aws.acm.Certificate
Explore with Pulumi AI
The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager.
ACM certificates can be created in three ways: Amazon-issued, where AWS provides the certificate authority and automatically manages renewal; imported certificates, issued by another certificate authority; and private certificates, issued using an ACM Private Certificate Authority.
Amazon-Issued Certificates
For Amazon-issued certificates, this resource deals with requesting certificates and managing their attributes and life-cycle.
This resource does not deal with validation of a certificate but can provide inputs
for other resources implementing the validation.
It does not wait for a certificate to be issued.
Use a aws.acm.CertificateValidation
resource for this.
Most commonly, this resource is used together with aws.route53.Record
and
aws.acm.CertificateValidation
to request a DNS validated certificate,
deploy the required validation records and wait for validation to complete.
Domain validation through email is also supported but should be avoided as it requires a manual step outside of this provider.
Certificates Imported from Other Certificate Authority
Imported certificates can be used to make certificates created with an external certificate authority available for AWS services.
As they are not managed by AWS, imported certificates are not eligible for automatic renewal. New certificate materials can be supplied to an existing imported certificate to update it in place.
Private Certificates
Private certificates are issued by an ACM Private Certificate Authority, which can be created using the resource type aws.acmpca.CertificateAuthority
.
Private certificates created using this resource are eligible for managed renewal if they have been exported or associated with another AWS service.
See managed renewal documentation for more information.
By default, a certificate is valid for 395 days and the managed renewal process will start 60 days before expiration.
To renew the certificate earlier than 60 days before expiration, configure early_renewal_duration
.
Example Usage
Custom Domain Validation Options
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const cert = new aws.acm.Certificate("cert", {
domainName: "testing.example.com",
validationMethod: "EMAIL",
validationOptions: [{
domainName: "testing.example.com",
validationDomain: "example.com",
}],
});
import pulumi
import pulumi_aws as aws
cert = aws.acm.Certificate("cert",
domain_name="testing.example.com",
validation_method="EMAIL",
validation_options=[{
"domain_name": "testing.example.com",
"validation_domain": "example.com",
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := acm.NewCertificate(ctx, "cert", &acm.CertificateArgs{
DomainName: pulumi.String("testing.example.com"),
ValidationMethod: pulumi.String("EMAIL"),
ValidationOptions: acm.CertificateValidationOptionArray{
&acm.CertificateValidationOptionArgs{
DomainName: pulumi.String("testing.example.com"),
ValidationDomain: pulumi.String("example.com"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var cert = new Aws.Acm.Certificate("cert", new()
{
DomainName = "testing.example.com",
ValidationMethod = "EMAIL",
ValidationOptions = new[]
{
new Aws.Acm.Inputs.CertificateValidationOptionArgs
{
DomainName = "testing.example.com",
ValidationDomain = "example.com",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acm.Certificate;
import com.pulumi.aws.acm.CertificateArgs;
import com.pulumi.aws.acm.inputs.CertificateValidationOptionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cert = new Certificate("cert", CertificateArgs.builder()
.domainName("testing.example.com")
.validationMethod("EMAIL")
.validationOptions(CertificateValidationOptionArgs.builder()
.domainName("testing.example.com")
.validationDomain("example.com")
.build())
.build());
}
}
resources:
cert:
type: aws:acm:Certificate
properties:
domainName: testing.example.com
validationMethod: EMAIL
validationOptions:
- domainName: testing.example.com
validationDomain: example.com
Existing Certificate Body Import
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as tls from "@pulumi/tls";
const example = new tls.PrivateKey("example", {algorithm: "RSA"});
const exampleSelfSignedCert = new tls.SelfSignedCert("example", {
keyAlgorithm: "RSA",
privateKeyPem: example.privateKeyPem,
subject: {
commonName: "example.com",
organization: "ACME Examples, Inc",
},
validityPeriodHours: 12,
allowedUses: [
"key_encipherment",
"digital_signature",
"server_auth",
],
});
const cert = new aws.acm.Certificate("cert", {
privateKey: example.privateKeyPem,
certificateBody: exampleSelfSignedCert.certPem,
});
import pulumi
import pulumi_aws as aws
import pulumi_tls as tls
example = tls.PrivateKey("example", algorithm="RSA")
example_self_signed_cert = tls.SelfSignedCert("example",
key_algorithm="RSA",
private_key_pem=example.private_key_pem,
subject={
"common_name": "example.com",
"organization": "ACME Examples, Inc",
},
validity_period_hours=12,
allowed_uses=[
"key_encipherment",
"digital_signature",
"server_auth",
])
cert = aws.acm.Certificate("cert",
