Certificate Manager (certificate map)

gcp-certificate-manager

Certificate Manager — the certificate map an external HTTPS load balancer attaches to so it can select among certificates by SNI hostname. A map applies standalone with nothing pre-existing, so that is the default path. Optionally, when you supply a domain you control, the module also provisions a DNS authorization, a Google-managed certificate validated by that authorization, and a map entry binding the certificate to the hostname. Works with Terraform and OpenTofu (>= 1.6), Google provider >= 7.0, < 8.0.

Real domain required for the managed-certificate path. Setting var.domain creates a DNS authorization whose CNAME (exported as dns_authorization_record) you must publish in your DNS before Google can issue the certificate. Leave var.domain null for the standalone certificate-map-only path (the default).

What you get per module call:

• A Certificate Manager certificate map (always)
• When domain is set: a DNS authorization + Google-managed certificate + a map entry wiring the certificate to the hostname

Requirements

Requirement	Version
Terraform / OpenTofu	>= 1.6
hashicorp/google	>= 7.0, < 8.0

The Certificate Manager API (certificatemanager.googleapis.com) must be enabled on the project.

Verification

Static-validated (fmt, validate, tflint). Live apply/destroy testing pending cloud sandbox availability — see catalog status. The default (and live-tested) path is the standalone certificate map; the Google-managed certificate path needs a real domain and cannot be live-tested unattended.

License

Commercial — IaC Bazaar EULA. © IaC Bazaar. Original work (not derived from a third-party module).