Expand description
An SslCertificate resource, used for HTTPS load balancing. This resource represents a certificate for which the certificate secrets are created and managed by Google.
For a resource where you provide the key, see the SSL Certificate resource.
To get more information about ManagedSslCertificate, see:
- API documentation
- How-to Guides
Warning: This resource should be used with extreme caution! Provisioning an SSL certificate is complex. Ensure that you understand the lifecycle of a certificate before attempting complex tasks like cert rotation automatically. This resource will “return” as soon as the certificate object is created, but post-creation the certificate object will go through a “provisioning” process. The provisioning process can complete only when the domain name for which the certificate is created points to a target pool which, itself, points at the certificate. Depending on your DNS provider, this may take some time, and migrating from self-managed certificates to Google-managed certificates may entail some downtime while the certificate provisions.
In conclusion: Be extremely cautious.
§Example Usage
§Managed Ssl Certificate Basic
resources:
default:
type: gcp:compute:ManagedSslCertificate
properties:
name: test-cert
managed:
domains:
- sslcert.tf-test.club.
defaultTargetHttpsProxy:
type: gcp:compute:TargetHttpsProxy
name: default
properties:
name: test-proxy
urlMap: ${defaultURLMap.id}
sslCertificates:
- ${default.id}
defaultURLMap:
type: gcp:compute:URLMap
name: default
properties:
name: url-map
description: a description
defaultService: ${defaultBackendService.id}
hostRules:
- hosts:
- sslcert.tf-test.club
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultBackendService.id}
defaultBackendService:
type: gcp:compute:BackendService
name: default
properties:
name: backend-service
portName: http
protocol: HTTP
timeoutSec: 10
healthChecks: ${defaultHttpHealthCheck.id}
defaultHttpHealthCheck:
type: gcp:compute:HttpHealthCheck
name: default
properties:
name: http-health-check
requestPath: /
checkIntervalSec: 1
timeoutSec: 1
defaultGlobalForwardingRule:
type: gcp:compute:GlobalForwardingRule
name: default
properties:
name: forwarding-rule
target: ${defaultTargetHttpsProxy.id}
portRange: 443
§Import
ManagedSslCertificate can be imported using any of these accepted formats:
-
projects/{{project}}/global/sslCertificates/{{name}}
-
{{project}}/{{name}}
-
{{name}}
When using the pulumi import
command, ManagedSslCertificate can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/mangedSslCertificate:MangedSslCertificate default projects/{{project}}/global/sslCertificates/{{name}}
$ pulumi import gcp:compute/mangedSslCertificate:MangedSslCertificate default {{project}}/{{name}}
$ pulumi import gcp:compute/mangedSslCertificate:MangedSslCertificate default {{name}}
Structs§
- Use builder syntax to set the inputs and finish with
build_struct()
.
Functions§
- Registers a new resource with the given unique name and arguments