private_key=example.private_key_pem,
certificate_body=example_self_signed_cert.cert_pem)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acm"
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := tls.NewPrivateKey(ctx, "example", &tls.PrivateKeyArgs{
Algorithm: pulumi.String("RSA"),
})
if err != nil {
return err
}
exampleSelfSignedCert, err := tls.NewSelfSignedCert(ctx, "example", &tls.SelfSignedCertArgs{
KeyAlgorithm: pulumi.String("RSA"),
PrivateKeyPem: example.PrivateKeyPem,
Subject: &tls.SelfSignedCertSubjectArgs{
CommonName: pulumi.String("example.com"),
Organization: pulumi.String("ACME Examples, Inc"),
},
ValidityPeriodHours: pulumi.Int(12),
AllowedUses: pulumi.StringArray{
pulumi.String("key_encipherment"),
pulumi.String("digital_signature"),
pulumi.String("server_auth"),
},
})
if err != nil {
return err
}
_, err = acm.NewCertificate(ctx, "cert", &acm.CertificateArgs{
PrivateKey: example.PrivateKeyPem,
CertificateBody: exampleSelfSignedCert.CertPem,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Tls = Pulumi.Tls;
return await Deployment.RunAsync(() =>
{
var example = new Tls.PrivateKey("example", new()
{
Algorithm = "RSA",
});
var exampleSelfSignedCert = new Tls.SelfSignedCert("example", new()
{
KeyAlgorithm = "RSA",
PrivateKeyPem = example.PrivateKeyPem,
Subject = new Tls.Inputs.SelfSignedCertSubjectArgs
{
CommonName = "example.com",
Organization = "ACME Examples, Inc",
},
ValidityPeriodHours = 12,
AllowedUses = new[]
{
"key_encipherment",
"digital_signature",
"server_auth",
},
});
var cert = new Aws.Acm.Certificate("cert", new()
{
PrivateKey = example.PrivateKeyPem,
CertificateBody = exampleSelfSignedCert.CertPem,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tls.PrivateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.SelfSignedCert;
import com.pulumi.tls.SelfSignedCertArgs;
import com.pulumi.tls.inputs.SelfSignedCertSubjectArgs;
import com.pulumi.aws.acm.Certificate;
import com.pulumi.aws.acm.CertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new PrivateKey("example", PrivateKeyArgs.builder()
.algorithm("RSA")
.build());
var exampleSelfSignedCert = new SelfSignedCert("exampleSelfSignedCert", SelfSignedCertArgs.builder()
.keyAlgorithm("RSA")
.privateKeyPem(example.privateKeyPem())
.subject(SelfSignedCertSubjectArgs.builder()
.commonName("example.com")
.organization("ACME Examples, Inc")
.build())
.validityPeriodHours(12)
.allowedUses(
"key_encipherment",
"digital_signature",
"server_auth")
.build());
var cert = new Certificate("cert", CertificateArgs.builder()
.privateKey(example.privateKeyPem())
.certificateBody(exampleSelfSignedCert.certPem())
.build());
}
}
resources:
example:
type: tls:PrivateKey
properties:
algorithm: RSA
exampleSelfSignedCert:
type: tls:SelfSignedCert
name: example
properties:
keyAlgorithm: RSA
privateKeyPem: ${example.privateKeyPem}
subject:
commonName: example.com
organization: ACME Examples, Inc
validityPeriodHours: 12
allowedUses:
- key_encipherment
- digital_signature
- server_auth
cert:
type: aws:acm:Certificate
properties:
privateKey: ${example.privateKeyPem}
certificateBody: ${exampleSelfSignedCert.certPem}
Referencing domain_validation_options With for_each Based Resources
See the aws.acm.CertificateValidation
resource for a full example of performing DNS validation.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example: aws.route53.Record[] = [];
for (const range of Object.entries(.reduce((__obj, dvo) => ({ ...__obj, [dvo.domainName]: {
name: dvo.resourceRecordName,
record: dvo.resourceRecordValue,
type: dvo.resourceRecordType,
} }))).map(([k, v]) => ({key: k, value: v}))) {
example.push(new aws.route53.Record(`example-${range.key}`, {
allowOverwrite: true,
name: range.value.name,
records: [range.value.record],
ttl: 60,
type: aws.route53.RecordType[range.value.type],
zoneId: exampleAwsRoute53Zone.zoneId,
}));
}
import pulumi
import pulumi_aws as aws
example = []
for range in [{"key": k, "value": v} for [k, v] in enumerate({dvo.domain_name: {
name: dvo.resource_record_name,
record: dvo.resource_record_value,
type: dvo.resource_record_type,
} for dvo in example_aws_acm_certificate.domain_validation_options})]:
example.append(aws.route53.Record(f"example-{range['key']}",
allow_overwrite=True,
name=range["value"]["name"],
records=[range["value"]["record"]],
ttl=60,
type=aws.route53.RecordType(range["value"]["type"]),
zone_id=example_aws_route53_zone["zoneId"]))
Coming soon!
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new List<Aws.Route53.Record>();
foreach (var range in .ToDictionary(item => {
var dvo = item.Value;
return dvo.DomainName;
}, item => {
var dvo = item.Value;
return
{
{ "name", dvo.ResourceRecordName },
{ "record", dvo.ResourceRecordValue },
{ "type", dvo.ResourceRecordType },
};
}).Select(pair => new { pair.Key, pair.Value }))
{
example.Add(new Aws.Route53.Record($"example-{range.Key}", new()
{
AllowOverwrite = true,
Name = range.Value.Name,
Records = new[]
{
range.Value.Record,
},
Ttl = 60,
Type = System.Enum.Parse<Aws.Route53.RecordType>(range.Value.Type),
ZoneId = exampleAwsRoute53Zone.ZoneId,
}));
}
});
Coming soon!
