", new()
    {
        Name = "backend-service",
        HealthChecks = defaultHttpHealthCheck.Id,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HttpHealthCheck;
import com.pulumi.gcp.compute.HttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var defaultHttpHealthCheck = new HttpHealthCheck("defaultHttpHealthCheck", HttpHealthCheckArgs.builder()
            .name("health-check")
            .requestPath("/")
            .checkIntervalSec(1)
            .timeoutSec(1)
            .build());

        var default_ = new BackendService("default", BackendServiceArgs.builder()
            .name("backend-service")
            .healthChecks(defaultHttpHealthCheck.id())
            .build());

    }
}
Copy
resources:
  default:
    type: gcp:compute:BackendService
    properties:
      name: backend-service
      healthChecks: ${defaultHttpHealthCheck.id}
  defaultHttpHealthCheck:
    type: gcp:compute:HttpHealthCheck
    name: default
    properties:
      name: health-check
      requestPath: /
      checkIntervalSec: 1
      timeoutSec: 1
Copy

Backend Service External Iap

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const _default = new gcp.compute.BackendService("default", {
    name: "tf-test-backend-service-external",
    protocol: "HTTP",
    loadBalancingScheme: "EXTERNAL",
    iap: {
        enabled: true,
        oauth2ClientId: "abc",
        oauth2ClientSecret: "xyz",
    },
});
Copy
import pulumi
import pulumi_gcp as gcp

default = gcp.compute.BackendService("default",
    name="tf-test-backend-service-external",
    protocol="HTTP",
    load_balancing_scheme="EXTERNAL",
    iap={
        "enabled": True,
        "oauth2_client_id": "abc",
        "oauth2_client_secret": "xyz",
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:                pulumi.String("tf-test-backend-service-external"),
			Protocol:            pulumi.String("HTTP"),
			LoadBalancingScheme: pulumi.String("EXTERNAL"),
			Iap: &compute.BackendServiceIapArgs{
				Enabled:            pulumi.Bool(true),
				Oauth2ClientId:     pulumi.String("abc"),
				Oauth2ClientSecret: pulumi.String("xyz"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var @default = new Gcp.Compute.BackendService("default", new()
    {
        Name = "tf-test-backend-service-external",
        Protocol = "HTTP",
        LoadBalancingScheme = "EXTERNAL",
        Iap = new Gcp.Compute.Inputs.BackendServiceIapArgs
        {
            Enabled = true,
            Oauth2ClientId = "abc",
            Oauth2ClientSecret = "xyz",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceIapArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new BackendService("default", BackendServiceArgs.builder()
            .name("tf-test-backend-service-external")
            .protocol("HTTP")
            .loadBalancingScheme("EXTERNAL")
            .iap(BackendServiceIapArgs.builder()
                .enabled(true)
                .oauth2ClientId("abc")
                .oauth2ClientSecret("xyz")
                .build())
            .build());

    }
}
Copy
resources:
  default:
    type: gcp:compute:BackendService
    properties:
      name: tf-test-backend-service-external
      protocol: HTTP
      loadBalancingScheme: EXTERNAL
      iap:
        enabled: true
        oauth2ClientId: abc
        oauth2ClientSecret: xyz
Copy

Backend Service Cache Simple

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", {
    name: "health-check",
    requestPath: "/",
    checkIntervalSec: 1,
    timeoutSec: 1,
});
const _default = new gcp.compute.BackendService("default", {
    name: "backend-service",
    healthChecks: defaultHttpHealthCheck.id,
    enableCdn: true,
    cdnPolicy: {
        signedUrlCacheMaxAgeSec: 7200,
    },
});
Copy
import pulumi
import pulumi_gcp as gcp

default_http_health_check = gcp.compute.HttpHealthCheck("default",
    name="health-check",
    request_path="/",
    check_interval_sec=1,
    timeout_sec=1)
default = gcp.compute.BackendService("default",
    name="backend-service",
    health_checks=default_http_health_check.id,
    enable_cdn=True,
    cdn_policy={
        "signed_url_cache_max_age_sec": 7200,
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		defaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, "default", &compute.HttpHealthCheckArgs{
			Name:             pulumi.String("health-check"),
			RequestPath:      pulumi.String("/"),
			CheckIntervalSec: pulumi.Int(1),
			TimeoutSec:       pulumi.Int(1),
		})
		if err != nil {
			return err
		}
		_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:         pulumi.String("backend-service"),
			HealthChecks: defaultHttpHealthCheck.ID(),
			EnableCdn:    pulumi.Bool(true),
			CdnPolicy: &compute.BackendServiceCdnPolicyArgs{
				SignedUrlCacheMaxAgeSec: pulumi.Int(7200),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("default", new()
    {
        Name = "health-check",
        RequestPath = "/",
        CheckIntervalSec = 1,
        TimeoutSec = 1,
    });

    var @default = new Gcp.Compute.BackendService("default", new()
    {
        Name = "backend-service",
        HealthChecks = defaultHttpHealthCheck.Id,
        EnableCdn = true,
        CdnPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyArgs
        {
            SignedUrlCacheMaxAgeSec = 7200,
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HttpHealthCheck;
import com.pulumi.gcp.compute.HttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCdnPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var defaultHttpHealthCheck = new HttpHealthCheck("defaultHttpHealthCheck", HttpHealthCheckArgs.builder()
            .name("health-check")
            .requestPath("/")
            .checkIntervalSec(1)
            .timeoutSec(1)
            .build());

        var default_ = new BackendService("default", BackendServiceArgs.builder()
            .name("backend-service")
            .healthChecks(defaultHttpHealthCheck.id())
            .enableCdn(true)
            .cdnPolicy(BackendServiceCdnPolicyArgs.builder()
                .signedUrlCacheMaxAgeSec(7200)
                .build())
            .build());

    }
}
Copy
resources:
  default:
    type: gcp:compute:BackendService
    properties:
      name: backend-service
      healthChecks: ${defaultHttpHealthCheck.id}
      enableCdn: true
      cdnPolicy:
        signedUrlCacheMaxAgeSec: 7200
  defaultHttpHealthCheck:
    type: gcp:compute:HttpHealthCheck
    name: default
    properties:
      name: health-check
      requestPath: /
      checkIntervalSec: 1
      timeoutSec: 1
Copy

Backend Service Cache Include Http Headers

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const _default = new gcp.compute.BackendService("default", {
    name: "backend-service",
    enableCdn: true,
    cdnPolicy: {
        cacheMode: "USE_ORIGIN_HEADERS",
        cacheKeyPolicy: {
            includeHost: true,
            includeProtocol: true,
            includeQueryString: true,
            includeHttpHeaders: ["X-My-Header-Field"],
        },
    },
});
Copy
import pulumi
import pulumi_gcp as gcp

default = gcp.compute.BackendService("default",
    name="backend-service",
    enable_cdn=True,
    cdn_policy={
        "cache_mode": "USE_ORIGIN_HEADERS",
        "cache_key_policy": {
            "include_host": True,
            "include_protocol": True,
            "include_query_string": True,
            "include_http_headers": ["X-My-Header-Field"],
        },
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:      pulumi.String("backend-service"),
			EnableCdn: pulumi.Bool(true),
			CdnPolicy: &compute.BackendServiceCdnPolicyArgs{
				CacheMode: pulumi.String("USE_ORIGIN_HEADERS"),
				CacheKeyPolicy: &compute.BackendServiceCdnPolicyCacheKeyPolicyArgs{
					IncludeHost:        pulumi.Bool(true),
					IncludeProtocol:    pulumi.Bool(true),
					IncludeQueryString: pulumi.Bool(true),
					IncludeHttpHeaders: pulumi.StringArray{
						pulumi.String("X-My-Header-Field"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var @default = new Gcp.Compute.BackendService("default", new()
    {
        Name = "backend-service",
        EnableCdn = true,
        CdnPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyArgs
        {
            CacheMode = "USE_ORIGIN_HEADERS",
            CacheKeyPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyCacheKeyPolicyArgs
            {
                IncludeHost = true,
                IncludeProtocol = true,
                IncludeQueryString = true,
                IncludeHttpHeaders = new[]
                {
                    "X-My-Header-Field",
                },
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCdnPolicyArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCdnPolicyCacheKeyPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new BackendService("default", BackendServiceArgs.builder()
            .name("backend-service")
            .enableCdn(true)
            .cdnPolicy(BackendServiceCdnPolicyArgs.builder()
                .cacheMode("USE_ORIGIN_HEADERS")
                .cacheKeyPolicy(BackendServiceCdnPolicyCacheKeyPolicyArgs.builder()
                    .includeHost(true)
                    .includeProtocol(true)
                    .includeQueryString(true)
                    .includeHttpHeaders("X-My-Header-Field")
                    .build())
                .build())
            .build());

    }
}
Copy
resources:
  default:
    type: gcp:compute:BackendService
    properties:
      name: backend-service
      enableCdn: true
      cdnPolicy:
        cacheMode: USE_ORIGIN_HEADERS
        cacheKeyPolicy:
          includeHost: true
          includeProtocol: true
          includeQueryString: true
          includeHttpHeaders:
            - X-My-Header-Field
Copy

Backend Service Cache Include Named Cookies

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const _default = new gcp.compute.BackendService("default", {
    name: "backend-service",
    enableCdn: true,
    cdnPolicy: {
        cacheMode: "CACHE_ALL_STATIC",
        defaultTtl: 3600,
        clientTtl: 7200,
        maxTtl: 10800,
        cacheKeyPolicy: {
            includeHost: true,
            includeProtocol: true,
            includeQueryString: true,
            includeNamedCookies: [
                "__next_preview_data",
                "__prerender_bypass",
            ],
        },
    },
});
Copy
import pulumi
import pulumi_gcp as gcp

default = gcp.compute.BackendService("default",
    name="backend-service",
    enable_cdn=True,
    cdn_policy={
        "cache_mode": "CACHE_ALL_STATIC",
        "default_ttl": 3600,
        "client_ttl": 7200,
        "max_ttl": 10800,
        "cache_key_policy": {
            "include_host": True,
            "include_protocol": True,
            "include_query_string": True,
            "include_named_cookies": [
                "__next_preview_data",
                "__prerender_bypass",
            ],
        },
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:      pulumi.String("backend-service"),
			EnableCdn: pulumi.Bool(true),
			CdnPolicy: &compute.BackendServiceCdnPolicyArgs{
				CacheMode:  pulumi.String("CACHE_ALL_STATIC"),
				DefaultTtl: pulumi.Int(3600),
				ClientTtl:  pulumi.Int(7200),
				MaxTtl:     pulumi.Int(10800),
				CacheKeyPolicy: &compute.BackendServiceCdnPolicyCacheKeyPolicyArgs{
					IncludeHost:        pulumi.Bool(true),
					IncludeProtocol:    pulumi.Bool(true),
					IncludeQueryString: pulumi.Bool(true),
					IncludeNamedCookies: pulumi.StringArray{
						pulumi.String("__next_preview_data"),
						pulumi.String("__prerender_bypass"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var @default = new Gcp.Compute.BackendService("default", new()
    {
        Name = "backend-service",
        EnableCdn = true,
        CdnPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyArgs
        {
            CacheMode = "CACHE_ALL_STATIC",
            DefaultTtl = 3600,
            ClientTtl = 7200,
            MaxTtl = 10800,
            CacheKeyPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyCacheKeyPolicyArgs
            {
                IncludeHost = true,
                IncludeProtocol = true,
                IncludeQueryString = true,
                IncludeNamedCookies = new[]
                {
                    "__next_preview_data",
                    "__prerender_bypass",
                },
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCdnPolicyArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCdnPolicyCacheKeyPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new BackendService("default", BackendServiceArgs.builder()
            .name("backend-service")
            .enableCdn(true)
            .cdnPolicy(BackendServiceCdnPolicyArgs.builder()
                .cacheMode("CACHE_ALL_STATIC")
                .defaultTtl(3600)
                .clientTtl(7200)
                .maxTtl(10800)
                .cacheKeyPolicy(BackendServiceCdnPolicyCacheKeyPolicyArgs.builder()
                    .includeHost(true)
                    .includeProtocol(true)
                    .includeQueryString(true)
                    .includeNamedCookies(                    
                        "__next_preview_data",
                        "__prerender_bypass")
                    .build())
                .build())
            .build());

    }
}
Copy
resources:
  default:
    type: gcp:compute:BackendService
    properties:
      name: backend-service
      enableCdn: true
      cdnPolicy:
        cacheMode: CACHE_ALL_STATIC
        defaultTtl: 3600
        clientTtl: 7200
        maxTtl: 10800
        cacheKeyPolicy:
          includeHost: true
          includeProtocol: true
          includeQueryString: true
          includeNamedCookies:
            - __next_preview_data
            - __prerender_bypass
Copy

Backend Service Cache

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", {
    name: "health-check",
    requestPath: "/",
    checkIntervalSec: 1,
    timeoutSec: 1,
});
const _default = new gcp.compute.BackendService("default", {
    name: "backend-service",
    healthChecks: defaultHttpHealthCheck.id,
    enableCdn: true,
    cdnPolicy: {
        cacheMode: "CACHE_ALL_STATIC",
        defaultTtl: 3600,
        clientTtl: 7200,
        maxTtl: 10800,
        negativeCaching: true,
        signedUrlCacheMaxAgeSec: 7200,
    },
});
Copy
import pulumi
import pulumi_gcp as gcp

default_http_health_check = gcp.compute.HttpHealthCheck("default",
    name="health-check",
    request_path="/",
    check_interval_sec=1,
    timeout_sec=1)
default = gcp.compute.BackendService("default",
    name="backend-service",
    health_checks=default_http_health_check.id,
    enable_cdn=True,
    cdn_policy={
        "cache_mode": "CACHE_ALL_STATIC",
        "default_ttl": 3600,
        "client_ttl": 7200,
        "max_ttl": 10800,
        "negative_caching": True,
        "signed_url_cache_max_age_sec": 7200,
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		defaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, "default", &compute.HttpHealthCheckArgs{
			Name:             pulumi.String("health-check"),
			RequestPath:      pulumi.String("/"),
			CheckIntervalSec: pulumi.Int(1),
			TimeoutSec:       pulumi.Int(1),
		})
		if err != nil {
			return err
		}
		_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:         pulumi.String("backend-service"),
			HealthChecks: defaultHttpHealthCheck.ID(),
			EnableCdn:    pulumi.Bool(true),
			CdnPolicy: &compute.BackendServiceCdnPolicyArgs{
				CacheMode:               pulumi.String("CACHE_ALL_STATIC"),
				DefaultTtl:              pulumi.Int(3600),
				ClientTtl:               pulumi.Int(7200),
				MaxTtl:                  pulumi.Int(10800),
				NegativeCaching:         pulumi.Bool(true),
				SignedUrlCacheMaxAgeSec: pulumi.Int(7200),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("default", new()
    {
        Name = "health-check",
        RequestPath = "/",
        CheckIntervalSec = 1,
        TimeoutSec = 1,
    });

    var @default = new Gcp.Compute.BackendService("default", new()
    {
        Name = "backend-service",
        HealthChecks = defaultHttpHealthCheck.Id,
        EnableCdn = true,
        CdnPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyArgs
        {
            CacheMode = "CACHE_ALL_STATIC",
            DefaultTtl = 3600,
            ClientTtl = 7200,
            MaxTtl = 10800,
            NegativeCaching = true,
            SignedUrlCacheMaxAgeSec = 7200,
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HttpHealthCheck;
import com.pulumi.gcp.compute.HttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCdnPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var defaultHttpHealthCheck = new HttpHealthCheck("defaultHttpHealthCheck", HttpHealthCheckArgs.builder()
            .name("health-check")
            .requestPath("/")
            .checkIntervalSec(1)
            .timeoutSec(1)
            .build());

        var default_ = new BackendService("default", BackendServiceArgs.builder()
            .name("backend-service")
            .healthChecks(defaultHttpHealthCheck.id())
            .enableCdn(true)
            .cdnPolicy(BackendServiceCdnPolicyArgs.builder()
                .cacheMode("CACHE_ALL_STATIC")
                .defaultTtl(3600)
                .clientTtl(7200)
                .maxTtl(10800)
                .negativeCaching(true)
                .signedUrlCacheMaxAgeSec(7200)
                .build())
            .build());

    }
}
Copy
resources:
  default:
    type: gcp:compute:BackendService
    properties:
      name: backend-service
      healthChecks: ${defaultHttpHealthCheck.id}
      enableCdn: true
      cdnPolicy:
        cacheMode: CACHE_ALL_STATIC
        defaultTtl: 3600
        clientTtl: 7200
        maxTtl: 10800
        negativeCaching: true
        signedUrlCacheMaxAgeSec: 7200
  defaultHttpHealthCheck:
    type: gcp:compute:HttpHealthCheck
    name: default
    properties:
      name: health-check
      requestPath: /
      checkIntervalSec: 1
      timeoutSec: 1
Copy

Backend Service Cache Bypass Cache On Request Headers

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const defaultHttpHealthCheck = new gcp.compute.HttpHealthCheck("default", {
    name: "health-check",
    requestPath: "/",
    checkIntervalSec: 1,
    timeoutSec: 1,
});
const _default = new gcp.compute.BackendService("default", {
    name: "backend-service",
    healthChecks: defaultHttpHealthCheck.id,
    enableCdn: true,
    cdnPolicy: {
        cacheMode: "CACHE_ALL_STATIC",
        defaultTtl: 3600,
        clientTtl: 7200,
        maxTtl: 10800,
        negativeCaching: true,
        signedUrlCacheMaxAgeSec: 7200,
        bypassCacheOnRequestHeaders: [
            {
                headerName: "Authorization",
            },
            {
                headerName: "Proxy-Authorization",
            },
        ],
    },
});
Copy
import pulumi
import pulumi_gcp as gcp

default_http_health_check = gcp.compute.HttpHealthCheck("default",
    name="health-check",
    request_path="/",
    check_interval_sec=1,
    timeout_sec=1)
default = gcp.compute.BackendService("default",
    name="backend-service",
    health_checks=default_http_health_check.id,
    enable_cdn=True,
    cdn_policy={
        "cache_mode": "CACHE_ALL_STATIC",
        "default_ttl": 3600,
        "client_ttl": 7200,
        "max_ttl": 10800,
        "negative_caching": True,
        "signed_url_cache_max_age_sec": 7200,
        "bypass_cache_on_request_headers": [
            {
                "header_name": "Authorization",
            },
            {
                "header_name": "Proxy-Authorization",
            },
        ],
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		defaultHttpHealthCheck, err := compute.NewHttpHealthCheck(ctx, "default", &compute.HttpHealthCheckArgs{
			Name:             pulumi.String("health-check"),
			RequestPath:      pulumi.String("/"),
			CheckIntervalSec: pulumi.Int(1),
			TimeoutSec:       pulumi.Int(1),
		})
		if err != nil {
			return err
		}
		_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:         pulumi.String("backend-service"),
			HealthChecks: defaultHttpHealthCheck.ID(),
			EnableCdn:    pulumi.Bool(true),
			CdnPolicy: &compute.BackendServiceCdnPolicyArgs{
				CacheMode:               pulumi.String("CACHE_ALL_STATIC"),
				DefaultTtl:              pulumi.Int(3600),
				ClientTtl:               pulumi.Int(7200),
				MaxTtl:                  pulumi.Int(10800),
				NegativeCaching:         pulumi.Bool(true),
				SignedUrlCacheMaxAgeSec: pulumi.Int(7200),
				BypassCacheOnRequestHeaders: compute.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArray{
					&compute.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs{
						HeaderName: pulumi.String("Authorization"),
					},
					&compute.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs{
						HeaderName: pulumi.String("Proxy-Authorization"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var defaultHttpHealthCheck = new Gcp.Compute.HttpHealthCheck("default", new()
    {
        Name = "health-check",
        RequestPath = "/",
        CheckIntervalSec = 1,
        TimeoutSec = 1,
    });

    var @default = new Gcp.Compute.BackendService("default", new()
    {
        Name = "backend-service",
        HealthChecks = defaultHttpHealthCheck.Id,
        EnableCdn = true,
        CdnPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyArgs
        {
            CacheMode = "CACHE_ALL_STATIC",
            DefaultTtl = 3600,
            ClientTtl = 7200,
            MaxTtl = 10800,
            NegativeCaching = true,
            SignedUrlCacheMaxAgeSec = 7200,
            BypassCacheOnRequestHeaders = new[]
            {
                new Gcp.Compute.Inputs.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs
                {
                    HeaderName = "Authorization",
                },
                new Gcp.Compute.Inputs.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs
                {
                    HeaderName = "Proxy-Authorization",
                },
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HttpHealthCheck;
import com.pulumi.gcp.compute.HttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCdnPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var defaultHttpHealthCheck = new HttpHealthCheck("defaultHttpHealthCheck", HttpHealthCheckArgs.builder()
            .name("health-check")
            .requestPath("/")
            .checkIntervalSec(1)
            .timeoutSec(1)
            .build());

        var default_ = new BackendService("default", BackendServiceArgs.builder()
            .name("backend-service")
            .healthChecks(defaultHttpHealthCheck.id())
            .enableCdn(true)
            .cdnPolicy(BackendServiceCdnPolicyArgs.builder()
                .cacheMode("CACHE_ALL_STATIC")
                .defaultTtl(3600)
                .clientTtl(7200)
                .maxTtl(10800)
                .negativeCaching(true)
                .signedUrlCacheMaxAgeSec(7200)
                .bypassCacheOnRequestHeaders(                
                    BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs.builder()
                        .headerName("Authorization")
                        .build(),
                    BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs.builder()
                        .headerName("Proxy-Authorization")
                        .build())
                .build())
            .build());

    }
}
Copy
resources:
  default:
    type: gcp:compute:BackendService
    properties:
      name: backend-service
      healthChecks: ${defaultHttpHealthCheck.id}
      enableCdn: true
      cdnPolicy:
        cacheMode: CACHE_ALL_STATIC
        defaultTtl: 3600
        clientTtl: 7200
        maxTtl: 10800
        negativeCaching: true
        signedUrlCacheMaxAgeSec: 7200
        bypassCacheOnRequestHeaders:
          - headerName: Authorization
          - headerName: Proxy-Authorization
  defaultHttpHealthCheck:
    type: gcp:compute:HttpHealthCheck
    name: default
    properties:
      name: health-check
      requestPath: /
      checkIntervalSec: 1
      timeoutSec: 1
Copy

