google_compute_managed_ssl_certificate

An SslCertificate resource, used for HTTPS load balancing. This resource represents a certificate for which the certificate secrets are created and managed by Google.

For a resource where you provide the key, see the SSL Certificate resource.

To get more information about ManagedSslCertificate, see:

In conclusion: Be extremely cautious.

Open in Cloud Shell

Example Usage - Managed Ssl Certificate Basic

resource "google_compute_managed_ssl_certificate" "default" {
  name = "test-cert"

  managed {
    domains = ["sslcert.tf-test.club."]
  }
}

resource "google_compute_target_https_proxy" "default" {
  name             = "test-proxy"
  url_map          = google_compute_url_map.default.id
  ssl_certificates = [google_compute_managed_ssl_certificate.default.id]
}

resource "google_compute_url_map" "default" {
  name        = "url-map"
  description = "a description"

  default_service = google_compute_backend_service.default.id

  host_rule {
    hosts        = ["sslcert.tf-test.club"]
    path_matcher = "allpaths"
  }

  path_matcher {
    name            = "allpaths"
    default_service = google_compute_backend_service.default.id

    path_rule {
      paths   = ["/*"]
      service = google_compute_backend_service.default.id
    }
  }
}

resource "google_compute_backend_service" "default" {
  name        = "backend-service"
  port_name   = "http"
  protocol    = "HTTP"
  timeout_sec = 10

  health_checks = [google_compute_http_health_check.default.id]
}

resource "google_compute_http_health_check" "default" {
  name               = "http-health-check"
  request_path       = "/"
  check_interval_sec = 1
  timeout_sec        = 1
}

resource "google_compute_global_forwarding_rule" "default" {
  name       = "forwarding-rule"
  target     = google_compute_target_https_proxy.default.id
  port_range = 443
}
Open in Cloud Shell

Example Usage - Managed Ssl Certificate Recreation

// This example allows the list of managed domains to be modified and will
// recreate the ssl certificate and update the target https proxy correctly

resource "google_compute_target_https_proxy" "default" {
  name             = "test-proxy"
  url_map          = google_compute_url_map.default.id
  ssl_certificates = [google_compute_managed_ssl_certificate.cert.id]
}

locals {
  managed_domains = tolist(["test.example.com"])
}

resource "random_id" "certificate" {
  byte_length = 4
  prefix      = "issue6147-cert-"

  keepers = {
    domains = join(",", local.managed_domains)
  }
}

resource "google_compute_managed_ssl_certificate" "cert" {
  name     = random_id.certificate.hex

  lifecycle {
    create_before_destroy = true
  }

  managed {
    domains = local.managed_domains
  }
}

resource "google_compute_url_map" "default" {
  name            = "url-map"
  description     = "a description"
  default_service = google_compute_backend_service.default.id
  host_rule {
    hosts        = ["mysite.com"]
    path_matcher = "allpaths"
  }
  path_matcher {
    name            = "allpaths"
    default_service = google_compute_backend_service.default.id
    path_rule {
      paths   = ["/*"]
      service = google_compute_backend_service.default.id
    }
  }
}

resource "google_compute_backend_service" "default" {
  name          = "backend-service"
  port_name     = "http"
  protocol      = "HTTP"
  timeout_sec   = 10
  health_checks = [google_compute_http_health_check.default.id]
}

resource "google_compute_http_health_check" "default" {
  name               = "http-health-check"
  request_path       = "/"
  check_interval_sec = 1
  timeout_sec        = 1
}

Argument Reference

The following arguments are supported:


The managed block supports:

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

Timeouts

This resource provides the following Timeouts configuration options:

Import

ManagedSslCertificate can be imported using any of these accepted formats:

In Terraform v1.5.0 and later, use an import block to import ManagedSslCertificate using one of the formats above. For example:

import {
  id = "projects/{{project}}/global/sslCertificates/{{name}}"
  to = google_compute_managed_ssl_certificate.default
}

When using the terraform import command, ManagedSslCertificate can be imported using one of the formats above. For example:

$ terraform import google_compute_managed_ssl_certificate.default projects/{{project}}/global/sslCertificates/{{name}}
$ terraform import google_compute_managed_ssl_certificate.default {{project}}/{{name}}
$ terraform import google_compute_managed_ssl_certificate.default {{name}}

User Project Overrides

This resource supports User Project Overrides.