gcp.compute.RegionSslCertificate
Explore with Pulumi AI
A RegionSslCertificate resource, used for HTTPS load balancing. This resource provides a mechanism to upload an SSL key and certificate to the load balancer to serve secure connections from the user.
To get more information about RegionSslCertificate, see:
- API documentation
- How-to Guides
Example Usage
Region Ssl Certificate Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
const _default = new gcp.compute.RegionSslCertificate("default", {
region: "us-central1",
namePrefix: "my-certificate-",
description: "a description",
privateKey: std.file({
input: "path/to/private.key",
}).then(invoke => invoke.result),
certificate: std.file({
input: "path/to/certificate.crt",
}).then(invoke => invoke.result),
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
default = gcp.compute.RegionSslCertificate("default",
region="us-central1",
name_prefix="my-certificate-",
description="a description",
private_key=std.file(input="path/to/private.key").result,
certificate=std.file(input="path/to/certificate.crt").result)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "path/to/private.key",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "path/to/certificate.crt",
}, nil)
if err != nil {
return err
}
_, err = compute.NewRegionSslCertificate(ctx, "default", &compute.RegionSslCertificateArgs{
Region: pulumi.String("us-central1"),
NamePrefix: pulumi.String("my-certificate-"),
Description: pulumi.String("a description"),
PrivateKey: invokeFile.Result,
Certificate: invokeFile1.Result,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var @default = new Gcp.Compute.RegionSslCertificate("default", new()
{
Region = "us-central1",
NamePrefix = "my-certificate-",
Description = "a description",
PrivateKey = Std.File.Invoke(new()
{
Input = "path/to/private.key",
}).Apply(invoke => invoke.Result),
Certificate = Std.File.Invoke(new()
{
Input = "path/to/certificate.crt",
}).Apply(invoke => invoke.Result),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.RegionSslCertificate;
import com.pulumi.gcp.compute.RegionSslCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new RegionSslCertificate("default", RegionSslCertificateArgs.builder()
.region("us-central1")
.namePrefix("my-certificate-")
.description("a description")
.privateKey(StdFunctions.file(FileArgs.builder()
.input("path/to/private.key")
.build()).result())
.certificate(StdFunctions.file(FileArgs.builder()
.input("path/to/certificate.crt")
.build()).result())
.build());
}
}
resources:
default:
type: gcp:compute:RegionSslCertificate
properties:
region: us-central1
namePrefix: my-certificate-
description: a description
privateKey:
fn::invoke:
Function: std:file
Arguments:
input: path/to/private.key
Return: result
certificate:
fn::invoke:
Function: std:file
Arguments:
input: path/to/certificate.crt
Return: result
Region Ssl Certificate Random Provider
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as random from "@pulumi/random";
import * as std from "@pulumi/std";
const certificate = new random.RandomId("certificate", {
byteLength: 4,
prefix: "my-certificate-",
keepers: {
private_key: std.filebase64sha256({
input: "path/to/private.key",
}).then(invoke => invoke.result),
certificate: std.filebase64sha256({
input: "path/to/certificate.crt",
}).then(invoke => invoke.result),
},
});
// You may also want to control name generation explicitly:
const _default = new gcp.compute.RegionSslCertificate("default", {
region: "us-central1",
name: certificate.hex,
privateKey: std.file({
input: "path/to/private.key",
}).then(invoke => invoke.result),
certificate: std.file({
input: "path/to/certificate.crt",
}).then(invoke => invoke.result),
});
import pulumi
import pulumi_gcp as gcp
import pulumi_random as random
import pulumi_std as std
certificate = random.RandomId("certificate",
byte_length=4,
prefix="my-certificate-",
keepers={
"private_key": std.filebase64sha256(input="path/to/private.key").result,
"certificate": std.filebase64sha256(input="path/to/certificate.crt").result,
})
# You may also want to control name generation explicitly:
default = gcp.compute.RegionSslCertificate("default",
region="us-central1",
name=certificate.hex,
private_key=std.file(input="path/to/private.key").result,
certificate=std.file(input="path/to/certificate.crt").result)
