From 898f21c1fff7ebcd66e9e71ea551ee0523dd90c9 Mon Sep 17 00:00:00 2001
From: pawan1210 <pawansaggu@google.com>
Date: Thu, 3 Apr 2025 09:53:19 +0000
Subject: [PATCH 1/6] fix: added allow_proxy firewall rule to create connection
 between fw rule and mig

---
 modules/backend/README.md     |  1 +
 modules/backend/main.tf       | 21 +++++++++++++++++++++
 modules/backend/metadata.yaml |  7 +++++++
 modules/backend/variables.tf  |  6 ++++++
 4 files changed, 35 insertions(+)

diff --git a/modules/backend/README.md b/modules/backend/README.md
index 5c5616c7..9411ba33 100644
--- a/modules/backend/README.md
+++ b/modules/backend/README.md
@@ -17,6 +17,7 @@ This module creates `google_compute_backend_service` resource and its dependenci
 | enable\_cdn | Enable Cloud CDN for this BackendService. | `bool` | `false` | no |
 | firewall\_networks | Names of the networks to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | firewall\_projects | Names of the projects to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
+| firewall\_source\_ranges | Source ranges for global Application Load Balancer's proxies. This should be set to ip\_cidr\_range of your REGIONAL\_MANAGED\_PROXY subnet. | `list(string)` | <pre>[<br>  "10.129.0.0/23"<br>]</pre> | no |
 | groups | The list of backend instance group which serves the traffic. | <pre>list(object({<br>    group       = string<br>    description = optional(string)<br><br>    balancing_mode               = optional(string)<br>    capacity_scaler              = optional(number)<br>    max_connections              = optional(number)<br>    max_connections_per_instance = optional(number)<br>    max_connections_per_endpoint = optional(number)<br>    max_rate                     = optional(number)<br>    max_rate_per_instance        = optional(number)<br>    max_rate_per_endpoint        = optional(number)<br>    max_utilization              = optional(number)<br>  }))</pre> | `[]` | no |
 | health\_check | Input for creating HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. | <pre>object({<br>    host                = optional(string, null)<br>    request_path        = optional(string, null)<br>    request             = optional(string, null)<br>    response            = optional(string, null)<br>    port                = optional(number, null)<br>    port_name           = optional(string, null)<br>    proxy_header        = optional(string, null)<br>    port_specification  = optional(string, null)<br>    protocol            = optional(string, null)<br>    check_interval_sec  = optional(number, 5)<br>    timeout_sec         = optional(number, 5)<br>    healthy_threshold   = optional(number, 2)<br>    unhealthy_threshold = optional(number, 2)<br>    logging             = optional(bool, false)<br>  })</pre> | `null` | no |
 | host\_path\_mappings | The list of host/path for which traffic could be sent to the backend service | <pre>list(object({<br>    host = string<br>    path = string<br>  }))</pre> | <pre>[<br>  {<br>    "host": "*",<br>    "path": "/*"<br>  }<br>]</pre> | no |
diff --git a/modules/backend/main.tf b/modules/backend/main.tf
index 09864b33..5294ebcd 100644
--- a/modules/backend/main.tf
+++ b/modules/backend/main.tf
@@ -289,3 +289,24 @@ resource "google_compute_firewall" "default-hc" {
     ports    = var.health_check.port != null ? [var.health_check.port] : null
   }
 }
+
+resource "google_compute_firewall" "allow_proxy" {
+  count         = var.health_check != null ? length(var.firewall_networks) : 0
+  project       = length(var.firewall_networks) == 1 && var.firewall_projects[0] == "default" ? var.project_id : var.firewall_projects[count.index]
+  name          = "${var.name}-fw-allow-proxies-${count.index}"
+  network       = var.firewall_networks[count.index]
+  source_ranges = var.firewall_source_ranges
+  target_tags   = length(var.target_tags) > 0 ? var.target_tags : null
+  allow {
+    ports    = ["443"]
+    protocol = "tcp"
+  }
+  allow {
+    ports    = ["80"]
+    protocol = "tcp"
+  }
+  allow {
+    ports    = ["8080"]
+    protocol = "tcp"
+  }
+}
diff --git a/modules/backend/metadata.yaml b/modules/backend/metadata.yaml
index 4506fe82..4f8ae617 100644
--- a/modules/backend/metadata.yaml
+++ b/modules/backend/metadata.yaml
@@ -52,6 +52,8 @@ spec:
         location: examples/https-redirect
       - name: internal-lb-cloud-run
         location: examples/internal-lb-cloud-run
+      - name: internal-lb-gce-mig
+        location: examples/internal-lb-gce-mig
       - name: lb-http-separate-frontend-and-backend
         location: examples/lb-http-separate-frontend-and-backend
       - name: mig-nat-http-lb
@@ -286,6 +288,11 @@ spec:
         description: List of target service accounts for health check firewall rule. Exactly one of target_tags or target_service_accounts should be specified.
         varType: list(string)
         defaultValue: []
+      - name: firewall_source_ranges
+        description: Source ranges for global Application Load Balancer's proxies. This should be set to ip_cidr_range of your REGIONAL_MANAGED_PROXY subnet.
+        varType: list(string)
+        defaultValue:
+          - 10.129.0.0/23
     outputs:
       - name: backend_service_info
         description: Host, path and backend service mapping
diff --git a/modules/backend/variables.tf b/modules/backend/variables.tf
index 882aff6d..4dd4edf2 100644
--- a/modules/backend/variables.tf
+++ b/modules/backend/variables.tf
@@ -269,3 +269,9 @@ variable "target_service_accounts" {
   type        = list(string)
   default     = []
 }
+
+variable "firewall_source_ranges" {
+  description = "Source ranges for global Application Load Balancer's proxies. This should be set to ip_cidr_range of your REGIONAL_MANAGED_PROXY subnet."
+  type        = list(string)
+  default     = ["10.129.0.0/23"]
+}

From 42bc1f6200fad8937ce0cae5b205cb824b1ba751 Mon Sep 17 00:00:00 2001
From: pawan1210 <pawansaggu@google.com>
Date: Thu, 3 Apr 2025 10:15:58 +0000
Subject: [PATCH 2/6] feat: added internal-lb-gce-mig example

---
 build/int.cloudbuild.yaml                     |   15 +
 examples/internal-lb-cloud-run/readme.md      |    8 +-
 examples/internal-lb-gce-mig/main.tf          |  255 ++++
 examples/internal-lb-gce-mig/outputs.tf       |   20 +
 examples/internal-lb-gce-mig/readme.md        |   20 +
 examples/internal-lb-gce-mig/show.txt         | 1069 +++++++++++++++++
 examples/internal-lb-gce-mig/variables.tf     |   19 +
 metadata.yaml                                 |    2 +
 modules/dynamic_backends/metadata.yaml        |    2 +
 modules/frontend/metadata.yaml                |    2 +
 modules/serverless_negs/metadata.yaml         |    2 +
 .../internal_lb_gce_mig_test.go               |   47 +
 12 files changed, 1460 insertions(+), 1 deletion(-)
 create mode 100644 examples/internal-lb-gce-mig/main.tf
 create mode 100644 examples/internal-lb-gce-mig/outputs.tf
 create mode 100644 examples/internal-lb-gce-mig/readme.md
 create mode 100644 examples/internal-lb-gce-mig/show.txt
 create mode 100644 examples/internal-lb-gce-mig/variables.tf
 create mode 100644 test/integration/internal-lb-gce-mig/internal_lb_gce_mig_test.go

diff --git a/build/int.cloudbuild.yaml b/build/int.cloudbuild.yaml
index d3b0f7b8..87fdb2a5 100644
--- a/build/int.cloudbuild.yaml
+++ b/build/int.cloudbuild.yaml
@@ -143,6 +143,21 @@ steps:
     - verify internal-lb-http
   name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
   args: ['/bin/bash', '-c', 'cft test run TestInternalLbCloudRun --stage teardown --verbose']
+- id: apply internal-lb-http gce-mig
+  waitFor:
+    - create
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'cft test run TestInternalLbGCEMIG --stage apply --verbose']
+- id: verify internal-lb-http gce-mig
+  waitFor:
+    - apply internal-lb-http gce-mig
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'sleep 360 && cft test run TestInternalLbGCEMIG --stage verify --verbose']
+- id: teardown internal-lb-http gce-mig
+  waitFor:
+    - verify internal-lb-http gce-mig
+  name: 'gcr.io/cloud-foundation-cicd/$_DOCKER_IMAGE_DEVELOPER_TOOLS:$_DOCKER_TAG_VERSION_DEVELOPER_TOOLS'
+  args: ['/bin/bash', '-c', 'cft test run TestInternalLbGCEMIG --stage teardown --verbose']
 tags:
 - 'ci'
 - 'integration'
diff --git a/examples/internal-lb-cloud-run/readme.md b/examples/internal-lb-cloud-run/readme.md
index 444c6e16..d6d21cd7 100644
--- a/examples/internal-lb-cloud-run/readme.md
+++ b/examples/internal-lb-cloud-run/readme.md
@@ -1,4 +1,4 @@
-# HTTP Internal Regional Load Balancer Example
+# HTTP Internal Cross-Regional Load Balancer Example
 
 This example creates a simple application with below components.
 
@@ -17,4 +17,10 @@ The forwarding rules and its dependecies are created as part of `frontend` modul
 |------|-------------|------|---------|:--------:|
 | project\_id | n/a | `string` | n/a | yes |
 
