» google_compute_managed_ssl_certificate

An SslCertificate resource, used for HTTPS load balancing. This resource represents a certificate for which the certificate secrets are created and managed by Google.

For a resource where you provide the key, see the SSL Certificate resource.

To get more information about ManagedSslCertificate, see:

In conclusion: Be extremely cautious.

» Example Usage - Managed Ssl Certificate Basic

resource "google_compute_managed_ssl_certificate" "default" {
  provider = "google-beta"

  name = "test-cert"

  managed {
    domains = ["sslcert.tf-test.club"]
  }
}

resource "google_compute_target_https_proxy" "default" {
  provider = "google-beta"

  name             = "test-proxy"
  url_map          = "${google_compute_url_map.default.self_link}"
  ssl_certificates = ["${google_compute_managed_ssl_certificate.default.self_link}"]
}

resource "google_compute_url_map" "default" {
  provider = "google-beta"

  name        = "url-map"
  description = "a description"

  default_service = "${google_compute_backend_service.default.self_link}"

  host_rule {
    hosts        = ["sslcert.tf-test.club"]
    path_matcher = "allpaths"
  }

  path_matcher {
    name            = "allpaths"
    default_service = "${google_compute_backend_service.default.self_link}"

    path_rule {
      paths   = ["/*"]
      service = "${google_compute_backend_service.default.self_link}"
    }
  }
}

resource "google_compute_backend_service" "default" {
  provider = "google-beta"

  name        = "backend-service"
  port_name   = "http"
  protocol    = "HTTP"
  timeout_sec = 10

  health_checks = ["${google_compute_http_health_check.default.self_link}"]
}

resource "google_compute_http_health_check" "default" {
  provider = "google-beta"

  name               = "http-health-check"
  request_path       = "/"
  check_interval_sec = 1
  timeout_sec        = 1
}

resource "google_dns_managed_zone" "zone" {
  provider = "google-beta"

  name     = "dnszone"
  dns_name = "sslcert.tf-test.club."
}

resource "google_compute_global_forwarding_rule" "default" {
  provider = "google-beta"

  name       = "forwarding-rule"
  target     = "${google_compute_target_https_proxy.default.self_link}"
  port_range = 443
}

resource "google_dns_record_set" "set" {
  provider = "google-beta"

  name         = "sslcert.tf-test.club."
  type         = "A"
  ttl          = 3600
  managed_zone = "${google_dns_managed_zone.zone.name}"
  rrdatas      = ["${google_compute_global_forwarding_rule.default.ip_address}"]
}

provider "google-beta"{
  region = "us-central1"
  zone   = "us-central1-a"
}

» Argument Reference

The following arguments are supported:


  • description - (Optional) An optional description of this resource.

  • name - (Optional) Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

These are in the same namespace as the managed SSL certificates.

  • managed - (Optional) Properties relevant to a managed certificate. These will be used if the certificate is managed (as indicated by a value of MANAGED in type). Structure is documented below.

  • type - (Optional) Enum field whose value is always MANAGED - used to signal to the API which type this is.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The managed block supports:

  • domains - (Required) Domains for which a managed SSL certificate will be valid. Currently, there can only be one domain in this list.

» Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

» Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 6 minutes.
  • delete - Default is 30 minutes.

» Import

ManagedSslCertificate can be imported using any of these accepted formats:

$ terraform import -provider=google-beta google_compute_managed_ssl_certificate.default projects/{{project}}/global/sslCertificates/{{name}}
$ terraform import -provider=google-beta google_compute_managed_ssl_certificate.default {{project}}/{{name}}
$ terraform import -provider=google-beta google_compute_managed_ssl_certificate.default {{name}}