resources:
example:
type: aws:route53:Record
properties:
allowOverwrite: true
name: ${range.value.name}
records:
- ${range.value.record}
ttl: 60
type: ${range.value.type}
zoneId: ${exampleAwsRoute53Zone.zoneId}
options: {}
Create Certificate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Certificate(name: string, args?: CertificateArgs, opts?: CustomResourceOptions);
@overload
def Certificate(resource_name: str,
args: Optional[CertificateArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Certificate(resource_name: str,
opts: Optional[ResourceOptions] = None,
certificate_authority_arn: Optional[str] = None,
certificate_body: Optional[str] = None,
certificate_chain: Optional[str] = None,
domain_name: Optional[str] = None,
early_renewal_duration: Optional[str] = None,
key_algorithm: Optional[str] = None,
options: Optional[CertificateOptionsArgs] = None,
private_key: Optional[str] = None,
subject_alternative_names: Optional[Sequence[str]] = None,
tags: Optional[Mapping[str, str]] = None,
validation_method: Optional[str] = None,
validation_options: Optional[Sequence[CertificateValidationOptionArgs]] = None)
func NewCertificate(ctx *Context, name string, args *CertificateArgs, opts ...ResourceOption) (*Certificate, error)
public Certificate(string name, CertificateArgs? args = null, CustomResourceOptions? opts = null)
public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
type: aws:acm:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var certificateResource = new Aws.Acm.Certificate("certificateResource", new()
{
CertificateAuthorityArn = "string",
CertificateBody = "string",
CertificateChain = "string",
DomainName = "string",
EarlyRenewalDuration = "string",
KeyAlgorithm = "string",
Options = new Aws.Acm.Inputs.CertificateOptionsArgs
{
CertificateTransparencyLoggingPreference = "string",
},
PrivateKey = "string",
SubjectAlternativeNames = new[]
{
"string",
},
Tags =
{
{ "string", "string" },
},
ValidationMethod = "string",
ValidationOptions = new[]
{
new Aws.Acm.Inputs.CertificateValidationOptionArgs
{
DomainName = "string",
ValidationDomain = "string",
},
},
});
example, err := acm.NewCertificate(ctx, "certificateResource", &acm.CertificateArgs{
CertificateAuthorityArn: pulumi.String("string"),
CertificateBody: pulumi.String("string"),
CertificateChain: pulumi.String("string"),
DomainName: pulumi.String("string"),
EarlyRenewalDuration: pulumi.String("string"),
KeyAlgorithm: pulumi.String("string"),
Options: &acm.CertificateOptionsArgs{
CertificateTransparencyLoggingPreference: pulumi.String("string"),
},
PrivateKey: pulumi.String("string"),
SubjectAlternativeNames: pulumi.StringArray{
pulumi.String("string"),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
ValidationMethod: pulumi.String("string"),
ValidationOptions: acm.CertificateValidationOptionArray{
&acm.CertificateValidationOptionArgs{
DomainName: pulumi.String("string"),
ValidationDomain: pulumi.String("string"),
},
},
})
var certificateResource = new Certificate("certificateResource", CertificateArgs.builder()
.certificateAuthorityArn("string")
.certificateBody("string")
.certificateChain("string")
.domainName("string")
.earlyRenewalDuration("string")
.keyAlgorithm("string")
.options(CertificateOptionsArgs.builder()
.certificateTransparencyLoggingPreference("string")
.build())
.privateKey("string")
.subjectAlternativeNames("string")
.tags(Map.of("string", "string"))
.validationMethod("string")
.validationOptions(CertificateValidationOptionArgs.builder()
.domainName("string")
.validationDomain("string")
.build())
.build());
certificate_resource = aws.acm.Certificate("certificateResource",
certificate_authority_arn="string",
certificate_body="string",
certificate_chain="string",
domain_name="string",
early_renewal_duration="string",
key_algorithm="string",
options={
"certificate_transparency_logging_preference": "string",
},
private_key="string",
subject_alternative_names=["string"],
tags={
"string": "string",
},
validation_method="string",
validation_options=[{
"domain_name": "string",
"validation_domain": "string",
}])
const certificateResource = new aws.acm.Certificate("certificateResource", {
certificateAuthorityArn: "string",
certificateBody: "string",
certificateChain: "string",
domainName: "string",
earlyRenewalDuration: "string",
keyAlgorithm: "string",
options: {
certificateTransparencyLoggingPreference: "string",
},
privateKey: "string",
subjectAlternativeNames: ["string"],
tags: {
string: "string",
},
validationMethod: "string",
validationOptions: [{
domainName: "string",
validationDomain: "string",
}],
});
type: aws:acm:Certificate
properties:
certificateAuthorityArn: string
certificateBody: string
certificateChain: string
domainName: string
earlyRenewalDuration: string
keyAlgorithm: string
options:
certificateTransparencyLoggingPreference: string
privateKey: string
subjectAlternativeNames:
- string
tags:
string: string
validationMethod: string
validationOptions:
- domainName: string
validationDomain: string
Certificate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Certificate resource accepts the following input properties:
- string
- ARN of an ACM PCA
- Certificate
Body string - Certificate's PEM-formatted public key
- Certificate
Chain string - Certificate's PEM-formatted chain
- Creating a private CA issued certificate
- Domain
Name string - Fully qualified domain name (FQDN) in the certificate.
- Early
Renewal stringDuration - Amount of time to start automatic renewal process before expiration.
Has no effect if less than 60 days.
Represented by either
a subset of RFC 3339 duration supporting years, months, and days (e.g.,
P90D
), or a string such as2160h
. - Key
Algorithm string - Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
- Options
Certificate
Options - Configuration block used to set certificate options. Detailed below.
- Private
Key string - Certificate's PEM-formatted private key
- Subject
Alternative List<string>Names - Set of domains that should be SANs in the issued certificate.
To remove all elements of a previously configured list, set this value equal to an empty list (
[]
) - Dictionary<string, string>
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Validation
Method string - Which method to use for validation.
DNS
orEMAIL
are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi. - Validation
Options List<CertificateValidation Option> - Configuration block used to specify information about the initial validation of each domain name. Detailed below.
- Importing an existing certificate
- string
- ARN of an ACM PCA
- Certificate
Body string - Certificate's PEM-formatted public key
- Certificate
Chain string - Certificate's PEM-formatted chain
- Creating a private CA issued certificate
- Domain
Name string - Fully qualified domain name (FQDN) in the certificate.
- Early
Renewal stringDuration - Amount of time to start automatic renewal process before expiration.
Has no effect if less than 60 days.
Represented by either
a subset of RFC 3339 duration supporting years, months, and days (e.g.,
P90D
), or a string such as2160h
. - Key
Algorithm string - Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
- Options
Certificate
Options Args - Configuration block used to set certificate options. Detailed below.
