1. Packages
  2. AWS Classic
  3. API Docs
  4. acmpca
  5. Certificate

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi

aws.acmpca.Certificate

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi

    Provides a resource to issue a certificate using AWS Certificate Manager Private Certificate Authority (ACM PCA).

    Certificates created using aws.acmpca.Certificate are not eligible for automatic renewal, and must be replaced instead. To issue a renewable certificate using an ACM PCA, create a aws.acm.Certificate with the parameter certificate_authority_arn.

    Example Usage

    Basic

    Coming soon!```
    </pulumi-choosable>
    </div>
    <div>
    <pulumi-choosable type="language" values="python">
    

    Coming soon!```

    Coming soon!```
    </pulumi-choosable>
    </div>
    <div>
    <pulumi-choosable type="language" values="csharp">
    

    Coming soon!```

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.acmpca.CertificateAuthority;
    import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
    import com.pulumi.tls.PrivateKey;
    import com.pulumi.tls.PrivateKeyArgs;
    import com.pulumi.tls.CertRequest;
    import com.pulumi.tls.CertRequestArgs;
    import com.pulumi.tls.inputs.CertRequestSubjectArgs;
    import com.pulumi.aws.acmpca.Certificate;
    import com.pulumi.aws.acmpca.CertificateArgs;
    import com.pulumi.aws.acmpca.inputs.CertificateValidityArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleCertificateAuthority = new CertificateAuthority("exampleCertificateAuthority", CertificateAuthorityArgs.builder()        
                .privateCertificateConfiguration(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
                .permanentDeletionTimeInDays(7)
                .build());
    
            var key = new PrivateKey("key", PrivateKeyArgs.builder()        
                .algorithm("RSA")
                .build());
    
            var csr = new CertRequest("csr", CertRequestArgs.builder()        
                .keyAlgorithm("RSA")
                .privateKeyPem(key.privateKeyPem())
                .subject(CertRequestSubjectArgs.builder()
                    .commonName("example")
                    .build())
                .build());
    
            var example = new Certificate("example", CertificateArgs.builder()        
                .certificateAuthorityArn(exampleCertificateAuthority.arn())
                .certificateSigningRequest(csr.certRequestPem())
                .signingAlgorithm("SHA256WITHRSA")
                .validity(CertificateValidityArgs.builder()
                    .type("YEARS")
                    .value(1)
                    .build())
                .build());
    
        }
    }
    
    resources:
      example:
        type: aws:acmpca:Certificate
        properties:
          certificateAuthorityArn: ${exampleCertificateAuthority.arn}
          certificateSigningRequest: ${csr.certRequestPem}
          signingAlgorithm: SHA256WITHRSA
          validity:
            type: YEARS
            value: 1
      exampleCertificateAuthority:
        type: aws:acmpca:CertificateAuthority
        name: example
        properties:
          privateCertificateConfiguration:
            - keyAlgorithm: RSA_4096
              signingAlgorithm: SHA512WITHRSA
              subject:
                - commonName: example.com
          permanentDeletionTimeInDays: 7
      key:
        type: tls:PrivateKey
        properties:
          algorithm: RSA
      csr:
        type: tls:CertRequest
        properties:
          keyAlgorithm: RSA
          privateKeyPem: ${key.privateKeyPem}
          subject:
            commonName: example
    

    Create Certificate Resource

    new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);
    @overload
    def Certificate(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    api_passthrough: Optional[str] = None,
                    certificate_authority_arn: Optional[str] = None,
                    certificate_signing_request: Optional[str] = None,
                    signing_algorithm: Optional[str] = None,
                    template_arn: Optional[str] = None,
                    validity: Optional[CertificateValidityArgs] = None)
    @overload
    def Certificate(resource_name: str,
                    args: CertificateArgs,
                    opts: Optional[ResourceOptions] = None)
    func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)
    public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)
    public Certificate(String name, CertificateArgs args)
    public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
    
    type: aws:acmpca:Certificate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Certificate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Certificate resource accepts the following input properties:

