Google Cloud Pub/Sub Subscription
This page shows how to write Terraform for Cloud Pub/Sub Subscription and write them securely.
google_pubsub_subscription (Terraform)
The Subscription in Cloud Pub/Sub can be configured in Terraform with the resource name google_pubsub_subscription
. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "google_pubsub_subscription" "foo" {
project = var.project
name = local.foo
topic = google_pubsub_topic.foo.name
}
resource "google_pubsub_subscription" "iex-aggregate-subscription-1" {
name = "iex-aggregate-1"
topic = google_pubsub_topic.iex-aggregate.name
message_retention_duration = "1800s"
retain_acked_messages = true
ack_deadline_seconds = 30
Parameters
-
ack_deadline_seconds
optional computed - number
This value is the maximum time after a subscriber receives a message before the subscriber should acknowledge the message. After message delivery but before the ack deadline expires and before the message is acknowledged, it is an outstanding message and will not be delivered again during that time (on a best-effort basis). For pull subscriptions, this value is used as the initial value for the ack deadline. To override this value for a given message, call subscriptions.modifyAckDeadline with the corresponding ackId if using pull. The minimum custom deadline you can specify is 10 seconds. The maximum custom deadline you can specify is 600 seconds (10 minutes). If this parameter is 0, a default value of 10 seconds is used. For push delivery, this value is also used to set the request timeout for the call to the push endpoint. If the subscriber never acknowledges the message, the Pub/Sub system will eventually redeliver the message.
-
enable_message_ordering
optional - bool
If 'true', messages published with the same orderingKey in PubsubMessage will be delivered to the subscribers in the order in which they are received by the Pub/Sub system. Otherwise, they may be delivered in any order.
-
filter
optional - string
The subscription only delivers the messages that match the filter. Pub/Sub automatically acknowledges the messages that don't match the filter. You can filter messages by their attributes. The maximum length of a filter is 256 bytes. After creating the subscription, you can't modify the filter.
A set of key/value label pairs to assign to this Subscription.
-
message_retention_duration
optional - string
How long to retain unacknowledged messages in the subscription's backlog, from the moment a message is published. If retainAckedMessages is true, then this also configures the retention of acknowledged messages, and thus configures how far back in time a subscriptions.seek can be done. Defaults to 7 days. Cannot be more than 7 days ('"604800s"') or less than 10 minutes ('"600s"'). A duration in seconds with up to nine fractional digits, terminated by 's'. Example: '"600.5s"'.
-
name
required - string
Name of the subscription.
-
path
optional computed - string
Path of the subscription in the format projects/[project]/subscriptions/[name]
-
project
optional computed - string -
retain_acked_messages
optional - bool
Indicates whether to retain acknowledged messages. If 'true', then messages are not expunged from the subscription's backlog, even if they are acknowledged, until they fall out of the messageRetentionDuration window.
-
topic
required - string
A reference to a Topic resource.
-
dead_letter_policy
list block-
dead_letter_topic
optional - string
The name of the topic to which dead letter messages should be published. Format is 'projects/[project]/topics/[topic]'. The Cloud Pub/Sub service account associated with the enclosing subscription's parent project (i.e., service-[project_number]@gcp-sa-pubsub.iam.gserviceaccount.com) must have permission to Publish() to this topic. The operation will fail if the topic does not exist. Users should ensure that there is a subscription attached to this topic since messages published to a topic with no subscriptions are lost.
-
max_delivery_attempts
optional - number
The maximum number of delivery attempts for any message. The value must be between 5 and 100. The number of delivery attempts is defined as 1 + (the sum of number of NACKs and number of times the acknowledgement deadline has been exceeded for the message). A NACK is any call to ModifyAckDeadline with a 0 deadline. Note that client libraries may automatically extend ack_deadlines. This field will be honored on a best effort basis. If this parameter is 0, a default value of 5 is used.
-
-
expiration_policy
list block-
ttl
required - string
Specifies the "time-to-live" duration for an associated resource. The resource expires if it is not active for a period of ttl. If ttl is not set, the associated resource never expires. A duration in seconds with up to nine fractional digits, terminated by 's'. Example - "3.5s".
-
-
push_config
list block-
attributes
optional - map from string to string
Endpoint configuration attributes. Every endpoint has a set of API supported attributes that can be used to control different aspects of the message delivery. The currently supported attribute is x-goog-version, which you can use to change the format of the pushed message. This attribute indicates the version of the data expected by the endpoint. This controls the shape of the pushed message (i.e., its fields and metadata). The endpoint version is based on the version of the Pub/Sub API. If not present during the subscriptions.create call, it will default to the version of the API used to make such call. If not present during a subscriptions.modifyPushConfig call, its value will not be changed. subscriptions.get calls will always return a valid version, even if the subscription was created without this attribute. The possible values for this attribute are: - v1beta1: uses the push format defined in the v1beta1 Pub/Sub API. - v1 or v1beta2: uses the push format defined in the v1 Pub/Sub API.
-
push_endpoint
required - string
A URL locating the endpoint to which messages should be pushed. For example, a Webhook endpoint might use "https://example.com/push".
-
oidc_token
list block-
audience
optional - string
Audience to be used when generating OIDC token. The audience claim identifies the recipients that the JWT is intended for. The audience value is a single case-sensitive string. Having multiple values (array) for the audience field is not supported. More info about the OIDC JWT token audience here: https://tools.ietf.org/html/rfc7519#section-4.1.3 Note: if not specified, the Push endpoint URL will be used.
-
service_account_email
required - string
Service account email to be used for generating the OIDC token. The caller (for subscriptions.create, subscriptions.patch, and subscriptions.modifyPushConfig RPCs) must have the iam.serviceAccounts.actAs permission for the service account.
-
-
-
retry_policy
list block-
maximum_backoff
optional computed - string
The maximum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 600 seconds. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
-
minimum_backoff
optional computed - string
The minimum delay between consecutive deliveries of a given message. Value should be between 0 and 600 seconds. Defaults to 10 seconds. A duration in seconds with up to nine fractional digits, terminated by 's'. Example: "3.5s".
-
-
timeouts
single block
Explanation in Terraform Registry
A named resource representing the stream of messages from a single, specific topic, to be delivered to the subscribing application. To get more information about Subscription, see:
- API documentation
- How-to Guides
- Managing Subscriptions
Note: You can retrieve the email of the Google Managed Pub/Sub Service Account used for forwarding by using the
google_project_service_identity
resource.
Frequently asked questions
What is Google Cloud Pub/Sub Subscription?
Google Cloud Pub/Sub Subscription is a resource for Cloud Pub/Sub of Google Cloud Platform. Settings can be wrote in Terraform.
Where can I find the example code for the Google Cloud Pub/Sub Subscription?
For Terraform, the mbigras/modular-example and WittierDinosaur/IEX_Stream source code examples are useful. See the Terraform Example section for further details.