» google_compute_region_network_endpoint_group

A regional NEG that can support Serverless Products.

To get more information about RegionNetworkEndpointGroup, see:

» Example Usage - Region Network Endpoint Group Functions

// Cloud Functions Example
resource "google_compute_region_network_endpoint_group" "function_neg" {
  provider              = google-beta
  name                  = "function-neg"
  network_endpoint_type = "SERVERLESS"
  region                = "us-central1"
  cloud_function {
    function = google_cloudfunctions_function.function_neg.name
  }
}

resource "google_cloudfunctions_function" "function_neg" {
  provider    = google-beta
  name        = "function-neg"
  description = "My function"
  runtime     = "nodejs10"

  available_memory_mb   = 128
  source_archive_bucket = google_storage_bucket.bucket.name
  source_archive_object = google_storage_bucket_object.archive.name
  trigger_http          = true
  timeout               = 60
  entry_point           = "helloGET"
}

resource "google_storage_bucket" "bucket" {
  provider   = google-beta
  name       = "cloudfunctions-function-example-bucket"
}

resource "google_storage_bucket_object" "archive" { 
  provider   = google-beta
  name       = "index.zip"
  bucket     = google_storage_bucket.bucket.name
  source     = "path/to/index.zip"
}

» Example Usage - Region Network Endpoint Group Cloudrun

// Cloud Run Example
resource "google_compute_region_network_endpoint_group" "cloudrun_neg" {
  provider              = google-beta
  name                  = "cloudrun-neg"
  network_endpoint_type = "SERVERLESS"
  region                = "us-central1"
  cloud_run {
    service = google_cloud_run_service.cloudrun_neg.name
  }
}

resource "google_cloud_run_service" "cloudrun_neg" {
  provider = google-beta
  name     = "cloudrun-neg"
  location = "us-central1"

  template {
    spec {
      containers {
        image = "gcr.io/cloudrun/hello"
      }
    }
  }

  traffic {
    percent         = 100
    latest_revision = true
  }
}

» Example Usage - Region Network Endpoint Group Appengine

// App Engine Example
resource "google_compute_region_network_endpoint_group" "appengine_neg" {
  provider              = google-beta
  name                  = "appengine-neg"
  network_endpoint_type = "SERVERLESS"
  region                = "us-central1"
  app_engine {
    service = google_app_engine_flexible_app_version.appengine_neg.service
    version = google_app_engine_flexible_app_version.appengine_neg.version_id
  }
}

resource "google_app_engine_flexible_app_version" "appengine_neg" {
  provider   = google-beta
  version_id = "v1"
  service    = "default"
  runtime    = "nodejs"

  entrypoint {
    shell = "node ./app.js"
  }

  deployment {
    zip {
      source_url = "https://storage.googleapis.com/${google_storage_bucket.appengine_neg.name}/${google_storage_bucket_object.appengine_neg.name}"
    }
  }

  liveness_check {
    path = "/"
  }

  readiness_check {
    path = "/"
  }

  env_variables = {
    port = "8080"
  }

  handlers {
    url_regex        = ".*\\/my-path\\/*"
    security_level   = "SECURE_ALWAYS"
    login            = "LOGIN_REQUIRED"
    auth_fail_action = "AUTH_FAIL_ACTION_REDIRECT"

    static_files {
      path = "my-other-path"
      upload_path_regex = ".*\\/my-path\\/*"
    }
  }

  automatic_scaling {
    cool_down_period = "120s"
    cpu_utilization {
      target_utilization = 0.5
    }
  }

  noop_on_destroy = true
}

resource "google_storage_bucket" "appengine_neg" {
  provider   = google-beta
  name       = "appengine-neg"
}

resource "google_storage_bucket_object" "appengine_neg" {
  provider  = google-beta
  name      = "hello-world.zip"
  bucket    = google_storage_bucket.appengine_neg.name
  source    = "./test-fixtures/appengine/hello-world.zip"
}

» Argument Reference

The following arguments are supported:

  • name - (Required) Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

  • region - (Required) A reference to the region where the Serverless NEGs Reside.


