Google cloud load balancer not connected to the instances group

Question

The problem is the Load balancer can't connect to any instances and always serve 502 Server Error , when I add access_config {} to the network_interface it works but all the instances get exposed to the internet, that why I want to load balance the trafic their private ip address:

// VPC

resource "google_compute_network" "default" {
    name = "vpc-${var.cluster_name}"
    auto_create_subnetworks = false
}

resource "google_compute_subnetwork" "default" {
    name = "subnet-${var.cluster_name}"
    ip_cidr_range = "10.0.0.0/24"
    network = google_compute_network.default.self_link
}

// Instances group

resource "google_compute_instance_template" "default" {
    name = "instance-template-${var.cluster_name}"
    machine_type = var.machine_type

    disk {
        source_image = var.source_image
        auto_delete = true
        boot = true
        disk_size_gb = 10
    }

    network_interface {
        network = google_compute_network.default.self_link
        subnetwork = google_compute_subnetwork.default.self_link
    }

    metadata_startup_script = <<-EOF
        sudo apt-get update
        sudo apt-get install nginx -y
        sudo systemctl start nginx
        echo "tags=http-server" >> /etc/sysconfig/network-scripts/ifcfg-eth0
    EOF

     tags = ["http-server"]
}

resource "google_compute_firewall" "allow_health_check" {
    name    = "allow-health-check-${var.cluster_name}"
    direction = "INGRESS"
    network = google_compute_network.default.id
    source_ranges = ["0.0.0.0/0"]

    allow {
        protocol = "tcp"
        ports = ["80"]
    }

    target_tags   = ["http-server"]
}

resource "google_compute_instance_group_manager" "default" {
    name = "instance-group-manager-${var.cluster_name}"
    base_instance_name = "instance-group-manager-${var.cluster_name}"

    version {
        instance_template = google_compute_instance_template.default.id
    }

    auto_healing_policies {
        health_check      = google_compute_health_check.default.id
        initial_delay_sec = 300
    }

    named_port {
        name     = "http"
        port     = 80
    }

    target_size = var.min_replicas
}

resource "google_compute_autoscaler" "default" {
    name = "autoscaler-${var.cluster_name}"
    target = google_compute_instance_group_manager.default.id

    autoscaling_policy {
        min_replicas = var.min_replicas
        max_replicas = var.max_replicas
        cpu_utilization {
            target = 0.6
        }
    }
}
// Load Balancer

resource "google_compute_global_address" "default" {
    name = "gloabl-address-${var.cluster_name}"
}

resource "google_compute_health_check" "default" {
    name = "autohealing-${var.cluster_name}"
    check_interval_sec  = 30
    timeout_sec         = 10
    healthy_threshold   = 3
    unhealthy_threshold = 10

    http_health_check {
        request_path = "/"
        port         = 80 
    }
}

resource "google_compute_backend_service" "default" {
    name = "backend-service-${var.cluster_name}"
    protocol = "HTTP"
    load_balancing_scheme = "EXTERNAL"
    port_name = "http"
    health_checks = [google_compute_health_check.default.id]

    backend {
        group = google_compute_instance_group_manager.default.id
        balancing_mode = "RATE"
        max_rate_per_endpoint = 1000
    }

    log_config {
        enable = true
    }
}

resource "google_compute_url_map" "default" {
    name = "url-map-${var.cluster_name}"
    default_service = google_compute_backend_service.default.id
}

resource "google_compute_target_http_proxy" "default" {
    name = "target-http-proxy-${var.cluster_name}"
    url_map = google_compute_url_map.default.id
}

resource "google_compute_global_forwarding_rule" "default" {
    name = "global-forwarding-rule-${var.cluster_name}"
    target = google_compute_target_http_proxy.default.id
    port_range = "80"
    ip_address = google_compute_global_address.default.address
}

I try to use access_config {} and it works but all instances get exposed to the internet.