Backend Service Traffic Director Round Robin

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const healthCheck = new gcp.compute.HealthCheck("health_check", {
    name: "health-check",
    httpHealthCheck: {
        port: 80,
    },
});
const _default = new gcp.compute.BackendService("default", {
    name: "backend-service",
    healthChecks: healthCheck.id,
    loadBalancingScheme: "INTERNAL_SELF_MANAGED",
    localityLbPolicy: "ROUND_ROBIN",
});
Copy
import pulumi
import pulumi_gcp as gcp

health_check = gcp.compute.HealthCheck("health_check",
    name="health-check",
    http_health_check={
        "port": 80,
    })
default = gcp.compute.BackendService("default",
    name="backend-service",
    health_checks=health_check.id,
    load_balancing_scheme="INTERNAL_SELF_MANAGED",
    locality_lb_policy="ROUND_ROBIN")
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		healthCheck, err := compute.NewHealthCheck(ctx, "health_check", &compute.HealthCheckArgs{
			Name: pulumi.String("health-check"),
			HttpHealthCheck: &compute.HealthCheckHttpHealthCheckArgs{
				Port: pulumi.Int(80),
			},
		})
		if err != nil {
			return err
		}
		_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:                pulumi.String("backend-service"),
			HealthChecks:        healthCheck.ID(),
			LoadBalancingScheme: pulumi.String("INTERNAL_SELF_MANAGED"),
			LocalityLbPolicy:    pulumi.String("ROUND_ROBIN"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var healthCheck = new Gcp.Compute.HealthCheck("health_check", new()
    {
        Name = "health-check",
        HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs
        {
            Port = 80,
        },
    });

    var @default = new Gcp.Compute.BackendService("default", new()
    {
        Name = "backend-service",
        HealthChecks = healthCheck.Id,
        LoadBalancingScheme = "INTERNAL_SELF_MANAGED",
        LocalityLbPolicy = "ROUND_ROBIN",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var healthCheck = new HealthCheck("healthCheck", HealthCheckArgs.builder()
            .name("health-check")
            .httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()
                .port(80)
                .build())
            .build());

        var default_ = new BackendService("default", BackendServiceArgs.builder()
            .name("backend-service")
            .healthChecks(healthCheck.id())
            .loadBalancingScheme("INTERNAL_SELF_MANAGED")
            .localityLbPolicy("ROUND_ROBIN")
            .build());

    }
}
Copy
resources:
  default:
    type: gcp:compute:BackendService
    properties:
      name: backend-service
      healthChecks: ${healthCheck.id}
      loadBalancingScheme: INTERNAL_SELF_MANAGED
      localityLbPolicy: ROUND_ROBIN
  healthCheck:
    type: gcp:compute:HealthCheck
    name: health_check
    properties:
      name: health-check
      httpHealthCheck:
        port: 80
Copy

Backend Service Traffic Director Ring Hash

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const healthCheck = new gcp.compute.HealthCheck("health_check", {
    name: "health-check",
    httpHealthCheck: {
        port: 80,
    },
});
const _default = new gcp.compute.BackendService("default", {
    name: "backend-service",
    healthChecks: healthCheck.id,
    loadBalancingScheme: "INTERNAL_SELF_MANAGED",
    localityLbPolicy: "RING_HASH",
    sessionAffinity: "HTTP_COOKIE",
    circuitBreakers: {
        maxConnections: 10,
    },
    consistentHash: {
        httpCookie: {
            ttl: {
                seconds: 11,
                nanos: 1111,
            },
            name: "mycookie",
        },
    },
    outlierDetection: {
        consecutiveErrors: 2,
        consecutiveGatewayFailure: 5,
        enforcingConsecutiveErrors: 100,
        enforcingConsecutiveGatewayFailure: 0,
        enforcingSuccessRate: 100,
        maxEjectionPercent: 10,
        successRateMinimumHosts: 5,
        successRateRequestVolume: 100,
        successRateStdevFactor: 1900,
    },
});
Copy
import pulumi
import pulumi_gcp as gcp

health_check = gcp.compute.HealthCheck("health_check",
    name="health-check",
    http_health_check={
        "port": 80,
    })
default = gcp.compute.BackendService("default",
    name="backend-service",
    health_checks=health_check.id,
    load_balancing_scheme="INTERNAL_SELF_MANAGED",
    locality_lb_policy="RING_HASH",
    session_affinity="HTTP_COOKIE",
    circuit_breakers={
        "max_connections": 10,
    },
    consistent_hash={
        "http_cookie": {
            "ttl": {
                "seconds": 11,
                "nanos": 1111,
            },
            "name": "mycookie",
        },
    },
    outlier_detection={
        "consecutive_errors": 2,
        "consecutive_gateway_failure": 5,
        "enforcing_consecutive_errors": 100,
        "enforcing_consecutive_gateway_failure": 0,
        "enforcing_success_rate": 100,
        "max_ejection_percent": 10,
        "success_rate_minimum_hosts": 5,
        "success_rate_request_volume": 100,
        "success_rate_stdev_factor": 1900,
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		healthCheck, err := compute.NewHealthCheck(ctx, "health_check", &compute.HealthCheckArgs{
			Name: pulumi.String("health-check"),
			HttpHealthCheck: &compute.HealthCheckHttpHealthCheckArgs{
				Port: pulumi.Int(80),
			},
		})
		if err != nil {
			return err
		}
		_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:                pulumi.String("backend-service"),
			HealthChecks:        healthCheck.ID(),
			LoadBalancingScheme: pulumi.String("INTERNAL_SELF_MANAGED"),
			LocalityLbPolicy:    pulumi.String("RING_HASH"),
			SessionAffinity:     pulumi.String("HTTP_COOKIE"),
			CircuitBreakers: &compute.BackendServiceCircuitBreakersArgs{
				MaxConnections: pulumi.Int(10),
			},
			ConsistentHash: &compute.BackendServiceConsistentHashArgs{
				HttpCookie: &compute.BackendServiceConsistentHashHttpCookieArgs{
					Ttl: &compute.BackendServiceConsistentHashHttpCookieTtlArgs{
						Seconds: pulumi.Int(11),
						Nanos:   pulumi.Int(1111),
					},
					Name: pulumi.String("mycookie"),
				},
			},
			OutlierDetection: &compute.BackendServiceOutlierDetectionArgs{
				ConsecutiveErrors:                  pulumi.Int(2),
				ConsecutiveGatewayFailure:          pulumi.Int(5),
				EnforcingConsecutiveErrors:         pulumi.Int(100),
				EnforcingConsecutiveGatewayFailure: pulumi.Int(0),
				EnforcingSuccessRate:               pulumi.Int(100),
				MaxEjectionPercent:                 pulumi.Int(10),
				SuccessRateMinimumHosts:            pulumi.Int(5),
				SuccessRateRequestVolume:           pulumi.Int(100),
				SuccessRateStdevFactor:             pulumi.Int(1900),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var healthCheck = new Gcp.Compute.HealthCheck("health_check", new()
    {
        Name = "health-check",
        HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs
        {
            Port = 80,
        },
    });

    var @default = new Gcp.Compute.BackendService("default", new()
    {
        Name = "backend-service",
        HealthChecks = healthCheck.Id,
        LoadBalancingScheme = "INTERNAL_SELF_MANAGED",
        LocalityLbPolicy = "RING_HASH",
        SessionAffinity = "HTTP_COOKIE",
        CircuitBreakers = new Gcp.Compute.Inputs.BackendServiceCircuitBreakersArgs
        {
            MaxConnections = 10,
        },
        ConsistentHash = new Gcp.Compute.Inputs.BackendServiceConsistentHashArgs
        {
            HttpCookie = new Gcp.Compute.Inputs.BackendServiceConsistentHashHttpCookieArgs
            {
                Ttl = new Gcp.Compute.Inputs.BackendServiceConsistentHashHttpCookieTtlArgs
                {
                    Seconds = 11,
                    Nanos = 1111,
                },
                Name = "mycookie",
            },
        },
        OutlierDetection = new Gcp.Compute.Inputs.BackendServiceOutlierDetectionArgs
        {
            ConsecutiveErrors = 2,
            ConsecutiveGatewayFailure = 5,
            EnforcingConsecutiveErrors = 100,
            EnforcingConsecutiveGatewayFailure = 0,
            EnforcingSuccessRate = 100,
            MaxEjectionPercent = 10,
            SuccessRateMinimumHosts = 5,
            SuccessRateRequestVolume = 100,
            SuccessRateStdevFactor = 1900,
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCircuitBreakersArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceConsistentHashArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceConsistentHashHttpCookieArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceConsistentHashHttpCookieTtlArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceOutlierDetectionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var healthCheck = new HealthCheck("healthCheck", HealthCheckArgs.builder()
            .name("health-check")
            .httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()
                .port(80)
                .build())
            .build());

        var default_ = new BackendService("default", BackendServiceArgs.builder()
            .name("backend-service")
            .healthChecks(healthCheck.id())
            .loadBalancingScheme("INTERNAL_SELF_MANAGED")
            .localityLbPolicy("RING_HASH")
            .sessionAffinity("HTTP_COOKIE")
            .circuitBreakers(BackendServiceCircuitBreakersArgs.builder()
                .maxConnections(10)
                .build())
            .consistentHash(BackendServiceConsistentHashArgs.builder()
                .httpCookie(BackendServiceConsistentHashHttpCookieArgs.builder()
                    .ttl(BackendServiceConsistentHashHttpCookieTtlArgs.builder()
                        .seconds(11)
                        .nanos(1111)
                        .build())
                    .name("mycookie")
                    .build())
                .build())
            .outlierDetection(BackendServiceOutlierDetectionArgs.builder()
                .consecutiveErrors(2)
                .consecutiveGatewayFailure(5)
                .enforcingConsecutiveErrors(100)
                .enforcingConsecutiveGatewayFailure(0)
                .enforcingSuccessRate(100)
                .maxEjectionPercent(10)
                .successRateMinimumHosts(5)
                .successRateRequestVolume(100)
                .successRateStdevFactor(1900)
                .build())
            .build());

    }
}
Copy
resources:
  default:
    type: gcp:compute:BackendService
    properties:
      name: backend-service
      healthChecks: ${healthCheck.id}
      loadBalancingScheme: INTERNAL_SELF_MANAGED
      localityLbPolicy: RING_HASH
      sessionAffinity: HTTP_COOKIE
      circuitBreakers:
        maxConnections: 10
      consistentHash:
        httpCookie:
          ttl:
            seconds: 11
            nanos: 1111
          name: mycookie
      outlierDetection:
        consecutiveErrors: 2
        consecutiveGatewayFailure: 5
        enforcingConsecutiveErrors: 100
        enforcingConsecutiveGatewayFailure: 0
        enforcingSuccessRate: 100
        maxEjectionPercent: 10
        successRateMinimumHosts: 5
        successRateRequestVolume: 100
        successRateStdevFactor: 1900
  healthCheck:
    type: gcp:compute:HealthCheck
    name: health_check
    properties:
      name: health-check
      httpHealthCheck:
        port: 80
Copy

Backend Service Stateful Session Affinity

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const healthCheck = new gcp.compute.HealthCheck("health_check", {
    name: "health-check",
    httpHealthCheck: {
        port: 80,
    },
});
const _default = new gcp.compute.BackendService("default", {
    name: "backend-service",
    healthChecks: healthCheck.id,
    loadBalancingScheme: "EXTERNAL_MANAGED",
    localityLbPolicy: "RING_HASH",
    sessionAffinity: "STRONG_COOKIE_AFFINITY",
    strongSessionAffinityCookie: {
        ttl: {
            seconds: 11,
            nanos: 1111,
        },
        name: "mycookie",
    },
});
Copy
import pulumi
import pulumi_gcp as gcp

health_check = gcp.compute.HealthCheck("health_check",
    name="health-check",
    http_health_check={
        "port": 80,
    })
default = gcp.compute.BackendService("default",
    name="backend-service",
    health_checks=health_check.id,
    load_balancing_scheme="EXTERNAL_MANAGED",
    locality_lb_policy="RING_HASH",
    session_affinity="STRONG_COOKIE_AFFINITY",
    strong_session_affinity_cookie={
        "ttl": {
            "seconds": 11,
            "nanos": 1111,
        },
        "name": "mycookie",
    })
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		healthCheck, err := compute.NewHealthCheck(ctx, "health_check", &compute.HealthCheckArgs{
			Name: pulumi.String("health-check"),
			HttpHealthCheck: &compute.HealthCheckHttpHealthCheckArgs{
				Port: pulumi.Int(80),
			},
		})
		if err != nil {
			return err
		}
		_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:                pulumi.String("backend-service"),
			HealthChecks:        healthCheck.ID(),
			LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
			LocalityLbPolicy:    pulumi.String("RING_HASH"),
			SessionAffinity:     pulumi.String("STRONG_COOKIE_AFFINITY"),
			StrongSessionAffinityCookie: &compute.BackendServiceStrongSessionAffinityCookieArgs{
				Ttl: &compute.BackendServiceStrongSessionAffinityCookieTtlArgs{
					Seconds: pulumi.Int(11),
					Nanos:   pulumi.Int(1111),
				},
				Name: pulumi.String("mycookie"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var healthCheck = new Gcp.Compute.HealthCheck("health_check", new()
    {
        Name = "health-check",
        HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs
        {
            Port = 80,
        },
    });

    var @default = new Gcp.Compute.BackendService("default", new()
    {
        Name = "backend-service",
        HealthChecks = healthCheck.Id,
        LoadBalancingScheme = "EXTERNAL_MANAGED",
        LocalityLbPolicy = "RING_HASH",
        SessionAffinity = "STRONG_COOKIE_AFFINITY",
        StrongSessionAffinityCookie = new Gcp.Compute.Inputs.BackendServiceStrongSessionAffinityCookieArgs
        {
            Ttl = new Gcp.Compute.Inputs.BackendServiceStrongSessionAffinityCookieTtlArgs
            {
                Seconds = 11,
                Nanos = 1111,
            },
            Name = "mycookie",
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceStrongSessionAffinityCookieArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceStrongSessionAffinityCookieTtlArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var healthCheck = new HealthCheck("healthCheck", HealthCheckArgs.builder()
            .name("health-check")
            .httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()
                .port(80)
                .build())
            .build());

        var default_ = new BackendService("default", BackendServiceArgs.builder()
            .name("backend-service")
            .healthChecks(healthCheck.id())
            .loadBalancingScheme("EXTERNAL_MANAGED")
            .localityLbPolicy("RING_HASH")
            .sessionAffinity("STRONG_COOKIE_AFFINITY")
            .strongSessionAffinityCookie(BackendServiceStrongSessionAffinityCookieArgs.builder()
                .ttl(BackendServiceStrongSessionAffinityCookieTtlArgs.builder()
                    .seconds(11)
                    .nanos(1111)
                    .build())
                .name("mycookie")
                .build())
            .build());

    }
}
Copy
resources:
  default:
    type: gcp:compute:BackendService
    properties:
      name: backend-service
      healthChecks: ${healthCheck.id}
      loadBalancingScheme: EXTERNAL_MANAGED
      localityLbPolicy: RING_HASH
      sessionAffinity: STRONG_COOKIE_AFFINITY
      strongSessionAffinityCookie:
        ttl:
          seconds: 11
          nanos: 1111
        name: mycookie
  healthCheck:
    type: gcp:compute:HealthCheck
    name: health_check
    properties:
      name: health-check
      httpHealthCheck:
        port: 80
Copy

Backend Service Network Endpoint

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const externalProxy = new gcp.compute.GlobalNetworkEndpointGroup("external_proxy", {
    name: "network-endpoint",
    networkEndpointType: "INTERNET_FQDN_PORT",
    defaultPort: 443,
});
const proxy = new gcp.compute.GlobalNetworkEndpoint("proxy", {
    globalNetworkEndpointGroup: externalProxy.id,
    fqdn: "test.example.com",
    port: externalProxy.defaultPort,
});
const _default = new gcp.compute.BackendService("default", {
    name: "backend-service",
    enableCdn: true,
    timeoutSec: 10,
    connectionDrainingTimeoutSec: 10,
    customRequestHeaders: [proxy.fqdn.apply(fqdn => `host: ${fqdn}`)],
    customResponseHeaders: ["X-Cache-Hit: {cdn_cache_status}"],
    backends: [{
        group: externalProxy.id,
    }],
});
Copy
import pulumi
import pulumi_gcp as gcp

external_proxy = gcp.compute.GlobalNetworkEndpointGroup("external_proxy",
    name="network-endpoint",
    network_endpoint_type="INTERNET_FQDN_PORT",
    default_port=443)
proxy = gcp.compute.GlobalNetworkEndpoint("proxy",
    global_network_endpoint_group=external_proxy.id,
    fqdn="test.example.com",
    port=external_proxy.default_port)
default = gcp.compute.BackendService("default",
    name="backend-service",
    enable_cdn=True,
    timeout_sec=10,
    connection_draining_timeout_sec=10,
    custom_request_headers=[proxy.fqdn.apply(lambda fqdn: f"host: {fqdn}")],
    custom_response_headers=["X-Cache-Hit: {cdn_cache_status}"],
    backends=[{
        "group": external_proxy.id,
    }])
Copy
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		externalProxy, err := compute.NewGlobalNetworkEndpointGroup(ctx, "external_proxy", &compute.GlobalNetworkEndpointGroupArgs{
			Name:                pulumi.String("network-endpoint"),
			NetworkEndpointType: pulumi.String("INTERNET_FQDN_PORT"),
			DefaultPort:         pulumi.Int(443),
		})
		if err != nil {
			return err
		}
		proxy, err := compute.NewGlobalNetworkEndpoint(ctx, "proxy", &compute.GlobalNetworkEndpointArgs{
			GlobalNetworkEndpointGroup: externalProxy.ID(),
			Fqdn:                       pulumi.String("test.example.com"),
			Port:                       externalProxy.DefaultPort,
		})
		if err != nil {
			return err
		}
		_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:                         pulumi.String("backend-service"),
			EnableCdn:                    pulumi.Bool(true),
			TimeoutSec:                   pulumi.Int(10),
			ConnectionDrainingTimeoutSec: pulumi.Int(10),
			CustomRequestHeaders: pulumi.StringArray{
				proxy.Fqdn.ApplyT(func(fqdn *string) (string, error) {
					return fmt.Sprintf("host: %v", fqdn), nil
				}).(pulumi.StringOutput),
			},
			CustomResponseHeaders: pulumi.StringArray{
				pulumi.String("X-Cache-Hit: {cdn_cache_status}"),
			},
			Backends: compute.BackendServiceBackendArray{
				&compute.BackendServiceBackendArgs{
					Group: externalProxy.ID(),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var externalProxy = new Gcp.Compute.GlobalNetworkEndpointGroup("external_proxy", new()
    {
        Name = "network-endpoint",
        NetworkEndpointType = "INTERNET_FQDN_PORT",
        DefaultPort = 443,
    });

    var proxy = new Gcp.Compute.GlobalNetworkEndpoint("proxy", new()
    {
        GlobalNetworkEndpointGroup = externalProxy.Id,
        Fqdn = "test.example.com",
        Port = externalProxy.DefaultPort,
    });

    var @default = new Gcp.Compute.BackendService("default", new()
    {
        Name = "backend-service",
        EnableCdn = true,
        TimeoutSec = 10,
        ConnectionDrainingTimeoutSec = 10,
        CustomRequestHeaders = new[]
        {
            proxy.Fqdn.Apply(fqdn => $"host: {fqdn}"),
        },
        CustomResponseHeaders = new[]
        {
            "X-Cache-Hit: {cdn_cache_status}",
        },
        Backends = new[]
        {
            new Gcp.Compute.Inputs.BackendServiceBackendArgs
            {
                Group = externalProxy.Id,
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.GlobalNetworkEndpointGroup;
import com.pulumi.gcp.compute.GlobalNetworkEndpointGroupArgs;
import com.pulumi.gcp.compute.GlobalNetworkEndpoint;
import com.pulumi.gcp.compute.GlobalNetworkEndpointArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var externalProxy = new GlobalNetworkEndpointGroup("externalProxy", GlobalNetworkEndpointGroupArgs.builder()
            .name("network-endpoint")
            .networkEndpointType("INTERNET_FQDN_PORT")
            .defaultPort(443)
            .build());

        var proxy = new GlobalNetworkEndpoint("proxy", GlobalNetworkEndpointArgs.builder()
            .globalNetworkEndpointGroup(externalProxy.id())
            .fqdn("test.example.com")
            .port(externalProxy.defaultPort())
            .build());

        var default_ = new BackendService("default", BackendServiceArgs.builder()
            .name("backend-service")
            .enableCdn(true)
            .timeoutSec(10)
            .connectionDrainingTimeoutSec(10)
            .customRequestHeaders(proxy.fqdn().applyValue(_fqdn -> String.format("host: %s", _fqdn)))
            .customResponseHeaders("X-Cache-Hit: {cdn_cache_status}")
            .backends(BackendServiceBackendArgs.builder()
                .group(externalProxy.id())
                .build())
            .build());

    }
}
Copy
resources:
  externalProxy:
    type: gcp:compute:GlobalNetworkEndpointGroup
    name: external_proxy
    properties:
      name: network-endpoint
      networkEndpointType: INTERNET_FQDN_PORT
      defaultPort: '443'
  proxy:
    type: gcp:compute:GlobalNetworkEndpoint
    properties:
      globalNetworkEndpointGroup: ${externalProxy.id}
      fqdn: test.example.com
      port: ${externalProxy.defaultPort}
  default:
    type: gcp:compute:BackendService
    properties:
      name: backend-service
      enableCdn: true
      timeoutSec: 10
      connectionDrainingTimeoutSec: 10
      customRequestHeaders:
        - 'host: ${proxy.fqdn}'
      customResponseHeaders:
        - 'X-Cache-Hit: {cdn_cache_status}'
      backends:
        - group: ${externalProxy.id}
Copy

