AWS v6.60.0 published on Tuesday, Nov 19, 2024 by Pulumi
aws.acm.getCertificate
Explore with Pulumi AI
Use this data source to get the ARN of a certificate in AWS Certificate Manager (ACM). You can reference the certificate by domain or tags without having to hard code the ARNs as input.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Find a certificate that is issued
const issued = aws.acm.getCertificate({
domain: "tf.example.com",
statuses: ["ISSUED"],
});
// Find a certificate issued by (not imported into) ACM
const amazonIssued = aws.acm.getCertificate({
domain: "tf.example.com",
types: ["AMAZON_ISSUED"],
mostRecent: true,
});
// Find a RSA 4096 bit certificate
const rsa4096 = aws.acm.getCertificate({
domain: "tf.example.com",
keyTypes: ["RSA_4096"],
});
import pulumi
import pulumi_aws as aws
# Find a certificate that is issued
issued = aws.acm.get_certificate(domain="tf.example.com",
statuses=["ISSUED"])
# Find a certificate issued by (not imported into) ACM
amazon_issued = aws.acm.get_certificate(domain="tf.example.com",
types=["AMAZON_ISSUED"],
most_recent=True)
# Find a RSA 4096 bit certificate
rsa4096 = aws.acm.get_certificate(domain="tf.example.com",
key_types=["RSA_4096"])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Find a certificate that is issued
_, err := acm.LookupCertificate(ctx, &acm.LookupCertificateArgs{
Domain: pulumi.StringRef("tf.example.com"),
Statuses: []string{
"ISSUED",
},
}, nil)
if err != nil {
return err
}
// Find a certificate issued by (not imported into) ACM
_, err = acm.LookupCertificate(ctx, &acm.LookupCertificateArgs{
Domain: pulumi.StringRef("tf.example.com"),
Types: []string{
"AMAZON_ISSUED",
},
MostRecent: pulumi.BoolRef(true),
}, nil)
if err != nil {
return err
}
// Find a RSA 4096 bit certificate
_, err = acm.LookupCertificate(ctx, &acm.LookupCertificateArgs{
Domain: pulumi.StringRef("tf.example.com"),
KeyTypes: []string{
"RSA_4096",
},
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
// Find a certificate that is issued
var issued = Aws.Acm.GetCertificate.Invoke(new()
{
Domain = "tf.example.com",
Statuses = new[]
{
"ISSUED",
},
});
// Find a certificate issued by (not imported into) ACM
var amazonIssued = Aws.Acm.GetCertificate.Invoke(new()
{
Domain = "tf.example.com",
Types = new[]
{
"AMAZON_ISSUED",
},
MostRecent = true,
});
// Find a RSA 4096 bit certificate
var rsa4096 = Aws.Acm.GetCertificate.Invoke(new()
{
Domain = "tf.example.com",
KeyTypes = new[]
{
"RSA_4096",
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acm.AcmFunctions;
import com.pulumi.aws.acm.inputs.GetCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
// Find a certificate that is issued
final var issued = AcmFunctions.getCertificate(GetCertificateArgs.builder()
.domain("tf.example.com")
.statuses("ISSUED")
.build());
// Find a certificate issued by (not imported into) ACM
final var amazonIssued = AcmFunctions.getCertificate(GetCertificateArgs.builder()
.domain("tf.example.com")
.types("AMAZON_ISSUED")
.mostRecent(true)
.build());
// Find a RSA 4096 bit certificate
final var rsa4096 = AcmFunctions.getCertificate(GetCertificateArgs.builder()
.domain("tf.example.com")
.keyTypes("RSA_4096")
.build());
}
}
variables:
# Find a certificate that is issued
issued:
fn::invoke:
Function: aws:acm:getCertificate
Arguments:
domain: tf.example.com
statuses:
- ISSUED
# Find a certificate issued by (not imported into) ACM
amazonIssued:
fn::invoke:
Function: aws:acm:getCertificate
Arguments:
domain: tf.example.com
types:
- AMAZON_ISSUED
mostRecent: true
# Find a RSA 4096 bit certificate
rsa4096:
fn::invoke:
Function: aws:acm:getCertificate
Arguments:
domain: tf.example.com
keyTypes:
- RSA_4096
Using getCertificate
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getCertificate(args: GetCertificateArgs, opts?: InvokeOptions): Promise<GetCertificateResult>
function getCertificateOutput(args: GetCertificateOutputArgs, opts?: InvokeOptions): Output<GetCertificateResult>
def get_certificate(domain: Optional[str] = None,
key_types: Optional[Sequence[str]] = None,
most_recent: Optional[bool] = None,
statuses: Optional[Sequence[str]] = None,
tags: Optional[Mapping[str, str]] = None,
types: Optional[Sequence[str]] = None,
opts: Optional[InvokeOptions] = None) -> GetCertificateResult
def get_certificate_output(domain: Optional[pulumi.Input[str]] = None,
key_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
most_recent: Optional[pulumi.Input[bool]] = None,
statuses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetCertificateResult]
func LookupCertificate(ctx *Context, args *LookupCertificateArgs, opts ...InvokeOption) (*LookupCertificateResult, error)
func LookupCertificateOutput(ctx *Context, args *LookupCertificateOutputArgs, opts ...InvokeOption) LookupCertificateResultOutput
> Note: This function is named LookupCertificate
in the Go SDK.
