Skip to content


Repository files navigation

Internal Load Balancer Terraform Module

Modular Internal Load Balancer for GCE using forwarding rules.

Load Balancer Types


This module is meant for use with Terraform 1.3+ and tested using Terraform 1.3+. If you find incompatibilities using Terraform >=1.3, please open an issue.


The following guides are available to assist with upgrades:


module "gce-ilb" {
  source            = "GoogleCloudPlatform/lb-internal/google"
  version           = "~> 6.0"
  region            = var.region
  name              = "group2-ilb"
  ports             = ["80"]
  source_tags       = ["allow-group1"]
  target_tags       = ["allow-group2", "allow-group3"]

  health_check = {
    type                = "http"
    check_interval_sec  = 1
    healthy_threshold   = 4
    timeout_sec         = 1
    unhealthy_threshold = 5
    response            = ""
    proxy_header        = "NONE"
    port                = 80
    port_name           = "health-check-port"
    request             = ""
    request_path        = "/"
    host                = ""
    enable_log          = false

  backends = [
      group       = module.mig2.instance_group
      description = ""
      failover    = false
      group       = module.mig3.instance_group
      description = ""
      failover    = false


Name Description Type Default Required
all_ports Boolean for all_ports setting on forwarding rule. The ports or all_ports are mutually exclusive. bool null no
backends List of backends, should be a map of key-value pairs for each backend, must have the 'group' key. list(any) n/a yes
connection_draining_timeout_sec Time for which instance will be drained number null no
create_backend_firewall Controls if firewall rules for the backends will be created or not. Health-check firewall rules are controlled separately. bool true no
create_health_check_firewall Controls if firewall rules for the health check will be created or not. If this rule is not present backend healthcheck will fail. bool true no
firewall_enable_logging Controls if firewall rules that are created are to have logging configured. This will be ignored for firewall rules that are not created. bool false no
global_access Allow all regions on the same VPC network access. bool false no
health_check Health check to determine whether instances are responsive and able to do work
type = string
check_interval_sec = optional(number)
healthy_threshold = optional(number)
timeout_sec = optional(number)
unhealthy_threshold = optional(number)
response = optional(string)
proxy_header = optional(string)
port = optional(number)
port_name = optional(string)
request = optional(string)
request_path = optional(string)
host = optional(string)
enable_log = optional(bool)
n/a yes
ip_address IP address of the internal load balancer, if empty one will be assigned. Default is empty. string null no
ip_protocol The IP protocol for the backend and frontend forwarding rule. TCP or UDP. string "TCP" no
is_mirroring_collector Indicates whether or not this load balancer can be used as a collector for packet mirroring. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL. bool false no
labels The labels to attach to resources created by this module. map(string) {} no
name Name for the forwarding rule and prefix for supporting resources. string n/a yes
network Name of the network to create resources in. string "default" no
network_project Name of the project for the network. Useful for shared VPC. Default is var.project. string "" no
ports List of ports to forward to backend services. Max is 5. The ports or all_ports are mutually exclusive. list(string) null no
project The project to deploy to, if not set the default provider project is used. string "" no
region Region for cloud resources. string "us-central1" no
service_label Service label is used to create internal DNS name string null no
session_affinity The session affinity for the backends example: NONE, CLIENT_IP. Default is NONE. string "NONE" no
source_ip_ranges List of source ip ranges for traffic between the internal load balancer. list(string) null no
source_service_accounts List of source service accounts for traffic between the internal load balancer. list(string) null no
source_tags List of source tags for traffic between the internal load balancer. list(string) n/a yes
subnetwork Name of the subnetwork to create resources in. string "default" no
target_service_accounts List of target service accounts for traffic between the internal load balancer. list(string) null no
target_tags List of target tags for traffic between the internal load balancer. list(string) n/a yes


Name Description
forwarding_rule The forwarding rule self_link.
forwarding_rule_id The forwarding rule id.
ip_address The internal IP assigned to the regional forwarding rule.

Resources created