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| external\_cloudrun\_uris | The uris of the publicaly accesible cloud-run services |
+
 <!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/internal-lb-gce-mig/main.tf b/examples/internal-lb-gce-mig/main.tf
new file mode 100644
index 00000000..a0b9d3d1
--- /dev/null
+++ b/examples/internal-lb-gce-mig/main.tf
@@ -0,0 +1,255 @@
+/**
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+provider "google" {
+  project = var.project_id
+}
+
+provider "google-beta" {
+  project = var.project_id
+}
+
+module "internal-lb-network" {
+  source                  = "terraform-google-modules/network/google//modules/vpc"
+  version                 = "~> 10.0.0"
+  project_id              = var.project_id
+  network_name            = "int-lb-mig-network"
+  auto_create_subnetworks = false
+}
+
+module "internal-lb-subnet" {
+  source = "terraform-google-modules/network/google//modules/subnets"
+  version = "~> 10.0.0"
+
+  subnets = [
+    {
+      subnet_name   = "int-lb-mig-subnet-a"
+      subnet_ip     = "10.1.2.0/24"
+      subnet_region = "us-east1"
+    },
+    {
+      subnet_name   = "int-lb-mig-proxy-only-subnet-a"
+      subnet_ip     = "10.129.0.0/23"
+      subnet_region = "us-east1"
+      purpose       = "GLOBAL_MANAGED_PROXY"
+      role          = "ACTIVE"
+    },
+    {
+      subnet_name   = "int-lb-mig-subnet-b"
+      subnet_ip     = "10.1.3.0/24"
+      subnet_region = "us-central1"
+    },
+    {
+      subnet_name   = "int-lb-mig-proxy-only-subnet-b",
+      subnet_ip     = "10.130.0.0/23"
+      subnet_region = "us-central1"
+      purpose       = "GLOBAL_MANAGED_PROXY"
+      role          = "ACTIVE"
+    }
+  ]
+
+  network_name = module.internal-lb-network.network_name
+  project_id   = var.project_id
+  depends_on   = [module.internal-lb-network]
+}
+
+module "instance-template-region-a" {
+  source  = "terraform-google-modules/vm/google//modules/instance_template"
+  version = "~> 13.0"
+
+  project_id           = var.project_id
+  region               = "us-east1"
+  source_image_project = "debian-cloud"
+  source_image         = "debian-12"
+  network              = module.internal-lb-network.network_name
+  subnetwork           = module.internal-lb-subnet.subnets["us-east1/int-lb-mig-subnet-a"].name
+  access_config        = [{ network_tier : "PREMIUM" }]
+  name_prefix          = "instance-template-region-a"
+  startup_script       = <<EOF
+    #! /bin/bash
+    sudo apt-get update
+    sudo apt-get install apache2 -y
+    sudo a2ensite default-ssl
+    sudo a2enmod ssl
+    vm_hostname="$(curl -H "Metadata-Flavor:Google" \
+    http://169.254.169.254/computeMetadata/v1/instance/name)"
+    sudo echo "Page served from: $vm_hostname" | \
+    tee /var/www/html/index.html
+    sudo systemctl restart apache2
+    EOF
+  tags = [
+    "load-balanced-backend"
+  ]
+}
+
+module "instance-template-region-b" {
+  source  = "terraform-google-modules/vm/google//modules/instance_template"
+  version = "~> 13.0"
+
+  project_id           = var.project_id
+  region               = "us-central1"
+  source_image_project = "debian-cloud"
+  source_image         = "debian-12"
+  network              = module.internal-lb-network.network_name
+  subnetwork           = module.internal-lb-subnet.subnets["us-central1/int-lb-mig-subnet-b"].name
+  access_config        = [{ network_tier : "PREMIUM" }]
+  name_prefix          = "instance-template-region-b"
+  startup_script       = <<EOF
+    #! /bin/bash
+    sudo apt-get update
+    sudo apt-get install apache2 -y
+    sudo a2ensite default-ssl
+    sudo a2enmod ssl
+    vm_hostname="$(curl -H "Metadata-Flavor:Google" \
+    http://169.254.169.254/computeMetadata/v1/instance/name)"
+    sudo echo "Page served from: $vm_hostname" | \
+    tee /var/www/html/index.html
+    sudo systemctl restart apache2
+    EOF
+  tags = [
+    "load-balanced-backend"
+  ]
+}
+
+module "mig-region-a" {
+  source            = "terraform-google-modules/vm/google//modules/mig"
+  version           = "~> 13.0"
+  instance_template = module.instance-template-region-a.self_link
+  project_id        = var.project_id
+  region            = "us-east1"
+  hostname          = "mig-group-region-a"
+  target_size       = 2
+  named_ports = [{
+    name = "http",
+    port = 80
+  }]
+  depends_on = [module.instance-template-region-a]
+}
+
+module "mig-region-b" {
+  source            = "terraform-google-modules/vm/google//modules/mig"
+  version           = "~> 13.0"
+  instance_template = module.instance-template-region-b.self_link
+  project_id        = var.project_id
+  region            = "us-central1"
+  hostname          = "mig-group-region-b"
+  target_size       = 2
+  named_ports = [{
+    name = "http",
+    port = 80
+  }]
+  depends_on = [module.instance-template-region-b]
+}
+
+module "internal-lb-http-backend" {
+  source  = "terraform-google-modules/lb-http/google//modules/backend"
+  version = "~> 0.4.0"
+
+  project_id            = var.project_id
+  name                  = "int-lb-mig-http-backend"
+  enable_cdn            = false
+  load_balancing_scheme = "INTERNAL_MANAGED"
+  groups = [
+    {
+      group : module.mig-region-a.instance_group,
+    },
+    {
+      group : module.mig-region-b.instance_group,
+    }
+  ]
+  health_check = {
+    protocol : "HTTP",
+    port_specification = "USE_SERVING_PORT"
+    proxy_header       = "NONE"
+    request_path       = "/"
+  }
+  firewall_networks = [module.internal-lb-network.network_name]
+  firewall_source_ranges = [
+    "10.129.0.0/23",
+    "10.130.0.0/23"
+  ]
+  target_tags = [
+    "load-balanced-backend"
+  ]
+}
+
+module "internal-lb-http-frontend" {
+  source  = "terraform-google-modules/lb-http/google//modules/frontend"
+  version = "~> 12.0"
+
+  project_id            = var.project_id
+  name                  = "int-lb-mig-http-frontend"
+  url_map_input         = module.internal-lb-http-backend.backend_service_info
+  network               = module.internal-lb-network.network_name
+  load_balancing_scheme = "INTERNAL_MANAGED"
+  internal_forwarding_rules_config = [
+    {
+      "region" : "us-east1",
+      "subnetwork" : module.internal-lb-subnet.subnets["us-east1/int-lb-mig-subnet-a"].id
+    },
+    {
+      "region" : "us-central1",
+      "subnetwork" : module.internal-lb-subnet.subnets["us-central1/int-lb-mig-subnet-b"].id
+    }
+  ]
+}
+
+resource "google_vpc_access_connector" "internal_lb_vpc_connector" {
+  provider       = google-beta
+  project        = var.project_id
+  name           = "fe-vpc-cx-gce"
+  region         = "us-east1"
+  ip_cidr_range  = "10.8.0.0/28"
+  network        = module.internal-lb-network.network_name
+  max_throughput = 500
+  min_throughput = 300
+}
+
+module "frontend-service-a" {
+  source       = "GoogleCloudPlatform/cloud-run/google//modules/v2"
+  version      = "~> 0.16.3"
+  project_id   = var.project_id
+  location     = "us-east1"
+  service_name = "fs-gce-a"
+  containers   = [{ "env_vars" : { "TARGET_IP" : module.internal-lb-http-frontend.ip_address_internal_managed_http[0] }, "ports" = { "container_port" = 80, "name" = "http1" }, "container_name" = "", "container_image" = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002" }]
+  members      = ["allUsers"]
+  vpc_access = {
+    connector = google_vpc_access_connector.internal_lb_vpc_connector.id
+    egress    = "ALL_TRAFFIC"
+  }
+  ingress                       = "INGRESS_TRAFFIC_ALL"
+  cloud_run_deletion_protection = false
+  enable_prometheus_sidecar     = false
+  depends_on                    = [google_vpc_access_connector.internal_lb_vpc_connector]
+}
+
+module "frontend-service-b" {
+  source       = "GoogleCloudPlatform/cloud-run/google//modules/v2"
+  version      = "~> 0.16.3"
+  project_id   = var.project_id
+  location     = "us-east1"
+  service_name = "fs-gce-b"
+  containers   = [{ "env_vars" : { "TARGET_IP" : module.internal-lb-http-frontend.ip_address_internal_managed_http[1] }, "ports" = { "container_port" = 80, "name" = "http1" }, "container_name" = "", "container_image" = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002" }]
+  members      = ["allUsers"]
+  vpc_access = {
+    connector = google_vpc_access_connector.internal_lb_vpc_connector.id
+    egress    = "ALL_TRAFFIC"
+  }
+  ingress                       = "INGRESS_TRAFFIC_ALL"
+  cloud_run_deletion_protection = false
+  enable_prometheus_sidecar     = false
+}
+
diff --git a/examples/internal-lb-gce-mig/outputs.tf b/examples/internal-lb-gce-mig/outputs.tf
new file mode 100644
index 00000000..22772df2
--- /dev/null
+++ b/examples/internal-lb-gce-mig/outputs.tf
@@ -0,0 +1,20 @@
+/**
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "external_cloudrun_uris" {
+  description = "List of URIs for the frontend Cloud Run services"
+  value       = [module.frontend-service-a.service_uri, module.frontend-service-b.service_uri]
+}
diff --git a/examples/internal-lb-gce-mig/readme.md b/examples/internal-lb-gce-mig/readme.md
new file mode 100644
index 00000000..317df5d8
--- /dev/null
+++ b/examples/internal-lb-gce-mig/readme.md
@@ -0,0 +1,20 @@
+# HTTP Cross-Regional Load Balancer Example - GCE MIG
+
+This example creates a cross regional HTTP forwarding rule to forward traffic to GCE managed instance group. The `google_compute_region_backend_service` and its dependencies are created as part of `backend` module.
+The forwarding rules and its dependecies are created as part of `frontend` modules.
+The forwarding rule is INTERNAL_MANAGED and can not be accessed on open internet. This example also creates two publicly accessible cloud-run services to access the internal load balancer using the internal ip address of the forwarding rule.
+
+<!-- BEGINNING OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
+## Inputs
+
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| project\_id | n/a | `string` | n/a | yes |
+
+## Outputs
+
+| Name | Description |
+|------|-------------|
+| external\_cloudrun\_uris | The uris of the publicaly accesible cloud-run services |
+
+<!-- END OF PRE-COMMIT-TERRAFORM DOCS HOOK -->
diff --git a/examples/internal-lb-gce-mig/show.txt b/examples/internal-lb-gce-mig/show.txt
new file mode 100644
index 00000000..6e5bdd01
--- /dev/null
+++ b/examples/internal-lb-gce-mig/show.txt
@@ -0,0 +1,1069 @@
+# google_vpc_access_connector.internal_lb_vpc_connector:
+resource "google_vpc_access_connector" "internal_lb_vpc_connector" {
+    connected_projects = []
+    id                 = "projects/ajay-dm-testing/locations/us-east1/connectors/int-lb-vpc-connector"
+    ip_cidr_range      = "10.8.0.0/28"
+    machine_type       = "e2-micro"
+    max_instances      = 5
+    max_throughput     = 500
+    min_instances      = 3
+    min_throughput     = 300
+    name               = "int-lb-vpc-connector"
+    network            = "int-lb-network"
+    project            = "ajay-dm-testing"
+    region             = "us-east1"
+    self_link          = "projects/ajay-dm-testing/locations/us-east1/connectors/int-lb-vpc-connector"
+    state              = "READY"
+}
+
+
+# module.frontend-service-a.google_cloud_run_v2_service.main:
+resource "google_cloud_run_v2_service" "main" {
+    conditions              = [
+        {
+            execution_reason     = ""
+            last_transition_time = "2025-04-02T17:33:07.072752Z"
+            message              = ""
+            reason               = ""
+            revision_reason      = ""
+            severity             = ""
+            state                = "CONDITION_SUCCEEDED"
+            type                 = "RoutesReady"
+        },
+        {
+            execution_reason     = ""
+            last_transition_time = "2025-04-02T17:33:05.863895Z"
+            message              = ""
+            reason               = ""
+            revision_reason      = ""
+            severity             = ""
+            state                = "CONDITION_SUCCEEDED"
+            type                 = "ConfigurationsReady"
+        },
+    ]
+    create_time             = "2025-04-02T17:32:52.414439Z"
+    creator                 = "pawansaggu@google.com"
+    default_uri_disabled    = false
+    deletion_protection     = false
+    effective_annotations   = {}
+    effective_labels        = {
+        "goog-terraform-provisioned" = "true"
+    }
+    etag                    = "\"CMTptb8GENisz8UB/cHJvamVjdHMvYWpheS1kbS10ZXN0aW5nL2xvY2F0aW9ucy91cy1lYXN0MS9zZXJ2aWNlcy9mcy1h\""
+    generation              = "1"
+    id                      = "projects/ajay-dm-testing/locations/us-east1/services/fs-a"
+    ingress                 = "INGRESS_TRAFFIC_ALL"
+    invoker_iam_disabled    = false
+    last_modifier           = "pawansaggu@google.com"
+    latest_created_revision = "projects/ajay-dm-testing/locations/us-east1/services/fs-a/revisions/fs-a-00001-v6z"
+    latest_ready_revision   = "projects/ajay-dm-testing/locations/us-east1/services/fs-a/revisions/fs-a-00001-v6z"
+    launch_stage            = "GA"
+    location                = "us-east1"
+    name                    = "fs-a"
+    observed_generation     = "1"
+    project                 = "ajay-dm-testing"
+    reconciling             = false
+    terminal_condition      = [
+        {
+            execution_reason     = ""
+            last_transition_time = "2025-04-02T17:33:07.105575Z"
+            message              = ""
+            reason               = ""
+            revision_reason      = ""
+            severity             = ""
+            state                = "CONDITION_SUCCEEDED"
+            type                 = "Ready"
+        },
+    ]
+    terraform_labels        = {
+        "goog-terraform-provisioned" = "true"
+    }
+    traffic_statuses        = [
+        {
+            percent  = 100
+            revision = ""
+            tag      = ""
+            type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
+            uri      = ""
+        },
+    ]
+    uid                     = "95940286-d124-423b-817d-4d6d56eee679"
+    update_time             = "2025-04-02T17:32:52.414439Z"
+    uri                     = "https://fs-a-e6hvzdnvtq-ue.a.run.app"
+    urls                    = [
+        "https://fs-a-1016840587463.us-east1.run.app",
+        "https://fs-a-e6hvzdnvtq-ue.a.run.app",
+    ]
+
+    template {
+        execution_environment            = "EXECUTION_ENVIRONMENT_GEN2"
+        gpu_zonal_redundancy_disabled    = false
+        max_instance_request_concurrency = 80
+        service_account                  = "fs-a-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
+        session_affinity                 = false
+        timeout                          = "300s"
+
+        containers {
+            build_info = []
+            image      = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002"
+
+            env {
+                name  = "TARGET_IP"
+                value = "10.1.3.4"
+            }
+
+            ports {
+                container_port = 80
+                name           = "http1"
+            }
+
+            resources {
+                cpu_idle          = true
+                limits            = {
+                    "cpu"    = "1000m"
+                    "memory" = "512Mi"
+                }
+                startup_cpu_boost = false
+            }
+
+            startup_probe {
+                failure_threshold     = 1
+                initial_delay_seconds = 0
+                period_seconds        = 240
+                timeout_seconds       = 240
+
+                tcp_socket {
+                    port = 80
+                }
+            }
+        }
+
+        scaling {
+            max_instance_count = 100
+            min_instance_count = 0
+        }
+
+        vpc_access {
+            connector = "projects/ajay-dm-testing/locations/us-east1/connectors/int-lb-vpc-connector"
+            egress    = "ALL_TRAFFIC"
+        }
+    }
+
+    traffic {
+        percent = 100
+        type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
+    }
+}
+
+# module.frontend-service-a.google_cloud_run_v2_service_iam_member.authorize["allUsers"]:
+resource "google_cloud_run_v2_service_iam_member" "authorize" {
+    etag     = "BwYxzwyHpXg="
+    id       = "projects/ajay-dm-testing/locations/us-east1/services/fs-a/roles/run.invoker/allUsers"
+    location = "us-east1"
+    member   = "allUsers"
+    name     = "projects/ajay-dm-testing/locations/us-east1/services/fs-a"
+    project  = "ajay-dm-testing"
+    role     = "roles/run.invoker"
+}
+
+# module.frontend-service-a.google_service_account.sa[0]:
+resource "google_service_account" "sa" {
+    account_id   = "fs-a-us-east1-sa"
+    disabled     = false
+    display_name = "Service account for fs-a in us-east1"
+    email        = "fs-a-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
+    id           = "projects/ajay-dm-testing/serviceAccounts/fs-a-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
+    member       = "serviceAccount:fs-a-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
+    name         = "projects/ajay-dm-testing/serviceAccounts/fs-a-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
+    project      = "ajay-dm-testing"
+    unique_id    = "110495645426254899844"
+}
+
+
+# module.frontend-service-b.google_cloud_run_v2_service.main:
+resource "google_cloud_run_v2_service" "main" {
+    conditions              = [
+        {
+            execution_reason     = ""
+            last_transition_time = "2025-04-02T17:33:07.058716Z"
+            message              = ""
+            reason               = ""
+            revision_reason      = ""
+            severity             = ""
+            state                = "CONDITION_SUCCEEDED"
+            type                 = "RoutesReady"
+        },
+        {
+            execution_reason     = ""
+            last_transition_time = "2025-04-02T17:33:05.854591Z"
+            message              = ""
+            reason               = ""
+            revision_reason      = ""
+            severity             = ""
+            state                = "CONDITION_SUCCEEDED"
+            type                 = "ConfigurationsReady"
+        },
+    ]
+    create_time             = "2025-04-02T17:32:52.366619Z"
+    creator                 = "pawansaggu@google.com"
+    default_uri_disabled    = false
+    deletion_protection     = false
+    effective_annotations   = {}
+    effective_labels        = {
+        "goog-terraform-provisioned" = "true"
+    }
+    etag                    = "\"CMTptb8GEPjS6K4B/cHJvamVjdHMvYWpheS1kbS10ZXN0aW5nL2xvY2F0aW9ucy91cy1lYXN0MS9zZXJ2aWNlcy9mcy1i\""
+    generation              = "1"
+    id                      = "projects/ajay-dm-testing/locations/us-east1/services/fs-b"
+    ingress                 = "INGRESS_TRAFFIC_ALL"
+    invoker_iam_disabled    = false
+    last_modifier           = "pawansaggu@google.com"
+    latest_created_revision = "projects/ajay-dm-testing/locations/us-east1/services/fs-b/revisions/fs-b-00001-24l"
+    latest_ready_revision   = "projects/ajay-dm-testing/locations/us-east1/services/fs-b/revisions/fs-b-00001-24l"
+    launch_stage            = "GA"
+    location                = "us-east1"
+    name                    = "fs-b"
+    observed_generation     = "1"
+    project                 = "ajay-dm-testing"
+    reconciling             = false
+    terminal_condition      = [
+        {
