public/terraform-provider-google
0
0
Fork 0
mirror of https://github.com/letic/terraform-provider-google.git synced 2024-10-01 16:21:06 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of /Users/jake/terraform

Browse Source
This commit is contained in:
Jake Champlin 2017-06-09 10:58:06 -04:00
commit 5720340ed6
No known key found for this signature in database
GPG Key ID: DC31F41958EF4AC2
59 changed files with 5205 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
website/docs/d/datasource_compute_network.html.markdown Normal file
View File

@ -0,0 +1,46 @@
---
layout: "google"
page_title: "Google: google_compute_network"
sidebar_current: "docs-google-datasource-compute-network"
description: |-
Get a network within GCE.
---
# google\_compute\_network
Get a network within GCE from its name.
## Example Usage
```tf
data "google_compute_network" "my-network" {
name = "default-us-east1"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) The name of the network.
- - -
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
## Attributes Reference
In addition to the arguments listed above, the following attributes are exported:
* `network` - The network name or resource link to the parent
network of this network.
* `description` - Description of this network.
* `gateway_ipv4` - The IP address of the gateway.
* `subnetworks_self_links` - the list of subnetworks which belong to the network
* `self_link` - The URI of the resource.

54
website/docs/d/datasource_compute_subnetwork.html.markdown Normal file
View File

@ -0,0 +1,54 @@
---
layout: "google"
page_title: "Google: google_compute_subnetwork"
sidebar_current: "docs-google-datasource-compute-subnetwork"
description: |-
Get a subnetwork within GCE.
---
# google\_compute\_subnetwork
Get a subnetwork within GCE from its name and region.
## Example Usage
```tf
data "google_compute_subnetwork" "my-subnetwork" {
name = "default-us-east1"
region = "us-east1"
}
```
## Argument Reference
The following arguments are supported:
* `name` - The name of the subnetwork.
- - -
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `region` - (Optional) The region this subnetwork has been created in. If
unspecified, this defaults to the region configured in the provider.
## Attributes Reference
In addition to the arguments listed above, the following attributes are exported:
* `network` - The network name or resource link to the parent
network of this subnetwork.
* `description` - Description of this subnetwork.
* `ip_cidr_range` - The IP address range that machines in this
network are assigned to, represented as a CIDR block.
* `gateway_address` - The IP address of the gateway.
* `private_ip_google_access` - Whether the VMs in this subnet
can access Google services without assigned external IP
addresses.
* `self_link` - The URI of the created resource.

40
website/docs/d/google_compute_zones.html.markdown Normal file
View File

@ -0,0 +1,40 @@
---
layout: "google"
page_title: "Google: google_compute_zones"
sidebar_current: "docs-google-datasource-compute-zones"
description: |-
Provides a list of available Google Compute zones
---
# google\_compute\_zones
Provides access to available Google Compute zones in a region for a given project.
See more about [regions and zones](https://cloud.google.com/compute/docs/regions-zones/regions-zones) in the upstream docs.
```
data "google_compute_zones" "available" {}
resource "google_compute_instance_group_manager" "foo" {
count = "${length(data.google_compute_zones.available.names)}"
name = "terraform-test-${count.index}"
instance_template = "${google_compute_instance_template.foobar.self_link}"
base_instance_name = "foobar-${count.index}"
zone = "${data.google_compute_zones.available.names[count.index]}"
target_size = 1
}
```
## Argument Reference
The following arguments are supported:
* `region` (Optional) - Region from which to list available zones. Defaults to region declared in the provider.
* `status` (Optional) - Allows to filter list of zones based on their current status. Status can be either `UP` or `DOWN`.
Defaults to no filtering (all available zones - both `UP` and `DOWN`).
## Attributes Reference
The following attribute is exported:
* `names` - A list of zones available in the given region

46
website/docs/d/google_container_engine_versions.html.markdown Normal file
View File

@ -0,0 +1,46 @@
---
layout: "google"
page_title: "Google: google_container_engine_versions"
sidebar_current: "docs-google-datasource-container-versions"
description: |-
Provides lists of available Google Container Engine versions for masters and nodes.
---
# google\_container\_engine\_versions
Provides access to available Google Container Engine versions in a zone for a given project.
```hcl
data "google_container_engine_versions" "central1b" {
zone = "us-central1-b"
}
resource "google_container_cluster" "foo" {
name = "terraform-test-cluster"
zone = "us-central1-b"
node_version = "${data.google_container_engine_versions.central1b.latest_node_version}"
initial_node_count = 1
master_auth {
username = "mr.yoda"
password = "adoy.rm"
}
}
```
## Argument Reference
The following arguments are supported:
* `zone` (required) - Zone to list available cluster versions for. Should match the zone the cluster will be deployed in.
* `project` (optional) - ID of the project to list available cluster versions for. Should match the project the cluster will be deployed to.
Defaults to the project that the provider is authenticated with.
## Attributes Reference
The following attributes are exported:
* `valid_master_versions` - A list of versions available in the given zone for use with master instances.
* `valid_node_versions` - A list of versions available in the given zone for use with node instances.
* `latest_master_version` - The latest version available in the given zone for use with master instances.
* `latest_node_version` - The latest version available in the given zone for use with node instances.

67
website/docs/d/google_iam_policy.html.markdown Normal file
View File

@ -0,0 +1,67 @@
---
layout: "google"
page_title: "Google: google_iam_policy"
sidebar_current: "docs-google-datasource-iam-policy"
description: |-
Generates an IAM policy that can be referenced by other resources, applying
the policy to them.
---
# google\_iam\_policy
Generates an IAM policy document that may be referenced by and applied to
other Google Cloud Platform resources, such as the `google_project` resource.
```
data "google_iam_policy" "admin" {
binding {
role = "roles/compute.instanceAdmin"
members = [
"serviceAccount:your-custom-sa@your-project.iam.gserviceaccount.com",
]
}
binding {
role = "roles/storage.objectViewer"
members = [
"user:evanbrown@google.com",
]
}
}
```
This data source is used to define IAM policies to apply to other resources.
Currently, defining a policy through a datasource and referencing that policy
from another resource is the only way to apply an IAM policy to a resource.
**Note:** Several restrictions apply when setting IAM policies through this API.
See the [setIamPolicy docs](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy)
for a list of these restrictions.
## Argument Reference
The following arguments are supported:
* `binding` (Required) - A nested configuration block (described below)
defining a binding to be included in the policy document. Multiple
`binding` arguments are supported.
Each document configuration must have one or more `binding` blocks, which
each accept the following arguments:
* `role` (Required) - The role/permission that will be granted to the members.
See the [IAM Roles](https://cloud.google.com/compute/docs/access/iam) documentation for a complete list of roles.
* `members` (Required) - An array of users/principals that will be granted
the privilege in the `role`. For a human user, prefix the user's e-mail
address with `user:` (e.g., `user:evandbrown@gmail.com`). For a service
account, prefix the service account e-mail address with `serviceAccount:`
(e.g., `serviceAccount:your-service-account@your-project.iam.gserviceaccount.com`).
## Attributes Reference
The following attribute is exported:
* `policy_data` - The above bindings serialized in a format suitable for
referencing from a resource that supports IAM.

81
website/docs/d/signed_url.html.markdown Normal file
View File

@ -0,0 +1,81 @@
---
layout: "google"
page_title: "Google: google_storage_object_signed_url"
sidebar_current: "docs-google-datasource-signed_url"
description: |-
Provides signed URL to Google Cloud Storage object.
---
# google\_storage\_object\_signed_url
The Google Cloud storage signed URL data source generates a signed URL for a given storage object. Signed URLs provide a way to give time-limited read or write access to anyone in possession of the URL, regardless of whether they have a Google account.
For more info about signed URL's is available [here](https://cloud.google.com/storage/docs/access-control/signed-urls).
## Example Usage
```hcl
data "google_storage_object_signed_url" "artifact" {
bucket = "install_binaries"
path = "path/to/install_file.bin"
}
resource "google_compute_instance" "vm" {
name = "vm"
...
provisioner "remote-exec" {
inline = [
"wget '${data.google_storage_object_signed_url.artifact.signed_url}' -O install_file.bin",
"chmod +x install_file.bin",
"./install_file.bin"
]
}
}
```
## Full Example
```hcl
data "google_storage_object_signed_url" "get_url" {
bucket = "fried_chicken"
path = "path/to/file"
content_md5 = "pRviqwS4c4OTJRTe03FD1w=="
content_type = "text/plain"
duration = "2d"
credentials = "${file("path/to/credentials.json")}"
extension_headers {
x-goog-if-generation-match = 1
}
}
```
## Argument Reference
The following arguments are supported:
* `bucket` - (Required) The name of the bucket to read the object from
* `path` - (Required) The full path to the object inside the bucket
* `http_method` - (Optional) What HTTP Method will the signed URL allow (defaults to `GET`)
* `duration` - (Optional) For how long shall the signed URL be valid (defaults to 1 hour - i.e. `1h`).
See [here](https://golang.org/pkg/time/#ParseDuration) for info on valid duration formats.
* `credentials` - (Optional) What Google service account credentials json should be used to sign the URL.
This data source checks the following locations for credentials, in order of preference: data source `credentials` attribute, provider `credentials` attribute and finally the GOOGLE_APPLICATION_CREDENTIALS environment variable.
> **NOTE** the default google credentials configured by `gcloud` sdk or the service account associated with a compute instance cannot be used, because these do not include the private key required to sign the URL. A valid `json` service account credentials key file must be used, as generated via Google cloud console.
* `content_type` - (Optional) If you specify this in the datasource, the client must provide the `Content-Type` HTTP header with the same value in its request.
* `content_md5` - (Optional) The [MD5 digest](https://cloud.google.com/storage/docs/hashes-etags#_MD5) value in Base64.
Typically retrieved from `google_storage_bucket_object.object.md5hash` attribute.
If you provide this in the datasource, the client (e.g. browser, curl) must provide the `Content-MD5` HTTP header with this same value in its request.
* `extension_headers` - (Optional) As needed. The server checks to make sure that the client provides matching values in requests using the signed URL.
Any header starting with `x-goog-` is accepted but see the [Google Docs](https://cloud.google.com/storage/docs/xml-api/reference-headers) for list of headers that are supported by Google.
## Attributes Reference
The following attributes are exported:
* `signed_url` - The signed URL that can be used to access the storage object without authentication.

87
website/docs/index.html.markdown Normal file
View File

@ -0,0 +1,87 @@
---
layout: "google"
page_title: "Provider: Google Cloud"
sidebar_current: "docs-google-index"
description: |-
The Google Cloud provider is used to interact with Google Cloud services. The provider needs to be configured with the proper credentials before it can be used.
---
# Google Cloud Provider
The Google Cloud provider is used to interact with
[Google Cloud services](https://cloud.google.com/). The provider needs
to be configured with the proper credentials before it can be used.
Use the navigation to the left to read about the available resources.
## Example Usage
```hcl
// Configure the Google Cloud provider
provider "google" {
credentials = "${file("account.json")}"
project = "my-gce-project"
region = "us-central1"
}
// Create a new instance
resource "google_compute_instance" "default" {
# ...
}
```
## Configuration Reference
The following keys can be used to configure the provider.
* `credentials` - (Optional) Contents of the JSON file used to describe your
account credentials, downloaded from Google Cloud Console. More details on
retrieving this file are below. Credentials may be blank if you are running
Terraform from a GCE instance with a properly-configured [Compute Engine
Service Account](https://cloud.google.com/compute/docs/authentication). This
can also be specified using any of the following environment variables
(listed in order of precedence):
* `GOOGLE_CREDENTIALS`
* `GOOGLE_CLOUD_KEYFILE_JSON`
* `GCLOUD_KEYFILE_JSON`
The [`GOOGLE_APPLICATION_CREDENTIALS`](https://developers.google.com/identity/protocols/application-default-credentials#howtheywork)
environment variable can also contain the path of a file to obtain credentials
from.
* `project` - (Required) The ID of the project to apply any resources to. This
can be specified using any of the following environment variables (listed in
order of precedence):
* `GOOGLE_PROJECT`
* `GCLOUD_PROJECT`
* `CLOUDSDK_CORE_PROJECT`
* `region` - (Required) The region to operate under. This can also be specified
using any of the following environment variables (listed in order of
precedence):
* `GOOGLE_REGION`
* `GCLOUD_REGION`
* `CLOUDSDK_COMPUTE_REGION`
## Authentication JSON File
Authenticating with Google Cloud services requires a JSON
file which we call the _account file_.
This file is downloaded directly from the
[Google Developers Console](https://console.developers.google.com). To make
the process more straightforwarded, it is documented here:
1. Log into the [Google Developers Console](https://console.developers.google.com)
and select a project.
2. The API Manager view should be selected, click on "Credentials" on the left,
then "Create credentials", and finally "Service account key".
3. Select "Compute Engine default service account" in the "Service account"
dropdown, and select "JSON" as the key type.
4. Clicking "Create" will download your `credentials`.

80
website/docs/r/bigquery_dataset.html.markdown Normal file
View File

@ -0,0 +1,80 @@
---
layout: "google"
page_title: "Google: google_bigquery_dataset"
sidebar_current: "docs-google-bigquery-dataset"
description: |-
Creates a dataset resource for Google BigQuery.
---
# google_bigquery_dataset
Creates a dataset resource for Google BigQuery. For more information see
[the official documentation](https://cloud.google.com/bigquery/docs/) and
[API](https://cloud.google.com/bigquery/docs/reference/rest/v2/datasets).
## Example Usage
```hcl
resource "google_bigquery_dataset" "default" {
dataset_id = "test"
friendly_name = "test"
description = "This is a test description"
location = "EU"
default_table_expiration_ms = 3600000
labels {
env = "default"
}
}
```
## Argument Reference
The following arguments are supported:
* `dataset_id` - (Required) A unique ID for the resource.
Changing this forces a new resource to be created.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `friendly_name` - (Optional) A descriptive name for the dataset.
* `description` - (Optional) A user-friendly description of the dataset.
* `location` - (Optional) The geographic location where the dataset should reside.
Possible values include `EU` and `US`. The default value is `US`.
Changing this forces a new resource to be created.
* `default_table_expiration_ms` - (Optional) The default lifetime of all
tables in the dataset, in milliseconds. The minimum value is 3600000
milliseconds (one hour).
Once this property is set, all newly-created
tables in the dataset will have an expirationTime property set to the
creation time plus the value in this property, and changing the value
will only affect new tables, not existing ones. When the
expirationTime for a given table is reached, that table will be
deleted automatically. If a table's expirationTime is modified or
removed before the table expires, or if you provide an explicit
expirationTime when creating a table, that value takes precedence
over the default expiration time indicated by this property.
* `labels` - (Optional) A mapping of labels to assign to the resource.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URI of the created resource.
* `etag` - A hash of the resource.
* `creation_time` - The time when this dataset was created, in milliseconds since the epoch.
* `last_modified_time` - The date when this dataset or any of its tables was last modified,
in milliseconds since the epoch.

113
website/docs/r/bigquery_table.html.markdown Normal file
View File

@ -0,0 +1,113 @@
---
layout: "google"
page_title: "Google: google_bigquery_table"
sidebar_current: "docs-google-bigquery-table"
description: |-
Creates a table resource in a dataset for Google BigQuery.
---
# google_bigquery_table
Creates a table resource in a dataset for Google BigQuery. For more information see
[the official documentation](https://cloud.google.com/bigquery/docs/) and
[API](https://cloud.google.com/bigquery/docs/reference/rest/v2/tables).
## Example Usage
```hcl
resource "google_bigquery_dataset" "default" {
dataset_id = "test"
friendly_name = "test"
description = "This is a test description"
location = "EU"
default_table_expiration_ms = 3600000
labels {
env = "default"
}
}
resource "google_bigquery_table" "default" {
dataset_id = "${google_bigquery_dataset.default.id}"
table_id = "test"
time_partitioning {
type = "DAY"
}
labels {
env = "default"
}
schema = "${file("schema.json")}"
}
```
## Argument Reference
The following arguments are supported:
* `dataset_id` - (Required) The dataset ID to create the table in.
Changing this forces a new resource to be created.
* `table_id` - (Required) A unique ID for the resource.
Changing this forces a new resource to be created.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `description` - (Optional) The field description.
* `expiration_time` - (Optional) The time when this table expires, in
milliseconds since the epoch. If not present, the table will persist
indefinitely. Expired tables will be deleted and their storage
reclaimed.
* `friendly_name` - (Optional) A descriptive name for the table.
* `labels` - (Optional) A mapping of labels to assign to the resource.
* `schema` - (Optional) A JSON schema for the table.
* `time_partitioning` - (Optional) If specified, configures time-based
partitioning for this table. Structure is documented below.
The `time_partitioning` block supports:
* `expiration_ms` - (Optional) Number of milliseconds for which to keep the
storage for a partition.
* `type` - (Required) The only type supported is DAY, which will generate
one partition per day based on data loading time.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `creation_time` - The time when this table was created, in milliseconds since the epoch.
* `etag` - A hash of the resource.
* `last_modified_time` - The time when this table was last modified, in milliseconds since the epoch.
* `location` - The geographic location where the table resides. This value is inherited from the dataset.
* `num_bytes` - The size of this table in bytes, excluding any data in the streaming buffer.
* `num_long_term_bytes` - The number of bytes in the table that are considered "long-term storage".
* `num_rows` - The number of rows of data in this table, excluding any data in the streaming buffer.
* `self_link` - The URI of the created resource.
* `type` - Describes the table type.
## Import
Tables can be imported using ID of the table (`projectID`:`datasetID`.`tableID`), e.g.
```
$ terraform import bigquery_table.default testproject:testdataset.testtable
```

45
website/docs/r/compute_address.html.markdown Normal file
View File

@ -0,0 +1,45 @@
---
layout: "google"
page_title: "Google: google_compute_address"
sidebar_current: "docs-google-compute-address"
description: |-
Creates a static IP address resource for Google Compute Engine.
---
# google\_compute\_address
Creates a static IP address resource for Google Compute Engine. For more information see
[the official documentation](https://cloud.google.com/compute/docs/instances-and-network) and
[API](https://cloud.google.com/compute/docs/reference/latest/addresses).
## Example Usage
```hcl
resource "google_compute_address" "default" {
name = "test-address"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
- - -
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `region` - (Optional) The Region in which the created address should reside.
If it is not provided, the provider region is used.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URI of the created resource.
* `address` - The IP of the created resource.