    CertificateAuthorityArn string
    ARN of the certificate authority.
    CertificateSigningRequest string
    Certificate Signing Request in PEM format.
    SigningAlgorithm string
    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.
    Validity CertificateValidity
    Configures end of the validity period for the certificate. See validity block below.
    ApiPassthrough string
    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
    TemplateArn string
    Template to use when issuing a certificate. See ACM PCA Documentation for more information.
    CertificateAuthorityArn string
    ARN of the certificate authority.
    CertificateSigningRequest string
    Certificate Signing Request in PEM format.
    SigningAlgorithm string
    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.
    Validity CertificateValidityArgs
    Configures end of the validity period for the certificate. See validity block below.
    ApiPassthrough string
    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
    TemplateArn string
    Template to use when issuing a certificate. See ACM PCA Documentation for more information.
    certificateAuthorityArn String
    ARN of the certificate authority.
    certificateSigningRequest String
    Certificate Signing Request in PEM format.
    signingAlgorithm String
    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.
    validity CertificateValidity
    Configures end of the validity period for the certificate. See validity block below.
    apiPassthrough String
    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
    templateArn String
    Template to use when issuing a certificate. See ACM PCA Documentation for more information.
    certificateAuthorityArn string
    ARN of the certificate authority.
    certificateSigningRequest string
    Certificate Signing Request in PEM format.
    signingAlgorithm string
    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.
    validity CertificateValidity
    Configures end of the validity period for the certificate. See validity block below.
    apiPassthrough string
    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
    templateArn string
    Template to use when issuing a certificate. See ACM PCA Documentation for more information.
    certificate_authority_arn str
    ARN of the certificate authority.
    certificate_signing_request str
    Certificate Signing Request in PEM format.
    signing_algorithm str
    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.
    validity CertificateValidityArgs
    Configures end of the validity period for the certificate. See validity block below.
    api_passthrough str
    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
    template_arn str
    Template to use when issuing a certificate. See ACM PCA Documentation for more information.
    certificateAuthorityArn String
    ARN of the certificate authority.
    certificateSigningRequest String
    Certificate Signing Request in PEM format.
    signingAlgorithm String
    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.
    validity Property Map
    Configures end of the validity period for the certificate. See validity block below.
    apiPassthrough String
    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
    templateArn String
    Template to use when issuing a certificate. See ACM PCA Documentation for more information.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

    Arn string
    ARN of the certificate.
    CertificateChain string
    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
    CertificateDetails string
    PEM-encoded certificate value.
    Id string
    The provider-assigned unique ID for this managed resource.
    Arn string
    ARN of the certificate.
    Certificate string
    PEM-encoded certificate value.
    CertificateChain string
    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
    Id string
    The provider-assigned unique ID for this managed resource.
    arn String
    ARN of the certificate.
    certificate String
    PEM-encoded certificate value.
    certificateChain String
    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
    id String
    The provider-assigned unique ID for this managed resource.
    arn string
    ARN of the certificate.
    certificate string
    PEM-encoded certificate value.
    certificateChain string
    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
    id string
    The provider-assigned unique ID for this managed resource.
    arn str
    ARN of the certificate.
    certificate str
    PEM-encoded certificate value.
    certificate_chain str
    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
    id str
    The provider-assigned unique ID for this managed resource.
    arn String
    ARN of the certificate.
    certificate String
    PEM-encoded certificate value.
    certificateChain String
    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Certificate Resource

    Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            api_passthrough: Optional[str] = None,
            arn: Optional[str] = None,
            certificate: Optional[str] = None,
            certificate_authority_arn: Optional[str] = None,
            certificate_chain: Optional[str] = None,
            certificate_signing_request: Optional[str] = None,
            signing_algorithm: Optional[str] = None,
            template_arn: Optional[str] = None,
            validity: Optional[CertificateValidityArgs] = None) -> Certificate
    func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)
    public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)
    public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    ApiPassthrough string
    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
    Arn string
    ARN of the certificate.
    CertificateAuthorityArn string
    ARN of the certificate authority.
    CertificateChain string
    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
    CertificateDetails string
    PEM-encoded certificate value.
    CertificateSigningRequest string
    Certificate Signing Request in PEM format.
    SigningAlgorithm string
    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.
    TemplateArn string
    Template to use when issuing a certificate. See ACM PCA Documentation for more information.
    Validity CertificateValidity
    Configures end of the validity period for the certificate. See validity block below.
    ApiPassthrough string
    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
    Arn string
    ARN of the certificate.
    Certificate string
    PEM-encoded certificate value.
    CertificateAuthorityArn string
    ARN of the certificate authority.
    CertificateChain string
    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
    CertificateSigningRequest string
    Certificate Signing Request in PEM format.
    SigningAlgorithm string
    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.
    TemplateArn string
    Template to use when issuing a certificate. See ACM PCA Documentation for more information.
    Validity CertificateValidityArgs
    Configures end of the validity period for the certificate. See validity block below.
    apiPassthrough String
    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
    arn String
    ARN of the certificate.
    certificate String
    PEM-encoded certificate value.
    certificateAuthorityArn String
    ARN of the certificate authority.
    certificateChain String
    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
    certificateSigningRequest String
    Certificate Signing Request in PEM format.
    signingAlgorithm String
    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.
    templateArn String
    Template to use when issuing a certificate. See ACM PCA Documentation for more information.
    validity CertificateValidity
    Configures end of the validity period for the certificate. See validity block below.
    apiPassthrough string
    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
    arn string
    ARN of the certificate.
    certificate string
    PEM-encoded certificate value.
    certificateAuthorityArn string
    ARN of the certificate authority.
    certificateChain string
    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
    certificateSigningRequest string
    Certificate Signing Request in PEM format.
    signingAlgorithm string
    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.
    templateArn string
    Template to use when issuing a certificate. See ACM PCA Documentation for more information.
    validity CertificateValidity
    Configures end of the validity period for the certificate. See validity block below.
    api_passthrough str
    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
    arn str
    ARN of the certificate.
    certificate str
    PEM-encoded certificate value.
    certificate_authority_arn str
    ARN of the certificate authority.
    certificate_chain str
    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
    certificate_signing_request str
    Certificate Signing Request in PEM format.
    signing_algorithm str
    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.
    template_arn str
    Template to use when issuing a certificate. See ACM PCA Documentation for more information.
    validity CertificateValidityArgs
    Configures end of the validity period for the certificate. See validity block below.
    apiPassthrough String
    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
    arn String
    ARN of the certificate.
    certificate String
    PEM-encoded certificate value.
    certificateAuthorityArn String
    ARN of the certificate authority.
    certificateChain String
    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
    certificateSigningRequest String
    Certificate Signing Request in PEM format.
    signingAlgorithm String
    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.
    templateArn String
    Template to use when issuing a certificate. See ACM PCA Documentation for more information.
    validity Property Map
    Configures end of the validity period for the certificate. See validity block below.

    Supporting Types

    CertificateValidity, CertificateValidityArgs

    Type string
    Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.
    Value string
    If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.
    Type string
    Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.
    Value string
    If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.
    type String
    Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.
    value String
    If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.
    type string
    Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.
    value string
    If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.
    type str
    Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.
    value str
    If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.
    type String
    Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.
    value String
    If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.

    Import

    Using pulumi import, import ACM PCA Certificates using their ARN. For example:

    $ pulumi import aws:acmpca/certificate:Certificate cert arn:aws:acm-pca:eu-west-1:675225743824:certificate-authority/08319ede-83g9-1400-8f21-c7d12b2b6edb/certificate/a4e9c2aa4bcfab625g1b9136464cd3a
    

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi