---
# ----------------------------------------------------------------------------
#
#     ***     AUTO GENERATED CODE    ***    AUTO GENERATED CODE     ***
#
# ----------------------------------------------------------------------------
#
#     This file is automatically generated by Magic Modules and manual
#     changes will be clobbered when the file is regenerated.
#
#     Please read more about how to change this file in
#     .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
layout: "google"
page_title: "Google: google_compute_ssl_policy"
sidebar_current: "docs-google-compute-ssl-policy"
description: |-
  Represents a SSL policy.
---

# google\_compute\_ssl\_policy

Represents a SSL policy. SSL policies give you the ability to control the
features of SSL that your SSL proxy or HTTPS load balancer negotiates.


To get more information about SslPolicy, see:

* [API documentation](https://cloud.google.com/compute/docs/reference/rest/v1/sslPolicies)
* How-to Guides
    * [Using SSL Policies](https://cloud.google.com/compute/docs/load-balancing/ssl-policies)

<div class = "oics-button" style="float: right; margin: 0 0 -15px">
  <a href="https://console.cloud.google.com/cloudshell/open?cloudshell_git_repo=https%3A%2F%2Fgithub.com%2Fterraform-google-modules%2Fdocs-examples.git&cloudshell_working_dir=ssl_policy_basic&cloudshell_image=gcr.io%2Fgraphite-cloud-shell-images%2Fterraform%3Alatest&open_in_editor=main.tf&cloudshell_print=.%2Fmotd&cloudshell_tutorial=.%2Ftutorial.md" target="_blank">
    <img alt="Open in Cloud Shell" src="//gstatic.com/cloudssh/images/open-btn.svg" style="max-height: 44px; margin: 32px auto; max-width: 100%;">
  </a>
</div>
## Example Usage - Ssl Policy Basic


```hcl
resource "google_compute_ssl_policy" "prod-ssl-policy" {
  name    = "production-ssl-policy"
  profile = "MODERN"
}

resource "google_compute_ssl_policy" "nonprod-ssl-policy" {
  name            = "nonprod-ssl-policy"
  profile         = "MODERN"
  min_tls_version = "TLS_1_2"
}

resource "google_compute_ssl_policy" "custom-ssl-policy" {
  name            = "custom-ssl-policy"
  min_tls_version = "TLS_1_2"
  profile         = "CUSTOM"
  custom_features = ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"]
}
```

## Argument Reference

The following arguments are supported:


* `name` -
  (Required)
  Name of the resource. Provided by the client when the resource is
  created. The name must be 1-63 characters long, and comply with
  RFC1035. Specifically, the name must be 1-63 characters long and match
  the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the
  first character must be a lowercase letter, and all following
  characters must be a dash, lowercase letter, or digit, except the last
  character, which cannot be a dash.


- - -


* `description` -
  (Optional)
  An optional description of this resource.

* `profile` -
  (Optional)
  Profile specifies the set of SSL features that can be used by the
  load balancer when negotiating SSL with clients. This can be one of
  `COMPATIBLE`, `MODERN`, `RESTRICTED`, or `CUSTOM`. If using `CUSTOM`,
  the set of SSL features to enable must be specified in the
  `customFeatures` field.
  See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)
  for information on what cipher suites each profile provides. If
  `CUSTOM` is used, the `custom_features` attribute **must be set**.
  Default is `COMPATIBLE`.

* `min_tls_version` -
  (Optional)
  The minimum version of SSL protocol that can be used by the clients
  to establish a connection with the load balancer. This can be one of
  `TLS_1_0`, `TLS_1_1`, `TLS_1_2`.
   Default is `TLS_1_0`.

* `custom_features` -
  (Optional)
  Profile specifies the set of SSL features that can be used by the
  load balancer when negotiating SSL with clients. This can be one of
  `COMPATIBLE`, `MODERN`, `RESTRICTED`, or `CUSTOM`. If using `CUSTOM`,
  the set of SSL features to enable must be specified in the
  `customFeatures` field.
  See the [official documentation](https://cloud.google.com/compute/docs/load-balancing/ssl-policies#profilefeaturesupport)
  for which ciphers are available to use. **Note**: this argument
  *must* be present when using the `CUSTOM` profile. This argument
  *must not* be present when using any other profile.
* `project` - (Optional) The ID of the project in which the resource belongs.
    If it is not provided, the provider project is used.


## Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:


* `creation_timestamp` -
  Creation timestamp in RFC3339 text format.

* `enabled_features` -
  The list of features enabled in the SSL policy.

* `fingerprint` -
  Fingerprint of this resource. A hash of the contents stored in this
  object. This field is used in optimistic locking.
* `self_link` - The URI of the created resource.


## Timeouts

This resource provides the following
[Timeouts](/docs/configuration/resources.html#timeouts) configuration options:

- `create` - Default is 4 minutes.
- `update` - Default is 4 minutes.
- `delete` - Default is 4 minutes.

## Import

SslPolicy can be imported using any of these accepted formats:

```
$ terraform import google_compute_ssl_policy.default projects/{{project}}/global/sslPolicies/{{name}}
$ terraform import google_compute_ssl_policy.default {{project}}/{{name}}
$ terraform import google_compute_ssl_policy.default {{name}}
```

-> If you're importing a resource with beta features, make sure to include `-provider=google-beta`
as an argument so that Terraform uses the correct provider to import your resource.