aws.apigateway.DomainName
Explore with Pulumi AI
Registers a custom domain name for use with AWS API Gateway. Additional information about this functionality can be found in the API Gateway Developer Guide.
This resource just establishes ownership of and the TLS settings for
a particular domain name. An API can be attached to a particular path
under the registered domain name using
the aws.apigateway.BasePathMapping
resource.
API Gateway domains can be defined as either ’edge-optimized’ or ‘regional’. In an edge-optimized configuration,
API Gateway internally creates and manages a CloudFront distribution to route requests on the given hostname. In
addition to this resource it’s necessary to create a DNS record corresponding to the given domain name which is an alias
(either Route53 alias or traditional CNAME) to the Cloudfront domain name exported in the cloudfront_domain_name
attribute.
In a regional configuration, API Gateway does not create a CloudFront distribution to route requests to the API, though
a distribution can be created if needed. In either case, it is necessary to create a DNS record corresponding to the
given domain name which is an alias (either Route53 alias or traditional CNAME) to the regional domain name exported in
the regional_domain_name
attribute.
Note: API Gateway requires the use of AWS Certificate Manager (ACM) certificates instead of Identity and Access Management (IAM) certificates in regions that support ACM. Regions that support ACM can be found in the Regions and Endpoints Documentation. To import an existing private key and certificate into ACM or request an ACM certificate, see the
aws.acm.Certificate
resource.
Note: The
aws.apigateway.DomainName
resource expects dependency on theaws.acm.CertificateValidation
as only verified certificates can be used. This can be made either explicitly by adding thedepends_on = [aws_acm_certificate_validation.cert]
attribute. Or implicitly by referring certificate ARN from the validation resource where it will be available after the resource creation:regional_certificate_arn = aws_acm_certificate_validation.cert.certificate_arn
.
Example Usage
Edge Optimized (ACM Certificate)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.apigateway.DomainName("example", {
certificateArn: exampleAwsAcmCertificateValidation.certificateArn,
domainName: "api.example.com",
});
// Example DNS record using Route53.
// Route53 is not specifically required; any DNS host can be used.
const exampleRecord = new aws.route53.Record("example", {
name: example.domainName,
type: aws.route53.RecordType.A,
zoneId: exampleAwsRoute53Zone.id,
aliases: [{
evaluateTargetHealth: true,
name: example.cloudfrontDomainName,
zoneId: example.cloudfrontZoneId,
}],
});
import pulumi
import pulumi_aws as aws
example = aws.apigateway.DomainName("example",
certificate_arn=example_aws_acm_certificate_validation["certificateArn"],
domain_name="api.example.com")
# Example DNS record using Route53.
# Route53 is not specifically required; any DNS host can be used.
example_record = aws.route53.Record("example",
name=example.domain_name,
type=aws.route53.RecordType.A,
zone_id=example_aws_route53_zone["id"],
aliases=[{
"evaluate_target_health": True,
"name": example.cloudfront_domain_name,
"zone_id": example.cloudfront_zone_id,
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := apigateway.NewDomainName(ctx, "example", &apigateway.DomainNameArgs{
CertificateArn: pulumi.Any(exampleAwsAcmCertificateValidation.CertificateArn),
DomainName: pulumi.String("api.example.com"),
})
if err != nil {
return err
}
// Example DNS record using Route53.
// Route53 is not specifically required; any DNS host can be used.
_, err = route53.NewRecord(ctx, "example", &route53.RecordArgs{
Name: example.DomainName,
Type: pulumi.String(route53.RecordTypeA),
ZoneId: pulumi.Any(exampleAwsRoute53Zone.Id),
Aliases: route53.RecordAliasArray{
&route53.RecordAliasArgs{
EvaluateTargetHealth: pulumi.Bool(true),
Name: example.CloudfrontDomainName,
ZoneId: example.CloudfrontZoneId,
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.ApiGateway.DomainName("example", new()
{
CertificateArn = exampleAwsAcmCertificateValidation.CertificateArn,
Domain = "api.example.com",
});
// Example DNS record using Route53.
