Google CloudGoogle Cloud Load Balancinggoogle_compute_target_ssl_proxyPro

How to Import an Google Compute Target SSL Proxy into Terraform

To import an existing Google Compute Target SSL Proxy into Terraform, scan it with Terraback and run terraback gcp import --method bulk. Terraback writes the matching google_compute_target_ssl_proxy resource block and the Terraform 1.5+ import block for you, so you do not have to run terraform import by hand. The import ID is the full path projects/{project}/global/targetSslProxies/{name} (the short forms {project}/{name} and {name} are also accepted).

Import Google Compute Target SSL Proxy with Terraback (recommended)

Terraback reverse-engineers your live infrastructure: it reads the Google Cloud Load Balancing resource with read-only credentials, generates the HCL, and produces the exact import block. Two commands take you from a live Google Compute Target SSL Proxy to managed Terraform.

1

Scan your Google Cloud account

terraback scan all gcp --project my-gcp-project
2

Generate import blocks and import into state

terraback gcp import --method bulk

The Terraform import block

Terraback emits a Terraform 1.5+ import block like the one below. Because the block lives in your configuration, the import is reviewable in a pull request and repeatable across environments.

import {
  to = google_compute_target_ssl_proxy.tcp
  id = "projects/my-project/global/targetSslProxies/ssl-proxy"
}

Example google_compute_target_ssl_proxy configuration

Here is a realistic Google Compute Target SSL Proxy block. Terraback generates a fuller version from your actual resource attributes; this is a minimal, valid starting point.

resource "google_compute_target_ssl_proxy" "tcp" {
  name             = "ssl-proxy"
  backend_service  = google_compute_backend_service.tcp.id
  ssl_certificates = [google_compute_ssl_certificate.tcp.id]
}

Gotchas when importing a Google Compute Target SSL Proxy

  • SSL proxy load balancing terminates TLS and forwards a TCP stream; it routes to a backend_service directly and does not use a url_map.
  • ssl_certificates references separate google_compute_ssl_certificate resources (or a certificate_map); those are not imported with the proxy.
  • This is a global resource; the import path always contains /global/.
  • The proxy needs a google_compute_global_forwarding_rule on port 443 (or the configured port) before it serves traffic.

Doing it manually with terraform import

The native approach is to write the google_compute_target_ssl_proxy block by hand, then run terraform import google_compute_target_ssl_proxy.example <import-id> for every resource, one at a time. That works for a handful of resources, but it does not scale: you author all the HCL yourself and repeat the command for each item. Terraback generates the HCL and the import blocks for your whole account in one pass.

Import your whole Google Cloud account in minutes

Terraback scans 80+ Google Cloud resource types and emits clean Terraform plus import blocks, running locally with read-only credentials. $499 once, no SaaS.