+            execution_reason     = ""
+            last_transition_time = "2025-04-02T17:33:07.100090Z"
+            message              = ""
+            reason               = ""
+            revision_reason      = ""
+            severity             = ""
+            state                = "CONDITION_SUCCEEDED"
+            type                 = "Ready"
+        },
+    ]
+    terraform_labels        = {
+        "goog-terraform-provisioned" = "true"
+    }
+    traffic_statuses        = [
+        {
+            percent  = 100
+            revision = ""
+            tag      = ""
+            type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
+            uri      = ""
+        },
+    ]
+    uid                     = "d8e32756-0100-401f-ae81-cd5de39a5ddf"
+    update_time             = "2025-04-02T17:32:52.366619Z"
+    uri                     = "https://fs-b-e6hvzdnvtq-ue.a.run.app"
+    urls                    = [
+        "https://fs-b-1016840587463.us-east1.run.app",
+        "https://fs-b-e6hvzdnvtq-ue.a.run.app",
+    ]
+
+    template {
+        execution_environment            = "EXECUTION_ENVIRONMENT_GEN2"
+        gpu_zonal_redundancy_disabled    = false
+        max_instance_request_concurrency = 80
+        service_account                  = "fs-b-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
+        session_affinity                 = false
+        timeout                          = "300s"
+
+        containers {
+            build_info = []
+            image      = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002"
+
+            env {
+                name  = "TARGET_IP"
+                value = "10.1.2.4"
+            }
+
+            ports {
+                container_port = 80
+                name           = "http1"
+            }
+
+            resources {
+                cpu_idle          = true
+                limits            = {
+                    "cpu"    = "1000m"
+                    "memory" = "512Mi"
+                }
+                startup_cpu_boost = false
+            }
+
+            startup_probe {
+                failure_threshold     = 1
+                initial_delay_seconds = 0
+                period_seconds        = 240
+                timeout_seconds       = 240
+
+                tcp_socket {
+                    port = 80
+                }
+            }
+        }
+
+        scaling {
+            max_instance_count = 100
+            min_instance_count = 0
+        }
+
+        vpc_access {
+            connector = "projects/ajay-dm-testing/locations/us-east1/connectors/int-lb-vpc-connector"
+            egress    = "ALL_TRAFFIC"
+        }
+    }
+
+    traffic {
+        percent = 100
+        type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
+    }
+}
+
+# module.frontend-service-b.google_cloud_run_v2_service_iam_member.authorize["allUsers"]:
+resource "google_cloud_run_v2_service_iam_member" "authorize" {
+    etag     = "BwYxzwyFhWM="
+    id       = "projects/ajay-dm-testing/locations/us-east1/services/fs-b/roles/run.invoker/allUsers"
+    location = "us-east1"
+    member   = "allUsers"
+    name     = "projects/ajay-dm-testing/locations/us-east1/services/fs-b"
+    project  = "ajay-dm-testing"
+    role     = "roles/run.invoker"
+}
+
+# module.frontend-service-b.google_service_account.sa[0]:
+resource "google_service_account" "sa" {
+    account_id   = "fs-b-us-east1-sa"
+    disabled     = false
+    display_name = "Service account for fs-b in us-east1"
+    email        = "fs-b-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
+    id           = "projects/ajay-dm-testing/serviceAccounts/fs-b-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
+    member       = "serviceAccount:fs-b-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
+    name         = "projects/ajay-dm-testing/serviceAccounts/fs-b-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
+    project      = "ajay-dm-testing"
+    unique_id    = "112453066558953501153"
+}
+
+
+# module.instance-template-region-a.google_compute_instance_template.tpl:
+resource "google_compute_instance_template" "tpl" {
+    can_ip_forward          = false
+    creation_timestamp      = "2025-04-02T10:29:59.924-07:00"
+    effective_labels        = {
+        "goog-terraform-provisioned" = "true"
+    }
+    id                      = "projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-a-20250402172959064200000001"
+    machine_type            = "n1-standard-1"
+    metadata_fingerprint    = "1xFNrMnFqhA="
+    metadata_startup_script = <<-EOT
+        #! /bin/bash
+            sudo apt-get update
+            sudo apt-get install apache2 -y
+            sudo a2ensite default-ssl
+            sudo a2enmod ssl
+            vm_hostname="$(curl -H "Metadata-Flavor:Google" \
+            http://169.254.169.254/computeMetadata/v1/instance/name)"
+            sudo echo "Page served from: $vm_hostname" | \
+            tee /var/www/html/index.html
+            sudo systemctl restart apache2
+    EOT
+    name                    = "instance-template-region-a-20250402172959064200000001"
+    name_prefix             = "instance-template-region-a-"
+    project                 = "ajay-dm-testing"
+    region                  = "us-east1"
+    resource_policies       = []
+    self_link               = "https://www.googleapis.com/compute/beta/projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-a-20250402172959064200000001"
+    self_link_unique        = "https://www.googleapis.com/compute/beta/projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-a-20250402172959064200000001?uniqueId=6627423111098714872"
+    tags                    = [
+        "load-balanced-backend",
+    ]
+    terraform_labels        = {
+        "goog-terraform-provisioned" = "true"
+    }
+
+    advanced_machine_features {
+        enable_nested_virtualization = false
+        enable_uefi_networking       = false
+        threads_per_core             = 0
+        visible_core_count           = 0
+    }
+
+    confidential_instance_config {
+        enable_confidential_compute = false
+    }
+
+    disk {
+        auto_delete            = true
+        boot                   = true
+        device_name            = "persistent-disk-0"
+        disk_size_gb           = 100
+        disk_type              = "pd-standard"
+        interface              = "SCSI"
+        mode                   = "READ_WRITE"
+        provisioned_iops       = 0
+        provisioned_throughput = 0
+        resource_policies      = []
+        source_image           = "projects/debian-cloud/global/images/family/debian-12"
+        type                   = "PERSISTENT"
+    }
+
+    network_interface {
+        internal_ipv6_prefix_length = 0
+        name                        = "nic0"
+        network                     = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
+        queue_count                 = 0
+        subnetwork                  = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-east1/subnetworks/int-lb-subnet-a"
+        subnetwork_project          = "ajay-dm-testing"
+
+        access_config {
+            network_tier = "PREMIUM"
+        }
+    }
+
+    network_performance_config {
+        total_egress_bandwidth_tier = "DEFAULT"
+    }
+
+    scheduling {
+        automatic_restart          = true
+        availability_domain        = 0
+        host_error_timeout_seconds = 0
+        min_node_cpus              = 0
+        on_host_maintenance        = "MIGRATE"
+        preemptible                = false
+        provisioning_model         = "STANDARD"
+    }
+
+    service_account {
+        email  = "instance-template-region-a--sa@ajay-dm-testing.iam.gserviceaccount.com"
+        scopes = [
+            "https://www.googleapis.com/auth/cloud-platform",
+        ]
+    }
+}
+
+# module.instance-template-region-a.google_service_account.sa[0]:
+resource "google_service_account" "sa" {
+    account_id   = "instance-template-region-a--sa"
+    disabled     = false
+    display_name = "Service account for instance-template-region-a in us-east1"
+    email        = "instance-template-region-a--sa@ajay-dm-testing.iam.gserviceaccount.com"
+    id           = "projects/ajay-dm-testing/serviceAccounts/instance-template-region-a--sa@ajay-dm-testing.iam.gserviceaccount.com"
+    member       = "serviceAccount:instance-template-region-a--sa@ajay-dm-testing.iam.gserviceaccount.com"
+    name         = "projects/ajay-dm-testing/serviceAccounts/instance-template-region-a--sa@ajay-dm-testing.iam.gserviceaccount.com"
+    project      = "ajay-dm-testing"
+    unique_id    = "107582880543508748347"
+}
+
+
+# module.instance-template-region-b.google_compute_instance_template.tpl:
+resource "google_compute_instance_template" "tpl" {
+    can_ip_forward          = false
+    creation_timestamp      = "2025-04-02T10:30:00.325-07:00"
+    effective_labels        = {
+        "goog-terraform-provisioned" = "true"
+    }
+    id                      = "projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-b-20250402172959791800000002"
+    machine_type            = "n1-standard-1"
+    metadata_fingerprint    = "1xFNrMnFqhA="
+    metadata_startup_script = <<-EOT
+        #! /bin/bash
+            sudo apt-get update
+            sudo apt-get install apache2 -y
+            sudo a2ensite default-ssl
+            sudo a2enmod ssl
+            vm_hostname="$(curl -H "Metadata-Flavor:Google" \
+            http://169.254.169.254/computeMetadata/v1/instance/name)"
+            sudo echo "Page served from: $vm_hostname" | \
+            tee /var/www/html/index.html
+            sudo systemctl restart apache2
+    EOT
+    name                    = "instance-template-region-b-20250402172959791800000002"
+    name_prefix             = "instance-template-region-b-"
+    project                 = "ajay-dm-testing"
+    region                  = "us-central1"
+    resource_policies       = []
+    self_link               = "https://www.googleapis.com/compute/beta/projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-b-20250402172959791800000002"
+    self_link_unique        = "https://www.googleapis.com/compute/beta/projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-b-20250402172959791800000002?uniqueId=5819980572394572536"
+    tags                    = [
+        "load-balanced-backend",
+    ]
+    terraform_labels        = {
+        "goog-terraform-provisioned" = "true"
+    }
+
+    advanced_machine_features {
+        enable_nested_virtualization = false
+        enable_uefi_networking       = false
+        threads_per_core             = 0
+        visible_core_count           = 0
+    }
+
+    confidential_instance_config {
+        enable_confidential_compute = false
+    }
+
+    disk {
+        auto_delete            = true
+        boot                   = true
+        device_name            = "persistent-disk-0"
+        disk_size_gb           = 100
+        disk_type              = "pd-standard"
+        interface              = "SCSI"
+        mode                   = "READ_WRITE"
+        provisioned_iops       = 0
+        provisioned_throughput = 0
+        resource_policies      = []
+        source_image           = "projects/debian-cloud/global/images/family/debian-12"
+        type                   = "PERSISTENT"
+    }
+
+    network_interface {
+        internal_ipv6_prefix_length = 0
+        name                        = "nic0"
+        network                     = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
+        queue_count                 = 0
+        subnetwork                  = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-central1/subnetworks/int-lb-subnet-b"
+        subnetwork_project          = "ajay-dm-testing"
+
+        access_config {
+            network_tier = "PREMIUM"
+        }
+    }
+
+    network_performance_config {
+        total_egress_bandwidth_tier = "DEFAULT"
+    }
+
+    scheduling {
+        automatic_restart          = true
+        availability_domain        = 0
+        host_error_timeout_seconds = 0
+        min_node_cpus              = 0
+        on_host_maintenance        = "MIGRATE"
+        preemptible                = false
+        provisioning_model         = "STANDARD"
+    }
+
+    service_account {
+        email  = "instance-template-region-b--sa@ajay-dm-testing.iam.gserviceaccount.com"
+        scopes = [
+            "https://www.googleapis.com/auth/cloud-platform",
+        ]
+    }
+}
+
+# module.instance-template-region-b.google_service_account.sa[0]:
+resource "google_service_account" "sa" {
+    account_id   = "instance-template-region-b--sa"
+    disabled     = false
+    display_name = "Service account for instance-template-region-b in us-central1"
+    email        = "instance-template-region-b--sa@ajay-dm-testing.iam.gserviceaccount.com"
+    id           = "projects/ajay-dm-testing/serviceAccounts/instance-template-region-b--sa@ajay-dm-testing.iam.gserviceaccount.com"
+    member       = "serviceAccount:instance-template-region-b--sa@ajay-dm-testing.iam.gserviceaccount.com"
+    name         = "projects/ajay-dm-testing/serviceAccounts/instance-template-region-b--sa@ajay-dm-testing.iam.gserviceaccount.com"
+    project      = "ajay-dm-testing"
+    unique_id    = "114696083560990847295"
+}
+
+
+# module.internal-lb-http-backend.google_compute_backend_service.default:
+resource "google_compute_backend_service" "default" {
+    affinity_cookie_ttl_sec         = 0
+    connection_draining_timeout_sec = 300
+    creation_timestamp              = "2025-04-02T10:30:29.225-07:00"
+    enable_cdn                      = false
+    fingerprint                     = "PTeruO4ktmY="
+    generated_id                    = 6559375444557221000
+    health_checks                   = [
+        "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/healthChecks/int-lb-http-backend-hc",
+    ]
+    id                              = "projects/ajay-dm-testing/global/backendServices/int-lb-http-backend"
+    load_balancing_scheme           = "INTERNAL_MANAGED"
+    name                            = "int-lb-http-backend"
+    port_name                       = "http"
+    project                         = "ajay-dm-testing"
+    protocol                        = "HTTP"
+    self_link                       = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/backendServices/int-lb-http-backend"
+    session_affinity                = "NONE"
+    timeout_sec                     = 30
+
+    backend {
+        balancing_mode               = "UTILIZATION"
+        capacity_scaler              = 1
+        group                        = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-central1/instanceGroups/mig-group-region-b-mig"
+        max_connections              = 0
+        max_connections_per_endpoint = 0
+        max_connections_per_instance = 0
+        max_rate                     = 0
+        max_rate_per_endpoint        = 0
+        max_rate_per_instance        = 0
+        max_utilization              = 0
+    }
+    backend {
+        balancing_mode               = "UTILIZATION"
+        capacity_scaler              = 1
+        group                        = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-east1/instanceGroups/mig-group-region-a-mig"
+        max_connections              = 0
+        max_connections_per_endpoint = 0
+        max_connections_per_instance = 0
+        max_rate                     = 0
+        max_rate_per_endpoint        = 0
+        max_rate_per_instance        = 0
+        max_utilization              = 0
+    }
+
+    log_config {
+        enable      = true
+        sample_rate = 1
+    }
+}
+
+# module.internal-lb-http-backend.google_compute_firewall.default-hc[0]:
+resource "google_compute_firewall" "default-hc" {
+    creation_timestamp = "2025-04-02T10:29:44.244-07:00"
+    destination_ranges = []
+    direction          = "INGRESS"
+    disabled           = false
+    id                 = "projects/ajay-dm-testing/global/firewalls/int-lb-http-backend-hc-0"
+    name               = "int-lb-http-backend-hc-0"
+    network            = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
+    priority           = 1000
+    project            = "ajay-dm-testing"
+    self_link          = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/firewalls/int-lb-http-backend-hc-0"
+    source_ranges      = [
+        "130.211.0.0/22",
+        "35.191.0.0/16",
+    ]
+    target_tags        = [
+        "load-balanced-backend",
+    ]
+
+    allow {
+        ports    = []
+        protocol = "tcp"
+    }
+}
+
+# module.internal-lb-http-backend.google_compute_health_check.default[0]:
+resource "google_compute_health_check" "default" {
+    check_interval_sec  = 5
+    creation_timestamp  = "2025-04-02T10:29:21.962-07:00"
+    healthy_threshold   = 2
+    id                  = "projects/ajay-dm-testing/global/healthChecks/int-lb-http-backend-hc"
+    name                = "int-lb-http-backend-hc"
+    project             = "ajay-dm-testing"
+    self_link           = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/healthChecks/int-lb-http-backend-hc"
+    timeout_sec         = 5
+    type                = "HTTP"
+    unhealthy_threshold = 2
+
+    http_health_check {
+        port               = 0
+        port_specification = "USE_SERVING_PORT"
+        proxy_header       = "NONE"
+        request_path       = "/"
+    }
+
+    log_config {
+        enable = false
+    }
+}
+
+
+# module.internal-lb-http-frontend.google_compute_global_forwarding_rule.internal_managed_http["us-central1"]:
+resource "google_compute_global_forwarding_rule" "internal_managed_http" {
+    allow_psc_global_access = false
+    effective_labels        = {}
+    forwarding_rule_id      = 29000262240750200
+    id                      = "projects/ajay-dm-testing/global/forwardingRules/int-lb-http-frontend-internal-managed-http-us-central1"
+    ip_address              = "10.1.3.4"
+    ip_protocol             = "TCP"
+    label_fingerprint       = "42WmSpB8rSM="
+    load_balancing_scheme   = "INTERNAL_MANAGED"
+    name                    = "int-lb-http-frontend-internal-managed-http-us-central1"
+    network                 = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
+    network_tier            = "PREMIUM"
+    port_range              = "80-80"
+    project                 = "ajay-dm-testing"
+    self_link               = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/forwardingRules/int-lb-http-frontend-internal-managed-http-us-central1"
+    subnetwork              = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-central1/subnetworks/int-lb-subnet-b"
+    target                  = "https://www.googleapis.com/compute/beta/projects/ajay-dm-testing/global/targetHttpProxies/int-lb-http-frontend-http-proxy"
+    terraform_labels        = {}
+}
+
+# module.internal-lb-http-frontend.google_compute_global_forwarding_rule.internal_managed_http["us-east1"]:
+resource "google_compute_global_forwarding_rule" "internal_managed_http" {
+    allow_psc_global_access = false
+    effective_labels        = {}
+    forwarding_rule_id      = 5556395066479660000
+    id                      = "projects/ajay-dm-testing/global/forwardingRules/int-lb-http-frontend-internal-managed-http-us-east1"
+    ip_address              = "10.1.2.4"
+    ip_protocol             = "TCP"
+    label_fingerprint       = "42WmSpB8rSM="
+    load_balancing_scheme   = "INTERNAL_MANAGED"
+    name                    = "int-lb-http-frontend-internal-managed-http-us-east1"
+    network                 = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
+    network_tier            = "PREMIUM"
+    port_range              = "80-80"
+    project                 = "ajay-dm-testing"
+    self_link               = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/forwardingRules/int-lb-http-frontend-internal-managed-http-us-east1"
+    subnetwork              = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-east1/subnetworks/int-lb-subnet-a"
+    target                  = "https://www.googleapis.com/compute/beta/projects/ajay-dm-testing/global/targetHttpProxies/int-lb-http-frontend-http-proxy"
+    terraform_labels        = {}
+}
+
+# module.internal-lb-http-frontend.google_compute_target_http_proxy.default[0]:
+resource "google_compute_target_http_proxy" "default" {
+    creation_timestamp          = "2025-04-02T10:31:55.439-07:00"
+    http_keep_alive_timeout_sec = 0
+    id                          = "projects/ajay-dm-testing/global/targetHttpProxies/int-lb-http-frontend-http-proxy"
+    name                        = "int-lb-http-frontend-http-proxy"
+    project                     = "ajay-dm-testing"
+    proxy_bind                  = false
+    proxy_id                    = 3660876778706094600
+    self_link                   = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/targetHttpProxies/int-lb-http-frontend-http-proxy"
+    url_map                     = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/urlMaps/int-lb-http-frontend-url-map"
+}
+
+# module.internal-lb-http-frontend.google_compute_url_map.default[0]:
+resource "google_compute_url_map" "default" {
+    creation_timestamp = "2025-04-02T10:31:43.278-07:00"
+    default_service    = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/backendServices/int-lb-http-backend"
+    fingerprint        = "lHDj00c2BDU="
+    id                 = "projects/ajay-dm-testing/global/urlMaps/int-lb-http-frontend-url-map"
+    map_id             = 4719105872322678000
+    name               = "int-lb-http-frontend-url-map"
+    project            = "ajay-dm-testing"
+    self_link          = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/urlMaps/int-lb-http-frontend-url-map"
+
+    host_rule {
+        hosts        = [
+            "*",
+        ]
+        path_matcher = "default"
+    }
+
+    path_matcher {
+        default_service = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/backendServices/int-lb-http-backend"
+        name            = "default"
+    }
+}
+
+
+# module.internal-lb-network.google_compute_network.network:
+resource "google_compute_network" "network" {
+    auto_create_subnetworks                   = false
+    bgp_always_compare_med                    = false
+    bgp_best_path_selection_mode              = "LEGACY"
+    delete_default_routes_on_create           = false
+    enable_ula_internal_ipv6                  = false
+    id                                        = "projects/ajay-dm-testing/global/networks/int-lb-network"
+    mtu                                       = 0
+    name                                      = "int-lb-network"
+    network_firewall_policy_enforcement_order = "AFTER_CLASSIC_FIREWALL"
+    network_id                                = "1016644793868012830"
+    numeric_id                                = "1016644793868012830"
+    project                                   = "ajay-dm-testing"
+    routing_mode                              = "GLOBAL"
+    self_link                                 = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
+}
+
+
+# module.internal-lb-subnet.google_compute_subnetwork.subnetwork["us-central1/int-lb-proxy-only-subnet-b"]:
+resource "google_compute_subnetwork" "subnetwork" {
+    creation_timestamp         = "2025-04-02T10:29:45.167-07:00"
+    enable_flow_logs           = false
+    gateway_address            = "10.130.0.1"
+    id                         = "projects/ajay-dm-testing/regions/us-central1/subnetworks/int-lb-proxy-only-subnet-b"
+    ip_cidr_range              = "10.130.0.0/23"
+    name                       = "int-lb-proxy-only-subnet-b"
+    network                    = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
+    private_ip_google_access   = false
+    private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS"
+    project                    = "ajay-dm-testing"
+    purpose                    = "GLOBAL_MANAGED_PROXY"
+    region                     = "us-central1"
+    role                       = "ACTIVE"
+    self_link                  = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-central1/subnetworks/int-lb-proxy-only-subnet-b"
+    state                      = "READY"
+    subnetwork_id              = 3434960270575848000
+}
+
+# module.internal-lb-subnet.google_compute_subnetwork.subnetwork["us-central1/int-lb-subnet-b"]:
+resource "google_compute_subnetwork" "subnetwork" {
+    creation_timestamp         = "2025-04-02T10:29:45.115-07:00"
+    enable_flow_logs           = false
+    gateway_address            = "10.1.3.1"
+    id                         = "projects/ajay-dm-testing/regions/us-central1/subnetworks/int-lb-subnet-b"
+    ip_cidr_range              = "10.1.3.0/24"
+    name                       = "int-lb-subnet-b"
+    network                    = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
+    private_ip_google_access   = false
+    private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS"
+    project                    = "ajay-dm-testing"
+    purpose                    = "PRIVATE"
+    region                     = "us-central1"
+    self_link                  = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-central1/subnetworks/int-lb-subnet-b"
+    stack_type                 = "IPV4_ONLY"
+    subnetwork_id              = 1116993835700898600
+}
+
+# module.internal-lb-subnet.google_compute_subnetwork.subnetwork["us-east1/int-lb-proxy-only-subnet-a"]:
+resource "google_compute_subnetwork" "subnetwork" {
+    creation_timestamp         = "2025-04-02T10:29:45.205-07:00"
+    enable_flow_logs           = false
+    gateway_address            = "10.129.0.1"
+    id                         = "projects/ajay-dm-testing/regions/us-east1/subnetworks/int-lb-proxy-only-subnet-a"
+    ip_cidr_range              = "10.129.0.0/23"
+    name                       = "int-lb-proxy-only-subnet-a"
+    network                    = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
+    private_ip_google_access   = false
+    private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS"
+    project                    = "ajay-dm-testing"
+    purpose                    = "GLOBAL_MANAGED_PROXY"
+    region                     = "us-east1"
+    role                       = "ACTIVE"
+    self_link                  = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-east1/subnetworks/int-lb-proxy-only-subnet-a"
+    state                      = "READY"
+    subnetwork_id              = 5472668565989543000
+}
+
+# module.internal-lb-subnet.google_compute_subnetwork.subnetwork["us-east1/int-lb-subnet-a"]:
+resource "google_compute_subnetwork" "subnetwork" {
+    creation_timestamp         = "2025-04-02T10:29:45.259-07:00"
+    enable_flow_logs           = false
+    gateway_address            = "10.1.2.1"
+    id                         = "projects/ajay-dm-testing/regions/us-east1/subnetworks/int-lb-subnet-a"
+    ip_cidr_range              = "10.1.2.0/24"
+    name                       = "int-lb-subnet-a"
+    network                    = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
+    private_ip_google_access   = false
+    private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS"
+    project                    = "ajay-dm-testing"
+    purpose                    = "PRIVATE"
+    region                     = "us-east1"
+    self_link                  = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-east1/subnetworks/int-lb-subnet-a"
+    stack_type                 = "IPV4_ONLY"
+    subnetwork_id              = 2637718790300814000
+}
+
+
+# module.mig-region-a.data.google_compute_zones.available:
+data "google_compute_zones" "available" {
+    id      = "projects/ajay-dm-testing/regions/us-east1"
+    names   = [
+        "us-east1-b",
+        "us-east1-c",
+        "us-east1-d",
+    ]
+    project = "ajay-dm-testing"
+    region  = "us-east1"
+}
+
+# module.mig-region-a.google_compute_region_instance_group_manager.mig:
+resource "google_compute_region_instance_group_manager" "mig" {
+    base_instance_name               = "mig-group-region-a"
+    creation_timestamp               = "2025-04-02T10:30:03.724-07:00"
+    distribution_policy_target_shape = "EVEN"
+    distribution_policy_zones        = [
+        "us-east1-b",
+        "us-east1-c",
+        "us-east1-d",
+    ]
+    fingerprint                      = "SE7N9RV6Lx0="
+    id                               = "projects/ajay-dm-testing/regions/us-east1/instanceGroupManagers/mig-group-region-a-mig"
+    instance_group                   = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-east1/instanceGroups/mig-group-region-a-mig"
+    instance_group_manager_id        = 386300876517591800
+    list_managed_instances_results   = "PAGELESS"
+    name                             = "mig-group-region-a-mig"
+    project                          = "ajay-dm-testing"
+    region                           = "us-east1"
+    self_link                        = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-east1/instanceGroupManagers/mig-group-region-a-mig"
+    status                           = [
+        {
+            all_instances_config = [
+                {
+                    current_revision = "2025-04-02T17:30:03.727937Z"
+                    effective        = true
+                },
+            ]
+            is_stable            = false
+            stateful             = [
+                {
+                    has_stateful_config  = false
+                    per_instance_configs = [
+                        {
+                            all_effective = true
+                        },
+                    ]
+                },
+            ]
+            version_target       = [
+                {
+                    is_reached = true
+                },
+            ]
+        },
+    ]
+    target_size                      = 2
+    target_stopped_size              = 0
+    target_suspended_size            = 0
+    wait_for_instances               = false
+    wait_for_instances_status        = "STABLE"
+
+    all_instances_config {}
+
+    instance_lifecycle_policy {
+        default_action_on_failure = "REPAIR"
+        force_update_on_repair    = "NO"
+        on_failed_health_check    = "DEFAULT_ACTION"
+    }
+
+    named_port {
+        name = "http"
+        port = 80
+    }
+
+    standby_policy {
+        initial_delay_sec = 0
+        mode              = "MANUAL"
+    }
+
+    timeouts {
+        create = "5m"
+        delete = "15m"
+        update = "5m"
+    }
+
+    update_policy {
+        instance_redistribution_type = "PROACTIVE"
+        max_surge_fixed              = 3
+        max_surge_percent            = 0
+        max_unavailable_fixed        = 3
+        max_unavailable_percent      = 0
+        min_ready_sec                = 0
+        minimal_action               = "REPLACE"
+        replacement_method           = "SUBSTITUTE"
+        type                         = "OPPORTUNISTIC"
+    }
+
+    version {
+        instance_template = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-a-20250402172959064200000001"
+        name              = "mig-group-region-a-mig-version-0"
+    }
+}
+
+
+# module.mig-region-b.data.google_compute_zones.available:
+data "google_compute_zones" "available" {
+    id      = "projects/ajay-dm-testing/regions/us-central1"
+    names   = [
+        "us-central1-a",
+        "us-central1-b",
+        "us-central1-c",
+        "us-central1-f",
+    ]
+    project = "ajay-dm-testing"
+    region  = "us-central1"
+}
+
+# module.mig-region-b.google_compute_region_instance_group_manager.mig:
+resource "google_compute_region_instance_group_manager" "mig" {
+    base_instance_name               = "mig-group-region-b"
+    creation_timestamp               = "2025-04-02T10:30:03.567-07:00"
+    distribution_policy_target_shape = "EVEN"
+    distribution_policy_zones        = [
+        "us-central1-a",
+        "us-central1-b",
+        "us-central1-c",
+        "us-central1-f",
+    ]
+    fingerprint                      = "sCIe3IZSe5c="
+    id                               = "projects/ajay-dm-testing/regions/us-central1/instanceGroupManagers/mig-group-region-b-mig"
+    instance_group                   = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-central1/instanceGroups/mig-group-region-b-mig"
+    instance_group_manager_id        = 5684760493516967000
+    list_managed_instances_results   = "PAGELESS"
+    name                             = "mig-group-region-b-mig"
+    project                          = "ajay-dm-testing"
+    region                           = "us-central1"
+    self_link                        = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-central1/instanceGroupManagers/mig-group-region-b-mig"
+    status                           = [
+        {
+            all_instances_config = [
+                {
+                    current_revision = "2025-04-02T17:30:03.569800Z"
+                    effective        = true
+                },
+            ]
+            is_stable            = false
+            stateful             = [
+                {
+                    has_stateful_config  = false
+                    per_instance_configs = [
+                        {
+                            all_effective = true
+                        },
+                    ]
+                },
+            ]
+            version_target       = [
+                {
+                    is_reached = true
+                },
+            ]
+        },
+    ]
+    target_size                      = 2
+    target_stopped_size              = 0
+    target_suspended_size            = 0
+    wait_for_instances               = false
+    wait_for_instances_status        = "STABLE"
+
+    all_instances_config {}
+
+    instance_lifecycle_policy {
+        default_action_on_failure = "REPAIR"
+        force_update_on_repair    = "NO"
+        on_failed_health_check    = "DEFAULT_ACTION"
+    }
+
+    named_port {
+        name = "http"
+        port = 80
+    }
+
+    standby_policy {
+        initial_delay_sec = 0
+        mode              = "MANUAL"
+    }
+
+    timeouts {
+        create = "5m"
+        delete = "15m"
+        update = "5m"
+    }
+
+    update_policy {
+        instance_redistribution_type = "PROACTIVE"
+        max_surge_fixed              = 4
+        max_surge_percent            = 0
+        max_unavailable_fixed        = 4
+        max_unavailable_percent      = 0
+        min_ready_sec                = 0
+        minimal_action               = "REPLACE"
+        replacement_method           = "SUBSTITUTE"
+        type                         = "OPPORTUNISTIC"
+    }
+
+    version {
+        instance_template = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-b-20250402172959791800000002"
+        name              = "mig-group-region-b-mig-version-0"
+    }
+}
+
+
+Outputs:
+
+external_cloudrun_uris = [
+    "https://fs-a-e6hvzdnvtq-ue.a.run.app",
+    "https://fs-b-e6hvzdnvtq-ue.a.run.app",
+]
diff --git a/examples/internal-lb-gce-mig/variables.tf b/examples/internal-lb-gce-mig/variables.tf
new file mode 100644
index 00000000..419e3a19
--- /dev/null
+++ b/examples/internal-lb-gce-mig/variables.tf
@@ -0,0 +1,19 @@
+/**
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "project_id" {
+  type = string
+}
diff --git a/metadata.yaml b/metadata.yaml
index 0136fc72..ddf68ac9 100644
--- a/metadata.yaml
+++ b/metadata.yaml
@@ -60,6 +60,8 @@ spec:
         location: examples/https-redirect
       - name: internal-lb-cloud-run
         location: examples/internal-lb-cloud-run
+      - name: internal-lb-gce-mig
+        location: examples/internal-lb-gce-mig
       - name: lb-http-separate-frontend-and-backend
         location: examples/lb-http-separate-frontend-and-backend
       - name: mig-nat-http-lb
diff --git a/modules/dynamic_backends/metadata.yaml b/modules/dynamic_backends/metadata.yaml
index 6106d47b..58de844d 100644
--- a/modules/dynamic_backends/metadata.yaml
+++ b/modules/dynamic_backends/metadata.yaml
@@ -52,6 +52,8 @@ spec:
         location: examples/https-redirect
       - name: internal-lb-cloud-run
         location: examples/internal-lb-cloud-run
+      - name: internal-lb-gce-mig
+        location: examples/internal-lb-gce-mig
       - name: lb-http-separate-frontend-and-backend
         location: examples/lb-http-separate-frontend-and-backend
       - name: mig-nat-http-lb
diff --git a/modules/frontend/metadata.yaml b/modules/frontend/metadata.yaml
index 1abd52e4..696513ec 100644
--- a/modules/frontend/metadata.yaml
+++ b/modules/frontend/metadata.yaml
@@ -52,6 +52,8 @@ spec:
         location: examples/https-redirect
       - name: internal-lb-cloud-run
         location: examples/internal-lb-cloud-run
+      - name: internal-lb-gce-mig
+        location: examples/internal-lb-gce-mig
       - name: lb-http-separate-frontend-and-backend
         location: examples/lb-http-separate-frontend-and-backend
       - name: mig-nat-http-lb
diff --git a/modules/serverless_negs/metadata.yaml b/modules/serverless_negs/metadata.yaml
index 6617e3c5..68d6007f 100644
--- a/modules/serverless_negs/metadata.yaml
+++ b/modules/serverless_negs/metadata.yaml
@@ -52,6 +52,8 @@ spec:
         location: examples/https-redirect
       - name: internal-lb-cloud-run
         location: examples/internal-lb-cloud-run
+      - name: internal-lb-gce-mig
+        location: examples/internal-lb-gce-mig
       - name: lb-http-separate-frontend-and-backend
         location: examples/lb-http-separate-frontend-and-backend
       - name: mig-nat-http-lb
diff --git a/test/integration/internal-lb-gce-mig/internal_lb_gce_mig_test.go b/test/integration/internal-lb-gce-mig/internal_lb_gce_mig_test.go
new file mode 100644
index 00000000..adb5f840
--- /dev/null
+++ b/test/integration/internal-lb-gce-mig/internal_lb_gce_mig_test.go
@@ -0,0 +1,47 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package internal_lb_gce_mig
+
+import (
+	"testing"
+
+	"net/http"
+
+	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/tft"
+	"github.com/GoogleCloudPlatform/cloud-foundation-toolkit/infra/blueprint-test/pkg/utils"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestInternalLbGCEMIG(t *testing.T) {
+	bpt := tft.NewTFBlueprintTest(t)
+
+	bpt.DefineVerify(func(assert *assert.Assertions) {
+		bpt.DefaultVerify(assert)
+
+		cloudRunURIs := bpt.GetStringOutputList("external_cloudrun_uris")
+
+		assertHttp := utils.NewAssertHTTP()
+
+		for _, uri := range cloudRunURIs {
+			httpRequest, err := http.NewRequest("GET", uri, nil)
+			if err != nil {
+				t.Fatalf("Failed to create HTTP request for %s: %v", uri, err)
+			}
+			assertHttp.AssertResponse(t, httpRequest, http.StatusOK)
+		}
+	})
+
+	bpt.Test()
+}