Backend Service External Managed

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
    name: "health-check",
    httpHealthCheck: {
        port: 80,
    },
});
const _default = new gcp.compute.BackendService("default", {
    name: "backend-service",
    healthChecks: defaultHealthCheck.id,
    loadBalancingScheme: "EXTERNAL_MANAGED",
});
Copy
import pulumi
import pulumi_gcp as gcp

default_health_check = gcp.compute.HealthCheck("default",
    name="health-check",
    http_health_check={
        "port": 80,
    })
default = gcp.compute.BackendService("default",
    name="backend-service",
    health_checks=default_health_check.id,
    load_balancing_scheme="EXTERNAL_MANAGED")
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
			Name: pulumi.String("health-check"),
			HttpHealthCheck: &compute.HealthCheckHttpHealthCheckArgs{
				Port: pulumi.Int(80),
			},
		})
		if err != nil {
			return err
		}
		_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:                pulumi.String("backend-service"),
			HealthChecks:        defaultHealthCheck.ID(),
			LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
    {
        Name = "health-check",
        HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs
        {
            Port = 80,
        },
    });

    var @default = new Gcp.Compute.BackendService("default", new()
    {
        Name = "backend-service",
        HealthChecks = defaultHealthCheck.Id,
        LoadBalancingScheme = "EXTERNAL_MANAGED",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
            .name("health-check")
            .httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()
                .port(80)
                .build())
            .build());

        var default_ = new BackendService("default", BackendServiceArgs.builder()
            .name("backend-service")
            .healthChecks(defaultHealthCheck.id())
            .loadBalancingScheme("EXTERNAL_MANAGED")
            .build());

    }
}
Copy
resources:
  default:
    type: gcp:compute:BackendService
    properties:
      name: backend-service
      healthChecks: ${defaultHealthCheck.id}
      loadBalancingScheme: EXTERNAL_MANAGED
  defaultHealthCheck:
    type: gcp:compute:HealthCheck
    name: default
    properties:
      name: health-check
      httpHealthCheck:
        port: 80
Copy

Backend Service Ip Address Selection Policy

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const _default = new gcp.compute.BackendService("default", {
    name: "backend-service",
    loadBalancingScheme: "EXTERNAL_MANAGED",
    ipAddressSelectionPolicy: "IPV6_ONLY",
});
Copy
import pulumi
import pulumi_gcp as gcp

default = gcp.compute.BackendService("default",
    name="backend-service",
    load_balancing_scheme="EXTERNAL_MANAGED",
    ip_address_selection_policy="IPV6_ONLY")
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:                     pulumi.String("backend-service"),
			LoadBalancingScheme:      pulumi.String("EXTERNAL_MANAGED"),
			IpAddressSelectionPolicy: pulumi.String("IPV6_ONLY"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var @default = new Gcp.Compute.BackendService("default", new()
    {
        Name = "backend-service",
        LoadBalancingScheme = "EXTERNAL_MANAGED",
        IpAddressSelectionPolicy = "IPV6_ONLY",
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new BackendService("default", BackendServiceArgs.builder()
            .name("backend-service")
            .loadBalancingScheme("EXTERNAL_MANAGED")
            .ipAddressSelectionPolicy("IPV6_ONLY")
            .build());

    }
}
Copy
resources:
  default:
    type: gcp:compute:BackendService
    properties:
      name: backend-service
      loadBalancingScheme: EXTERNAL_MANAGED
      ipAddressSelectionPolicy: IPV6_ONLY
Copy

Backend Service Custom Metrics

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const _default = new gcp.compute.Network("default", {name: "network"});
// Zonal NEG with GCE_VM_IP_PORT
const defaultNetworkEndpointGroup = new gcp.compute.NetworkEndpointGroup("default", {
    name: "network-endpoint",
    network: _default.id,
    defaultPort: 90,
    zone: "us-central1-a",
    networkEndpointType: "GCE_VM_IP_PORT",
});
const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
    name: "health-check",
    timeoutSec: 1,
    checkIntervalSec: 1,
    tcpHealthCheck: {
        port: 80,
    },
});
const defaultBackendService = new gcp.compute.BackendService("default", {
    name: "backend-service",
    healthChecks: defaultHealthCheck.id,
    loadBalancingScheme: "EXTERNAL_MANAGED",
    localityLbPolicy: "WEIGHTED_ROUND_ROBIN",
    customMetrics: [{
        name: "orca.application_utilization",
        dryRun: false,
    }],
    backends: [{
        group: defaultNetworkEndpointGroup.id,
        balancingMode: "CUSTOM_METRICS",
        customMetrics: [
            {
                name: "orca.cpu_utilization",
                maxUtilization: 0.9,
                dryRun: true,
            },
            {
                name: "orca.named_metrics.foo",
                dryRun: false,
            },
        ],
    }],
});
Copy
import pulumi
import pulumi_gcp as gcp

default = gcp.compute.Network("default", name="network")
# Zonal NEG with GCE_VM_IP_PORT
default_network_endpoint_group = gcp.compute.NetworkEndpointGroup("default",
    name="network-endpoint",
    network=default.id,
    default_port=90,
    zone="us-central1-a",
    network_endpoint_type="GCE_VM_IP_PORT")
default_health_check = gcp.compute.HealthCheck("default",
    name="health-check",
    timeout_sec=1,
    check_interval_sec=1,
    tcp_health_check={
        "port": 80,
    })
default_backend_service = gcp.compute.BackendService("default",
    name="backend-service",
    health_checks=default_health_check.id,
    load_balancing_scheme="EXTERNAL_MANAGED",
    locality_lb_policy="WEIGHTED_ROUND_ROBIN",
    custom_metrics=[{
        "name": "orca.application_utilization",
        "dry_run": False,
    }],
    backends=[{
        "group": default_network_endpoint_group.id,
        "balancing_mode": "CUSTOM_METRICS",
        "custom_metrics": [
            {
                "name": "orca.cpu_utilization",
                "max_utilization": 0.9,
                "dry_run": True,
            },
            {
                "name": "orca.named_metrics.foo",
                "dry_run": False,
            },
        ],
    }])
Copy
package main

import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_default, err := compute.NewNetwork(ctx, "default", &compute.NetworkArgs{
			Name: pulumi.String("network"),
		})
		if err != nil {
			return err
		}
		// Zonal NEG with GCE_VM_IP_PORT
		defaultNetworkEndpointGroup, err := compute.NewNetworkEndpointGroup(ctx, "default", &compute.NetworkEndpointGroupArgs{
			Name:                pulumi.String("network-endpoint"),
			Network:             _default.ID(),
			DefaultPort:         pulumi.Int(90),
			Zone:                pulumi.String("us-central1-a"),
			NetworkEndpointType: pulumi.String("GCE_VM_IP_PORT"),
		})
		if err != nil {
			return err
		}
		defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
			Name:             pulumi.String("health-check"),
			TimeoutSec:       pulumi.Int(1),
			CheckIntervalSec: pulumi.Int(1),
			TcpHealthCheck: &compute.HealthCheckTcpHealthCheckArgs{
				Port: pulumi.Int(80),
			},
		})
		if err != nil {
			return err
		}
		_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:                pulumi.String("backend-service"),
			HealthChecks:        defaultHealthCheck.ID(),
			LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
			LocalityLbPolicy:    pulumi.String("WEIGHTED_ROUND_ROBIN"),
			CustomMetrics: compute.BackendServiceCustomMetricArray{
				&compute.BackendServiceCustomMetricArgs{
					Name:   pulumi.String("orca.application_utilization"),
					DryRun: pulumi.Bool(false),
				},
			},
			Backends: compute.BackendServiceBackendArray{
				&compute.BackendServiceBackendArgs{
					Group:         defaultNetworkEndpointGroup.ID(),
					BalancingMode: pulumi.String("CUSTOM_METRICS"),
					CustomMetrics: compute.BackendServiceBackendCustomMetricArray{
						&compute.BackendServiceBackendCustomMetricArgs{
							Name:           pulumi.String("orca.cpu_utilization"),
							MaxUtilization: pulumi.Float64(0.9),
							DryRun:         pulumi.Bool(true),
						},
						&compute.BackendServiceBackendCustomMetricArgs{
							Name:   pulumi.String("orca.named_metrics.foo"),
							DryRun: pulumi.Bool(false),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var @default = new Gcp.Compute.Network("default", new()
    {
        Name = "network",
    });

    // Zonal NEG with GCE_VM_IP_PORT
    var defaultNetworkEndpointGroup = new Gcp.Compute.NetworkEndpointGroup("default", new()
    {
        Name = "network-endpoint",
        Network = @default.Id,
        DefaultPort = 90,
        Zone = "us-central1-a",
        NetworkEndpointType = "GCE_VM_IP_PORT",
    });

    var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
    {
        Name = "health-check",
        TimeoutSec = 1,
        CheckIntervalSec = 1,
        TcpHealthCheck = new Gcp.Compute.Inputs.HealthCheckTcpHealthCheckArgs
        {
            Port = 80,
        },
    });

    var defaultBackendService = new Gcp.Compute.BackendService("default", new()
    {
        Name = "backend-service",
        HealthChecks = defaultHealthCheck.Id,
        LoadBalancingScheme = "EXTERNAL_MANAGED",
        LocalityLbPolicy = "WEIGHTED_ROUND_ROBIN",
        CustomMetrics = new[]
        {
            new Gcp.Compute.Inputs.BackendServiceCustomMetricArgs
            {
                Name = "orca.application_utilization",
                DryRun = false,
            },
        },
        Backends = new[]
        {
            new Gcp.Compute.Inputs.BackendServiceBackendArgs
            {
                Group = defaultNetworkEndpointGroup.Id,
                BalancingMode = "CUSTOM_METRICS",
                CustomMetrics = new[]
                {
                    new Gcp.Compute.Inputs.BackendServiceBackendCustomMetricArgs
                    {
                        Name = "orca.cpu_utilization",
                        MaxUtilization = 0.9,
                        DryRun = true,
                    },
                    new Gcp.Compute.Inputs.BackendServiceBackendCustomMetricArgs
                    {
                        Name = "orca.named_metrics.foo",
                        DryRun = false,
                    },
                },
            },
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.Network;
import com.pulumi.gcp.compute.NetworkArgs;
import com.pulumi.gcp.compute.NetworkEndpointGroup;
import com.pulumi.gcp.compute.NetworkEndpointGroupArgs;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckTcpHealthCheckArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceCustomMetricArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceBackendArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new Network("default", NetworkArgs.builder()
            .name("network")
            .build());

        // Zonal NEG with GCE_VM_IP_PORT
        var defaultNetworkEndpointGroup = new NetworkEndpointGroup("defaultNetworkEndpointGroup", NetworkEndpointGroupArgs.builder()
            .name("network-endpoint")
            .network(default_.id())
            .defaultPort(90)
            .zone("us-central1-a")
            .networkEndpointType("GCE_VM_IP_PORT")
            .build());

        var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
            .name("health-check")
            .timeoutSec(1)
            .checkIntervalSec(1)
            .tcpHealthCheck(HealthCheckTcpHealthCheckArgs.builder()
                .port(80)
                .build())
            .build());

        var defaultBackendService = new BackendService("defaultBackendService", BackendServiceArgs.builder()
            .name("backend-service")
            .healthChecks(defaultHealthCheck.id())
            .loadBalancingScheme("EXTERNAL_MANAGED")
            .localityLbPolicy("WEIGHTED_ROUND_ROBIN")
            .customMetrics(BackendServiceCustomMetricArgs.builder()
                .name("orca.application_utilization")
                .dryRun(false)
                .build())
            .backends(BackendServiceBackendArgs.builder()
                .group(defaultNetworkEndpointGroup.id())
                .balancingMode("CUSTOM_METRICS")
                .customMetrics(                
                    BackendServiceBackendCustomMetricArgs.builder()
                        .name("orca.cpu_utilization")
                        .maxUtilization(0.9)
                        .dryRun(true)
                        .build(),
                    BackendServiceBackendCustomMetricArgs.builder()
                        .name("orca.named_metrics.foo")
                        .dryRun(false)
                        .build())
                .build())
            .build());

    }
}
Copy
resources:
  default:
    type: gcp:compute:Network
    properties:
      name: network
  # Zonal NEG with GCE_VM_IP_PORT
  defaultNetworkEndpointGroup:
    type: gcp:compute:NetworkEndpointGroup
    name: default
    properties:
      name: network-endpoint
      network: ${default.id}
      defaultPort: '90'
      zone: us-central1-a
      networkEndpointType: GCE_VM_IP_PORT
  defaultBackendService:
    type: gcp:compute:BackendService
    name: default
    properties:
      name: backend-service
      healthChecks: ${defaultHealthCheck.id}
      loadBalancingScheme: EXTERNAL_MANAGED
      localityLbPolicy: WEIGHTED_ROUND_ROBIN
      customMetrics:
        - name: orca.application_utilization
          dryRun: false
      backends:
        - group: ${defaultNetworkEndpointGroup.id}
          balancingMode: CUSTOM_METRICS
          customMetrics:
            - name: orca.cpu_utilization
              maxUtilization: 0.9
              dryRun: true
            - name: orca.named_metrics.foo
              dryRun: false
  defaultHealthCheck:
    type: gcp:compute:HealthCheck
    name: default
    properties:
      name: health-check
      timeoutSec: 1
      checkIntervalSec: 1
      tcpHealthCheck:
        port: '80'
Copy

Backend Service Tls Settings

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";

const defaultHealthCheck = new gcp.compute.HealthCheck("default", {
    name: "health-check",
    httpHealthCheck: {
        port: 80,
    },
});
const defaultBackendAuthenticationConfig = new gcp.networksecurity.BackendAuthenticationConfig("default", {
    name: "authentication",
    wellKnownRoots: "PUBLIC_ROOTS",
});
const _default = new gcp.compute.BackendService("default", {
    name: "backend-service",
    healthChecks: defaultHealthCheck.id,
    loadBalancingScheme: "EXTERNAL_MANAGED",
    protocol: "HTTPS",
    tlsSettings: {
        sni: "example.com",
        subjectAltNames: [
            {
                dnsName: "example.com",
            },
            {
                uniformResourceIdentifier: "https://example.com",
            },
        ],
        authenticationConfig: pulumi.interpolate`//networksecurity.googleapis.com/${defaultBackendAuthenticationConfig.id}`,
    },
});
Copy
import pulumi
import pulumi_gcp as gcp

default_health_check = gcp.compute.HealthCheck("default",
    name="health-check",
    http_health_check={
        "port": 80,
    })
default_backend_authentication_config = gcp.networksecurity.BackendAuthenticationConfig("default",
    name="authentication",
    well_known_roots="PUBLIC_ROOTS")
default = gcp.compute.BackendService("default",
    name="backend-service",
    health_checks=default_health_check.id,
    load_balancing_scheme="EXTERNAL_MANAGED",
    protocol="HTTPS",
    tls_settings={
        "sni": "example.com",
        "subject_alt_names": [
            {
                "dns_name": "example.com",
            },
            {
                "uniform_resource_identifier": "https://example.com",
            },
        ],
        "authentication_config": default_backend_authentication_config.id.apply(lambda id: f"//networksecurity.googleapis.com/{id}"),
    })
Copy
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/networksecurity"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		defaultHealthCheck, err := compute.NewHealthCheck(ctx, "default", &compute.HealthCheckArgs{
			Name: pulumi.String("health-check"),
			HttpHealthCheck: &compute.HealthCheckHttpHealthCheckArgs{
				Port: pulumi.Int(80),
			},
		})
		if err != nil {
			return err
		}
		defaultBackendAuthenticationConfig, err := networksecurity.NewBackendAuthenticationConfig(ctx, "default", &networksecurity.BackendAuthenticationConfigArgs{
			Name:           pulumi.String("authentication"),
			WellKnownRoots: pulumi.String("PUBLIC_ROOTS"),
		})
		if err != nil {
			return err
		}
		_, err = compute.NewBackendService(ctx, "default", &compute.BackendServiceArgs{
			Name:                pulumi.String("backend-service"),
			HealthChecks:        defaultHealthCheck.ID(),
			LoadBalancingScheme: pulumi.String("EXTERNAL_MANAGED"),
			Protocol:            pulumi.String("HTTPS"),
			TlsSettings: &compute.BackendServiceTlsSettingsArgs{
				Sni: pulumi.String("example.com"),
				SubjectAltNames: compute.BackendServiceTlsSettingsSubjectAltNameArray{
					&compute.BackendServiceTlsSettingsSubjectAltNameArgs{
						DnsName: pulumi.String("example.com"),
					},
					&compute.BackendServiceTlsSettingsSubjectAltNameArgs{
						UniformResourceIdentifier: pulumi.String("https://example.com"),
					},
				},
				AuthenticationConfig: defaultBackendAuthenticationConfig.ID().ApplyT(func(id string) (string, error) {
					return fmt.Sprintf("//networksecurity.googleapis.com/%v", id), nil
				}).(pulumi.StringOutput),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;

return await Deployment.RunAsync(() => 
{
    var defaultHealthCheck = new Gcp.Compute.HealthCheck("default", new()
    {
        Name = "health-check",
        HttpHealthCheck = new Gcp.Compute.Inputs.HealthCheckHttpHealthCheckArgs
        {
            Port = 80,
        },
    });

    var defaultBackendAuthenticationConfig = new Gcp.NetworkSecurity.BackendAuthenticationConfig("default", new()
    {
        Name = "authentication",
        WellKnownRoots = "PUBLIC_ROOTS",
    });

    var @default = new Gcp.Compute.BackendService("default", new()
    {
        Name = "backend-service",
        HealthChecks = defaultHealthCheck.Id,
        LoadBalancingScheme = "EXTERNAL_MANAGED",
        Protocol = "HTTPS",
        TlsSettings = new Gcp.Compute.Inputs.BackendServiceTlsSettingsArgs
        {
            Sni = "example.com",
            SubjectAltNames = new[]
            {
                new Gcp.Compute.Inputs.BackendServiceTlsSettingsSubjectAltNameArgs
                {
                    DnsName = "example.com",
                },
                new Gcp.Compute.Inputs.BackendServiceTlsSettingsSubjectAltNameArgs
                {
                    UniformResourceIdentifier = "https://example.com",
                },
            },
            AuthenticationConfig = defaultBackendAuthenticationConfig.Id.Apply(id => $"//networksecurity.googleapis.com/{id}"),
        },
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.HealthCheck;
import com.pulumi.gcp.compute.HealthCheckArgs;
import com.pulumi.gcp.compute.inputs.HealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.networksecurity.BackendAuthenticationConfig;
import com.pulumi.gcp.networksecurity.BackendAuthenticationConfigArgs;
import com.pulumi.gcp.compute.BackendService;
import com.pulumi.gcp.compute.BackendServiceArgs;
import com.pulumi.gcp.compute.inputs.BackendServiceTlsSettingsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var defaultHealthCheck = new HealthCheck("defaultHealthCheck", HealthCheckArgs.builder()
            .name("health-check")
            .httpHealthCheck(HealthCheckHttpHealthCheckArgs.builder()
                .port(80)
                .build())
            .build());

        var defaultBackendAuthenticationConfig = new BackendAuthenticationConfig("defaultBackendAuthenticationConfig", BackendAuthenticationConfigArgs.builder()
            .name("authentication")
            .wellKnownRoots("PUBLIC_ROOTS")
            .build());

        var default_ = new BackendService("default", BackendServiceArgs.builder()
            .name("backend-service")
            .healthChecks(defaultHealthCheck.id())
            .loadBalancingScheme("EXTERNAL_MANAGED")
            .protocol("HTTPS")
            .tlsSettings(BackendServiceTlsSettingsArgs.builder()
                .sni("example.com")
                .subjectAltNames(                
                    BackendServiceTlsSettingsSubjectAltNameArgs.builder()
                        .dnsName("example.com")
                        .build(),
                    BackendServiceTlsSettingsSubjectAltNameArgs.builder()
                        .uniformResourceIdentifier("https://example.com")
                        .build())
                .authenticationConfig(defaultBackendAuthenticationConfig.id().applyValue(_id -> String.format("//networksecurity.googleapis.com/%s", _id)))
                .build())
            .build());

    }
}
Copy
resources:
  default:
    type: gcp:compute:BackendService
    properties:
      name: backend-service
      healthChecks: ${defaultHealthCheck.id}
      loadBalancingScheme: EXTERNAL_MANAGED
      protocol: HTTPS
      tlsSettings:
        sni: example.com
        subjectAltNames:
          - dnsName: example.com
          - uniformResourceIdentifier: https://example.com
        authenticationConfig: //networksecurity.googleapis.com/${defaultBackendAuthenticationConfig.id}
  defaultHealthCheck:
    type: gcp:compute:HealthCheck
    name: default
    properties:
      name: health-check
      httpHealthCheck:
        port: 80
  defaultBackendAuthenticationConfig:
    type: gcp:networksecurity:BackendAuthenticationConfig
    name: default
    properties:
      name: authentication
      wellKnownRoots: PUBLIC_ROOTS
Copy

Create BackendService Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new BackendService(name: string, args?: BackendServiceArgs, opts?: CustomResourceOptions);
@overload
def BackendService(resource_name: str,
                   args: Optional[BackendServiceArgs] = None,
                   opts: Optional[ResourceOptions] = None)

