diff --git a/forwarding_rule_vpc_psc/backing_file.tf b/forwarding_rule_vpc_psc/backing_file.tf
new file mode 100644
index 00000000..c60b1199
--- /dev/null
+++ b/forwarding_rule_vpc_psc/backing_file.tf
@@ -0,0 +1,15 @@
+# This file has some scaffolding to make sure that names are unique and that
+# a region and zone are selected when you try to create your Terraform resources.
+
+locals {
+ name_suffix = "${random_pet.suffix.id}"
+}
+
+resource "random_pet" "suffix" {
+ length = 2
+}
+
+provider "google" {
+ region = "us-central1"
+ zone = "us-central1-c"
+}
diff --git a/forwarding_rule_vpc_psc/main.tf b/forwarding_rule_vpc_psc/main.tf
new file mode 100644
index 00000000..f85df472
--- /dev/null
+++ b/forwarding_rule_vpc_psc/main.tf
@@ -0,0 +1,108 @@
+// Forwarding rule for VPC private service connect
+resource "google_compute_forwarding_rule" "default" {
+ provider = google-beta
+ name = "psc-endpoint-${local.name_suffix}"
+ region = "us-central1"
+ load_balancing_scheme = ""
+ target = google_compute_service_attachment.producer_service_attachment.id
+ network = google_compute_network.consumer_net.name
+ ip_address = google_compute_address.consumer_address.id
+}
+
+// Consumer service endpoint
+
+resource "google_compute_network" "consumer_net" {
+ provider = google-beta
+ name = "consumer-net-${local.name_suffix}"
+ auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "consumer_subnet" {
+ provider = google-beta
+ name = "consumer-net-${local.name_suffix}"
+ ip_cidr_range = "10.0.0.0/16"
+ region = "us-central1"
+ network = google_compute_network.consumer_net.id
+}
+
+resource "google_compute_address" "consumer_address" {
+ name = "website-ip-${local.name_suffix}-1"
+ provider = google-beta
+ region = "us-central1"
+ subnetwork = google_compute_subnetwork.consumer_subnet.id
+ address_type = "INTERNAL"
+}
+
+
+// Producer service attachment
+
+resource "google_compute_network" "producer_net" {
+ provider = google-beta
+ name = "producer-net-${local.name_suffix}"
+ auto_create_subnetworks = false
+}
+
+resource "google_compute_subnetwork" "producer_subnet" {
+ provider = google-beta
+ name = "producer-net-${local.name_suffix}"
+ ip_cidr_range = "10.0.0.0/16"
+ region = "us-central1"
+ network = google_compute_network.producer_net.id
+}
+
+resource "google_compute_subnetwork" "psc_producer_subnet" {
+ provider = google-beta
+ name = "producer-psc-net-${local.name_suffix}"
+ ip_cidr_range = "10.1.0.0/16"
+ region = "us-central1"
+
+ purpose = "PRIVATE_SERVICE_CONNECT"
+ network = google_compute_network.producer_net.id
+}
+
+resource "google_compute_service_attachment" "producer_service_attachment" {
+ provider = google-beta
+ name = "producer-service-${local.name_suffix}"
+ region = "us-central1"
+ description = "A service attachment configured with Terraform"
+
+ enable_proxy_protocol = true
+ connection_preference = "ACCEPT_AUTOMATIC"
+ nat_subnets = [google_compute_subnetwork.psc_producer_subnet.name]
+ target_service = google_compute_forwarding_rule.producer_target_service.id
+
+
+}
+
+resource "google_compute_forwarding_rule" "producer_target_service" {
+ provider = google-beta
+ name = "producer-forwarding-rule-${local.name_suffix}"
+ region = "us-central1"
+
+ load_balancing_scheme = "INTERNAL"
+ backend_service = google_compute_region_backend_service.producer_service_backend.id
+ all_ports = true
+ network = google_compute_network.producer_net.name
+ subnetwork = google_compute_subnetwork.producer_subnet.name
+
+
+}
+
+resource "google_compute_region_backend_service" "producer_service_backend" {
+ provider = google-beta
+ name = "producer-service-backend-${local.name_suffix}"
+ region = "us-central1"
+
+ health_checks = [google_compute_health_check.producer_service_health_check.id]
+}
+
+resource "google_compute_health_check" "producer_service_health_check" {
+ provider = google-beta
+ name = "producer-service-health-check-${local.name_suffix}"
+
+ check_interval_sec = 1
+ timeout_sec = 1
+ tcp_health_check {
+ port = "80"
+ }
+}
diff --git a/forwarding_rule_vpc_psc/motd b/forwarding_rule_vpc_psc/motd
new file mode 100644
index 00000000..45a906e8
--- /dev/null
+++ b/forwarding_rule_vpc_psc/motd
@@ -0,0 +1,7 @@
+===
+
+These examples use real resources that will be billed to the
+Google Cloud Platform project you use - so make sure that you
+run "terraform destroy" before quitting!
+
+===
diff --git a/forwarding_rule_vpc_psc/tutorial.md b/forwarding_rule_vpc_psc/tutorial.md
new file mode 100644
index 00000000..8f80f987
--- /dev/null
+++ b/forwarding_rule_vpc_psc/tutorial.md
@@ -0,0 +1,79 @@
+# Forwarding Rule VPC Psc - Terraform
+
+## Setup
+
+
+
+Welcome to Terraform in Google Cloud Shell! We need you to let us know what project you'd like to use with Terraform.
+
+
+
+Terraform provisions real GCP resources, so anything you create in this session will be billed against this project.
+
+## Terraforming!
+
+Let's use {{project-id}} with Terraform! Click the Cloud Shell icon below to copy the command
+to your shell, and then run it from the shell by pressing Enter/Return. Terraform will pick up
+the project name from the environment variable.
+
+```bash
+export GOOGLE_CLOUD_PROJECT={{project-id}}
+```
+
+After that, let's get Terraform started. Run the following to pull in the providers.
+
+```bash
+terraform init
+```
+
+With the providers downloaded and a project set, you're ready to use Terraform. Go ahead!
+
+```bash
+terraform apply
+```
+
+Terraform will show you what it plans to do, and prompt you to accept. Type "yes" to accept the plan.
+
+```bash
+yes
+```
+
+
+## Post-Apply
+
+### Editing your config
+
+Now you've provisioned your resources in GCP! If you run a "plan", you should see no changes needed.
+
+```bash
+terraform plan
+```
+
+So let's make a change! Try editing a number, or appending a value to the name in the editor. Then,
+run a 'plan' again.
+
+```bash
+terraform plan
+```
+
+Afterwards you can run an apply, which implicitly does a plan and shows you the intended changes
+at the 'yes' prompt.
+
+```bash
+terraform apply
+```
+
+```bash
+yes
+```
+
+## Cleanup
+
+Run the following to remove the resources Terraform provisioned:
+
+```bash
+terraform destroy
+```
+```bash
+yes
+```