public static class GetCertificate
{
public static Task<GetCertificateResult> InvokeAsync(GetCertificateArgs args, InvokeOptions? opts = null)
public static Output<GetCertificateResult> Invoke(GetCertificateInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetCertificateResult> getCertificate(GetCertificateArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: aws:acm/getCertificate:getCertificate
arguments:
# arguments dictionary
The following arguments are supported:
- Domain string
- Domain of the certificate to look up. If set and no certificate is found with this name, an error will be returned.
- Key
Types List<string> - List of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. See the ACM API Reference for supported key algorithms.
- Most
Recent bool - If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.
- Statuses List<string>
- List of statuses on which to filter the returned list. Valid values are
PENDING_VALIDATION
,ISSUED
,INACTIVE
,EXPIRED
,VALIDATION_TIMED_OUT
,REVOKED
andFAILED
. If no value is specified, only certificates in theISSUED
state are returned. - Dictionary<string, string>
- A mapping of tags, each pair of which must exactly match a pair on the desired certificates.
- Types List<string>
- List of types on which to filter the returned list. Valid values are
AMAZON_ISSUED
,PRIVATE
, andIMPORTED
.
- Domain string
- Domain of the certificate to look up. If set and no certificate is found with this name, an error will be returned.
- Key
Types []string - List of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. See the ACM API Reference for supported key algorithms.
- Most
Recent bool - If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.
- Statuses []string
- List of statuses on which to filter the returned list. Valid values are
PENDING_VALIDATION
,ISSUED
,INACTIVE
,EXPIRED
,VALIDATION_TIMED_OUT
,REVOKED
andFAILED
. If no value is specified, only certificates in theISSUED
state are returned. - map[string]string
- A mapping of tags, each pair of which must exactly match a pair on the desired certificates.
- Types []string
- List of types on which to filter the returned list. Valid values are
AMAZON_ISSUED
,PRIVATE
, andIMPORTED
.
- domain String
- Domain of the certificate to look up. If set and no certificate is found with this name, an error will be returned.
- key
Types List<String> - List of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. See the ACM API Reference for supported key algorithms.
- most
Recent Boolean - If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.
- statuses List<String>
- List of statuses on which to filter the returned list. Valid values are
PENDING_VALIDATION
,ISSUED
,INACTIVE
,EXPIRED
,VALIDATION_TIMED_OUT
,REVOKED
andFAILED
. If no value is specified, only certificates in theISSUED
state are returned. - Map<String,String>
- A mapping of tags, each pair of which must exactly match a pair on the desired certificates.
- types List<String>
- List of types on which to filter the returned list. Valid values are
AMAZON_ISSUED
,PRIVATE
, andIMPORTED
.
- domain string
- Domain of the certificate to look up. If set and no certificate is found with this name, an error will be returned.
- key
Types string[] - List of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. See the ACM API Reference for supported key algorithms.
- most
Recent boolean - If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.