@overload
def BackendService(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   affinity_cookie_ttl_sec: Optional[int] = None,
                   backends: Optional[Sequence[BackendServiceBackendArgs]] = None,
                   cdn_policy: Optional[BackendServiceCdnPolicyArgs] = None,
                   circuit_breakers: Optional[BackendServiceCircuitBreakersArgs] = None,
                   compression_mode: Optional[str] = None,
                   connection_draining_timeout_sec: Optional[int] = None,
                   consistent_hash: Optional[BackendServiceConsistentHashArgs] = None,
                   custom_metrics: Optional[Sequence[BackendServiceCustomMetricArgs]] = None,
                   custom_request_headers: Optional[Sequence[str]] = None,
                   custom_response_headers: Optional[Sequence[str]] = None,
                   description: Optional[str] = None,
                   edge_security_policy: Optional[str] = None,
                   enable_cdn: Optional[bool] = None,
                   health_checks: Optional[str] = None,
                   iap: Optional[BackendServiceIapArgs] = None,
                   ip_address_selection_policy: Optional[str] = None,
                   load_balancing_scheme: Optional[str] = None,
                   locality_lb_policies: Optional[Sequence[BackendServiceLocalityLbPolicyArgs]] = None,
                   locality_lb_policy: Optional[str] = None,
                   log_config: Optional[BackendServiceLogConfigArgs] = None,
                   name: Optional[str] = None,
                   outlier_detection: Optional[BackendServiceOutlierDetectionArgs] = None,
                   port_name: Optional[str] = None,
                   project: Optional[str] = None,
                   protocol: Optional[str] = None,
                   security_policy: Optional[str] = None,
                   security_settings: Optional[BackendServiceSecuritySettingsArgs] = None,
                   service_lb_policy: Optional[str] = None,
                   session_affinity: Optional[str] = None,
                   strong_session_affinity_cookie: Optional[BackendServiceStrongSessionAffinityCookieArgs] = None,
                   timeout_sec: Optional[int] = None,
                   tls_settings: Optional[BackendServiceTlsSettingsArgs] = None)
func NewBackendService(ctx *Context, name string, args *BackendServiceArgs, opts ...ResourceOption) (*BackendService, error)
public BackendService(string name, BackendServiceArgs? args = null, CustomResourceOptions? opts = null)
public BackendService(String name, BackendServiceArgs args)
public BackendService(String name, BackendServiceArgs args, CustomResourceOptions options)
type: gcp:compute:BackendService
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name This property is required. string
The unique name of the resource.
args BackendServiceArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name This property is required. str
The unique name of the resource.
args BackendServiceArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name This property is required. string
The unique name of the resource.
args BackendServiceArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name This property is required. string
The unique name of the resource.
args BackendServiceArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name This property is required. String
The unique name of the resource.
args This property is required. BackendServiceArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var backendServiceResource = new Gcp.Compute.BackendService("backendServiceResource", new()
{
    AffinityCookieTtlSec = 0,
    Backends = new[]
    {
        new Gcp.Compute.Inputs.BackendServiceBackendArgs
        {
            Group = "string",
            BalancingMode = "string",
            CapacityScaler = 0,
            CustomMetrics = new[]
            {
                new Gcp.Compute.Inputs.BackendServiceBackendCustomMetricArgs
                {
                    DryRun = false,
                    Name = "string",
                    MaxUtilization = 0,
                },
            },
            Description = "string",
            MaxConnections = 0,
            MaxConnectionsPerEndpoint = 0,
            MaxConnectionsPerInstance = 0,
            MaxRate = 0,
            MaxRatePerEndpoint = 0,
            MaxRatePerInstance = 0,
            MaxUtilization = 0,
        },
    },
    CdnPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyArgs
    {
        BypassCacheOnRequestHeaders = new[]
        {
            new Gcp.Compute.Inputs.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs
            {
                HeaderName = "string",
            },
        },
        CacheKeyPolicy = new Gcp.Compute.Inputs.BackendServiceCdnPolicyCacheKeyPolicyArgs
        {
            IncludeHost = false,
            IncludeHttpHeaders = new[]
            {
                "string",
            },
            IncludeNamedCookies = new[]
            {
                "string",
            },
            IncludeProtocol = false,
            IncludeQueryString = false,
            QueryStringBlacklists = new[]
            {
                "string",
            },
            QueryStringWhitelists = new[]
            {
                "string",
            },
        },
        CacheMode = "string",
        ClientTtl = 0,
        DefaultTtl = 0,
        MaxTtl = 0,
        NegativeCaching = false,
        NegativeCachingPolicies = new[]
        {
            new Gcp.Compute.Inputs.BackendServiceCdnPolicyNegativeCachingPolicyArgs
            {
                Code = 0,
                Ttl = 0,
            },
        },
        ServeWhileStale = 0,
        SignedUrlCacheMaxAgeSec = 0,
    },
    CircuitBreakers = new Gcp.Compute.Inputs.BackendServiceCircuitBreakersArgs
    {
        ConnectTimeout = new Gcp.Compute.Inputs.BackendServiceCircuitBreakersConnectTimeoutArgs
        {
            Seconds = 0,
            Nanos = 0,
        },
        MaxConnections = 0,
        MaxPendingRequests = 0,
        MaxRequests = 0,
        MaxRequestsPerConnection = 0,
        MaxRetries = 0,
    },
    CompressionMode = "string",
    ConnectionDrainingTimeoutSec = 0,
    ConsistentHash = new Gcp.Compute.Inputs.BackendServiceConsistentHashArgs
    {
        HttpCookie = new Gcp.Compute.Inputs.BackendServiceConsistentHashHttpCookieArgs
        {
            Name = "string",
            Path = "string",
            Ttl = new Gcp.Compute.Inputs.BackendServiceConsistentHashHttpCookieTtlArgs
            {
                Seconds = 0,
                Nanos = 0,
            },
        },
        HttpHeaderName = "string",
        MinimumRingSize = 0,
    },
    CustomMetrics = new[]
    {
        new Gcp.Compute.Inputs.BackendServiceCustomMetricArgs
        {
            DryRun = false,
            Name = "string",
        },
    },
    CustomRequestHeaders = new[]
    {
        "string",
    },
    CustomResponseHeaders = new[]
    {
        "string",
    },
    Description = "string",
    EdgeSecurityPolicy = "string",
    EnableCdn = false,
    HealthChecks = "string",
    Iap = new Gcp.Compute.Inputs.BackendServiceIapArgs
    {
        Enabled = false,
        Oauth2ClientId = "string",
        Oauth2ClientSecret = "string",
        Oauth2ClientSecretSha256 = "string",
    },
    IpAddressSelectionPolicy = "string",
    LoadBalancingScheme = "string",
    LocalityLbPolicies = new[]
    {
        new Gcp.Compute.Inputs.BackendServiceLocalityLbPolicyArgs
        {
            CustomPolicy = new Gcp.Compute.Inputs.BackendServiceLocalityLbPolicyCustomPolicyArgs
            {
                Name = "string",
                Data = "string",
            },
            Policy = new Gcp.Compute.Inputs.BackendServiceLocalityLbPolicyPolicyArgs
            {
                Name = "string",
            },
        },
    },
    LocalityLbPolicy = "string",
    LogConfig = new Gcp.Compute.Inputs.BackendServiceLogConfigArgs
    {
        Enable = false,
        SampleRate = 0,
    },
    Name = "string",
    OutlierDetection = new Gcp.Compute.Inputs.BackendServiceOutlierDetectionArgs
    {
        BaseEjectionTime = new Gcp.Compute.Inputs.BackendServiceOutlierDetectionBaseEjectionTimeArgs
        {
            Seconds = 0,
            Nanos = 0,
        },
        ConsecutiveErrors = 0,
        ConsecutiveGatewayFailure = 0,
        EnforcingConsecutiveErrors = 0,
        EnforcingConsecutiveGatewayFailure = 0,
        EnforcingSuccessRate = 0,
        Interval = new Gcp.Compute.Inputs.BackendServiceOutlierDetectionIntervalArgs
        {
            Seconds = 0,
            Nanos = 0,
        },
        MaxEjectionPercent = 0,
        SuccessRateMinimumHosts = 0,
        SuccessRateRequestVolume = 0,
        SuccessRateStdevFactor = 0,
    },
    PortName = "string",
    Project = "string",
    Protocol = "string",
    SecurityPolicy = "string",
    SecuritySettings = new Gcp.Compute.Inputs.BackendServiceSecuritySettingsArgs
    {
        AwsV4Authentication = new Gcp.Compute.Inputs.BackendServiceSecuritySettingsAwsV4AuthenticationArgs
        {
            AccessKey = "string",
            AccessKeyId = "string",
            AccessKeyVersion = "string",
            OriginRegion = "string",
        },
        ClientTlsPolicy = "string",
        SubjectAltNames = new[]
        {
            "string",
        },
    },
    ServiceLbPolicy = "string",
    SessionAffinity = "string",
    StrongSessionAffinityCookie = new Gcp.Compute.Inputs.BackendServiceStrongSessionAffinityCookieArgs
    {
        Name = "string",
        Path = "string",
        Ttl = new Gcp.Compute.Inputs.BackendServiceStrongSessionAffinityCookieTtlArgs
        {
            Seconds = 0,
            Nanos = 0,
        },
    },
    TimeoutSec = 0,
    TlsSettings = new Gcp.Compute.Inputs.BackendServiceTlsSettingsArgs
    {
        AuthenticationConfig = "string",
        Sni = "string",
        SubjectAltNames = new[]
        {
            new Gcp.Compute.Inputs.BackendServiceTlsSettingsSubjectAltNameArgs
            {
                DnsName = "string",
                UniformResourceIdentifier = "string",
            },
        },
    },
});
Copy
example, err := compute.NewBackendService(ctx, "backendServiceResource", &compute.BackendServiceArgs{
	AffinityCookieTtlSec: pulumi.Int(0),
	Backends: compute.BackendServiceBackendArray{
		&compute.BackendServiceBackendArgs{
			Group:          pulumi.String("string"),
			BalancingMode:  pulumi.String("string"),
			CapacityScaler: pulumi.Float64(0),
			CustomMetrics: compute.BackendServiceBackendCustomMetricArray{
				&compute.BackendServiceBackendCustomMetricArgs{
					DryRun:         pulumi.Bool(false),
					Name:           pulumi.String("string"),
					MaxUtilization: pulumi.Float64(0),
				},
			},
			Description:               pulumi.String("string"),
			MaxConnections:            pulumi.Int(0),
			MaxConnectionsPerEndpoint: pulumi.Int(0),
			MaxConnectionsPerInstance: pulumi.Int(0),
			MaxRate:                   pulumi.Int(0),
			MaxRatePerEndpoint:        pulumi.Float64(0),
			MaxRatePerInstance:        pulumi.Float64(0),
			MaxUtilization:            pulumi.Float64(0),
		},
	},
	CdnPolicy: &compute.BackendServiceCdnPolicyArgs{
		BypassCacheOnRequestHeaders: compute.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArray{
			&compute.BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs{
				HeaderName: pulumi.String("string"),
			},
		},
		CacheKeyPolicy: &compute.BackendServiceCdnPolicyCacheKeyPolicyArgs{
			IncludeHost: pulumi.Bool(false),
			IncludeHttpHeaders: pulumi.StringArray{
				pulumi.String("string"),
			},
			IncludeNamedCookies: pulumi.StringArray{
				pulumi.String("string"),
			},
			IncludeProtocol:    pulumi.Bool(false),
			IncludeQueryString: pulumi.Bool(false),
			QueryStringBlacklists: pulumi.StringArray{
				pulumi.String("string"),
			},
			QueryStringWhitelists: pulumi.StringArray{
				pulumi.String("string"),
			},
		},
		CacheMode:       pulumi.String("string"),
		ClientTtl:       pulumi.Int(0),
		DefaultTtl:      pulumi.Int(0),
		MaxTtl:          pulumi.Int(0),
		NegativeCaching: pulumi.Bool(false),
		NegativeCachingPolicies: compute.BackendServiceCdnPolicyNegativeCachingPolicyArray{
			&compute.BackendServiceCdnPolicyNegativeCachingPolicyArgs{
				Code: pulumi.Int(0),
				Ttl:  pulumi.Int(0),
			},
		},
		ServeWhileStale:         pulumi.Int(0),
		SignedUrlCacheMaxAgeSec: pulumi.Int(0),
	},
	CircuitBreakers: &compute.BackendServiceCircuitBreakersArgs{
		ConnectTimeout: &compute.BackendServiceCircuitBreakersConnectTimeoutArgs{
			Seconds: pulumi.Int(0),
			Nanos:   pulumi.Int(0),
		},
		MaxConnections:           pulumi.Int(0),
		MaxPendingRequests:       pulumi.Int(0),
		MaxRequests:              pulumi.Int(0),
		MaxRequestsPerConnection: pulumi.Int(0),
		MaxRetries:               pulumi.Int(0),
	},
	CompressionMode:              pulumi.String("string"),
	ConnectionDrainingTimeoutSec: pulumi.Int(0),
	ConsistentHash: &compute.BackendServiceConsistentHashArgs{
		HttpCookie: &compute.BackendServiceConsistentHashHttpCookieArgs{
			Name: pulumi.String("string"),
			Path: pulumi.String("string"),
			Ttl: &compute.BackendServiceConsistentHashHttpCookieTtlArgs{
				Seconds: pulumi.Int(0),
				Nanos:   pulumi.Int(0),
			},
		},
		HttpHeaderName:  pulumi.String("string"),
		MinimumRingSize: pulumi.Int(0),
	},
	CustomMetrics: compute.BackendServiceCustomMetricArray{
		&compute.BackendServiceCustomMetricArgs{
			DryRun: pulumi.Bool(false),
			Name:   pulumi.String("string"),
		},
	},
	CustomRequestHeaders: pulumi.StringArray{
		pulumi.String("string"),
	},
	CustomResponseHeaders: pulumi.StringArray{
		pulumi.String("string"),
	},
	Description:        pulumi.String("string"),
	EdgeSecurityPolicy: pulumi.String("string"),
	EnableCdn:          pulumi.Bool(false),
	HealthChecks:       pulumi.String("string"),
	Iap: &compute.BackendServiceIapArgs{
		Enabled:                  pulumi.Bool(false),
		Oauth2ClientId:           pulumi.String("string"),
		Oauth2ClientSecret:       pulumi.String("string"),
		Oauth2ClientSecretSha256: pulumi.String("string"),
	},
	IpAddressSelectionPolicy: pulumi.String("string"),
	LoadBalancingScheme:      pulumi.String("string"),
	LocalityLbPolicies: compute.BackendServiceLocalityLbPolicyArray{
		&compute.BackendServiceLocalityLbPolicyArgs{
			CustomPolicy: &compute.BackendServiceLocalityLbPolicyCustomPolicyArgs{
				Name: pulumi.String("string"),
				Data: pulumi.String("string"),
			},
			Policy: &compute.BackendServiceLocalityLbPolicyPolicyArgs{
				Name: pulumi.String("string"),
			},
		},
	},
	LocalityLbPolicy: pulumi.String("string"),
	LogConfig: &compute.BackendServiceLogConfigArgs{
		Enable:     pulumi.Bool(false),
		SampleRate: pulumi.Float64(0),
	},
	Name: pulumi.String("string"),
	OutlierDetection: &compute.BackendServiceOutlierDetectionArgs{
		BaseEjectionTime: &compute.BackendServiceOutlierDetectionBaseEjectionTimeArgs{
			Seconds: pulumi.Int(0),
			Nanos:   pulumi.Int(0),
		},
		ConsecutiveErrors:                  pulumi.Int(0),
		ConsecutiveGatewayFailure:          pulumi.Int(0),
		EnforcingConsecutiveErrors:         pulumi.Int(0),
		EnforcingConsecutiveGatewayFailure: pulumi.Int(0),
		EnforcingSuccessRate:               pulumi.Int(0),
		Interval: &compute.BackendServiceOutlierDetectionIntervalArgs{
			Seconds: pulumi.Int(0),
			Nanos:   pulumi.Int(0),
		},
		MaxEjectionPercent:       pulumi.Int(0),
		SuccessRateMinimumHosts:  pulumi.Int(0),
		SuccessRateRequestVolume: pulumi.Int(0),
		SuccessRateStdevFactor:   pulumi.Int(0),
	},
	PortName:       pulumi.String("string"),
	Project:        pulumi.String("string"),
	Protocol:       pulumi.String("string"),
	SecurityPolicy: pulumi.String("string"),
	SecuritySettings: &compute.BackendServiceSecuritySettingsArgs{
		AwsV4Authentication: &compute.BackendServiceSecuritySettingsAwsV4AuthenticationArgs{
			AccessKey:        pulumi.String("string"),
			AccessKeyId:      pulumi.String("string"),
			AccessKeyVersion: pulumi.String("string"),
			OriginRegion:     pulumi.String("string"),
		},
		ClientTlsPolicy: pulumi.String("string"),
		SubjectAltNames: pulumi.StringArray{
			pulumi.String("string"),
		},
	},
	ServiceLbPolicy: pulumi.String("string"),
	SessionAffinity: pulumi.String("string"),
	StrongSessionAffinityCookie: &compute.BackendServiceStrongSessionAffinityCookieArgs{
		Name: pulumi.String("string"),
		Path: pulumi.String("string"),
		Ttl: &compute.BackendServiceStrongSessionAffinityCookieTtlArgs{
			Seconds: pulumi.Int(0),
			Nanos:   pulumi.Int(0),
		},
	},
	TimeoutSec: pulumi.Int(0),
	TlsSettings: &compute.BackendServiceTlsSettingsArgs{
		AuthenticationConfig: pulumi.String("string"),
		Sni:                  pulumi.String("string"),
		SubjectAltNames: compute.BackendServiceTlsSettingsSubjectAltNameArray{
			&compute.BackendServiceTlsSettingsSubjectAltNameArgs{
				DnsName:                   pulumi.String("string"),
				UniformResourceIdentifier: pulumi.String("string"),
			},
		},
	},
})
Copy
var backendServiceResource = new BackendService("backendServiceResource", BackendServiceArgs.builder()
    .affinityCookieTtlSec(0)
    .backends(BackendServiceBackendArgs.builder()
        .group("string")
        .balancingMode("string")
        .capacityScaler(0)
        .customMetrics(BackendServiceBackendCustomMetricArgs.builder()
            .dryRun(false)
            .name("string")
            .maxUtilization(0)
            .build())
        .description("string")
        .maxConnections(0)
        .maxConnectionsPerEndpoint(0)
        .maxConnectionsPerInstance(0)
        .maxRate(0)
        .maxRatePerEndpoint(0)
        .maxRatePerInstance(0)
        .maxUtilization(0)
        .build())
    .cdnPolicy(BackendServiceCdnPolicyArgs.builder()
        .bypassCacheOnRequestHeaders(BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs.builder()
            .headerName("string")
            .build())
        .cacheKeyPolicy(BackendServiceCdnPolicyCacheKeyPolicyArgs.builder()
            .includeHost(false)
            .includeHttpHeaders("string")
            .includeNamedCookies("string")
            .includeProtocol(false)
            .includeQueryString(false)
            .queryStringBlacklists("string")
            .queryStringWhitelists("string")
            .build())
        .cacheMode("string")
        .clientTtl(0)
        .defaultTtl(0)
        .maxTtl(0)
        .negativeCaching(false)
        .negativeCachingPolicies(BackendServiceCdnPolicyNegativeCachingPolicyArgs.builder()
            .code(0)
            .ttl(0)
            .build())
        .serveWhileStale(0)
        .signedUrlCacheMaxAgeSec(0)
        .build())
    .circuitBreakers(BackendServiceCircuitBreakersArgs.builder()
        .connectTimeout(BackendServiceCircuitBreakersConnectTimeoutArgs.builder()
            .seconds(0)
            .nanos(0)
            .build())
        .maxConnections(0)
        .maxPendingRequests(0)
        .maxRequests(0)
        .maxRequestsPerConnection(0)
        .maxRetries(0)
        .build())
    .compressionMode("string")
    .connectionDrainingTimeoutSec(0)
    .consistentHash(BackendServiceConsistentHashArgs.builder()
        .httpCookie(BackendServiceConsistentHashHttpCookieArgs.builder()
            .name("string")
            .path("string")
            .ttl(BackendServiceConsistentHashHttpCookieTtlArgs.builder()
                .seconds(0)
                .nanos(0)
                .build())
            .build())
        .httpHeaderName("string")
        .minimumRingSize(0)
        .build())
    .customMetrics(BackendServiceCustomMetricArgs.builder()
        .dryRun(false)
        .name("string")
        .build())
    .customRequestHeaders("string")
    .customResponseHeaders("string")
    .description("string")
    .edgeSecurityPolicy("string")
    .enableCdn(false)
    .healthChecks("string")
    .iap(BackendServiceIapArgs.builder()
        .enabled(false)
        .oauth2ClientId("string")
        .oauth2ClientSecret("string")
        .oauth2ClientSecretSha256("string")
        .build())
    .ipAddressSelectionPolicy("string")
    .loadBalancingScheme("string")
    .localityLbPolicies(BackendServiceLocalityLbPolicyArgs.builder()
        .customPolicy(BackendServiceLocalityLbPolicyCustomPolicyArgs.builder()
            .name("string")
            .data("string")
            .build())
        .policy(BackendServiceLocalityLbPolicyPolicyArgs.builder()
            .name("string")
            .build())
        .build())
    .localityLbPolicy("string")
    .logConfig(BackendServiceLogConfigArgs.builder()
        .enable(false)
        .sampleRate(0)
        .build())
    .name("string")
    .outlierDetection(BackendServiceOutlierDetectionArgs.builder()
        .baseEjectionTime(BackendServiceOutlierDetectionBaseEjectionTimeArgs.builder()
            .seconds(0)
            .nanos(0)
            .build())
        .consecutiveErrors(0)
        .consecutiveGatewayFailure(0)
        .enforcingConsecutiveErrors(0)
        .enforcingConsecutiveGatewayFailure(0)
        .enforcingSuccessRate(0)
        .interval(BackendServiceOutlierDetectionIntervalArgs.builder()
            .seconds(0)
            .nanos(0)
            .build())
        .maxEjectionPercent(0)
        .successRateMinimumHosts(0)
        .successRateRequestVolume(0)
        .successRateStdevFactor(0)
        .build())
    .portName("string")
    .project("string")
    .protocol("string")
    .securityPolicy("string")
    .securitySettings(BackendServiceSecuritySettingsArgs.builder()
        .awsV4Authentication(BackendServiceSecuritySettingsAwsV4AuthenticationArgs.builder()
            .accessKey("string")
            .accessKeyId("string")
            .accessKeyVersion("string")
            .originRegion("string")
            .build())
        .clientTlsPolicy("string")
        .subjectAltNames("string")
        .build())
    .serviceLbPolicy("string")
    .sessionAffinity("string")
    .strongSessionAffinityCookie(BackendServiceStrongSessionAffinityCookieArgs.builder()
        .name("string")
        .path("string")
        .ttl(BackendServiceStrongSessionAffinityCookieTtlArgs.builder()
            .seconds(0)
            .nanos(0)
            .build())
        .build())
    .timeoutSec(0)
    .tlsSettings(BackendServiceTlsSettingsArgs.builder()
        .authenticationConfig("string")
        .sni("string")
        .subjectAltNames(BackendServiceTlsSettingsSubjectAltNameArgs.builder()
            .dnsName("string")
            .uniformResourceIdentifier("string")
            .build())
        .build())
    .build());
Copy
backend_service_resource = gcp.compute.BackendService("backendServiceResource",
    affinity_cookie_ttl_sec=0,
    backends=[{
        "group": "string",
        "balancing_mode": "string",
        "capacity_scaler": 0,
        "custom_metrics": [{
            "dry_run": False,
            "name": "string",
            "max_utilization": 0,
        }],
        "description": "string",
        "max_connections": 0,
        "max_connections_per_endpoint": 0,
        "max_connections_per_instance": 0,
        "max_rate": 0,
        "max_rate_per_endpoint": 0,
        "max_rate_per_instance": 0,
        "max_utilization": 0,
    }],
    cdn_policy={
        "bypass_cache_on_request_headers": [{
            "header_name": "string",
        }],
        "cache_key_policy": {
            "include_host": False,
            "include_http_headers": ["string"],
            "include_named_cookies": ["string"],
            "include_protocol": False,
            "include_query_string": False,
            "query_string_blacklists": ["string"],
            "query_string_whitelists": ["string"],
        },
        "cache_mode": "string",
        "client_ttl": 0,
        "default_ttl": 0,
        "max_ttl": 0,
        "negative_caching": False,
        "negative_caching_policies": [{
            "code": 0,
            "ttl": 0,
        }],
        "serve_while_stale": 0,
        "signed_url_cache_max_age_sec": 0,
    },
    circuit_breakers={
        "connect_timeout": {
            "seconds": 0,
            "nanos": 0,
        },
        "max_connections": 0,
        "max_pending_requests": 0,
        "max_requests": 0,
        "max_requests_per_connection": 0,
        "max_retries": 0,
    },
    compression_mode="string",
    connection_draining_timeout_sec=0,
    consistent_hash={
        "http_cookie": {
            "name": "string",
            "path": "string",
            "ttl": {
                "seconds": 0,
                "nanos": 0,
            },
        },
        "http_header_name": "string",
        "minimum_ring_size": 0,
    },
    custom_metrics=[{
        "dry_run": False,
        "name": "string",
    }],
    custom_request_headers=["string"],
    custom_response_headers=["string"],
    description="string",
    edge_security_policy="string",
    enable_cdn=False,
    health_checks="string",
    iap={
        "enabled": False,
        "oauth2_client_id": "string",
        "oauth2_client_secret": "string",
        "oauth2_client_secret_sha256": "string",
    },
    ip_address_selection_policy="string",
    load_balancing_scheme="string",
    locality_lb_policies=[{
        "custom_policy": {
            "name": "string",
            "data": "string",
        },
        "policy": {
            "name": "string",
        },
    }],
    locality_lb_policy="string",
    log_config={
        "enable": False,
        "sample_rate": 0,
    },
    name="string",
    outlier_detection={
        "base_ejection_time": {
            "seconds": 0,
            "nanos": 0,
        },
        "consecutive_errors": 0,
        "consecutive_gateway_failure": 0,
        "enforcing_consecutive_errors": 0,
        "enforcing_consecutive_gateway_failure": 0,
        "enforcing_success_rate": 0,
        "interval": {
            "seconds": 0,
            "nanos": 0,
        },
        "max_ejection_percent": 0,
        "success_rate_minimum_hosts": 0,
        "success_rate_request_volume": 0,
        "success_rate_stdev_factor": 0,
    },
    port_name="string",
    project="string",
    protocol="string",
    security_policy="string",
    security_settings={
        "aws_v4_authentication": {
            "access_key": "string",
            "access_key_id": "string",
            "access_key_version": "string",
            "origin_region": "string",
        },
        "client_tls_policy": "string",
        "subject_alt_names": ["string"],
    },
    service_lb_policy="string",
    session_affinity="string",
    strong_session_affinity_cookie={
        "name": "string",
        "path": "string",
        "ttl": {
            "seconds": 0,
            "nanos": 0,
        },
    },
    timeout_sec=0,
    tls_settings={
        "authentication_config": "string",
        "sni": "string",
        "subject_alt_names": [{
            "dns_name": "string",
            "uniform_resource_identifier": "string",
        }],
    })
Copy
const backendServiceResource = new gcp.compute.BackendService("backendServiceResource", {
    affinityCookieTtlSec: 0,
    backends: [{
        group: "string",
        balancingMode: "string",
        capacityScaler: 0,
        customMetrics: [{
            dryRun: false,
            name: "string",
            maxUtilization: 0,
        }],
        description: "string",
        maxConnections: 0,
        maxConnectionsPerEndpoint: 0,
        maxConnectionsPerInstance: 0,
        maxRate: 0,
        maxRatePerEndpoint: 0,
        maxRatePerInstance: 0,
        maxUtilization: 0,
    }],
    cdnPolicy: {
        bypassCacheOnRequestHeaders: [{
            headerName: "string",
        }],
        cacheKeyPolicy: {
            includeHost: false,
            includeHttpHeaders: ["string"],
            includeNamedCookies: ["string"],
            includeProtocol: false,
            includeQueryString: false,
            queryStringBlacklists: ["string"],
            queryStringWhitelists: ["string"],
        },
        cacheMode: "string",
        clientTtl: 0,
        defaultTtl: 0,
        maxTtl: 0,
        negativeCaching: false,
        negativeCachingPolicies: [{
            code: 0,
            ttl: 0,
        }],
        serveWhileStale: 0,
        signedUrlCacheMaxAgeSec: 0,
    },
    circuitBreakers: {
        connectTimeout: {
            seconds: 0,
            nanos: 0,
        },
        maxConnections: 0,
        maxPendingRequests: 0,
        maxRequests: 0,
        maxRequestsPerConnection: 0,
        maxRetries: 0,
    },
    compressionMode: "string",
    connectionDrainingTimeoutSec: 0,
    consistentHash: {
        httpCookie: {
            name: "string",
            path: "string",
            ttl: {
                seconds: 0,
                nanos: 0,
            },
        },
        httpHeaderName: "string",
        minimumRingSize: 0,
    },
    customMetrics: [{
        dryRun: false,
        name: "string",
    }],
    customRequestHeaders: ["string"],
    customResponseHeaders: ["string"],
    description: "string",
    edgeSecurityPolicy: "string",
    enableCdn: false,
    healthChecks: "string",
    iap: {
        enabled: false,
        oauth2ClientId: "string",
        oauth2ClientSecret: "string",
        oauth2ClientSecretSha256: "string",
    },
    ipAddressSelectionPolicy: "string",
    loadBalancingScheme: "string",
    localityLbPolicies: [{
        customPolicy: {
            name: "string",
            data: "string",
        },
        policy: {
            name: "string",
        },
    }],
    localityLbPolicy: "string",
    logConfig: {
        enable: false,
        sampleRate: 0,
    },
    name: "string",
    outlierDetection: {
        baseEjectionTime: {
            seconds: 0,
            nanos: 0,
        },
        consecutiveErrors: 0,
        consecutiveGatewayFailure: 0,
        enforcingConsecutiveErrors: 0,
        enforcingConsecutiveGatewayFailure: 0,
        enforcingSuccessRate: 0,
        interval: {
            seconds: 0,
            nanos: 0,
        },
        maxEjectionPercent: 0,
        successRateMinimumHosts: 0,
        successRateRequestVolume: 0,
        successRateStdevFactor: 0,
    },
    portName: "string",
    project: "string",
    protocol: "string",
    securityPolicy: "string",
    securitySettings: {
        awsV4Authentication: {
            accessKey: "string",
            accessKeyId: "string",
            accessKeyVersion: "string",
            originRegion: "string",
        },
        clientTlsPolicy: "string",
        subjectAltNames: ["string"],
    },
    serviceLbPolicy: "string",
    sessionAffinity: "string",
    strongSessionAffinityCookie: {
        name: "string",
        path: "string",
        ttl: {
            seconds: 0,
            nanos: 0,
        },
    },
    timeoutSec: 0,
    tlsSettings: {
        authenticationConfig: "string",
        sni: "string",
        subjectAltNames: [{
            dnsName: "string",
            uniformResourceIdentifier: "string",
        }],
    },
});
Copy
type: gcp:compute:BackendService
properties:
    affinityCookieTtlSec: 0
    backends:
        - balancingMode: string
          capacityScaler: 0
          customMetrics:
            - dryRun: false
              maxUtilization: 0
              name: string
          description: string
          group: string
          maxConnections: 0
          maxConnectionsPerEndpoint: 0
          maxConnectionsPerInstance: 0
          maxRate: 0
          maxRatePerEndpoint: 0
          maxRatePerInstance: 0
          maxUtilization: 0
    cdnPolicy:
        bypassCacheOnRequestHeaders:
            - headerName: string
        cacheKeyPolicy:
            includeHost: false
            includeHttpHeaders:
                - string
            includeNamedCookies:
                - string
            includeProtocol: false
            includeQueryString: false
            queryStringBlacklists:
                - string
            queryStringWhitelists:
                - string
        cacheMode: string
        clientTtl: 0
        defaultTtl: 0
        maxTtl: 0
        negativeCaching: false
        negativeCachingPolicies:
            - code: 0
              ttl: 0
        serveWhileStale: 0
        signedUrlCacheMaxAgeSec: 0
    circuitBreakers:
        connectTimeout:
            nanos: 0
            seconds: 0
        maxConnections: 0
        maxPendingRequests: 0
        maxRequests: 0
        maxRequestsPerConnection: 0
        maxRetries: 0
    compressionMode: string
    connectionDrainingTimeoutSec: 0
    consistentHash:
        httpCookie:
            name: string
            path: string
            ttl:
                nanos: 0
                seconds: 0
        httpHeaderName: string
        minimumRingSize: 0
    customMetrics:
        - dryRun: false
          name: string
    customRequestHeaders:
        - string
    customResponseHeaders:
        - string
    description: string
    edgeSecurityPolicy: string
    enableCdn: false
    healthChecks: string
    iap:
        enabled: false
        oauth2ClientId: string
        oauth2ClientSecret: string
        oauth2ClientSecretSha256: string
    ipAddressSelectionPolicy: string
    loadBalancingScheme: string
    localityLbPolicies:
        - customPolicy:
            data: string
            name: string
          policy:
            name: string
    localityLbPolicy: string
    logConfig:
        enable: false
        sampleRate: 0
    name: string
    outlierDetection:
        baseEjectionTime:
            nanos: 0
            seconds: 0
        consecutiveErrors: 0
        consecutiveGatewayFailure: 0
        enforcingConsecutiveErrors: 0
        enforcingConsecutiveGatewayFailure: 0
        enforcingSuccessRate: 0
        interval:
            nanos: 0
            seconds: 0
        maxEjectionPercent: 0
        successRateMinimumHosts: 0
        successRateRequestVolume: 0
        successRateStdevFactor: 0
    portName: string
    project: string
    protocol: string
    securityPolicy: string
    securitySettings:
        awsV4Authentication:
            accessKey: string
            accessKeyId: string
            accessKeyVersion: string
            originRegion: string
        clientTlsPolicy: string
        subjectAltNames:
            - string
    serviceLbPolicy: string
    sessionAffinity: string
    strongSessionAffinityCookie:
        name: string
        path: string
        ttl:
            nanos: 0
            seconds: 0
    timeoutSec: 0
    tlsSettings:
        authenticationConfig: string
        sni: string
        subjectAltNames:
            - dnsName: string
              uniformResourceIdentifier: string
Copy

