v6.2.0/website/docs/r/alloydb_instance.html.markdown - terraform-provider-google - Git at Google

 ---
 # ----------------------------------------------------------------------------
 #
 #     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
 #
 # ----------------------------------------------------------------------------
 #
 #     This file is automatically generated by Magic Modules and manual
 #     changes will be clobbered when the file is regenerated.
 #
 #     Please read more about how to change this file in
 #     .github/CONTRIBUTING.md.
 #
 # ----------------------------------------------------------------------------
 subcategory: "AlloyDB"
 description: |-
   A managed alloydb cluster instance.
 ---

 # google_alloydb_instance

 A managed alloydb cluster instance.


 To get more information about Instance, see:

 * [API documentation](https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations.clusters.instances/create)
 * How-to Guides
     * [AlloyDB](https://cloud.google.com/alloydb/docs/)

 ~> **Warning:** Deleting an instance with instanceType = SECONDARY does not delete the secondary instance, and abandons it instead.
 Use deletion_policy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance.
 Users can undo the delete secondary instance action by importing the deleted secondary instance by calling terraform import.

 ## Example Usage - Alloydb Instance Basic


 ```hcl
 resource "google_alloydb_instance" "default" {
   cluster       = google_alloydb_cluster.default.name
   instance_id   = "alloydb-instance"
   instance_type = "PRIMARY"

   machine_config {
     cpu_count = 2
   }

   depends_on = [google_service_networking_connection.vpc_connection]
 }

 resource "google_alloydb_cluster" "default" {
   cluster_id = "alloydb-cluster"
   location   = "us-central1"
   network_config {
     network = google_compute_network.default.id
   }

   initial_user {
     password = "alloydb-cluster"
   }
 }

 data "google_project" "project" {}

 resource "google_compute_network" "default" {
   name = "alloydb-network"
 }

 resource "google_compute_global_address" "private_ip_alloc" {
   name          =  "alloydb-cluster"
   address_type  = "INTERNAL"
   purpose       = "VPC_PEERING"
   prefix_length = 16
   network       = google_compute_network.default.id
 }

 resource "google_service_networking_connection" "vpc_connection" {
   network                 = google_compute_network.default.id
   service                 = "servicenetworking.googleapis.com"
   reserved_peering_ranges = [google_compute_global_address.private_ip_alloc.name]
 }
 ```
 ## Example Usage - Alloydb Secondary Instance Basic


 ```hcl
 resource "google_alloydb_cluster" "primary" {
   cluster_id = "alloydb-primary-cluster"
   location   = "us-central1"
   network_config {
     network = google_compute_network.default.id
   }
 }

 resource "google_alloydb_instance" "primary" {
   cluster       = google_alloydb_cluster.primary.name
   instance_id   = "alloydb-primary-instance"
   instance_type = "PRIMARY"

   machine_config {
     cpu_count = 2
   }

   depends_on = [google_service_networking_connection.vpc_connection]
 }

 resource "google_alloydb_cluster" "secondary" {
   cluster_id   = "alloydb-secondary-cluster"
   location     = "us-east1"
   network_config {
     network = data.google_compute_network.default.id
   }
   cluster_type = "SECONDARY"

   continuous_backup_config {
     enabled = false
   }

   secondary_config {
     primary_cluster_name = google_alloydb_cluster.primary.name
   }

   deletion_policy = "FORCE"

   # Need lifecycle.ignore_changes because instance_type is an immutable field.
   # And when promoting cluster from SECONDARY to PRIMARY, the instance_type of the associated secondary instance also changes and becomes PRIMARY.
   # And we do not want terraform to destroy and create the instance because the field is immutable
   lifecycle {
     ignore_changes = [instance_type]
   }

   depends_on = [google_alloydb_instance.primary]
 }

 resource "google_alloydb_instance" "secondary" {
   cluster       = google_alloydb_cluster.secondary.name
   instance_id   = "alloydb-secondary-instance"
   instance_type = google_alloydb_cluster.secondary.cluster_type

   machine_config {
     cpu_count = 2
   }

   depends_on = [google_service_networking_connection.vpc_connection]
 }

 data "google_project" "project" {}

 resource "google_compute_network" "default" {
   name = "alloydb-secondary-network"
 }

 resource "google_compute_global_address" "private_ip_alloc" {
   name          =  "alloydb-secondary-instance"
   address_type  = "INTERNAL"
   purpose       = "VPC_PEERING"
   prefix_length = 16
   network       = google_compute_network.default.id
 }

 resource "google_service_networking_connection" "vpc_connection" {
   network                 = google_compute_network.default.id
   service                 = "servicenetworking.googleapis.com"
   reserved_peering_ranges = [google_compute_global_address.private_ip_alloc.name]
 }
 ```