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi-random/sdk/v4/go/random"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFilebase64sha256, err := std.Filebase64sha256(ctx, &std.Filebase64sha256Args{
Input: "path/to/private.key",
}, nil)
if err != nil {
return err
}
invokeFilebase64sha2561, err := std.Filebase64sha256(ctx, &std.Filebase64sha256Args{
Input: "path/to/certificate.crt",
}, nil)
if err != nil {
return err
}
certificate, err := random.NewRandomId(ctx, "certificate", &random.RandomIdArgs{
ByteLength: pulumi.Int(4),
Prefix: pulumi.String("my-certificate-"),
Keepers: pulumi.StringMap{
"private_key": invokeFilebase64sha256.Result,
"certificate": invokeFilebase64sha2561.Result,
},
})
if err != nil {
return err
}
invokeFile2, err := std.File(ctx, &std.FileArgs{
Input: "path/to/private.key",
}, nil)
if err != nil {
return err
}
invokeFile3, err := std.File(ctx, &std.FileArgs{
Input: "path/to/certificate.crt",
}, nil)
if err != nil {
return err
}
// You may also want to control name generation explicitly:
_, err = compute.NewRegionSslCertificate(ctx, "default", &compute.RegionSslCertificateArgs{
Region: pulumi.String("us-central1"),
Name: certificate.Hex,
PrivateKey: invokeFile2.Result,
Certificate: invokeFile3.Result,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Random = Pulumi.Random;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var certificate = new Random.RandomId("certificate", new()
{
ByteLength = 4,
Prefix = "my-certificate-",
Keepers =
{
{ "private_key", Std.Filebase64sha256.Invoke(new()
{
Input = "path/to/private.key",
}).Apply(invoke => invoke.Result) },
{ "certificate", Std.Filebase64sha256.Invoke(new()
{
Input = "path/to/certificate.crt",
}).Apply(invoke => invoke.Result) },
},
});
// You may also want to control name generation explicitly:
var @default = new Gcp.Compute.RegionSslCertificate("default", new()
{
Region = "us-central1",
Name = certificate.Hex,
PrivateKey = Std.File.Invoke(new()
{
Input = "path/to/private.key",
}).Apply(invoke => invoke.Result),
Certificate = Std.File.Invoke(new()
{
Input = "path/to/certificate.crt",
}).Apply(invoke => invoke.Result),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.random.RandomId;
import com.pulumi.random.RandomIdArgs;
import com.pulumi.gcp.compute.RegionSslCertificate;
import com.pulumi.gcp.compute.RegionSslCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var certificate = new RandomId("certificate", RandomIdArgs.builder()
.byteLength(4)
.prefix("my-certificate-")
.keepers(Map.ofEntries(
Map.entry("private_key", StdFunctions.filebase64sha256(Filebase64sha256Args.builder()
.input("path/to/private.key")
.build()).result()),
Map.entry("certificate", StdFunctions.filebase64sha256(Filebase64sha256Args.builder()
.input("path/to/certificate.crt")
.build()).result())
))
.build());
// You may also want to control name generation explicitly:
var default_ = new RegionSslCertificate("default", RegionSslCertificateArgs.builder()
.region("us-central1")
.name(certificate.hex())
.privateKey(StdFunctions.file(FileArgs.builder()
.input("path/to/private.key")
.build()).result())
.certificate(StdFunctions.file(FileArgs.builder()
.input("path/to/certificate.crt")
.build()).result())
.build());
}
}
resources:
# You may also want to control name generation explicitly:
default:
type: gcp:compute:RegionSslCertificate
properties:
region: us-central1
name: ${certificate.hex}
privateKey:
fn::invoke:
Function: std:file
Arguments:
input: path/to/private.key
Return: result
certificate:
fn::invoke:
Function: std:file
Arguments:
input: path/to/certificate.crt
Return: result
certificate:
type: random:RandomId
properties:
byteLength: 4
prefix: my-certificate-
keepers:
private_key:
fn::invoke:
Function: std:filebase64sha256
Arguments:
input: path/to/private.key
Return: result
certificate:
fn::invoke:
Function: std:filebase64sha256
Arguments:
input: path/to/certificate.crt
Return: result
Region Ssl Certificate Target Https Proxies
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
import * as std from "@pulumi/std";
// Using with Region Target HTTPS Proxies
//
// SSL certificates cannot be updated after creation. In order to apply
// the specified configuration, the provider will destroy the existing
// resource and create a replacement. To effectively use an SSL
// certificate resource with a Target HTTPS Proxy resource, it's
// recommended to specify create_before_destroy in a lifecycle block.