147
website/docs/r/compute_autoscaler.html.markdown Normal file
View File

@ -0,0 +1,147 @@
---
layout: "google"
page_title: "Google: google_compute_autoscaler"
sidebar_current: "docs-google-compute-autoscaler"
description: |-
Manages an Autoscaler within GCE.
---
# google\_compute\_autoscaler
A Compute Engine Autoscaler automatically adds or removes virtual machines from
a managed instance group based on increases or decreases in load. This allows
your applications to gracefully handle increases in traffic and reduces cost
when the need for resources is lower. You just define the autoscaling policy and
the autoscaler performs automatic scaling based on the measured load. For more
information, see [the official
documentation](https://cloud.google.com/compute/docs/autoscaler/) and
[API](https://cloud.google.com/compute/docs/autoscaler/v1beta2/autoscalers)
## Example Usage
```hcl
resource "google_compute_instance_template" "foobar" {
name = "foobar"
machine_type = "n1-standard-1"
can_ip_forward = false
tags = ["foo", "bar"]
disk {
source_image = "debian-cloud/debian-8"
}
network_interface {
network = "default"
}
metadata {
foo = "bar"
}
service_account {
scopes = ["userinfo-email", "compute-ro", "storage-ro"]
}
}
resource "google_compute_target_pool" "foobar" {
name = "foobar"
}
resource "google_compute_instance_group_manager" "foobar" {
name = "foobar"
zone = "us-central1-f"
instance_template = "${google_compute_instance_template.foobar.self_link}"
target_pools = ["${google_compute_target_pool.foobar.self_link}"]
base_instance_name = "foobar"
}
resource "google_compute_autoscaler" "foobar" {
name = "foobar"
zone = "us-central1-f"
target = "${google_compute_instance_group_manager.foobar.self_link}"
autoscaling_policy = {
max_replicas = 5
min_replicas = 1
cooldown_period = 60
cpu_utilization {
target = 0.5
}
}
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) The name of the autoscaler.
* `target` - (Required) The full URL to the instance group manager whose size we
control.
* `zone` - (Required) The zone of the target.
* `autoscaling_policy.` - (Required) The parameters of the autoscaling
algorithm. Structure is documented below.
- - -
* `description` - (Optional) An optional textual description of the instance
group manager.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
The `autoscaling_policy` block contains:
* `max_replicas` - (Required) The group will never be larger than this.
* `min_replicas` - (Required) The group will never be smaller than this.
* `cooldown_period` - (Optional) Period to wait between changes. This should be
at least double the time your instances take to start up.
* `cpu_utilization` - (Optional) A policy that scales when the cluster's average
CPU is above or below a given threshold. Structure is documented below.
* `metric` - (Optional) A policy that scales according to Google Cloud
Monitoring metrics Structure is documented below.
* `load_balancing_utilization` - (Optional) A policy that scales when the load
reaches a proportion of a limit defined in the HTTP load balancer. Structure
is documented below.
The `cpu_utilization` block contains:
* `target` - The floating point threshold where CPU utilization should be. E.g.
for 50% one would specify 0.5.
The `metric` block contains (more documentation
[here](https://cloud.google.com/monitoring/api/metrics)):
* `name` - The name of the Google Cloud Monitoring metric to follow, e.g.
`compute.googleapis.com/instance/network/received_bytes_count`
* `type` - Either "cumulative", "delta", or "gauge".
* `target` - The desired metric value per instance. Must be a positive value.
The `load_balancing_utilization` block contains:
* `target` - The floating point threshold where load balancing utilization
should be. E.g. if the load balancer's `maxRatePerInstance` is 10 requests
per second (RPS) then setting this to 0.5 would cause the group to be scaled
such that each instance receives 5 RPS.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URL of the created resource.

52
website/docs/r/compute_backend_bucket.html.markdown Normal file
View File

@ -0,0 +1,52 @@
---
layout: "google"
page_title: "Google: google_compute_backend_bucket"
sidebar_current: "docs-google-compute-backend-bucket"
description: |-
Creates a Backend Bucket resource for Google Compute Engine.
---
# google\_compute\_backend\_bucket
A Backend Bucket defines a Google Cloud Storage bucket that will serve traffic through Google Cloud
Load Balancer.
## Example Usage
```hcl
resource "google_compute_backend_bucket" "foobar" {
name = "image-backend-bucket"
description = "Contains beautiful images"
bucket_name = "${google_storage_bucket.image_bucket.name}"
enable_cdn = true
}
resource "google_storage_bucket" "image_bucket" {
name = "image-store-bucket"
location = "EU"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) The name of the backend bucket.
* `bucket_name` - (Required) The name of the Google Cloud Storage bucket to be used as a backend
bucket.
- - -
* `description` - (Optional) The textual description for the backend bucket.
* `enable_cdn` - (Optional) Whether or not to enable the Cloud CDN on the backend bucket.
* `project` - (Optional) The project in which the resource belongs. If it is not provided, the
provider project is used.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
* `self_link` - The URI of the created resource.

135
website/docs/r/compute_backend_service.html.markdown Normal file
View File

@ -0,0 +1,135 @@
---
layout: "google"
page_title: "Google: google_compute_backend_service"
sidebar_current: "docs-google-compute-backend-service"
description: |-
Creates a Backend Service resource for Google Compute Engine.
---
# google\_compute\_backend\_service
A Backend Service defines a group of virtual machines that will serve traffic for load balancing. For more information
see [the official documentation](https://cloud.google.com/compute/docs/load-balancing/http/backend-service)
and the [API](https://cloud.google.com/compute/docs/reference/latest/backendServices).
For internal load balancing, use a [google_compute_region_backend_service](/docs/providers/google/r/compute_region_backend_service.html).
## Example Usage
```hcl
resource "google_compute_backend_service" "foobar" {
name = "blablah"
description = "Hello World 1234"
port_name = "http"
protocol = "HTTP"
timeout_sec = 10
enable_cdn = false
backend {
group = "${google_compute_instance_group_manager.foo.instance_group}"
}
health_checks = ["${google_compute_http_health_check.default.self_link}"]
}
resource "google_compute_instance_group_manager" "foo" {
name = "terraform-test"
instance_template = "${google_compute_instance_template.foobar.self_link}"
base_instance_name = "foobar"
zone = "us-central1-f"
target_size = 1
}
resource "google_compute_instance_template" "foobar" {
name = "terraform-test"
machine_type = "n1-standard-1"
network_interface {
network = "default"
}
disk {
source_image = "debian-cloud/debian-8"
auto_delete = true
boot = true
}
}
resource "google_compute_http_health_check" "default" {
name = "test"
request_path = "/"
check_interval_sec = 1
timeout_sec = 1
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) The name of the backend service.
* `health_checks` - (Required) Specifies a list of HTTP health check objects
for checking the health of the backend service.
- - -
* `backend` - (Optional) The list of backends that serve this BackendService. Structure is documented below.
* `description` - (Optional) The textual description for the backend service.
* `enable_cdn` - (Optional) Whether or not to enable the Cloud CDN on the backend service.
* `port_name` - (Optional) The name of a service that has been added to an
instance group in this backend. See [related docs](https://cloud.google.com/compute/docs/instance-groups/#specifying_service_endpoints) for details. Defaults to http.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `protocol` - (Optional) The protocol for incoming requests. Defaults to
`HTTP`.
* `session_affinity` - (Optional) How to distribute load. Options are `NONE` (no
affinity), `CLIENT_IP` (hash of the source/dest addresses / ports), and
`GENERATED_COOKIE` (distribute load using a generated session cookie).
* `timeout_sec` - (Optional) The number of secs to wait for a backend to respond
to a request before considering the request failed. Defaults to `30`.
* `connection_draining_timeout_sec` - (Optional) Time for which instance will be drained (not accept new connections,
but still work to finish started ones). Defaults to `0`.
The `backend` block supports:
* `group` - (Required) The name or URI of a Compute Engine instance group
(`google_compute_instance_group_manager.xyz.instance_group`) that can
receive traffic.
* `balancing_mode` - (Optional) Defines the strategy for balancing load.
Defaults to `UTILIZATION`
* `capacity_scaler` - (Optional) A float in the range [0, 1.0] that scales the
maximum parameters for the group (e.g., max rate). A value of 0.0 will cause
no requests to be sent to the group (i.e., it adds the group in a drained
state). The default is 1.0.
* `description` - (Optional) Textual description for the backend.
* `max_rate` - (Optional) Maximum requests per second (RPS) that the group can
handle.
* `max_rate_per_instance` - (Optional) The maximum per-instance requests per
second (RPS).
* `max_utilization` - (Optional) The target CPU utilization for the group as a
float in the range [0.0, 1.0]. This flag can only be provided when the
balancing mode is `UTILIZATION`. Defaults to `0.8`.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `fingerprint` - The fingerprint of the backend service.
* `self_link` - The URI of the created resource.

69
website/docs/r/compute_disk.html.markdown Normal file
View File

@ -0,0 +1,69 @@
---
layout: "google"
page_title: "Google: google_compute_disk"
sidebar_current: "docs-google-compute-disk"
description: |-
Creates a new persistent disk within GCE, based on another disk.
---
# google\_compute\_disk
Creates a new persistent disk within GCE, based on another disk.
~> **Note:** All arguments including the disk encryption key will be stored in the raw state as plain-text.
[Read more about sensitive data in state](/docs/state/sensitive-data.html).
## Example Usage
```hcl
resource "google_compute_disk" "default" {
name = "test-disk"
type = "pd-ssd"
zone = "us-central1-a"
image = "debian-cloud/debian-8"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
* `zone` - (Required) The zone where this disk will be available.
- - -
* `disk_encryption_key_raw` - (Optional) A 256-bit [customer-supplied encryption key]
(https://cloud.google.com/compute/docs/disks/customer-supplied-encryption),
encoded in [RFC 4648 base64](https://tools.ietf.org/html/rfc4648#section-4)
to encrypt this disk.
* `image` - (Optional) The image from which to initialize this disk. This can be
one of: the image's `self_link`, `projects/{project}/global/images/{image}`,
`projects/{project}/global/images/family/{family}`, `global/images/{image}`,
`global/images/family/{family}`, `family/{family}`, `{project}/{family}`,
`{project}/{image}`, `{family}`, or `{image}`.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `size` - (Optional) The size of the image in gigabytes. If not specified, it
will inherit the size of its base image.
* `snapshot` - (Optional) Name of snapshot from which to initialize this disk.
* `type` - (Optional) The GCE disk type.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `disk_encryption_key_sha256` - The [RFC 4648 base64]
(https://tools.ietf.org/html/rfc4648#section-4) encoded SHA-256 hash of the
[customer-supplied encryption key](https://cloud.google.com/compute/docs/disks/customer-supplied-encryption)
that protects this resource.
* `self_link` - The URI of the created resource.

71
website/docs/r/compute_firewall.html.markdown Normal file
View File

@ -0,0 +1,71 @@
---
layout: "google"
page_title: "Google: google_compute_firewall"
sidebar_current: "docs-google-compute-firewall"
description: |-
Manages a firewall resource within GCE.
---
# google\_compute\_firewall
Manages a firewall resource within GCE.
## Example Usage
```hcl
resource "google_compute_firewall" "default" {
name = "test"
network = "${google_compute_network.other.name}"
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["80", "8080", "1000-2000"]
}
source_tags = ["web"]
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
* `network` - (Required) The name of the network to attach this firewall to.
* `allow` - (Required) Can be specified multiple times for each allow
rule. Each allow block supports fields documented below.
- - -
* `description` - (Optional) Textual description field.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `source_ranges` - (Optional) A list of source CIDR ranges that this
firewall applies to.
* `source_tags` - (Optional) A list of source tags for this firewall.
* `target_tags` - (Optional) A list of target tags for this firewall.
The `allow` block supports:
* `protocol` - (Required) The name of the protocol to allow.
* `ports` - (Optional) List of ports and/or port ranges to allow. This can
only be specified if the protocol is TCP or UDP.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URI of the created resource.

79
website/docs/r/compute_forwarding_rule.html.markdown Normal file
View File

@ -0,0 +1,79 @@
---
layout: "google"
page_title: "Google: google_compute_forwarding_rule"
sidebar_current: "docs-google-compute-forwarding-rule"
description: |-
Manages a Forwarding Rule within GCE.
---
# google\_compute\_forwarding\_rule
Manages a Forwarding Rule within GCE. This binds an ip and port range to a target pool. For more
information see [the official
documentation](https://cloud.google.com/compute/docs/load-balancing/network/forwarding-rules) and
[API](https://cloud.google.com/compute/docs/reference/latest/forwardingRules).
## Example Usage
```tf
resource "google_compute_forwarding_rule" "default" {
name = "test"
target = "${google_compute_target_pool.default.self_link}"
port_range = "80"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE. Changing
this forces a new resource to be created.
- - -
* `backend_service` - (Optional) BackendService resource to receive the
matched traffic. Only used for internal load balancing.
* `description` - (Optional) Textual description field.
* `ip_address` - (Optional) The static IP. (if not set, an ephemeral IP is
used).
* `ip_protocol` - (Optional) The IP protocol to route, one of "TCP" "UDP" "AH"
"ESP" or "SCTP" for external load balancing, "TCP" or "UDP" for internal
(default "TCP").
* `load_balancing_scheme` - (Optional) Type of load balancing to use. Can be
set to "INTERNAL" or "EXTERNAL" (default "EXTERNAL").
* `network` - (Optional) Network that the load balanced IP should belong to.
Only used for internal load balancing. If it is not provided, the default
network is used.
* `port_range` - (Optional) A range e.g. "1024-2048" or a single port "1024"
(defaults to all ports!). Only used for external load balancing.
* `ports` - (Optional) A list of ports (maximum of 5) to use for internal load
balancing. Packets addressed to these ports will be forwarded to the backends
configured with this forwarding rule. Required for internal load balancing.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `region` - (Optional) The Region in which the created address should reside.
If it is not provided, the provider region is used.
* `subnetwork` - (Optional) Subnetwork that the load balanced IP should belong
to. Only used for internal load balancing. Must be specified if the network
is in custom subnet mode.
* `target` - (Optional) URL of target pool. Required for external load
balancing.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URI of the created resource.

43
website/docs/r/compute_global_address.html.markdown Normal file
View File

@ -0,0 +1,43 @@
---
layout: "google"
page_title: "Google: google_compute_global_address"
sidebar_current: "docs-google-compute-global-address"
description: |-
Creates a static global IP address resource for a Google Compute Engine project.
---
# google\_compute\_global\_address
Creates a static IP address resource global to a Google Compute Engine project. For more information see
[the official documentation](https://cloud.google.com/compute/docs/instances-and-network) and
[API](https://cloud.google.com/compute/docs/reference/latest/globalAddresses).
## Example Usage
```hcl
resource "google_compute_global_address" "default" {
name = "test-address"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
- - -
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `address` - The assigned address.
* `self_link` - The URI of the created resource.

101
website/docs/r/compute_global_forwarding_rule.html.markdown Normal file
View File

@ -0,0 +1,101 @@
---
layout: "google"
page_title: "Google: google_compute_global_forwarding_rule"
sidebar_current: "docs-google-compute-global-forwarding-rule"
description: |-
Manages a Target Pool within GCE.
---
# google\_compute\_global\_forwarding\_rule
Manages a Global Forwarding Rule within GCE. This binds an ip and port to a target HTTP(s) proxy. For more
information see [the official
documentation](https://cloud.google.com/compute/docs/load-balancing/http/global-forwarding-rules) and
[API](https://cloud.google.com/compute/docs/reference/latest/globalForwardingRules).
## Example Usage
```hcl
resource "google_compute_global_forwarding_rule" "default" {
name = "test"
target = "${google_compute_target_http_proxy.default.self_link}"
port_range = "80"
}
resource "google_compute_target_http_proxy" "default" {
name = "test-proxy"
description = "a description"
url_map = "${google_compute_url_map.default.self_link}"
}
resource "google_compute_url_map" "default" {
name = "url-map"
description = "a description"
default_service = "${google_compute_backend_service.default.self_link}"
host_rule {
hosts = ["mysite.com"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${google_compute_backend_service.default.self_link}"
path_rule {
paths = ["/*"]
service = "${google_compute_backend_service.default.self_link}"
}
}
}
resource "google_compute_backend_service" "default" {
name = "default-backend"
port_name = "http"
protocol = "HTTP"
timeout_sec = 10
health_checks = ["${google_compute_http_health_check.default.self_link}"]
}
resource "google_compute_http_health_check" "default" {
name = "test"
request_path = "/"
check_interval_sec = 1
timeout_sec = 1
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE. Changing
this forces a new resource to be created.
* `target` - (Required) URL of target HTTP or HTTPS proxy.
- - -
* `description` - (Optional) Textual description field.
* `ip_address` - (Optional) The static IP. (if not set, an ephemeral IP is
used). This should be the literal IP address to be used, not the `self_link`
to a `google_compute_address` resource. (If using a `google_compute_address`
resource, use the `address` property instead of the `self_link` property.)
* `ip_protocol` - (Optional) The IP protocol to route, one of "TCP" "UDP" "AH"
"ESP" or "SCTP". (default "TCP").
* `port_range` - (Optional) A range e.g. "1024-2048" or a single port "1024"
(defaults to all ports!).
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URI of the created resource.

