EdgeCacheOrigin represents a HTTP-reachable backend for an EdgeCacheService.
To get more information about EdgeCacheOrigin, see:
resource "google_network_services_edge_cache_origin" "default" {
name = "my-origin"
origin_address = "gs://media-edge-default"
description = "The default bucket for media edge test"
}
resource "google_network_services_edge_cache_origin" "fallback" {
name = "my-fallback"
origin_address = "fallback.example.com"
description = "The default bucket for media edge test"
max_attempts = 3
protocol = "HTTP"
port = 80
retry_conditions = [
"CONNECT_FAILURE",
"NOT_FOUND",
"HTTP_5XX",
"FORBIDDEN",
]
timeout {
connect_timeout = "10s"
max_attempts_timeout = "20s"
response_timeout = "60s"
read_timeout = "5s"
}
origin_override_action {
url_rewrite {
host_rewrite = "example.com"
}
header_action {
request_headers_to_add {
header_name = "x-header"
header_value = "value"
replace = true
}
}
}
origin_redirect {
redirect_conditions = [
"MOVED_PERMANENTLY",
"FOUND",
"SEE_OTHER",
"TEMPORARY_REDIRECT",
"PERMANENT_REDIRECT",
]
}
}
resource "google_network_services_edge_cache_origin" "default" {
name = "my-origin"
origin_address = "gs://media-edge-default"
failover_origin = google_network_services_edge_cache_origin.fallback.id
description = "The default bucket for media edge test"
max_attempts = 2
labels = {
a = "b"
}
timeout {
connect_timeout = "10s"
}
}
resource "google_secret_manager_secret" "secret-basic" {
secret_id = "secret-name"
replication {
auto {}
}
}
resource "google_secret_manager_secret_version" "secret-version-basic" {
secret = google_secret_manager_secret.secret-basic.id
secret_data = "secret-data"
}
resource "google_network_services_edge_cache_origin" "default" {
name = "my-origin"
origin_address = "gs://media-edge-default"
description = "The default bucket for V4 authentication"
aws_v4_authentication {
access_key_id = "ACCESSKEYID"
secret_access_key_version = google_secret_manager_secret_version.secret-version-basic.id
origin_region = "auto"
}
}
The following arguments are supported:
origin_address
-
(Required)
A fully qualified domain name (FQDN) or IP address reachable over the public Internet, or the address of a Google Cloud Storage bucket.
This address will be used as the origin for cache requests - e.g. FQDN: media-backend.example.com, IPv4: 35.218.1.1, IPv6: 2607:f8b0:4012:809::200e, Cloud Storage: gs://bucketname
When providing an FQDN (hostname), it must be publicly resolvable (e.g. via Google public DNS) and IP addresses must be publicly routable. It must not contain a protocol (e.g., https://) and it must not contain any slashes.
If a Cloud Storage bucket is provided, it must be in the canonical "gs://bucketname" format. Other forms, such as "storage.googleapis.com", will be rejected.
name
-
(Required)
Name of the resource; provided by the client when the resource is created.
The name must be 1-64 characters long, and match the regular expression [a-zA-Z][a-zA-Z0-9_-]* which means the first character must be a letter,
and all following characters must be a dash, underscore, letter or digit.
description
-
(Optional)
A human-readable description of the resource.
labels
-
(Optional)
Set of label tags associated with the EdgeCache resource.
Note: This field is non-authoritative, and will only manage the labels present in your configuration.
Please refer to the field effective_labels
for all of the labels present on the resource.
protocol
-
(Optional)
The protocol to use to connect to the configured origin. Defaults to HTTP2, and it is strongly recommended that users use HTTP2 for both security & performance.
When using HTTP2 or HTTPS as the protocol, a valid, publicly-signed, unexpired TLS (SSL) certificate must be presented by the origin server.
Possible values are: HTTP2
, HTTPS
, HTTP
.
port
-
(Optional)
The port to connect to the origin on.
Defaults to port 443 for HTTP2 and HTTPS protocols, and port 80 for HTTP.
max_attempts
-
(Optional)
The maximum number of attempts to cache fill from this origin. Another attempt is made when a cache fill fails with one of the retryConditions.
Once maxAttempts to this origin have failed the failoverOrigin will be used, if one is specified. That failoverOrigin may specify its own maxAttempts,
retryConditions and failoverOrigin to control its own cache fill failures.
The total number of allowed attempts to cache fill across this and failover origins is limited to four.
The total time allowed for cache fill attempts across this and failover origins can be controlled with maxAttemptsTimeout.
The last valid, non-retried response from all origins will be returned to the client.
If no origin returns a valid response, an HTTP 502 will be returned to the client.
Defaults to 1. Must be a value greater than 0 and less than 4.
failover_origin
-
(Optional)
The Origin resource to try when the current origin cannot be reached.
After maxAttempts is reached, the configured failoverOrigin will be used to fulfil the request.
The value of timeout.maxAttemptsTimeout dictates the timeout across all origins.
A reference to a Topic resource.
retry_conditions
-
(Optional)
Specifies one or more retry conditions for the configured origin.
If the failure mode during a connection attempt to the origin matches the configured retryCondition(s),
the origin request will be retried up to maxAttempts times. The failoverOrigin, if configured, will then be used to satisfy the request.