 ## Argument Reference

 The following arguments are supported:


 * `instance_type` -
   (Required)
   The type of the instance.
   If the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the `depends_on` meta-data attribute.
   If the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY.
   Example: {instance_type = google_alloydb_cluster.<secondary_cluster_name>.cluster_type} instead of {instance_type = SECONDARY}
   If the instance type is SECONDARY, the terraform delete instance operation does not delete the secondary instance but abandons it instead.
   Use deletion_policy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance.
   Users can undo the delete secondary instance action by importing the deleted secondary instance by calling terraform import.
   Possible values are: `PRIMARY`, `READ_POOL`, `SECONDARY`.

 * `cluster` -
   (Required)
   Identifies the alloydb cluster. Must be in the format
   'projects/{project}/locations/{location}/clusters/{cluster_id}'

 * `instance_id` -
   (Required)
   The ID of the alloydb instance.


 - - -


 * `labels` -
   (Optional)
   User-defined labels for the alloydb instance.
   **Note**: This field is non-authoritative, and will only manage the labels present in your configuration.
   Please refer to the field `effective_labels` for all of the labels present on the resource.

 * `annotations` -
   (Optional)
   Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels.
   **Note**: This field is non-authoritative, and will only manage the annotations present in your configuration.
   Please refer to the field `effective_annotations` for all of the annotations present on the resource.

 * `display_name` -
   (Optional)
   User-settable and human-readable display name for the Instance.

 * `gce_zone` -
   (Optional)
   The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. If this is absent for a ZONAL instance, instance is created in a random zone with available capacity.

 * `database_flags` -
   (Optional)
   Database flags. Set at instance level. * They are copied from primary instance on read instance creation. * Read instances can set new or override existing flags that are relevant for reads, e.g. for enabling columnar cache on a read instance. Flags set on read instance may or may not be present on primary.

 * `availability_type` -
   (Optional)
   'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances.
   Note that primary and read instances can have different availability types.
   Only READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance.
   Zone is automatically chosen from the list of zones in the region specified.
   Read pool of size 1 can only have zonal availability. Read pools with node count of 2 or more
   can have regional availability (nodes are present in 2 or more zones in a region).'
   Possible values are: `AVAILABILITY_TYPE_UNSPECIFIED`, `ZONAL`, `REGIONAL`.

 * `query_insights_config` -
   (Optional)
   Configuration for query insights.
   Structure is [documented below](#nested_query_insights_config).

 * `observability_config` -
   (Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
   Configuration for enhanced query insights.
   Structure is [documented below](#nested_observability_config).

 * `read_pool_config` -
   (Optional)
   Read pool specific config. If the instance type is READ_POOL, this configuration must be provided.
   Structure is [documented below](#nested_read_pool_config).

 * `machine_config` -
   (Optional)
   Configurations for the machines that host the underlying database engine.
   Structure is [documented below](#nested_machine_config).

 * `client_connection_config` -
   (Optional)
   Client connection specific configurations.
   Structure is [documented below](#nested_client_connection_config).

 * `psc_instance_config` -
   (Optional)
   Configuration for Private Service Connect (PSC) for the instance.
   Structure is [documented below](#nested_psc_instance_config).

 * `network_config` -
   (Optional)
   Instance level network configuration.
   Structure is [documented below](#nested_network_config).


 <a name="nested_query_insights_config"></a>The `query_insights_config` block supports:

 * `query_string_length` -
   (Optional)
   Query string length. The default value is 1024. Any integer between 256 and 4500 is considered valid.

 * `record_application_tags` -
   (Optional)
   Record application tags for an instance. This flag is turned "on" by default.

 * `record_client_address` -
   (Optional)
   Record client address for an instance. Client address is PII information. This flag is turned "on" by default.

 * `query_plans_per_minute` -
   (Optional)
   Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 20 is considered valid.

 <a name="nested_observability_config"></a>The `observability_config` block supports:

 * `enabled` -
   (Optional)
   Observability feature status for an instance.

 * `preserve_comments` -
   (Optional)
   Preserve comments in the query string.

 * `track_wait_events` -
   (Optional)
   Record wait events during query execution for an instance.

 * `track_wait_event_types` -
   (Optional)
   Record wait event types during query execution for an instance.

 * `max_query_string_length` -
   (Optional)
   Query string length. The default value is 10240. Any integer between 1024 and 100000 is considered valid.

 * `record_application_tags` -
   (Optional)
   Record application tags for an instance. This flag is turned "on" by default.

 * `query_plans_per_minute` -
   (Optional)
   Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 200 is considered valid.

 * `track_active_queries` -
   (Optional)
   Track actively running queries. If not set, default value is "off".

 <a name="nested_read_pool_config"></a>The `read_pool_config` block supports:

 * `node_count` -
   (Optional)
   Read capacity, i.e. number of nodes in a read pool instance.

 <a name="nested_machine_config"></a>The `machine_config` block supports:

 * `cpu_count` -
   (Optional)
   The number of CPU's in the VM instance.

 <a name="nested_client_connection_config"></a>The `client_connection_config` block supports:

 * `require_connectors` -
   (Optional)
   Configuration to enforce connectors only (ex: AuthProxy) connections to the database.

 * `ssl_config` -
   (Optional)
   SSL config option for this instance.
   Structure is [documented below](#nested_ssl_config).


 <a name="nested_ssl_config"></a>The `ssl_config` block supports:

 * `ssl_mode` -
   (Optional)
   SSL mode. Specifies client-server SSL/TLS connection behavior.
   Possible values are: `ENCRYPTED_ONLY`, `ALLOW_UNENCRYPTED_AND_ENCRYPTED`.

 <a name="nested_psc_instance_config"></a>The `psc_instance_config` block supports:

 * `service_attachment_link` -
   (Output)
   The service attachment created when Private Service Connect (PSC) is enabled for the instance.
   The name of the resource will be in the format of
   `projects/<alloydb-tenant-project-number>/regions/<region-name>/serviceAttachments/<service-attachment-name>`

 * `allowed_consumer_projects` -
   (Optional)
   List of consumer projects that are allowed to create PSC endpoints to service-attachments to this instance.
   These should be specified as project numbers only.

 * `psc_dns_name` -
   (Output)
   The DNS name of the instance for PSC connectivity.
   Name convention: <uid>.<uid>.<region>.alloydb-psc.goog

 <a name="nested_network_config"></a>The `network_config` block supports:

 * `authorized_external_networks` -
   (Optional)
   A list of external networks authorized to access this instance. This
   field is only allowed to be set when `enable_public_ip` is set to
   true.
   Structure is [documented below](#nested_authorized_external_networks).

 * `enable_public_ip` -
   (Optional)
   Enabling public ip for the instance. If a user wishes to disable this,
   please also clear the list of the authorized external networks set on
   the same instance.


 <a name="nested_authorized_external_networks"></a>The `authorized_external_networks` block supports:

 * `cidr_range` -
   (Optional)
   CIDR range for one authorized network of the instance.

 ## Attributes Reference

 In addition to the arguments listed above, the following computed attributes are exported:

 * `id` - an identifier for the resource with format `{{cluster}}/instances/{{instance_id}}`

 * `name` -
   The name of the instance resource.

 * `create_time` -
   Time the Instance was created in UTC.

 * `update_time` -
   Time the Instance was updated in UTC.

 * `uid` -
   The system-generated UID of the resource.

 * `state` -
   The current state of the alloydb instance.

 * `reconciling` -
   Set to true if the current state of Instance does not match the user's intended state, and the service is actively updating the resource to reconcile them. This can happen due to user-triggered updates or system actions like failover or maintenance.

