Internal Passthrough Load Balancer (L4)
An internal passthrough L4 load balancer — health check, regional backend service and forwarding rule — that stands up before any backends exist, preserving client source IPs, with optional global access.
Verification
Live-testedReally deployed, verified, idempotent and destroyed in a cloud sandbox.
Conformance
- Static validation (fmt · validate · tflint)
- Security scan (Checkov)
- Plan tests (mocked: validation rules · outputs)
Provenance
- SHA-256 checksum
- Signature (pending)
Functional
- Live-tested — applied, verified, destroyed
Last verified 2026-06-30 · how we verify
Documentation
gcp-internal-lb
An internal passthrough Network Load Balancer: a health check, a regional
backend service (load_balancing_scheme = INTERNAL), and an internal
forwarding rule. Backends are optional, so the LB stands up before — or
without — any instance groups; wire MIGs in as they come online. Works with
Terraform and OpenTofu (>= 1.6), Google provider >= 7.0, < 8.0.
What you get:
- A
google_compute_health_check(TCP by default; HTTP/HTTPS supported) - A regional
google_compute_region_backend_service(INTERNAL,balancing_mode = CONNECTION) with optional instance-group backends - An internal
google_compute_forwarding_ruleon your VPC subnet, with an auto-allocated (or static) internal IP
Requirements
| Requirement | Version |
|---|---|
| Terraform / OpenTofu | >= 1.6 |
hashicorp/google | >= 7.0, < 8.0 |
Verification
Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status.
License
Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).
Usage code & full reference unlock after purchase
The complete copy-paste usage, the full input/output reference, and operational notes ship with your licence — shown here and bundled in the download.
- Usage
- Inputs
- Outputs