125
website/docs/r/compute_health_check.html.markdown Normal file
View File

@ -0,0 +1,125 @@
---
layout: "google"
page_title: "Google: google_compute_health_check"
sidebar_current: "docs-google-compute-health-check"
description: |-
Manages a Health Check within GCE.
---
# google\_compute\_health\_check
Manages a health check within GCE. This is used to monitor instances
behind load balancers. Timeouts or HTTP errors cause the instance to be
removed from the pool. For more information, see [the official
documentation](https://cloud.google.com/compute/docs/load-balancing/health-checks)
and
[API](https://cloud.google.com/compute/docs/reference/latest/healthChecks).
## Example Usage
```tf
resource "google_compute_health_check" "default" {
name = "test"
timeout_sec = 1
check_interval_sec = 1
tcp_health_check {
port = "80"
}
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
- - -
* `check_interval_sec` - (Optional) The number of seconds between each poll of
the instance instance (default 5).
* `description` - (Optional) Textual description field.
* `healthy_threshold` - (Optional) Consecutive successes required (default 2).
* `http_health_check` - (Optional) An HTTP Health Check.
See *HTTP Health Check* below.
* `https_health_check` - (Optional) An HTTPS Health Check.
See *HTTPS Health Check* below.
* `ssl_health_check` - (Optional) An SSL Health Check.
See *SSL Health Check* below.
* `tcp_health_check` - (Optional) A TCP Health Check.
See *TCP Health Check* below.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `timeout_sec` - (Optional) The number of seconds to wait before declaring
failure (default 5).
* `unhealthy_threshold` - (Optional) Consecutive failures required (default 2).
**HTTP Health Check** supports the following attributes:
* `host` - (Optional) HTTP host header field (default instance's public ip).
* `port` - (Optional) TCP port to connect to (default 80).
* `proxy_header` - (Optional) Type of proxy header to append before sending
data to the backend, either NONE or PROXY_V1 (default NONE).
* `request_path` - (Optional) URL path to query (default /).
**HTTPS Health Check** supports the following attributes:
* `host` - (Optional) HTTPS host header field (default instance's public ip).
* `port` - (Optional) TCP port to connect to (default 443).
* `proxy_header` - (Optional) Type of proxy header to append before sending
data to the backend, either NONE or PROXY_V1 (default NONE).
* `request_path` - (Optional) URL path to query (default /).
**SSL Health Check** supports the following attributes:
* `port` - (Optional) TCP port to connect to (default 443).
* `proxy_header` - (Optional) Type of proxy header to append before sending
data to the backend, either NONE or PROXY_V1 (default NONE).
* `request` - (Optional) Application data to send once the SSL connection has
been established (default "").
* `response` - (Optional) The response that indicates health (default "")
**TCP Health Check** supports the following attributes:
* `port` - (Optional) TCP port to connect to (default 80).
* `proxy_header` - (Optional) Type of proxy header to append before sending
data to the backend, either NONE or PROXY_V1 (default NONE).
* `request` - (Optional) Application data to send once the TCP connection has
been established (default "").
* `response` - (Optional) The response that indicates health (default "")
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URI of the created resource.

66
website/docs/r/compute_http_health_check.html.markdown Normal file
View File

@ -0,0 +1,66 @@
---
layout: "google"
page_title: "Google: google_compute_http_health_check"
sidebar_current: "docs-google-compute-http-health-check"
description: |-
Manages an HTTP Health Check within GCE.
---
# google\_compute\_http\_health\_check
Manages an HTTP health check within GCE. This is used to monitor instances
behind load balancers. Timeouts or HTTP errors cause the instance to be
removed from the pool. For more information, see [the official
documentation](https://cloud.google.com/compute/docs/load-balancing/health-checks)
and
[API](https://cloud.google.com/compute/docs/reference/latest/httpHealthChecks).
## Example Usage
```hcl
resource "google_compute_http_health_check" "default" {
name = "test"
request_path = "/health_check"
timeout_sec = 1
check_interval_sec = 1
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
- - -
* `check_interval_sec` - (Optional) The number of seconds between each poll of
the instance instance (default 5).
* `description` - (Optional) Textual description field.
* `healthy_threshold` - (Optional) Consecutive successes required (default 2).
* `host` - (Optional) HTTP host header field (default instance's public ip).
* `port` - (Optional) TCP port to connect to (default 80).
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `request_path` - (Optional) URL path to query (default /).
* `timeout_sec` - (Optional) The number of seconds to wait before declaring
failure (default 5).
* `unhealthy_threshold` - (Optional) Consecutive failures required (default 2).
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URI of the created resource.

63
website/docs/r/compute_https_health_check.html.markdown Normal file
View File

@ -0,0 +1,63 @@
---
layout: "google"
page_title: "Google: google_compute_https_health_check"
sidebar_current: "docs-google-compute-https-health-check"
description: |-
Manages an HTTPS Health Check within GCE.
---
# google\_compute\_https\_health\_check
Manages an HTTPS health check within GCE. This is used to monitor instances
behind load balancers. Timeouts or HTTPS errors cause the instance to be
removed from the pool. For more information, see [the official
documentation](https://cloud.google.com/compute/docs/load-balancing/health-checks)
and
[API](https://cloud.google.com/compute/docs/reference/latest/httpsHealthChecks).
## Example Usage
```hcl
resource "google_compute_https_health_check" "default" {
name = "test"
request_path = "/health_check"
timeout_sec = 1
check_interval_sec = 1
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE. Changing
this forces a new resource to be created.
- - -
* `check_interval_sec` - (Optional) How often to poll each instance (default 5).
* `description` - (Optional) Textual description field.
* `healthy_threshold` - (Optional) Consecutive successes required (default 2).
* `host` - (Optional) HTTPS host header field (default instance's public ip).
* `port` - (Optional) TCP port to connect to (default 443).
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `request_path` - (Optional) URL path to query (default /).
* `timeout_sec` - (Optional) How long before declaring failure (default 5).
* `unhealthy_threshold` - (Optional) Consecutive failures required (default 2).
## Attributes Reference
The following attributes are exported:
* `self_link` - The URL of the created resource.

85
website/docs/r/compute_image.html.markdown Normal file
View File

@ -0,0 +1,85 @@
---
layout: "google"
page_title: "Google: google_compute_image"
sidebar_current: "docs-google-compute-image"
description: |-
Creates a bootable VM image for Google Compute Engine from an existing tarball.
---
# google\_compute\_image
Creates a bootable VM image resource for Google Compute Engine from an existing
tarball. For more information see [the official documentation](https://cloud.google.com/compute/docs/images) and
[API](https://cloud.google.com/compute/docs/reference/latest/images).
## Example Usage
```hcl
resource "google_compute_image" "bootable-image" {
name = "my-custom-image"
raw_disk {
source = "https://storage.googleapis.com/my-bucket/my-disk-image-tarball.tar.gz"
}
}
resource "google_compute_instance" "vm" {
name = "vm-from-custom-image"
machine_type = "n1-standard-1"
zone = "us-east1-c"
disk {
image = "${google_compute_image.bootable-image.self_link}"
}
network_interface {
network = "default"
}
}
```
## Argument Reference
The following arguments are supported: (Note that one of either source_disk or
raw_disk is required)
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
* `source_disk` - The URL of a disk that will be used as the source of the
image. Changing this forces a new resource to be created.
* `raw_disk` - The raw disk that will be used as the source of the image.
Changing this forces a new resource to be created. Structure is documented
below.
* `create_timeout` - Configurable timeout in minutes for creating images. Default is 4 minutes.
Changing this forces a new resource to be created.
The `raw_disk` block supports:
* `source` - (Required) The full Google Cloud Storage URL where the disk
image is stored.
* `sha1` - (Optional) SHA1 checksum of the source tarball that will be used
to verify the source before creating the image.
* `container_type` - (Optional) The format used to encode and transmit the
block device. TAR is the only supported type and is the default.
- - -
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `description` - (Optional) The description of the image to be created
* `family` - (Optional) The name of the image family to which this image belongs.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URI of the created resource.

217
website/docs/r/compute_instance.html.markdown Normal file
View File

@ -0,0 +1,217 @@
---
layout: "google"
page_title: "Google: google_compute_instance"
sidebar_current: "docs-google-compute-instance"
description: |-
Manages a VM instance resource within GCE.
---
# google\_compute\_instance
Manages a VM instance resource within GCE. For more information see
[the official documentation](https://cloud.google.com/compute/docs/instances)
and
[API](https://cloud.google.com/compute/docs/reference/latest/instances).
## Example Usage
```hcl
resource "google_compute_instance" "default" {
name = "test"
machine_type = "n1-standard-1"
zone = "us-central1-a"
tags = ["foo", "bar"]
disk {
image = "debian-cloud/debian-8"
}
// Local SSD disk
disk {
type = "local-ssd"
scratch = true
}
network_interface {
network = "default"
access_config {
// Ephemeral IP
}
}
metadata {
foo = "bar"
}
metadata_startup_script = "echo hi > /test.txt"
service_account {
scopes = ["userinfo-email", "compute-ro", "storage-ro"]
}
}
```
## Argument Reference
The following arguments are supported:
* `disk` - (Required) Disks to attach to the instance. This can be specified
multiple times for multiple disks. Structure is documented below.
* `machine_type` - (Required) The machine type to create. To create a custom
machine type, value should be set as specified
[here](https://cloud.google.com/compute/docs/reference/latest/instances#machineType)
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
* `zone` - (Required) The zone that the machine should be created in.
* `network_interface` - (Required) Networks to attach to the instance. This can
be specified multiple times for multiple networks, but GCE is currently
limited to just 1. Structure is documented below.
- - -
* `can_ip_forward` - (Optional) Whether to allow sending and receiving of
packets with non-matching source or destination IPs.
This defaults to false.
* `description` - (Optional) A brief description of this resource.
* `metadata` - (Optional) Metadata key/value pairs to make available from
within the instance.
* `metadata_startup_script` - (Optional) An alternative to using the
startup-script metadata key, except this one forces the instance to be
recreated (thus re-running the script) if it is changed. This replaces the
startup-script metadata key on the created instance and thus the two
mechanisms are not allowed to be used simultaneously.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `scheduling` - (Optional) The scheduling strategy to use. More details about
this configuration option are detailed below.
* `service_account` - (Optional) Service account to attach to the instance.
Structure is documented below.
* `tags` - (Optional) A list of tags to attach to the instance.
* `create_timeout` - (Optional) Configurable timeout in minutes for creating instances. Default is 4 minutes.
Changing this forces a new resource to be created.
---
* `network` - (DEPRECATED, Required) Networks to attach to the instance. This
can be specified multiple times for multiple networks. Structure is
documented below.
The `disk` block supports: (Note that either disk or image is required, unless
the type is "local-ssd", in which case scratch must be true).
* `disk` - The name of the existing disk (such as those managed by
`google_compute_disk`) to attach.
* `image` - The image from which to initialize this disk. This can be
one of: the image's `self_link`, `projects/{project}/global/images/{image}`,
`projects/{project}/global/images/family/{family}`, `global/images/{image}`,
`global/images/family/{family}`, `family/{family}`, `{project}/{family}`,
`{project}/{image}`, `{family}`, or `{image}`.
* `auto_delete` - (Optional) Whether or not the disk should be auto-deleted.
This defaults to true. Leave true for local SSDs.
* `type` - (Optional) The GCE disk type, e.g. pd-standard, pd-ssd, or local-ssd.
* `scratch` - (Optional) Whether the disk is a scratch disk as opposed to a
persistent disk (required for local-ssd).
* `size` - (Optional) The size of the image in gigabytes. If not specified, it
will inherit the size of its base image. Do not specify for local SSDs as
their size is fixed.
* `device_name` - (Optional) Name with which attached disk will be accessible
under `/dev/disk/by-id/`
* `disk_encryption_key_raw` - (Optional) A 256-bit [customer-supplied encryption key]
(https://cloud.google.com/compute/docs/disks/customer-supplied-encryption),
encoded in [RFC 4648 base64](https://tools.ietf.org/html/rfc4648#section-4)
to encrypt this disk.
The `network_interface` block supports:
* `network` - (Optional) The name or self_link of the network to attach this interface to.
Either `network` or `subnetwork` must be provided.
* `subnetwork` - (Optional) The name of the subnetwork to attach this interface
to. The subnetwork must exist in the same region this instance will be
created in. Either `network` or `subnetwork` must be provided.
* `subnetwork_project` - (Optional) The project in which the subnetwork belongs.
If it is not provided, the provider project is used.
* `address` - (Optional) The private IP address to assign to the instance. If
empty, the address will be automatically assigned.
* `access_config` - (Optional) Access configurations, i.e. IPs via which this
instance can be accessed via the Internet. Omit to ensure that the instance
is not accessible from the Internet (this means that ssh provisioners will
not work unless you are running Terraform can send traffic to the instance's
network (e.g. via tunnel or because it is running on another cloud instance
on that network). This block can be repeated multiple times. Structure
documented below.
The `access_config` block supports:
* `nat_ip` - (Optional) The IP address that will be 1:1 mapped to the instance's
network ip. If not given, one will be generated.
The `service_account` block supports:
* `email` - (Optional) The service account e-mail address. If not given, the
default Google Compute Engine service account is used.
* `scopes` - (Required) A list of service scopes. Both OAuth2 URLs and gcloud
short names are supported.
(DEPRECATED) The `network` block supports:
* `source` - (Required) The name of the network to attach this interface to.
* `address` - (Optional) The IP address of a reserved IP address to assign
to this interface.
The `scheduling` block supports:
* `preemptible` - (Optional) Is the instance preemptible.
* `on_host_maintenance` - (Optional) Describes maintenance behavior for the
instance. Can be MIGRATE or TERMINATE, for more info, read
[here](https://cloud.google.com/compute/docs/instances/setting-instance-scheduling-options)
* `automatic_restart` - (Optional) Specifies if the instance should be
restarted if it was terminated by Compute Engine (not a user).
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `metadata_fingerprint` - The unique fingerprint of the metadata.
* `self_link` - The URI of the created resource.
* `tags_fingerprint` - The unique fingerprint of the tags.
* `network_interface.0.address` - The internal ip address of the instance, either manually or dynamically assigned.
* `network_interface.0.access_config.0.assigned_nat_ip` - If the instance has an access config, either the given external ip (in the `nat_ip` field) or the ephemeral (generated) ip (if you didn't provide one).
* `disk.0.disk_encryption_key_sha256` - The [RFC 4648 base64](https://tools.ietf.org/html/rfc4648#section-4)
encoded SHA-256 hash of the [customer-supplied encryption key]
(https://cloud.google.com/compute/docs/disks/customer-supplied-encryption) that protects this resource.

99
website/docs/r/compute_instance_group.html.markdown Normal file
View File

@ -0,0 +1,99 @@
---
layout: "google"
page_title: "Google: google_compute_instance_group"
sidebar_current: "docs-google-compute-instance-group"
description: |-
Manages an Instance Group within GCE.
---
# google\_compute\_instance\_group
The Google Compute Engine Instance Group API creates and manages pools
of homogeneous Compute Engine virtual machine instances from a common instance
template. For more information, see [the official documentation](https://cloud.google.com/compute/docs/instance-groups/#unmanaged_instance_groups)
and [API](https://cloud.google.com/compute/docs/reference/latest/instanceGroups)
## Example Usage
### Empty instance group
```hcl
resource "google_compute_instance_group" "test" {
name = "terraform-test"
description = "Terraform test instance group"
zone = "us-central1-a"
network = "${google_compute_network.default.self_link}"
}
```
### With instances and named ports
```hcl
resource "google_compute_instance_group" "webservers" {
name = "terraform-webservers"
description = "Terraform test instance group"
instances = [
"${google_compute_instance.test.self_link}",
"${google_compute_instance.test2.self_link}",
]
named_port {
name = "http"
port = "8080"
}
named_port {
name = "https"
port = "8443"
}
zone = "us-central1-a"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) The name of the instance group. Must be 1-63
characters long and comply with
[RFC1035](https://www.ietf.org/rfc/rfc1035.txt). Supported characters
include lowercase letters, numbers, and hyphens.
* `zone` - (Required) The zone that this instance group should be created in.
- - -
* `description` - (Optional) An optional textual description of the instance
group.
* `instances` - (Optional) List of instances in the group. They should be given
as self_link URLs. When adding instances they must all be in the same
network and zone as the instance group.
* `named_port` - (Optional) The named port configuration. See the section below
for details on configuration.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `network` - (Optional) The URL of the network the instance group is in. If
this is different from the network where the instances are in, the creation
fails. Defaults to the network where the instances are in (if neither
`network` nor `instances` is specified, this field will be blank).
The `named_port` block supports:
* `name` - (Required) The name which the port will be mapped to.
* `port` - (Required) The port number to map the name to.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URI of the created resource.
* `size` - The number of instances in the group.

