This Terraform module provisions a load balancer for Google Cloud Run services, with support for SSL, Google-managed SSL certificates, and IP-based access control.
- Creates a global IP address for the load balancer
- Sets up a regional network endpoint group (NEG) for the Cloud Run service
- Provisions a security policy to restrict access based on authorized IP ranges
- Supports SSL and Google-managed SSL certificates for custom domains
- Configures HTTP to HTTPS redirect
- Terraform v0.13 or later
- Google Cloud SDK (gcloud) installed and configured with appropriate permissions
- A Google Cloud Project
- A Cloud Run service deployed within the project
+-----------------------+
| Google Cloud Project |
+-----------+-----------+
|
v
+----------------------------------------+
| Load Balancer (with Global IP address) |
+----------------+-----------------------+
|
v
+---------------------------+
| Network Endpoint Group |
| (Serverless, Cloud Run) |
+------------+--------------+
|
v
+------------------------+
| Cloud Run Service |
+------------------------+
To use the module, include it in your Terraform configuration and provide the necessary inputs:
module "cloudrun_lb" {
source = "path/to/terraform-google-cloudrun-lb"
name = "your-load-balancer-name"
project = "your-gcp-project-id"
location = "your-gcp-region"
service = "your-cloud-run-service-name"
authorized_ip_ranges = ["1.2.3.4/32", "5.6.7.8/32"]
managed_ssl_certificate_domains = ["your-custom-domain.com"]
}| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| name | Load balancer name. | string | yes | |
| project | Google project ID. | string | yes | |
| location | Google location where resources are to be created. | string | yes | |
| service | Cloud Run service name. | string | yes | |
| authorized_ip_ranges | List of authorized IP ranges. | list(string) | ["0.0.0.0/0"] |
no |
| managed_ssl_certificate_domains | List of domains for managed SSL certificate. | list(string) | [] |
no |
| logging_enabled | Whether to enable logging for the load balancer. | bool | true |
no |
| logging_sample_rate | The percentage of requests to be logged, as a value between 0.0 and 1.0. | number | 1.0 |
no |
The following output is provided by the module:
| Name | Description | Type |
|---|---|---|
| address | The IP address of the Cloud Run load balancer. | string |
The module is based on the tutorial found in this Medium article by Shadab Ambat: Firewall your Cloud Run service using Terraform.
Contributions to this project are welcome! To contribute, please follow these steps:
- Fork the repository on GitHub.
- Clone your forked repository to your local machine.
- Create a new branch with a descriptive name for your changes.
- Make your changes in the new branch.
- Commit your changes and write a clear, descriptive commit message.
- Push your branch with the changes to your fork on GitHub.
- Open a pull request from your fork's branch to the original repository's main branch.
- Address any feedback or requested changes provided during the review process.
- Once your changes are approved, they will be merged into the main branch.
Please ensure your changes follow best practices and adhere to the project's coding standards. Don't forget to update documentation and tests as needed.