- Private
Key string - Certificate's PEM-formatted private key
- Subject
Alternative []stringNames - Set of domains that should be SANs in the issued certificate.
To remove all elements of a previously configured list, set this value equal to an empty list (
[]
) - map[string]string
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Validation
Method string - Which method to use for validation.
DNS
orEMAIL
are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi. - Validation
Options []CertificateValidation Option Args - Configuration block used to specify information about the initial validation of each domain name. Detailed below.
- Importing an existing certificate
- String
- ARN of an ACM PCA
- certificate
Body String - Certificate's PEM-formatted public key
- certificate
Chain String - Certificate's PEM-formatted chain
- Creating a private CA issued certificate
- domain
Name String - Fully qualified domain name (FQDN) in the certificate.
- early
Renewal StringDuration - Amount of time to start automatic renewal process before expiration.
Has no effect if less than 60 days.
Represented by either
a subset of RFC 3339 duration supporting years, months, and days (e.g.,
P90D
), or a string such as2160h
. - key
Algorithm String - Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
- options
Certificate
Options - Configuration block used to set certificate options. Detailed below.
- private
Key String - Certificate's PEM-formatted private key
- subject
Alternative List<String>Names - Set of domains that should be SANs in the issued certificate.
To remove all elements of a previously configured list, set this value equal to an empty list (
[]
) - Map<String,String>
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - validation
Method String - Which method to use for validation.
DNS
orEMAIL
are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi. - validation
Options List<CertificateValidation Option> - Configuration block used to specify information about the initial validation of each domain name. Detailed below.
- Importing an existing certificate
- string
- ARN of an ACM PCA
- certificate
Body string - Certificate's PEM-formatted public key
- certificate
Chain string - Certificate's PEM-formatted chain
- Creating a private CA issued certificate
- domain
Name string - Fully qualified domain name (FQDN) in the certificate.
- early
Renewal stringDuration - Amount of time to start automatic renewal process before expiration.
Has no effect if less than 60 days.
Represented by either
a subset of RFC 3339 duration supporting years, months, and days (e.g.,
P90D
), or a string such as2160h
. - key
Algorithm string - Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
- options
Certificate
Options - Configuration block used to set certificate options. Detailed below.
- private
Key string - Certificate's PEM-formatted private key
- subject
Alternative string[]Names - Set of domains that should be SANs in the issued certificate.
To remove all elements of a previously configured list, set this value equal to an empty list (
[]
) - {[key: string]: string}
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - validation
Method string - Which method to use for validation.
DNS
orEMAIL
are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi. - validation
Options CertificateValidation Option[] - Configuration block used to specify information about the initial validation of each domain name. Detailed below.
- Importing an existing certificate
- str
- ARN of an ACM PCA
- certificate_
body str - Certificate's PEM-formatted public key
- certificate_
chain str - Certificate's PEM-formatted chain
- Creating a private CA issued certificate
- domain_
name str - Fully qualified domain name (FQDN) in the certificate.
- early_
renewal_ strduration - Amount of time to start automatic renewal process before expiration.
Has no effect if less than 60 days.
Represented by either
a subset of RFC 3339 duration supporting years, months, and days (e.g.,
P90D
), or a string such as2160h
. - key_
algorithm str - Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
- options
Certificate
Options Args - Configuration block used to set certificate options. Detailed below.
- private_
key str - Certificate's PEM-formatted private key
- subject_
alternative_ Sequence[str]names - Set of domains that should be SANs in the issued certificate.
To remove all elements of a previously configured list, set this value equal to an empty list (
[]
) - Mapping[str, str]
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - validation_
method str - Which method to use for validation.
DNS
orEMAIL
are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi. - validation_
options Sequence[CertificateValidation Option Args] - Configuration block used to specify information about the initial validation of each domain name. Detailed below.
- Importing an existing certificate
- String
- ARN of an ACM PCA
- certificate
Body String - Certificate's PEM-formatted public key
- certificate
Chain String - Certificate's PEM-formatted chain
- Creating a private CA issued certificate
- domain
Name String - Fully qualified domain name (FQDN) in the certificate.
- early
Renewal StringDuration - Amount of time to start automatic renewal process before expiration.
Has no effect if less than 60 days.
Represented by either
a subset of RFC 3339 duration supporting years, months, and days (e.g.,
P90D
), or a string such as2160h
. - key
Algorithm String - Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
- options Property Map
- Configuration block used to set certificate options. Detailed below.
- private
Key String - Certificate's PEM-formatted private key
- subject
Alternative List<String>Names - Set of domains that should be SANs in the issued certificate.
To remove all elements of a previously configured list, set this value equal to an empty list (
[]
) - Map<String>
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - validation
Method String - Which method to use for validation.
DNS
orEMAIL
are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi. - validation
Options List<Property Map> - Configuration block used to specify information about the initial validation of each domain name. Detailed below.
- Importing an existing certificate
Outputs
All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:
- Arn string
- ARN of the certificate
- Domain
Validation List<CertificateOptions Domain Validation Option> - Set of domain validation objects which can be used to complete certificate validation.
Can have more than one element, e.g., if SANs are defined.
Only set if
DNS
-validation was used. - Id string
- The provider-assigned unique ID for this managed resource.
- Not
After string - Expiration date and time of the certificate.
- Not
Before string - Start of the validity period of the certificate.
- Pending
Renewal bool true
if a Private certificate eligible for managed renewal is within theearly_renewal_duration
period.- Renewal
Eligibility string - Whether the certificate is eligible for managed renewal.
- Renewal
Summaries List<CertificateRenewal Summary> - Contains information about the status of ACM's managed renewal for the certificate.
- Status string
- Status of the certificate.
- Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Type string
- Source of the certificate.
- Validation
Emails List<string> - List of addresses that received a validation email. Only set if
EMAIL
validation was used.
- Arn string
- ARN of the certificate
- Domain
Validation []CertificateOptions Domain Validation Option - Set of domain validation objects which can be used to complete certificate validation.
Can have more than one element, e.g., if SANs are defined.
Only set if
DNS
-validation was used. - Id string
- The provider-assigned unique ID for this managed resource.
- Not
After string - Expiration date and time of the certificate.
- Not
Before string - Start of the validity period of the certificate.
- Pending
Renewal bool true
if a Private certificate eligible for managed renewal is within theearly_renewal_duration
period.- Renewal
Eligibility string - Whether the certificate is eligible for managed renewal.
- Renewal
Summaries []CertificateRenewal Summary - Contains information about the status of ACM's managed renewal for the certificate.
- Status string
- Status of the certificate.
- map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Type string
- Source of the certificate.
- Validation
Emails []string - List of addresses that received a validation email. Only set if
EMAIL
validation was used.
- arn String
- ARN of the certificate
- domain
Validation List<CertificateOptions Domain Validation Option> - Set of domain validation objects which can be used to complete certificate validation.
Can have more than one element, e.g., if SANs are defined.
Only set if
DNS
-validation was used. - id String
- The provider-assigned unique ID for this managed resource.
- not
After String - Expiration date and time of the certificate.
- not
Before String - Start of the validity period of the certificate.
- pending
Renewal Boolean true
if a Private certificate eligible for managed renewal is within theearly_renewal_duration
period.- renewal
Eligibility String - Whether the certificate is eligible for managed renewal.
- renewal
Summaries List<CertificateRenewal Summary> - Contains information about the status of ACM's managed renewal for the certificate.
- status String
- Status of the certificate.
- Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - type String
- Source of the certificate.
- validation
Emails List<String> - List of addresses that received a validation email. Only set if
EMAIL
validation was used.
- arn string
- ARN of the certificate
- domain
Validation CertificateOptions Domain Validation Option[] - Set of domain validation objects which can be used to complete certificate validation.
Can have more than one element, e.g., if SANs are defined.
Only set if
DNS
-validation was used. - id string
- The provider-assigned unique ID for this managed resource.
- not
After string - Expiration date and time of the certificate.
- not
Before string - Start of the validity period of the certificate.
- pending
Renewal boolean true
if a Private certificate eligible for managed renewal is within theearly_renewal_duration
period.- renewal
Eligibility string - Whether the certificate is eligible for managed renewal.
- renewal
Summaries CertificateRenewal Summary[] - Contains information about the status of ACM's managed renewal for the certificate.
- status string
- Status of the certificate.
- {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - type string
- Source of the certificate.
- validation
Emails string[] - List of addresses that received a validation email. Only set if
EMAIL
validation was used.
- arn str
- ARN of the certificate
- domain_
validation_ Sequence[Certificateoptions Domain Validation Option] - Set of domain validation objects which can be used to complete certificate validation.
Can have more than one element, e.g., if SANs are defined.
Only set if
DNS
-validation was used. - id str
- The provider-assigned unique ID for this managed resource.
- not_
after str - Expiration date and time of the certificate.
- not_
before str - Start of the validity period of the certificate.
- pending_
renewal bool true
if a Private certificate eligible for managed renewal is within theearly_renewal_duration
period.- renewal_
eligibility str - Whether the certificate is eligible for managed renewal.
- renewal_
summaries Sequence[CertificateRenewal Summary] - Contains information about the status of ACM's managed renewal for the certificate.
- status str
- Status of the certificate.
- Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - type str
- Source of the certificate.
- validation_
emails Sequence[str] - List of addresses that received a validation email. Only set if
EMAIL
validation was used.
- arn String
- ARN of the certificate
- domain
Validation List<Property Map>Options - Set of domain validation objects which can be used to complete certificate validation.
Can have more than one element, e.g., if SANs are defined.
Only set if
DNS
-validation was used. - id String
- The provider-assigned unique ID for this managed resource.
- not
After String - Expiration date and time of the certificate.
- not
Before String - Start of the validity period of the certificate.
- pending
Renewal Boolean true
if a Private certificate eligible for managed renewal is within theearly_renewal_duration
period.- renewal
Eligibility String - Whether the certificate is eligible for managed renewal.
- renewal
Summaries List<Property Map> - Contains information about the status of ACM's managed renewal for the certificate.
- status String
- Status of the certificate.
- Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - type String
- Source of the certificate.
- validation
Emails List<String> - List of addresses that received a validation email. Only set if
EMAIL
validation was used.
Look up Existing Certificate Resource
Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
certificate_authority_arn: Optional[str] = None,
certificate_body: Optional[str] = None,
certificate_chain: Optional[str] = None,
domain_name: Optional[str] = None,
domain_validation_options: Optional[Sequence[CertificateDomainValidationOptionArgs]] = None,
early_renewal_duration: Optional[str] = None,
key_algorithm: Optional[str] = None,
not_after: Optional[str] = None,
not_before: Optional[str] = None,
options: Optional[CertificateOptionsArgs] = None,
pending_renewal: Optional[bool] = None,
private_key: Optional[str] = None,
renewal_eligibility: Optional[str] = None,
renewal_summaries: Optional[Sequence[CertificateRenewalSummaryArgs]] = None,
status: Optional[str] = None,
subject_alternative_names: Optional[Sequence[str]] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
type: Optional[str] = None,
validation_emails: Optional[Sequence[str]] = None,
validation_method: Optional[str] = None,
validation_options: Optional[Sequence[CertificateValidationOptionArgs]] = None) -> Certificate
func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)
public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)
public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- ARN of the certificate
- string
- ARN of an ACM PCA
- Certificate
Body string - Certificate's PEM-formatted public key
- Certificate
Chain string - Certificate's PEM-formatted chain
- Creating a private CA issued certificate
- Domain
Name string - Fully qualified domain name (FQDN) in the certificate.