100
website/docs/r/compute_instance_group_manager.html.markdown Normal file
View File

@ -0,0 +1,100 @@
---
layout: "google"
page_title: "Google: google_compute_instance_group_manager"
sidebar_current: "docs-google-compute-instance-group-manager"
description: |-
Manages an Instance Group within GCE.
---
# google\_compute\_instance\_group\_manager
The Google Compute Engine Instance Group Manager API creates and manages pools
of homogeneous Compute Engine virtual machine instances from a common instance
template. For more information, see [the official documentation](https://cloud.google.com/compute/docs/instance-groups/manager)
and [API](https://cloud.google.com/compute/docs/instance-groups/manager/v1beta2/instanceGroupManagers)
## Example Usage
```hcl
resource "google_compute_instance_group_manager" "foobar" {
name = "terraform-test"
description = "Terraform test instance group manager"
base_instance_name = "foobar"
instance_template = "${google_compute_instance_template.foobar.self_link}"
update_strategy = "NONE"
zone = "us-central1-a"
target_pools = ["${google_compute_target_pool.foobar.self_link}"]
target_size = 2
named_port {
name = "customHTTP"
port = 8888
}
}
```
## Argument Reference
The following arguments are supported:
* `base_instance_name` - (Required) The base instance name to use for
instances in this group. The value must be a valid
[RFC1035](https://www.ietf.org/rfc/rfc1035.txt) name. Supported characters
are lowercase letters, numbers, and hyphens (-). Instances are named by
appending a hyphen and a random four-character string to the base instance
name.
* `instance_template` - (Required) The full URL to an instance template from
which all new instances will be created.
* `name` - (Required) The name of the instance group manager. Must be 1-63
characters long and comply with
[RFC1035](https://www.ietf.org/rfc/rfc1035.txt). Supported characters
include lowercase letters, numbers, and hyphens.
* `zone` - (Required) The zone that instances in this group should be created
in.
- - -
* `description` - (Optional) An optional textual description of the instance
group manager.
* `named_port` - (Optional) The named port configuration. See the section below
for details on configuration.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `update_strategy` - (Optional, Default `"RESTART"`) If the `instance_template`
resource is modified, a value of `"NONE"` will prevent any of the managed
instances from being restarted by Terraform. A value of `"RESTART"` will
restart all of the instances at once. In the future, as the GCE API matures
we will support `"ROLLING_UPDATE"` as well.
* `target_size` - (Optional) If not given at creation time, this defaults to 1.
Do not specify this if you are managing the group with an autoscaler, as
this will cause fighting.
* `target_pools` - (Optional) The full URL of all target pools to which new
instances in the group are added. Updating the target pools attribute does
not affect existing instances.
The `named_port` block supports: (Include a `named_port` block for each named-port required).
* `name` - (Required) The name of the port.
* `port` - (Required) The port number.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `fingerprint` - The fingerprint of the instance group manager.
* `instance_group` - The full URL of the instance group created by the manager.
* `self_link` - The URL of the created resource.

263
website/docs/r/compute_instance_template.html.markdown Normal file
View File

@ -0,0 +1,263 @@
---
layout: "google"
page_title: "Google: google_compute_instance_template"
sidebar_current: "docs-google-compute-instance-template"
description: |-
Manages a VM instance template resource within GCE.
---
# google\_compute\_instance\_template
Manages a VM instance template resource within GCE. For more information see
[the official documentation](https://cloud.google.com/compute/docs/instance-templates)
and
[API](https://cloud.google.com/compute/docs/reference/latest/instanceTemplates).
## Example Usage
```hcl
resource "google_compute_instance_template" "foobar" {
name = "terraform-test"
description = "template description"
tags = ["foo", "bar"]
instance_description = "description assigned to instances"
machine_type = "n1-standard-1"
can_ip_forward = false
scheduling {
automatic_restart = true
on_host_maintenance = "MIGRATE"
}
// Create a new boot disk from an image
disk {
source_image = "debian-cloud/debian-8"
auto_delete = true
boot = true
}
// Use an existing disk resource
disk {
source = "foo_existing_disk"
auto_delete = false
boot = false
}
network_interface {
network = "default"
}
metadata {
foo = "bar"
}
service_account {
scopes = ["userinfo-email", "compute-ro", "storage-ro"]
}
}
```
## Using with Instance Group Manager
Instance Templates cannot be updated after creation with the Google
Cloud Platform API. In order to update an Instance Template, Terraform will
destroy the existing resource and create a replacement. In order to effectively
use an Instance Template resource with an [Instance Group Manager resource][1],
it's recommended to specify `create_before_destroy` in a [lifecycle][2] block.
Either omit the Instance Template `name` attribute, or specify a partial name
with `name_prefix`. Example:
```hcl
resource "google_compute_instance_template" "instance_template" {
name_prefix = "instance-template-"
machine_type = "n1-standard-1"
region = "us-central1"
// boot disk
disk {
# ...
}
// networking
network_interface {
# ...
}
lifecycle {
create_before_destroy = true
}
}
resource "google_compute_instance_group_manager" "instance_group_manager" {
name = "instance-group-manager"
instance_template = "${google_compute_instance_template.instance_template.self_link}"
base_instance_name = "instance-group-manager"
zone = "us-central1-f"
target_size = "1"
}
```
With this setup Terraform generates a unique name for your Instance
Template and can then update the Instance Group manager without conflict before
destroying the previous Instance Template.
## Argument Reference
Note that changing any field for this resource forces a new resource to be created.
The following arguments are supported:
* `disk` - (Required) Disks to attach to instances created from this template.
This can be specified multiple times for multiple disks. Structure is
documented below.
* `machine_type` - (Required) The machine type to create.
- - -
* `name` - (Optional) The name of the instance template. If you leave
this blank, Terraform will auto-generate a unique name.
* `name_prefix` - (Optional) Creates a unique name beginning with the specified
prefix. Conflicts with `name`.
* `can_ip_forward` - (Optional) Whether to allow sending and receiving of
packets with non-matching source or destination IPs. This defaults to false.
* `description` - (Optional) A brief description of this resource.
* `instance_description` - (Optional) A brief description to use for instances
created from this template.
* `metadata` - (Optional) Metadata key/value pairs to make available from
within instances created from this template.
* `metadata_startup_script` - (Optional) An alternative to using the
startup-script metadata key, mostly to match the compute_instance resource.
This replaces the startup-script metadata key on the created instance and
thus the two mechanisms are not allowed to be used simultaneously.
* `network_interface` - (Required) Networks to attach to instances created from
this template. This can be specified multiple times for multiple networks.
Structure is documented below.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `region` - (Optional) An instance template is a global resource that is not
bound to a zone or a region. However, you can still specify some regional
resources in an instance template, which restricts the template to the
region where that resource resides. For example, a custom `subnetwork`
resource is tied to a specific region. Defaults to the region of the
Provider if no value is given.
* `scheduling` - (Optional) The scheduling strategy to use. More details about
this configuration option are detailed below.
* `service_account` - (Optional) Service account to attach to the instance. Structure is documented below.
* `tags` - (Optional) Tags to attach to the instance.
The `disk` block supports:
* `auto_delete` - (Optional) Whether or not the disk should be auto-deleted.
This defaults to true.
* `boot` - (Optional) Indicates that this is a boot disk.
* `device_name` - (Optional) A unique device name that is reflected into the
/dev/ tree of a Linux operating system running within the instance. If not
specified, the server chooses a default device name to apply to this disk.
* `disk_name` - (Optional) Name of the disk. When not provided, this defaults
to the name of the instance.
* `source_image` - (Required if source not set) The image from which to
initialize this disk. This can be one of: the image's `self_link`,
`projects/{project}/global/images/{image}`,
`projects/{project}/global/images/family/{family}`, `global/images/{image}`,
`global/images/family/{family}`, `family/{family}`, `{project}/{family}`,
`{project}/{image}`, `{family}`, or `{image}`.
* `interface` - (Optional) Specifies the disk interface to use for attaching
this disk.
* `mode` - (Optional) The mode in which to attach this disk, either READ_WRITE
or READ_ONLY. If you are attaching or creating a boot disk, this must
read-write mode.
* `source` - (Required if source_image not set) The name of the disk (such as
those managed by `google_compute_disk`) to attach.
* `disk_type` - (Optional) The GCE disk type. Can be either `"pd-ssd"`,
`"local-ssd"`, or `"pd-standard"`.
* `disk_size_gb` - (Optional) The size of the image in gigabytes. If not
specified, it will inherit the size of its base image.
* `type` - (Optional) The type of GCE disk, can be either `"SCRATCH"` or
`"PERSISTENT"`.
The `network_interface` block supports:
* `network` - (Optional) The name or self_link of the network to attach this interface to.
Use `network` attribute for Legacy or Auto subnetted networks and
`subnetwork` for custom subnetted networks.
* `subnetwork` - (Optional) the name of the subnetwork to attach this interface
to. The subnetwork must exist in the same `region` this instance will be
created in. Either `network` or `subnetwork` must be provided.
* `subnetwork_project` - (Optional) The project in which the subnetwork belongs.
If it is not provided, the provider project is used.
* `access_config` - (Optional) Access configurations, i.e. IPs via which this
instance can be accessed via the Internet. Omit to ensure that the instance
is not accessible from the Internet (this means that ssh provisioners will
not work unless you are running Terraform can send traffic to the instance's
network (e.g. via tunnel or because it is running on another cloud instance
on that network). This block can be repeated multiple times. Structure documented below.
The `access_config` block supports:
* `nat_ip` - (Optional) The IP address that will be 1:1 mapped to the instance's
network ip. If not given, one will be generated.
The `service_account` block supports:
* `email` - (Optional) The service account e-mail address. If not given, the
default Google Compute Engine service account is used.
* `scopes` - (Required) A list of service scopes. Both OAuth2 URLs and gcloud
short names are supported.
The `scheduling` block supports:
* `automatic_restart` - (Optional) Specifies whether the instance should be
automatically restarted if it is terminated by Compute Engine (not
terminated by a user). This defaults to true.
* `on_host_maintenance` - (Optional) Defines the maintenance behavior for this
instance.
* `preemptible` - (Optional) Allows instance to be preempted. This defaults to
false. Read more on this
[here](https://cloud.google.com/compute/docs/instances/preemptible).
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `metadata_fingerprint` - The unique fingerprint of the metadata.
* `self_link` - The URI of the created resource.
* `tags_fingerprint` - The unique fingerprint of the tags.
[1]: /docs/providers/google/r/compute_instance_group_manager.html
[2]: /docs/configuration/resources.html#lifecycle

67
website/docs/r/compute_network.html.markdown Normal file
View File

@ -0,0 +1,67 @@
---
layout: "google"
page_title: "Google: google_compute_network"
sidebar_current: "docs-google-compute-network"
description: |-
Manages a network within GCE.
---
# google\_compute\_network
Manages a network within GCE.
## Example Usage
```hcl
resource "google_compute_network" "default" {
name = "test"
auto_create_subnetworks = "true"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
- - -
* `auto_create_subnetworks` - (Optional) If set to true, this network will be
created in auto subnet mode, and Google will create a subnet for each region
automatically. If set to false, and `ipv4_range` is not set, a custom
subnetted network will be created that can support
`google_compute_subnetwork` resources. This attribute may not be used if
`ipv4_range` is specified.
* `description` - (Optional) A brief description of this resource.
* `ipv4_range` - (DEPRECATED, Optional) The IPv4 address range that machines in this network
are assigned to, represented as a CIDR block. If not set, an auto or custom
subnetted network will be created, depending on the value of
`auto_create_subnetworks` attribute. This attribute may not be used if
`auto_create_subnetworks` is specified. This attribute is deprecated.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `gateway_ipv4` - The IPv4 address of the gateway.
* `name` - The unique name of the network.
* `self_link` - The URI of the created resource.
## Import
Networks can be imported using the `name`, e.g.
```
$ terraform import google_compute_network.public my_network_name
```

39
website/docs/r/compute_project_metadata.html.markdown Normal file
View File

@ -0,0 +1,39 @@
---
layout: "google"
page_title: "Google: google_compute_project_metadata"
sidebar_current: "docs-google-compute-project-metadata"
description: |-
Manages common instance metadata
---
# google\_compute\_project\_metadata
Manages metadata common to all instances for a project in GCE.
## Example Usage
```hcl
resource "google_compute_project_metadata" "default" {
metadata {
foo = "bar"
fizz = "buzz"
"13" = "42"
}
}
```
## Argument Reference
The following arguments are supported:
* `metadata` - (Required) A series of key value pairs. Changing this resource
updates the GCE state.
- - -
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
## Attributes Reference
Only the arguments listed above are exposed as attributes.

132
website/docs/r/compute_region_backend_service.html.markdown Normal file
View File

@ -0,0 +1,132 @@
---
layout: "google"
page_title: "Google: google_compute_region_backend_service"
sidebar_current: "docs-google-compute-region-backend-service"
description: |-
Creates a Region Backend Service resource for Google Compute Engine.
---
# google\_compute\_region\_backend\_service
A Region Backend Service defines a regionally-scoped group of virtual machines that will serve traffic for load balancing.
For more information see [the official documentation](https://cloud.google.com/compute/docs/load-balancing/internal/)
and [API](https://cloud.google.com/compute/docs/reference/latest/backendServices).
## Example Usage
```tf
resource "google_compute_region_backend_service" "foobar" {
name = "blablah"
description = "Hello World 1234"
protocol = "TCP"
timeout_sec = 10
session_affinity = "CLIENT_IP"
backend {
group = "${google_compute_instance_group_manager.foo.instance_group}"
}
health_checks = ["${google_compute_health_check.default.self_link}"]
}
resource "google_compute_instance_group_manager" "foo" {
name = "terraform-test"
instance_template = "${google_compute_instance_template.foobar.self_link}"
base_instance_name = "foobar"
zone = "us-central1-f"
target_size = 1
}
resource "google_compute_instance_template" "foobar" {
name = "terraform-test"
machine_type = "n1-standard-1"
network_interface {
network = "default"
}
disk {
source_image = "debian-cloud/debian-8"
auto_delete = true
boot = true
}
}
resource "google_compute_health_check" "default" {
name = "test"
check_interval_sec = 1
timeout_sec = 1
tcp_health_check {
port = "80"
}
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) The name of the backend service.
* `health_checks` - (Required) Specifies a list of health check objects
for checking the health of the backend service.
- - -
* `backend` - (Optional) The list of backends that serve this BackendService.
Structure is documented below.
* `description` - (Optional) The textual description for the backend service.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `protocol` - (Optional) The protocol for incoming requests. Defaults to
`HTTP`.
* `session_affinity` - (Optional) How to distribute load. Options are `NONE` (no
affinity), `CLIENT_IP`, `CLIENT_IP_PROTO`, or `CLIENT_IP_PORT_PROTO`.
Defaults to `NONE`.
* `region` - (Optional) The Region in which the created address should reside.
If it is not provided, the provider region is used.
* `timeout_sec` - (Optional) The number of secs to wait for a backend to respond
to a request before considering the request failed. Defaults to `30`.
The `backend` block supports:
* `group` - (Required) The name or URI of a Compute Engine instance group
(`google_compute_instance_group_manager.xyz.instance_group`) that can
receive traffic. Instance groups must contain at least one instance.
* `balancing_mode` - (Optional) Defines the strategy for balancing load.
Defaults to `UTILIZATION`
* `capacity_scaler` - (Optional) A float in the range [0, 1.0] that scales the
maximum parameters for the group (e.g., max rate). A value of 0.0 will cause
no requests to be sent to the group (i.e., it adds the group in a drained
state). The default is 1.0.
* `description` - (Optional) Textual description for the backend.
* `max_rate` - (Optional) Maximum requests per second (RPS) that the group can
handle.
* `max_rate_per_instance` - (Optional) The maximum per-instance requests per
second (RPS).
* `max_utilization` - (Optional) The target CPU utilization for the group as a
float in the range [0.0, 1.0]. This flag can only be provided when the
balancing mode is `UTILIZATION`. Defaults to `0.8`.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `fingerprint` - The fingerprint of the backend service.
* `self_link` - The URI of the created resource.

74
website/docs/r/compute_route.html.markdown Normal file
View File

@ -0,0 +1,74 @@
---
layout: "google"
page_title: "Google: google_compute_route"
sidebar_current: "docs-google-compute-route"
description: |-
Manages a network route within GCE.
---
# google\_compute\_route
Manages a network route within GCE.
## Example Usage
```hcl
resource "google_compute_network" "foobar" {
name = "test"
ipv4_range = "10.0.0.0/16"
}
resource "google_compute_route" "foobar" {
name = "test"
dest_range = "15.0.0.0/24"
network = "${google_compute_network.foobar.name}"
next_hop_ip = "10.0.1.5"
priority = 100
}
```
## Argument Reference
The following arguments are supported:
* `dest_range` - (Required) The destination IPv4 address range that this
route applies to.
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
* `network` - (Required) The name or self_link of the network to attach this route to.
* `priority` - (Required) The priority of this route, used to break ties.
- - -
* `next_hop_gateway` - (Optional) The URL of the internet gateway to route
to if this route is matched. The alias "default-internet-gateway" can also
be used.
* `next_hop_instance` - (Optional) The name of the VM instance to route to
if this route is matched.
* `next_hop_instance_zone` - (Required when `next_hop_instance` is specified)
The zone of the instance specified in `next_hop_instance`.
* `next_hop_ip` - (Optional) The IP address of the next hop if this route
is matched.
* `next_hop_vpn_tunnel` - (Optional) The name of the VPN to route to if this
route is matched.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `tags` - (Optional) The tags that this route applies to.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `next_hop_network` - The name of the next hop network, if available.
* `self_link` - The URI of the created resource.