// Either omit the Instance Template name attribute, specify a partial
// name with name_prefix, or use random_id resource. Example:
const _default = new gcp.compute.RegionSslCertificate("default", {
region: "us-central1",
namePrefix: "my-certificate-",
privateKey: std.file({
input: "path/to/private.key",
}).then(invoke => invoke.result),
certificate: std.file({
input: "path/to/certificate.crt",
}).then(invoke => invoke.result),
});
const defaultRegionHealthCheck = new gcp.compute.RegionHealthCheck("default", {
region: "us-central1",
name: "http-health-check",
httpHealthCheck: {
port: 80,
},
});
const defaultRegionBackendService = new gcp.compute.RegionBackendService("default", {
region: "us-central1",
name: "backend-service",
protocol: "HTTP",
loadBalancingScheme: "INTERNAL_MANAGED",
timeoutSec: 10,
healthChecks: defaultRegionHealthCheck.id,
});
const defaultRegionUrlMap = new gcp.compute.RegionUrlMap("default", {
region: "us-central1",
name: "url-map",
description: "a description",
defaultService: defaultRegionBackendService.id,
hostRules: [{
hosts: ["mysite.com"],
pathMatcher: "allpaths",
}],
pathMatchers: [{
name: "allpaths",
defaultService: defaultRegionBackendService.id,
pathRules: [{
paths: ["/*"],
service: defaultRegionBackendService.id,
}],
}],
});
const defaultRegionTargetHttpsProxy = new gcp.compute.RegionTargetHttpsProxy("default", {
region: "us-central1",
name: "test-proxy",
urlMap: defaultRegionUrlMap.id,
sslCertificates: [_default.id],
});
import pulumi
import pulumi_gcp as gcp
import pulumi_std as std
# Using with Region Target HTTPS Proxies
#
# SSL certificates cannot be updated after creation. In order to apply
# the specified configuration, the provider will destroy the existing
# resource and create a replacement. To effectively use an SSL
# certificate resource with a Target HTTPS Proxy resource, it's
# recommended to specify create_before_destroy in a lifecycle block.
# Either omit the Instance Template name attribute, specify a partial
# name with name_prefix, or use random_id resource. Example:
default = gcp.compute.RegionSslCertificate("default",
region="us-central1",
name_prefix="my-certificate-",
private_key=std.file(input="path/to/private.key").result,
certificate=std.file(input="path/to/certificate.crt").result)
default_region_health_check = gcp.compute.RegionHealthCheck("default",
region="us-central1",
name="http-health-check",
http_health_check=gcp.compute.RegionHealthCheckHttpHealthCheckArgs(
port=80,
))
default_region_backend_service = gcp.compute.RegionBackendService("default",
region="us-central1",
name="backend-service",
protocol="HTTP",
load_balancing_scheme="INTERNAL_MANAGED",
timeout_sec=10,
health_checks=default_region_health_check.id)
default_region_url_map = gcp.compute.RegionUrlMap("default",
region="us-central1",
name="url-map",
description="a description",
default_service=default_region_backend_service.id,
host_rules=[gcp.compute.RegionUrlMapHostRuleArgs(
hosts=["mysite.com"],
path_matcher="allpaths",
)],
path_matchers=[gcp.compute.RegionUrlMapPathMatcherArgs(
name="allpaths",
default_service=default_region_backend_service.id,
path_rules=[gcp.compute.RegionUrlMapPathMatcherPathRuleArgs(
paths=["/*"],
service=default_region_backend_service.id,
)],
)])
default_region_target_https_proxy = gcp.compute.RegionTargetHttpsProxy("default",
region="us-central1",
name="test-proxy",
url_map=default_region_url_map.id,
ssl_certificates=[default.id])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "path/to/private.key",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "path/to/certificate.crt",
}, nil)
if err != nil {
return err
}
// Using with Region Target HTTPS Proxies
//
// SSL certificates cannot be updated after creation. In order to apply
// the specified configuration, the provider will destroy the existing
// resource and create a replacement. To effectively use an SSL
// certificate resource with a Target HTTPS Proxy resource, it's
// recommended to specify create_before_destroy in a lifecycle block.
