» google_compute_ssl_policy
Represents a SSL policy. SSL policies give you the ability to control the features of SSL that your SSL proxy or HTTPS load balancer negotiates.
To get more information about SslPolicy, see:
- API documentation
- How-to Guides
» Example Usage - Ssl Policy Basic
resource "google_compute_ssl_policy" "prod-ssl-policy" {
name = "production-ssl-policy"
profile = "MODERN"
}
resource "google_compute_ssl_policy" "nonprod-ssl-policy" {
name = "nonprod-ssl-policy"
profile = "MODERN"
min_tls_version = "TLS_1_2"
}
resource "google_compute_ssl_policy" "custom-ssl-policy" {
name = "custom-ssl-policy"
min_tls_version = "TLS_1_2"
profile = "CUSTOM"
custom_features = ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
}
» Argument Reference
The following arguments are supported:
-
name
- (Required) Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression[a-z]([-a-z0-9]*[a-z0-9])?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
-
description
- (Optional) An optional description of this resource. -
profile
- (Optional) Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. This can be one ofCOMPATIBLE
,MODERN
,RESTRICTED
, orCUSTOM
. If usingCUSTOM
, the set of SSL features to enable must be specified in thecustomFeatures
field. See the official documentation for information on what cipher suites each profile provides. IfCUSTOM
is used, thecustom_features
attribute must be set. Default isCOMPATIBLE
. -
min_tls_version
- (Optional) The minimum version of SSL protocol that can be used by the clients to establish a connection with the load balancer. This can be one ofTLS_1_0
,TLS_1_1
,TLS_1_2
. Default isTLS_1_0
. -
custom_features
- (Optional) Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. This can be one ofCOMPATIBLE
,MODERN
,RESTRICTED
, orCUSTOM
. If usingCUSTOM
, the set of SSL features to enable must be specified in thecustomFeatures
field. See the official documentation for which ciphers are available to use. Note: this argument must be present when using theCUSTOM
profile. This argument must not be present when using any other profile. -
project
- (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
» Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
-
creation_timestamp
- Creation timestamp in RFC3339 text format. -
enabled_features
- The list of features enabled in the SSL policy. -
fingerprint
- Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. -
self_link
- The URI of the created resource.
» Timeouts
This resource provides the following Timeouts configuration options:
» Import
SslPolicy can be imported using any of these accepted formats:
$ terraform import google_compute_ssl_policy.default projects/{{project}}/global/sslPolicies/{{name}}
$ terraform import google_compute_ssl_policy.default {{project}}/{{name}}
$ terraform import google_compute_ssl_policy.default {{name}}
If you're importing a resource with beta features, make sure to include -provider=google-beta
as an argument so that Terraform uses the correct provider to import your resource.