151
website/docs/r/compute_router.html.markdown Normal file
View File

@ -0,0 +1,151 @@
---
layout: "google"
page_title: "Google: google_compute_router"
sidebar_current: "docs-google-compute-router"
description: |-
Manages a Cloud Router resource.
---
# google\_compute\_router
Manages a Cloud Router resource. For more info, read the
[documentation](https://cloud.google.com/compute/docs/cloudrouter).
## Example Usage
```hcl
resource "google_compute_network" "foobar" {
name = "network-1"
}
resource "google_compute_subnetwork" "foobar" {
name = "subnet-1"
network = "${google_compute_network.foobar.self_link}"
ip_cidr_range = "10.0.0.0/16"
region = "us-central1"
}
resource "google_compute_address" "foobar" {
name = "vpn-gateway-1-address"
region = "${google_compute_subnetwork.foobar.region}"
}
resource "google_compute_vpn_gateway" "foobar" {
name = "vpn-gateway-1"
network = "${google_compute_network.foobar.self_link}"
region = "${google_compute_subnetwork.foobar.region}"
}
resource "google_compute_forwarding_rule" "foobar_esp" {
name = "vpn-gw-1-esp"
region = "${google_compute_vpn_gateway.foobar.region}"
ip_protocol = "ESP"
ip_address = "${google_compute_address.foobar.address}"
target = "${google_compute_vpn_gateway.foobar.self_link}"
}
resource "google_compute_forwarding_rule" "foobar_udp500" {
name = "vpn-gw-1-udp-500"
region = "${google_compute_forwarding_rule.foobar_esp.region}"
ip_protocol = "UDP"
port_range = "500-500"
ip_address = "${google_compute_address.foobar.address}"
target = "${google_compute_vpn_gateway.foobar.self_link}"
}
resource "google_compute_forwarding_rule" "foobar_udp4500" {
name = "vpn-gw-1-udp-4500"
region = "${google_compute_forwarding_rule.foobar_udp500.region}"
ip_protocol = "UDP"
port_range = "4500-4500"
ip_address = "${google_compute_address.foobar.address}"
target = "${google_compute_vpn_gateway.foobar.self_link}"
}
resource "google_compute_router" "foobar" {
name = "router-1"
region = "${google_compute_forwarding_rule.foobar_udp500.region}"
network = "${google_compute_network.foobar.self_link}"
bgp {
asn = 64512
}
}
resource "google_compute_vpn_tunnel" "foobar" {
name = "vpn-tunnel-1"
region = "${google_compute_forwarding_rule.foobar_udp4500.region}"
target_vpn_gateway = "${google_compute_vpn_gateway.foobar.self_link}"
shared_secret = "unguessable"
peer_ip = "8.8.8.8"
router = "${google_compute_router.foobar.name}"
}
resource "google_compute_router_interface" "foobar" {
name = "interface-1"
router = "${google_compute_router.foobar.name}"
region = "${google_compute_router.foobar.region}"
ip_range = "169.254.1.1/30"
vpn_tunnel = "${google_compute_vpn_tunnel.foobar.name}"
}
resource "google_compute_router_peer" "foobar" {
name = "peer-1"
router = "${google_compute_router.foobar.name}"
region = "${google_compute_router.foobar.region}"
peer_ip_address = "169.254.1.2"
peer_asn = 65513
advertised_route_priority = 100
interface = "${google_compute_router_interface.foobar.name}"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the router, required by GCE. Changing
this forces a new router to be created.
* `network` - (Required) The name or resource link to the network this Cloud Router
will use to learn and announce routes. Changing this forces a new router to be created.
* `bgp` - (Required) BGP information specific to this router.
Changing this forces a new router to be created.
Structure is documented below.
- - -
* `description` - (Optional) A description of the resource.
Changing this forces a new router to be created.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
Changing this forces a new router to be created.
* `region` - (Optional) The region this router should sit in. If not specified,
the project region will be used. Changing this forces a new router to be
created.
- - -
The `bgp` block supports:
* `asn` - (Required) Local BGP Autonomous System Number (ASN). Must be an
RFC6996 private ASN.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URI of the created resource.
## Import
Routers can be imported using the `region` and `name`, e.g.
```
$ terraform import google_compute_router.router-1 us-central1/router-1
```

62
website/docs/r/compute_router_interface.html.markdown Normal file
View File

@ -0,0 +1,62 @@
---
layout: "google"
page_title: "Google: google_compute_router_interface"
sidebar_current: "docs-google-compute-router-interface"
description: |-
Manages a Cloud Router interface.
---
# google\_compute\_router_interface
Manages a Cloud Router interface. For more info, read the
[documentation](https://cloud.google.com/compute/docs/cloudrouter).
## Example Usage
```hcl
resource "google_compute_router_interface" "foobar" {
name = "interface-1"
router = "router-1"
region = "us-central1"
ip_range = "169.254.1.1/30"
vpn_tunnel = "tunnel-1"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the interface, required by GCE. Changing
this forces a new interface to be created.
* `router` - (Required) The name of the router this interface will be attached to.
Changing this forces a new interface to be created.
* `vpn_tunnel` - (Required) The name or resource link to the VPN tunnel this
interface will be linked to. Changing this forces a new interface to be created.
- - -
* `ip_range` - (Optional) IP address and range of the interface. The IP range must be
in the RFC3927 link-local IP space. Changing this forces a new interface to be created.
* `project` - (Optional) The project in which this interface's router belongs. If it
is not provided, the provider project is used. Changing this forces a new interface to be created.
* `region` - (Optional) The region this interface's router sits in. If not specified,
the project region will be used. Changing this forces a new interface to be
created.
## Attributes Reference
Only the arguments listed above are exposed as attributes.
## Import
Router interfaces can be imported using the `region`, `router` and `name`, e.g.
```
$ terraform import google_compute_router_interface.interface-1 us-central1/router-1/interface-1
```

72
website/docs/r/compute_router_peer.html.markdown Normal file
View File

@ -0,0 +1,72 @@
---
layout: "google"
page_title: "Google: google_compute_router_peer"
sidebar_current: "docs-google-compute-router-peer"
description: |-
Manages a Cloud Router BGP peer.
---
# google\_compute\_router
Manages a Cloud Router BGP peer. For more info, read the
[documentation](https://cloud.google.com/compute/docs/cloudrouter).
## Example Usage
```hcl
resource "google_compute_router_peer" "foobar" {
name = "peer-1"
router = "router-1"
region = "us-central1"
peer_ip_address = "169.254.1.2"
peer_asn = 65513
advertised_route_priority = 100
interface = "interface-1"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for BGP peer, required by GCE. Changing
this forces a new peer to be created.
* `router` - (Required) The name of the router in which this BGP peer will be configured.
Changing this forces a new peer to be created.
* `interface` - (Required) The name of the interface the BGP peer is associated with.
Changing this forces a new peer to be created.
* `peer_ip_address` - (Required) IP address of the BGP interface outside Google Cloud.
Changing this forces a new peer to be created.
* `peer_asn` - (Required) Peer BGP Autonomous System Number (ASN).
Changing this forces a new peer to be created.
- - -
* `advertised_route_priority` - (Optional) The priority of routes advertised to this BGP peer.
Changing this forces a new peer to be created.
* `project` - (Optional) The project in which this peer's router belongs. If it
is not provided, the provider project is used. Changing this forces a new peer to be created.
* `region` - (Optional) The region this peer's router sits in. If not specified,
the project region will be used. Changing this forces a new peer to be
created.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `ip_address` - IP address of the interface inside Google Cloud Platform.
## Import
Router BGP peers can be imported using the `region`, `router` and `name`, e.g.
```
$ terraform import google_compute_router_peer.peer-1 us-central1/router-1/peer-1
```

66
website/docs/r/compute_snapshot.html.markdown Normal file
View File

@ -0,0 +1,66 @@
---
layout: "google"
page_title: "Google: google_compute_snapshot"
sidebar_current: "docs-google-compute-snapshot"
description: |-
Creates a new snapshot of a disk within GCE.
---
# google\_compute\_snapshot
Creates a new snapshot of a disk within GCE.
## Example Usage
```js
resource "google_compute_snapshot" "default" {
name = "test-snapshot"
source_disk = "test-disk"
zone = "us-central1-a"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
* `zone` - (Required) The zone where the source disk is located.
* `source_disk` - (Required) The disk which will be used as the source of the snapshot.
- - -
* `source_disk_encryption_key_raw` - (Optional) A 256-bit [customer-supplied encryption key]
(https://cloud.google.com/compute/docs/disks/customer-supplied-encryption),
encoded in [RFC 4648 base64](https://tools.ietf.org/html/rfc4648#section-4)
to decrypt the source disk.
* `snapshot_encryption_key_raw` - (Optional) A 256-bit [customer-supplied encryption key]
(https://cloud.google.com/compute/docs/disks/customer-supplied-encryption),
encoded in [RFC 4648 base64](https://tools.ietf.org/html/rfc4648#section-4)
to encrypt this snapshot.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `snapshot_encryption_key_sha256` - The [RFC 4648 base64]
(https://tools.ietf.org/html/rfc4648#section-4) encoded SHA-256 hash of the
[customer-supplied encryption key](https://cloud.google.com/compute/docs/disks/customer-supplied-encryption)
that protects this resource.
* `source_disk_encryption_key_sha256` - The [RFC 4648 base64]
(https://tools.ietf.org/html/rfc4648#section-4) encoded SHA-256 hash of the
[customer-supplied encryption key](https://cloud.google.com/compute/docs/disks/customer-supplied-encryption)
that protects the source disk.
* `source_disk_link` - The URI of the source disk.
* `self_link` - The URI of the created resource.

60
website/docs/r/compute_ssl_certificate.html.markdown Normal file
View File

@ -0,0 +1,60 @@
---
layout: "google"
page_title: "Google: google_compute_ssl_certificate"
sidebar_current: "docs-google-compute-ssl-certificate"
description: |-
Creates an SSL certificate resource necessary for HTTPS load balancing in GCE.
---
# google\_compute\_ssl\_certificate
Creates an SSL certificate resource necessary for HTTPS load balancing in GCE.
For more information see
[the official documentation](https://cloud.google.com/compute/docs/load-balancing/http/ssl-certificates) and
[API](https://cloud.google.com/compute/docs/reference/latest/sslCertificates).
## Example Usage
```hcl
resource "google_compute_ssl_certificate" "default" {
name_prefix = "my-certificate-"
description = "a description"
private_key = "${file("path/to/private.key")}"
certificate = "${file("path/to/certificate.crt")}"
}
```
## Argument Reference
The following arguments are supported:
* `certificate` - (Required) A local certificate file in PEM format. The chain
may be at most 5 certs long, and must include at least one intermediate
cert. Changing this forces a new resource to be created.
* `private_key` - (Required) Write only private key in PEM format.
Changing this forces a new resource to be created.
- - -
* `name` - (Optional) A unique name for the SSL certificate. If you leave
this blank, Terraform will auto-generate a unique name.
* `name_prefix` - (Optional) Creates a unique name beginning with the specified
prefix. Conflicts with `name`.
* `description` - (Optional) An optional description of this resource.
Changing this forces a new resource to be created.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `id` - A unique ID for the certificated, assigned by GCE.
* `self_link` - The URI of the created resource.

62
website/docs/r/compute_subnetwork.html.markdown Normal file
View File

@ -0,0 +1,62 @@
---
layout: "google"
page_title: "Google: google_compute_subnetwork"
sidebar_current: "docs-google-compute-subnetwork"
description: |-
Manages a subnetwork within GCE.
---
# google\_compute\_subnetwork
Manages a subnetwork within GCE. For more information see
[the official documentation](https://cloud.google.com/compute/docs/vpc/#vpc_networks_and_subnets)
and
[API](https://cloud.google.com/compute/docs/reference/latest/subnetworks).
## Example Usage
```hcl
resource "google_compute_subnetwork" "default-us-east1" {
name = "default-us-east1"
ip_cidr_range = "10.0.0.0/16"
network = "${google_compute_network.default.self_link}"
region = "us-east1"
}
```
## Argument Reference
The following arguments are supported:
* `ip_cidr_range` - (Required) The IP address range that machines in this
network are assigned to, represented as a CIDR block.
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
* `network` - (Required) The network name or resource link to the parent
network of this subnetwork. The parent network must have been created
in custom subnet mode.
- - -
* `description` - (Optional) Description of this subnetwork.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `region` - (Optional) The region this subnetwork will be created in. If
unspecified, this defaults to the region configured in the provider.
* `private_ip_google_access` - (Optional) Whether the VMs in this subnet
can access Google services without assigned external IP
addresses.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `gateway_address` - The IP address of the gateway.
* `self_link` - The URI of the created resource.

88
website/docs/r/compute_target_http_proxy.html.markdown Normal file
View File

@ -0,0 +1,88 @@
---
layout: "google"
page_title: "Google: google_compute_target_http_proxy"
sidebar_current: "docs-google-compute-target-http-proxy"
description: |-
Creates a Target HTTP Proxy resource in GCE.
---
# google\_compute\_target\_http\_proxy
Creates a target HTTP proxy resource in GCE. For more information see
[the official
documentation](https://cloud.google.com/compute/docs/load-balancing/http/target-proxies) and
[API](https://cloud.google.com/compute/docs/reference/latest/targetHttpProxies).
## Example Usage
```hcl
resource "google_compute_target_http_proxy" "default" {
name = "test-proxy"
description = "a description"
url_map = "${google_compute_url_map.default.self_link}"
}
resource "google_compute_url_map" "default" {
name = "url-map"
description = "a description"
default_service = "${google_compute_backend_service.default.self_link}"
host_rule {
hosts = ["mysite.com"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${google_compute_backend_service.default.self_link}"
path_rule {
paths = ["/*"]
service = "${google_compute_backend_service.default.self_link}"
}
}
}
resource "google_compute_backend_service" "default" {
name = "default-backend"
port_name = "http"
protocol = "HTTP"
timeout_sec = 10
health_checks = ["${google_compute_http_health_check.default.self_link}"]
}
resource "google_compute_http_health_check" "default" {
name = "test"
request_path = "/"
check_interval_sec = 1
timeout_sec = 1
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE. Changing
this forces a new resource to be created.
* `url_map` - (Required) The URL of a URL Map resource that defines the mapping
from the URL to the BackendService.
- - -
* `description` - (Optional) A description of this resource. Changing this
forces a new resource to be created.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `id` - A unique ID assigned by GCE.
* `self_link` - The URI of the created resource.

102
website/docs/r/compute_target_https_proxy.html.markdown Normal file
View File

@ -0,0 +1,102 @@
---
layout: "google"
page_title: "Google: google_compute_target_https_proxy"
sidebar_current: "docs-google-compute-target-https-proxy"
description: |-
Creates a Target HTTPS Proxy resource in GCE.
---
# google\_compute\_target\_https\_proxy
Creates a target HTTPS proxy resource in GCE. For more information see
[the official
documentation](https://cloud.google.com/compute/docs/load-balancing/http/target-proxies) and
[API](https://cloud.google.com/compute/docs/reference/latest/targetHttpsProxies).
## Example Usage
```hcl
resource "google_compute_target_https_proxy" "default" {
name = "test-proxy"
description = "a description"
url_map = "${google_compute_url_map.default.self_link}"
ssl_certificates = ["${google_compute_ssl_certificate.default.self_link}"]
}
resource "google_compute_ssl_certificate" "default" {
name = "my-certificate"
description = "a description"
private_key = "${file("path/to/private.key")}"
certificate = "${file("path/to/certificate.crt")}"
}
resource "google_compute_url_map" "default" {
name = "url-map"
description = "a description"
default_service = "${google_compute_backend_service.default.self_link}"
host_rule {
hosts = ["mysite.com"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${google_compute_backend_service.default.self_link}"
path_rule {
paths = ["/*"]
service = "${google_compute_backend_service.default.self_link}"
}
}
}
resource "google_compute_backend_service" "default" {
name = "default-backend"
port_name = "http"
protocol = "HTTP"
timeout_sec = 10
health_checks = ["${google_compute_http_health_check.default.self_link}"]
}
resource "google_compute_http_health_check" "default" {
name = "test"
request_path = "/"
check_interval_sec = 1
timeout_sec = 1
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE. Changing
this forces a new resource to be created.
* `ssl_certificates` - (Required) The URLs of the SSL Certificate resources that
authenticate connections between users and load balancing. Currently exactly
one must be specified.
* `url_map` - (Required) The URL of a URL Map resource that defines the mapping
from the URL to the BackendService.
- - -
* `description` - (Optional) A description of this resource. Changing this
forces a new resource to be created.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `id` - A unique ID assigned by GCE.
* `self_link` - The URI of the created resource.