// Route53 is not specifically required; any DNS host can be used.
var exampleRecord = new Aws.Route53.Record("example", new()
{
Name = example.Domain,
Type = Aws.Route53.RecordType.A,
ZoneId = exampleAwsRoute53Zone.Id,
Aliases = new[]
{
new Aws.Route53.Inputs.RecordAliasArgs
{
EvaluateTargetHealth = true,
Name = example.CloudfrontDomainName,
ZoneId = example.CloudfrontZoneId,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.apigateway.DomainName;
import com.pulumi.aws.apigateway.DomainNameArgs;
import com.pulumi.aws.route53.Record;
import com.pulumi.aws.route53.RecordArgs;
import com.pulumi.aws.route53.inputs.RecordAliasArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DomainName("example", DomainNameArgs.builder()
.certificateArn(exampleAwsAcmCertificateValidation.certificateArn())
.domainName("api.example.com")
.build());
// Example DNS record using Route53.
// Route53 is not specifically required; any DNS host can be used.
var exampleRecord = new Record("exampleRecord", RecordArgs.builder()
.name(example.domainName())
.type("A")
.zoneId(exampleAwsRoute53Zone.id())
.aliases(RecordAliasArgs.builder()
.evaluateTargetHealth(true)
.name(example.cloudfrontDomainName())
.zoneId(example.cloudfrontZoneId())
.build())
.build());
}
}
resources:
example:
type: aws:apigateway:DomainName
properties:
certificateArn: ${exampleAwsAcmCertificateValidation.certificateArn}
domainName: api.example.com
# Example DNS record using Route53.
# Route53 is not specifically required; any DNS host can be used.
exampleRecord:
type: aws:route53:Record
name: example
properties:
name: ${example.domainName}
type: A
zoneId: ${exampleAwsRoute53Zone.id}
aliases:
- evaluateTargetHealth: true
name: ${example.cloudfrontDomainName}
zoneId: ${example.cloudfrontZoneId}
Regional (ACM Certificate)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.apigateway.DomainName("example", {
domainName: "api.example.com",
regionalCertificateArn: exampleAwsAcmCertificateValidation.certificateArn,
endpointConfiguration: {
types: "REGIONAL",
},
});
// Example DNS record using Route53.
// Route53 is not specifically required; any DNS host can be used.
const exampleRecord = new aws.route53.Record("example", {
name: example.domainName,
type: aws.route53.RecordType.A,
zoneId: exampleAwsRoute53Zone.id,
aliases: [{
evaluateTargetHealth: true,
name: example.regionalDomainName,
zoneId: example.regionalZoneId,
}],
});
import pulumi
import pulumi_aws as aws
example = aws.apigateway.DomainName("example",
domain_name="api.example.com",
regional_certificate_arn=example_aws_acm_certificate_validation["certificateArn"],
endpoint_configuration={
"types": "REGIONAL",
})
# Example DNS record using Route53.
# Route53 is not specifically required; any DNS host can be used.
example_record = aws.route53.Record("example",
name=example.domain_name,
type=aws.route53.RecordType.A,
zone_id=example_aws_route53_zone["id"],
aliases=[{
"evaluate_target_health": True,
"name": example.regional_domain_name,
"zone_id": example.regional_zone_id,
}])
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := apigateway.NewDomainName(ctx, "example", &apigateway.DomainNameArgs{
DomainName: pulumi.String("api.example.com"),
RegionalCertificateArn: pulumi.Any(exampleAwsAcmCertificateValidation.CertificateArn),
EndpointConfiguration: &apigateway.DomainNameEndpointConfigurationArgs{
Types: pulumi.String("REGIONAL"),
},
})
if err != nil {
return err
}
// Example DNS record using Route53.
// Route53 is not specifically required; any DNS host can be used.
