Skip to main content

GCP Compute Backend Service

A Compute Backend Service is the component that sits behind a Google Cloud external or internal Load Balancer and defines how traffic is distributed to the actual back-end resources (Managed Instance Groups, Unmanaged Instance Groups or Network Endpoint Groups).
It specifies health-checks, session affinity, capacity scaling, connection draining, Cloud CDN enablement and (optionally) the application of Cloud Armor security policies. In effect, it is the policy layer that converts a forwarding rule’s incoming connections into directed, observable traffic towards your workloads.
For the full specification see the official documentation: https://cloud.google.com/compute/docs/reference/rest/v1/backendServices

Terrafrom Mappings:

  • google_compute_backend_service.name

Supported Methods​

  • GET: Get GCP Compute Backend Service by "gcp-compute-backend-service-name"
  • LIST: List all GCP Compute Backend Service items
  • SEARCH

gcp-compute-network​

Every backend referenced by a Backend Service (whether an Instance Group or a Network Endpoint Group) exists inside a single VPC network. Consequently the Backend Service is implicitly bound to that network and any reachability, firewall or routing rules that apply to the VPC will affect the traffic it distributes.

gcp-compute-security-policy​

A Backend Service can have an optional Cloud Armor security policy attached to it. When configured, that policy inspects and filters incoming requests before they reach the back-ends, enforcing L7 rules such as IP allow/deny lists, rate limiting and custom WAF rules.