// Either omit the Instance Template name attribute, specify a partial
// name with name_prefix, or use random_id resource. Example:
_, err = compute.NewRegionSslCertificate(ctx, "default", &compute.RegionSslCertificateArgs{
Region: pulumi.String("us-central1"),
NamePrefix: pulumi.String("my-certificate-"),
PrivateKey: invokeFile.Result,
Certificate: invokeFile1.Result,
})
if err != nil {
return err
}
defaultRegionHealthCheck, err := compute.NewRegionHealthCheck(ctx, "default", &compute.RegionHealthCheckArgs{
Region: pulumi.String("us-central1"),
Name: pulumi.String("http-health-check"),
HttpHealthCheck: &compute.RegionHealthCheckHttpHealthCheckArgs{
Port: pulumi.Int(80),
},
})
if err != nil {
return err
}
defaultRegionBackendService, err := compute.NewRegionBackendService(ctx, "default", &compute.RegionBackendServiceArgs{
Region: pulumi.String("us-central1"),
Name: pulumi.String("backend-service"),
Protocol: pulumi.String("HTTP"),
LoadBalancingScheme: pulumi.String("INTERNAL_MANAGED"),
TimeoutSec: pulumi.Int(10),
HealthChecks: defaultRegionHealthCheck.ID(),
})
if err != nil {
return err
}
defaultRegionUrlMap, err := compute.NewRegionUrlMap(ctx, "default", &compute.RegionUrlMapArgs{
Region: pulumi.String("us-central1"),
Name: pulumi.String("url-map"),
Description: pulumi.String("a description"),
DefaultService: defaultRegionBackendService.ID(),
HostRules: compute.RegionUrlMapHostRuleArray{
&compute.RegionUrlMapHostRuleArgs{
Hosts: pulumi.StringArray{
pulumi.String("mysite.com"),
},
PathMatcher: pulumi.String("allpaths"),
},
},
PathMatchers: compute.RegionUrlMapPathMatcherArray{
&compute.RegionUrlMapPathMatcherArgs{
Name: pulumi.String("allpaths"),
DefaultService: defaultRegionBackendService.ID(),
PathRules: compute.RegionUrlMapPathMatcherPathRuleArray{
&compute.RegionUrlMapPathMatcherPathRuleArgs{
Paths: pulumi.StringArray{
pulumi.String("/*"),
},
Service: defaultRegionBackendService.ID(),
},
},
},
},
})
if err != nil {
return err
}
_, err = compute.NewRegionTargetHttpsProxy(ctx, "default", &compute.RegionTargetHttpsProxyArgs{
Region: pulumi.String("us-central1"),
Name: pulumi.String("test-proxy"),
UrlMap: defaultRegionUrlMap.ID(),
SslCertificates: pulumi.StringArray{
_default.ID(),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
// Using with Region Target HTTPS Proxies
//
// SSL certificates cannot be updated after creation. In order to apply
// the specified configuration, the provider will destroy the existing
// resource and create a replacement. To effectively use an SSL
// certificate resource with a Target HTTPS Proxy resource, it's
// recommended to specify create_before_destroy in a lifecycle block.
// Either omit the Instance Template name attribute, specify a partial
// name with name_prefix, or use random_id resource. Example:
var @default = new Gcp.Compute.RegionSslCertificate("default", new()
{
Region = "us-central1",
NamePrefix = "my-certificate-",
PrivateKey = Std.File.Invoke(new()
{
Input = "path/to/private.key",
}).Apply(invoke => invoke.Result),
Certificate = Std.File.Invoke(new()
{
Input = "path/to/certificate.crt",
}).Apply(invoke => invoke.Result),
});
var defaultRegionHealthCheck = new Gcp.Compute.RegionHealthCheck("default", new()
{
Region = "us-central1",
Name = "http-health-check",
HttpHealthCheck = new Gcp.Compute.Inputs.RegionHealthCheckHttpHealthCheckArgs
{
Port = 80,
},
});
var defaultRegionBackendService = new Gcp.Compute.RegionBackendService("default", new()
{
Region = "us-central1",
Name = "backend-service",
Protocol = "HTTP",
LoadBalancingScheme = "INTERNAL_MANAGED",
TimeoutSec = 10,
HealthChecks = defaultRegionHealthCheck.Id,
});
var defaultRegionUrlMap = new Gcp.Compute.RegionUrlMap("default", new()
{
Region = "us-central1",
Name = "url-map",
Description = "a description",
DefaultService = defaultRegionBackendService.Id,
HostRules = new[]
{
new Gcp.Compute.Inputs.RegionUrlMapHostRuleArgs
{
Hosts = new[]
{
"mysite.com",
},
PathMatcher = "allpaths",
},
},
PathMatchers = new[]
{
new Gcp.Compute.Inputs.RegionUrlMapPathMatcherArgs
{
Name = "allpaths",
DefaultService = defaultRegionBackendService.Id,
PathRules = new[]
{
new Gcp.Compute.Inputs.RegionUrlMapPathMatcherPathRuleArgs
{
Paths = new[]
{
"/*",
},
Service = defaultRegionBackendService.Id,
},
},
},
},
});
var defaultRegionTargetHttpsProxy = new Gcp.Compute.RegionTargetHttpsProxy("default", new()
{
Region = "us-central1",
Name = "test-proxy",
UrlMap = defaultRegionUrlMap.Id,
SslCertificates = new[]
{
@default.Id,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.RegionSslCertificate;
import com.pulumi.gcp.compute.RegionSslCertificateArgs;
import com.pulumi.gcp.compute.RegionHealthCheck;
import com.pulumi.gcp.compute.RegionHealthCheckArgs;
import com.pulumi.gcp.compute.inputs.RegionHealthCheckHttpHealthCheckArgs;
import com.pulumi.gcp.compute.RegionBackendService;
import com.pulumi.gcp.compute.RegionBackendServiceArgs;
import com.pulumi.gcp.compute.RegionUrlMap;
import com.pulumi.gcp.compute.RegionUrlMapArgs;
import com.pulumi.gcp.compute.inputs.RegionUrlMapHostRuleArgs;
import com.pulumi.gcp.compute.inputs.RegionUrlMapPathMatcherArgs;
import com.pulumi.gcp.compute.RegionTargetHttpsProxy;
import com.pulumi.gcp.compute.RegionTargetHttpsProxyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Using with Region Target HTTPS Proxies
//
// SSL certificates cannot be updated after creation. In order to apply
// the specified configuration, the provider will destroy the existing
// resource and create a replacement. To effectively use an SSL
// certificate resource with a Target HTTPS Proxy resource, it's
// recommended to specify create_before_destroy in a lifecycle block.