_, err = route53.NewRecord(ctx, "example", &route53.RecordArgs{
Name: example.DomainName,
Type: pulumi.String(route53.RecordTypeA),
ZoneId: pulumi.Any(exampleAwsRoute53Zone.Id),
Aliases: route53.RecordAliasArray{
&route53.RecordAliasArgs{
EvaluateTargetHealth: pulumi.Bool(true),
Name: example.RegionalDomainName,
ZoneId: example.RegionalZoneId,
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.ApiGateway.DomainName("example", new()
{
Domain = "api.example.com",
RegionalCertificateArn = exampleAwsAcmCertificateValidation.CertificateArn,
EndpointConfiguration = new Aws.ApiGateway.Inputs.DomainNameEndpointConfigurationArgs
{
Types = "REGIONAL",
},
});
// Example DNS record using Route53.
// Route53 is not specifically required; any DNS host can be used.
var exampleRecord = new Aws.Route53.Record("example", new()
{
Name = example.Domain,
Type = Aws.Route53.RecordType.A,
ZoneId = exampleAwsRoute53Zone.Id,
Aliases = new[]
{
new Aws.Route53.Inputs.RecordAliasArgs
{
EvaluateTargetHealth = true,
Name = example.RegionalDomainName,
ZoneId = example.RegionalZoneId,
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.apigateway.DomainName;
import com.pulumi.aws.apigateway.DomainNameArgs;
import com.pulumi.aws.apigateway.inputs.DomainNameEndpointConfigurationArgs;
import com.pulumi.aws.route53.Record;
import com.pulumi.aws.route53.RecordArgs;
import com.pulumi.aws.route53.inputs.RecordAliasArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new DomainName("example", DomainNameArgs.builder()
.domainName("api.example.com")
.regionalCertificateArn(exampleAwsAcmCertificateValidation.certificateArn())
.endpointConfiguration(DomainNameEndpointConfigurationArgs.builder()
.types("REGIONAL")
.build())
.build());
// Example DNS record using Route53.
// Route53 is not specifically required; any DNS host can be used.
var exampleRecord = new Record("exampleRecord", RecordArgs.builder()
.name(example.domainName())
.type("A")
.zoneId(exampleAwsRoute53Zone.id())
.aliases(RecordAliasArgs.builder()
.evaluateTargetHealth(true)
.name(example.regionalDomainName())
.zoneId(example.regionalZoneId())
.build())
.build());
}
}
resources:
example:
type: aws:apigateway:DomainName
properties:
domainName: api.example.com
regionalCertificateArn: ${exampleAwsAcmCertificateValidation.certificateArn}
endpointConfiguration:
types: REGIONAL
# Example DNS record using Route53.
# Route53 is not specifically required; any DNS host can be used.
exampleRecord:
type: aws:route53:Record
name: example
properties:
name: ${example.domainName}
type: A
zoneId: ${exampleAwsRoute53Zone.id}
aliases:
- evaluateTargetHealth: true
name: ${example.regionalDomainName}
zoneId: ${example.regionalZoneId}
Create DomainName Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new DomainName(name: string, args: DomainNameArgs, opts?: CustomResourceOptions);
@overload
def DomainName(resource_name: str,
args: DomainNameArgs,
opts: Optional[ResourceOptions] = None)
@overload
def DomainName(resource_name: str,
opts: Optional[ResourceOptions] = None,
domain_name: Optional[str] = None,
endpoint_configuration: Optional[DomainNameEndpointConfigurationArgs] = None,
certificate_chain: Optional[str] = None,
certificate_name: Optional[str] = None,
certificate_private_key: Optional[str] = None,
certificate_body: Optional[str] = None,
certificate_arn: Optional[str] = None,
mutual_tls_authentication: Optional[DomainNameMutualTlsAuthenticationArgs] = None,
ownership_verification_certificate_arn: Optional[str] = None,
regional_certificate_arn: Optional[str] = None,
regional_certificate_name: Optional[str] = None,
security_policy: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
func NewDomainName(ctx *Context, name string, args DomainNameArgs, opts ...ResourceOption) (*DomainName, error)
public DomainName(string name, DomainNameArgs args, CustomResourceOptions? opts = null)
public DomainName(String name, DomainNameArgs args)
public DomainName(String name, DomainNameArgs args, CustomResourceOptions options)
type: aws:apigateway:DomainName
