» google_pubsub_topic

A named resource to which messages are sent by publishers.

To get more information about Topic, see:

» Example Usage - Pubsub Topic Basic

resource "google_pubsub_topic" "example" {
  name = "example-topic"

  labels = {
    foo = "bar"
  }
}

» Example Usage - Pubsub Topic Cmek

resource "google_pubsub_topic" "example" {
  name         = "example-topic"
  kms_key_name = google_kms_crypto_key.crypto_key.self_link
}

resource "google_kms_crypto_key" "crypto_key" {
  name     = "example-key"
  key_ring = google_kms_key_ring.key_ring.self_link
}

resource "google_kms_key_ring" "key_ring" {
  name     = "example-keyring"
  location = "global"
}

» Example Usage - Pubsub Topic Geo Restricted

resource "google_pubsub_topic" "example" {
  name = "example-topic"

  message_storage_policy {
    allowed_persistence_regions = [
      "europe-west3",
    ]
  }
}

» Argument Reference

The following arguments are supported:

  • name - (Required) Name of the topic.

  • kms_key_name - (Optional) The resource name of the Cloud KMS CryptoKey to be used to protect access to messages published on this topic. Your project's PubSub service account (service-{{PROJECT_NUMBER}}@gcp-sa-pubsub.iam.gserviceaccount.com) must have roles/cloudkms.cryptoKeyEncrypterDecrypter to use this feature. The expected format is projects/*/locations/*/keyRings/*/cryptoKeys/*

  • labels - (Optional) A set of key/value label pairs to assign to this Topic.

  • message_storage_policy - (Optional) Policy constraining the set of Google Cloud Platform regions where messages published to the topic may be stored. If not present, then no constraints are in effect. Structure is documented below.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

The message_storage_policy block supports:

  • allowed_persistence_regions - (Required) A list of IDs of GCP regions where messages that are published to the topic may be persisted in storage. Messages published by publishers running in non-allowed GCP regions (or running outside of GCP altogether) will be routed for storage in one of the allowed regions. An empty list means that no regions are allowed, and is not a valid configuration.

» Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 4 minutes.
  • update - Default is 4 minutes.
  • delete - Default is 4 minutes.

» Import

Topic can be imported using any of these accepted formats:

$ terraform import google_pubsub_topic.default projects/{{project}}/topics/{{name}}
$ terraform import google_pubsub_topic.default {{project}}/{{name}}
$ terraform import google_pubsub_topic.default {{name}}

» User Project Overrides

This resource supports User Project Overrides.