- Domain
Validation List<CertificateOptions Domain Validation Option> - Set of domain validation objects which can be used to complete certificate validation.
Can have more than one element, e.g., if SANs are defined.
Only set if
DNS
-validation was used. - Early
Renewal stringDuration - Amount of time to start automatic renewal process before expiration.
Has no effect if less than 60 days.
Represented by either
a subset of RFC 3339 duration supporting years, months, and days (e.g.,
P90D
), or a string such as2160h
. - Key
Algorithm string - Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
- Not
After string - Expiration date and time of the certificate.
- Not
Before string - Start of the validity period of the certificate.
- Options
Certificate
Options - Configuration block used to set certificate options. Detailed below.
- Pending
Renewal bool true
if a Private certificate eligible for managed renewal is within theearly_renewal_duration
period.- Private
Key string - Certificate's PEM-formatted private key
- Renewal
Eligibility string - Whether the certificate is eligible for managed renewal.
- Renewal
Summaries List<CertificateRenewal Summary> - Contains information about the status of ACM's managed renewal for the certificate.
- Status string
- Status of the certificate.
- Subject
Alternative List<string>Names - Set of domains that should be SANs in the issued certificate.
To remove all elements of a previously configured list, set this value equal to an empty list (
[]
) - Dictionary<string, string>
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Type string
- Source of the certificate.
- Validation
Emails List<string> - List of addresses that received a validation email. Only set if
EMAIL
validation was used. - Validation
Method string - Which method to use for validation.
DNS
orEMAIL
are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi. - Validation
Options List<CertificateValidation Option> - Configuration block used to specify information about the initial validation of each domain name. Detailed below.
- Importing an existing certificate
- Arn string
- ARN of the certificate
- string
- ARN of an ACM PCA
- Certificate
Body string - Certificate's PEM-formatted public key
- Certificate
Chain string - Certificate's PEM-formatted chain
- Creating a private CA issued certificate
- Domain
Name string - Fully qualified domain name (FQDN) in the certificate.
- Domain
Validation []CertificateOptions Domain Validation Option Args - Set of domain validation objects which can be used to complete certificate validation.
Can have more than one element, e.g., if SANs are defined.
Only set if
DNS
-validation was used. - Early
Renewal stringDuration - Amount of time to start automatic renewal process before expiration.
Has no effect if less than 60 days.
Represented by either
a subset of RFC 3339 duration supporting years, months, and days (e.g.,
P90D
), or a string such as2160h
. - Key
Algorithm string - Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
- Not
After string - Expiration date and time of the certificate.
- Not
Before string - Start of the validity period of the certificate.
- Options
Certificate
Options Args - Configuration block used to set certificate options. Detailed below.
- Pending
Renewal bool true
if a Private certificate eligible for managed renewal is within theearly_renewal_duration
period.- Private
Key string - Certificate's PEM-formatted private key
- Renewal
Eligibility string - Whether the certificate is eligible for managed renewal.
- Renewal
Summaries []CertificateRenewal Summary Args - Contains information about the status of ACM's managed renewal for the certificate.
- Status string
- Status of the certificate.
- Subject
Alternative []stringNames - Set of domains that should be SANs in the issued certificate.
To remove all elements of a previously configured list, set this value equal to an empty list (
[]
) - map[string]string
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - Type string
- Source of the certificate.
- Validation
Emails []string - List of addresses that received a validation email. Only set if
EMAIL
validation was used. - Validation
Method string - Which method to use for validation.
DNS
orEMAIL
are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi. - Validation
Options []CertificateValidation Option Args - Configuration block used to specify information about the initial validation of each domain name. Detailed below.
- Importing an existing certificate
- arn String
- ARN of the certificate
- String
- ARN of an ACM PCA
- certificate
Body String - Certificate's PEM-formatted public key
- certificate
Chain String - Certificate's PEM-formatted chain
- Creating a private CA issued certificate
- domain
Name String - Fully qualified domain name (FQDN) in the certificate.
- domain
Validation List<CertificateOptions Domain Validation Option> - Set of domain validation objects which can be used to complete certificate validation.
Can have more than one element, e.g., if SANs are defined.
Only set if
DNS
-validation was used. - early
Renewal StringDuration - Amount of time to start automatic renewal process before expiration.
Has no effect if less than 60 days.
Represented by either
a subset of RFC 3339 duration supporting years, months, and days (e.g.,
P90D
), or a string such as2160h
. - key
Algorithm String - Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
- not
After String - Expiration date and time of the certificate.
- not
Before String - Start of the validity period of the certificate.
- options
Certificate
Options - Configuration block used to set certificate options. Detailed below.
- pending
Renewal Boolean true
if a Private certificate eligible for managed renewal is within theearly_renewal_duration
period.- private
Key String - Certificate's PEM-formatted private key
- renewal
Eligibility String - Whether the certificate is eligible for managed renewal.
- renewal
Summaries List<CertificateRenewal Summary> - Contains information about the status of ACM's managed renewal for the certificate.
- status String
- Status of the certificate.
- subject
Alternative List<String>Names - Set of domains that should be SANs in the issued certificate.
To remove all elements of a previously configured list, set this value equal to an empty list (
[]
) - Map<String,String>
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - type String
- Source of the certificate.
- validation
Emails List<String> - List of addresses that received a validation email. Only set if
EMAIL
validation was used. - validation
Method String - Which method to use for validation.