75
website/docs/r/compute_target_pool.html.markdown Normal file
View File

@ -0,0 +1,75 @@
---
layout: "google"
page_title: "Google: google_compute_target_pool"
sidebar_current: "docs-google-compute-target-pool"
description: |-
Manages a Target Pool within GCE.
---
# google\_compute\_target\_pool
Manages a Target Pool within GCE. This is a collection of instances used as
target of a network load balancer (Forwarding Rule). For more information see
[the official
documentation](https://cloud.google.com/compute/docs/load-balancing/network/target-pools)
and [API](https://cloud.google.com/compute/docs/reference/latest/targetPools).
## Example Usage
```hcl
resource "google_compute_target_pool" "default" {
name = "test"
instances = [
"us-central1-a/myinstance1",
"us-central1-b/myinstance2",
]
health_checks = [
"${google_compute_http_health_check.default.name}",
]
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE. Changing
this forces a new resource to be created.
- - -
* `backup_pool` - (Optional) URL to the backup target pool. Must also set
failover\_ratio.
* `description` - (Optional) Textual description field.
* `failover_ratio` - (Optional) Ratio (0 to 1) of failed nodes before using the
backup pool (which must also be set).
* `health_checks` - (Optional) List of zero or one healthcheck names.
* `instances` - (Optional) List of instances in the pool. They can be given as
URLs, or in the form of "zone/name". Note that the instances need not exist
at the time of target pool creation, so there is no need to use the
Terraform interpolators to create a dependency on the instances from the
target pool.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `region` - (Optional) Where the target pool resides. Defaults to project
region.
* `session_affinity` - (Optional) How to distribute load. Options are "NONE" (no
affinity). "CLIENT\_IP" (hash of the source/dest addresses / ports), and
"CLIENT\_IP\_PROTO" also includes the protocol (default "NONE").
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URI of the created resource.

173
website/docs/r/compute_url_map.html.markdown Normal file
View File

@ -0,0 +1,173 @@
---
layout: "google"
page_title: "Google: google_compute_url_map"
sidebar_current: "docs-google-compute-url-map"
description: |-
Manages a URL Map resource in GCE.
---
# google\_compute\_url\_map
Manages a URL Map resource within GCE. For more information see
[the official documentation](https://cloud.google.com/compute/docs/load-balancing/http/url-map)
and
[API](https://cloud.google.com/compute/docs/reference/latest/urlMaps).
## Example Usage
```hcl
resource "google_compute_url_map" "foobar" {
name = "urlmap"
description = "a description"
default_service = "${google_compute_backend_service.home.self_link}"
host_rule {
hosts = ["mysite.com"]
path_matcher = "allpaths"
}
path_matcher {
name = "allpaths"
default_service = "${google_compute_backend_service.home.self_link}"
path_rule {
paths = ["/home"]
service = "${google_compute_backend_service.home.self_link}"
}
path_rule {
paths = ["/login"]
service = "${google_compute_backend_service.login.self_link}"
}
path_rule {
paths = ["/static"]
service = "${google_compute_backend_bucket.static.self_link}"
}
}
test {
service = "${google_compute_backend_service.home.self_link}"
host = "hi.com"
path = "/home"
}
}
resource "google_compute_backend_service" "login" {
name = "login-backend"
port_name = "http"
protocol = "HTTP"
timeout_sec = 10
health_checks = ["${google_compute_http_health_check.default.self_link}"]
}
resource "google_compute_backend_service" "home" {
name = "home-backend"
port_name = "http"
protocol = "HTTP"
timeout_sec = 10
health_checks = ["${google_compute_http_health_check.default.self_link}"]
}
resource "google_compute_http_health_check" "default" {
name = "test"
request_path = "/"
check_interval_sec = 1
timeout_sec = 1
}
resource "google_compute_backend_bucket" "static" {
name = "static-asset-backend-bucket"
bucket_name = "${google_storage_bucket.static.name}"
enable_cdn = true
}
resource "google_storage_bucket" "static" {
name = "static-asset-bucket"
location = "US"
}
```
## Argument Reference
The following arguments are supported:
* `default_service` - (Required) The URL of the backend service or backend bucket to use when none
of the given rules match. See the documentation for formatting the service/bucket
URL
[here](https://cloud.google.com/compute/docs/reference/latest/urlMaps#defaultService)
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
- - -
* `description` - (Optional) A brief description of this resource.
* `host_rule` - (Optional) A list of host rules. See below for configuration
options.
* `path_matcher` - (Optional) A list of paths to match. See below for
configuration options.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `test` - (Optional) The test to perform. See below for configuration options.
The `host_rule` block supports: (This block can be defined multiple times).
* `hosts` (Required) - A list of hosts to match against. See the documentation
for formatting each host
[here](https://cloud.google.com/compute/docs/reference/latest/urlMaps#hostRules.hosts)
* `description` - (Optional) An optional description of the host rule.
* `path_matcher` - (Required) The name of the `path_matcher` (defined below)
to apply this host rule to.
The `path_matcher` block supports: (This block can be defined multiple times)
* `default_service` - (Required) The URL for the backend service or backend bucket to use if none
of the given paths match. See the documentation for formatting the service/bucket
URL [here](https://cloud.google.com/compute/docs/reference/latest/urlMaps#pathMatcher.defaultService)
* `name` - (Required) The name of the `path_matcher` resource. Used by the
`host_rule` block above.
* `description` - (Optional) An optional description of the host rule.
The `path_matcher.path_rule` sub-block supports: (This block can be defined
multiple times)
* `paths` - (Required) The list of paths to match against. See the
documentation for formatting these [here](https://cloud.google.com/compute/docs/reference/latest/urlMaps#pathMatchers.pathRules.paths)
* `service` - (Required) The URL for the backend service or backend bucket to use if any
of the given paths match. See the documentation for formatting the service/bucket
URL [here](https://cloud.google.com/compute/docs/reference/latest/urlMaps#pathMatcher.defaultService)
The optional `test` block supports: (This block can be defined multiple times)
* `service` - (Required) The backend service or backend bucket that should be matched by this test.
* `host` - (Required) The host component of the URL being tested.
* `path` - (Required) The path component of the URL being tested.
* `description` - (Optional) An optional description of this test.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `fingerprint` - The unique fingerprint for this resource.
* `id` - The GCE assigned ID of the resource.
* `self_link` - The URI of the created resource.

112
website/docs/r/compute_vpn_gateway.html.markdown Normal file
View File

@ -0,0 +1,112 @@
---
layout: "google"
page_title: "Google: google_compute_vpn_gateway"
sidebar_current: "docs-google-compute-vpn-gateway"
description: |-
Manages a VPN Gateway in the GCE network
---
# google\_compute\_vpn\_gateway
Manages a VPN Gateway in the GCE network. For more info, read the
[documentation](https://cloud.google.com/compute/docs/vpn).
## Example Usage
```hcl
resource "google_compute_network" "network1" {
name = "network1"
ipv4_range = "10.120.0.0/16"
}
resource "google_compute_vpn_gateway" "target_gateway" {
name = "vpn1"
network = "${google_compute_network.network1.self_link}"
region = "${var.region}"
}
resource "google_compute_address" "vpn_static_ip" {
name = "vpn-static-ip"
region = "${var.region}"
}
resource "google_compute_forwarding_rule" "fr_esp" {
name = "fr-esp"
region = "${var.region}"
ip_protocol = "ESP"
ip_address = "${google_compute_address.vpn_static_ip.address}"
target = "${google_compute_vpn_gateway.target_gateway.self_link}"
}
resource "google_compute_forwarding_rule" "fr_udp500" {
name = "fr-udp500"
region = "${var.region}"
ip_protocol = "UDP"
port_range = "500"
ip_address = "${google_compute_address.vpn_static_ip.address}"
target = "${google_compute_vpn_gateway.target_gateway.self_link}"
}
resource "google_compute_forwarding_rule" "fr_udp4500" {
name = "fr-udp4500"
region = "${var.region}"
ip_protocol = "UDP"
port_range = "4500"
ip_address = "${google_compute_address.vpn_static_ip.address}"
target = "${google_compute_vpn_gateway.target_gateway.self_link}"
}
resource "google_compute_vpn_tunnel" "tunnel1" {
name = "tunnel1"
region = "${var.region}"
peer_ip = "15.0.0.120"
shared_secret = "a secret message"
target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway.self_link}"
depends_on = [
"google_compute_forwarding_rule.fr_esp",
"google_compute_forwarding_rule.fr_udp500",
"google_compute_forwarding_rule.fr_udp4500",
]
}
resource "google_compute_route" "route1" {
name = "route1"
network = "${google_compute_network.network1.name}"
dest_range = "15.0.0.0/24"
priority = 1000
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE. Changing
this forces a new resource to be created.
* `network` - (Required) The name or resource link to the network this VPN gateway
is accepting traffic for. Changing this forces a new resource to be created.
- - -
* `description` - (Optional) A description of the resource.
Changing this forces a new resource to be created.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `region` - (Optional) The region this gateway should sit in. If not specified,
the project region will be used. Changing this forces a new resource to be
created.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URI of the created resource.