// Either omit the Instance Template name attribute, specify a partial
// name with name_prefix, or use random_id resource. Example:
var default_ = new RegionSslCertificate("default", RegionSslCertificateArgs.builder()
.region("us-central1")
.namePrefix("my-certificate-")
.privateKey(StdFunctions.file(FileArgs.builder()
.input("path/to/private.key")
.build()).result())
.certificate(StdFunctions.file(FileArgs.builder()
.input("path/to/certificate.crt")
.build()).result())
.build());
var defaultRegionHealthCheck = new RegionHealthCheck("defaultRegionHealthCheck", RegionHealthCheckArgs.builder()
.region("us-central1")
.name("http-health-check")
.httpHealthCheck(RegionHealthCheckHttpHealthCheckArgs.builder()
.port(80)
.build())
.build());
var defaultRegionBackendService = new RegionBackendService("defaultRegionBackendService", RegionBackendServiceArgs.builder()
.region("us-central1")
.name("backend-service")
.protocol("HTTP")
.loadBalancingScheme("INTERNAL_MANAGED")
.timeoutSec(10)
.healthChecks(defaultRegionHealthCheck.id())
.build());
var defaultRegionUrlMap = new RegionUrlMap("defaultRegionUrlMap", RegionUrlMapArgs.builder()
.region("us-central1")
.name("url-map")
.description("a description")
.defaultService(defaultRegionBackendService.id())
.hostRules(RegionUrlMapHostRuleArgs.builder()
.hosts("mysite.com")
.pathMatcher("allpaths")
.build())
.pathMatchers(RegionUrlMapPathMatcherArgs.builder()
.name("allpaths")
.defaultService(defaultRegionBackendService.id())
.pathRules(RegionUrlMapPathMatcherPathRuleArgs.builder()
.paths("/*")
.service(defaultRegionBackendService.id())
.build())
.build())
.build());
var defaultRegionTargetHttpsProxy = new RegionTargetHttpsProxy("defaultRegionTargetHttpsProxy", RegionTargetHttpsProxyArgs.builder()
.region("us-central1")
.name("test-proxy")
.urlMap(defaultRegionUrlMap.id())
.sslCertificates(default_.id())
.build());
}
}
resources:
