|
| 1 | +--- |
| 2 | +layout: "google" |
| 3 | +page_title: "Google: google_compute_ssl_policy" |
| 4 | +sidebar_current: "docs-google-compute-ssl-policy" |
| 5 | +description: |- |
| 6 | + Manages an SSL Policy within GCE, for use with Target HTTPS and Target SSL Proxies. |
| 7 | +--- |
| 8 | + |
| 9 | +# google\_compute\_ssl\_policy |
| 10 | + |
| 11 | +Manages an SSL Policy within GCE, for use with Target HTTPS and Target SSL Proxies. For more information see |
| 12 | +[the official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies) |
| 13 | +and |
| 14 | +[API](https://cloud.google.com/compute/docs/reference/rest/beta/sslPolicies). |
| 15 | + |
| 16 | +## Example Usage |
| 17 | + |
| 18 | +```hcl |
| 19 | +resource "google_compute_ssl_policy" "prod-ssl-policy" { |
| 20 | + name = "production-ssl-policy" |
| 21 | + profile = "MODERN" |
| 22 | +} |
| 23 | +
|
| 24 | +resource "google_compute_ssl_policy" "nonprod-ssl-policy" { |
| 25 | + name = "nonprod-ssl-policy" |
| 26 | + profile = "MODERN" |
| 27 | + min_tls_version = "TLS_1_2" |
| 28 | +} |
| 29 | +
|
| 30 | +resource "google_compute_ssl_policy" "custom-ssl-policy" { |
| 31 | + name = "custom-ssl-policy" |
| 32 | + min_tls_version = "TLS_1_2" |
| 33 | + profile = "CUSTOM" |
| 34 | + custom_features = ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"] |
| 35 | +} |
| 36 | +``` |
| 37 | + |
| 38 | +## Argument Reference |
| 39 | + |
| 40 | +The following arguments are supported: |
| 41 | + |
| 42 | +* `name` - (Required) A unique name for the resource, required by GCE. |
| 43 | + Changing this forces a new resource to be created. |
| 44 | + |
| 45 | +- - - |
| 46 | + |
| 47 | +* `description` - (Optional) Description of this subnetwork. Changing this forces a new resource to be created. |
| 48 | + |
| 49 | +* `project` - (Optional) The ID of the project in which the resource belongs. If it |
| 50 | + is not provided, the provider project is used. |
| 51 | + |
| 52 | +* `min_tls_version` - (Optional) The minimum TLS version to support. Must be one of `TLS_1_0`, `TLS_1_1`, or `TLS_1_2`. |
| 53 | + Default is `TLS_1_0`. |
| 54 | + |
| 55 | +* `profile` - (Optional) The Google-curated SSL profile to use. Must be one of `COMPATIBLE`, `MODERN`, |
| 56 | + `RESTRICTED`, or `CUSTOM`. See the |
| 57 | + [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) |
| 58 | + for information on what cipher suites each profile provides. If `CUSTOM` is used, the `custom_features` attribute |
| 59 | + **must be set**. Default is `COMPATIBLE`. |
| 60 | + |
| 61 | +* `custom_features` - (Required with `CUSTOM` profile) The specific encryption ciphers to use. See the |
| 62 | + [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport) |
| 63 | + for which ciphers are available to use. **Note**: this argument *must* be present when using the `CUSTOM` profile. |
| 64 | + This argument *must not* be present when using any other profile. |
| 65 | + |
| 66 | +## Attributes Reference |
| 67 | + |
| 68 | +In addition to the arguments listed above, the following computed attributes are |
| 69 | +exported: |
| 70 | + |
| 71 | +* `enabled_features` - The set of enabled encryption ciphers as a result of the policy config |
| 72 | + |
| 73 | +* `fingerprint` - Fingerprint of this resource. |
| 74 | + |
| 75 | +* `self_link` - The URI of the created resource. |
| 76 | + |
| 77 | +## Import |
| 78 | + |
| 79 | +SSL Policies can be imported using the GCP canonical `name` of the Policy. For example, an SSL Policy named `production-ssl-policy` |
| 80 | + would be imported by running: |
| 81 | + |
| 82 | +```bash |
| 83 | +$ terraform import google_compute_ssl_policy.my-policy production-ssl-policy |
| 84 | +``` |
0 commit comments