 * `ip_address` -
   The IP address for the Instance. This is the connection endpoint for an end-user application.

 * `public_ip_address` -
   The public IP addresses for the Instance. This is available ONLY when
   networkConfig.enablePublicIp is set to true. This is the connection
   endpoint for an end-user application.

 * `terraform_labels` -
   The combination of labels configured directly on the resource
    and default labels configured on the provider.

 * `effective_labels` -
   All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.

 * `effective_annotations` -
   All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.


 ## Timeouts

 This resource provides the following
 [Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

 - `create` - Default is 120 minutes.
 - `update` - Default is 120 minutes.
 - `delete` - Default is 120 minutes.

 ## Import


 Instance can be imported using any of these accepted formats:

 * `projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/instances/{{instance_id}}`
 * `{{project}}/{{location}}/{{cluster}}/{{instance_id}}`
 * `{{location}}/{{cluster}}/{{instance_id}}`


 In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Instance using one of the formats above. For example:

 ```tf
 import {
   id = "projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/instances/{{instance_id}}"
   to = google_alloydb_instance.default
 }
 ```

 When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Instance can be imported using one of the formats above. For example:

 ```
 $ terraform import google_alloydb_instance.default projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/instances/{{instance_id}}
 $ terraform import google_alloydb_instance.default {{project}}/{{location}}/{{cluster}}/{{instance_id}}
 $ terraform import google_alloydb_instance.default {{location}}/{{cluster}}/{{instance_id}}
 ```
	---
	# ----------------------------------------------------------------------------
	#
	# * AUTO GENERATED CODE * Type: MMv1 ***
	#
	# ----------------------------------------------------------------------------
	#
	# This file is automatically generated by Magic Modules and manual
	# changes will be clobbered when the file is regenerated.
	#
	# Please read more about how to change this file in
	# .github/CONTRIBUTING.md.
	#
	# ----------------------------------------------------------------------------
	subcategory: "AlloyDB"
	description: \|-
	A managed alloydb cluster instance.
	---

	# google_alloydb_instance

	A managed alloydb cluster instance.


	To get more information about Instance, see:

	* [API documentation](https://cloud.google.com/alloydb/docs/reference/rest/v1/projects.locations.clusters.instances/create)
	* How-to Guides
	* [AlloyDB](https://cloud.google.com/alloydb/docs/)

	~> Warning: Deleting an instance with instanceType = SECONDARY does not delete the secondary instance, and abandons it instead.
	Use deletion_policy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance.
	Users can undo the delete secondary instance action by importing the deleted secondary instance by calling terraform import.

	## Example Usage - Alloydb Instance Basic


	```hcl
	resource "google_alloydb_instance" "default" {
	cluster = google_alloydb_cluster.default.name
	instance_id = "alloydb-instance"
	instance_type = "PRIMARY"

	machine_config {
	cpu_count = 2
	}

	depends_on = [google_service_networking_connection.vpc_connection]
	}

	resource "google_alloydb_cluster" "default" {
	cluster_id = "alloydb-cluster"
	location = "us-central1"
	network_config {
	network = google_compute_network.default.id
	}

	initial_user {
	password = "alloydb-cluster"
	}
	}

	data "google_project" "project" {}

	resource "google_compute_network" "default" {
	name = "alloydb-network"
	}

	resource "google_compute_global_address" "private_ip_alloc" {
	name = "alloydb-cluster"
	address_type = "INTERNAL"
	purpose = "VPC_PEERING"
	prefix_length = 16
	network = google_compute_network.default.id
	}

	resource "google_service_networking_connection" "vpc_connection" {
	network = google_compute_network.default.id
	service = "servicenetworking.googleapis.com"
	reserved_peering_ranges = [google_compute_global_address.private_ip_alloc.name]
	}
	```
	## Example Usage - Alloydb Secondary Instance Basic


	```hcl
	resource "google_alloydb_cluster" "primary" {
	cluster_id = "alloydb-primary-cluster"
	location = "us-central1"
	network_config {
	network = google_compute_network.default.id
	}
	}

	resource "google_alloydb_instance" "primary" {
	cluster = google_alloydb_cluster.primary.name
	instance_id = "alloydb-primary-instance"
	instance_type = "PRIMARY"

	machine_config {
	cpu_count = 2
	}

	depends_on = [google_service_networking_connection.vpc_connection]
	}

	resource "google_alloydb_cluster" "secondary" {
	cluster_id = "alloydb-secondary-cluster"
	location = "us-east1"
	network_config {
	network = data.google_compute_network.default.id
	}
	cluster_type = "SECONDARY"

	continuous_backup_config {
	enabled = false
	}

	secondary_config {
	primary_cluster_name = google_alloydb_cluster.primary.name
	}

	deletion_policy = "FORCE"

	# Need lifecycle.ignore_changes because instance_type is an immutable field.
	# And when promoting cluster from SECONDARY to PRIMARY, the instance_type of the associated secondary instance also changes and becomes PRIMARY.
	# And we do not want terraform to destroy and create the instance because the field is immutable
	lifecycle {
	ignore_changes = [instance_type]
	}

	depends_on = [google_alloydb_instance.primary]
	}

	resource "google_alloydb_instance" "secondary" {
	cluster = google_alloydb_cluster.secondary.name
	instance_id = "alloydb-secondary-instance"
	instance_type = google_alloydb_cluster.secondary.cluster_type

	machine_config {
	cpu_count = 2
	}

	depends_on = [google_service_networking_connection.vpc_connection]
	}

	data "google_project" "project" {}

	resource "google_compute_network" "default" {
	name = "alloydb-secondary-network"
	}

	resource "google_compute_global_address" "private_ip_alloc" {
	name = "alloydb-secondary-instance"
	address_type = "INTERNAL"
	purpose = "VPC_PEERING"
	prefix_length = 16
	network = google_compute_network.default.id
	}

	resource "google_service_networking_connection" "vpc_connection" {
	network = google_compute_network.default.id
	service = "servicenetworking.googleapis.com"
	reserved_peering_ranges = [google_compute_global_address.private_ip_alloc.name]
	}
	```

	## Argument Reference

	The following arguments are supported:


	* `instance_type` -
	(Required)
	The type of the instance.
	If the instance type is READ_POOL, provide the associated PRIMARY/SECONDARY instance in the `depends_on` meta-data attribute.
	If the instance type is SECONDARY, point to the cluster_type of the associated secondary cluster instead of mentioning SECONDARY.
	Example: {instance_type = google_alloydb_cluster.<secondary_cluster_name>.cluster_type} instead of {instance_type = SECONDARY}
	If the instance type is SECONDARY, the terraform delete instance operation does not delete the secondary instance but abandons it instead.
	Use deletion_policy = "FORCE" in the associated secondary cluster and delete the cluster forcefully to delete the secondary cluster as well its associated secondary instance.
	Users can undo the delete secondary instance action by importing the deleted secondary instance by calling terraform import.
	Possible values are: `PRIMARY`, `READ_POOL`, `SECONDARY`.

	* `cluster` -
	(Required)
	Identifies the alloydb cluster. Must be in the format
	'projects/{project}/locations/{location}/clusters/{cluster_id}'

	* `instance_id` -
	(Required)
	The ID of the alloydb instance.


	- - -


	* `labels` -
	(Optional)
	User-defined labels for the alloydb instance.
	Note: This field is non-authoritative, and will only manage the labels present in your configuration.
	Please refer to the field `effective_labels` for all of the labels present on the resource.

	* `annotations` -
	(Optional)
	Annotations to allow client tools to store small amount of arbitrary data. This is distinct from labels.
	Note: This field is non-authoritative, and will only manage the annotations present in your configuration.
	Please refer to the field `effective_annotations` for all of the annotations present on the resource.

	* `display_name` -
	(Optional)
	User-settable and human-readable display name for the Instance.

	* `gce_zone` -
	(Optional)
	The Compute Engine zone that the instance should serve from, per https://cloud.google.com/compute/docs/regions-zones This can ONLY be specified for ZONAL instances. If present for a REGIONAL instance, an error will be thrown. If this is absent for a ZONAL instance, instance is created in a random zone with available capacity.

	* `database_flags` -
	(Optional)
	Database flags. Set at instance level. * They are copied from primary instance on read instance creation. * Read instances can set new or override existing flags that are relevant for reads, e.g. for enabling columnar cache on a read instance. Flags set on read instance may or may not be present on primary.

	* `availability_type` -
	(Optional)
	'Availability type of an Instance. Defaults to REGIONAL for both primary and read instances.
	Note that primary and read instances can have different availability types.
	Only READ_POOL instance supports ZONAL type. Users can't specify the zone for READ_POOL instance.
	Zone is automatically chosen from the list of zones in the region specified.
	Read pool of size 1 can only have zonal availability. Read pools with node count of 2 or more
	can have regional availability (nodes are present in 2 or more zones in a region).'
	Possible values are: `AVAILABILITY_TYPE_UNSPECIFIED`, `ZONAL`, `REGIONAL`.

	* `query_insights_config` -
	(Optional)
	Configuration for query insights.
	Structure is [documented below](#nested_query_insights_config).

	* `observability_config` -
	(Optional, [Beta](https://terraform.io/docs/providers/google/guides/provider_versions.html))
	Configuration for enhanced query insights.
	Structure is [documented below](#nested_observability_config).

	* `read_pool_config` -
	(Optional)
	Read pool specific config. If the instance type is READ_POOL, this configuration must be provided.
	Structure is [documented below](#nested_read_pool_config).

	* `machine_config` -
	(Optional)
	Configurations for the machines that host the underlying database engine.
	Structure is [documented below](#nested_machine_config).

	* `client_connection_config` -
	(Optional)
	Client connection specific configurations.
	Structure is [documented below](#nested_client_connection_config).

	* `psc_instance_config` -
	(Optional)
	Configuration for Private Service Connect (PSC) for the instance.
	Structure is [documented below](#nested_psc_instance_config).

	* `network_config` -
	(Optional)
	Instance level network configuration.
	Structure is [documented below](#nested_network_config).


	<a name="nested_query_insights_config"></a>The `query_insights_config` block supports:

	* `query_string_length` -
	(Optional)
	Query string length. The default value is 1024. Any integer between 256 and 4500 is considered valid.

	* `record_application_tags` -
	(Optional)
	Record application tags for an instance. This flag is turned "on" by default.

	* `record_client_address` -
	(Optional)
	Record client address for an instance. Client address is PII information. This flag is turned "on" by default.

	* `query_plans_per_minute` -
	(Optional)
	Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 20 is considered valid.

	<a name="nested_observability_config"></a>The `observability_config` block supports:

	* `enabled` -
	(Optional)
	Observability feature status for an instance.

	* `preserve_comments` -
	(Optional)
	Preserve comments in the query string.

	* `track_wait_events` -
	(Optional)
	Record wait events during query execution for an instance.

	* `track_wait_event_types` -
	(Optional)
	Record wait event types during query execution for an instance.

	* `max_query_string_length` -
	(Optional)
	Query string length. The default value is 10240. Any integer between 1024 and 100000 is considered valid.

	* `record_application_tags` -
	(Optional)
	Record application tags for an instance. This flag is turned "on" by default.

	* `query_plans_per_minute` -
	(Optional)
	Number of query execution plans captured by Insights per minute for all queries combined. The default value is 5. Any integer between 0 and 200 is considered valid.

	* `track_active_queries` -
	(Optional)
	Track actively running queries. If not set, default value is "off".

	<a name="nested_read_pool_config"></a>The `read_pool_config` block supports:

	* `node_count` -
	(Optional)
	Read capacity, i.e. number of nodes in a read pool instance.

	<a name="nested_machine_config"></a>The `machine_config` block supports:

	* `cpu_count` -
	(Optional)
	The number of CPU's in the VM instance.

	<a name="nested_client_connection_config"></a>The `client_connection_config` block supports:

	* `require_connectors` -
	(Optional)
	Configuration to enforce connectors only (ex: AuthProxy) connections to the database.

	* `ssl_config` -
	(Optional)
	SSL config option for this instance.
	Structure is [documented below](#nested_ssl_config).