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args DomainNameArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DomainNameArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DomainNameArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DomainNameArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DomainNameArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var domainNameResource = new Aws.ApiGateway.DomainName("domainNameResource", new()
{
Domain = "string",
EndpointConfiguration = new Aws.ApiGateway.Inputs.DomainNameEndpointConfigurationArgs
{
Types = "string",
},
CertificateChain = "string",
CertificateName = "string",
CertificatePrivateKey = "string",
CertificateBody = "string",
CertificateArn = "string",
MutualTlsAuthentication = new Aws.ApiGateway.Inputs.DomainNameMutualTlsAuthenticationArgs
{
TruststoreUri = "string",
TruststoreVersion = "string",
},
OwnershipVerificationCertificateArn = "string",
RegionalCertificateArn = "string",
RegionalCertificateName = "string",
SecurityPolicy = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := apigateway.NewDomainName(ctx, "domainNameResource", &apigateway.DomainNameArgs{
DomainName: pulumi.String("string"),
EndpointConfiguration: &apigateway.DomainNameEndpointConfigurationArgs{
Types: pulumi.String("string"),
},
CertificateChain: pulumi.String("string"),
CertificateName: pulumi.String("string"),
CertificatePrivateKey: pulumi.String("string"),
CertificateBody: pulumi.String("string"),
CertificateArn: pulumi.String("string"),
MutualTlsAuthentication: &apigateway.DomainNameMutualTlsAuthenticationArgs{
TruststoreUri: pulumi.String("string"),
TruststoreVersion: pulumi.String("string"),
},
OwnershipVerificationCertificateArn: pulumi.String("string"),
RegionalCertificateArn: pulumi.String("string"),
RegionalCertificateName: pulumi.String("string"),
SecurityPolicy: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var domainNameResource = new DomainName("domainNameResource", DomainNameArgs.builder()
.domainName("string")
.endpointConfiguration(DomainNameEndpointConfigurationArgs.builder()
.types("string")
.build())
.certificateChain("string")
.certificateName("string")
.certificatePrivateKey("string")
.certificateBody("string")
.certificateArn("string")
.mutualTlsAuthentication(DomainNameMutualTlsAuthenticationArgs.builder()
.truststoreUri("string")
.truststoreVersion("string")
.build())
.ownershipVerificationCertificateArn("string")
.regionalCertificateArn("string")
.regionalCertificateName("string")
.securityPolicy("string")
.tags(Map.of("string", "string"))
.build());
domain_name_resource = aws.apigateway.DomainName("domainNameResource",
domain_name="string",
endpoint_configuration={
"types": "string",
},
certificate_chain="string",
certificate_name="string",
certificate_private_key="string",
certificate_body="string",
certificate_arn="string",
mutual_tls_authentication={
"truststore_uri": "string",
"truststore_version": "string",
},
ownership_verification_certificate_arn="string",
regional_certificate_arn="string",
regional_certificate_name="string",
security_policy="string",
tags={
"string": "string",
})
const domainNameResource = new aws.apigateway.DomainName("domainNameResource", {
domainName: "string",
endpointConfiguration: {
types: "string",
},
certificateChain: "string",
certificateName: "string",
certificatePrivateKey: "string",
certificateBody: "string",
certificateArn: "string",
mutualTlsAuthentication: {
truststoreUri: "string",
truststoreVersion: "string",
},
ownershipVerificationCertificateArn: "string",
regionalCertificateArn: "string",
regionalCertificateName: "string",
securityPolicy: "string",
tags: {
string: "string",
},
});
type: aws:apigateway:DomainName
properties:
certificateArn: string
certificateBody: string
certificateChain: string
certificateName: string
certificatePrivateKey: string
domainName: string
endpointConfiguration:
types: string
mutualTlsAuthentication:
truststoreUri: string
truststoreVersion: string
ownershipVerificationCertificateArn: string
regionalCertificateArn: string
regionalCertificateName: string
securityPolicy: string
tags:
string: string
DomainName Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The DomainName resource accepts the following input properties:
- Domain string
- Fully-qualified domain name to register.