141
website/docs/r/compute_vpn_tunnel.html.markdown Normal file
View File

@ -0,0 +1,141 @@
---
layout: "google"
page_title: "Google: google_compute_vpn_tunnel"
sidebar_current: "docs-google-compute-vpn-tunnel"
description: |-
Manages a VPN Tunnel to the GCE network
---
# google\_compute\_vpn\_tunnel
Manages a VPN Tunnel to the GCE network. For more info, read the
[documentation](https://cloud.google.com/compute/docs/vpn).
## Example Usage
```hcl
resource "google_compute_network" "network1" {
name = "network1"
}
resource "google_compute_subnetwork" "subnet1" {
name = "subnet1"
network = "${google_compute_network.network1.self_link}"
ip_cidr_range = "10.120.0.0/16"
region = "us-central1"
}
resource "google_compute_vpn_gateway" "target_gateway" {
name = "vpn1"
network = "${google_compute_network.network1.self_link}"
region = "${google_compute_subnetwork.subnet1.region}"
}
resource "google_compute_address" "vpn_static_ip" {
name = "vpn-static-ip"
region = "${google_compute_subnetwork.subnet1.region}"
}
resource "google_compute_forwarding_rule" "fr_esp" {
name = "fr-esp"
ip_protocol = "ESP"
ip_address = "${google_compute_address.vpn_static_ip.address}"
target = "${google_compute_vpn_gateway.target_gateway.self_link}"
}
resource "google_compute_forwarding_rule" "fr_udp500" {
name = "fr-udp500"
ip_protocol = "UDP"
port_range = "500-500"
ip_address = "${google_compute_address.vpn_static_ip.address}"
target = "${google_compute_vpn_gateway.target_gateway.self_link}"
}
resource "google_compute_forwarding_rule" "fr_udp4500" {
name = "fr-udp4500"
ip_protocol = "UDP"
port_range = "4500-4500"
ip_address = "${google_compute_address.vpn_static_ip.address}"
target = "${google_compute_vpn_gateway.target_gateway.self_link}"
}
resource "google_compute_vpn_tunnel" "tunnel1" {
name = "tunnel1"
peer_ip = "15.0.0.120"
shared_secret = "a secret message"
target_vpn_gateway = "${google_compute_vpn_gateway.target_gateway.self_link}"
local_traffic_selector = ["${google_compute_subnetwork.subnet1.ip_cidr_range}"]
remote_traffic_selector = ["172.16.0.0/12"]
depends_on = [
"google_compute_forwarding_rule.fr_esp",
"google_compute_forwarding_rule.fr_udp500",
"google_compute_forwarding_rule.fr_udp4500",
]
}
resource "google_compute_route" "route1" {
name = "route1"
network = "${google_compute_network.network1.name}"
dest_range = "15.0.0.0/24"
priority = 1000
next_hop_vpn_tunnel = "${google_compute_vpn_tunnel.tunnel1.self_link}"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by GCE. Changing
this forces a new resource to be created.
* `peer_ip` - (Required) The VPN gateway sitting outside of GCE. Changing this
forces a new resource to be created.
* `shared_secret` - (Required) A passphrase shared between the two VPN gateways.
Changing this forces a new resource to be created.
* `target_vpn_gateway` - (Required) A link to the VPN gateway sitting inside
GCE. Changing this forces a new resource to be created.
- - -
* `description` - (Optional) A description of the resource. Changing this forces
a new resource to be created.
* `ike_version` - (Optional) Either version 1 or 2. Default is 2. Changing this
forces a new resource to be created.
* `local_traffic_selector` - (Optional) Specifies which CIDR ranges are
announced to the VPN peer. Mandatory if the VPN gateway is attached to a
custom subnetted network. Refer to Google documentation for more
information.
* `remote_traffic_selector` - (Optional) Specifies which CIDR ranges the VPN
tunnel can route to the remote side. Mandatory if the VPN gateway is attached to a
custom subnetted network. Refer to Google documentation for more
information.
* `router` - (Optional) Name of a Cloud Router in the same region
to be used for dynamic routing. Refer to Google documentation for more
information.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `region` - (Optional) The region this tunnel should sit in. If not specified,
the project region will be used. Changing this forces a new resource to be
created.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `detailed_status` - Information about the status of the VPN tunnel.
* `self_link` - The URI of the created resource.

188
website/docs/r/container_cluster.html.markdown Normal file
View File

@ -0,0 +1,188 @@
---
layout: "google"
page_title: "Google: google_container_cluster"
sidebar_current: "docs-google-container-cluster"
description: |-
Creates a GKE cluster.
---
# google\_container\_cluster
!> **Warning:** Due to limitations of the API, all arguments except
`node_version` are non-updateable. Changing any will cause recreation of the
whole cluster!
~> **Note:** All arguments including the username and password will be stored in the raw state as plain-text.
[Read more about sensitive data in state](/docs/state/sensitive-data.html).
## Example usage
```hcl
resource "google_container_cluster" "primary" {
name = "marcellus-wallace"
zone = "us-central1-a"
initial_node_count = 3
additional_zones = [
"us-central1-b",
"us-central1-c",
]
master_auth {
username = "mr.yoda"
password = "adoy.rm"
}
node_config {
oauth_scopes = [
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]
}
}
```
## Argument Reference
* `initial_node_count` - (Required) The number of nodes to create in this
cluster (not including the Kubernetes master).
* `name` - (Required) The name of the cluster, unique within the project and
zone.
* `zone` - (Required) The zone that the master and the number of nodes specified
in `initial_node_count` should be created in.
- - -
* `master_auth` - (Optional) The authentication information for accessing the
Kubernetes master.
* `additional_zones` - (Optional) If additional zones are configured, the number
of nodes specified in `initial_node_count` is created in all specified zones.
* `addons_config` - (Optional) The configuration for addons supported by Google
Container Engine
* `cluster_ipv4_cidr` - (Optional) The IP address range of the container pods in
this cluster. Default is an automatically assigned CIDR.
* `description` - (Optional) Description of the cluster.
* `logging_service` - (Optional) The logging service that the cluster should
write logs to. Available options include `logging.googleapis.com` and
`none`. Defaults to `logging.googleapis.com`
* `monitoring_service` - (Optional) The monitoring service that the cluster
should write metrics to. Available options include
`monitoring.googleapis.com` and `none`. Defaults to
`monitoring.googleapis.com`
* `network` - (Optional) The name or self_link of the Google Compute Engine
network to which the cluster is connected
* `node_config` - (Optional) The machine type and image to use for all nodes in
this cluster
* `node_pool` - (Optional) List of node pools associated with this cluster.
* `node_version` - (Optional) The Kubernetes version on the nodes. Also affects
the initial master version on cluster creation. Updates affect nodes only.
Defaults to the default version set by GKE which is not necessarily the latest
version.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `subnetwork` - (Optional) The name of the Google Compute Engine subnetwork in
which the cluster's instances are launched
**Master Auth** supports the following arguments:
* `password` - (Required) The password to use for HTTP basic authentication when accessing
the Kubernetes master endpoint
* `username` - (Required) The username to use for HTTP basic authentication when accessing
the Kubernetes master endpoint
**Node Config** supports the following arguments:
* `machine_type` - (Optional) The name of a Google Compute Engine machine type.
Defaults to `n1-standard-1`.
* `disk_size_gb` - (Optional) Size of the disk attached to each node, specified
in GB. The smallest allowed disk size is 10GB. Defaults to 100GB.
* `local_ssd_count` - (Optional) The amount of local SSD disks that will be
attached to each cluster node. Defaults to 0.
* `oauth_scopes` - (Optional) The set of Google API scopes to be made available
on all of the node VMs under the "default" service account. These can be
either FQDNs, or scope aliases. The following scopes are necessary to ensure
the correct functioning of the cluster:
* `compute-rw` (`https://www.googleapis.com/auth/compute`)
* `storage-ro` (`https://www.googleapis.com/auth/devstorage.read_only`)
* `logging-write` (`https://www.googleapis.com/auth/logging.write`),
if `logging_service` points to Google
* `monitoring` (`https://www.googleapis.com/auth/monitoring`),
if `monitoring_service` points to Google
* `service_account` - (Optional) The service account to be used by the Node VMs.
If not specified, the "default" service account is used.
* `metadata` - (Optional) The metadata key/value pairs assigned to instances in
the cluster.
* `image_type` - (Optional) The image type to use for this node.
**Addons Config** supports the following addons:
* `http_load_balancing` - (Optional) The status of the HTTP Load Balancing
add-on. It is enabled by default; set `disabled = true` to disable.
* `horizontal_pod_autoscaling` - (Optional) The status of the Horizontal Pod
Autoscaling addon. It is enabled by default; set `disabled = true` to
disable.
This example `addons_config` disables both addons:
```
addons_config {
http_load_balancing {
disabled = true
}
horizontal_pod_autoscaling {
disabled = true
}
}
```
**Node Pool** supports the following arguments:
* `initial_node_count` - (Required) The initial node count for the pool.
* `name` - (Optional) The name of the node pool. If left blank, Terraform will
auto-generate a unique name.
* `name_prefix` - (Optional) Creates a unique name for the node pool beginning
with the specified prefix. Conflicts with `name`.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `endpoint` - The IP address of this cluster's Kubernetes master
* `instance_group_urls` - List of instance group URLs which have been assigned
to the cluster
* `master_auth.client_certificate` - Base64 encoded public certificate
used by clients to authenticate to the cluster endpoint.
* `master_auth.client_key` - Base64 encoded private key used by clients
to authenticate to the cluster endpoint
* `master_auth.cluster_ca_certificate` - Base64 encoded public certificate
that is the root of trust for the cluster

69
website/docs/r/container_node_pool.html.markdown Normal file
View File

@ -0,0 +1,69 @@
---
layout: "google"
page_title: "Google: google_container_node_pool"
sidebar_current: "docs-google-container-node-pool"
description: |-
Manages a GKE NodePool resource.
---
# google\_container\_node\_pool
Manages a Node Pool resource within GKE. For more information see
[the official documentation](https://cloud.google.com/container-engine/docs/node-pools)
and
[API](https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.nodePools).
## Example usage
```hcl
resource "google_container_node_pool" "np" {
name = "my-node-pool"
zone = "us-central1-a"
cluster = "${google_container_cluster.primary.name}"
initial_node_count = 3
}
resource "google_container_cluster" "primary" {
name = "marcellus-wallace"
zone = "us-central1-a"
initial_node_count = 3
additional_zones = [
"us-central1-b",
"us-central1-c",
]
master_auth {
username = "mr.yoda"
password = "adoy.rm"
}
node_config {
oauth_scopes = [
"https://www.googleapis.com/auth/compute",
"https://www.googleapis.com/auth/devstorage.read_only",
"https://www.googleapis.com/auth/logging.write",
"https://www.googleapis.com/auth/monitoring",
]
}
}
```
## Argument Reference
* `zone` - (Required) The zone in which the cluster resides.
* `cluster` - (Required) The cluster to create the node pool for.
* `initial_node_count` - (Required) The initial node count for the pool.
- - -
* `project` - (Optional) The project in which to create the node pool. If blank,
the provider-configured project will be used.
* `name` - (Optional) The name of the node pool. If left blank, Terraform will
auto-generate a unique name.
* `name_prefix` - (Optional) Creates a unique name for the node pool beginning
with the specified prefix. Conflicts with `name`.

46
website/docs/r/dns_managed_zone.markdown Normal file
View File

@ -0,0 +1,46 @@
---
layout: "google"
page_title: "Google: google_dns_managed_zone"
sidebar_current: "docs-google-dns-managed-zone"
description: |-
Manages a zone within Google Cloud DNS.
---
# google\_dns\_managed_zone
Manages a zone within Google Cloud DNS.
## Example Usage
```hcl
resource "google_dns_managed_zone" "prod" {
name = "prod-zone"
dns_name = "prod.mydomain.com."
description = "Production DNS zone"
}
```
## Argument Reference
The following arguments are supported:
* `dns_name` - (Required) The DNS name of this zone, e.g. "terraform.io".
* `name` - (Required) A unique name for the resource, required by GCE.
Changing this forces a new resource to be created.
- - -
* `description` - (Optional) A textual description field. Defaults to 'Managed by Terraform'.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `name_servers` - The list of nameservers that will be authoritative for this
domain. Use NS records to redirect from your DNS provider to these names,
thus making Google Cloud DNS authoritative for this zone.

72
website/docs/r/dns_record_set.markdown Normal file
View File

@ -0,0 +1,72 @@
---
layout: "google"
page_title: "Google: google_dns_record_set"
sidebar_current: "docs-google-dns-record-set"
description: |-
Manages a set of DNS records within Google Cloud DNS.
---
# google\_dns\_record\_set
Manages a set of DNS records within Google Cloud DNS.
## Example Usage
This example is the common case of binding a DNS name to the ephemeral IP of a new instance:
```hcl
resource "google_compute_instance" "frontend" {
name = "frontend"
machine_type = "g1-small"
zone = "us-central1-b"
disk {
image = "debian-cloud/debian-8"
}
network_interface {
network = "default"
access_config = {}
}
}
resource "google_dns_managed_zone" "prod" {
name = "prod-zone"
dns_name = "prod.mydomain.com."
}
resource "google_dns_record_set" "frontend" {
name = "frontend.${google_dns_managed_zone.prod.dns_name}"
type = "A"
ttl = 300
managed_zone = "${google_dns_managed_zone.prod.name}"
rrdatas = ["${google_compute_instance.frontend.network_interface.0.access_config.0.assigned_nat_ip}"]
}
```
## Argument Reference
The following arguments are supported:
* `managed_zone` - (Required) The name of the zone in which this record set will
reside.
* `name` - (Required) The DNS name this record set will apply to.
* `rrdatas` - (Required) The string data for the records in this record set
whose meaning depends on the DNS type.
* `ttl` - (Required) The time-to-live of this record set (seconds).
* `type` - (Required) The DNS record set type.
- - -
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
## Attributes Reference
Only the arguments listed above are exposed as attributes.

103
website/docs/r/google_project.html.markdown Executable file
View File

@ -0,0 +1,103 @@
---
layout: "google"
page_title: "Google: google_project"
sidebar_current: "docs-google-project"
description: |-
Allows management of a Google Cloud Platform project.
---
# google\_project
Allows creation and management of a Google Cloud Platform project.
Projects created with this resource must be associated with an Organization.
See the [Organization documentation](https://cloud.google.com/resource-manager/docs/quickstarts) for more details.
The service account used to run Terraform when creating a `google_project`
resource must have `roles/resourcemanager.projectCreator`. See the
[Access Control for Organizations Using IAM](https://cloud.google.com/resource-manager/docs/access-control-org)
doc for more information.
Note that prior to 0.8.5, `google_project` functioned like a data source,
meaning any project referenced by it had to be created and managed outside
Terraform. As of 0.8.5, `google_project` functions like any other Terraform
resource, with Terraform creating and managing the project. To replicate the old
behavior, either:
* Use the project ID directly in whatever is referencing the project, using the
[google_project_iam_policy](/docs/providers/google/r/google_project_iam_policy.html)
to replace the old `policy_data` property.
* Use the [import](/docs/import/usage.html) functionality
to import your pre-existing project into Terraform, where it can be referenced and
used just like always, keeping in mind that Terraform will attempt to undo any changes
made outside Terraform.
~> It's important to note that any project resources that were added to your Terraform config
prior to 0.8.5 will continue to function as they always have, and will not be managed by
Terraform. Only newly added projects are affected.
## Example Usage
```hcl
resource "google_project" "my_project" {
project_id = "your-project-id"
org_id = "1234567"
}
```
## Argument Reference
The following arguments are supported:
* `project_id` - (Optional) The project ID.
Changing this forces a new project to be created. If this attribute is not
set, `id` must be set. As `id` is deprecated, consider this attribute
required. If you are using `project_id` and creating a new project, the
`org_id` and `name` attributes are also required.
* `id` - (Deprecated) The project ID.
This attribute has unexpected behaviour and probably does not work
as users would expect; it has been deprecated, and will be removed in future
versions of Terraform. The `project_id` attribute should be used instead. See
[below](#id-field) for more information about its behaviour.
* `org_id` - (Optional) The numeric ID of the organization this project belongs to.
This is required if you are creating a new project.
Changing this forces a new project to be created.
* `billing_account` - (Optional) The alphanumeric ID of the billing account this project
belongs to. The user or service account performing this operation with Terraform
must have Billing Account Administrator privileges (`roles/billing.admin`) in
the organization. See [Google Cloud Billing API Access Control](https://cloud.google.com/billing/v1/how-tos/access-control)
for more details.
* `name` - (Optional) The display name of the project.
This is required if you are creating a new project.
* `skip_delete` - (Optional) If true, the Terraform resource can be deleted
without deleting the Project via the Google API.
* `policy_data` - (Deprecated) The IAM policy associated with the project.
This argument is no longer supported, and will be removed in a future version
of Terraform. It should be replaced with a `google_project_iam_policy` resource.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `number` - The numeric identifier of the project.
* `policy_etag` - (Deprecated) The etag of the project's IAM policy, used to
determine if the IAM policy has changed. Please use `google_project_iam_policy`'s
`etag` property instead; future versions of Terraform will remove the `policy_etag`
attribute
## ID Field
In versions of Terraform prior to 0.8.5, `google_project` resources used an `id` field in
config files to specify the project ID. Unfortunately, due to limitations in Terraform,
this field always looked empty to Terraform. Terraform fell back on using the project
the Google Cloud provider is configured with. If you're using the `id` field in your
configurations, know that it is being ignored, and its value will always be seen as the
ID of the project being used to authenticate Terraform's requests. You should move to the
`project_id` field as soon as possible.

73
website/docs/r/google_project_iam_policy.html.markdown Normal file
View File

@ -0,0 +1,73 @@
---
layout: "google"
page_title: "Google: google_project_iam_policy"
sidebar_current: "docs-google-project-iam-policy"
description: |-
Allows management of an IAM policy for a Google Cloud Platform project.
---
# google\_project\_iam\_policy
Allows creation and management of an IAM policy for an existing Google Cloud
Platform project.
~> **Be careful!** You can accidentally lock yourself out of your project
using this resource. Proceed with caution.
## Example Usage
```hcl
resource "google_project_iam_policy" "project" {
project = "your-project-id"
policy_data = "${data.google_iam_policy.admin.policy_data}"
}
data "google_iam_policy" "admin" {
binding {
role = "roles/editor"
members = [
"user:jane@example.com",
]
}
}
```
## Argument Reference
The following arguments are supported:
* `project` - (Required) The project ID.
Changing this forces a new project to be created.
* `policy_data` - (Required) The `google_iam_policy` data source that represents
the IAM policy that will be applied to the project. The policy will be
merged with any existing policy applied to the project.
Changing this updates the policy.
Deleting this removes the policy, but leaves the original project policy
intact. If there are overlapping `binding` entries between the original
project policy and the data source policy, they will be removed.
* `authoritative` - (Optional) A boolean value indicating if this policy
should overwrite any existing IAM policy on the project. When set to true,
**any policies not in your config file will be removed**. This can **lock
you out** of your project until an Organization Administrator grants you
access again, so please exercise caution. If this argument is `true` and you
want to delete the resource, you must set the `disable_project` argument to
`true`, acknowledging that the project will be inaccessible to anyone but the
Organization Admins, as it will no longer have an IAM policy.
* `disable_project` - (Optional) A boolean value that must be set to `true`
if you want to delete a `google_project_iam_policy` that is authoritative.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `etag` - (Computed) The etag of the project's IAM policy.
* `restore_policy` - (Computed) The IAM policy that will be restored when a
non-authoritative policy resource is deleted.

35
website/docs/r/google_project_services.html.markdown Normal file
View File

@ -0,0 +1,35 @@
---
layout: "google"
page_title: "Google: google_project_services"
sidebar_current: "docs-google-project-services"
description: |-
Allows management of API services for a Google Cloud Platform project.
---
# google\_project\_services
Allows management of enabled API services for an existing Google Cloud
Platform project. Services in an existing project that are not defined
in the config will be removed.
For a list of services available, visit the
[API library page](https://console.cloud.google.com/apis/library) or run `gcloud service-management list`.
## Example Usage
```hcl
resource "google_project_services" "project" {
project = "your-project-id"
services = ["iam.googleapis.com", "cloudresourcemanager.googleapis.com"]
}
```
## Argument Reference
The following arguments are supported:
* `project` - (Required) The project ID.
Changing this forces a new project to be created.
* `services` - (Required) The list of services that are enabled. Supports
update.

73
website/docs/r/google_service_account.html.markdown Normal file
View File

@ -0,0 +1,73 @@
---
layout: "google"
page_title: "Google: google_service_account"
sidebar_current: "docs-google-service-account"
description: |-
Allows management of a Google Cloud Platform service account.
---
# google\_service\_account
Allows management of a [Google Cloud Platform service account](https://cloud.google.com/compute/docs/access/service-accounts)
## Example Usage
This snippet creates a service account, then gives it objectViewer
permission in a project.
```hcl
resource "google_service_account" "object_viewer" {
account_id = "object-viewer"
display_name = "Object viewer"
}
resource "google_project" "my_project" {
id = "your-project-id"
policy_data = "${data.google_iam_policy.admin.policy_data}"
}
data "google_iam_policy" "admin" {
binding {
role = "roles/storage.objectViewer"
members = [
"serviceAccount:${google_service_account.object_viewer.email}",
]
}
}
```
## Argument Reference
The following arguments are supported:
* `account_id` - (Required) The service account ID.
Changing this forces a new service account to be created.
* `display_name` - (Optional) The display name for the service account.
Can be updated without creating a new resource.
* `project` - (Optional) The project that the service account will be created in.
Defaults to the provider project configuration.
* `policy_data` - (Optional) The `google_iam_policy` data source that represents
the IAM policy that will be applied to the service account. The policy will be
merged with any existing policy.
Changing this updates the policy.
Deleting this removes the policy declared in Terraform. Any policy bindings
associated with the project before Terraform was used are not deleted.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `email` - The e-mail address of the service account. This value
should be referenced from any `google_iam_policy` data sources
that would grant the service account privileges.
* `name` - The fully-qualified name of the service account.
* `unique_id` - The unique id of the service account.

71
website/docs/r/pubsub_subscription.html.markdown Normal file
View File

@ -0,0 +1,71 @@
---
layout: "google"
page_title: "Google: google_pubsub_subscription"
sidebar_current: "docs-google-pubsub-subscription"
description: |-
Creates a subscription in Google's pubsub queueing system
---
# google\_pubsub\_subscription
Creates a subscription in Google's pubsub queueing system. For more information see
[the official documentation](https://cloud.google.com/pubsub/docs) and
[API](https://cloud.google.com/pubsub/reference/rest/v1/projects.subscriptions).
## Example Usage
```hcl
resource "google_pubsub_subscription" "default" {
name = "default-subscription"
topic = "default-topic"
ack_deadline_seconds = 20
push_config {
endpoint = "https://example.com/push"
attributes {
x-goog-version = "v1"
}
}
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by pubsub.
Changing this forces a new resource to be created.
* `topic` - (Required) A topic to bind this subscription to, required by pubsub.
Changing this forces a new resource to be created.
- - -
* `ack_deadline_seconds` - (Optional) The maximum number of seconds a
subscriber has to acknowledge a received message, otherwise the message is
redelivered. Changing this forces a new resource to be created.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `push_config` - (Optional) Block configuration for push options. More
configuration options are detailed below.
The optional `push_config` block supports:
* `push_endpoint` - (Optional) The URL of the endpoint to which messages should
be pushed. Changing this forces a new resource to be created.
* `attributes` - (Optional) Key-value pairs of API supported attributes used
to control aspects of the message delivery. Currently, only
`x-goog-version` is supported, which controls the format of the data
delivery. For more information, read [the API docs
here](https://cloud.google.com/pubsub/reference/rest/v1/projects.subscriptions#PushConfig.FIELDS.attributes).
Changing this forces a new resource to be created.
## Attributes Reference
* `path` - Path of the subscription in the format `projects/{project}/subscriptions/{sub}`

38
website/docs/r/pubsub_topic.html.markdown Normal file
View File

@ -0,0 +1,38 @@
---
layout: "google"
page_title: "Google: google_pubsub_topic"
sidebar_current: "docs-google-pubsub-topic"
description: |-
Creates a topic in Google's pubsub queueing system
---
# google\_pubsub\_topic
Creates a topic in Google's pubsub queueing system. For more information see
[the official documentation](https://cloud.google.com/pubsub/docs) and
[API](https://cloud.google.com/pubsub/docs/reference/rest/v1/projects.topics).
## Example Usage
```hcl
resource "google_pubsub_topic" "default" {
name = "default-topic"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) A unique name for the resource, required by pubsub.
Changing this forces a new resource to be created.
- - -
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
## Attributes Reference
Only the arguments listed above are exposed as attributes.

50
website/docs/r/sql_database.html.markdown Normal file
View File

@ -0,0 +1,50 @@
---
layout: "google"
page_title: "Google: google_sql_database"
sidebar_current: "docs-google-sql-database"
description: |-
Creates a new SQL database in Google Cloud SQL.
---
# google\_sql\_database
Creates a new Google SQL Database on a Google SQL Database Instance. For more information, see the [official documentation](https://cloud.google.com/sql/), or the [JSON API](https://cloud.google.com/sql/docs/admin-api/v1beta4/databases).
## Example Usage
Example creating a SQL Database.
```hcl
resource "google_sql_database_instance" "master" {
name = "master-instance"
settings {
tier = "D0"
}
}
resource "google_sql_database" "users" {
name = "image-store-bucket"
instance = "${google_sql_database_instance.master.name}"
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) The name of the database.
* `instance` - (Required) The name of containing instance.
- - -
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URI of the created resource.

