» google_compute_router_nat

A NAT service created in a router.

To get more information about RouterNat, see:

» Example Usage - Router Nat Basic

resource "google_compute_network" "net" {
    name = "my-network"
}

resource "google_compute_subnetwork" "subnet" {
    name          = "my-subnetwork"
    network       = google_compute_network.net.self_link
    ip_cidr_range = "10.0.0.0/16"
    region        = "us-central1"
}

resource "google_compute_router" "router"{
    name    = "my-router"
    region  = google_compute_subnetwork.subnet.region
    network = google_compute_network.net.self_link

    bgp {
        asn = 64514
    }
}

resource "google_compute_router_nat" "nat" {
    name                               = "my-router-nat"
    router                             = google_compute_router.router.name
    region                             = google_compute_router.router.region
    nat_ip_allocate_option             = "AUTO_ONLY"
    source_subnetwork_ip_ranges_to_nat = "ALL_SUBNETWORKS_ALL_IP_RANGES"

    log_config {
      enable = true
      filter = "ERRORS_ONLY"
    }
}

» Example Usage - Router Nat Manual Ips

resource "google_compute_network" "net" {
    name = "my-network"
}

resource "google_compute_subnetwork" "subnet" {
    name          = "my-subnetwork"
    network       = google_compute_network.net.self_link
    ip_cidr_range = "10.0.0.0/16"
    region        = "us-central1"
}

resource "google_compute_router" "router"{
    name    = "my-router"
    region  = google_compute_subnetwork.subnet.region
    network = google_compute_network.net.self_link
}

resource "google_compute_address" "address" {
    count  = 2
    name   = "nat-manual-ip-${count.index}"
    region = google_compute_subnetwork.subnet.region
}

resource "google_compute_router_nat" "nat_manual" {
    name                               = "my-router-nat"
    router                             = google_compute_router.router.name
    region                             = google_compute_router.router.region

    nat_ip_allocate_option             = "MANUAL_ONLY"
    nat_ips                            = google_compute_address.address[*].self_link

    source_subnetwork_ip_ranges_to_nat = "LIST_OF_SUBNETWORKS"
    subnetwork {
        name                    = google_compute_subnetwork.default.self_link
        source_ip_ranges_to_nat = ["ALL_IP_RANGES"]
    }
}

» Argument Reference

The following arguments are supported:

  • name - (Required) Name of the NAT service. The name must be 1-63 characters long and comply with RFC1035.

  • nat_ip_allocate_option - (Required) How external IPs should be allocated for this NAT. Valid values are AUTO_ONLY for only allowing NAT IPs allocated by Google Cloud Platform, or MANUAL_ONLY for only user-allocated NAT IP addresses.

  • source_subnetwork_ip_ranges_to_nat - (Required) How NAT should be configured per Subnetwork. If ALL_SUBNETWORKS_ALL_IP_RANGES, all of the IP ranges in every Subnetwork are allowed to Nat. If ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, all of the primary IP ranges in every Subnetwork are allowed to Nat. LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below). Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES or ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES, then there should not be any other RouterNat section in any Router for this network in this region.

  • router - (Required) The name of the Cloud Router in which this NAT will be configured.


  • nat_ips - (Optional) Self-links of NAT IPs. Only valid if natIpAllocateOption is set to MANUAL_ONLY.

  • drain_nat_ips - (Optional, Beta) A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT.

  • subnetwork - (Optional) One or more subnetwork NAT configurations. Only used if source_subnetwork_ip_ranges_to_nat is set to LIST_OF_SUBNETWORKS Structure is documented below.

  • min_ports_per_vm - (Optional) Minimum number of ports allocated to a VM from this NAT.

  • udp_idle_timeout_sec - (Optional) Timeout (in seconds) for UDP connections. Defaults to 30s if not set.

  • icmp_idle_timeout_sec - (Optional) Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.

  • tcp_established_idle_timeout_sec - (Optional) Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.

  • tcp_transitory_idle_timeout_sec - (Optional) Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.

  • log_config - (Optional) Configuration for logging on NAT Structure is documented below.

  • region - (Optional) Region where the router and NAT reside.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The subnetwork block supports:

  • name - (Required) Self-link of subnetwork to NAT

  • source_ip_ranges_to_nat - (Required) List of options for which source IPs in the subnetwork should have NAT enabled. Supported values include: ALL_IP_RANGES, LIST_OF_SECONDARY_IP_RANGES, PRIMARY_IP_RANGE.

  • secondary_ip_range_names - (Optional) List of the secondary ranges of the subnetwork that are allowed to use NAT. This can be populated only if LIST_OF_SECONDARY_IP_RANGES is one of the values in sourceIpRangesToNat

The log_config block supports:

  • enable - (Required) Indicates whether or not to export logs.

  • filter - (Required) Specifies the desired filtering of logs on this NAT. Valid values are: "ERRORS_ONLY", "TRANSLATIONS_ONLY", "ALL"

» Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 10 minutes.
  • update - Default is 10 minutes.
  • delete - Default is 10 minutes.

» Import

RouterNat can be imported using any of these accepted formats:

$ terraform import google_compute_router_nat.default projects/{{project}}/regions/{{region}}/routers/{{router}}/{{name}}
$ terraform import google_compute_router_nat.default {{project}}/{{region}}/{{router}}/{{name}}
$ terraform import google_compute_router_nat.default {{region}}/{{router}}/{{name}}
$ terraform import google_compute_router_nat.default {{router}}/{{name}}

» User Project Overrides

This resource supports User Project Overrides.