- Certificate
Arn string - ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
. - Certificate
Body string - Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - Certificate
Chain string - Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - Certificate
Name string - Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set. - Certificate
Private stringKey - Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - Endpoint
Configuration DomainName Endpoint Configuration - Configuration block defining API endpoint information including type. See below.
- Mutual
Tls DomainAuthentication Name Mutual Tls Authentication - Mutual TLS authentication configuration for the domain name. See below.
- Ownership
Verification stringCertificate Arn - ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.) - Regional
Certificate stringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- Regional
Certificate stringName - User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
. - Security
Policy string - Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection. - Dictionary<string, string>
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- Domain
Name string - Fully-qualified domain name to register.
- Certificate
Arn string - ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
. - Certificate
Body string - Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - Certificate
Chain string - Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - Certificate
Name string - Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set. - Certificate
Private stringKey - Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - Endpoint
Configuration DomainName Endpoint Configuration Args - Configuration block defining API endpoint information including type. See below.
- Mutual
Tls DomainAuthentication Name Mutual Tls Authentication Args - Mutual TLS authentication configuration for the domain name. See below.
- Ownership
Verification stringCertificate Arn - ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.) - Regional
Certificate stringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- Regional
Certificate stringName - User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
. - Security
Policy string - Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection. - map[string]string
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- domain
Name String - Fully-qualified domain name to register.
- certificate
Arn String - ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Body String - Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Chain String - Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Name String - Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set. - certificate
Private StringKey - Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - endpoint
Configuration DomainName Endpoint Configuration - Configuration block defining API endpoint information including type. See below.
- mutual
Tls DomainAuthentication Name Mutual Tls Authentication - Mutual TLS authentication configuration for the domain name. See below.
- ownership
Verification StringCertificate Arn - ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.) - regional
Certificate StringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional
Certificate StringName - User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
. - security
Policy String - Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection. - Map<String,String>
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- domain
Name string - Fully-qualified domain name to register.
- certificate
Arn string - ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Body string - Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Chain string - Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Name string - Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set. - certificate
Private stringKey - Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - endpoint
Configuration DomainName Endpoint Configuration - Configuration block defining API endpoint information including type. See below.
- mutual
Tls DomainAuthentication Name Mutual Tls Authentication - Mutual TLS authentication configuration for the domain name. See below.
- ownership
Verification stringCertificate Arn - ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.) - regional
Certificate stringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional
Certificate stringName - User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
. - security
Policy string - Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection. - {[key: string]: string}
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- domain_
name str - Fully-qualified domain name to register.
- certificate_
arn str - ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
. - certificate_
body str - Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate_
chain str - Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate_
name str - Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set. - certificate_
private_ strkey - Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - endpoint_
configuration DomainName Endpoint Configuration Args - Configuration block defining API endpoint information including type. See below.
- mutual_
tls_ Domainauthentication Name Mutual Tls Authentication Args - Mutual TLS authentication configuration for the domain name. See below.
- ownership_
verification_ strcertificate_ arn - ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.) - regional_
certificate_ strarn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional_
certificate_ strname - User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
. - security_
policy str - Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection. - Mapping[str, str]
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- domain
Name String - Fully-qualified domain name to register.
- certificate
Arn String - ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Body String - Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Chain String - Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Name String - Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set. - certificate
Private StringKey - Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - endpoint
Configuration Property Map - Configuration block defining API endpoint information including type. See below.
- mutual
Tls Property MapAuthentication - Mutual TLS authentication configuration for the domain name. See below.