- statuses string[]
- List of statuses on which to filter the returned list. Valid values are
PENDING_VALIDATION
,ISSUED
,INACTIVE
,EXPIRED
,VALIDATION_TIMED_OUT
,REVOKED
andFAILED
. If no value is specified, only certificates in theISSUED
state are returned. - {[key: string]: string}
- A mapping of tags, each pair of which must exactly match a pair on the desired certificates.
- types string[]
- List of types on which to filter the returned list. Valid values are
AMAZON_ISSUED
,PRIVATE
, andIMPORTED
.
- domain str
- Domain of the certificate to look up. If set and no certificate is found with this name, an error will be returned.
- key_
types Sequence[str] - List of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. See the ACM API Reference for supported key algorithms.
- most_
recent bool - If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.
- statuses Sequence[str]
- List of statuses on which to filter the returned list. Valid values are
PENDING_VALIDATION
,ISSUED
,INACTIVE
,EXPIRED
,VALIDATION_TIMED_OUT
,REVOKED
andFAILED
. If no value is specified, only certificates in theISSUED
state are returned. - Mapping[str, str]
- A mapping of tags, each pair of which must exactly match a pair on the desired certificates.
- types Sequence[str]
- List of types on which to filter the returned list. Valid values are
AMAZON_ISSUED
,PRIVATE
, andIMPORTED
.
- domain String
- Domain of the certificate to look up. If set and no certificate is found with this name, an error will be returned.
- key
Types List<String> - List of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. See the ACM API Reference for supported key algorithms.
- most
Recent Boolean - If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.
- statuses List<String>
- List of statuses on which to filter the returned list. Valid values are
PENDING_VALIDATION
,ISSUED
,INACTIVE
,EXPIRED
,VALIDATION_TIMED_OUT
,REVOKED
andFAILED
. If no value is specified, only certificates in theISSUED
state are returned. - Map<String>
- A mapping of tags, each pair of which must exactly match a pair on the desired certificates.
- types List<String>
- List of types on which to filter the returned list. Valid values are
AMAZON_ISSUED
,PRIVATE
, andIMPORTED
.
getCertificate Result
The following output properties are available:
- Arn string
- ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.
- Certificate string
- ACM-issued certificate.
- Certificate
Chain string - Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
- Domain string
- Id string
- The provider-assigned unique ID for this managed resource.
- Status string
- Status of the found certificate.
- Dictionary<string, string>
- Mapping of tags for the resource.
- Key
Types List<string> - Most
Recent bool - Statuses List<string>
- Types List<string>
- Arn string
- ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.
- Certificate string
- ACM-issued certificate.
- Certificate
Chain string - Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
- Domain string
- Id string
- The provider-assigned unique ID for this managed resource.
- Status string
- Status of the found certificate.
- map[string]string
- Mapping of tags for the resource.
- Key
Types []string - Most
Recent bool - Statuses []string
- Types []string
- arn String
- ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.
- certificate String
- ACM-issued certificate.
- certificate
Chain String - Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
- domain String
- id String
- The provider-assigned unique ID for this managed resource.
- status String
- Status of the found certificate.
- Map<String,String>
- Mapping of tags for the resource.
- key
Types List<String> - most
Recent Boolean - statuses List<String>
- types List<String>
- arn string
- ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.
- certificate string
- ACM-issued certificate.
- certificate
Chain string - Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
- domain string
- id string
- The provider-assigned unique ID for this managed resource.
- status string
- Status of the found certificate.
- {[key: string]: string}
- Mapping of tags for the resource.
- key
Types string[] - most
Recent boolean - statuses string[]
- types string[]
- arn str
- ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.
- certificate str
- ACM-issued certificate.
- certificate_
chain str - Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
- domain str
- id str
- The provider-assigned unique ID for this managed resource.
- status str
- Status of the found certificate.
- Mapping[str, str]
- Mapping of tags for the resource.
- key_
types Sequence[str] - most_
recent bool - statuses Sequence[str]
- types Sequence[str]
- arn String
- ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.
- certificate String
- ACM-issued certificate.
- certificate
Chain String - Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
- domain String
- id String
- The provider-assigned unique ID for this managed resource.
- status String
- Status of the found certificate.
- Map<String>
- Mapping of tags for the resource.
- key
Types List<String> - most
Recent Boolean - statuses List<String>
- types List<String>
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.