pulumi-gcp-kotlin/com.pulumi.gcp.compute.kotlin/SSLPolicyArgs

SSLPolicyArgs

data class SSLPolicyArgs(val customFeatures: Output<List<String>>? = null, val description: Output<String>? = null, val minTlsVersion: Output<String>? = null, val name: Output<String>? = null, val profile: Output<String>? = null, val project: Output<String>? = null) : ConvertibleToJava<SSLPolicyArgs>

Represents a SSL policy. SSL policies give you the ability to control the features of SSL that your SSL proxy or HTTPS load balancer negotiates. To get more information about SslPolicy, see:

Example Usage

Ssl Policy Basic

import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const prod_ssl_policy = new gcp.compute.SSLPolicy("prod-ssl-policy", {
    name: "production-ssl-policy",
    profile: "MODERN",
});
const nonprod_ssl_policy = new gcp.compute.SSLPolicy("nonprod-ssl-policy", {
    name: "nonprod-ssl-policy",
    profile: "MODERN",
    minTlsVersion: "TLS_1_2",
});
const custom_ssl_policy = new gcp.compute.SSLPolicy("custom-ssl-policy", {
    name: "custom-ssl-policy",
    minTlsVersion: "TLS_1_2",
    profile: "CUSTOM",
    customFeatures: [
        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
    ],
});
Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
prod_ssl_policy = gcp.compute.SSLPolicy("prod-ssl-policy",
    name="production-ssl-policy",
    profile="MODERN")
nonprod_ssl_policy = gcp.compute.SSLPolicy("nonprod-ssl-policy",
    name="nonprod-ssl-policy",
    profile="MODERN",
    min_tls_version="TLS_1_2")
custom_ssl_policy = gcp.compute.SSLPolicy("custom-ssl-policy",
    name="custom-ssl-policy",
    min_tls_version="TLS_1_2",
    profile="CUSTOM",
    custom_features=[
        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
    ])
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
    var prod_ssl_policy = new Gcp.Compute.SSLPolicy("prod-ssl-policy", new()
    {
        Name = "production-ssl-policy",
        Profile = "MODERN",
    });
    var nonprod_ssl_policy = new Gcp.Compute.SSLPolicy("nonprod-ssl-policy", new()
    {
        Name = "nonprod-ssl-policy",
        Profile = "MODERN",
        MinTlsVersion = "TLS_1_2",
    });
    var custom_ssl_policy = new Gcp.Compute.SSLPolicy("custom-ssl-policy", new()
    {
        Name = "custom-ssl-policy",
        MinTlsVersion = "TLS_1_2",
        Profile = "CUSTOM",
        CustomFeatures = new[]
        {
            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
        },
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-gcp/sdk/v8/go/gcp/compute"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := compute.NewSSLPolicy(ctx, "prod-ssl-policy", &compute.SSLPolicyArgs{
			Name:    pulumi.String("production-ssl-policy"),
			Profile: pulumi.String("MODERN"),
		})
		if err != nil {
			return err
		}
		_, err = compute.NewSSLPolicy(ctx, "nonprod-ssl-policy", &compute.SSLPolicyArgs{
			Name:          pulumi.String("nonprod-ssl-policy"),
			Profile:       pulumi.String("MODERN"),
			MinTlsVersion: pulumi.String("TLS_1_2"),
		})
		if err != nil {
			return err
		}
		_, err = compute.NewSSLPolicy(ctx, "custom-ssl-policy", &compute.SSLPolicyArgs{
			Name:          pulumi.String("custom-ssl-policy"),
			MinTlsVersion: pulumi.String("TLS_1_2"),
			Profile:       pulumi.String("CUSTOM"),
			CustomFeatures: pulumi.StringArray{
				pulumi.String("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"),
				pulumi.String("TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.compute.SSLPolicy;
import com.pulumi.gcp.compute.SSLPolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var prod_ssl_policy = new SSLPolicy("prod-ssl-policy", SSLPolicyArgs.builder()
            .name("production-ssl-policy")
            .profile("MODERN")
            .build());
        var nonprod_ssl_policy = new SSLPolicy("nonprod-ssl-policy", SSLPolicyArgs.builder()
            .name("nonprod-ssl-policy")
            .profile("MODERN")
            .minTlsVersion("TLS_1_2")
            .build());
        var custom_ssl_policy = new SSLPolicy("custom-ssl-policy", SSLPolicyArgs.builder()
            .name("custom-ssl-policy")
            .minTlsVersion("TLS_1_2")
            .profile("CUSTOM")
            .customFeatures(
                "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
                "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384")
            .build());
    }
}
Content copied to clipboard
resources:
  prod-ssl-policy:
    type: gcp:compute:SSLPolicy
    properties:
      name: production-ssl-policy
      profile: MODERN
  nonprod-ssl-policy:
    type: gcp:compute:SSLPolicy
    properties:
      name: nonprod-ssl-policy
      profile: MODERN
      minTlsVersion: TLS_1_2
  custom-ssl-policy:
    type: gcp:compute:SSLPolicy
    properties:
      name: custom-ssl-policy
      minTlsVersion: TLS_1_2
      profile: CUSTOM
      customFeatures:
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Content copied to clipboard

Import

SslPolicy can be imported using any of these accepted formats:

  • projects/{{project}}/global/sslPolicies/{{name}}

  • {{project}}/{{name}}

  • {{name}} When using the pulumi import command, SslPolicy can be imported using one of the formats above. For example:

$ pulumi import gcp:compute/sSLPolicy:SSLPolicy default projects/{{project}}/global/sslPolicies/{{name}}
Content copied to clipboard
$ pulumi import gcp:compute/sSLPolicy:SSLPolicy default {{project}}/{{name}}
Content copied to clipboard
$ pulumi import gcp:compute/sSLPolicy:SSLPolicy default {{name}}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(customFeatures: Output<List<String>>? = null, description: Output<String>? = null, minTlsVersion: Output<String>? = null, name: Output<String>? = null, profile: Output<String>? = null, project: Output<String>? = null)

Properties

Link copied to clipboard
val customFeatures: Output<List<String>>? = null

Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. This can be one of COMPATIBLE, MODERN, RESTRICTED, or CUSTOM. If using CUSTOM, the set of SSL features to enable must be specified in the customFeatures field. See the official documentation for which ciphers are available to use. Note: this argument must be present when using the CUSTOM profile. This argument must not be present when using any other profile.

Link copied to clipboard
val description: Output<String>? = null

An optional description of this resource.

Link copied to clipboard
val minTlsVersion: Output<String>? = null

The minimum version of SSL protocol that can be used by the clients to establish a connection with the load balancer. Default value is TLS_1_0. Possible values are: TLS_1_0, TLS_1_1, TLS_1_2.

Link copied to clipboard
val name: Output<String>? = null

Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression a-z? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.

Link copied to clipboard
val profile: Output<String>? = null

Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. If using CUSTOM, the set of SSL features to enable must be specified in the customFeatures field. See the official documentation for information on what cipher suites each profile provides. If CUSTOM is used, the custom_features attribute must be set. Default value is COMPATIBLE. Possible values are: COMPATIBLE, MODERN, RESTRICTED, CUSTOM.

Link copied to clipboard
val project: Output<String>? = null

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Functions

Link copied to clipboard
open override fun toJava(): SSLPolicyArgs