From 887dbe026d8f01c8d47010c3a020d970f08d4102 Mon Sep 17 00:00:00 2001
From: pawan1210 <pawansaggu@google.com>
Date: Thu, 3 Apr 2025 16:49:04 +0000
Subject: [PATCH 3/6] fix: added service_name to the serverless_neg resource
 name

---
 modules/backend/main.tf      | 4 ++--
 modules/backend/variables.tf | 5 +++++
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/modules/backend/main.tf b/modules/backend/main.tf
index 5294ebcd..bbae368b 100644
--- a/modules/backend/main.tf
+++ b/modules/backend/main.tf
@@ -61,7 +61,7 @@ resource "google_compute_backend_service" "default" {
   dynamic "backend" {
     for_each = toset(var.serverless_neg_backends)
     content {
-      group = google_compute_region_network_endpoint_group.serverless_negs["neg-${var.name}-${backend.value.region}"].id
+      group = google_compute_region_network_endpoint_group.serverless_negs["neg-${var.name}-${backend.value.service_name}-${backend.value.region}"].id
     }
   }
 
@@ -157,7 +157,7 @@ resource "google_compute_backend_service" "default" {
 
 resource "google_compute_region_network_endpoint_group" "serverless_negs" {
   for_each = { for serverless_neg_backend in var.serverless_neg_backends :
-  "neg-${var.name}-${serverless_neg_backend.region}" => serverless_neg_backend }
+  "neg-${var.name}-${serverless_neg_backend.service_name}-${serverless_neg_backend.region}" => serverless_neg_backend }
 
 
   provider              = google-beta
diff --git a/modules/backend/variables.tf b/modules/backend/variables.tf
index 4dd4edf2..2c8c110e 100644
--- a/modules/backend/variables.tf
+++ b/modules/backend/variables.tf
@@ -140,6 +140,11 @@ variable "serverless_neg_backends" {
     service_version = optional(string)
   }))
   default = []
+
+  validation {
+    condition     = length(distinct([for backend in var.serverless_neg_backends : backend.region])) == length(var.serverless_neg_backends)
+    error_message = "The 'region' within each 'serverless_neg_backends' block must be unique."
+  }
 }
 
 variable "iap_config" {

From eb3f104f94e66b6576382259a4b1b189f75cb0de Mon Sep 17 00:00:00 2001
From: pawan1210 <pawansaggu@google.com>
Date: Mon, 14 Apr 2025 07:35:46 +0000
Subject: [PATCH 4/6] chore: removed redundant file

---
 examples/internal-lb-gce-mig/show.txt | 1069 -------------------------
 1 file changed, 1069 deletions(-)
 delete mode 100644 examples/internal-lb-gce-mig/show.txt