BackendService Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The BackendService resource accepts the following input properties:

AffinityCookieTtlSec int
Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
Backends List<BackendServiceBackend>
The set of backends that serve this BackendService. Structure is documented below.
CdnPolicy BackendServiceCdnPolicy
Cloud CDN configuration for this BackendService. Structure is documented below.
CircuitBreakers BackendServiceCircuitBreakers
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
CompressionMode string
Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values are: AUTOMATIC, DISABLED.
ConnectionDrainingTimeoutSec int
Time for which instance will be drained (not accept new connections, but still work to finish started).
ConsistentHash BackendServiceConsistentHash
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
CustomMetrics List<BackendServiceCustomMetric>
List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
CustomRequestHeaders List<string>
Headers that the HTTP/S load balancer should add to proxied requests.
CustomResponseHeaders List<string>
Headers that the HTTP/S load balancer should add to proxied responses.
Description string
An optional description of this resource.
EdgeSecurityPolicy string
The resource URL for the edge security policy associated with this backend service.
EnableCdn bool
If true, enable Cloud CDN for this BackendService.
HealthChecks string
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
Iap BackendServiceIap
Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
IpAddressSelectionPolicy string
Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY.
LoadBalancingScheme Changes to this property will trigger replacement. string
Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED.
LocalityLbPolicies List<BackendServiceLocalityLbPolicy>
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
LocalityLbPolicy string
The load balancing algorithm used within the scope of the locality. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
  • WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.
  • WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:
  • A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED.
  • A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
  • A regional backend service with loadBalancingScheme set to EXTERNAL (External Network Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validate_for_proxyless field set to true. Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV, WEIGHTED_MAGLEV, WEIGHTED_ROUND_ROBIN.
LogConfig BackendServiceLogConfig
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
Name Changes to this property will trigger replacement. string
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


OutlierDetection BackendServiceOutlierDetection
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
PortName string
Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
Project Changes to this property will trigger replacement. string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Protocol string
The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED.
SecurityPolicy string
The security policy associated with this backend service.
SecuritySettings BackendServiceSecuritySettings
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
ServiceLbPolicy string
URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
SessionAffinity string
Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY.
StrongSessionAffinityCookie BackendServiceStrongSessionAffinityCookie
Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
TimeoutSec int
The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
TlsSettings BackendServiceTlsSettings
Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
AffinityCookieTtlSec int
Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
Backends []BackendServiceBackendArgs
The set of backends that serve this BackendService. Structure is documented below.
CdnPolicy BackendServiceCdnPolicyArgs
Cloud CDN configuration for this BackendService. Structure is documented below.
CircuitBreakers BackendServiceCircuitBreakersArgs
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
CompressionMode string
Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values are: AUTOMATIC, DISABLED.
ConnectionDrainingTimeoutSec int
Time for which instance will be drained (not accept new connections, but still work to finish started).
ConsistentHash BackendServiceConsistentHashArgs
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
CustomMetrics []BackendServiceCustomMetricArgs
List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
CustomRequestHeaders []string
Headers that the HTTP/S load balancer should add to proxied requests.
CustomResponseHeaders []string
Headers that the HTTP/S load balancer should add to proxied responses.
Description string
An optional description of this resource.
EdgeSecurityPolicy string
The resource URL for the edge security policy associated with this backend service.
EnableCdn bool
If true, enable Cloud CDN for this BackendService.
HealthChecks string
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
Iap BackendServiceIapArgs
Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
IpAddressSelectionPolicy string
Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY.
LoadBalancingScheme Changes to this property will trigger replacement. string
Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED.
LocalityLbPolicies []BackendServiceLocalityLbPolicyArgs
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
LocalityLbPolicy string
The load balancing algorithm used within the scope of the locality. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
  • WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.
  • WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:
  • A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED.
  • A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
  • A regional backend service with loadBalancingScheme set to EXTERNAL (External Network Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validate_for_proxyless field set to true. Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV, WEIGHTED_MAGLEV, WEIGHTED_ROUND_ROBIN.
LogConfig BackendServiceLogConfigArgs
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
Name Changes to this property will trigger replacement. string
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


OutlierDetection BackendServiceOutlierDetectionArgs
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
PortName string
Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
Project Changes to this property will trigger replacement. string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Protocol string
The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED.
SecurityPolicy string
The security policy associated with this backend service.
SecuritySettings BackendServiceSecuritySettingsArgs
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
ServiceLbPolicy string
URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
SessionAffinity string
Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY.
StrongSessionAffinityCookie BackendServiceStrongSessionAffinityCookieArgs
Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
TimeoutSec int
The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
TlsSettings BackendServiceTlsSettingsArgs
Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
affinityCookieTtlSec Integer
Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
backends List<BackendServiceBackend>
The set of backends that serve this BackendService. Structure is documented below.
cdnPolicy BackendServiceCdnPolicy
Cloud CDN configuration for this BackendService. Structure is documented below.
circuitBreakers BackendServiceCircuitBreakers
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
compressionMode String
Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values are: AUTOMATIC, DISABLED.
connectionDrainingTimeoutSec Integer
Time for which instance will be drained (not accept new connections, but still work to finish started).
consistentHash BackendServiceConsistentHash
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
customMetrics List<BackendServiceCustomMetric>
List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
customRequestHeaders List<String>
Headers that the HTTP/S load balancer should add to proxied requests.
customResponseHeaders List<String>
Headers that the HTTP/S load balancer should add to proxied responses.
description String
An optional description of this resource.
edgeSecurityPolicy String
The resource URL for the edge security policy associated with this backend service.
enableCdn Boolean
If true, enable Cloud CDN for this BackendService.
healthChecks String
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
iap BackendServiceIap
Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
ipAddressSelectionPolicy String
Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY.
loadBalancingScheme Changes to this property will trigger replacement. String
Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED.
localityLbPolicies List<BackendServiceLocalityLbPolicy>
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
localityLbPolicy String
The load balancing algorithm used within the scope of the locality. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
  • WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.
  • WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:
  • A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED.
  • A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
  • A regional backend service with loadBalancingScheme set to EXTERNAL (External Network Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validate_for_proxyless field set to true. Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV, WEIGHTED_MAGLEV, WEIGHTED_ROUND_ROBIN.
logConfig BackendServiceLogConfig
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
name Changes to this property will trigger replacement. String
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


outlierDetection BackendServiceOutlierDetection
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
portName String
Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
project Changes to this property will trigger replacement. String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
protocol String
The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED.
securityPolicy String
The security policy associated with this backend service.
securitySettings BackendServiceSecuritySettings
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
serviceLbPolicy String
URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
sessionAffinity String
Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY.
strongSessionAffinityCookie BackendServiceStrongSessionAffinityCookie
Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
timeoutSec Integer
The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
tlsSettings BackendServiceTlsSettings
Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
affinityCookieTtlSec number
Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
backends BackendServiceBackend[]
The set of backends that serve this BackendService. Structure is documented below.
cdnPolicy BackendServiceCdnPolicy
Cloud CDN configuration for this BackendService. Structure is documented below.
circuitBreakers BackendServiceCircuitBreakers
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
compressionMode string
Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values are: AUTOMATIC, DISABLED.
connectionDrainingTimeoutSec number
Time for which instance will be drained (not accept new connections, but still work to finish started).
consistentHash BackendServiceConsistentHash
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
customMetrics BackendServiceCustomMetric[]
List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
customRequestHeaders string[]
Headers that the HTTP/S load balancer should add to proxied requests.
customResponseHeaders string[]
Headers that the HTTP/S load balancer should add to proxied responses.
description string
An optional description of this resource.
edgeSecurityPolicy string
The resource URL for the edge security policy associated with this backend service.
enableCdn boolean
If true, enable Cloud CDN for this BackendService.
healthChecks string
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
iap BackendServiceIap
Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
ipAddressSelectionPolicy string
Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY.
loadBalancingScheme Changes to this property will trigger replacement. string
Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED.
localityLbPolicies BackendServiceLocalityLbPolicy[]
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
localityLbPolicy string
The load balancing algorithm used within the scope of the locality. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
  • WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.
  • WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:
  • A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED.
  • A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
  • A regional backend service with loadBalancingScheme set to EXTERNAL (External Network Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validate_for_proxyless field set to true. Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV, WEIGHTED_MAGLEV, WEIGHTED_ROUND_ROBIN.
logConfig BackendServiceLogConfig
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
name Changes to this property will trigger replacement. string
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


outlierDetection BackendServiceOutlierDetection
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
portName string
Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
project Changes to this property will trigger replacement. string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
protocol string
The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED.
securityPolicy string
The security policy associated with this backend service.
securitySettings BackendServiceSecuritySettings
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
serviceLbPolicy string
URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
sessionAffinity string
Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY.
strongSessionAffinityCookie BackendServiceStrongSessionAffinityCookie
Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
timeoutSec number
The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
tlsSettings BackendServiceTlsSettings
Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
affinity_cookie_ttl_sec int
Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
backends Sequence[BackendServiceBackendArgs]
The set of backends that serve this BackendService. Structure is documented below.
cdn_policy BackendServiceCdnPolicyArgs
Cloud CDN configuration for this BackendService. Structure is documented below.
circuit_breakers BackendServiceCircuitBreakersArgs
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
compression_mode str
Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values are: AUTOMATIC, DISABLED.
connection_draining_timeout_sec int
Time for which instance will be drained (not accept new connections, but still work to finish started).
consistent_hash BackendServiceConsistentHashArgs
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
custom_metrics Sequence[BackendServiceCustomMetricArgs]
List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
custom_request_headers Sequence[str]
Headers that the HTTP/S load balancer should add to proxied requests.
custom_response_headers Sequence[str]
Headers that the HTTP/S load balancer should add to proxied responses.
description str
An optional description of this resource.
edge_security_policy str
The resource URL for the edge security policy associated with this backend service.
enable_cdn bool
If true, enable Cloud CDN for this BackendService.
health_checks str
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
iap BackendServiceIapArgs
Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
ip_address_selection_policy str
Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY.
load_balancing_scheme Changes to this property will trigger replacement. str
Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED.
locality_lb_policies Sequence[BackendServiceLocalityLbPolicyArgs]
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
locality_lb_policy str
The load balancing algorithm used within the scope of the locality. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
  • WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.
  • WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:
  • A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED.
  • A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
  • A regional backend service with loadBalancingScheme set to EXTERNAL (External Network Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validate_for_proxyless field set to true. Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV, WEIGHTED_MAGLEV, WEIGHTED_ROUND_ROBIN.
log_config BackendServiceLogConfigArgs
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
name Changes to this property will trigger replacement. str
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


outlier_detection BackendServiceOutlierDetectionArgs
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
port_name str
Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
project Changes to this property will trigger replacement. str
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
protocol str
The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED.
security_policy str
The security policy associated with this backend service.
security_settings BackendServiceSecuritySettingsArgs
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
service_lb_policy str
URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
session_affinity str
Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY.
strong_session_affinity_cookie BackendServiceStrongSessionAffinityCookieArgs
Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
timeout_sec int
The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
tls_settings BackendServiceTlsSettingsArgs
Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
affinityCookieTtlSec Number
Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
backends List<Property Map>
The set of backends that serve this BackendService. Structure is documented below.
cdnPolicy Property Map
Cloud CDN configuration for this BackendService. Structure is documented below.
circuitBreakers Property Map
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
compressionMode String
Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values are: AUTOMATIC, DISABLED.
connectionDrainingTimeoutSec Number
Time for which instance will be drained (not accept new connections, but still work to finish started).
consistentHash Property Map
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
customMetrics List<Property Map>
List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
customRequestHeaders List<String>
Headers that the HTTP/S load balancer should add to proxied requests.
customResponseHeaders List<String>
Headers that the HTTP/S load balancer should add to proxied responses.
description String
An optional description of this resource.
edgeSecurityPolicy String
The resource URL for the edge security policy associated with this backend service.
enableCdn Boolean
If true, enable Cloud CDN for this BackendService.
healthChecks String
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
iap Property Map
Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
ipAddressSelectionPolicy String
Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY.
loadBalancingScheme Changes to this property will trigger replacement. String
Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED.
localityLbPolicies List<Property Map>
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
localityLbPolicy String
The load balancing algorithm used within the scope of the locality. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
  • WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.
  • WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:
  • A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED.
  • A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
  • A regional backend service with loadBalancingScheme set to EXTERNAL (External Network Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validate_for_proxyless field set to true. Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV, WEIGHTED_MAGLEV, WEIGHTED_ROUND_ROBIN.
logConfig Property Map
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
name Changes to this property will trigger replacement. String
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


outlierDetection Property Map
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
portName String
Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
project Changes to this property will trigger replacement. String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
protocol String
The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED.
securityPolicy String
The security policy associated with this backend service.
securitySettings Property Map
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
serviceLbPolicy String
URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
sessionAffinity String
Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY.
strongSessionAffinityCookie Property Map
Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
timeoutSec Number
The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
tlsSettings Property Map
Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.

Outputs

All input properties are implicitly available as output properties. Additionally, the BackendService resource produces the following output properties:

CreationTimestamp string
Creation timestamp in RFC3339 text format.
Fingerprint string
Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
GeneratedId int
The unique identifier for the resource. This identifier is defined by the server.
Id string
The provider-assigned unique ID for this managed resource.
SelfLink string
The URI of the created resource.
CreationTimestamp string
Creation timestamp in RFC3339 text format.
Fingerprint string
Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
GeneratedId int
The unique identifier for the resource. This identifier is defined by the server.
Id string
The provider-assigned unique ID for this managed resource.
SelfLink string
The URI of the created resource.
creationTimestamp String
Creation timestamp in RFC3339 text format.
fingerprint String
Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
generatedId Integer
The unique identifier for the resource. This identifier is defined by the server.
id String
The provider-assigned unique ID for this managed resource.
selfLink String
The URI of the created resource.
creationTimestamp string
Creation timestamp in RFC3339 text format.
fingerprint string
Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
generatedId number
The unique identifier for the resource. This identifier is defined by the server.
id string
The provider-assigned unique ID for this managed resource.
selfLink string
The URI of the created resource.
creation_timestamp str
Creation timestamp in RFC3339 text format.
fingerprint str
Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
generated_id int
The unique identifier for the resource. This identifier is defined by the server.
id str
The provider-assigned unique ID for this managed resource.
self_link str
The URI of the created resource.
creationTimestamp String
Creation timestamp in RFC3339 text format.
fingerprint String
Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
generatedId Number
The unique identifier for the resource. This identifier is defined by the server.
id String
The provider-assigned unique ID for this managed resource.
selfLink String
The URI of the created resource.

Look up Existing BackendService Resource

Get an existing BackendService resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: BackendServiceState, opts?: CustomResourceOptions): BackendService
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        affinity_cookie_ttl_sec: Optional[int] = None,
        backends: Optional[Sequence[BackendServiceBackendArgs]] = None,
        cdn_policy: Optional[BackendServiceCdnPolicyArgs] = None,
        circuit_breakers: Optional[BackendServiceCircuitBreakersArgs] = None,
        compression_mode: Optional[str] = None,
        connection_draining_timeout_sec: Optional[int] = None,
        consistent_hash: Optional[BackendServiceConsistentHashArgs] = None,
        creation_timestamp: Optional[str] = None,
        custom_metrics: Optional[Sequence[BackendServiceCustomMetricArgs]] = None,
        custom_request_headers: Optional[Sequence[str]] = None,
        custom_response_headers: Optional[Sequence[str]] = None,
        description: Optional[str] = None,
        edge_security_policy: Optional[str] = None,
        enable_cdn: Optional[bool] = None,
        fingerprint: Optional[str] = None,
        generated_id: Optional[int] = None,
        health_checks: Optional[str] = None,
        iap: Optional[BackendServiceIapArgs] = None,
        ip_address_selection_policy: Optional[str] = None,
        load_balancing_scheme: Optional[str] = None,
        locality_lb_policies: Optional[Sequence[BackendServiceLocalityLbPolicyArgs]] = None,
        locality_lb_policy: Optional[str] = None,
        log_config: Optional[BackendServiceLogConfigArgs] = None,
        name: Optional[str] = None,
        outlier_detection: Optional[BackendServiceOutlierDetectionArgs] = None,
        port_name: Optional[str] = None,
        project: Optional[str] = None,
        protocol: Optional[str] = None,
        security_policy: Optional[str] = None,
        security_settings: Optional[BackendServiceSecuritySettingsArgs] = None,
        self_link: Optional[str] = None,
        service_lb_policy: Optional[str] = None,
        session_affinity: Optional[str] = None,
        strong_session_affinity_cookie: Optional[BackendServiceStrongSessionAffinityCookieArgs] = None,
        timeout_sec: Optional[int] = None,
        tls_settings: Optional[BackendServiceTlsSettingsArgs] = None) -> BackendService
func GetBackendService(ctx *Context, name string, id IDInput, state *BackendServiceState, opts ...ResourceOption) (*BackendService, error)
public static BackendService Get(string name, Input<string> id, BackendServiceState? state, CustomResourceOptions? opts = null)
public static BackendService get(String name, Output<String> id, BackendServiceState state, CustomResourceOptions options)
resources:  _:    type: gcp:compute:BackendService    get:      id: ${id}
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name This property is required.
The unique name of the resulting resource.
id This property is required.
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
AffinityCookieTtlSec int
Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
Backends List<BackendServiceBackend>
The set of backends that serve this BackendService. Structure is documented below.
CdnPolicy BackendServiceCdnPolicy
Cloud CDN configuration for this BackendService. Structure is documented below.
CircuitBreakers BackendServiceCircuitBreakers
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
CompressionMode string
Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values are: AUTOMATIC, DISABLED.
ConnectionDrainingTimeoutSec int
Time for which instance will be drained (not accept new connections, but still work to finish started).
ConsistentHash BackendServiceConsistentHash
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
CreationTimestamp string
Creation timestamp in RFC3339 text format.
CustomMetrics List<BackendServiceCustomMetric>
List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
CustomRequestHeaders List<string>
Headers that the HTTP/S load balancer should add to proxied requests.
CustomResponseHeaders List<string>
Headers that the HTTP/S load balancer should add to proxied responses.
Description string
An optional description of this resource.
EdgeSecurityPolicy string
The resource URL for the edge security policy associated with this backend service.
EnableCdn bool
If true, enable Cloud CDN for this BackendService.
Fingerprint string
Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
GeneratedId int
The unique identifier for the resource. This identifier is defined by the server.
HealthChecks string
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
Iap BackendServiceIap
Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
IpAddressSelectionPolicy string
Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY.
LoadBalancingScheme Changes to this property will trigger replacement. string
Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED.
LocalityLbPolicies List<BackendServiceLocalityLbPolicy>
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
LocalityLbPolicy string
The load balancing algorithm used within the scope of the locality. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
  • WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.
  • WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:
  • A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED.
  • A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
  • A regional backend service with loadBalancingScheme set to EXTERNAL (External Network Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validate_for_proxyless field set to true. Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV, WEIGHTED_MAGLEV, WEIGHTED_ROUND_ROBIN.
LogConfig BackendServiceLogConfig
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
Name Changes to this property will trigger replacement. string
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


OutlierDetection BackendServiceOutlierDetection
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
PortName string
Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
Project Changes to this property will trigger replacement. string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Protocol string
The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED.
SecurityPolicy string
The security policy associated with this backend service.
SecuritySettings BackendServiceSecuritySettings
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
SelfLink string
The URI of the created resource.
ServiceLbPolicy string
URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
SessionAffinity string
Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY.
StrongSessionAffinityCookie BackendServiceStrongSessionAffinityCookie
Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
TimeoutSec int
The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
TlsSettings BackendServiceTlsSettings
Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
AffinityCookieTtlSec int
Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
Backends []BackendServiceBackendArgs
The set of backends that serve this BackendService. Structure is documented below.
CdnPolicy BackendServiceCdnPolicyArgs
Cloud CDN configuration for this BackendService. Structure is documented below.
CircuitBreakers BackendServiceCircuitBreakersArgs
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
CompressionMode string
Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values are: AUTOMATIC, DISABLED.
ConnectionDrainingTimeoutSec int
Time for which instance will be drained (not accept new connections, but still work to finish started).
ConsistentHash BackendServiceConsistentHashArgs
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
CreationTimestamp string
Creation timestamp in RFC3339 text format.
CustomMetrics []BackendServiceCustomMetricArgs
List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
CustomRequestHeaders []string
Headers that the HTTP/S load balancer should add to proxied requests.
CustomResponseHeaders []string
Headers that the HTTP/S load balancer should add to proxied responses.
Description string
An optional description of this resource.
EdgeSecurityPolicy string
The resource URL for the edge security policy associated with this backend service.
EnableCdn bool
If true, enable Cloud CDN for this BackendService.
Fingerprint string
Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
GeneratedId int
The unique identifier for the resource. This identifier is defined by the server.
HealthChecks string
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
Iap BackendServiceIapArgs
Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
IpAddressSelectionPolicy string
Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY.
LoadBalancingScheme Changes to this property will trigger replacement. string
Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED.
LocalityLbPolicies []BackendServiceLocalityLbPolicyArgs
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
LocalityLbPolicy string
The load balancing algorithm used within the scope of the locality. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
  • WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.
  • WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:
  • A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED.
  • A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
  • A regional backend service with loadBalancingScheme set to EXTERNAL (External Network Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validate_for_proxyless field set to true. Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV, WEIGHTED_MAGLEV, WEIGHTED_ROUND_ROBIN.
LogConfig BackendServiceLogConfigArgs
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
Name Changes to this property will trigger replacement. string
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


OutlierDetection BackendServiceOutlierDetectionArgs
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
PortName string
Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
Project Changes to this property will trigger replacement. string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Protocol string
The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED.
SecurityPolicy string
The security policy associated with this backend service.
SecuritySettings BackendServiceSecuritySettingsArgs
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
SelfLink string
The URI of the created resource.
ServiceLbPolicy string
URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
SessionAffinity string
Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY.
StrongSessionAffinityCookie BackendServiceStrongSessionAffinityCookieArgs
Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
TimeoutSec int
The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
TlsSettings BackendServiceTlsSettingsArgs
Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
affinityCookieTtlSec Integer
Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
backends List<BackendServiceBackend>
The set of backends that serve this BackendService. Structure is documented below.
cdnPolicy BackendServiceCdnPolicy
Cloud CDN configuration for this BackendService. Structure is documented below.
circuitBreakers BackendServiceCircuitBreakers
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
compressionMode String
Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values are: AUTOMATIC, DISABLED.
connectionDrainingTimeoutSec Integer
Time for which instance will be drained (not accept new connections, but still work to finish started).
consistentHash BackendServiceConsistentHash
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
creationTimestamp String
Creation timestamp in RFC3339 text format.
customMetrics List<BackendServiceCustomMetric>
List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
customRequestHeaders List<String>
Headers that the HTTP/S load balancer should add to proxied requests.
customResponseHeaders List<String>
Headers that the HTTP/S load balancer should add to proxied responses.
description String
An optional description of this resource.
edgeSecurityPolicy String
The resource URL for the edge security policy associated with this backend service.
enableCdn Boolean
If true, enable Cloud CDN for this BackendService.
fingerprint String
Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
generatedId Integer
The unique identifier for the resource. This identifier is defined by the server.
healthChecks String
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
iap BackendServiceIap
Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
ipAddressSelectionPolicy String
Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY.
loadBalancingScheme Changes to this property will trigger replacement. String
Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED.
localityLbPolicies List<BackendServiceLocalityLbPolicy>
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
localityLbPolicy String
The load balancing algorithm used within the scope of the locality. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
  • WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.
  • WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:
  • A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED.
  • A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
  • A regional backend service with loadBalancingScheme set to EXTERNAL (External Network Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validate_for_proxyless field set to true. Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV, WEIGHTED_MAGLEV, WEIGHTED_ROUND_ROBIN.
logConfig BackendServiceLogConfig
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
name Changes to this property will trigger replacement. String
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


outlierDetection BackendServiceOutlierDetection
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
portName String
Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
project Changes to this property will trigger replacement. String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
protocol String
The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED.
securityPolicy String
The security policy associated with this backend service.
securitySettings BackendServiceSecuritySettings
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
selfLink String
The URI of the created resource.
serviceLbPolicy String
URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
sessionAffinity String
Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY.
strongSessionAffinityCookie BackendServiceStrongSessionAffinityCookie
Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
timeoutSec Integer
The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
tlsSettings BackendServiceTlsSettings
Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
affinityCookieTtlSec number
Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
backends BackendServiceBackend[]
The set of backends that serve this BackendService. Structure is documented below.
cdnPolicy BackendServiceCdnPolicy
Cloud CDN configuration for this BackendService. Structure is documented below.
circuitBreakers BackendServiceCircuitBreakers
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
compressionMode string
Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values are: AUTOMATIC, DISABLED.
connectionDrainingTimeoutSec number
Time for which instance will be drained (not accept new connections, but still work to finish started).
consistentHash BackendServiceConsistentHash
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
creationTimestamp string
Creation timestamp in RFC3339 text format.
customMetrics BackendServiceCustomMetric[]
List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
customRequestHeaders string[]
Headers that the HTTP/S load balancer should add to proxied requests.
customResponseHeaders string[]
Headers that the HTTP/S load balancer should add to proxied responses.
description string
An optional description of this resource.
edgeSecurityPolicy string
The resource URL for the edge security policy associated with this backend service.
enableCdn boolean
If true, enable Cloud CDN for this BackendService.
fingerprint string
Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
generatedId number
The unique identifier for the resource. This identifier is defined by the server.
healthChecks string
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
iap BackendServiceIap
Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
ipAddressSelectionPolicy string
Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY.
loadBalancingScheme Changes to this property will trigger replacement. string
Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED.
localityLbPolicies BackendServiceLocalityLbPolicy[]
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
localityLbPolicy string
The load balancing algorithm used within the scope of the locality. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
  • WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.
  • WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:
  • A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED.
  • A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
  • A regional backend service with loadBalancingScheme set to EXTERNAL (External Network Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validate_for_proxyless field set to true. Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV, WEIGHTED_MAGLEV, WEIGHTED_ROUND_ROBIN.
logConfig BackendServiceLogConfig
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
name Changes to this property will trigger replacement. string
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


outlierDetection BackendServiceOutlierDetection
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
portName string
Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
project Changes to this property will trigger replacement. string
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
protocol string
The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED.
securityPolicy string
The security policy associated with this backend service.
securitySettings BackendServiceSecuritySettings
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
selfLink string
The URI of the created resource.
serviceLbPolicy string
URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
sessionAffinity string
Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY.
strongSessionAffinityCookie BackendServiceStrongSessionAffinityCookie
Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
timeoutSec number
The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
tlsSettings BackendServiceTlsSettings
Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
affinity_cookie_ttl_sec int
Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
backends Sequence[BackendServiceBackendArgs]
The set of backends that serve this BackendService. Structure is documented below.
cdn_policy BackendServiceCdnPolicyArgs
Cloud CDN configuration for this BackendService. Structure is documented below.
circuit_breakers BackendServiceCircuitBreakersArgs
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
compression_mode str
Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values are: AUTOMATIC, DISABLED.
connection_draining_timeout_sec int
Time for which instance will be drained (not accept new connections, but still work to finish started).
consistent_hash BackendServiceConsistentHashArgs
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
creation_timestamp str
Creation timestamp in RFC3339 text format.
custom_metrics Sequence[BackendServiceCustomMetricArgs]
List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
custom_request_headers Sequence[str]
Headers that the HTTP/S load balancer should add to proxied requests.
custom_response_headers Sequence[str]
Headers that the HTTP/S load balancer should add to proxied responses.
description str
An optional description of this resource.
edge_security_policy str
The resource URL for the edge security policy associated with this backend service.
enable_cdn bool
If true, enable Cloud CDN for this BackendService.
fingerprint str
Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
generated_id int
The unique identifier for the resource. This identifier is defined by the server.
health_checks str
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
iap BackendServiceIapArgs
Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
ip_address_selection_policy str
Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY.
load_balancing_scheme Changes to this property will trigger replacement. str
Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED.
locality_lb_policies Sequence[BackendServiceLocalityLbPolicyArgs]
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
locality_lb_policy str
The load balancing algorithm used within the scope of the locality. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
  • WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.
  • WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:
  • A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED.
  • A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
  • A regional backend service with loadBalancingScheme set to EXTERNAL (External Network Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validate_for_proxyless field set to true. Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV, WEIGHTED_MAGLEV, WEIGHTED_ROUND_ROBIN.
log_config BackendServiceLogConfigArgs
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
name Changes to this property will trigger replacement. str
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


outlier_detection BackendServiceOutlierDetectionArgs
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
port_name str
Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
project Changes to this property will trigger replacement. str
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
protocol str
The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED.
security_policy str
The security policy associated with this backend service.
security_settings BackendServiceSecuritySettingsArgs
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
self_link str
The URI of the created resource.
service_lb_policy str
URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
session_affinity str
Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY.
strong_session_affinity_cookie BackendServiceStrongSessionAffinityCookieArgs
Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
timeout_sec int
The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
tls_settings BackendServiceTlsSettingsArgs
Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.
affinityCookieTtlSec Number
Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.
backends List<Property Map>
The set of backends that serve this BackendService. Structure is documented below.
cdnPolicy Property Map
Cloud CDN configuration for this BackendService. Structure is documented below.
circuitBreakers Property Map
Settings controlling the volume of connections to a backend service. This field is applicable only when the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. Structure is documented below.
compressionMode String
Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header. Possible values are: AUTOMATIC, DISABLED.
connectionDrainingTimeoutSec Number
Time for which instance will be drained (not accept new connections, but still work to finish started).
consistentHash Property Map
Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field only applies if the load_balancing_scheme is set to INTERNAL_SELF_MANAGED. This field is only applicable when locality_lb_policy is set to MAGLEV or RING_HASH. Structure is documented below.
creationTimestamp String
Creation timestamp in RFC3339 text format.
customMetrics List<Property Map>
List of custom metrics that are used for the WEIGHTED_ROUND_ROBIN locality_lb_policy. Structure is documented below.
customRequestHeaders List<String>
Headers that the HTTP/S load balancer should add to proxied requests.
customResponseHeaders List<String>
Headers that the HTTP/S load balancer should add to proxied responses.
description String
An optional description of this resource.
edgeSecurityPolicy String
The resource URL for the edge security policy associated with this backend service.
enableCdn Boolean
If true, enable Cloud CDN for this BackendService.
fingerprint String
Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
generatedId Number
The unique identifier for the resource. This identifier is defined by the server.
healthChecks String
The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. For internal load balancing, a URL to a HealthCheck resource must be specified instead.
iap Property Map
Settings for enabling Cloud Identity Aware Proxy. If OAuth client is not set, the Google-managed OAuth client is used. Structure is documented below.
ipAddressSelectionPolicy String
Specifies preference of traffic to the backend (from the proxy and from the client for proxyless gRPC). Possible values are: IPV4_ONLY, PREFER_IPV6, IPV6_ONLY.
loadBalancingScheme Changes to this property will trigger replacement. String
Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. For more information, refer to Choosing a load balancer. Default value is EXTERNAL. Possible values are: EXTERNAL, INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, EXTERNAL_MANAGED.
localityLbPolicies List<Property Map>
A list of locality load balancing policies to be used in order of preference. Either the policy or the customPolicy field should be set. Overrides any value set in the localityLbPolicy field. localityLbPolicies is only supported when the BackendService is referenced by a URL Map that is referenced by a target gRPC proxy that has the validateForProxyless field set to true. Structure is documented below.
localityLbPolicy String
The load balancing algorithm used within the scope of the locality. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824
  • WEIGHTED_MAGLEV: Per-instance weighted Load Balancing via health check reported weights. Only applicable to loadBalancingScheme EXTERNAL. If set, the Backend Service must configure a non legacy HTTP-based Health Check, and health check replies are expected to contain non-standard HTTP response header field X-Load-Balancing-Endpoint-Weight to specify the per-instance weights. If set, Load Balancing is weight based on the per-instance weights reported in the last processed health check replies, as long as every instance either reported a valid weight or had UNAVAILABLE_WEIGHT. Otherwise, Load Balancing remains equal-weight.
  • WEIGHTED_ROUND_ROBIN: Per-endpoint weighted round-robin Load Balancing using weights computed from Backend reported Custom Metrics. If set, the Backend Service responses are expected to contain non-standard HTTP response header field X-Endpoint-Load-Metrics. The reported metrics to use for computing the weights are specified via the backends[].customMetrics fields. locality_lb_policy is applicable to either:
  • A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED.
  • A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED.
  • A regional backend service with loadBalancingScheme set to EXTERNAL (External Network Load Balancing). Only MAGLEV and WEIGHTED_MAGLEV values are possible for External Network Load Balancing. The default is MAGLEV. If session_affinity is not NONE, and locality_lb_policy is not set to MAGLEV, WEIGHTED_MAGLEV, or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validate_for_proxyless field set to true. Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV, WEIGHTED_MAGLEV, WEIGHTED_ROUND_ROBIN.
logConfig Property Map
This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver. Structure is documented below.
name Changes to this property will trigger replacement. String
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


outlierDetection Property Map
Settings controlling eviction of unhealthy hosts from the load balancing pool. Applicable backend service types can be a global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. Structure is documented below.
portName String
Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.
project Changes to this property will trigger replacement. String
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
protocol String
The protocol this BackendService uses to communicate with backends. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API. NOTE: With protocol “UNSPECIFIED”, the backend service can be used by Layer 4 Internal Load Balancing or Network Load Balancing with TCP/UDP/L3_DEFAULT Forwarding Rule protocol. Possible values are: HTTP, HTTPS, HTTP2, TCP, SSL, GRPC, UNSPECIFIED.
securityPolicy String
The security policy associated with this backend service.
securitySettings Property Map
The security settings that apply to this backend service. This field is applicable to either a regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED; or a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. Structure is documented below.
selfLink String
The URI of the created resource.
serviceLbPolicy String
URL to networkservices.ServiceLbPolicy resource. Can only be set if load balancing scheme is EXTERNAL, EXTERNAL_MANAGED, INTERNAL_MANAGED or INTERNAL_SELF_MANAGED and the scope is global.
sessionAffinity String
Type of session affinity to use. The default is NONE. Session affinity is not applicable if the protocol is UDP. Possible values are: NONE, CLIENT_IP, CLIENT_IP_PORT_PROTO, CLIENT_IP_PROTO, GENERATED_COOKIE, HEADER_FIELD, HTTP_COOKIE, STRONG_COOKIE_AFFINITY.
strongSessionAffinityCookie Property Map
Describes the HTTP cookie used for stateful session affinity. This field is applicable and required if the sessionAffinity is set to STRONG_COOKIE_AFFINITY. Structure is documented below.
timeoutSec Number
The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds.
tlsSettings Property Map
Configuration for Backend Authenticated TLS and mTLS. May only be specified when the backend protocol is SSL, HTTPS or HTTP2. Structure is documented below.

