googleComputeRegionSslCertificate
A RegionSslCertificate resource, used for HTTPS load balancing. This resource provides a mechanism to upload an SSL key and certificate to the load balancer to serve secure connections from the user.
To get more information about RegionSslCertificate, see:
- API documentation
- How-to Guides
- Official Documentation
\~> Warning: All arguments including certificate and privateKey will be stored in the raw state as plain-text. Read more about sensitive data in state.
Example Usage - Region Ssl Certificate Basic
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeRegionSslCertificateDefault =
new google.computeRegionSslCertificate.ComputeRegionSslCertificate(
this,
"default",
{
certificate: '${file("path/to/certificate.crt")}',
description: "a description",
name_prefix: "my-certificate-",
private_key: '${file("path/to/private.key")}',
region: "us-central1",
}
);
googleComputeRegionSslCertificateDefault.addOverride("lifecycle", [
{
create_before_destroy: true,
},
]);
Example Usage - Region Ssl Certificate Random Provider
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
import * as random from "./.gen/providers/random";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google, random.
For a more precise conversion please use the --provider flag in convert.*/
const randomIdCertificate = new random.id.Id(this, "certificate", {
byte_length: 4,
keepers: [
{
certificate: '${filebase64sha256("path/to/certificate.crt")}',
private_key: '${filebase64sha256("path/to/private.key")}',
},
],
prefix: "my-certificate-",
});
const googleComputeRegionSslCertificateDefault =
new google.computeRegionSslCertificate.ComputeRegionSslCertificate(
this,
"default",
{
certificate: '${file("path/to/certificate.crt")}',
name: randomIdCertificate.hex,
private_key: '${file("path/to/private.key")}',
region: "us-central1",
}
);
googleComputeRegionSslCertificateDefault.addOverride("lifecycle", [
{
create_before_destroy: true,
},
]);
Example Usage - Region Ssl Certificate Target Https Proxies
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeRegionHealthCheckDefault =
new google.computeRegionHealthCheck.ComputeRegionHealthCheck(
this,
"default",
{
http_health_check: [
{
port: 80,
},
],
name: "http-health-check",
region: "us-central1",
}
);
const googleComputeRegionSslCertificateDefault =
new google.computeRegionSslCertificate.ComputeRegionSslCertificate(
this,
"default_1",
{
certificate: '${file("path/to/certificate.crt")}',
name_prefix: "my-certificate-",
private_key: '${file("path/to/private.key")}',
region: "us-central1",
}
);
googleComputeRegionSslCertificateDefault.addOverride("lifecycle", [
{
create_before_destroy: true,
},
]);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeRegionSslCertificateDefault.overrideLogicalId("default");
const googleComputeRegionBackendServiceDefault =
new google.computeRegionBackendService.ComputeRegionBackendService(
this,
"default_2",
{
health_checks: [googleComputeRegionHealthCheckDefault.id],
load_balancing_scheme: "INTERNAL_MANAGED",
name: "backend-service",
protocol: "HTTP",
region: "us-central1",
timeout_sec: 10,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeRegionBackendServiceDefault.overrideLogicalId("default");
const googleComputeRegionUrlMapDefault =
new google.computeRegionUrlMap.ComputeRegionUrlMap(this, "default_3", {
default_service: googleComputeRegionBackendServiceDefault.id,
description: "a description",
host_rule: [
{
hosts: ["mysite.com"],
path_matcher: "allpaths",
},
],
name: "url-map",
path_matcher: [
{
default_service: googleComputeRegionBackendServiceDefault.id,
name: "allpaths",
path_rule: [
{
paths: ["/*"],
service: googleComputeRegionBackendServiceDefault.id,
},
],
},
],
region: "us-central1",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeRegionUrlMapDefault.overrideLogicalId("default");
const googleComputeRegionTargetHttpsProxyDefault =
new google.computeRegionTargetHttpsProxy.ComputeRegionTargetHttpsProxy(
this,
"default_4",
{
name: "test-proxy",
region: "us-central1",
ssl_certificates: [googleComputeRegionSslCertificateDefault.id],
url_map: googleComputeRegionUrlMapDefault.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeRegionTargetHttpsProxyDefault.overrideLogicalId("default");
Argument Reference
The following arguments are supported:
-
certificate- (Required) The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. Note: This property is sensitive and will not be displayed in the plan. -
privateKey- (Required) The write-only private key in PEM format. Note: This property is sensitive and will not be displayed in the plan.
-
description- (Optional) An optional description of this resource. -
name- (Optional) Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression[aZ]([AZ09]*[aZ09])?which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.These are in the same namespace as the managed SSL certificates.
-
region- (Optional) The Region in which the created regional ssl certificate should reside. If it is not provided, the provider region is used. -
project- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used. -
namePrefix- (Optional) Creates a unique name beginning with the specified prefix. Conflicts withname.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
id- an identifier for the resource with formatprojects/{{project}}/regions/{{region}}/sslCertificates/{{name}} -
creationTimestamp- Creation timestamp in RFC3339 text format. -
expireTime- Expire time of the certificate in RFC3339 text format. -
certificateId- The unique identifier for the resource. -
selfLink- The URI of the created resource.
Timeouts
This resource provides the following Timeouts configuration options:
create- Default is 20 minutes.delete- Default is 20 minutes.
Import
RegionSslCertificate can be imported using any of these accepted formats:
$ terraform import google_compute_region_ssl_certificate.default projects/{{project}}/regions/{{region}}/sslCertificates/{{name}}
$ terraform import google_compute_region_ssl_certificate.default {{project}}/{{region}}/{{name}}
$ terraform import google_compute_region_ssl_certificate.default {{region}}/{{name}}
$ terraform import google_compute_region_ssl_certificate.default {{name}}
User Project Overrides
This resource supports User Project Overrides.