diff --git a/examples/internal-lb-gce-mig/show.txt b/examples/internal-lb-gce-mig/show.txt
deleted file mode 100644
index 6e5bdd01..00000000
--- a/examples/internal-lb-gce-mig/show.txt
+++ /dev/null
@@ -1,1069 +0,0 @@
-# google_vpc_access_connector.internal_lb_vpc_connector:
-resource "google_vpc_access_connector" "internal_lb_vpc_connector" {
-    connected_projects = []
-    id                 = "projects/ajay-dm-testing/locations/us-east1/connectors/int-lb-vpc-connector"
-    ip_cidr_range      = "10.8.0.0/28"
-    machine_type       = "e2-micro"
-    max_instances      = 5
-    max_throughput     = 500
-    min_instances      = 3
-    min_throughput     = 300
-    name               = "int-lb-vpc-connector"
-    network            = "int-lb-network"
-    project            = "ajay-dm-testing"
-    region             = "us-east1"
-    self_link          = "projects/ajay-dm-testing/locations/us-east1/connectors/int-lb-vpc-connector"
-    state              = "READY"
-}
-
-
-# module.frontend-service-a.google_cloud_run_v2_service.main:
-resource "google_cloud_run_v2_service" "main" {
-    conditions              = [
-        {
-            execution_reason     = ""
-            last_transition_time = "2025-04-02T17:33:07.072752Z"
-            message              = ""
-            reason               = ""
-            revision_reason      = ""
-            severity             = ""
-            state                = "CONDITION_SUCCEEDED"
-            type                 = "RoutesReady"
-        },
-        {
-            execution_reason     = ""
-            last_transition_time = "2025-04-02T17:33:05.863895Z"
-            message              = ""
-            reason               = ""
-            revision_reason      = ""
-            severity             = ""
-            state                = "CONDITION_SUCCEEDED"
-            type                 = "ConfigurationsReady"
-        },
-    ]
-    create_time             = "2025-04-02T17:32:52.414439Z"
-    creator                 = "pawansaggu@google.com"
-    default_uri_disabled    = false
-    deletion_protection     = false
-    effective_annotations   = {}
-    effective_labels        = {
-        "goog-terraform-provisioned" = "true"
-    }
-    etag                    = "\"CMTptb8GENisz8UB/cHJvamVjdHMvYWpheS1kbS10ZXN0aW5nL2xvY2F0aW9ucy91cy1lYXN0MS9zZXJ2aWNlcy9mcy1h\""
-    generation              = "1"
-    id                      = "projects/ajay-dm-testing/locations/us-east1/services/fs-a"
-    ingress                 = "INGRESS_TRAFFIC_ALL"
-    invoker_iam_disabled    = false
-    last_modifier           = "pawansaggu@google.com"
-    latest_created_revision = "projects/ajay-dm-testing/locations/us-east1/services/fs-a/revisions/fs-a-00001-v6z"
-    latest_ready_revision   = "projects/ajay-dm-testing/locations/us-east1/services/fs-a/revisions/fs-a-00001-v6z"
-    launch_stage            = "GA"
-    location                = "us-east1"
-    name                    = "fs-a"
-    observed_generation     = "1"
-    project                 = "ajay-dm-testing"
-    reconciling             = false
-    terminal_condition      = [
-        {
-            execution_reason     = ""
-            last_transition_time = "2025-04-02T17:33:07.105575Z"
-            message              = ""
-            reason               = ""
-            revision_reason      = ""
-            severity             = ""
-            state                = "CONDITION_SUCCEEDED"
-            type                 = "Ready"
-        },
-    ]
-    terraform_labels        = {
-        "goog-terraform-provisioned" = "true"
-    }
-    traffic_statuses        = [
-        {
-            percent  = 100
-            revision = ""
-            tag      = ""
-            type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
-            uri      = ""
-        },
-    ]
-    uid                     = "95940286-d124-423b-817d-4d6d56eee679"
-    update_time             = "2025-04-02T17:32:52.414439Z"
-    uri                     = "https://fs-a-e6hvzdnvtq-ue.a.run.app"
-    urls                    = [
-        "https://fs-a-1016840587463.us-east1.run.app",
-        "https://fs-a-e6hvzdnvtq-ue.a.run.app",
-    ]
-
-    template {
-        execution_environment            = "EXECUTION_ENVIRONMENT_GEN2"
-        gpu_zonal_redundancy_disabled    = false
-        max_instance_request_concurrency = 80
-        service_account                  = "fs-a-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
-        session_affinity                 = false
-        timeout                          = "300s"
-
-        containers {
-            build_info = []
-            image      = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002"
-
-            env {
-                name  = "TARGET_IP"
-                value = "10.1.3.4"
-            }
-
-            ports {
-                container_port = 80
-                name           = "http1"
-            }
-
-            resources {
-                cpu_idle          = true
-                limits            = {
-                    "cpu"    = "1000m"
-                    "memory" = "512Mi"
-                }
-                startup_cpu_boost = false
-            }
-
-            startup_probe {
-                failure_threshold     = 1
-                initial_delay_seconds = 0
-                period_seconds        = 240
-                timeout_seconds       = 240
-
-                tcp_socket {
-                    port = 80
-                }
-            }
-        }
-
-        scaling {
-            max_instance_count = 100
-            min_instance_count = 0
-        }
-
-        vpc_access {
-            connector = "projects/ajay-dm-testing/locations/us-east1/connectors/int-lb-vpc-connector"
-            egress    = "ALL_TRAFFIC"
-        }
-    }
-
-    traffic {
-        percent = 100
-        type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
-    }
-}
-
-# module.frontend-service-a.google_cloud_run_v2_service_iam_member.authorize["allUsers"]:
-resource "google_cloud_run_v2_service_iam_member" "authorize" {
-    etag     = "BwYxzwyHpXg="
-    id       = "projects/ajay-dm-testing/locations/us-east1/services/fs-a/roles/run.invoker/allUsers"
-    location = "us-east1"
-    member   = "allUsers"
-    name     = "projects/ajay-dm-testing/locations/us-east1/services/fs-a"
-    project  = "ajay-dm-testing"
-    role     = "roles/run.invoker"
-}
-
-# module.frontend-service-a.google_service_account.sa[0]:
-resource "google_service_account" "sa" {
-    account_id   = "fs-a-us-east1-sa"
-    disabled     = false
-    display_name = "Service account for fs-a in us-east1"
-    email        = "fs-a-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
-    id           = "projects/ajay-dm-testing/serviceAccounts/fs-a-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
-    member       = "serviceAccount:fs-a-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
-    name         = "projects/ajay-dm-testing/serviceAccounts/fs-a-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
-    project      = "ajay-dm-testing"
-    unique_id    = "110495645426254899844"
-}
-
-
-# module.frontend-service-b.google_cloud_run_v2_service.main:
-resource "google_cloud_run_v2_service" "main" {
-    conditions              = [
-        {
-            execution_reason     = ""
-            last_transition_time = "2025-04-02T17:33:07.058716Z"
-            message              = ""
-            reason               = ""
-            revision_reason      = ""
-            severity             = ""
-            state                = "CONDITION_SUCCEEDED"
-            type                 = "RoutesReady"
-        },
-        {
-            execution_reason     = ""
-            last_transition_time = "2025-04-02T17:33:05.854591Z"
-            message              = ""
-            reason               = ""
-            revision_reason      = ""
-            severity             = ""
-            state                = "CONDITION_SUCCEEDED"
-            type                 = "ConfigurationsReady"
-        },
-    ]
-    create_time             = "2025-04-02T17:32:52.366619Z"
-    creator                 = "pawansaggu@google.com"
-    default_uri_disabled    = false
-    deletion_protection     = false
-    effective_annotations   = {}
-    effective_labels        = {
-        "goog-terraform-provisioned" = "true"
-    }
-    etag                    = "\"CMTptb8GEPjS6K4B/cHJvamVjdHMvYWpheS1kbS10ZXN0aW5nL2xvY2F0aW9ucy91cy1lYXN0MS9zZXJ2aWNlcy9mcy1i\""
-    generation              = "1"
-    id                      = "projects/ajay-dm-testing/locations/us-east1/services/fs-b"
-    ingress                 = "INGRESS_TRAFFIC_ALL"
-    invoker_iam_disabled    = false
-    last_modifier           = "pawansaggu@google.com"
-    latest_created_revision = "projects/ajay-dm-testing/locations/us-east1/services/fs-b/revisions/fs-b-00001-24l"
-    latest_ready_revision   = "projects/ajay-dm-testing/locations/us-east1/services/fs-b/revisions/fs-b-00001-24l"
-    launch_stage            = "GA"
-    location                = "us-east1"
-    name                    = "fs-b"
-    observed_generation     = "1"
-    project                 = "ajay-dm-testing"
-    reconciling             = false
-    terminal_condition      = [
-        {
-            execution_reason     = ""
-            last_transition_time = "2025-04-02T17:33:07.100090Z"
-            message              = ""
-            reason               = ""
-            revision_reason      = ""
-            severity             = ""
-            state                = "CONDITION_SUCCEEDED"
-            type                 = "Ready"
-        },
-    ]
-    terraform_labels        = {
-        "goog-terraform-provisioned" = "true"
-    }
-    traffic_statuses        = [
-        {
-            percent  = 100
-            revision = ""
-            tag      = ""
-            type     = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
-            uri      = ""
-        },
-    ]
-    uid                     = "d8e32756-0100-401f-ae81-cd5de39a5ddf"
-    update_time             = "2025-04-02T17:32:52.366619Z"
-    uri                     = "https://fs-b-e6hvzdnvtq-ue.a.run.app"
-    urls                    = [
-        "https://fs-b-1016840587463.us-east1.run.app",
-        "https://fs-b-e6hvzdnvtq-ue.a.run.app",
-    ]
-
-    template {
-        execution_environment            = "EXECUTION_ENVIRONMENT_GEN2"
-        gpu_zonal_redundancy_disabled    = false
-        max_instance_request_concurrency = 80
-        service_account                  = "fs-b-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
-        session_affinity                 = false
-        timeout                          = "300s"
-
-        containers {
-            build_info = []
-            image      = "gcr.io/design-center-container-repo/redirect-traffic:latest-2002"
-
-            env {
-                name  = "TARGET_IP"
-                value = "10.1.2.4"
-            }
-
-            ports {
-                container_port = 80
-                name           = "http1"
-            }
-
-            resources {
-                cpu_idle          = true
-                limits            = {
-                    "cpu"    = "1000m"
-                    "memory" = "512Mi"
-                }
-                startup_cpu_boost = false
-            }
-
-            startup_probe {
-                failure_threshold     = 1
-                initial_delay_seconds = 0
-                period_seconds        = 240
-                timeout_seconds       = 240
-
-                tcp_socket {
-                    port = 80
-                }
-            }
-        }
-
-        scaling {
-            max_instance_count = 100
-            min_instance_count = 0
-        }
-
-        vpc_access {
-            connector = "projects/ajay-dm-testing/locations/us-east1/connectors/int-lb-vpc-connector"
-            egress    = "ALL_TRAFFIC"
-        }
-    }
-
-    traffic {
-        percent = 100
-        type    = "TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST"
-    }
-}
-
-# module.frontend-service-b.google_cloud_run_v2_service_iam_member.authorize["allUsers"]:
-resource "google_cloud_run_v2_service_iam_member" "authorize" {
-    etag     = "BwYxzwyFhWM="
-    id       = "projects/ajay-dm-testing/locations/us-east1/services/fs-b/roles/run.invoker/allUsers"
-    location = "us-east1"
-    member   = "allUsers"
-    name     = "projects/ajay-dm-testing/locations/us-east1/services/fs-b"
-    project  = "ajay-dm-testing"
-    role     = "roles/run.invoker"
-}
-
-# module.frontend-service-b.google_service_account.sa[0]:
-resource "google_service_account" "sa" {
-    account_id   = "fs-b-us-east1-sa"
-    disabled     = false
-    display_name = "Service account for fs-b in us-east1"
-    email        = "fs-b-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
-    id           = "projects/ajay-dm-testing/serviceAccounts/fs-b-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
-    member       = "serviceAccount:fs-b-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
-    name         = "projects/ajay-dm-testing/serviceAccounts/fs-b-us-east1-sa@ajay-dm-testing.iam.gserviceaccount.com"
-    project      = "ajay-dm-testing"
-    unique_id    = "112453066558953501153"
-}
-
-
-# module.instance-template-region-a.google_compute_instance_template.tpl:
-resource "google_compute_instance_template" "tpl" {
-    can_ip_forward          = false
-    creation_timestamp      = "2025-04-02T10:29:59.924-07:00"
-    effective_labels        = {
-        "goog-terraform-provisioned" = "true"
-    }
-    id                      = "projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-a-20250402172959064200000001"
-    machine_type            = "n1-standard-1"
-    metadata_fingerprint    = "1xFNrMnFqhA="
-    metadata_startup_script = <<-EOT
-        #! /bin/bash
-            sudo apt-get update
-            sudo apt-get install apache2 -y
-            sudo a2ensite default-ssl
-            sudo a2enmod ssl
-            vm_hostname="$(curl -H "Metadata-Flavor:Google" \
-            http://169.254.169.254/computeMetadata/v1/instance/name)"
-            sudo echo "Page served from: $vm_hostname" | \
-            tee /var/www/html/index.html
-            sudo systemctl restart apache2
-    EOT
-    name                    = "instance-template-region-a-20250402172959064200000001"
-    name_prefix             = "instance-template-region-a-"
-    project                 = "ajay-dm-testing"
-    region                  = "us-east1"
-    resource_policies       = []
-    self_link               = "https://www.googleapis.com/compute/beta/projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-a-20250402172959064200000001"
-    self_link_unique        = "https://www.googleapis.com/compute/beta/projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-a-20250402172959064200000001?uniqueId=6627423111098714872"
-    tags                    = [
-        "load-balanced-backend",
-    ]
-    terraform_labels        = {
-        "goog-terraform-provisioned" = "true"
-    }
-
-    advanced_machine_features {
-        enable_nested_virtualization = false
-        enable_uefi_networking       = false
-        threads_per_core             = 0
-        visible_core_count           = 0
-    }
-
-    confidential_instance_config {
-        enable_confidential_compute = false
-    }
-
-    disk {
-        auto_delete            = true
-        boot                   = true
-        device_name            = "persistent-disk-0"
-        disk_size_gb           = 100
-        disk_type              = "pd-standard"
-        interface              = "SCSI"
-        mode                   = "READ_WRITE"
-        provisioned_iops       = 0
-        provisioned_throughput = 0
-        resource_policies      = []
-        source_image           = "projects/debian-cloud/global/images/family/debian-12"
-        type                   = "PERSISTENT"
-    }
-
-    network_interface {
-        internal_ipv6_prefix_length = 0
-        name                        = "nic0"
-        network                     = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
-        queue_count                 = 0
-        subnetwork                  = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-east1/subnetworks/int-lb-subnet-a"
-        subnetwork_project          = "ajay-dm-testing"
-
-        access_config {
-            network_tier = "PREMIUM"
-        }
-    }
-
-    network_performance_config {
-        total_egress_bandwidth_tier = "DEFAULT"
-    }
-
-    scheduling {
-        automatic_restart          = true
-        availability_domain        = 0
-        host_error_timeout_seconds = 0
-        min_node_cpus              = 0
-        on_host_maintenance        = "MIGRATE"
-        preemptible                = false
-        provisioning_model         = "STANDARD"
-    }
-
-    service_account {
-        email  = "instance-template-region-a--sa@ajay-dm-testing.iam.gserviceaccount.com"
-        scopes = [
-            "https://www.googleapis.com/auth/cloud-platform",
-        ]
-    }
-}
-
-# module.instance-template-region-a.google_service_account.sa[0]:
-resource "google_service_account" "sa" {
-    account_id   = "instance-template-region-a--sa"
-    disabled     = false
-    display_name = "Service account for instance-template-region-a in us-east1"
-    email        = "instance-template-region-a--sa@ajay-dm-testing.iam.gserviceaccount.com"
-    id           = "projects/ajay-dm-testing/serviceAccounts/instance-template-region-a--sa@ajay-dm-testing.iam.gserviceaccount.com"
-    member       = "serviceAccount:instance-template-region-a--sa@ajay-dm-testing.iam.gserviceaccount.com"
-    name         = "projects/ajay-dm-testing/serviceAccounts/instance-template-region-a--sa@ajay-dm-testing.iam.gserviceaccount.com"
-    project      = "ajay-dm-testing"
-    unique_id    = "107582880543508748347"
-}
-
-
-# module.instance-template-region-b.google_compute_instance_template.tpl:
-resource "google_compute_instance_template" "tpl" {
-    can_ip_forward          = false
-    creation_timestamp      = "2025-04-02T10:30:00.325-07:00"
-    effective_labels        = {
-        "goog-terraform-provisioned" = "true"
-    }
-    id                      = "projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-b-20250402172959791800000002"
-    machine_type            = "n1-standard-1"
-    metadata_fingerprint    = "1xFNrMnFqhA="
-    metadata_startup_script = <<-EOT
-        #! /bin/bash
-            sudo apt-get update
-            sudo apt-get install apache2 -y
-            sudo a2ensite default-ssl
-            sudo a2enmod ssl
-            vm_hostname="$(curl -H "Metadata-Flavor:Google" \
-            http://169.254.169.254/computeMetadata/v1/instance/name)"
-            sudo echo "Page served from: $vm_hostname" | \
-            tee /var/www/html/index.html
-            sudo systemctl restart apache2
-    EOT
-    name                    = "instance-template-region-b-20250402172959791800000002"
-    name_prefix             = "instance-template-region-b-"
-    project                 = "ajay-dm-testing"
-    region                  = "us-central1"
-    resource_policies       = []
-    self_link               = "https://www.googleapis.com/compute/beta/projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-b-20250402172959791800000002"
-    self_link_unique        = "https://www.googleapis.com/compute/beta/projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-b-20250402172959791800000002?uniqueId=5819980572394572536"
-    tags                    = [
-        "load-balanced-backend",
-    ]
-    terraform_labels        = {
-        "goog-terraform-provisioned" = "true"
-    }
-
-    advanced_machine_features {
-        enable_nested_virtualization = false
-        enable_uefi_networking       = false
-        threads_per_core             = 0
-        visible_core_count           = 0
-    }
-
-    confidential_instance_config {
-        enable_confidential_compute = false
-    }
-
-    disk {
-        auto_delete            = true
-        boot                   = true
-        device_name            = "persistent-disk-0"
-        disk_size_gb           = 100
-        disk_type              = "pd-standard"
-        interface              = "SCSI"
-        mode                   = "READ_WRITE"
-        provisioned_iops       = 0
-        provisioned_throughput = 0
-        resource_policies      = []
-        source_image           = "projects/debian-cloud/global/images/family/debian-12"
-        type                   = "PERSISTENT"
-    }
-
-    network_interface {
-        internal_ipv6_prefix_length = 0
-        name                        = "nic0"
-        network                     = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
-        queue_count                 = 0
-        subnetwork                  = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-central1/subnetworks/int-lb-subnet-b"
-        subnetwork_project          = "ajay-dm-testing"
-
-        access_config {
-            network_tier = "PREMIUM"
-        }
-    }
-
-    network_performance_config {
-        total_egress_bandwidth_tier = "DEFAULT"
-    }
-
-    scheduling {
-        automatic_restart          = true
-        availability_domain        = 0
-        host_error_timeout_seconds = 0
-        min_node_cpus              = 0
-        on_host_maintenance        = "MIGRATE"
-        preemptible                = false
-        provisioning_model         = "STANDARD"
-    }
-
-    service_account {
-        email  = "instance-template-region-b--sa@ajay-dm-testing.iam.gserviceaccount.com"
-        scopes = [
-            "https://www.googleapis.com/auth/cloud-platform",
-        ]
-    }
-}
-
-# module.instance-template-region-b.google_service_account.sa[0]:
-resource "google_service_account" "sa" {
-    account_id   = "instance-template-region-b--sa"
-    disabled     = false
-    display_name = "Service account for instance-template-region-b in us-central1"
-    email        = "instance-template-region-b--sa@ajay-dm-testing.iam.gserviceaccount.com"