# Using with Region Target HTTPS Proxies
# //
# // SSL certificates cannot be updated after creation. In order to apply
# // the specified configuration, the provider will destroy the existing
# // resource and create a replacement. To effectively use an SSL
# // certificate resource with a Target HTTPS Proxy resource, it's
# // recommended to specify create_before_destroy in a lifecycle block.
# // Either omit the Instance Template name attribute, specify a partial
# // name with name_prefix, or use random_id resource. Example:
default:
type: gcp:compute:RegionSslCertificate
properties:
region: us-central1
namePrefix: my-certificate-
privateKey:
fn::invoke:
Function: std:file
Arguments:
input: path/to/private.key
Return: result
certificate:
fn::invoke:
Function: std:file
Arguments:
input: path/to/certificate.crt
Return: result
defaultRegionTargetHttpsProxy:
type: gcp:compute:RegionTargetHttpsProxy
name: default
properties:
region: us-central1
name: test-proxy
urlMap: ${defaultRegionUrlMap.id}
sslCertificates:
- ${default.id}
defaultRegionUrlMap:
type: gcp:compute:RegionUrlMap
name: default
properties:
region: us-central1
name: url-map
description: a description
defaultService: ${defaultRegionBackendService.id}
hostRules:
- hosts:
- mysite.com
pathMatcher: allpaths
pathMatchers:
- name: allpaths
defaultService: ${defaultRegionBackendService.id}
pathRules:
- paths:
- /*
service: ${defaultRegionBackendService.id}
defaultRegionBackendService:
type: gcp:compute:RegionBackendService
name: default
properties:
region: us-central1
name: backend-service
protocol: HTTP
loadBalancingScheme: INTERNAL_MANAGED
timeoutSec: 10
healthChecks: ${defaultRegionHealthCheck.id}
defaultRegionHealthCheck:
type: gcp:compute:RegionHealthCheck
name: default
properties:
region: us-central1
name: http-health-check
httpHealthCheck:
port: 80
Create RegionSslCertificate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RegionSslCertificate(name: string, args: RegionSslCertificateArgs, opts?: CustomResourceOptions);
@overload
def RegionSslCertificate(resource_name: str,
args: RegionSslCertificateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def RegionSslCertificate(resource_name: str,
opts: Optional[ResourceOptions] = None,
certificate: Optional[str] = None,
private_key: Optional[str] = None,
description: Optional[str] = None,
name: Optional[str] = None,
name_prefix: Optional[str] = None,
project: Optional[str] = None,
region: Optional[str] = None)
func NewRegionSslCertificate(ctx *Context, name string, args RegionSslCertificateArgs, opts ...ResourceOption) (*RegionSslCertificate, error)
public RegionSslCertificate(string name, RegionSslCertificateArgs args, CustomResourceOptions? opts = null)
public RegionSslCertificate(String name, RegionSslCertificateArgs args)
public RegionSslCertificate(String name, RegionSslCertificateArgs args, CustomResourceOptions options)
type: gcp:compute:RegionSslCertificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RegionSslCertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RegionSslCertificateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RegionSslCertificateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RegionSslCertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RegionSslCertificateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var regionSslCertificateResource = new Gcp.Compute.RegionSslCertificate("regionSslCertificateResource", new()
{
Certificate = "string",
PrivateKey = "string",
Description = "string",
Name = "string",
NamePrefix = "string",
Project = "string",
Region = "string",
});
example, err := compute.NewRegionSslCertificate(ctx, "regionSslCertificateResource", &compute.RegionSslCertificateArgs{
Certificate: pulumi.String("string"),
PrivateKey: pulumi.String("string"),
Description: pulumi.String("string"),
Name: pulumi.String("string"),
NamePrefix: pulumi.String("string"),
Project: pulumi.String("string"),
Region: pulumi.String("string"),
})
var regionSslCertificateResource = new RegionSslCertificate("regionSslCertificateResource", RegionSslCertificateArgs.builder()
.certificate("string")
.privateKey("string")
.description("string")
.name("string")
.namePrefix("string")
.project("string")
.region("string")
.build());
region_ssl_certificate_resource = gcp.compute.RegionSslCertificate("regionSslCertificateResource",
certificate="string",
private_key="string",
description="string",
name="string",
name_prefix="string",
project="string",
region="string")
const regionSslCertificateResource = new gcp.compute.RegionSslCertificate("regionSslCertificateResource", {
certificate: "string",
privateKey: "string",
description: "string",
name: "string",
namePrefix: "string",
project: "string",
region: "string",
});
type: gcp:compute:RegionSslCertificate
properties:
certificate: string
description: string
name: string
namePrefix: string
privateKey: string
project: string
region: string
RegionSslCertificate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The RegionSslCertificate resource accepts the following input properties:
- Certificate string
- The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. Note: This property is sensitive and will not be displayed in the plan.
- Private
Key string - The write-only private key in PEM format.
Note: This property is sensitive and will not be displayed in the plan.
- Description string
- An optional description of this resource.
- Name string
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.These are in the same namespace as the managed SSL certificates.
- Name
Prefix string - Creates a unique name beginning with the
specified prefix. Conflicts with
name
. - Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Region string
- The Region in which the created regional ssl certificate should reside. If it is not provided, the provider region is used.
- Certificate string
- The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. Note: This property is sensitive and will not be displayed in the plan.
- Private
Key string - The write-only private key in PEM format.
Note: This property is sensitive and will not be displayed in the plan.
- Description string
- An optional description of this resource.
- Name string
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.These are in the same namespace as the managed SSL certificates.
- Name
Prefix string - Creates a unique name beginning with the
specified prefix. Conflicts with
name
. - Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Region string
- The Region in which the created regional ssl certificate should reside. If it is not provided, the provider region is used.
- certificate String
- The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. Note: This property is sensitive and will not be displayed in the plan.
- private
Key String - The write-only private key in PEM format.
Note: This property is sensitive and will not be displayed in the plan.
- description String
- An optional description of this resource.
- name String
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.These are in the same namespace as the managed SSL certificates.
- name
Prefix String - Creates a unique name beginning with the
specified prefix. Conflicts with
name
. - project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region String
- The Region in which the created regional ssl certificate should reside. If it is not provided, the provider region is used.
