pulumi_wasm_providers_gcp_mini::compute

Module managed_ssl_certificate

source
Expand description

An SslCertificate resource, used for HTTPS load balancing. This resource represents a certificate for which the certificate secrets are created and managed by Google.

For a resource where you provide the key, see the SSL Certificate resource.

To get more information about ManagedSslCertificate, see:

Warning: This resource should be used with extreme caution! Provisioning an SSL certificate is complex. Ensure that you understand the lifecycle of a certificate before attempting complex tasks like cert rotation automatically. This resource will “return” as soon as the certificate object is created, but post-creation the certificate object will go through a “provisioning” process. The provisioning process can complete only when the domain name for which the certificate is created points to a target pool which, itself, points at the certificate. Depending on your DNS provider, this may take some time, and migrating from self-managed certificates to Google-managed certificates may entail some downtime while the certificate provisions.

In conclusion: Be extremely cautious.

§Example Usage

§Managed Ssl Certificate Basic

resources:
  default:
    type: gcp:compute:ManagedSslCertificate
    properties:
      name: test-cert
      managed:
        domains:
          - sslcert.tf-test.club.
  defaultTargetHttpsProxy:
    type: gcp:compute:TargetHttpsProxy
    name: default
    properties:
      name: test-proxy
      urlMap: ${defaultURLMap.id}
      sslCertificates:
        - ${default.id}
  defaultURLMap:
    type: gcp:compute:URLMap
    name: default
    properties:
      name: url-map
      description: a description
      defaultService: ${defaultBackendService.id}
      hostRules:
        - hosts:
            - sslcert.tf-test.club
          pathMatcher: allpaths
      pathMatchers:
        - name: allpaths
          defaultService: ${defaultBackendService.id}
          pathRules:
            - paths:
                - /*
              service: ${defaultBackendService.id}
  defaultBackendService:
    type: gcp:compute:BackendService
    name: default
    properties:
      name: backend-service
      portName: http
      protocol: HTTP
      timeoutSec: 10
      healthChecks: ${defaultHttpHealthCheck.id}
  defaultHttpHealthCheck:
    type: gcp:compute:HttpHealthCheck
    name: default
    properties:
      name: http-health-check
      requestPath: /
      checkIntervalSec: 1
      timeoutSec: 1
  defaultGlobalForwardingRule:
    type: gcp:compute:GlobalForwardingRule
    name: default
    properties:
      name: forwarding-rule
      target: ${defaultTargetHttpsProxy.id}
      portRange: 443

§Import

ManagedSslCertificate can be imported using any of these accepted formats:

  • projects/{{project}}/global/sslCertificates/{{name}}

  • {{project}}/{{name}}

  • {{name}}

When using the pulumi import command, ManagedSslCertificate can be imported using one of the formats above. For example:

$ pulumi import gcp:compute/managedSslCertificate:ManagedSslCertificate default projects/{{project}}/global/sslCertificates/{{name}}
$ pulumi import gcp:compute/managedSslCertificate:ManagedSslCertificate default {{project}}/{{name}}
$ pulumi import gcp:compute/managedSslCertificate:ManagedSslCertificate default {{name}}

Structs§

Functions§

  • create
    Registers a new resource with the given unique name and arguments