-    id           = "projects/ajay-dm-testing/serviceAccounts/instance-template-region-b--sa@ajay-dm-testing.iam.gserviceaccount.com"
-    member       = "serviceAccount:instance-template-region-b--sa@ajay-dm-testing.iam.gserviceaccount.com"
-    name         = "projects/ajay-dm-testing/serviceAccounts/instance-template-region-b--sa@ajay-dm-testing.iam.gserviceaccount.com"
-    project      = "ajay-dm-testing"
-    unique_id    = "114696083560990847295"
-}
-
-
-# module.internal-lb-http-backend.google_compute_backend_service.default:
-resource "google_compute_backend_service" "default" {
-    affinity_cookie_ttl_sec         = 0
-    connection_draining_timeout_sec = 300
-    creation_timestamp              = "2025-04-02T10:30:29.225-07:00"
-    enable_cdn                      = false
-    fingerprint                     = "PTeruO4ktmY="
-    generated_id                    = 6559375444557221000
-    health_checks                   = [
-        "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/healthChecks/int-lb-http-backend-hc",
-    ]
-    id                              = "projects/ajay-dm-testing/global/backendServices/int-lb-http-backend"
-    load_balancing_scheme           = "INTERNAL_MANAGED"
-    name                            = "int-lb-http-backend"
-    port_name                       = "http"
-    project                         = "ajay-dm-testing"
-    protocol                        = "HTTP"
-    self_link                       = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/backendServices/int-lb-http-backend"
-    session_affinity                = "NONE"
-    timeout_sec                     = 30
-
-    backend {
-        balancing_mode               = "UTILIZATION"
-        capacity_scaler              = 1
-        group                        = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-central1/instanceGroups/mig-group-region-b-mig"
-        max_connections              = 0
-        max_connections_per_endpoint = 0
-        max_connections_per_instance = 0
-        max_rate                     = 0
-        max_rate_per_endpoint        = 0
-        max_rate_per_instance        = 0
-        max_utilization              = 0
-    }
-    backend {
-        balancing_mode               = "UTILIZATION"
-        capacity_scaler              = 1
-        group                        = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-east1/instanceGroups/mig-group-region-a-mig"
-        max_connections              = 0
-        max_connections_per_endpoint = 0
-        max_connections_per_instance = 0
-        max_rate                     = 0
-        max_rate_per_endpoint        = 0
-        max_rate_per_instance        = 0
-        max_utilization              = 0
-    }
-
-    log_config {
-        enable      = true
-        sample_rate = 1
-    }
-}
-
-# module.internal-lb-http-backend.google_compute_firewall.default-hc[0]:
-resource "google_compute_firewall" "default-hc" {
-    creation_timestamp = "2025-04-02T10:29:44.244-07:00"
-    destination_ranges = []
-    direction          = "INGRESS"
-    disabled           = false
-    id                 = "projects/ajay-dm-testing/global/firewalls/int-lb-http-backend-hc-0"
-    name               = "int-lb-http-backend-hc-0"
-    network            = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
-    priority           = 1000
-    project            = "ajay-dm-testing"
-    self_link          = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/firewalls/int-lb-http-backend-hc-0"
-    source_ranges      = [
-        "130.211.0.0/22",
-        "35.191.0.0/16",
-    ]
-    target_tags        = [
-        "load-balanced-backend",
-    ]
-
-    allow {
-        ports    = []
-        protocol = "tcp"
-    }
-}
-
-# module.internal-lb-http-backend.google_compute_health_check.default[0]:
-resource "google_compute_health_check" "default" {
-    check_interval_sec  = 5
-    creation_timestamp  = "2025-04-02T10:29:21.962-07:00"
-    healthy_threshold   = 2
-    id                  = "projects/ajay-dm-testing/global/healthChecks/int-lb-http-backend-hc"
-    name                = "int-lb-http-backend-hc"
-    project             = "ajay-dm-testing"
-    self_link           = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/healthChecks/int-lb-http-backend-hc"
-    timeout_sec         = 5
-    type                = "HTTP"
-    unhealthy_threshold = 2
-
-    http_health_check {
-        port               = 0
-        port_specification = "USE_SERVING_PORT"
-        proxy_header       = "NONE"
-        request_path       = "/"
-    }
-
-    log_config {
-        enable = false
-    }
-}
-
-
-# module.internal-lb-http-frontend.google_compute_global_forwarding_rule.internal_managed_http["us-central1"]:
-resource "google_compute_global_forwarding_rule" "internal_managed_http" {
-    allow_psc_global_access = false
-    effective_labels        = {}
-    forwarding_rule_id      = 29000262240750200
-    id                      = "projects/ajay-dm-testing/global/forwardingRules/int-lb-http-frontend-internal-managed-http-us-central1"
-    ip_address              = "10.1.3.4"
-    ip_protocol             = "TCP"
-    label_fingerprint       = "42WmSpB8rSM="
-    load_balancing_scheme   = "INTERNAL_MANAGED"
-    name                    = "int-lb-http-frontend-internal-managed-http-us-central1"
-    network                 = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
-    network_tier            = "PREMIUM"
-    port_range              = "80-80"
-    project                 = "ajay-dm-testing"
-    self_link               = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/forwardingRules/int-lb-http-frontend-internal-managed-http-us-central1"
-    subnetwork              = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-central1/subnetworks/int-lb-subnet-b"
-    target                  = "https://www.googleapis.com/compute/beta/projects/ajay-dm-testing/global/targetHttpProxies/int-lb-http-frontend-http-proxy"
-    terraform_labels        = {}
-}
-
-# module.internal-lb-http-frontend.google_compute_global_forwarding_rule.internal_managed_http["us-east1"]:
-resource "google_compute_global_forwarding_rule" "internal_managed_http" {
-    allow_psc_global_access = false
-    effective_labels        = {}
-    forwarding_rule_id      = 5556395066479660000
-    id                      = "projects/ajay-dm-testing/global/forwardingRules/int-lb-http-frontend-internal-managed-http-us-east1"
-    ip_address              = "10.1.2.4"
-    ip_protocol             = "TCP"
-    label_fingerprint       = "42WmSpB8rSM="
-    load_balancing_scheme   = "INTERNAL_MANAGED"
-    name                    = "int-lb-http-frontend-internal-managed-http-us-east1"
-    network                 = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
-    network_tier            = "PREMIUM"
-    port_range              = "80-80"
-    project                 = "ajay-dm-testing"
-    self_link               = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/forwardingRules/int-lb-http-frontend-internal-managed-http-us-east1"
-    subnetwork              = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-east1/subnetworks/int-lb-subnet-a"
-    target                  = "https://www.googleapis.com/compute/beta/projects/ajay-dm-testing/global/targetHttpProxies/int-lb-http-frontend-http-proxy"
-    terraform_labels        = {}
-}
-
-# module.internal-lb-http-frontend.google_compute_target_http_proxy.default[0]:
-resource "google_compute_target_http_proxy" "default" {
-    creation_timestamp          = "2025-04-02T10:31:55.439-07:00"
-    http_keep_alive_timeout_sec = 0
-    id                          = "projects/ajay-dm-testing/global/targetHttpProxies/int-lb-http-frontend-http-proxy"
-    name                        = "int-lb-http-frontend-http-proxy"
-    project                     = "ajay-dm-testing"
-    proxy_bind                  = false
-    proxy_id                    = 3660876778706094600
-    self_link                   = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/targetHttpProxies/int-lb-http-frontend-http-proxy"
-    url_map                     = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/urlMaps/int-lb-http-frontend-url-map"
-}
-
-# module.internal-lb-http-frontend.google_compute_url_map.default[0]:
-resource "google_compute_url_map" "default" {
-    creation_timestamp = "2025-04-02T10:31:43.278-07:00"
-    default_service    = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/backendServices/int-lb-http-backend"
-    fingerprint        = "lHDj00c2BDU="
-    id                 = "projects/ajay-dm-testing/global/urlMaps/int-lb-http-frontend-url-map"
-    map_id             = 4719105872322678000
-    name               = "int-lb-http-frontend-url-map"
-    project            = "ajay-dm-testing"
-    self_link          = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/urlMaps/int-lb-http-frontend-url-map"
-
-    host_rule {
-        hosts        = [
-            "*",
-        ]
-        path_matcher = "default"
-    }
-
-    path_matcher {
-        default_service = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/backendServices/int-lb-http-backend"
-        name            = "default"
-    }
-}
-
-
-# module.internal-lb-network.google_compute_network.network:
-resource "google_compute_network" "network" {
-    auto_create_subnetworks                   = false
-    bgp_always_compare_med                    = false
-    bgp_best_path_selection_mode              = "LEGACY"
-    delete_default_routes_on_create           = false
-    enable_ula_internal_ipv6                  = false
-    id                                        = "projects/ajay-dm-testing/global/networks/int-lb-network"
-    mtu                                       = 0
-    name                                      = "int-lb-network"
-    network_firewall_policy_enforcement_order = "AFTER_CLASSIC_FIREWALL"
-    network_id                                = "1016644793868012830"
-    numeric_id                                = "1016644793868012830"
-    project                                   = "ajay-dm-testing"
-    routing_mode                              = "GLOBAL"
-    self_link                                 = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
-}
-
-
-# module.internal-lb-subnet.google_compute_subnetwork.subnetwork["us-central1/int-lb-proxy-only-subnet-b"]:
-resource "google_compute_subnetwork" "subnetwork" {
-    creation_timestamp         = "2025-04-02T10:29:45.167-07:00"
-    enable_flow_logs           = false
-    gateway_address            = "10.130.0.1"
-    id                         = "projects/ajay-dm-testing/regions/us-central1/subnetworks/int-lb-proxy-only-subnet-b"
-    ip_cidr_range              = "10.130.0.0/23"
-    name                       = "int-lb-proxy-only-subnet-b"
-    network                    = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
-    private_ip_google_access   = false
-    private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS"
-    project                    = "ajay-dm-testing"
-    purpose                    = "GLOBAL_MANAGED_PROXY"
-    region                     = "us-central1"
-    role                       = "ACTIVE"
-    self_link                  = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-central1/subnetworks/int-lb-proxy-only-subnet-b"
-    state                      = "READY"
-    subnetwork_id              = 3434960270575848000
-}
-
-# module.internal-lb-subnet.google_compute_subnetwork.subnetwork["us-central1/int-lb-subnet-b"]:
-resource "google_compute_subnetwork" "subnetwork" {
-    creation_timestamp         = "2025-04-02T10:29:45.115-07:00"
-    enable_flow_logs           = false
-    gateway_address            = "10.1.3.1"
-    id                         = "projects/ajay-dm-testing/regions/us-central1/subnetworks/int-lb-subnet-b"
-    ip_cidr_range              = "10.1.3.0/24"
-    name                       = "int-lb-subnet-b"
-    network                    = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
-    private_ip_google_access   = false
-    private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS"
-    project                    = "ajay-dm-testing"
-    purpose                    = "PRIVATE"
-    region                     = "us-central1"
-    self_link                  = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-central1/subnetworks/int-lb-subnet-b"
-    stack_type                 = "IPV4_ONLY"
-    subnetwork_id              = 1116993835700898600
-}
-
-# module.internal-lb-subnet.google_compute_subnetwork.subnetwork["us-east1/int-lb-proxy-only-subnet-a"]:
-resource "google_compute_subnetwork" "subnetwork" {
-    creation_timestamp         = "2025-04-02T10:29:45.205-07:00"
-    enable_flow_logs           = false
-    gateway_address            = "10.129.0.1"
-    id                         = "projects/ajay-dm-testing/regions/us-east1/subnetworks/int-lb-proxy-only-subnet-a"
-    ip_cidr_range              = "10.129.0.0/23"
-    name                       = "int-lb-proxy-only-subnet-a"
-    network                    = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
-    private_ip_google_access   = false
-    private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS"
-    project                    = "ajay-dm-testing"
-    purpose                    = "GLOBAL_MANAGED_PROXY"
-    region                     = "us-east1"
-    role                       = "ACTIVE"
-    self_link                  = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-east1/subnetworks/int-lb-proxy-only-subnet-a"
-    state                      = "READY"
-    subnetwork_id              = 5472668565989543000
-}
-
-# module.internal-lb-subnet.google_compute_subnetwork.subnetwork["us-east1/int-lb-subnet-a"]:
-resource "google_compute_subnetwork" "subnetwork" {
-    creation_timestamp         = "2025-04-02T10:29:45.259-07:00"
-    enable_flow_logs           = false
-    gateway_address            = "10.1.2.1"
-    id                         = "projects/ajay-dm-testing/regions/us-east1/subnetworks/int-lb-subnet-a"
-    ip_cidr_range              = "10.1.2.0/24"
-    name                       = "int-lb-subnet-a"
-    network                    = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/networks/int-lb-network"
-    private_ip_google_access   = false
-    private_ipv6_google_access = "DISABLE_GOOGLE_ACCESS"
-    project                    = "ajay-dm-testing"
-    purpose                    = "PRIVATE"
-    region                     = "us-east1"
-    self_link                  = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-east1/subnetworks/int-lb-subnet-a"
-    stack_type                 = "IPV4_ONLY"
-    subnetwork_id              = 2637718790300814000
-}
-
-
-# module.mig-region-a.data.google_compute_zones.available:
-data "google_compute_zones" "available" {
-    id      = "projects/ajay-dm-testing/regions/us-east1"
-    names   = [
-        "us-east1-b",
-        "us-east1-c",
-        "us-east1-d",
-    ]
-    project = "ajay-dm-testing"
-    region  = "us-east1"
-}
-
-# module.mig-region-a.google_compute_region_instance_group_manager.mig:
-resource "google_compute_region_instance_group_manager" "mig" {
-    base_instance_name               = "mig-group-region-a"
-    creation_timestamp               = "2025-04-02T10:30:03.724-07:00"
-    distribution_policy_target_shape = "EVEN"
-    distribution_policy_zones        = [
-        "us-east1-b",
-        "us-east1-c",
-        "us-east1-d",
-    ]
-    fingerprint                      = "SE7N9RV6Lx0="
-    id                               = "projects/ajay-dm-testing/regions/us-east1/instanceGroupManagers/mig-group-region-a-mig"
-    instance_group                   = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-east1/instanceGroups/mig-group-region-a-mig"
-    instance_group_manager_id        = 386300876517591800
-    list_managed_instances_results   = "PAGELESS"
-    name                             = "mig-group-region-a-mig"
-    project                          = "ajay-dm-testing"
-    region                           = "us-east1"
-    self_link                        = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-east1/instanceGroupManagers/mig-group-region-a-mig"
-    status                           = [
-        {
-            all_instances_config = [
-                {
-                    current_revision = "2025-04-02T17:30:03.727937Z"
-                    effective        = true
-                },
-            ]
-            is_stable            = false
-            stateful             = [
-                {
-                    has_stateful_config  = false
-                    per_instance_configs = [
-                        {
-                            all_effective = true
-                        },
-                    ]
-                },
-            ]
-            version_target       = [
-                {
-                    is_reached = true
-                },
-            ]
-        },
-    ]
-    target_size                      = 2
-    target_stopped_size              = 0
-    target_suspended_size            = 0
-    wait_for_instances               = false
-    wait_for_instances_status        = "STABLE"
-
-    all_instances_config {}
-
-    instance_lifecycle_policy {
-        default_action_on_failure = "REPAIR"
-        force_update_on_repair    = "NO"
-        on_failed_health_check    = "DEFAULT_ACTION"
-    }
-
-    named_port {
-        name = "http"
-        port = 80
-    }
-
-    standby_policy {
-        initial_delay_sec = 0
-        mode              = "MANUAL"
-    }
-
-    timeouts {
-        create = "5m"
-        delete = "15m"
-        update = "5m"
-    }
-
-    update_policy {
-        instance_redistribution_type = "PROACTIVE"
-        max_surge_fixed              = 3
-        max_surge_percent            = 0
-        max_unavailable_fixed        = 3
-        max_unavailable_percent      = 0
-        min_ready_sec                = 0
-        minimal_action               = "REPLACE"
-        replacement_method           = "SUBSTITUTE"
-        type                         = "OPPORTUNISTIC"
-    }
-
-    version {
-        instance_template = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-a-20250402172959064200000001"
-        name              = "mig-group-region-a-mig-version-0"
-    }
-}
-
-
-# module.mig-region-b.data.google_compute_zones.available:
-data "google_compute_zones" "available" {
-    id      = "projects/ajay-dm-testing/regions/us-central1"
-    names   = [
-        "us-central1-a",
-        "us-central1-b",
-        "us-central1-c",
-        "us-central1-f",
-    ]
-    project = "ajay-dm-testing"
-    region  = "us-central1"
-}
-
-# module.mig-region-b.google_compute_region_instance_group_manager.mig:
-resource "google_compute_region_instance_group_manager" "mig" {
-    base_instance_name               = "mig-group-region-b"
-    creation_timestamp               = "2025-04-02T10:30:03.567-07:00"
-    distribution_policy_target_shape = "EVEN"
-    distribution_policy_zones        = [
-        "us-central1-a",
-        "us-central1-b",
-        "us-central1-c",
-        "us-central1-f",
-    ]
-    fingerprint                      = "sCIe3IZSe5c="
-    id                               = "projects/ajay-dm-testing/regions/us-central1/instanceGroupManagers/mig-group-region-b-mig"
-    instance_group                   = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-central1/instanceGroups/mig-group-region-b-mig"
-    instance_group_manager_id        = 5684760493516967000
-    list_managed_instances_results   = "PAGELESS"
-    name                             = "mig-group-region-b-mig"
-    project                          = "ajay-dm-testing"
-    region                           = "us-central1"
-    self_link                        = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/regions/us-central1/instanceGroupManagers/mig-group-region-b-mig"
-    status                           = [
-        {
-            all_instances_config = [
-                {
-                    current_revision = "2025-04-02T17:30:03.569800Z"
-                    effective        = true
-                },
-            ]
-            is_stable            = false
-            stateful             = [
-                {
-                    has_stateful_config  = false
-                    per_instance_configs = [
-                        {
-                            all_effective = true
-                        },
-                    ]
-                },
-            ]
-            version_target       = [
-                {
-                    is_reached = true
-                },
-            ]
-        },
-    ]
-    target_size                      = 2
-    target_stopped_size              = 0
-    target_suspended_size            = 0
-    wait_for_instances               = false
-    wait_for_instances_status        = "STABLE"
-
-    all_instances_config {}
-
-    instance_lifecycle_policy {
-        default_action_on_failure = "REPAIR"
-        force_update_on_repair    = "NO"
-        on_failed_health_check    = "DEFAULT_ACTION"
-    }
-
-    named_port {
-        name = "http"
-        port = 80
-    }
-
-    standby_policy {
-        initial_delay_sec = 0
-        mode              = "MANUAL"
-    }
-
-    timeouts {
-        create = "5m"
-        delete = "15m"
-        update = "5m"
-    }
-
-    update_policy {
-        instance_redistribution_type = "PROACTIVE"
-        max_surge_fixed              = 4
-        max_surge_percent            = 0
-        max_unavailable_fixed        = 4
-        max_unavailable_percent      = 0
-        min_ready_sec                = 0
-        minimal_action               = "REPLACE"
-        replacement_method           = "SUBSTITUTE"
-        type                         = "OPPORTUNISTIC"
-    }
-
-    version {
-        instance_template = "https://www.googleapis.com/compute/v1/projects/ajay-dm-testing/global/instanceTemplates/instance-template-region-b-20250402172959791800000002"
-        name              = "mig-group-region-b-mig-version-0"
-    }
-}
-
-
-Outputs:
-
-external_cloudrun_uris = [
-    "https://fs-a-e6hvzdnvtq-ue.a.run.app",
-    "https://fs-b-e6hvzdnvtq-ue.a.run.app",
-]