- certificate string
- The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. Note: This property is sensitive and will not be displayed in the plan.
- private
Key string - The write-only private key in PEM format.
Note: This property is sensitive and will not be displayed in the plan.
- description string
- An optional description of this resource.
- name string
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.These are in the same namespace as the managed SSL certificates.
- name
Prefix string - Creates a unique name beginning with the
specified prefix. Conflicts with
name
. - project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region string
- The Region in which the created regional ssl certificate should reside. If it is not provided, the provider region is used.
- certificate str
- The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. Note: This property is sensitive and will not be displayed in the plan.
- private_
key str - The write-only private key in PEM format.
Note: This property is sensitive and will not be displayed in the plan.
- description str
- An optional description of this resource.
- name str
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.These are in the same namespace as the managed SSL certificates.
- name_
prefix str - Creates a unique name beginning with the
specified prefix. Conflicts with
name
. - project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region str
- The Region in which the created regional ssl certificate should reside. If it is not provided, the provider region is used.
- certificate String
- The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. Note: This property is sensitive and will not be displayed in the plan.
- private
Key String - The write-only private key in PEM format.
Note: This property is sensitive and will not be displayed in the plan.
- description String
- An optional description of this resource.
- name String
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.These are in the same namespace as the managed SSL certificates.
- name
Prefix String - Creates a unique name beginning with the
specified prefix. Conflicts with
name
. - project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region String
- The Region in which the created regional ssl certificate should reside. If it is not provided, the provider region is used.
Outputs
All input properties are implicitly available as output properties. Additionally, the RegionSslCertificate resource produces the following output properties:
- Certificate
Id int - The unique identifier for the resource.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Expire
Time string - Expire time of the certificate in RFC3339 text format.
- Id string
- The provider-assigned unique ID for this managed resource.
- Self
Link string - The URI of the created resource.
- Certificate
Id int - The unique identifier for the resource.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Expire
Time string - Expire time of the certificate in RFC3339 text format.
- Id string
- The provider-assigned unique ID for this managed resource.
- Self
Link string - The URI of the created resource.
- certificate
Id Integer - The unique identifier for the resource.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- expire
Time String - Expire time of the certificate in RFC3339 text format.
- id String
- The provider-assigned unique ID for this managed resource.
- self
Link String - The URI of the created resource.
- certificate
Id number - The unique identifier for the resource.
- creation
Timestamp string - Creation timestamp in RFC3339 text format.
- expire
Time string - Expire time of the certificate in RFC3339 text format.
- id string
- The provider-assigned unique ID for this managed resource.
- self
Link string - The URI of the created resource.
- certificate_
id int - The unique identifier for the resource.
- creation_
timestamp str - Creation timestamp in RFC3339 text format.
- expire_
time str - Expire time of the certificate in RFC3339 text format.
- id str
- The provider-assigned unique ID for this managed resource.
- self_
link str - The URI of the created resource.
- certificate
Id Number - The unique identifier for the resource.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- expire
Time String - Expire time of the certificate in RFC3339 text format.
- id String
- The provider-assigned unique ID for this managed resource.
- self
Link String - The URI of the created resource.
Look up Existing RegionSslCertificate Resource
Get an existing RegionSslCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RegionSslCertificateState, opts?: CustomResourceOptions): RegionSslCertificate
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
certificate: Optional[str] = None,
certificate_id: Optional[int] = None,
creation_timestamp: Optional[str] = None,
description: Optional[str] = None,
expire_time: Optional[str] = None,
name: Optional[str] = None,
name_prefix: Optional[str] = None,
private_key: Optional[str] = None,
project: Optional[str] = None,
region: Optional[str] = None,
self_link: Optional[str] = None) -> RegionSslCertificate
func GetRegionSslCertificate(ctx *Context, name string, id IDInput, state *RegionSslCertificateState, opts ...ResourceOption) (*RegionSslCertificate, error)
public static RegionSslCertificate Get(string name, Input<string> id, RegionSslCertificateState? state, CustomResourceOptions? opts = null)
public static RegionSslCertificate get(String name, Output<String> id, RegionSslCertificateState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Certificate string
- The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. Note: This property is sensitive and will not be displayed in the plan.
- Certificate
Id int - The unique identifier for the resource.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Description string
- An optional description of this resource.
- Expire
Time string - Expire time of the certificate in RFC3339 text format.
- Name string
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.These are in the same namespace as the managed SSL certificates.
- Name
Prefix string - Creates a unique name beginning with the
specified prefix. Conflicts with
name
. - Private
Key string - The write-only private key in PEM format.