- ownership
Verification StringCertificate Arn - ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.) - regional
Certificate StringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional
Certificate StringName - User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
. - security
Policy String - Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection. - Map<String>
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
Outputs
All input properties are implicitly available as output properties. Additionally, the DomainName resource produces the following output properties:
- Arn string
- ARN of domain name.
- Certificate
Upload stringDate - Upload date associated with the domain certificate.
- Cloudfront
Domain stringName - Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- Cloudfront
Zone stringId - For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution. - Id string
- The provider-assigned unique ID for this managed resource.
- Regional
Domain stringName - Hostname for the custom domain's regional endpoint.
- Regional
Zone stringId - Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Arn string
- ARN of domain name.
- Certificate
Upload stringDate - Upload date associated with the domain certificate.
- Cloudfront
Domain stringName - Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- Cloudfront
Zone stringId - For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution. - Id string
- The provider-assigned unique ID for this managed resource.
- Regional
Domain stringName - Hostname for the custom domain's regional endpoint.
- Regional
Zone stringId - Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- ARN of domain name.
- certificate
Upload StringDate - Upload date associated with the domain certificate.
- cloudfront
Domain StringName - Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront
Zone StringId - For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution. - id String
- The provider-assigned unique ID for this managed resource.
- regional
Domain StringName - Hostname for the custom domain's regional endpoint.
- regional
Zone StringId - Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn string
- ARN of domain name.
- certificate
Upload stringDate - Upload date associated with the domain certificate.
- cloudfront
Domain stringName - Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront
Zone stringId - For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution. - id string
- The provider-assigned unique ID for this managed resource.
- regional
Domain stringName - Hostname for the custom domain's regional endpoint.
- regional
Zone stringId - Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn str
- ARN of domain name.
- certificate_
upload_ strdate - Upload date associated with the domain certificate.
- cloudfront_
domain_ strname - Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront_
zone_ strid - For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution. - id str
- The provider-assigned unique ID for this managed resource.
- regional_
domain_ strname - Hostname for the custom domain's regional endpoint.
- regional_
zone_ strid - Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- ARN of domain name.
- certificate
Upload StringDate - Upload date associated with the domain certificate.
- cloudfront
Domain StringName - Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront
Zone StringId - For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution. - id String
- The provider-assigned unique ID for this managed resource.
- regional
Domain StringName - Hostname for the custom domain's regional endpoint.
- regional
Zone StringId - Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Look up Existing DomainName Resource
Get an existing DomainName resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DomainNameState, opts?: CustomResourceOptions): DomainName
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
certificate_arn: Optional[str] = None,
certificate_body: Optional[str] = None,
certificate_chain: Optional[str] = None,
certificate_name: Optional[str] = None,
certificate_private_key: Optional[str] = None,
certificate_upload_date: Optional[str] = None,
cloudfront_domain_name: Optional[str] = None,
cloudfront_zone_id: Optional[str] = None,
domain_name: Optional[str] = None,
endpoint_configuration: Optional[DomainNameEndpointConfigurationArgs] = None,
mutual_tls_authentication: Optional[DomainNameMutualTlsAuthenticationArgs] = None,
ownership_verification_certificate_arn: Optional[str] = None,
regional_certificate_arn: Optional[str] = None,
regional_certificate_name: Optional[str] = None,
regional_domain_name: Optional[str] = None,
regional_zone_id: Optional[str] = None,
security_policy: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None) -> DomainName
func GetDomainName(ctx *Context, name string, id IDInput, state *DomainNameState, opts ...ResourceOption) (*DomainName, error)
public static DomainName Get(string name, Input<string> id, DomainNameState? state, CustomResourceOptions? opts = null)
public static DomainName get(String name, Output<String> id, DomainNameState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
- ARN of domain name.
- Certificate
Arn string - ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
. - Certificate
Body string - Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - Certificate
Chain string - Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - Certificate
Name string - Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set. - Certificate
Private stringKey - Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - Certificate
Upload stringDate - Upload date associated with the domain certificate.