	<a name="nested_ssl_config"></a>The `ssl_config` block supports:

	* `ssl_mode` -
	(Optional)
	SSL mode. Specifies client-server SSL/TLS connection behavior.
	Possible values are: `ENCRYPTED_ONLY`, `ALLOW_UNENCRYPTED_AND_ENCRYPTED`.

	<a name="nested_psc_instance_config"></a>The `psc_instance_config` block supports:

	* `service_attachment_link` -
	(Output)
	The service attachment created when Private Service Connect (PSC) is enabled for the instance.
	The name of the resource will be in the format of
	`projects/<alloydb-tenant-project-number>/regions/<region-name>/serviceAttachments/<service-attachment-name>`

	* `allowed_consumer_projects` -
	(Optional)
	List of consumer projects that are allowed to create PSC endpoints to service-attachments to this instance.
	These should be specified as project numbers only.

	* `psc_dns_name` -
	(Output)
	The DNS name of the instance for PSC connectivity.
	Name convention: <uid>.<uid>.<region>.alloydb-psc.goog

	<a name="nested_network_config"></a>The `network_config` block supports:

	* `authorized_external_networks` -
	(Optional)
	A list of external networks authorized to access this instance. This
	field is only allowed to be set when `enable_public_ip` is set to
	true.
	Structure is [documented below](#nested_authorized_external_networks).

	* `enable_public_ip` -
	(Optional)
	Enabling public ip for the instance. If a user wishes to disable this,
	please also clear the list of the authorized external networks set on
	the same instance.


	<a name="nested_authorized_external_networks"></a>The `authorized_external_networks` block supports:

	* `cidr_range` -
	(Optional)
	CIDR range for one authorized network of the instance.

	## Attributes Reference

	In addition to the arguments listed above, the following computed attributes are exported:

	* `id` - an identifier for the resource with format `{{cluster}}/instances/{{instance_id}}`

	* `name` -
	The name of the instance resource.

	* `create_time` -
	Time the Instance was created in UTC.

	* `update_time` -
	Time the Instance was updated in UTC.

	* `uid` -
	The system-generated UID of the resource.

	* `state` -
	The current state of the alloydb instance.

	* `reconciling` -
	Set to true if the current state of Instance does not match the user's intended state, and the service is actively updating the resource to reconcile them. This can happen due to user-triggered updates or system actions like failover or maintenance.

	* `ip_address` -
	The IP address for the Instance. This is the connection endpoint for an end-user application.

	* `public_ip_address` -
	The public IP addresses for the Instance. This is available ONLY when
	networkConfig.enablePublicIp is set to true. This is the connection
	endpoint for an end-user application.

	* `terraform_labels` -
	The combination of labels configured directly on the resource
	and default labels configured on the provider.

	* `effective_labels` -
	All of labels (key/value pairs) present on the resource in GCP, including the labels configured through Terraform, other clients and services.

	* `effective_annotations` -
	All of annotations (key/value pairs) present on the resource in GCP, including the annotations configured through Terraform, other clients and services.


	## Timeouts

	This resource provides the following
	[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

	- `create` - Default is 120 minutes.
	- `update` - Default is 120 minutes.
	- `delete` - Default is 120 minutes.

	## Import


	Instance can be imported using any of these accepted formats:

	* `projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/instances/{{instance_id}}`
	* `{{project}}/{{location}}/{{cluster}}/{{instance_id}}`
	* `{{location}}/{{cluster}}/{{instance_id}}`


	In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Instance using one of the formats above. For example:

	```tf
	import {
	id = "projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/instances/{{instance_id}}"
	to = google_alloydb_instance.default
	}
	```

	When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Instance can be imported using one of the formats above. For example:

	```
	$ terraform import google_alloydb_instance.default projects/{{project}}/locations/{{location}}/clusters/{{cluster}}/instances/{{instance_id}}
	$ terraform import google_alloydb_instance.default {{project}}/{{location}}/{{cluster}}/{{instance_id}}
	$ terraform import google_alloydb_instance.default {{location}}/{{cluster}}/{{instance_id}}
	```