Skip to content

googleComputeSslCertificate

An SslCertificate resource, used for HTTPS load balancing. This resource provides a mechanism to upload an SSL key and certificate to the load balancer to serve secure connections from the user.

To get more information about SslCertificate, see:

\~> Warning: All arguments including certificate and privateKey will be stored in the raw state as plain-text. Read more about sensitive data in state.

Open in Cloud Shell

Example Usage - Ssl Certificate Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeSslCertificateDefault =
  new google.computeSslCertificate.ComputeSslCertificate(this, "default", {
    certificate: '${file("path/to/certificate.crt")}',
    description: "a description",
    name_prefix: "my-certificate-",
    private_key: '${file("path/to/private.key")}',
  });
googleComputeSslCertificateDefault.addOverride("lifecycle", [
  {
    create_before_destroy: true,
  },
]);
Open in Cloud Shell

Example Usage - Ssl Certificate Random Provider

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
import * as random from "./.gen/providers/random";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google, random.
For a more precise conversion please use the --provider flag in convert.*/
const randomIdCertificate = new random.id.Id(this, "certificate", {
  byte_length: 4,
  keepers: [
    {
      certificate: '${filebase64sha256("path/to/certificate.crt")}',
      private_key: '${filebase64sha256("path/to/private.key")}',
    },
  ],
  prefix: "my-certificate-",
});
const googleComputeSslCertificateDefault =
  new google.computeSslCertificate.ComputeSslCertificate(this, "default", {
    certificate: '${file("path/to/certificate.crt")}',
    name: randomIdCertificate.hex,
    private_key: '${file("path/to/private.key")}',
  });
googleComputeSslCertificateDefault.addOverride("lifecycle", [
  {
    create_before_destroy: true,
  },
]);
Open in Cloud Shell

Example Usage - Ssl Certificate Target Https Proxies

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as google from "./.gen/providers/google";
/*The following providers are missing schema information and might need manual adjustments to synthesize correctly: google.
For a more precise conversion please use the --provider flag in convert.*/
const googleComputeHttpHealthCheckDefault =
  new google.computeHttpHealthCheck.ComputeHttpHealthCheck(this, "default", {
    check_interval_sec: 1,
    name: "http-health-check",
    request_path: "/",
    timeout_sec: 1,
  });
const googleComputeSslCertificateDefault =
  new google.computeSslCertificate.ComputeSslCertificate(this, "default_1", {
    certificate: '${file("path/to/certificate.crt")}',
    name_prefix: "my-certificate-",
    private_key: '${file("path/to/private.key")}',
  });
googleComputeSslCertificateDefault.addOverride("lifecycle", [
  {
    create_before_destroy: true,
  },
]);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeSslCertificateDefault.overrideLogicalId("default");
const googleComputeBackendServiceDefault =
  new google.computeBackendService.ComputeBackendService(this, "default_2", {
    health_checks: [googleComputeHttpHealthCheckDefault.id],
    name: "backend-service",
    port_name: "http",
    protocol: "HTTP",
    timeout_sec: 10,
  });
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeBackendServiceDefault.overrideLogicalId("default");
const googleComputeUrlMapDefault = new google.computeUrlMap.ComputeUrlMap(
  this,
  "default_3",
  {
    default_service: googleComputeBackendServiceDefault.id,
    description: "a description",
    host_rule: [
      {
        hosts: ["mysite.com"],
        path_matcher: "allpaths",
      },
    ],
    name: "url-map",
    path_matcher: [
      {
        default_service: googleComputeBackendServiceDefault.id,
        name: "allpaths",
        path_rule: [
          {
            paths: ["/*"],
            service: googleComputeBackendServiceDefault.id,
          },
        ],
      },
    ],
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeUrlMapDefault.overrideLogicalId("default");
const googleComputeTargetHttpsProxyDefault =
  new google.computeTargetHttpsProxy.ComputeTargetHttpsProxy(
    this,
    "default_4",
    {
      name: "test-proxy",
      ssl_certificates: [googleComputeSslCertificateDefault.id],
      url_map: googleComputeUrlMapDefault.id,
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
googleComputeTargetHttpsProxyDefault.overrideLogicalId("default");

Argument Reference

The following arguments are supported:

  • certificate - (Required) The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. Note: This property is sensitive and will not be displayed in the plan.

  • privateKey - (Required) The write-only private key in PEM format. Note: This property is sensitive and will not be displayed in the plan.

  • description - (Optional) An optional description of this resource.

  • name - (Optional) Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [aZ]([AZ09]*[aZ09])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

    These are in the same namespace as the managed SSL certificates.

  • project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

  • namePrefix - (Optional) Creates a unique name beginning with the specified prefix. Conflicts with name.

Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - an identifier for the resource with format projects/{{project}}/global/sslCertificates/{{name}}

  • creationTimestamp - Creation timestamp in RFC3339 text format.

  • expireTime - Expire time of the certificate in RFC3339 text format.

  • certificateId - The unique identifier for the resource.

  • selfLink - The URI of the created resource.

Timeouts

This resource provides the following Timeouts configuration options:

  • create - Default is 20 minutes.
  • delete - Default is 20 minutes.

Import

SslCertificate can be imported using any of these accepted formats:

$ terraform import google_compute_ssl_certificate.default projects/{{project}}/global/sslCertificates/{{name}}
$ terraform import google_compute_ssl_certificate.default {{project}}/{{name}}
$ terraform import google_compute_ssl_certificate.default {{name}}

User Project Overrides

This resource supports User Project Overrides.