An SslCertificate resource, used for HTTPS load balancing. This resource provides a mechanism to upload an SSL key and certificate to the load balancer to serve secure connections from the user.
To get more information about SslCertificate, see:
resource "google_compute_ssl_certificate" "default" {
name_prefix = "my-certificate-"
description = "a description"
private_key = file("path/to/private.key")
certificate = file("path/to/certificate.crt")
lifecycle {
create_before_destroy = true
}
}
# You may also want to control name generation explicitly:
resource "google_compute_ssl_certificate" "default" {
# The name will contain 8 random hex digits,
# e.g. "my-certificate-48ab27cd2a"
name = random_id.certificate.hex
private_key = file("path/to/private.key")
certificate = file("path/to/certificate.crt")
lifecycle {
create_before_destroy = true
}
}
resource "random_id" "certificate" {
byte_length = 4
prefix = "my-certificate-"
# For security, do not expose raw certificate values in the output
keepers = {
private_key = filebase64sha256("path/to/private.key")
certificate = filebase64sha256("path/to/certificate.crt")
}
}
// Using with Target HTTPS Proxies
//
// SSL certificates cannot be updated after creation. In order to apply
// the specified configuration, Terraform will destroy the existing
// resource and create a replacement. To effectively use an SSL
// certificate resource with a Target HTTPS Proxy resource, it's
// recommended to specify create_before_destroy in a lifecycle block.
// Either omit the Instance Template name attribute, specify a partial
// name with name_prefix, or use random_id resource. Example:
resource "google_compute_ssl_certificate" "default" {
name_prefix = "my-certificate-"
private_key = file("path/to/private.key")
certificate = file("path/to/certificate.crt")
lifecycle {
create_before_destroy = true
}
}
resource "google_compute_target_https_proxy" "default" {
name = "test-proxy"
url_map = google_compute_url_map.default.id
ssl_certificates = [google_compute_ssl_certificate.default.id]
}
resource "google_compute_url_map" "default" {
name = "url-map"
description = "a description"
default_service = google_compute_backend_service.default.id
host_rule {
hosts = ["mysite.com"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = google_compute_backend_service.default.id
path_rule {
paths = ["/*"]
service = google_compute_backend_service.default.id
}
}
}
resource "google_compute_backend_service" "default" {
name = "backend-service"
port_name = "http"
protocol = "HTTP"
timeout_sec = 10
health_checks = [google_compute_http_health_check.default.id]
}
resource "google_compute_http_health_check" "default" {
name = "http-health-check"
request_path = "/"
check_interval_sec = 1
timeout_sec = 1
}
The following arguments are supported:
certificate
-
(Required)
The certificate in PEM format.
The certificate chain must be no greater than 5 certs long.
The chain must include at least one intermediate cert.
Note: This property is sensitive and will not be displayed in the plan.
private_key
-
(Required)
The write-only private key in PEM format.
Note: This property is sensitive and will not be displayed in the plan.
description
-
(Optional)
An optional description of this resource.
name
-
(Optional)
Name of the resource. Provided by the client when the resource is
created. The name must be 1-63 characters long, and comply with
RFC1035. Specifically, the name must be 1-63 characters long and match
the regular expression [a-z]([-a-z0-9]*[a-z0-9])?
which means the
first character must be a lowercase letter, and all following
characters must be a dash, lowercase letter, or digit, except the last
character, which cannot be a dash.
These are in the same namespace as the managed SSL certificates.
project
- (Optional) The ID of the project in which the resource belongs.
If it is not provided, the provider project is used.
name_prefix
- (Optional) Creates a unique name beginning with the
specified prefix. Conflicts with name
.
In addition to the arguments listed above, the following computed attributes are exported:
id
- an identifier for the resource with format projects/{{project}}/global/sslCertificates/{{name}}
creation_timestamp
-
Creation timestamp in RFC3339 text format.
expire_time
-
Expire time of the certificate in RFC3339 text format.
certificate_id
-
The unique identifier for the resource.
self_link
- The URI of the created resource.This resource provides the following Timeouts configuration options:
create
- Default is 20 minutes.delete
- Default is 20 minutes.SslCertificate can be imported using any of these accepted formats:
projects/{{project}}/global/sslCertificates/{{name}}
{{project}}/{{name}}
{{name}}
In Terraform v1.5.0 and later, use an import
block to import SslCertificate using one of the formats above. For example:
import {
id = "projects/{{project}}/global/sslCertificates/{{name}}"
to = google_compute_ssl_certificate.default
}
When using the terraform import
command, SslCertificate can be imported using one of the formats above. For example:
$ terraform import google_compute_ssl_certificate.default projects/{{project}}/global/sslCertificates/{{name}}
$ terraform import google_compute_ssl_certificate.default {{project}}/{{name}}
$ terraform import google_compute_ssl_certificate.default {{name}}
This resource supports User Project Overrides.