The default retryCondition is "CONNECT_FAILURE".
retryConditions apply to this origin, and not subsequent failoverOrigin(s),
which may specify their own retryConditions and maxAttempts.
Valid values are:
CONNECT_FAILURE
, HTTP_5XX
, GATEWAY_ERROR
, RETRIABLE_4XX
, NOT_FOUND
, FORBIDDEN
.timeout
-
(Optional)
The connection and HTTP timeout configuration for this origin.
Structure is documented below.
aws_v4_authentication
-
(Optional)
Enable AWS Signature Version 4 origin authentication.
Structure is documented below.
origin_override_action
-
(Optional)
The override actions, including url rewrites and header
additions, for requests that use this origin.
Structure is documented below.
origin_redirect
-
(Optional)
Follow redirects from this origin.
Structure is documented below.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
connect_timeout
-
(Optional)
The maximum duration to wait for a single origin connection to be established, including DNS lookup, TLS handshake and TCP/QUIC connection establishment.
Defaults to 5 seconds. The timeout must be a value between 1s and 15s.
The connectTimeout capped by the deadline set by the request's maxAttemptsTimeout. The last connection attempt may have a smaller connectTimeout in order to adhere to the overall maxAttemptsTimeout.
max_attempts_timeout
-
(Optional)
The maximum time across all connection attempts to the origin, including failover origins, before returning an error to the client. A HTTP 504 will be returned if the timeout is reached before a response is returned.
Defaults to 15 seconds. The timeout must be a value between 1s and 30s.
If a failoverOrigin is specified, the maxAttemptsTimeout of the first configured origin sets the deadline for all connection attempts across all failoverOrigins.
response_timeout
-
(Optional)
The maximum duration to wait for the last byte of a response to arrive when reading from the HTTP connection/stream.
Defaults to 30 seconds. The timeout must be a value between 1s and 120s.
The responseTimeout starts after the connection has been established.
This also applies to HTTP Chunked Transfer Encoding responses, and/or when an open-ended Range request is made to the origin. Origins that take longer to write additional bytes to the response than the configured responseTimeout will result in an error being returned to the client.
If the response headers have already been written to the connection, the response will be truncated and logged.
read_timeout
-
(Optional)
The maximum duration to wait between reads of a single HTTP connection/stream.
Defaults to 15 seconds. The timeout must be a value between 1s and 30s.
The readTimeout is capped by the responseTimeout. All reads of the HTTP connection/stream must be completed by the deadline set by the responseTimeout.
If the response headers have already been written to the connection, the response will be truncated and logged.
The aws_v4_authentication
block supports:
access_key_id
-
(Required)
The access key ID your origin uses to identify the key.
secret_access_key_version
-
(Required)
The Secret Manager secret version of the secret access key used by your origin.
This is the resource name of the secret version in the format projects/*/secrets/*/versions/*
where the *
values are replaced by the project, secret, and version you require.
origin_region
-
(Required)
The name of the AWS region that your origin is in.
The origin_override_action
block supports:
url_rewrite
-
(Optional)
The URL rewrite configuration for request that are
handled by this origin.
Structure is documented below.
header_action
-
(Optional)
The header actions, including adding and removing
headers, for request handled by this origin.
Structure is documented below.
The url_rewrite
block supports:
host_rewrite
-
(Optional)
Prior to forwarding the request to the selected
origin, the request's host header is replaced with
contents of the hostRewrite.
This value must be between 1 and 255 characters.The header_action
block supports:
request_headers_to_add
-
(Optional)
Describes a header to add.
You may add a maximum of 25 request headers.
Structure is documented below.The request_headers_to_add
block supports:
header_name
-
(Required)
The name of the header to add.
header_value
-
(Required)
The value of the header to add.
replace
-
(Optional)
Whether to replace all existing headers with the same name.
By default, added header values are appended
to the response or request headers with the
same field names. The added values are
separated by commas.
To overwrite existing values, set replace
to true
.
The origin_redirect
block supports:
redirect_conditions
-
(Optional)
The set of redirect response codes that the CDN
follows. Values of
RedirectConditions
are accepted.In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/locations/global/edgeCacheOrigins/{{name}}
terraform_labels
-
The combination of labels configured directly on the resource
and default labels configured on the provider.
effective_labels
-
All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.
This resource provides the following Timeouts configuration options:
create
- Default is 120 minutes.update
- Default is 120 minutes.delete
- Default is 120 minutes.EdgeCacheOrigin can be imported using any of these accepted formats:
projects/{{project}}/locations/global/edgeCacheOrigins/{{name}}
{{project}}/{{name}}
{{name}}
In Terraform v1.5.0 and later, use an import
block to import EdgeCacheOrigin using one of the formats above. For example:
import {
id = "projects/{{project}}/locations/global/edgeCacheOrigins/{{name}}"
to = google_network_services_edge_cache_origin.default
}
When using the terraform import
command, EdgeCacheOrigin can be imported using one of the formats above. For example:
$ terraform import google_network_services_edge_cache_origin.default projects/{{project}}/locations/global/edgeCacheOrigins/{{name}}
$ terraform import google_network_services_edge_cache_origin.default {{project}}/{{name}}
$ terraform import google_network_services_edge_cache_origin.default {{name}}
This resource supports User Project Overrides.