DNS
orEMAIL
are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi. - validation
Options List<CertificateValidation Option> - Configuration block used to specify information about the initial validation of each domain name. Detailed below.
- Importing an existing certificate
- arn string
- ARN of the certificate
- string
- ARN of an ACM PCA
- certificate
Body string - Certificate's PEM-formatted public key
- certificate
Chain string - Certificate's PEM-formatted chain
- Creating a private CA issued certificate
- domain
Name string - Fully qualified domain name (FQDN) in the certificate.
- domain
Validation CertificateOptions Domain Validation Option[] - Set of domain validation objects which can be used to complete certificate validation.
Can have more than one element, e.g., if SANs are defined.
Only set if
DNS
-validation was used. - early
Renewal stringDuration - Amount of time to start automatic renewal process before expiration.
Has no effect if less than 60 days.
Represented by either
a subset of RFC 3339 duration supporting years, months, and days (e.g.,
P90D
), or a string such as2160h
. - key
Algorithm string - Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
- not
After string - Expiration date and time of the certificate.
- not
Before string - Start of the validity period of the certificate.
- options
Certificate
Options - Configuration block used to set certificate options. Detailed below.
- pending
Renewal boolean true
if a Private certificate eligible for managed renewal is within theearly_renewal_duration
period.- private
Key string - Certificate's PEM-formatted private key
- renewal
Eligibility string - Whether the certificate is eligible for managed renewal.
- renewal
Summaries CertificateRenewal Summary[] - Contains information about the status of ACM's managed renewal for the certificate.
- status string
- Status of the certificate.
- subject
Alternative string[]Names - Set of domains that should be SANs in the issued certificate.
To remove all elements of a previously configured list, set this value equal to an empty list (
[]
) - {[key: string]: string}
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - type string
- Source of the certificate.
- validation
Emails string[] - List of addresses that received a validation email. Only set if
EMAIL
validation was used. - validation
Method string - Which method to use for validation.
DNS
orEMAIL
are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi. - validation
Options CertificateValidation Option[] - Configuration block used to specify information about the initial validation of each domain name. Detailed below.
- Importing an existing certificate
- arn str
- ARN of the certificate
- str
- ARN of an ACM PCA
- certificate_
body str - Certificate's PEM-formatted public key
- certificate_
chain str - Certificate's PEM-formatted chain
- Creating a private CA issued certificate
- domain_
name str - Fully qualified domain name (FQDN) in the certificate.
- domain_
validation_ Sequence[Certificateoptions Domain Validation Option Args] - Set of domain validation objects which can be used to complete certificate validation.
Can have more than one element, e.g., if SANs are defined.
Only set if
DNS
-validation was used. - early_
renewal_ strduration - Amount of time to start automatic renewal process before expiration.
Has no effect if less than 60 days.
Represented by either
a subset of RFC 3339 duration supporting years, months, and days (e.g.,
P90D
), or a string such as2160h
. - key_
algorithm str - Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
- not_
after str - Expiration date and time of the certificate.
- not_
before str - Start of the validity period of the certificate.
- options
Certificate
Options Args - Configuration block used to set certificate options. Detailed below.
- pending_
renewal bool true
if a Private certificate eligible for managed renewal is within theearly_renewal_duration
period.- private_
key str - Certificate's PEM-formatted private key
- renewal_
eligibility str - Whether the certificate is eligible for managed renewal.
- renewal_
summaries Sequence[CertificateRenewal Summary Args] - Contains information about the status of ACM's managed renewal for the certificate.
- status str
- Status of the certificate.
- subject_
alternative_ Sequence[str]names - Set of domains that should be SANs in the issued certificate.
To remove all elements of a previously configured list, set this value equal to an empty list (
[]
) - Mapping[str, str]
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - type str
- Source of the certificate.
- validation_
emails Sequence[str] - List of addresses that received a validation email. Only set if
EMAIL
validation was used. - validation_
method str - Which method to use for validation.
DNS
orEMAIL
are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi. - validation_
options Sequence[CertificateValidation Option Args] - Configuration block used to specify information about the initial validation of each domain name. Detailed below.
- Importing an existing certificate
- arn String
- ARN of the certificate
- String
- ARN of an ACM PCA
- certificate
Body String - Certificate's PEM-formatted public key
- certificate
Chain String - Certificate's PEM-formatted chain
- Creating a private CA issued certificate
- domain
Name String - Fully qualified domain name (FQDN) in the certificate.
- domain
Validation List<Property Map>Options - Set of domain validation objects which can be used to complete certificate validation.
Can have more than one element, e.g., if SANs are defined.
Only set if
DNS
-validation was used. - early
Renewal StringDuration - Amount of time to start automatic renewal process before expiration.
Has no effect if less than 60 days.
Represented by either
a subset of RFC 3339 duration supporting years, months, and days (e.g.,
P90D
), or a string such as2160h
. - key
Algorithm String - Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
- not
After String - Expiration date and time of the certificate.
- not
Before String - Start of the validity period of the certificate.
- options Property Map
- Configuration block used to set certificate options. Detailed below.
- pending
Renewal Boolean true
if a Private certificate eligible for managed renewal is within theearly_renewal_duration
period.- private
Key String - Certificate's PEM-formatted private key
- renewal
Eligibility String - Whether the certificate is eligible for managed renewal.
- renewal
Summaries List<Property Map> - Contains information about the status of ACM's managed renewal for the certificate.
- status String
- Status of the certificate.
- subject
Alternative List<String>Names - Set of domains that should be SANs in the issued certificate.
To remove all elements of a previously configured list, set this value equal to an empty list (
[]
) - Map<String>
- Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block. - type String
- Source of the certificate.
- validation
Emails List<String> - List of addresses that received a validation email. Only set if
EMAIL
validation was used. - validation
Method String - Which method to use for validation.
