» google_compute_backend_service

A Backend Service defines a group of virtual machines that will serve traffic for load balancing. This resource is a global backend service, appropriate for external load balancing or self-managed internal load balancing. For managed internal load balancing, use a regional backend service instead.

Currently self-managed internal load balancing is only available in beta.

To get more information about BackendService, see:

» Example Usage - Backend Service Basic

resource "google_compute_backend_service" "default" {
  name          = "backend-service"
  health_checks = ["${google_compute_http_health_check.default.self_link}"]
}

resource "google_compute_http_health_check" "default" {
  name               = "health-check"
  request_path       = "/"
  check_interval_sec = 1
  timeout_sec        = 1
}

» Argument Reference

The following arguments are supported:

  • health_checks - (Required) The set of URLs to the HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. Currently at most one health check can be specified, and a health check is required. For internal load balancing, a URL to a HealthCheck resource must be specified instead.

  • name - (Required) Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.


  • affinity_cookie_ttl_sec - (Optional) Lifetime of cookies in seconds if session_affinity is GENERATED_COOKIE. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value for TTL is one day. When the load balancing scheme is INTERNAL, this field is not used.

  • backend - (Optional) The set of backends that serve this BackendService. Structure is documented below.

  • cdn_policy - (Optional) Cloud CDN configuration for this BackendService. Structure is documented below.

  • connection_draining_timeout_sec - (Optional) Time for which instance will be drained (not accept new connections, but still work to finish started).

  • custom_request_headers - (Optional, Beta) Headers that the HTTP/S load balancer should add to proxied requests.

  • description - (Optional) An optional description of this resource.

  • enable_cdn - (Optional) If true, enable Cloud CDN for this BackendService.

  • iap - (Optional) Settings for enabling Cloud Identity Aware Proxy Structure is documented below.

  • load_balancing_scheme - (Optional) Indicates whether the backend service will be used with internal or external load balancing. A backend service created for one type of load balancing cannot be used with the other. Must be EXTERNAL or INTERNAL_SELF_MANAGED for a global backend service. Defaults to EXTERNAL.

  • port_name - (Optional) Name of backend port. The same name should appear in the instance groups referenced by this service. Required when the load balancing scheme is EXTERNAL.

  • protocol - (Optional) The protocol this BackendService uses to communicate with backends. Possible values are HTTP, HTTPS, HTTP2, TCP, and SSL. The default is HTTP. NOTE: HTTP2 is only valid for beta HTTP/2 load balancer types and may result in errors if used with the GA API.

  • security_policy - (Optional) The security policy associated with this backend service.

  • session_affinity - (Optional) Type of session affinity to use. The default is NONE. When the load balancing scheme is EXTERNAL, can be NONE, CLIENT_IP, or GENERATED_COOKIE. When the protocol is UDP, this field is not used.

  • timeout_sec - (Optional) How many seconds to wait for the backend before considering it a failed request. Default is 30 seconds. Valid range is [1, 86400].

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The backend block supports:

  • balancing_mode - (Optional) Specifies the balancing mode for this backend. For global HTTP(S) or TCP/SSL load balancing, the default is UTILIZATION. Valid values are UTILIZATION, RATE (for HTTP(S)) and CONNECTION (for TCP/SSL).

  • capacity_scaler - (Optional) A multiplier applied to the group's maximum servicing capacity (based on UTILIZATION, RATE or CONNECTION). Default value is 1, which means the group will serve up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available Capacity. Valid range is [0.0,1.0].

  • description - (Optional) An optional description of this resource. Provide this property when you create the resource.

  • group - (Optional) The fully-qualified URL of an Instance Group or Network Endpoint Group resource. In case of instance group this defines the list of instances that serve traffic. Member virtual machine instances from each instance group must live in the same zone as the instance group itself. No two backends in a backend service are allowed to use same Instance Group resource. For Network Endpoint Groups this defines list of endpoints. All endpoints of Network Endpoint Group must be hosted on instances located in the same zone as the Network Endpoint Group. Backend service can not contain mix of Instance Group and Network Endpoint Group backends. Note that you must specify an Instance Group or Network Endpoint Group resource using the fully-qualified URL, rather than a partial URL.

  • max_connections - (Optional) The max number of simultaneous connections for the group. Can be used with either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or one of maxConnectionsPerInstance or maxConnectionsPerEndpoint, as appropriate for group type, must be set.

  • max_connections_per_instance - (Optional) The max number of simultaneous connections that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerInstance must be set.

  • max_connections_per_endpoint - (Optional) The max number of simultaneous connections that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either CONNECTION or UTILIZATION balancing modes. For CONNECTION mode, either maxConnections or maxConnectionsPerEndpoint must be set.

  • max_rate - (Optional) The max requests per second (RPS) of the group. Can be used with either RATE or UTILIZATION balancing modes, but required if RATE mode. For RATE mode, either maxRate or one of maxRatePerInstance or maxRatePerEndpoint, as appropriate for group type, must be set.

  • max_rate_per_instance - (Optional) The max requests per second (RPS) that a single backend instance can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerInstance must be set.

  • max_rate_per_endpoint - (Optional) The max requests per second (RPS) that a single backend network endpoint can handle. This is used to calculate the capacity of the group. Can be used in either balancing mode. For RATE mode, either maxRate or maxRatePerEndpoint must be set.

  • max_utilization - (Optional) Used when balancingMode is UTILIZATION. This ratio defines the CPU utilization target for the group. The default is 0.8. Valid range is [0.0, 1.0].

The cdn_policy block supports:

  • cache_key_policy - (Optional) The CacheKeyPolicy for this CdnPolicy. Structure is documented below.

  • signed_url_cache_max_age_sec - (Optional) Maximum number of seconds the response to a signed URL request will be considered fresh, defaults to 1hr (3600s). After this time period, the response will be revalidated before being served. When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a "Cache-Control: public, max-age=[TTL]" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.

The cache_key_policy block supports:

  • include_host - (Optional) If true requests to different hosts will be cached separately.

  • include_protocol - (Optional) If true, http and https requests will be cached separately.

  • include_query_string - (Optional) If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.

  • query_string_blacklist - (Optional) Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.

  • query_string_whitelist - (Optional) Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.

The iap block supports:

» Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • creation_timestamp - Creation timestamp in RFC3339 text format.

  • fingerprint - Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.

  • self_link - The URI of the created resource.

» Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 4 minutes.
  • update - Default is 4 minutes.
  • delete - Default is 4 minutes.

» Import

BackendService can be imported using any of these accepted formats:

$ terraform import google_compute_backend_service.default projects/{{project}}/global/backendServices/{{name}}
$ terraform import google_compute_backend_service.default {{project}}/{{name}}
$ terraform import google_compute_backend_service.default {{name}}