- Cloudfront
Domain stringName - Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- Cloudfront
Zone stringId - For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution. - Domain string
- Fully-qualified domain name to register.
- Endpoint
Configuration DomainName Endpoint Configuration - Configuration block defining API endpoint information including type. See below.
- Mutual
Tls DomainAuthentication Name Mutual Tls Authentication - Mutual TLS authentication configuration for the domain name. See below.
- Ownership
Verification stringCertificate Arn - ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.) - Regional
Certificate stringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- Regional
Certificate stringName - User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
. - Regional
Domain stringName - Hostname for the custom domain's regional endpoint.
- Regional
Zone stringId - Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- Security
Policy string - Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection. - Dictionary<string, string>
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Arn string
- ARN of domain name.
- Certificate
Arn string - ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
. - Certificate
Body string - Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - Certificate
Chain string - Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - Certificate
Name string - Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set. - Certificate
Private stringKey - Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - Certificate
Upload stringDate - Upload date associated with the domain certificate.
- Cloudfront
Domain stringName - Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- Cloudfront
Zone stringId - For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution. - Domain
Name string - Fully-qualified domain name to register.
- Endpoint
Configuration DomainName Endpoint Configuration Args - Configuration block defining API endpoint information including type. See below.
- Mutual
Tls DomainAuthentication Name Mutual Tls Authentication Args - Mutual TLS authentication configuration for the domain name. See below.
- Ownership
Verification stringCertificate Arn - ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.) - Regional
Certificate stringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- Regional
Certificate stringName - User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
. - Regional
Domain stringName - Hostname for the custom domain's regional endpoint.
- Regional
Zone stringId - Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- Security
Policy string - Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection. - map[string]string
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- ARN of domain name.
- certificate
Arn String - ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Body String - Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Chain String - Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Name String - Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set. - certificate
Private StringKey - Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Upload StringDate - Upload date associated with the domain certificate.
- cloudfront
Domain StringName - Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront
Zone StringId - For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution. - domain
Name String - Fully-qualified domain name to register.
- endpoint
Configuration DomainName Endpoint Configuration - Configuration block defining API endpoint information including type. See below.
- mutual
Tls DomainAuthentication Name Mutual Tls Authentication - Mutual TLS authentication configuration for the domain name. See below.
- ownership
Verification StringCertificate Arn - ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.) - regional
Certificate StringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional
Certificate StringName - User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
. - regional
Domain StringName - Hostname for the custom domain's regional endpoint.
- regional
Zone StringId - Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- security
Policy String - Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection. - Map<String,String>
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn string
- ARN of domain name.
- certificate
Arn string - ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Body string - Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Chain string - Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Name string - Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set. - certificate
Private stringKey - Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Upload stringDate - Upload date associated with the domain certificate.
- cloudfront
Domain stringName - Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront
Zone stringId - For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution. - domain
Name string - Fully-qualified domain name to register.
- endpoint
Configuration DomainName Endpoint Configuration - Configuration block defining API endpoint information including type. See below.
- mutual
Tls DomainAuthentication Name Mutual Tls Authentication - Mutual TLS authentication configuration for the domain name. See below.
- ownership
Verification stringCertificate Arn - ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.) - regional
Certificate stringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional
Certificate stringName - User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
. - regional
Domain stringName - Hostname for the custom domain's regional endpoint.
- regional
Zone stringId - Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- security
Policy string - Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection. - {[key: string]: string}
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn str
- ARN of domain name.
- certificate_
arn str - ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
. - certificate_
body str - Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate_
chain str - Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate_
name str - Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set. - certificate_
private_ strkey - Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate_
upload_ strdate - Upload date associated with the domain certificate.
- cloudfront_
domain_ strname - Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront_
zone_ strid - For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution. - domain_
name str - Fully-qualified domain name to register.
- endpoint_
configuration DomainName Endpoint Configuration Args - Configuration block defining API endpoint information including type. See below.
- mutual_
tls_ Domainauthentication Name Mutual Tls Authentication Args - Mutual TLS authentication configuration for the domain name. See below.