Note: This property is sensitive and will not be displayed in the plan.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Region string
- The Region in which the created regional ssl certificate should reside. If it is not provided, the provider region is used.
- Self
Link string - The URI of the created resource.
- Certificate string
- The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. Note: This property is sensitive and will not be displayed in the plan.
- Certificate
Id int - The unique identifier for the resource.
- Creation
Timestamp string - Creation timestamp in RFC3339 text format.
- Description string
- An optional description of this resource.
- Expire
Time string - Expire time of the certificate in RFC3339 text format.
- Name string
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.These are in the same namespace as the managed SSL certificates.
- Name
Prefix string - Creates a unique name beginning with the
specified prefix. Conflicts with
name
. - Private
Key string - The write-only private key in PEM format.
Note: This property is sensitive and will not be displayed in the plan.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Region string
- The Region in which the created regional ssl certificate should reside. If it is not provided, the provider region is used.
- Self
Link string - The URI of the created resource.
- certificate String
- The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. Note: This property is sensitive and will not be displayed in the plan.
- certificate
Id Integer - The unique identifier for the resource.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- description String
- An optional description of this resource.
- expire
Time String - Expire time of the certificate in RFC3339 text format.
- name String
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.These are in the same namespace as the managed SSL certificates.
- name
Prefix String - Creates a unique name beginning with the
specified prefix. Conflicts with
name
. - private
Key String - The write-only private key in PEM format.
Note: This property is sensitive and will not be displayed in the plan.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region String
- The Region in which the created regional ssl certificate should reside. If it is not provided, the provider region is used.
- self
Link String - The URI of the created resource.
- certificate string
- The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. Note: This property is sensitive and will not be displayed in the plan.
- certificate
Id number - The unique identifier for the resource.
- creation
Timestamp string - Creation timestamp in RFC3339 text format.
- description string
- An optional description of this resource.
- expire
Time string - Expire time of the certificate in RFC3339 text format.
- name string
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.These are in the same namespace as the managed SSL certificates.
- name
Prefix string - Creates a unique name beginning with the
specified prefix. Conflicts with
name
. - private
Key string - The write-only private key in PEM format.
Note: This property is sensitive and will not be displayed in the plan.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region string
- The Region in which the created regional ssl certificate should reside. If it is not provided, the provider region is used.
- self
Link string - The URI of the created resource.
- certificate str
- The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. Note: This property is sensitive and will not be displayed in the plan.
- certificate_
id int - The unique identifier for the resource.
- creation_
timestamp str - Creation timestamp in RFC3339 text format.
- description str
- An optional description of this resource.
- expire_
time str - Expire time of the certificate in RFC3339 text format.
- name str
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.These are in the same namespace as the managed SSL certificates.
- name_
prefix str - Creates a unique name beginning with the
specified prefix. Conflicts with
name
. - private_
key str - The write-only private key in PEM format.
Note: This property is sensitive and will not be displayed in the plan.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region str
- The Region in which the created regional ssl certificate should reside. If it is not provided, the provider region is used.
- self_
link str - The URI of the created resource.
- certificate String
- The certificate in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert. Note: This property is sensitive and will not be displayed in the plan.
- certificate
Id Number - The unique identifier for the resource.
- creation
Timestamp String - Creation timestamp in RFC3339 text format.
- description String
- An optional description of this resource.
- expire
Time String - Expire time of the certificate in RFC3339 text format.
- name String
Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression
a-z?
which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.These are in the same namespace as the managed SSL certificates.
- name
Prefix String - Creates a unique name beginning with the
specified prefix. Conflicts with
name
. - private
Key String - The write-only private key in PEM format.
Note: This property is sensitive and will not be displayed in the plan.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- region String
- The Region in which the created regional ssl certificate should reside. If it is not provided, the provider region is used.
- self
Link String - The URI of the created resource.
Import
RegionSslCertificate can be imported using any of these accepted formats:
projects/{{project}}/regions/{{region}}/sslCertificates/{{name}}
{{project}}/{{region}}/{{name}}
{{region}}/{{name}}
{{name}}
When using the pulumi import
command, RegionSslCertificate can be imported using one of the formats above. For example:
$ pulumi import gcp:compute/regionSslCertificate:RegionSslCertificate default projects/{{project}}/regions/{{region}}/sslCertificates/{{name}}
$ pulumi import gcp:compute/regionSslCertificate:RegionSslCertificate default {{project}}/{{region}}/{{name}}
$ pulumi import gcp:compute/regionSslCertificate:RegionSslCertificate default {{region}}/{{name}}
$ pulumi import gcp:compute/regionSslCertificate:RegionSslCertificate default {{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-beta
Terraform Provider.