  • description - (Optional) An optional description of this resource. Provide this property when you create the resource.

  • network_endpoint_type - (Optional) Type of network endpoints in this network endpoint group. Defaults to SERVERLESS Default value is SERVERLESS. Possible values are SERVERLESS.

  • cloud_run - (Optional) Only valid when networkEndpointType is "SERVERLESS". Only one of cloud_run, app_engine or cloud_function may be set. Structure is documented below.

  • app_engine - (Optional) Only valid when networkEndpointType is "SERVERLESS". Only one of cloud_run, app_engine or cloud_function may be set. Structure is documented below.

  • cloud_function - (Optional) Only valid when networkEndpointType is "SERVERLESS". Only one of cloud_run, app_engine or cloud_function may be set. Structure is documented below.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The cloud_run block supports:

  • service - (Optional) Cloud Run service is the main resource of Cloud Run. The service must be 1-63 characters long, and comply with RFC1035. Example value: "run-service".

  • tag - (Optional) Cloud Run tag represents the "named-revision" to provide additional fine-grained traffic routing information. The tag must be 1-63 characters long, and comply with RFC1035. Example value: "revision-0010".

  • url_mask - (Optional) A template to parse service and tag fields from a request URL. URL mask allows for routing to multiple Run services without having to create multiple network endpoint groups and backend services. For example, request URLs "foo1.domain.com/bar1" and "foo1.domain.com/bar2" an be backed by the same Serverless Network Endpoint Group (NEG) with URL mask ".domain.com/". The URL mask will parse them to { service="bar1", tag="foo1" } and { service="bar2", tag="foo2" } respectively.

The app_engine block supports:

  • service - (Optional) Optional serving service. The service name must be 1-63 characters long, and comply with RFC1035. Example value: "default", "my-service".

  • version - (Optional) Optional serving version. The version must be 1-63 characters long, and comply with RFC1035. Example value: "v1", "v2".

  • url_mask - (Optional) A template to parse service and version fields from a request URL. URL mask allows for routing to multiple App Engine services without having to create multiple Network Endpoint Groups and backend services. For example, the request URLs "foo1-dot-appname.appspot.com/v1" and "foo1-dot-appname.appspot.com/v2" can be backed by the same Serverless NEG with URL mask "-dot-appname.appspot.com/". The URL mask will parse them to { service = "foo1", version = "v1" } and { service = "foo1", version = "v2" } respectively.

The cloud_function block supports:

  • function - (Optional) A user-defined name of the Cloud Function. The function name is case-sensitive and must be 1-63 characters long. Example value: "func1".

  • url_mask - (Optional) A template to parse function field from a request URL. URL mask allows for routing to multiple Cloud Functions without having to create multiple Network Endpoint Groups and backend services. For example, request URLs "mydomain.com/function1" and "mydomain.com/function2" can be backed by the same Serverless NEG with URL mask "/". The URL mask will parse them to { function = "function1" } and { function = "function2" } respectively.

» Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/regions/{{region}}/networkEndpointGroups/{{name}}
  • self_link - The URI of the created resource.

» Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 4 minutes.
  • delete - Default is 4 minutes.

» Import

RegionNetworkEndpointGroup can be imported using any of these accepted formats:

$ terraform import google_compute_region_network_endpoint_group.default projects/{{project}}/regions/{{region}}/networkEndpointGroups/{{name}}
$ terraform import google_compute_region_network_endpoint_group.default {{project}}/{{region}}/{{name}}
$ terraform import google_compute_region_network_endpoint_group.default {{region}}/{{name}}
$ terraform import google_compute_region_network_endpoint_group.default {{name}}

» User Project Overrides

This resource supports User Project Overrides.