» google_compute_ssl_policy

Represents a SSL policy. SSL policies give you the ability to control the features of SSL that your SSL proxy or HTTPS load balancer negotiates.

To get more information about SslPolicy, see:

API documentation
How-to Guides
- Using SSL Policies

» Example Usage - Ssl Policy Basic

resource "google_compute_ssl_policy" "prod-ssl-policy" {
  name    = "production-ssl-policy"
  profile = "MODERN"
}

resource "google_compute_ssl_policy" "nonprod-ssl-policy" {
  name            = "nonprod-ssl-policy"
  profile         = "MODERN"
  min_tls_version = "TLS_1_2"
}

resource "google_compute_ssl_policy" "custom-ssl-policy" {
  name            = "custom-ssl-policy"
  min_tls_version = "TLS_1_2"
  profile         = "CUSTOM"
  custom_features = ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
}

» Argument Reference

The following arguments are supported:

name - (Required) Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

description - (Optional) An optional description of this resource.
profile - (Optional) Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. This can be one of COMPATIBLE, MODERN, RESTRICTED, or CUSTOM. If using CUSTOM, the set of SSL features to enable must be specified in the customFeatures field. See the official documentation for information on what cipher suites each profile provides. If CUSTOM is used, the custom_features attribute must be set. Default is COMPATIBLE.
min_tls_version - (Optional) The minimum version of SSL protocol that can be used by the clients to establish a connection with the load balancer. This can be one of TLS_1_0, TLS_1_1, TLS_1_2. Default is TLS_1_0.
custom_features - (Optional) Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. This can be one of COMPATIBLE, MODERN, RESTRICTED, or CUSTOM. If using CUSTOM, the set of SSL features to enable must be specified in the customFeatures field. See the official documentation for which ciphers are available to use. Note: this argument must be present when using the CUSTOM profile. This argument must not be present when using any other profile.
project - (Optional) The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

» Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

creation_timestamp - Creation timestamp in RFC3339 text format.
enabled_features - The list of features enabled in the SSL policy.
fingerprint - Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.
self_link - The URI of the created resource.

» Timeouts

This resource provides the following Timeouts configuration options:

create - Default is 4 minutes.
update - Default is 4 minutes.
delete - Default is 4 minutes.

» Import

SslPolicy can be imported using any of these accepted formats:

$ terraform import google_compute_ssl_policy.default projects/{{project}}/global/sslPolicies/{{name}}
$ terraform import google_compute_ssl_policy.default {{project}}/{{name}}
$ terraform import google_compute_ssl_policy.default {{name}}

If you're importing a resource with beta features, make sure to include -provider=google-beta as an argument so that Terraform uses the correct provider to import your resource.