Supporting Types

BackendServiceBackend
, BackendServiceBackendArgs

Group This property is required. string
The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL.
BalancingMode string
Specifies the balancing mode for this backend. For global HTTP(S) or TCP/SSL load balancing, the default is UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)), CUSTOM_METRICS (for HTTP(s)) and CONNECTION (for TCP/SSL). See the Backend Services Overview for an explanation of load balancing modes. Default value is UTILIZATION. Possible values are: UTILIZATION, RATE, CONNECTION, CUSTOM_METRICS.
CapacityScaler double
A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
CustomMetrics List<BackendServiceBackendCustomMetric>
The set of custom metrics that are used for CUSTOM_METRICS BalancingMode. Structure is documented below.
Description string
An optional description of this resource. Provide this property when you create the resource.
MaxConnections int
The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.
MaxConnectionsPerEndpoint int
The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.
MaxConnectionsPerInstance int
The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.
MaxRate int
The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.
MaxRatePerEndpoint double
The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.
MaxRatePerInstance double
The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.
MaxUtilization double
Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0].
Group This property is required. string
The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL.
BalancingMode string
Specifies the balancing mode for this backend. For global HTTP(S) or TCP/SSL load balancing, the default is UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)), CUSTOM_METRICS (for HTTP(s)) and CONNECTION (for TCP/SSL). See the Backend Services Overview for an explanation of load balancing modes. Default value is UTILIZATION. Possible values are: UTILIZATION, RATE, CONNECTION, CUSTOM_METRICS.
CapacityScaler float64
A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
CustomMetrics []BackendServiceBackendCustomMetric
The set of custom metrics that are used for CUSTOM_METRICS BalancingMode. Structure is documented below.
Description string
An optional description of this resource. Provide this property when you create the resource.
MaxConnections int
The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.
MaxConnectionsPerEndpoint int
The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.
MaxConnectionsPerInstance int
The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.
MaxRate int
The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.
MaxRatePerEndpoint float64
The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.
MaxRatePerInstance float64
The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.
MaxUtilization float64
Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0].
group This property is required. String
The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL.
balancingMode String
Specifies the balancing mode for this backend. For global HTTP(S) or TCP/SSL load balancing, the default is UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)), CUSTOM_METRICS (for HTTP(s)) and CONNECTION (for TCP/SSL). See the Backend Services Overview for an explanation of load balancing modes. Default value is UTILIZATION. Possible values are: UTILIZATION, RATE, CONNECTION, CUSTOM_METRICS.
capacityScaler Double
A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
customMetrics List<BackendServiceBackendCustomMetric>
The set of custom metrics that are used for CUSTOM_METRICS BalancingMode. Structure is documented below.
description String
An optional description of this resource. Provide this property when you create the resource.
maxConnections Integer
The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.
maxConnectionsPerEndpoint Integer
The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.
maxConnectionsPerInstance Integer
The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.
maxRate Integer
The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.
maxRatePerEndpoint Double
The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.
maxRatePerInstance Double
The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.
maxUtilization Double
Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0].
group This property is required. string
The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL.
balancingMode string
Specifies the balancing mode for this backend. For global HTTP(S) or TCP/SSL load balancing, the default is UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)), CUSTOM_METRICS (for HTTP(s)) and CONNECTION (for TCP/SSL). See the Backend Services Overview for an explanation of load balancing modes. Default value is UTILIZATION. Possible values are: UTILIZATION, RATE, CONNECTION, CUSTOM_METRICS.
capacityScaler number
A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
customMetrics BackendServiceBackendCustomMetric[]
The set of custom metrics that are used for CUSTOM_METRICS BalancingMode. Structure is documented below.
description string
An optional description of this resource. Provide this property when you create the resource.
maxConnections number
The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.
maxConnectionsPerEndpoint number
The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.
maxConnectionsPerInstance number
The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.
maxRate number
The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.
maxRatePerEndpoint number
The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.
maxRatePerInstance number
The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.
maxUtilization number
Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0].
group This property is required. str
The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL.
balancing_mode str
Specifies the balancing mode for this backend. For global HTTP(S) or TCP/SSL load balancing, the default is UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)), CUSTOM_METRICS (for HTTP(s)) and CONNECTION (for TCP/SSL). See the Backend Services Overview for an explanation of load balancing modes. Default value is UTILIZATION. Possible values are: UTILIZATION, RATE, CONNECTION, CUSTOM_METRICS.
capacity_scaler float
A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
custom_metrics Sequence[BackendServiceBackendCustomMetric]
The set of custom metrics that are used for CUSTOM_METRICS BalancingMode. Structure is documented below.
description str
An optional description of this resource. Provide this property when you create the resource.
max_connections int
The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.
max_connections_per_endpoint int
The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.
max_connections_per_instance int
The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.
max_rate int
The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.
max_rate_per_endpoint float
The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.
max_rate_per_instance float
The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.
max_utilization float
Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0].
group This property is required. String
The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend services cannot mix Instance Group and Network Endpoint Group backends. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL.
balancingMode String
Specifies the balancing mode for this backend. For global HTTP(S) or TCP/SSL load balancing, the default is UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)), CUSTOM_METRICS (for HTTP(s)) and CONNECTION (for TCP/SSL). See the Backend Services Overview for an explanation of load balancing modes. Default value is UTILIZATION. Possible values are: UTILIZATION, RATE, CONNECTION, CUSTOM_METRICS.
capacityScaler Number
A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].
customMetrics List<Property Map>
The set of custom metrics that are used for CUSTOM_METRICS BalancingMode. Structure is documented below.
description String
An optional description of this resource. Provide this property when you create the resource.
maxConnections Number
The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.
maxConnectionsPerEndpoint Number
The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.
maxConnectionsPerInstance Number
The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.
maxRate Number
The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.
maxRatePerEndpoint Number
The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.
maxRatePerInstance Number
The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.
maxUtilization Number
Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. Valid range is [0.0, 1.0].

BackendServiceBackendCustomMetric
, BackendServiceBackendCustomMetricArgs

DryRun This property is required. bool
If true, the metric data is not used for load balancing.
Name This property is required. string
Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
MaxUtilization double
Optional parameter to define a target utilization for the Custom Metrics balancing mode. The valid range is [0.0, 1.0].
DryRun This property is required. bool
If true, the metric data is not used for load balancing.
Name This property is required. string
Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
MaxUtilization float64
Optional parameter to define a target utilization for the Custom Metrics balancing mode. The valid range is [0.0, 1.0].
dryRun This property is required. Boolean
If true, the metric data is not used for load balancing.
name This property is required. String
Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
maxUtilization Double
Optional parameter to define a target utilization for the Custom Metrics balancing mode. The valid range is [0.0, 1.0].
dryRun This property is required. boolean
If true, the metric data is not used for load balancing.
name This property is required. string
Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
maxUtilization number
Optional parameter to define a target utilization for the Custom Metrics balancing mode. The valid range is [0.0, 1.0].
dry_run This property is required. bool
If true, the metric data is not used for load balancing.
name This property is required. str
Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
max_utilization float
Optional parameter to define a target utilization for the Custom Metrics balancing mode. The valid range is [0.0, 1.0].
dryRun This property is required. Boolean
If true, the metric data is not used for load balancing.
name This property is required. String
Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
maxUtilization Number
Optional parameter to define a target utilization for the Custom Metrics balancing mode. The valid range is [0.0, 1.0].

BackendServiceCdnPolicy
, BackendServiceCdnPolicyArgs

BypassCacheOnRequestHeaders List<BackendServiceCdnPolicyBypassCacheOnRequestHeader>
Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
CacheKeyPolicy BackendServiceCdnPolicyCacheKeyPolicy
The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
CacheMode string
Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL, CACHE_ALL_STATIC.
ClientTtl int
Specifies the maximum allowed TTL for cached content served by this origin.
DefaultTtl int
Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
MaxTtl int
Specifies the maximum allowed TTL for cached content served by this origin.
NegativeCaching bool
Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.
NegativeCachingPolicies List<BackendServiceCdnPolicyNegativeCachingPolicy>
Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. Structure is documented below.
ServeWhileStale int
Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.
SignedUrlCacheMaxAgeSec int
Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.
BypassCacheOnRequestHeaders []BackendServiceCdnPolicyBypassCacheOnRequestHeader
Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
CacheKeyPolicy BackendServiceCdnPolicyCacheKeyPolicy
The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
CacheMode string
Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL, CACHE_ALL_STATIC.
ClientTtl int
Specifies the maximum allowed TTL for cached content served by this origin.
DefaultTtl int
Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
MaxTtl int
Specifies the maximum allowed TTL for cached content served by this origin.
NegativeCaching bool
Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.
NegativeCachingPolicies []BackendServiceCdnPolicyNegativeCachingPolicy
Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. Structure is documented below.
ServeWhileStale int
Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.
SignedUrlCacheMaxAgeSec int
Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.
bypassCacheOnRequestHeaders List<BackendServiceCdnPolicyBypassCacheOnRequestHeader>
Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
cacheKeyPolicy BackendServiceCdnPolicyCacheKeyPolicy
The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
cacheMode String
Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL, CACHE_ALL_STATIC.
clientTtl Integer
Specifies the maximum allowed TTL for cached content served by this origin.
defaultTtl Integer
Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
maxTtl Integer
Specifies the maximum allowed TTL for cached content served by this origin.
negativeCaching Boolean
Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.
negativeCachingPolicies List<BackendServiceCdnPolicyNegativeCachingPolicy>
Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. Structure is documented below.
serveWhileStale Integer
Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.
signedUrlCacheMaxAgeSec Integer
Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.
bypassCacheOnRequestHeaders BackendServiceCdnPolicyBypassCacheOnRequestHeader[]
Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
cacheKeyPolicy BackendServiceCdnPolicyCacheKeyPolicy
The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
cacheMode string
Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL, CACHE_ALL_STATIC.
clientTtl number
Specifies the maximum allowed TTL for cached content served by this origin.
defaultTtl number
Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
maxTtl number
Specifies the maximum allowed TTL for cached content served by this origin.
negativeCaching boolean
Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.
negativeCachingPolicies BackendServiceCdnPolicyNegativeCachingPolicy[]
Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. Structure is documented below.
serveWhileStale number
Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.
signedUrlCacheMaxAgeSec number
Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.
bypass_cache_on_request_headers Sequence[BackendServiceCdnPolicyBypassCacheOnRequestHeader]
Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
cache_key_policy BackendServiceCdnPolicyCacheKeyPolicy
The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
cache_mode str
Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL, CACHE_ALL_STATIC.
client_ttl int
Specifies the maximum allowed TTL for cached content served by this origin.
default_ttl int
Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
max_ttl int
Specifies the maximum allowed TTL for cached content served by this origin.
negative_caching bool
Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.
negative_caching_policies Sequence[BackendServiceCdnPolicyNegativeCachingPolicy]
Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. Structure is documented below.
serve_while_stale int
Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.
signed_url_cache_max_age_sec int
Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.
bypassCacheOnRequestHeaders List<Property Map>
Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings. Structure is documented below.
cacheKeyPolicy Property Map
The CacheKeyPolicy for this CdnPolicy. Structure is documented below.
cacheMode String
Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL and CACHE_ALL_STATIC Possible values are: USE_ORIGIN_HEADERS, FORCE_CACHE_ALL, CACHE_ALL_STATIC.
clientTtl Number
Specifies the maximum allowed TTL for cached content served by this origin.
defaultTtl Number
Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age).
maxTtl Number
Specifies the maximum allowed TTL for cached content served by this origin.
negativeCaching Boolean
Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects.
negativeCachingPolicies List<Property Map>
Sets a cache TTL for the specified HTTP status code. negativeCaching must be enabled to configure negativeCachingPolicy. Omitting the policy and leaving negativeCaching enabled will use Cloud CDN's default cache TTLs. Structure is documented below.
serveWhileStale Number
Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache.
signedUrlCacheMaxAgeSec Number
Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.

BackendServiceCdnPolicyBypassCacheOnRequestHeader
, BackendServiceCdnPolicyBypassCacheOnRequestHeaderArgs

HeaderName This property is required. string
The header field name to match on when bypassing cache. Values are case-insensitive.
HeaderName This property is required. string
The header field name to match on when bypassing cache. Values are case-insensitive.
headerName This property is required. String
The header field name to match on when bypassing cache. Values are case-insensitive.
headerName This property is required. string
The header field name to match on when bypassing cache. Values are case-insensitive.
header_name This property is required. str
The header field name to match on when bypassing cache. Values are case-insensitive.
headerName This property is required. String
The header field name to match on when bypassing cache. Values are case-insensitive.

BackendServiceCdnPolicyCacheKeyPolicy
, BackendServiceCdnPolicyCacheKeyPolicyArgs

IncludeHost bool
If true requests to different hosts will be cached separately.
IncludeHttpHeaders List<string>
Allows HTTP request headers (by name) to be used in the cache key.
IncludeNamedCookies List<string>
Names of cookies to include in cache keys.
IncludeProtocol bool
If true, http and https requests will be cached separately.
IncludeQueryString bool
If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.
QueryStringBlacklists List<string>
Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
QueryStringWhitelists List<string>
Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
IncludeHost bool
If true requests to different hosts will be cached separately.
IncludeHttpHeaders []string
Allows HTTP request headers (by name) to be used in the cache key.
IncludeNamedCookies []string
Names of cookies to include in cache keys.
IncludeProtocol bool
If true, http and https requests will be cached separately.
IncludeQueryString bool
If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.
QueryStringBlacklists []string
Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
QueryStringWhitelists []string
Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
includeHost Boolean
If true requests to different hosts will be cached separately.
includeHttpHeaders List<String>
Allows HTTP request headers (by name) to be used in the cache key.
includeNamedCookies List<String>
Names of cookies to include in cache keys.
includeProtocol Boolean
If true, http and https requests will be cached separately.
includeQueryString Boolean
If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.
queryStringBlacklists List<String>
Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
queryStringWhitelists List<String>
Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
includeHost boolean
If true requests to different hosts will be cached separately.
includeHttpHeaders string[]
Allows HTTP request headers (by name) to be used in the cache key.
includeNamedCookies string[]
Names of cookies to include in cache keys.
includeProtocol boolean
If true, http and https requests will be cached separately.
includeQueryString boolean
If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.
queryStringBlacklists string[]
Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
queryStringWhitelists string[]
Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
include_host bool
If true requests to different hosts will be cached separately.
include_http_headers Sequence[str]
Allows HTTP request headers (by name) to be used in the cache key.
include_named_cookies Sequence[str]
Names of cookies to include in cache keys.
include_protocol bool
If true, http and https requests will be cached separately.
include_query_string bool
If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.
query_string_blacklists Sequence[str]
Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
query_string_whitelists Sequence[str]
Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
includeHost Boolean
If true requests to different hosts will be cached separately.
includeHttpHeaders List<String>
Allows HTTP request headers (by name) to be used in the cache key.
includeNamedCookies List<String>
Names of cookies to include in cache keys.
includeProtocol Boolean
If true, http and https requests will be cached separately.
includeQueryString Boolean
If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.
queryStringBlacklists List<String>
Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.
queryStringWhitelists List<String>
Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.

BackendServiceCdnPolicyNegativeCachingPolicy
, BackendServiceCdnPolicyNegativeCachingPolicyArgs

Code int
The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once.
Ttl int
The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
Code int
The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once.
Ttl int
The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
code Integer
The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once.
ttl Integer
The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
code number
The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once.
ttl number
The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
code int
The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once.
ttl int
The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.
code Number
The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 308, 404, 405, 410, 421, 451 and 501 can be specified as values, and you cannot specify a status code more than once.
ttl Number
The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.

BackendServiceCircuitBreakers
, BackendServiceCircuitBreakersArgs

ConnectTimeout BackendServiceCircuitBreakersConnectTimeout
The timeout for new network connections to hosts. Structure is documented below.
MaxConnections int
The maximum number of connections to the backend cluster. Defaults to 1024.
MaxPendingRequests int
The maximum number of pending requests to the backend cluster. Defaults to 1024.
MaxRequests int
The maximum number of parallel requests to the backend cluster. Defaults to 1024.
MaxRequestsPerConnection int
Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.
MaxRetries int
The maximum number of parallel retries to the backend cluster. Defaults to 3.
ConnectTimeout BackendServiceCircuitBreakersConnectTimeout
The timeout for new network connections to hosts. Structure is documented below.
MaxConnections int
The maximum number of connections to the backend cluster. Defaults to 1024.
MaxPendingRequests int
The maximum number of pending requests to the backend cluster. Defaults to 1024.
MaxRequests int
The maximum number of parallel requests to the backend cluster. Defaults to 1024.
MaxRequestsPerConnection int
Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.
MaxRetries int
The maximum number of parallel retries to the backend cluster. Defaults to 3.
connectTimeout BackendServiceCircuitBreakersConnectTimeout
The timeout for new network connections to hosts. Structure is documented below.
maxConnections Integer
The maximum number of connections to the backend cluster. Defaults to 1024.
maxPendingRequests Integer
The maximum number of pending requests to the backend cluster. Defaults to 1024.
maxRequests Integer
The maximum number of parallel requests to the backend cluster. Defaults to 1024.
maxRequestsPerConnection Integer
Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.
maxRetries Integer
The maximum number of parallel retries to the backend cluster. Defaults to 3.
connectTimeout BackendServiceCircuitBreakersConnectTimeout
The timeout for new network connections to hosts. Structure is documented below.
maxConnections number
The maximum number of connections to the backend cluster. Defaults to 1024.
maxPendingRequests number
The maximum number of pending requests to the backend cluster. Defaults to 1024.
maxRequests number
The maximum number of parallel requests to the backend cluster. Defaults to 1024.
maxRequestsPerConnection number
Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.
maxRetries number
The maximum number of parallel retries to the backend cluster. Defaults to 3.
connect_timeout BackendServiceCircuitBreakersConnectTimeout
The timeout for new network connections to hosts. Structure is documented below.
max_connections int
The maximum number of connections to the backend cluster. Defaults to 1024.
max_pending_requests int
The maximum number of pending requests to the backend cluster. Defaults to 1024.
max_requests int
The maximum number of parallel requests to the backend cluster. Defaults to 1024.
max_requests_per_connection int
Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.
max_retries int
The maximum number of parallel retries to the backend cluster. Defaults to 3.
connectTimeout Property Map
The timeout for new network connections to hosts. Structure is documented below.
maxConnections Number
The maximum number of connections to the backend cluster. Defaults to 1024.
maxPendingRequests Number
The maximum number of pending requests to the backend cluster. Defaults to 1024.
maxRequests Number
The maximum number of parallel requests to the backend cluster. Defaults to 1024.
maxRequestsPerConnection Number
Maximum requests for a single backend connection. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive.
maxRetries Number
The maximum number of parallel retries to the backend cluster. Defaults to 3.

BackendServiceCircuitBreakersConnectTimeout
, BackendServiceCircuitBreakersConnectTimeoutArgs

Seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
Nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
Seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
Nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. Integer
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos Integer
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. number
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos number
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. Number
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos Number
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.

BackendServiceConsistentHash
, BackendServiceConsistentHashArgs

HttpCookie BackendServiceConsistentHashHttpCookie
Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
HttpHeaderName string
The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.
MinimumRingSize int
The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.
HttpCookie BackendServiceConsistentHashHttpCookie
Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
HttpHeaderName string
The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.
MinimumRingSize int
The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.
httpCookie BackendServiceConsistentHashHttpCookie
Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
httpHeaderName String
The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.
minimumRingSize Integer
The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.
httpCookie BackendServiceConsistentHashHttpCookie
Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
httpHeaderName string
The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.
minimumRingSize number
The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.
http_cookie BackendServiceConsistentHashHttpCookie
Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
http_header_name str
The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.
minimum_ring_size int
The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.
httpCookie Property Map
Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Structure is documented below.
httpHeaderName String
The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.
minimumRingSize Number
The minimum number of virtual nodes to use for the hash ring. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node. Defaults to 1024.

BackendServiceConsistentHashHttpCookie
, BackendServiceConsistentHashHttpCookieArgs

Name string
Name of the cookie.
Path string
Path to set for the cookie.
Ttl BackendServiceConsistentHashHttpCookieTtl
Lifetime of the cookie. Structure is documented below.
Name string
Name of the cookie.
Path string
Path to set for the cookie.
Ttl BackendServiceConsistentHashHttpCookieTtl
Lifetime of the cookie. Structure is documented below.
name String
Name of the cookie.
path String
Path to set for the cookie.
ttl BackendServiceConsistentHashHttpCookieTtl
Lifetime of the cookie. Structure is documented below.
name string
Name of the cookie.
path string
Path to set for the cookie.
ttl BackendServiceConsistentHashHttpCookieTtl
Lifetime of the cookie. Structure is documented below.
name str
Name of the cookie.
path str
Path to set for the cookie.
ttl BackendServiceConsistentHashHttpCookieTtl
Lifetime of the cookie. Structure is documented below.
name String
Name of the cookie.
path String
Path to set for the cookie.
ttl Property Map
Lifetime of the cookie. Structure is documented below.

BackendServiceConsistentHashHttpCookieTtl
, BackendServiceConsistentHashHttpCookieTtlArgs

Seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
Nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
Seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
Nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. Integer
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos Integer
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. number
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos number
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. Number
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos Number
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.

BackendServiceCustomMetric
, BackendServiceCustomMetricArgs

DryRun This property is required. bool
If true, the metric data is not used for load balancing.
Name This property is required. string
Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
DryRun This property is required. bool
If true, the metric data is not used for load balancing.
Name This property is required. string
Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
dryRun This property is required. Boolean
If true, the metric data is not used for load balancing.
name This property is required. String
Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
dryRun This property is required. boolean
If true, the metric data is not used for load balancing.
name This property is required. string
Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
dry_run This property is required. bool
If true, the metric data is not used for load balancing.
name This property is required. str
Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.
dryRun This property is required. Boolean
If true, the metric data is not used for load balancing.
name This property is required. String
Name of a custom utilization signal. The name must be 1-64 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, period, underscore, lowercase letter, or digit, except the last character, which cannot be a dash, period, or underscore. For usage guidelines, see Custom Metrics balancing mode. This field can only be used for a global or regional backend service with the loadBalancingScheme set to EXTERNAL_MANAGED, INTERNAL_MANAGED INTERNAL_SELF_MANAGED.