DNS
orEMAIL
are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi. - validation
Options List<Property Map> - Configuration block used to specify information about the initial validation of each domain name. Detailed below.
- Importing an existing certificate
Supporting Types
CertificateDomainValidationOption, CertificateDomainValidationOptionArgs
- Domain
Name string - Fully qualified domain name (FQDN) in the certificate.
- Resource
Record stringName - The name of the DNS record to create to validate the certificate
- Resource
Record stringType - The type of DNS record to create
- Resource
Record stringValue - The value the DNS record needs to have
- Domain
Name string - Fully qualified domain name (FQDN) in the certificate.
- Resource
Record stringName - The name of the DNS record to create to validate the certificate
- Resource
Record stringType - The type of DNS record to create
- Resource
Record stringValue - The value the DNS record needs to have
- domain
Name String - Fully qualified domain name (FQDN) in the certificate.
- resource
Record StringName - The name of the DNS record to create to validate the certificate
- resource
Record StringType - The type of DNS record to create
- resource
Record StringValue - The value the DNS record needs to have
- domain
Name string - Fully qualified domain name (FQDN) in the certificate.
- resource
Record stringName - The name of the DNS record to create to validate the certificate
- resource
Record stringType - The type of DNS record to create
- resource
Record stringValue - The value the DNS record needs to have
- domain_
name str - Fully qualified domain name (FQDN) in the certificate.
- resource_
record_ strname - The name of the DNS record to create to validate the certificate
- resource_
record_ strtype - The type of DNS record to create
- resource_
record_ strvalue - The value the DNS record needs to have
- domain
Name String - Fully qualified domain name (FQDN) in the certificate.
- resource
Record StringName - The name of the DNS record to create to validate the certificate
- resource
Record StringType - The type of DNS record to create
- resource
Record StringValue - The value the DNS record needs to have
CertificateOptions, CertificateOptionsArgs
- Certificate
Transparency stringLogging Preference - Whether certificate details should be added to a certificate transparency log. Valid values are
ENABLED
orDISABLED
. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.
- Certificate
Transparency stringLogging Preference - Whether certificate details should be added to a certificate transparency log. Valid values are
ENABLED
orDISABLED
. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.
- certificate
Transparency StringLogging Preference - Whether certificate details should be added to a certificate transparency log. Valid values are
ENABLED
orDISABLED
. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.
- certificate
Transparency stringLogging Preference - Whether certificate details should be added to a certificate transparency log. Valid values are
ENABLED
orDISABLED
. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.
- certificate_
transparency_ strlogging_ preference - Whether certificate details should be added to a certificate transparency log. Valid values are
ENABLED
orDISABLED
. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.
- certificate
Transparency StringLogging Preference - Whether certificate details should be added to a certificate transparency log. Valid values are
ENABLED
orDISABLED
. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.
CertificateRenewalSummary, CertificateRenewalSummaryArgs
- Renewal
Status string - The status of ACM's managed renewal of the certificate
- Renewal
Status stringReason - The reason that a renewal request was unsuccessful or is pending
- Updated
At string
- Renewal
Status string - The status of ACM's managed renewal of the certificate
- Renewal
Status stringReason - The reason that a renewal request was unsuccessful or is pending
- Updated
At string
- renewal
Status String - The status of ACM's managed renewal of the certificate
- renewal
Status StringReason - The reason that a renewal request was unsuccessful or is pending
- updated
At String
- renewal
Status string - The status of ACM's managed renewal of the certificate
- renewal
Status stringReason - The reason that a renewal request was unsuccessful or is pending
- updated
At string
- renewal_
status str - The status of ACM's managed renewal of the certificate
- renewal_
status_ strreason - The reason that a renewal request was unsuccessful or is pending
- updated_
at str
- renewal
Status String - The status of ACM's managed renewal of the certificate
- renewal
Status StringReason - The reason that a renewal request was unsuccessful or is pending
- updated
At String
CertificateValidationOption, CertificateValidationOptionArgs
- Domain
Name string - Fully qualified domain name (FQDN) in the certificate.
- Validation
Domain string - Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the
domain_name
value or a superdomain of thedomain_name
value. For example, if you request a certificate for"testing.example.com"
, you can specify"example.com"
for this value.
- Domain
Name string - Fully qualified domain name (FQDN) in the certificate.
- Validation
Domain string - Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the
domain_name
value or a superdomain of thedomain_name
value. For example, if you request a certificate for"testing.example.com"
, you can specify"example.com"
for this value.
- domain
Name String - Fully qualified domain name (FQDN) in the certificate.
- validation
Domain String - Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the
domain_name
value or a superdomain of thedomain_name
value. For example, if you request a certificate for"testing.example.com"
, you can specify"example.com"
for this value.
- domain
Name string - Fully qualified domain name (FQDN) in the certificate.
- validation
Domain string - Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the
domain_name
value or a superdomain of thedomain_name
value. For example, if you request a certificate for"testing.example.com"
, you can specify"example.com"
for this value.
- domain_
name str - Fully qualified domain name (FQDN) in the certificate.
- validation_
domain str - Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the
domain_name
value or a superdomain of thedomain_name
value. For example, if you request a certificate for"testing.example.com"
, you can specify"example.com"
for this value.
- domain
Name String - Fully qualified domain name (FQDN) in the certificate.
- validation
Domain String - Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the
domain_name
value or a superdomain of thedomain_name
value. For example, if you request a certificate for"testing.example.com"
, you can specify"example.com"
for this value.
Import
Using pulumi import
, import certificates using their ARN. For example:
$ pulumi import aws:acm/certificate:Certificate cert arn:aws:acm:eu-central-1:123456789012:certificate/7e7a28d2-163f-4b8f-b9cd-822f96c08d6a
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.