1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. iot
  5. Certificate

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

aws-native.iot.Certificate

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

    Use the AWS::IoT::Certificate resource to declare an AWS IoT X.509 certificate.

    Create Certificate Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);
    @overload
    def Certificate(resource_name: str,
                    args: CertificateArgs,
                    opts: Optional[ResourceOptions] = None)
    
    @overload
    def Certificate(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    status: Optional[CertificateStatus] = None,
                    ca_certificate_pem: Optional[str] = None,
                    certificate_mode: Optional[CertificateMode] = None,
                    certificate_pem: Optional[str] = None,
                    certificate_signing_request: Optional[str] = None)
    func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)
    public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)
    public Certificate(String name, CertificateArgs args)
    public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
    
    type: aws-native:iot:Certificate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Certificate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Certificate resource accepts the following input properties:

    Status Pulumi.AwsNative.IoT.CertificateStatus

    The status of the certificate.

    Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION.

    The status value REGISTER_INACTIVE is deprecated and should not be used.

    CaCertificatePem string
    The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.
    CertificateMode Pulumi.AwsNative.IoT.CertificateMode

    Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest.

    DEFAULT : A certificate in DEFAULT mode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates in DEFAULT mode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core .

    SNI_ONLY : A certificate in SNI_ONLY mode is registered without an issuer CA. Devices with certificates in SNI_ONLY mode must send the SNI extension when connecting to AWS IoT Core .

    CertificatePem string
    The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration.
    CertificateSigningRequest string
    The certificate signing request (CSR).
    Status CertificateStatus

    The status of the certificate.

    Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION.

    The status value REGISTER_INACTIVE is deprecated and should not be used.

    CaCertificatePem string
    The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.
    CertificateMode CertificateMode

    Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest.

    DEFAULT : A certificate in DEFAULT mode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates in DEFAULT mode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core .

    SNI_ONLY : A certificate in SNI_ONLY mode is registered without an issuer CA. Devices with certificates in SNI_ONLY mode must send the SNI extension when connecting to AWS IoT Core .

    CertificatePem string
    The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration.
    CertificateSigningRequest string
    The certificate signing request (CSR).
    status CertificateStatus

    The status of the certificate.

    Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION.

    The status value REGISTER_INACTIVE is deprecated and should not be used.

    caCertificatePem String
    The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.
    certificateMode CertificateMode

    Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest.

    DEFAULT : A certificate in DEFAULT mode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates in DEFAULT mode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core .

    SNI_ONLY : A certificate in SNI_ONLY mode is registered without an issuer CA. Devices with certificates in SNI_ONLY mode must send the SNI extension when connecting to AWS IoT Core .

    certificatePem String
    The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration.
    certificateSigningRequest String
    The certificate signing request (CSR).
    status CertificateStatus

    The status of the certificate.

    Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION.

    The status value REGISTER_INACTIVE is deprecated and should not be used.

    caCertificatePem string
    The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.
    certificateMode CertificateMode

    Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest.

    DEFAULT : A certificate in DEFAULT mode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates in DEFAULT mode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core .

    SNI_ONLY : A certificate in SNI_ONLY mode is registered without an issuer CA. Devices with certificates in SNI_ONLY mode must send the SNI extension when connecting to AWS IoT Core .

    certificatePem string
    The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration.
    certificateSigningRequest string
    The certificate signing request (CSR).
    status CertificateStatus

    The status of the certificate.

    Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION.

    The status value REGISTER_INACTIVE is deprecated and should not be used.

    ca_certificate_pem str
    The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.
    certificate_mode CertificateMode

    Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest.

    DEFAULT : A certificate in DEFAULT mode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates in DEFAULT mode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core .

    SNI_ONLY : A certificate in SNI_ONLY mode is registered without an issuer CA. Devices with certificates in SNI_ONLY mode must send the SNI extension when connecting to AWS IoT Core .

    certificate_pem str
    The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration.
    certificate_signing_request str
    The certificate signing request (CSR).
    status "ACTIVE" | "INACTIVE" | "REVOKED" | "PENDING_TRANSFER" | "PENDING_ACTIVATION"

    The status of the certificate.

    Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION.

    The status value REGISTER_INACTIVE is deprecated and should not be used.

    caCertificatePem String
    The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.
    certificateMode "DEFAULT" | "SNI_ONLY"

    Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest.