- ownership_
verification_ strcertificate_ arn - ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.) - regional_
certificate_ strarn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional_
certificate_ strname - User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
. - regional_
domain_ strname - Hostname for the custom domain's regional endpoint.
- regional_
zone_ strid - Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- security_
policy str - Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection. - Mapping[str, str]
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- arn String
- ARN of domain name.
- certificate
Arn String - ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Body String - Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Chain String - Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Name String - Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set. - certificate
Private StringKey - Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
. - certificate
Upload StringDate - Upload date associated with the domain certificate.
- cloudfront
Domain StringName - Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront
Zone StringId - For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution. - domain
Name String - Fully-qualified domain name to register.
- endpoint
Configuration Property Map - Configuration block defining API endpoint information including type. See below.
- mutual
Tls Property MapAuthentication - Mutual TLS authentication configuration for the domain name. See below.
- ownership
Verification StringCertificate Arn - ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.) - regional
Certificate StringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional
Certificate StringName - User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
. - regional
Domain StringName - Hostname for the custom domain's regional endpoint.
- regional
Zone StringId - Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- security
Policy String - Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection. - Map<String>
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Supporting Types
DomainNameEndpointConfiguration, DomainNameEndpointConfigurationArgs
- Types string
- List of endpoint types. This resource currently only supports managing a single value. Valid values:
EDGE
orREGIONAL
. If unspecified, defaults toEDGE
. Must be declared asREGIONAL
in non-Commercial partitions. Refer to the documentation for more information on the difference between edge-optimized and regional APIs.
- Types string
- List of endpoint types. This resource currently only supports managing a single value. Valid values:
EDGE
orREGIONAL
. If unspecified, defaults toEDGE
. Must be declared asREGIONAL
in non-Commercial partitions. Refer to the documentation for more information on the difference between edge-optimized and regional APIs.
- types String
- List of endpoint types. This resource currently only supports managing a single value. Valid values:
EDGE
orREGIONAL
. If unspecified, defaults toEDGE
. Must be declared asREGIONAL
in non-Commercial partitions. Refer to the documentation for more information on the difference between edge-optimized and regional APIs.
- types string
- List of endpoint types. This resource currently only supports managing a single value. Valid values:
EDGE
orREGIONAL
. If unspecified, defaults toEDGE
. Must be declared asREGIONAL
in non-Commercial partitions. Refer to the documentation for more information on the difference between edge-optimized and regional APIs.
- types str
- List of endpoint types. This resource currently only supports managing a single value. Valid values:
EDGE
orREGIONAL
. If unspecified, defaults toEDGE
. Must be declared asREGIONAL
in non-Commercial partitions. Refer to the documentation for more information on the difference between edge-optimized and regional APIs.
- types String
- List of endpoint types. This resource currently only supports managing a single value. Valid values:
EDGE
orREGIONAL
. If unspecified, defaults toEDGE
. Must be declared asREGIONAL
in non-Commercial partitions. Refer to the documentation for more information on the difference between edge-optimized and regional APIs.
DomainNameMutualTlsAuthentication, DomainNameMutualTlsAuthenticationArgs
- Truststore
Uri string - Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example,
s3://bucket-name/key-name
. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. - Truststore
Version string - Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.
- Truststore
Uri string - Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example,
s3://bucket-name/key-name
. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. - Truststore
Version string - Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.
- truststore
Uri String - Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example,
s3://bucket-name/key-name
. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. - truststore
Version String - Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.
- truststore
Uri string - Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example,
s3://bucket-name/key-name
. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. - truststore
Version string - Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.
- truststore_
uri str - Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example,
s3://bucket-name/key-name
. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. - truststore_
version str - Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.
- truststore
Uri String - Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example,
s3://bucket-name/key-name
. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. - truststore
Version String - Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.
Import
Using pulumi import
, import API Gateway domain names using their name
. For example:
$ pulumi import aws:apigateway/domainName:DomainName example dev.example.com
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.