Google Compute Engine SSL Policy

This page shows how to write Terraform for Compute Engine SSL Policy and write them securely.

google_compute_ssl_policy (Terraform)

The SSL Policy in Compute Engine can be configured in Terraform with the resource name google_compute_ssl_policy. The following sections describe 4 examples of how to use the resource and its parameters.

Example Usage from GitHub

positive.tf#L1
resource "google_compute_ssl_policy" "positive1" {
  name            = "custom-ssl-policy"
  min_tls_version = "TLS_1_1"
  profile         = "CUSTOM"
  custom_features = ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
}
positive.tf#L1
resource "google_compute_ssl_policy" "positive1" {
  name            = "custom-ssl-policy"
  min_tls_version = "TLS_1_1"
  profile         = "CUSTOM"
  custom_features = ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
}
ssl-policies.tf#L1
resource "google_compute_ssl_policy" "ssl-policy" {
  provider        = google.target
  count           = var.load_balancer_ssl_policy_create
  name            = var.ssl_policy_name
  profile         = var.load_balancer_ssl_policy_profile
  min_tls_version = var.min_tls_version
ssl_policy.tf#L2
resource "google_compute_ssl_policy" "primary" {
  name            = local.SSL_CERT_NAME
  project         = data.google_project.primary.number
  profile         = "MODERN"
  min_tls_version = "TLS_1_2"
  lifecycle {

Parameters

  • creation_timestamp requiredcomputed - string
    • Creation timestamp in RFC3339 text format.

  • custom_features optional - set / string
    • Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. This can be one of 'COMPATIBLE', 'MODERN', 'RESTRICTED', or 'CUSTOM'. If using 'CUSTOM', the set of SSL features to enable must be specified in the 'customFeatures' field. See the official documentation for which ciphers are available to use. Note: this argument must be present when using the 'CUSTOM' profile. This argument must not be present when using any other profile.

  • description optional - string
    • An optional description of this resource.

  • enabled_features requiredcomputed - set / string
    • The list of features enabled in the SSL policy.

  • fingerprint requiredcomputed - string
    • Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking.

  • id optionalcomputed - string
  • min_tls_version optional - string
    • The minimum version of SSL protocol that can be used by the clients to establish a connection with the load balancer. Default value: "TLS_1_0" Possible values: ["TLS_1_0", "TLS_1_1", "TLS_1_2"]

  • name required - string
    • Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression 'a-z?' which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

  • profile optional - string
    • Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. If using 'CUSTOM', the set of SSL features to enable must be specified in the 'customFeatures' field. See the official documentation for information on what cipher suites each profile provides. If 'CUSTOM' is used, the 'custom_features' attribute must be set. Default value: "COMPATIBLE" Possible values: ["COMPATIBLE", "MODERN", "RESTRICTED", "CUSTOM"]

  • project optionalcomputed - string
  • self_link requiredcomputed - string

Explanation in Terraform Registry

Represents a SSL policy. SSL policies give you the ability to control the features of SSL that your SSL proxy or HTTPS load balancer negotiates. To get more information about SslPolicy, see:

Frequently asked questions

What is Google Compute Engine SSL Policy?

Google Compute Engine SSL Policy is a resource for Compute Engine of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google Compute Engine SSL Policy?

For Terraform, the Checkmarx/kics, leonidweinbergcx/mykics and broadinstitute/terraform-shared source code examples are useful. See the Terraform Example section for further details.

security-icon

Scan your IaC problem in 3 minutes for free

You can keep your IaC security for free. No credit card required.