diff --git a/modules/serverless_negs/README.md b/modules/serverless_negs/README.md
index 71791233..d2b39461 100644
--- a/modules/serverless_negs/README.md
+++ b/modules/serverless_negs/README.md
@@ -82,6 +82,7 @@ module "lb-http" {
| create\_url\_map | Set to `false` if url\_map variable is provided. | `bool` | `true` | no |
| edge\_security\_policy | The resource URL for the edge security policy to associate with the backend service | `string` | `null` | no |
| enable\_ipv6 | Enable IPv6 address on the CDN load-balancer | `bool` | `false` | no |
+| host\_rules | n/a | list(object({
hosts = list(string)
path_matcher = string
})) | n/a | yes |
| http\_forward | Set to `false` to disable HTTP port 80 forward | `bool` | `true` | no |
| http\_keep\_alive\_timeout\_sec | Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). | `number` | `null` | no |
| http\_port | The port for the HTTP load balancer | `number` | `80` | no |
@@ -93,6 +94,7 @@ module "lb-http" {
| managed\_ssl\_certificate\_domains | Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` | `list(string)` | `[]` | no |
| name | Name for the forwarding rule and prefix for supporting resources | `string` | n/a | yes |
| network | Network for INTERNAL\_SELF\_MANAGED load balancing scheme | `string` | `"default"` | no |
+| path\_matchers | n/a | list(object({
name = string
default_service = string
path_rules = list(object({
paths = list(string)
service = string
}))
})) | n/a | yes |
| private\_key | Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no |
| project | The project to deploy to, if not set the default provider project is used. | `string` | n/a | yes |
| quic | Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. | `bool` | `null` | no |
diff --git a/modules/serverless_negs/main.tf b/modules/serverless_negs/main.tf
index 306de60f..dd4fb488 100644
--- a/modules/serverless_negs/main.tf
+++ b/modules/serverless_negs/main.tf
@@ -167,6 +167,30 @@ resource "google_compute_url_map" "default" {
count = var.create_url_map ? 1 : 0
name = "${var.name}-url-map"
default_service = google_compute_backend_service.default[keys(var.backends)[0]].self_link
+
+ dynamic "host_rule" {
+ for_each = var.host_rules
+ content {
+ hosts = host_rule.value.hosts
+ path_matcher = host_rule.value.path_matcher
+ }
+ }
+
+ dynamic "path_matcher" {
+ for_each = var.path_matchers
+ content {
+ name = path_matcher.value.name
+ default_service = path_matcher.value.default_service
+
+ dynamic "path_rule" {
+ for_each = path_matcher.value.path_rules
+ content {
+ paths = path_rule.value.paths
+ service = path_rule.value.service
+ }
+ }
+ }
+ }
}
resource "google_compute_url_map" "https_redirect" {
diff --git a/modules/serverless_negs/variables.tf b/modules/serverless_negs/variables.tf
index 8bbeb5b3..8636c273 100644
--- a/modules/serverless_negs/variables.tf
+++ b/modules/serverless_negs/variables.tf
@@ -299,3 +299,23 @@ variable "http_keep_alive_timeout_sec" {
type = number
default = null
}
+
+variable "host_rules" {
+ description = "Defines host rules for URL mapping, associating hosts with specific path matchers."
+ type = list(object({
+ hosts = list(string)
+ path_matcher = string
+ }))
+}
+
+variable "path_matchers" {
+ description = "Specifies path matchers, including default service and detailed path rules for routing."
+ type = list(object({
+ name = string
+ default_service = string
+ path_rules = list(object({
+ paths = list(string)
+ service = string
+ }))
+ }))
+}
\ No newline at end of file