BackendServiceIap
, BackendServiceIapArgs

Enabled This property is required. bool
Whether the serving infrastructure will authenticate and authorize all incoming requests.
Oauth2ClientId string
OAuth2 Client ID for IAP
Oauth2ClientSecret string
OAuth2 Client Secret for IAP Note: This property is sensitive and will not be displayed in the plan.
Oauth2ClientSecretSha256 string
(Output) OAuth2 Client Secret SHA-256 for IAP Note: This property is sensitive and will not be displayed in the plan.
Enabled This property is required. bool
Whether the serving infrastructure will authenticate and authorize all incoming requests.
Oauth2ClientId string
OAuth2 Client ID for IAP
Oauth2ClientSecret string
OAuth2 Client Secret for IAP Note: This property is sensitive and will not be displayed in the plan.
Oauth2ClientSecretSha256 string
(Output) OAuth2 Client Secret SHA-256 for IAP Note: This property is sensitive and will not be displayed in the plan.
enabled This property is required. Boolean
Whether the serving infrastructure will authenticate and authorize all incoming requests.
oauth2ClientId String
OAuth2 Client ID for IAP
oauth2ClientSecret String
OAuth2 Client Secret for IAP Note: This property is sensitive and will not be displayed in the plan.
oauth2ClientSecretSha256 String
(Output) OAuth2 Client Secret SHA-256 for IAP Note: This property is sensitive and will not be displayed in the plan.
enabled This property is required. boolean
Whether the serving infrastructure will authenticate and authorize all incoming requests.
oauth2ClientId string
OAuth2 Client ID for IAP
oauth2ClientSecret string
OAuth2 Client Secret for IAP Note: This property is sensitive and will not be displayed in the plan.
oauth2ClientSecretSha256 string
(Output) OAuth2 Client Secret SHA-256 for IAP Note: This property is sensitive and will not be displayed in the plan.
enabled This property is required. bool
Whether the serving infrastructure will authenticate and authorize all incoming requests.
oauth2_client_id str
OAuth2 Client ID for IAP
oauth2_client_secret str
OAuth2 Client Secret for IAP Note: This property is sensitive and will not be displayed in the plan.
oauth2_client_secret_sha256 str
(Output) OAuth2 Client Secret SHA-256 for IAP Note: This property is sensitive and will not be displayed in the plan.
enabled This property is required. Boolean
Whether the serving infrastructure will authenticate and authorize all incoming requests.
oauth2ClientId String
OAuth2 Client ID for IAP
oauth2ClientSecret String
OAuth2 Client Secret for IAP Note: This property is sensitive and will not be displayed in the plan.
oauth2ClientSecretSha256 String
(Output) OAuth2 Client Secret SHA-256 for IAP Note: This property is sensitive and will not be displayed in the plan.

BackendServiceLocalityLbPolicy
, BackendServiceLocalityLbPolicyArgs

CustomPolicy BackendServiceLocalityLbPolicyCustomPolicy
The configuration for a custom policy implemented by the user and deployed with the client. Structure is documented below.
Policy BackendServiceLocalityLbPolicyPolicy
The configuration for a built-in load balancing policy. Structure is documented below.
CustomPolicy BackendServiceLocalityLbPolicyCustomPolicy
The configuration for a custom policy implemented by the user and deployed with the client. Structure is documented below.
Policy BackendServiceLocalityLbPolicyPolicy
The configuration for a built-in load balancing policy. Structure is documented below.
customPolicy BackendServiceLocalityLbPolicyCustomPolicy
The configuration for a custom policy implemented by the user and deployed with the client. Structure is documented below.
policy BackendServiceLocalityLbPolicyPolicy
The configuration for a built-in load balancing policy. Structure is documented below.
customPolicy BackendServiceLocalityLbPolicyCustomPolicy
The configuration for a custom policy implemented by the user and deployed with the client. Structure is documented below.
policy BackendServiceLocalityLbPolicyPolicy
The configuration for a built-in load balancing policy. Structure is documented below.
custom_policy BackendServiceLocalityLbPolicyCustomPolicy
The configuration for a custom policy implemented by the user and deployed with the client. Structure is documented below.
policy BackendServiceLocalityLbPolicyPolicy
The configuration for a built-in load balancing policy. Structure is documented below.
customPolicy Property Map
The configuration for a custom policy implemented by the user and deployed with the client. Structure is documented below.
policy Property Map
The configuration for a built-in load balancing policy. Structure is documented below.

BackendServiceLocalityLbPolicyCustomPolicy
, BackendServiceLocalityLbPolicyCustomPolicyArgs

Name This property is required. string
Identifies the custom policy. The value should match the type the custom implementation is registered with on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (e.g. myorg.CustomLbPolicy). The maximum length is 256 characters. Note that specifying the same custom policy more than once for a backend is not a valid configuration and will be rejected.
Data string
An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.
Name This property is required. string
Identifies the custom policy. The value should match the type the custom implementation is registered with on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (e.g. myorg.CustomLbPolicy). The maximum length is 256 characters. Note that specifying the same custom policy more than once for a backend is not a valid configuration and will be rejected.
Data string
An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.
name This property is required. String
Identifies the custom policy. The value should match the type the custom implementation is registered with on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (e.g. myorg.CustomLbPolicy). The maximum length is 256 characters. Note that specifying the same custom policy more than once for a backend is not a valid configuration and will be rejected.
data String
An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.
name This property is required. string
Identifies the custom policy. The value should match the type the custom implementation is registered with on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (e.g. myorg.CustomLbPolicy). The maximum length is 256 characters. Note that specifying the same custom policy more than once for a backend is not a valid configuration and will be rejected.
data string
An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.
name This property is required. str
Identifies the custom policy. The value should match the type the custom implementation is registered with on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (e.g. myorg.CustomLbPolicy). The maximum length is 256 characters. Note that specifying the same custom policy more than once for a backend is not a valid configuration and will be rejected.
data str
An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.
name This property is required. String
Identifies the custom policy. The value should match the type the custom implementation is registered with on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (e.g. myorg.CustomLbPolicy). The maximum length is 256 characters. Note that specifying the same custom policy more than once for a backend is not a valid configuration and will be rejected.
data String
An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.

BackendServiceLocalityLbPolicyPolicy
, BackendServiceLocalityLbPolicyPolicyArgs

Name This property is required. string
The name of a locality load balancer policy to be used. The value should be one of the predefined ones as supported by localityLbPolicy, although at the moment only ROUND_ROBIN is supported. This field should only be populated when the customPolicy field is not used. Note that specifying the same policy more than once for a backend is not a valid configuration and will be rejected. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV.
Name This property is required. string
The name of a locality load balancer policy to be used. The value should be one of the predefined ones as supported by localityLbPolicy, although at the moment only ROUND_ROBIN is supported. This field should only be populated when the customPolicy field is not used. Note that specifying the same policy more than once for a backend is not a valid configuration and will be rejected. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV.
name This property is required. String
The name of a locality load balancer policy to be used. The value should be one of the predefined ones as supported by localityLbPolicy, although at the moment only ROUND_ROBIN is supported. This field should only be populated when the customPolicy field is not used. Note that specifying the same policy more than once for a backend is not a valid configuration and will be rejected. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV.
name This property is required. string
The name of a locality load balancer policy to be used. The value should be one of the predefined ones as supported by localityLbPolicy, although at the moment only ROUND_ROBIN is supported. This field should only be populated when the customPolicy field is not used. Note that specifying the same policy more than once for a backend is not a valid configuration and will be rejected. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV.
name This property is required. str
The name of a locality load balancer policy to be used. The value should be one of the predefined ones as supported by localityLbPolicy, although at the moment only ROUND_ROBIN is supported. This field should only be populated when the customPolicy field is not used. Note that specifying the same policy more than once for a backend is not a valid configuration and will be rejected. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV.
name This property is required. String
The name of a locality load balancer policy to be used. The value should be one of the predefined ones as supported by localityLbPolicy, although at the moment only ROUND_ROBIN is supported. This field should only be populated when the customPolicy field is not used. Note that specifying the same policy more than once for a backend is not a valid configuration and will be rejected. The possible values are:

  • ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order.
  • LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests.
  • RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests.
  • RANDOM: The load balancer selects a random healthy host.
  • ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer.
  • MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, refer to https://ai.google/research/pubs/pub44824 Possible values are: ROUND_ROBIN, LEAST_REQUEST, RING_HASH, RANDOM, ORIGINAL_DESTINATION, MAGLEV.

BackendServiceLogConfig
, BackendServiceLogConfigArgs

Enable bool
Whether to enable logging for the load balancer traffic served by this backend service.
SampleRate double
This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.
Enable bool
Whether to enable logging for the load balancer traffic served by this backend service.
SampleRate float64
This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.
enable Boolean
Whether to enable logging for the load balancer traffic served by this backend service.
sampleRate Double
This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.
enable boolean
Whether to enable logging for the load balancer traffic served by this backend service.
sampleRate number
This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.
enable bool
Whether to enable logging for the load balancer traffic served by this backend service.
sample_rate float
This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.
enable Boolean
Whether to enable logging for the load balancer traffic served by this backend service.
sampleRate Number
This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.

BackendServiceOutlierDetection
, BackendServiceOutlierDetectionArgs

BaseEjectionTime BackendServiceOutlierDetectionBaseEjectionTime
The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. Structure is documented below.
ConsecutiveErrors int
Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.
ConsecutiveGatewayFailure int
The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.
EnforcingConsecutiveErrors int
The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
EnforcingConsecutiveGatewayFailure int
The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.
EnforcingSuccessRate int
The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
Interval BackendServiceOutlierDetectionInterval
Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. Structure is documented below.
MaxEjectionPercent int
Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.
SuccessRateMinimumHosts int
The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.
SuccessRateRequestVolume int
The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.
SuccessRateStdevFactor int
This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.
BaseEjectionTime BackendServiceOutlierDetectionBaseEjectionTime
The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. Structure is documented below.
ConsecutiveErrors int
Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.
ConsecutiveGatewayFailure int
The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.
EnforcingConsecutiveErrors int
The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
EnforcingConsecutiveGatewayFailure int
The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.
EnforcingSuccessRate int
The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
Interval BackendServiceOutlierDetectionInterval
Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. Structure is documented below.
MaxEjectionPercent int
Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.
SuccessRateMinimumHosts int
The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.
SuccessRateRequestVolume int
The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.
SuccessRateStdevFactor int
This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.
baseEjectionTime BackendServiceOutlierDetectionBaseEjectionTime
The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. Structure is documented below.
consecutiveErrors Integer
Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.
consecutiveGatewayFailure Integer
The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.
enforcingConsecutiveErrors Integer
The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
enforcingConsecutiveGatewayFailure Integer
The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.
enforcingSuccessRate Integer
The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
interval BackendServiceOutlierDetectionInterval
Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. Structure is documented below.
maxEjectionPercent Integer
Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.
successRateMinimumHosts Integer
The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.
successRateRequestVolume Integer
The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.
successRateStdevFactor Integer
This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.
baseEjectionTime BackendServiceOutlierDetectionBaseEjectionTime
The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. Structure is documented below.
consecutiveErrors number
Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.
consecutiveGatewayFailure number
The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.
enforcingConsecutiveErrors number
The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
enforcingConsecutiveGatewayFailure number
The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.
enforcingSuccessRate number
The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
interval BackendServiceOutlierDetectionInterval
Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. Structure is documented below.
maxEjectionPercent number
Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.
successRateMinimumHosts number
The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.
successRateRequestVolume number
The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.
successRateStdevFactor number
This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.
base_ejection_time BackendServiceOutlierDetectionBaseEjectionTime
The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. Structure is documented below.
consecutive_errors int
Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.
consecutive_gateway_failure int
The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.
enforcing_consecutive_errors int
The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
enforcing_consecutive_gateway_failure int
The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.
enforcing_success_rate int
The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
interval BackendServiceOutlierDetectionInterval
Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. Structure is documented below.
max_ejection_percent int
Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.
success_rate_minimum_hosts int
The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.
success_rate_request_volume int
The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.
success_rate_stdev_factor int
This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.
baseEjectionTime Property Map
The base time that a host is ejected for. The real time is equal to the base time multiplied by the number of times the host has been ejected. Defaults to 30000ms or 30s. Structure is documented below.
consecutiveErrors Number
Number of errors before a host is ejected from the connection pool. When the backend host is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.
consecutiveGatewayFailure Number
The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 5.
enforcingConsecutiveErrors Number
The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
enforcingConsecutiveGatewayFailure Number
The percentage chance that a host will be actually ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.
enforcingSuccessRate Number
The percentage chance that a host will be actually ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
interval Property Map
Time interval between ejection sweep analysis. This can result in both new ejections as well as hosts being returned to service. Defaults to 10 seconds. Structure is documented below.
maxEjectionPercent Number
Maximum percentage of hosts in the load balancing pool for the backend service that can be ejected. Defaults to 10%.
successRateMinimumHosts Number
The number of hosts in a cluster that must have enough request volume to detect success rate outliers. If the number of hosts is less than this setting, outlier detection via success rate statistics is not performed for any host in the cluster. Defaults to 5.
successRateRequestVolume Number
The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this host in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that host. Defaults to 100.
successRateStdevFactor Number
This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * success_rate_stdev_factor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900.

BackendServiceOutlierDetectionBaseEjectionTime
, BackendServiceOutlierDetectionBaseEjectionTimeArgs

Seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
Nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
Seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
Nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. Integer
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos Integer
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. number
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos number
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. Number
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos Number
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.

BackendServiceOutlierDetectionInterval
, BackendServiceOutlierDetectionIntervalArgs

Seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
Nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
Seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
Nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. Integer
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos Integer
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. number
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos number
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. Number
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos Number
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.

BackendServiceSecuritySettings
, BackendServiceSecuritySettingsArgs

AwsV4Authentication BackendServiceSecuritySettingsAwsV4Authentication

The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.

The aws_v4_authentication block supports:

ClientTlsPolicy string
ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
SubjectAltNames List<string>
A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.
AwsV4Authentication BackendServiceSecuritySettingsAwsV4Authentication

The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.

The aws_v4_authentication block supports:

ClientTlsPolicy string
ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
SubjectAltNames []string
A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.
awsV4Authentication BackendServiceSecuritySettingsAwsV4Authentication

The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.

The aws_v4_authentication block supports:

clientTlsPolicy String
ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
subjectAltNames List<String>
A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.
awsV4Authentication BackendServiceSecuritySettingsAwsV4Authentication

The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.

The aws_v4_authentication block supports:

clientTlsPolicy string
ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
subjectAltNames string[]
A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.
aws_v4_authentication BackendServiceSecuritySettingsAwsV4Authentication

The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.

The aws_v4_authentication block supports:

client_tls_policy str
ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
subject_alt_names Sequence[str]
A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.
awsV4Authentication Property Map

The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends. Structure is documented below.

The aws_v4_authentication block supports:

clientTlsPolicy String
ClientTlsPolicy is a resource that specifies how a client should authenticate connections to backends of a service. This resource itself does not affect configuration unless it is attached to a backend service resource.
subjectAltNames List<String>
A list of alternate names to verify the subject identity in the certificate. If specified, the client will verify that the server certificate's subject alt name matches one of the specified values.

BackendServiceSecuritySettingsAwsV4Authentication
, BackendServiceSecuritySettingsAwsV4AuthenticationArgs

AccessKey string
The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request.
AccessKeyId string
The identifier of an access key used for s3 bucket authentication.
AccessKeyVersion string
The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.
OriginRegion string
The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, "us-east-1" for AWS or "us-ashburn-1" for OCI.
AccessKey string
The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request.
AccessKeyId string
The identifier of an access key used for s3 bucket authentication.
AccessKeyVersion string
The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.
OriginRegion string
The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, "us-east-1" for AWS or "us-ashburn-1" for OCI.
accessKey String
The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request.
accessKeyId String
The identifier of an access key used for s3 bucket authentication.
accessKeyVersion String
The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.
originRegion String
The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, "us-east-1" for AWS or "us-ashburn-1" for OCI.
accessKey string
The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request.
accessKeyId string
The identifier of an access key used for s3 bucket authentication.
accessKeyVersion string
The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.
originRegion string
The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, "us-east-1" for AWS or "us-ashburn-1" for OCI.
access_key str
The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request.
access_key_id str
The identifier of an access key used for s3 bucket authentication.
access_key_version str
The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.
origin_region str
The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, "us-east-1" for AWS or "us-ashburn-1" for OCI.
accessKey String
The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request.
accessKeyId String
The identifier of an access key used for s3 bucket authentication.
accessKeyVersion String
The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.
originRegion String
The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, "us-east-1" for AWS or "us-ashburn-1" for OCI.

BackendServiceStrongSessionAffinityCookie
, BackendServiceStrongSessionAffinityCookieArgs

Name string
Name of the cookie.
Path string
Path to set for the cookie.
Ttl BackendServiceStrongSessionAffinityCookieTtl
Lifetime of the cookie. Structure is documented below.
Name string
Name of the cookie.
Path string
Path to set for the cookie.
Ttl BackendServiceStrongSessionAffinityCookieTtl
Lifetime of the cookie. Structure is documented below.
name String
Name of the cookie.
path String
Path to set for the cookie.
ttl BackendServiceStrongSessionAffinityCookieTtl
Lifetime of the cookie. Structure is documented below.
name string
Name of the cookie.
path string
Path to set for the cookie.
ttl BackendServiceStrongSessionAffinityCookieTtl
Lifetime of the cookie. Structure is documented below.
name str
Name of the cookie.
path str
Path to set for the cookie.
ttl BackendServiceStrongSessionAffinityCookieTtl
Lifetime of the cookie. Structure is documented below.
name String
Name of the cookie.
path String
Path to set for the cookie.
ttl Property Map
Lifetime of the cookie. Structure is documented below.

BackendServiceStrongSessionAffinityCookieTtl
, BackendServiceStrongSessionAffinityCookieTtlArgs

Seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
Nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
Seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
Nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. Integer
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos Integer
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. number
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos number
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. int
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos int
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.
seconds This property is required. Number
Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive.
nanos Number
Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 seconds field and a positive nanos field. Must be from 0 to 999,999,999 inclusive.

BackendServiceTlsSettings
, BackendServiceTlsSettingsArgs

AuthenticationConfig string
Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace. Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field. Can only be specified if authenticationMode is not NONE.
Sni string
Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port.
SubjectAltNames List<BackendServiceTlsSettingsSubjectAltName>
A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend. When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field, and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries. When both sni and subjectAltNames are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames. Structure is documented below.
AuthenticationConfig string
Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace. Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field. Can only be specified if authenticationMode is not NONE.
Sni string
Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port.
SubjectAltNames []BackendServiceTlsSettingsSubjectAltName
A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend. When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field, and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries. When both sni and subjectAltNames are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames. Structure is documented below.
authenticationConfig String
Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace. Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field. Can only be specified if authenticationMode is not NONE.
sni String
Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port.
subjectAltNames List<BackendServiceTlsSettingsSubjectAltName>
A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend. When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field, and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries. When both sni and subjectAltNames are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames. Structure is documented below.
authenticationConfig string
Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace. Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field. Can only be specified if authenticationMode is not NONE.
sni string
Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port.
subjectAltNames BackendServiceTlsSettingsSubjectAltName[]
A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend. When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field, and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries. When both sni and subjectAltNames are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames. Structure is documented below.
authentication_config str
Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace. Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field. Can only be specified if authenticationMode is not NONE.
sni str
Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port.
subject_alt_names Sequence[BackendServiceTlsSettingsSubjectAltName]
A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend. When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field, and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries. When both sni and subjectAltNames are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames. Structure is documented below.
authenticationConfig String
Reference to the BackendAuthenticationConfig resource from the networksecurity.googleapis.com namespace. Can be used in authenticating TLS connections to the backend, as specified by the authenticationMode field. Can only be specified if authenticationMode is not NONE.
sni String
Server Name Indication - see RFC3546 section 3.1. If set, the load balancer sends this string as the SNI hostname in the TLS connection to the backend, and requires that this string match a Subject Alternative Name (SAN) in the backend's server certificate. With a Regional Internet NEG backend, if the SNI is specified here, the load balancer uses it regardless of whether the Regional Internet NEG is specified with FQDN or IP address and port.
subjectAltNames List<Property Map>
A list of Subject Alternative Names (SANs) that the Load Balancer verifies during a TLS handshake with the backend. When the server presents its X.509 certificate to the Load Balancer, the Load Balancer inspects the certificate's SAN field, and requires that at least one SAN match one of the subjectAltNames in the list. This field is limited to 5 entries. When both sni and subjectAltNames are specified, the load balancer matches the backend certificate's SAN only to subjectAltNames. Structure is documented below.

BackendServiceTlsSettingsSubjectAltName
, BackendServiceTlsSettingsSubjectAltNameArgs

DnsName string
The SAN specified as a DNS Name.
UniformResourceIdentifier string
The SAN specified as a URI.
DnsName string
The SAN specified as a DNS Name.
UniformResourceIdentifier string
The SAN specified as a URI.
dnsName String
The SAN specified as a DNS Name.
uniformResourceIdentifier String
The SAN specified as a URI.
dnsName string
The SAN specified as a DNS Name.
uniformResourceIdentifier string
The SAN specified as a URI.
dns_name str
The SAN specified as a DNS Name.
uniform_resource_identifier str
The SAN specified as a URI.
dnsName String
The SAN specified as a DNS Name.
uniformResourceIdentifier String
The SAN specified as a URI.

Import

BackendService can be imported using any of these accepted formats:

  • projects/{{project}}/global/backendServices/{{name}}

  • {{project}}/{{name}}

  • {{name}}

When using the pulumi import command, BackendService can be imported using one of the formats above. For example:

$ pulumi import gcp:compute/backendService:BackendService default projects/{{project}}/global/backendServices/{{name}}
Copy
$ pulumi import gcp:compute/backendService:BackendService default {{project}}/{{name}}
Copy
$ pulumi import gcp:compute/backendService:BackendService default {{name}}
Copy

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository
Google Cloud (GCP) Classic pulumi/pulumi-gcp
License
Apache-2.0
Notes
This Pulumi package is based on the google-beta Terraform Provider.