    DEFAULT : A certificate in DEFAULT mode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates in DEFAULT mode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core .

    SNI_ONLY : A certificate in SNI_ONLY mode is registered without an issuer CA. Devices with certificates in SNI_ONLY mode must send the SNI extension when connecting to AWS IoT Core .

    certificatePem String
    The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration.
    certificateSigningRequest String
    The certificate signing request (CSR).

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

    Arn string

    Returns the Amazon Resource Name (ARN) for the certificate. For example:

    { "Fn::GetAtt": ["MyCertificate", "Arn"] }

    A value similar to the following is returned:

    arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2

    AwsId string
    The certificate ID.
    Id string
    The provider-assigned unique ID for this managed resource.
    Arn string

    Returns the Amazon Resource Name (ARN) for the certificate. For example:

    { "Fn::GetAtt": ["MyCertificate", "Arn"] }

    A value similar to the following is returned:

    arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2

    AwsId string
    The certificate ID.
    Id string
    The provider-assigned unique ID for this managed resource.
    arn String

    Returns the Amazon Resource Name (ARN) for the certificate. For example:

    { "Fn::GetAtt": ["MyCertificate", "Arn"] }

    A value similar to the following is returned:

    arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2

    awsId String
    The certificate ID.
    id String
    The provider-assigned unique ID for this managed resource.
    arn string

    Returns the Amazon Resource Name (ARN) for the certificate. For example:

    { "Fn::GetAtt": ["MyCertificate", "Arn"] }

    A value similar to the following is returned:

    arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2

    awsId string
    The certificate ID.
    id string
    The provider-assigned unique ID for this managed resource.
    arn str

    Returns the Amazon Resource Name (ARN) for the certificate. For example:

    { "Fn::GetAtt": ["MyCertificate", "Arn"] }

    A value similar to the following is returned:

    arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2

    aws_id str
    The certificate ID.
    id str
    The provider-assigned unique ID for this managed resource.
    arn String

    Returns the Amazon Resource Name (ARN) for the certificate. For example:

    { "Fn::GetAtt": ["MyCertificate", "Arn"] }

    A value similar to the following is returned:

    arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2

    awsId String
    The certificate ID.
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    CertificateMode, CertificateModeArgs

    Default
    DEFAULT
    SniOnly
    SNI_ONLY
    CertificateModeDefault
    DEFAULT
    CertificateModeSniOnly
    SNI_ONLY
    Default
    DEFAULT
    SniOnly
    SNI_ONLY
    Default
    DEFAULT
    SniOnly
    SNI_ONLY
    DEFAULT
    DEFAULT
    SNI_ONLY
    SNI_ONLY
    "DEFAULT"
    DEFAULT
    "SNI_ONLY"
    SNI_ONLY

    CertificateStatus, CertificateStatusArgs

    Active
    ACTIVE
    Inactive
    INACTIVE
    Revoked
    REVOKED
    PendingTransfer
    PENDING_TRANSFER
    PendingActivation
    PENDING_ACTIVATION
    CertificateStatusActive
    ACTIVE
    CertificateStatusInactive
    INACTIVE
    CertificateStatusRevoked
    REVOKED
    CertificateStatusPendingTransfer
    PENDING_TRANSFER
    CertificateStatusPendingActivation
    PENDING_ACTIVATION
    Active
    ACTIVE
    Inactive
    INACTIVE
    Revoked
    REVOKED
    PendingTransfer
    PENDING_TRANSFER
    PendingActivation
    PENDING_ACTIVATION
    Active
    ACTIVE
    Inactive
    INACTIVE
    Revoked
    REVOKED
    PendingTransfer
    PENDING_TRANSFER
    PendingActivation
    PENDING_ACTIVATION
    ACTIVE
    ACTIVE
    INACTIVE
    INACTIVE
    REVOKED
    REVOKED
    PENDING_TRANSFER
    PENDING_TRANSFER
    PENDING_ACTIVATION
    PENDING_ACTIVATION
    "ACTIVE"
    ACTIVE
    "INACTIVE"
    INACTIVE
    "REVOKED"
    REVOKED
    "PENDING_TRANSFER"
    PENDING_TRANSFER
    "PENDING_ACTIVATION"
    PENDING_ACTIVATION

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi