How to Resolve the Forward Rule Creation Error

Issue

You receive the following error message:

Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.target': 'https://compute.googleapis.com/compute/beta/projects/fivetran-donkeys/regions/us-east4/{your_domain}'. Invalid target. Must be either a valid In-Project Forwarding Rule Target URL, a valid Service Attachment URL, or a supported Google API bundle (global-only)., invalid

Environment

All database connectors Connection method: Private networking

Understanding the problem

Your forwarding rule’s resource.target is set to https://compute.googleapis.com/compute/beta/projects/fivetran-donkeys/regions/us-east4/{your_domain}, which is invalid. A forwarding rule is the Google Cloud Load Balancer’s listener that defines the IP, protocol, and ports. It receives traffic and then sends it to resource.target (the field that names the exact load-balancing resource to receive that traffic).

A forwarding rule can’t target a domain or VM. Because the target ends with a domain placeholder, it isn’t a valid load-balancer target URL.

Causes and solutions

The forwarding rule’s resource.target isn’t a valid load-balancing resource. Common mistakes involve pointing to a raw IP address or DNS name, a VM directly, or an arbitrary URL.

Replace the target URL with:

A valid in-project target URL: A load-balancing component in your project (backend service, target proxy, etc.).
A valid service attachment URL: For Private Service Connect, where your forwarding rule connects to a service exposed by another Google Cloud project through a Service Attachment.
A supported Google API bundle (global): Global load balancer targets for Google-managed APIs (less common for custom applications).

If {your_domain} is your load balancer’s hostname, configure it in Cloud DNS by creating an A record that points to the forwarding rule’s IP. Don’t use the domain itself as a resource target.

Resolution

Identify the type of load balancer you are creating or managing. Common options include:
- An external HTTP(S) load balancer
- A TCP/UDP network load balancer
- An internal load balancer
- A Private Service Connect (PSC) setup
Point resource.target to the correct component:
- External HTTP(S): targetHttpProxies/{name} or targetHttpsProxies/{name}
  Example(global): https://compute.googleapis.com/compute/beta/projects/<PROJECT>/global/targetHttpsProxies/<NAME>
  Example(regional): https://compute.googleapis.com/compute/beta/projects/<PROJECT>/regions/<REGION>/targetHttpsProxies/<NAME>
- TCP/SSL Proxy: targetTcpProxies/{name} or targetSslProxies/{name}
  Example: https://compute.googleapis.com/compute/beta/projects/<PROJECT>/global/targetSslProxies/<NAME>
- Network LB (TCP/UDP, no proxy): backendServices/{name} (regional) or legacy targetPools/{name}
  Example(regional backend service): https://compute.googleapis.com/compute/beta/projects/<PROJECT>/regions/<REGION>/backendServices/<NAME>
- Internal HTTP(S): Regional targetHttpProxies/{name} or targetHttpsProxies/{name} in the same region as the forwarding rule
  Example: https://compute.googleapis.com/compute/beta/projects/<PROJECT>/regions/<REGION>/targetHttpsProxies/<NAME>
- PSC consumer: serviceAttachments/{name}
  Example: https://compute.googleapis.com/compute/beta/projects/<PROVIDER_PROJECT>/regions/<REGION>/serviceAttachments/<NAME>
Replace the invalid target with the correct URL for your load balancer type, then retry.

Example workflow — External HTTP(S) Load Balancer

Create a Backend Service: This specifies where your traffic eventually goes (for example, an instance group of VMs).

 gcloud compute backend-services create my-backend-service \
 --protocol HTTP \
 --port-name http \
 --global # or --region=us-east4

Create a URL Map: This maps URLs to backend services.

gcloud compute url-maps create my-url-map \
--default-service my-backend-service \
--global # or --region=us-east4

Create a target proxy: This receives traffic from the forwarding rule and sends it to the URL map.

gcloud compute target-http-proxies create my-http-proxy \
 --url-map my-url-map \
 --global # or --region=us-east4

Create the forwarding rule: This is where you specify the IP, ports, and point it to the target proxy.

gcloud compute forwarding-rules create my-forwarding-rule \
--address <IP_ADDRESS> \
--target-http-proxy my-http-proxy \
--ports 80 \
--global # or --region=us-east4

Using --target-http-proxy my-http-proxy makes gcloud assemble the full target URL (for example, https://compute.googleapis.com/compute/beta/projects/<PROJECT>/global/targetHttpProxies/my-http-proxy) in the API call automatically.