196
website/docs/r/sql_database_instance.html.markdown Normal file
View File

@ -0,0 +1,196 @@
---
layout: "google"
page_title: "Google: google_sql_database_instance"
sidebar_current: "docs-google-sql-database-instance"
description: |-
Creates a new SQL database instance in Google Cloud SQL.
---
# google\_sql\_database\_instance
Creates a new Google SQL Database Instance. For more information, see the [official documentation](https://cloud.google.com/sql/), or the [JSON API](https://cloud.google.com/sql/docs/admin-api/v1beta4/instances).
~> **NOTE on `google_sql_database_instance`:** - Second-generation instances include a
default 'root'@'%' user with no password. This user will be deleted by Terraform on
instance creation. You should use a `google_sql_user` to define a customer user with
a restricted host and strong password.
## Example Usage
Example creating a SQL Database.
```hcl
resource "google_sql_database_instance" "master" {
name = "master-instance"
settings {
tier = "D0"
}
}
```
## Argument Reference
The following arguments are supported:
* `region` - (Required) The region the instance will sit in. Note, this does
not line up with the Google Compute Engine (GCE) regions - your options are
`us-central`, `asia-west1`, `europe-west1`, and `us-east1`.
* `settings` - (Required) The settings to use for the database. The
configuration is detailed below.
- - -
* `database_version` - (Optional, Default: `MYSQL_5_6`) The MySQL version to
use. Can be either `MYSQL_5_6` or `MYSQL_5_7` for second-generation
instances, or `MYSQL_5_5` or `MYSQL_5_6` for first-generation instances.
See Google's [Second Generation Capabilities](https://cloud.google.com/sql/docs/1st-2nd-gen-differences)
for more information.
* `name` - (Optional, Computed) The name of the instance. If the name is left
blank, Terraform will randomly generate one when the instance is first
created. This is done because after a name is used, it cannot be reused for
up to [one week](https://cloud.google.com/sql/docs/delete-instance).
* `master_instance_name` - (Optional) The name of the instance that will act as
the master in the replication setup. Note, this requires the master to have
`binary_log_enabled` set, as well as existing backups.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `replica_configuration` - (Optional) The configuration for replication. The
configuration is detailed below.
The required `settings` block supports:
* `tier` - (Required) The machine tier (First Generation) or type (Second Generation) to use. See
[tiers](https://cloud.google.com/sql/docs/admin-api/v1beta4/tiers) for more details and
supported versions.
* `activation_policy` - (Optional) This specifies when the instance should be
active. Can be either `ALWAYS`, `NEVER` or `ON_DEMAND`.
* `authorized_gae_applications` - (Optional) A list of Google App Engine (GAE)
project names that are allowed to access this instance.
* `crash_safe_replication` - (Optional) Specific to read instances, indicates
when crash-safe replication flags are enabled.
* `disk_autoresize` - (Optional, Second Generation, Default: `true`) Configuration to increase storage size automatically.
* `disk_size` - (Optional, Second Generation, Default: `10`) The size of data disk, in GB. Size of a running instance cannot be reduced but can be increased.
* `disk_type` - (Optional, Second Generation, Default: `PD_SSD`) The type of data disk: PD_SSD or PD_HDD.
* `pricing_plan` - (Optional, First Generation) Pricing plan for this instance, can be one of
`PER_USE` or `PACKAGE`.
* `replication_type` - (Optional) Replication type for this instance, can be one
of `ASYNCHRONOUS` or `SYNCHRONOUS`.
The optional `settings.database_flags` sublist supports:
* `name` - (Optional) Name of the flag.
* `value` - (Optional) Value of the flag.
The optional `settings.backup_configuration` subblock supports:
* `binary_log_enabled` - (Optional) True iff binary logging is enabled. If
`logging` is false, this must be as well.
* `enabled` - (Optional) True iff backup configuration is enabled.
* `start_time` - (Optional) `HH:MM` format time indicating when backup
configuration starts.
The optional `settings.ip_configuration` subblock supports:
* `ipv4_enabled` - (Optional) True iff the instance should be assigned an IP
address.
* `require_ssl` - (Optional) True iff mysqld should default to `REQUIRE X509`
for users connecting over IP.
The optional `settings.ip_configuration.authorized_networks[]` sublist supports:
* `expiration_time` - (Optional) The [RFC 3339](https://tools.ietf.org/html/rfc3339)
formatted date time string indicating when this whitelist expires.
* `name` - (Optional) A name for this whitelist entry.
* `value` - (Optional) A CIDR notation IPv4 or IPv6 address that is allowed to
access this instance. Must be set even if other two attributes are not for
the whitelist to become active.
The optional `settings.location_preference` subblock supports:
* `follow_gae_application` - (Optional) A GAE application whose zone to remain
in. Must be in the same region as this instance.
* `zone` - (Optional) The preferred compute engine
[zone](https://cloud.google.com/compute/docs/zones?hl=en).
The optional `settings.maintenance_window` subblock for Second Generation
instances declares a one-hour [maintenance window](https://cloud.google.com/sql/docs/instance-settings?hl=en#maintenance-window-2ndgen)
when an Instance can automatically restart to apply updates. It supports:
* `day` - (Optional) Day of week (`1-7`), starting on Monday
* `hour` - (Optional) Hour of day (`0-23`), ignored if `day` not set
* `update_track` - (Optional) Receive updates earlier (`canary`) or later
(`stable`)
The optional `replica_configuration` block must have `master_instance_name` set
to work, cannot be updated, and supports:
* `ca_certificate` - (Optional) PEM representation of the trusted CA's x509
certificate.
* `client_certificate` - (Optional) PEM representation of the slave's x509
certificate.
* `client_key` - (Optional) PEM representation of the slave's private key. The
corresponding public key in encoded in the `client_certificate`.
* `connect_retry_interval` - (Optional, Default: 60) The number of seconds
between connect retries.
* `dump_file_path` - (Optional) Path to a SQL file in GCS from which slave
instances are created. Format is `gs://bucket/filename`.
* `failover_target` - (Optional) Specifies if the replica is the failover target.
If the field is set to true the replica will be designated as a failover replica.
If the master instance fails, the replica instance will be promoted as
the new master instance.
* `master_heartbeat_period` - (Optional) Time in ms between replication
heartbeats.
* `password` - (Optional) Password for the replication connection.
* `sslCipher` - (Optional) Permissible ciphers for use in SSL encryption.
* `username` - (Optional) Username for replication connection.
* `verify_server_certificate` - (Optional) True iff the master's common name
value is checked during the SSL handshake.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `ip_address.0.ip_address` - The IPv4 address assigned.
* `ip_address.0.time_to_retire` - The time this IP address will be retired, in RFC
3339 format.
* `self_link` - The URI of the created resource.
* `settings.version` - Used to make sure changes to the `settings` block are
atomic.

74
website/docs/r/sql_user.html.markdown Normal file
View File

@ -0,0 +1,74 @@
---
layout: "google"
page_title: "Google: google_sql_user"
sidebar_current: "docs-google-sql-user"
description: |-
Creates a new SQL user in Google Cloud SQL.
---
# google\_sql\_user
Creates a new Google SQL User on a Google SQL User Instance. For more information, see the [official documentation](https://cloud.google.com/sql/), or the [JSON API](https://cloud.google.com/sql/docs/admin-api/v1beta4/users).
~> **Note:** All arguments including the username and password will be stored in the raw state as plain-text.
[Read more about sensitive data in state](/docs/state/sensitive-data.html). Passwords will not be retrieved when running
"terraform import".
## Example Usage
Example creating a SQL User.
```hcl
resource "google_sql_database_instance" "master" {
name = "master-instance"
settings {
tier = "D0"
}
}
resource "google_sql_user" "users" {
name = "me"
instance = "${google_sql_database_instance.master.name}"
host = "me.com"
password = "changeme"
}
```
## Argument Reference
The following arguments are supported:
* `host` - (Required) The host the user can connect from. Can be an IP address.
Changing this forces a new resource to be created.
* `instance` - (Required) The name of the Cloud SQL instance. Changing this
forces a new resource to be created.
* `name` - (Required) The name of the user. Changing this forces a new resource
to be created.
* `password` - (Required) The users password. Can be updated.
- - -
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
## Attributes Reference
Only the arguments listed above are exposed as attributes.
## Import Format
Importing an SQL user is formatted as:
```bash
terraform import google_sql_user.$RESOURCENAME $INSTANCENAME/$SQLUSERNAME
```
For example, the sample at the top of this page could be imported with:
```bash
terraform import google_sql_user.users master-instance/me
```

88
website/docs/r/storage_bucket.html.markdown Normal file
View File

@ -0,0 +1,88 @@
---
layout: "google"
page_title: "Google: google_storage_bucket"
sidebar_current: "docs-google-storage-bucket"
description: |-
Creates a new bucket in Google Cloud Storage.
---
# google\_storage\_bucket
Creates a new bucket in Google cloud storage service (GCS).
Once a bucket has been created, its location can't be changed.
[ACLs](https://cloud.google.com/storage/docs/access-control/lists) can be applied using the `google_storage_bucket_acl` resource.
For more information see
[the official documentation](https://cloud.google.com/storage/docs/overview)
and
[API](https://cloud.google.com/storage/docs/json_api/v1/buckets).
## Example Usage
Example creating a private bucket in standard storage, in the EU region.
```hcl
resource "google_storage_bucket" "image-store" {
name = "image-store-bucket"
location = "EU"
website {
main_page_suffix = "index.html"
not_found_page = "404.html"
}
}
```
## Argument Reference
The following arguments are supported:
* `name` - (Required) The name of the bucket.
- - -
* `force_destroy` - (Optional, Default: false) When deleting a bucket, this
boolean option will delete all contained objects. If you try to delete a
bucket that contains objects, Terraform will fail that run.
* `location` - (Optional, Default: 'US') The [GCS location](https://cloud.google.com/storage/docs/bucket-locations)
* `predefined_acl` - (Optional, Deprecated) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Please switch
to `google_storage_bucket_acl.predefined_acl`.
* `project` - (Optional) The project in which the resource belongs. If it
is not provided, the provider project is used.
* `storage_class` - (Optional) The [Storage Class](https://cloud.google.com/storage/docs/storage-classes) of the new bucket. Supported values include: `MULTI_REGIONAL`, `REGIONAL`, `NEARLINE`, `COLDLINE`.
* `website` - (Optional) Configuration if the bucket acts as a website. Structure is documented below.
* `cors` - (Optional) The bucket's [Cross-Origin Resource Sharing (CORS)](https://www.w3.org/TR/cors/) configuration. Multiple blocks of this type are permitted. Structure is documented below.
The `website` block supports:
* `main_page_suffix` - (Optional) Behaves as the bucket's directory index where
missing objects are treated as potential directories.
* `not_found_page` - (Optional) The custom object to return when a requested
resource is not found.
The `cors` block supports:
* `origin` - (Optional) The list of [Origins](https://tools.ietf.org/html/rfc6454) eligible to receive CORS response headers. Note: "*" is permitted in the list of origins, and means "any Origin".
* `method` - (Optional) The list of HTTP methods on which to include CORS response headers, (GET, OPTIONS, POST, etc) Note: "*" is permitted in the list of methods, and means "any method".
* `response_header` - (Optional) The list of HTTP headers other than the [simple response headers](https://www.w3.org/TR/cors/#simple-response-header) to give permission for the user-agent to share across domains.
* `max_age_seconds` - (Optional) The value, in seconds, to return in the [Access-Control-Max-Age header](https://www.w3.org/TR/cors/#access-control-max-age-response-header) used in preflight responses.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `self_link` - The URI of the created resource.
* `url` - The base URL of the bucket, in the format `gs://<bucket-name>`.

48
website/docs/r/storage_bucket_acl.html.markdown Normal file
View File

@ -0,0 +1,48 @@
---
layout: "google"
page_title: "Google: google_storage_bucket_acl"
sidebar_current: "docs-google-storage-bucket-acl"
description: |-
Creates a new bucket ACL in Google Cloud Storage.
---
# google\_storage\_bucket\_acl
Creates a new bucket ACL in Google cloud storage service (GCS). For more information see
[the official documentation](https://cloud.google.com/storage/docs/access-control/lists)
and
[API](https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls).
## Example Usage
Example creating an ACL on a bucket with one owner, and one reader.
```hcl
resource "google_storage_bucket" "image-store" {
name = "image-store-bucket"
location = "EU"
}
resource "google_storage_bucket_acl" "image-store-acl" {
bucket = "${google_storage_bucket.image-store.name}"
role_entity = [
"OWNER:user-my.email@gmail.com",
"READER:group-mygroup",
]
}
```
## Argument Reference
* `bucket` - (Required) The name of the bucket it applies to.
- - -
* `predefined_acl` - (Optional) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control/lists#predefined-acl) to apply. Must be set if `role_entity` is not.
* `role_entity` - (Optional) List of role/entity pairs in the form `ROLE:entity`. See [GCS Bucket ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/bucketAccessControls) for more details. Must be set if `predefined_acl` is not.
## Attributes Reference
Only the arguments listed above are exposed as attributes.

74
website/docs/r/storage_bucket_object.html.markdown Normal file
View File

@ -0,0 +1,74 @@
---
layout: "google"
page_title: "Google: google_storage_bucket_object"
sidebar_current: "docs-google-storage-bucket-object"
description: |-
Creates a new object inside a specified bucket
---
# google\_storage\_bucket\_object
Creates a new object inside an existing bucket in Google cloud storage service (GCS).
[ACLs](https://cloud.google.com/storage/docs/access-control/lists) can be applied using the `google_storage_object_acl` resource.
For more information see
[the official documentation](https://cloud.google.com/storage/docs/key-terms#objects)
and
[API](https://cloud.google.com/storage/docs/json_api/v1/objects).
## Example Usage
Example creating a public object in an existing `image-store` bucket.
```hcl
resource "google_storage_bucket_object" "picture" {
name = "butterfly01"
source = "/images/nature/garden-tiger-moth.jpg"
bucket = "image-store"
}
```
## Argument Reference
The following arguments are supported:
* `bucket` - (Required) The name of the containing bucket.
* `name` - (Required) The name of the object.
One of the following is required:
* `content` - (Optional) Data as `string` to be uploaded. Must be defined if
`source` is not.
* `source` - (Optional) A path to the data you want to upload. Must be defined
if `content` is not.
- - -
* `cache_control` - (Optional) [Cache-Control](https://tools.ietf.org/html/rfc7234#section-5.2)
directive to specify caching behavior of object data. If omitted and object is accessible to all anonymous users, the default will be public, max-age=3600
* `content_disposition` - (Optional) [Content-Disposition](https://tools.ietf.org/html/rfc6266) of the object data.
* `content_encoding` - (Optional) [Content-Encoding](https://tools.ietf.org/html/rfc7231#section-3.1.2.2) of the object data.
* `content_language` - (Optional) [Content-Language](https://tools.ietf.org/html/rfc7231#section-3.1.3.2) of the object data.
* `content_type` - (Optional) [Content-Type](https://tools.ietf.org/html/rfc7231#section-3.1.1.5) of the object data. Defaults to "application/octet-stream" or "text/plain; charset=utf-8".
* `predefined_acl` - (Optional, Deprecated) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) apply. Please switch
to `google_storage_object_acl.predefined_acl`.
* `storage_class` - (Optional) The [StorageClass](https://cloud.google.com/storage/docs/storage-classes) of the new bucket object.
Supported values include: `MULTI_REGIONAL`, `REGIONAL`, `NEARLINE`, `COLDLINE`. If not provided, this defaults to the bucket's default
storage class or to a [standard](https://cloud.google.com/storage/docs/storage-classes#standard) class.
## Attributes Reference
In addition to the arguments listed above, the following computed attributes are
exported:
* `crc32c` - (Computed) Base 64 CRC32 hash of the uploaded data.
* `md5hash` - (Computed) Base 64 MD5 hash of the uploaded data.

57
website/docs/r/storage_object_acl.html.markdown Normal file
View File

@ -0,0 +1,57 @@
---
layout: "google"
page_title: "Google: google_storage_object_acl"
sidebar_current: "docs-google-storage-object-acl"
description: |-
Creates a new object ACL in Google Cloud Storage.
---
# google\_storage\_object\_acl
Creates a new object ACL in Google cloud storage service (GCS). For more information see
[the official documentation](https://cloud.google.com/storage/docs/access-control/lists)
and
[API](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls).
## Example Usage
Create an object ACL with one owner and one reader.
```hcl
resource "google_storage_bucket" "image-store" {
name = "image-store-bucket"
location = "EU"
}
resource "google_storage_bucket_object" "image" {
name = "image1"
bucket = "${google_storage_bucket.name}"
source = "image1.jpg"
}
resource "google_storage_object_acl" "image-store-acl" {
bucket = "${google_storage_bucket.image_store.name}"
object = "${google_storage_bucket_object.image_store.name}"
role_entity = [
"OWNER:user-my.email@gmail.com",
"READER:group-mygroup",
]
}
```
## Argument Reference
* `bucket` - (Required) The name of the bucket it applies to.
* `object` - (Required) The name of the object it applies to.
- - -
* `predefined_acl` - (Optional) The [canned GCS ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if `role_entity` is not.
* `role_entity` - (Optional) List of role/entity pairs in the form `ROLE:entity`. See [GCS Object ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) for more details. Must be set if `predefined_acl` is not.
## Attributes Reference
Only the arguments listed above are exposed as attributes.