An SslCertificate resource, used for HTTPS load balancing. This resource represents a certificate for which the certificate secrets are created and managed by Google.
For a resource where you provide the key, see the SSL Certificate resource.
To get more information about ManagedSslCertificate, see:
In conclusion: Be extremely cautious.
resource "google_compute_managed_ssl_certificate" "default" {
name = "test-cert"
managed {
domains = ["sslcert.tf-test.club."]
}
}
resource "google_compute_target_https_proxy" "default" {
name = "test-proxy"
url_map = google_compute_url_map.default.id
ssl_certificates = [google_compute_managed_ssl_certificate.default.id]
}
resource "google_compute_url_map" "default" {
name = "url-map"
description = "a description"
default_service = google_compute_backend_service.default.id
host_rule {
hosts = ["sslcert.tf-test.club"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = google_compute_backend_service.default.id
path_rule {
paths = ["/*"]
service = google_compute_backend_service.default.id
}
}
}
resource "google_compute_backend_service" "default" {
name = "backend-service"
port_name = "http"
protocol = "HTTP"
timeout_sec = 10
health_checks = [google_compute_http_health_check.default.id]
}
resource "google_compute_http_health_check" "default" {
name = "http-health-check"
request_path = "/"
check_interval_sec = 1
timeout_sec = 1
}
resource "google_compute_global_forwarding_rule" "default" {
name = "forwarding-rule"
target = google_compute_target_https_proxy.default.id
port_range = 443
}
// This example allows the list of managed domains to be modified and will
// recreate the ssl certificate and update the target https proxy correctly
resource "google_compute_target_https_proxy" "default" {
name = "test-proxy"
url_map = google_compute_url_map.default.id
ssl_certificates = [google_compute_managed_ssl_certificate.cert.id]
}
locals {
managed_domains = tolist(["test.example.com"])
}
resource "random_id" "certificate" {
byte_length = 4
prefix = "issue6147-cert-"
keepers = {
domains = join(",", local.managed_domains)
}
}
resource "google_compute_managed_ssl_certificate" "cert" {
name = random_id.certificate.hex
lifecycle {
create_before_destroy = true
}
managed {
domains = local.managed_domains
}
}
resource "google_compute_url_map" "default" {
name = "url-map"
description = "a description"
default_service = google_compute_backend_service.default.id
host_rule {
hosts = ["mysite.com"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = google_compute_backend_service.default.id
path_rule {
paths = ["/*"]
service = google_compute_backend_service.default.id
}
}
}
resource "google_compute_backend_service" "default" {
name = "backend-service"
port_name = "http"
protocol = "HTTP"
timeout_sec = 10
health_checks = [google_compute_http_health_check.default.id]
}
resource "google_compute_http_health_check" "default" {
name = "http-health-check"
request_path = "/"
check_interval_sec = 1
timeout_sec = 1
}
The following arguments are supported:
description
-
(Optional)
An optional description of this resource.
name
-
(Optional)
Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression [a-z]([-a-z0-9]*[a-z0-9])?
which means the
first character must be a lowercase letter, and all following
characters must be a dash, lowercase letter, or digit, except the last
character, which cannot be a dash.
These are in the same namespace as the managed SSL certificates.
managed
-
(Optional)
Properties relevant to a managed certificate. These will be used if the
certificate is managed (as indicated by a value of MANAGED
in type
).
Structure is documented below.
type
-
(Optional)
Enum field whose value is always MANAGED
- used to signal to the API
which type this is.
Default value is MANAGED
.
Possible values are: MANAGED
.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
domains
-
(Required)
Domains for which a managed SSL certificate will be valid. Currently,
there can be up to 100 domains in this list.In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/global/sslCertificates/{{name}}
creation_timestamp
-
Creation timestamp in RFC3339 text format.
certificate_id
-
The unique identifier for the resource.
subject_alternative_names
-
Domains associated with the certificate via Subject Alternative Name.
expire_time
-
Expire time of the certificate in RFC3339 text format.
self_link
- The URI of the created resource.This resource provides the following Timeouts configuration options:
create
- Default is 30 minutes.delete
- Default is 30 minutes.ManagedSslCertificate can be imported using any of these accepted formats:
projects/{{project}}/global/sslCertificates/{{name}}
{{project}}/{{name}}
{{name}}
In Terraform v1.5.0 and later, use an import
block to import ManagedSslCertificate using one of the formats above. For example:
import {
id = "projects/{{project}}/global/sslCertificates/{{name}}"
to = google_compute_managed_ssl_certificate.default
}
When using the terraform import
command, ManagedSslCertificate can be imported using one of the formats above. For example:
$ terraform import google_compute_managed_ssl_certificate.default projects/{{project}}/global/sslCertificates/{{name}}
$ terraform import google_compute_managed_ssl_certificate.default {{project}}/{{name}}
$ terraform import google_compute_managed_ssl_certificate.default {{name}}
This resource supports User Project Overrides.