From d010619a97ac361b89cd545da901b6125376ca91 Mon Sep 17 00:00:00 2001
From: pawan1210 <pawansaggu@google.com>
Date: Mon, 14 Apr 2025 09:50:27 +0000
Subject: [PATCH 5/6] fix: updated description of network and
 firewall_source_ranges variable

---
 examples/internal-lb-gce-mig/main.tf | 2 +-
 modules/backend/README.md            | 2 +-
 modules/backend/metadata.yaml        | 2 +-
 modules/backend/variables.tf         | 2 +-
 modules/frontend/README.md           | 2 +-
 modules/frontend/metadata.yaml       | 2 +-
 modules/frontend/variables.tf        | 2 +-
 7 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/examples/internal-lb-gce-mig/main.tf b/examples/internal-lb-gce-mig/main.tf
index a0b9d3d1..b8f9a517 100644
--- a/examples/internal-lb-gce-mig/main.tf
+++ b/examples/internal-lb-gce-mig/main.tf
@@ -31,7 +31,7 @@ module "internal-lb-network" {
 }
 
 module "internal-lb-subnet" {
-  source = "terraform-google-modules/network/google//modules/subnets"
+  source  = "terraform-google-modules/network/google//modules/subnets"
   version = "~> 10.0.0"
 
   subnets = [
diff --git a/modules/backend/README.md b/modules/backend/README.md
index 9411ba33..85ed17f5 100644
--- a/modules/backend/README.md
+++ b/modules/backend/README.md
@@ -17,7 +17,7 @@ This module creates `google_compute_backend_service` resource and its dependenci
 | enable\_cdn | Enable Cloud CDN for this BackendService. | `bool` | `false` | no |
 | firewall\_networks | Names of the networks to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | firewall\_projects | Names of the projects to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
-| firewall\_source\_ranges | Source ranges for global Application Load Balancer's proxies. This should be set to ip\_cidr\_range of your REGIONAL\_MANAGED\_PROXY subnet. | `list(string)` | <pre>[<br>  "10.129.0.0/23"<br>]</pre> | no |
+| firewall\_source\_ranges | Source ranges for the global Application Load Balancer's proxies. This list should contain the `ip_cidr_range` of each GLOBAL\_MANAGED\_PROXY subnet. | `list(string)` | <pre>[<br>  "10.129.0.0/23"<br>]</pre> | no |
 | groups | The list of backend instance group which serves the traffic. | <pre>list(object({<br>    group       = string<br>    description = optional(string)<br><br>    balancing_mode               = optional(string)<br>    capacity_scaler              = optional(number)<br>    max_connections              = optional(number)<br>    max_connections_per_instance = optional(number)<br>    max_connections_per_endpoint = optional(number)<br>    max_rate                     = optional(number)<br>    max_rate_per_instance        = optional(number)<br>    max_rate_per_endpoint        = optional(number)<br>    max_utilization              = optional(number)<br>  }))</pre> | `[]` | no |
 | health\_check | Input for creating HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. | <pre>object({<br>    host                = optional(string, null)<br>    request_path        = optional(string, null)<br>    request             = optional(string, null)<br>    response            = optional(string, null)<br>    port                = optional(number, null)<br>    port_name           = optional(string, null)<br>    proxy_header        = optional(string, null)<br>    port_specification  = optional(string, null)<br>    protocol            = optional(string, null)<br>    check_interval_sec  = optional(number, 5)<br>    timeout_sec         = optional(number, 5)<br>    healthy_threshold   = optional(number, 2)<br>    unhealthy_threshold = optional(number, 2)<br>    logging             = optional(bool, false)<br>  })</pre> | `null` | no |
 | host\_path\_mappings | The list of host/path for which traffic could be sent to the backend service | <pre>list(object({<br>    host = string<br>    path = string<br>  }))</pre> | <pre>[<br>  {<br>    "host": "*",<br>    "path": "/*"<br>  }<br>]</pre> | no |
diff --git a/modules/backend/metadata.yaml b/modules/backend/metadata.yaml
index 4f8ae617..c845a221 100644
--- a/modules/backend/metadata.yaml
+++ b/modules/backend/metadata.yaml
@@ -289,7 +289,7 @@ spec:
         varType: list(string)
         defaultValue: []
       - name: firewall_source_ranges
-        description: Source ranges for global Application Load Balancer's proxies. This should be set to ip_cidr_range of your REGIONAL_MANAGED_PROXY subnet.
+        description: Source ranges for the global Application Load Balancer's proxies. This list should contain the `ip_cidr_range` of each GLOBAL_MANAGED_PROXY subnet.
         varType: list(string)
         defaultValue:
           - 10.129.0.0/23
diff --git a/modules/backend/variables.tf b/modules/backend/variables.tf
index 2c8c110e..27088aaf 100644
--- a/modules/backend/variables.tf
+++ b/modules/backend/variables.tf
@@ -276,7 +276,7 @@ variable "target_service_accounts" {
 }
 
 variable "firewall_source_ranges" {
-  description = "Source ranges for global Application Load Balancer's proxies. This should be set to ip_cidr_range of your REGIONAL_MANAGED_PROXY subnet."
+  description = "Source ranges for the global Application Load Balancer's proxies. This list should contain the `ip_cidr_range` of each GLOBAL_MANAGED_PROXY subnet."
   type        = list(string)
   default     = ["10.129.0.0/23"]
 }
diff --git a/modules/frontend/README.md b/modules/frontend/README.md
index e2552a99..d32eb9c7 100644
--- a/modules/frontend/README.md
+++ b/modules/frontend/README.md
@@ -25,7 +25,7 @@ This module creates `HTTP(S) forwarding rule` and its dependencies. This modules
 | load\_balancing\_scheme | Load balancing scheme type (EXTERNAL for classic external load balancer, EXTERNAL\_MANAGED for Envoy-based load balancer, INTERNAL\_MANAGED for internal load balancer and INTERNAL\_SELF\_MANAGED for traffic director) | `string` | `"EXTERNAL_MANAGED"` | no |
 | managed\_ssl\_certificate\_domains | Create Google-managed SSL certificates for specified domains. Requires `ssl` to be set to `true` | `list(string)` | `[]` | no |
 | name | Name for the forwarding rule and prefix for supporting resources | `string` | n/a | yes |
-| network | Network for internal load balancer | `string` | `"default"` | no |
+| network | VPC network for the forwarding rule. The VPC network should have exactly one GLOBAL\_MANAGED\_PROXY subnetwork for every region where the forwarding rule is to be configured. Please go to the subnets tab of your VPC network and check if a GLOBAL\_MANAGED\_PROXY subnet exists under the `Reserved proxy-only subnets for load balancing` section. If a GLOBAL\_MANAGED\_PROXY subnet doesn't exist, create one for each required region. | `string` | `"default"` | no |
 | private\_key | Content of the private SSL key. Requires `ssl` to be set to `true` and `create_ssl_certificate` set to `true` | `string` | `null` | no |
 | project\_id | The project to deploy to, if not set the default provider project is used. | `string` | n/a | yes |
 | quic | Specifies the QUIC override policy for this resource. Set true to enable HTTP/3 and Google QUIC support, false to disable both. Defaults to null which enables support for HTTP/3 only. | `bool` | `null` | no |
diff --git a/modules/frontend/metadata.yaml b/modules/frontend/metadata.yaml
index 696513ec..1fa724d1 100644
--- a/modules/frontend/metadata.yaml
+++ b/modules/frontend/metadata.yaml
@@ -172,7 +172,7 @@ spec:
         varType: string
         defaultValue: EXTERNAL_MANAGED
       - name: network
-        description: Network for internal load balancer
+        description: VPC network for the forwarding rule. The VPC network should have exactly one GLOBAL_MANAGED_PROXY subnetwork for every region where the forwarding rule is to be configured. Please go to the subnets tab of your VPC network and check if a GLOBAL_MANAGED_PROXY subnet exists under the `Reserved proxy-only subnets for load balancing` section. If a GLOBAL_MANAGED_PROXY subnet doesn't exist, create one for each required region.
         varType: string
         defaultValue: default
       - name: server_tls_policy
diff --git a/modules/frontend/variables.tf b/modules/frontend/variables.tf
index 7f11bc84..664b458a 100644
--- a/modules/frontend/variables.tf
+++ b/modules/frontend/variables.tf
@@ -162,7 +162,7 @@ variable "load_balancing_scheme" {
 }
 
 variable "network" {
-  description = "Network for internal load balancer"
+  description = "VPC network for the forwarding rule. The VPC network should have exactly one GLOBAL_MANAGED_PROXY subnetwork for every region where the forwarding rule is to be configured. Please go to the subnets tab of your VPC network and check if a GLOBAL_MANAGED_PROXY subnet exists under the `Reserved proxy-only subnets for load balancing` section. If a GLOBAL_MANAGED_PROXY subnet doesn't exist, create one for each required region."
   type        = string
   default     = "default"
 }

From e2591f4a4407c2914762a5c85d2a361e84e7525f Mon Sep 17 00:00:00 2001
From: pawan1210 <pawansaggu@google.com>
Date: Thu, 17 Apr 2025 11:43:51 +0000
Subject: [PATCH 6/6] fix: updated default value of firewall_source_ranges
 variable

---
 modules/backend/README.md     | 2 +-
 modules/backend/metadata.yaml | 2 +-
 modules/backend/variables.tf  | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/backend/README.md b/modules/backend/README.md
index 85ed17f5..c8b59193 100644
--- a/modules/backend/README.md
+++ b/modules/backend/README.md
@@ -17,7 +17,7 @@ This module creates `google_compute_backend_service` resource and its dependenci
 | enable\_cdn | Enable Cloud CDN for this BackendService. | `bool` | `false` | no |
 | firewall\_networks | Names of the networks to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
 | firewall\_projects | Names of the projects to create firewall rules in | `list(string)` | <pre>[<br>  "default"<br>]</pre> | no |
-| firewall\_source\_ranges | Source ranges for the global Application Load Balancer's proxies. This list should contain the `ip_cidr_range` of each GLOBAL\_MANAGED\_PROXY subnet. | `list(string)` | <pre>[<br>  "10.129.0.0/23"<br>]</pre> | no |
+| firewall\_source\_ranges | Source ranges for the global Application Load Balancer's proxies. This list should contain the `ip_cidr_range` of each GLOBAL\_MANAGED\_PROXY subnet. | `list(string)` | <pre>[<br>  "10.127.0.0/23"<br>]</pre> | no |
 | groups | The list of backend instance group which serves the traffic. | <pre>list(object({<br>    group       = string<br>    description = optional(string)<br><br>    balancing_mode               = optional(string)<br>    capacity_scaler              = optional(number)<br>    max_connections              = optional(number)<br>    max_connections_per_instance = optional(number)<br>    max_connections_per_endpoint = optional(number)<br>    max_rate                     = optional(number)<br>    max_rate_per_instance        = optional(number)<br>    max_rate_per_endpoint        = optional(number)<br>    max_utilization              = optional(number)<br>  }))</pre> | `[]` | no |
 | health\_check | Input for creating HttpHealthCheck or HttpsHealthCheck resource for health checking this BackendService. A health check must be specified unless the backend service uses an internet or serverless NEG as a backend. | <pre>object({<br>    host                = optional(string, null)<br>    request_path        = optional(string, null)<br>    request             = optional(string, null)<br>    response            = optional(string, null)<br>    port                = optional(number, null)<br>    port_name           = optional(string, null)<br>    proxy_header        = optional(string, null)<br>    port_specification  = optional(string, null)<br>    protocol            = optional(string, null)<br>    check_interval_sec  = optional(number, 5)<br>    timeout_sec         = optional(number, 5)<br>    healthy_threshold   = optional(number, 2)<br>    unhealthy_threshold = optional(number, 2)<br>    logging             = optional(bool, false)<br>  })</pre> | `null` | no |
 | host\_path\_mappings | The list of host/path for which traffic could be sent to the backend service | <pre>list(object({<br>    host = string<br>    path = string<br>  }))</pre> | <pre>[<br>  {<br>    "host": "*",<br>    "path": "/*"<br>  }<br>]</pre> | no |
diff --git a/modules/backend/metadata.yaml b/modules/backend/metadata.yaml
index c845a221..ca4082f6 100644
--- a/modules/backend/metadata.yaml
+++ b/modules/backend/metadata.yaml
@@ -292,7 +292,7 @@ spec:
         description: Source ranges for the global Application Load Balancer's proxies. This list should contain the `ip_cidr_range` of each GLOBAL_MANAGED_PROXY subnet.
         varType: list(string)
         defaultValue:
-          - 10.129.0.0/23
+          - 10.127.0.0/23
     outputs:
       - name: backend_service_info
         description: Host, path and backend service mapping
diff --git a/modules/backend/variables.tf b/modules/backend/variables.tf
index 27088aaf..a79cfae3 100644
--- a/modules/backend/variables.tf
+++ b/modules/backend/variables.tf
@@ -278,5 +278,5 @@ variable "target_service_accounts" {
 variable "firewall_source_ranges" {
   description = "Source ranges for the global Application Load Balancer's proxies. This list should contain the `ip_cidr_range` of each GLOBAL_MANAGED_PROXY subnet."
   type        = list(string)
-  default     = ["10.129.0.0/23"]
+  default     = ["10.127.0.0/23"]
 }