ServerCertificate

Provides an IAM Server Certificate resource to upload Server Certificates. Certs uploaded to IAM can easily work with other AWS services such as:

  • AWS Elastic Beanstalk
  • Elastic Load Balancing
  • CloudFront
  • AWS OpsWorks

For information about server certificates in IAM, see [Managing Server Certificates][2] in AWS Documentation.

Example Usage

using System.IO;
using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var testCert = new Aws.Iam.ServerCertificate("testCert", new Aws.Iam.ServerCertificateArgs
        {
            CertificateBody = File.ReadAllText("self-ca-cert.pem"),
            PrivateKey = File.ReadAllText("test-key.pem"),
        });
    }

}
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewServerCertificate(ctx, "testCertAlt", &iam.ServerCertificateArgs{
			CertificateBody: pulumi.String(fmt.Sprintf("%v%v%v%v", "-----BEGIN CERTIFICATE-----\n", "[......] # cert contents\n", "-----END CERTIFICATE-----\n", "\n")),
			PrivateKey:      pulumi.String(fmt.Sprintf("%v%v%v%v", "-----BEGIN RSA PRIVATE KEY-----\n", "[......] # cert contents\n", "-----END RSA PRIVATE KEY-----\n", "\n")),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

test_cert = aws.iam.ServerCertificate("testCert",
    certificate_body=(lambda path: open(path).read())("self-ca-cert.pem"),
    private_key=(lambda path: open(path).read())("test-key.pem"))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * from "fs";

const testCert = new aws.iam.ServerCertificate("testCert", {
    certificateBody: fs.readFileSync("self-ca-cert.pem"),
    privateKey: fs.readFileSync("test-key.pem"),
});

Create a ServerCertificate Resource

new ServerCertificate(name: string, args: ServerCertificateArgs, opts?: CustomResourceOptions);
@overload
def ServerCertificate(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      certificate_body: Optional[str] = None,
                      certificate_chain: Optional[str] = None,
                      name: Optional[str] = None,
                      name_prefix: Optional[str] = None,
                      path: Optional[str] = None,
                      private_key: Optional[str] = None,
                      tags: Optional[Mapping[str, str]] = None,
                      tags_all: Optional[Mapping[str, str]] = None)
@overload
def ServerCertificate(resource_name: str,
                      args: ServerCertificateArgs,
                      opts: Optional[ResourceOptions] = None)
func NewServerCertificate(ctx *Context, name string, args ServerCertificateArgs, opts ...ResourceOption) (*ServerCertificate, error)
public ServerCertificate(string name, ServerCertificateArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ServerCertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args ServerCertificateArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ServerCertificateArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ServerCertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

ServerCertificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The ServerCertificate resource accepts the following input properties:

CertificateBody string
The contents of the public key certificate in PEM-encoded format.
PrivateKey string
The contents of the private key in PEM-encoded format.
CertificateChain string
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
Name string
The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.
NamePrefix string
Creates a unique name beginning with the specified prefix. Conflicts with name.
Path string
The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
Tags Dictionary<string, string>
Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
CertificateBody string
The contents of the public key certificate in PEM-encoded format.
PrivateKey string
The contents of the private key in PEM-encoded format.
CertificateChain string
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
Name string
The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.
NamePrefix string
Creates a unique name beginning with the specified prefix. Conflicts with name.
Path string
The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
Tags map[string]string
Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
certificateBody string
The contents of the public key certificate in PEM-encoded format.
privateKey string
The contents of the private key in PEM-encoded format.
certificateChain string
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
name string
The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.
namePrefix string
Creates a unique name beginning with the specified prefix. Conflicts with name.
path string
The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
tags {[key: string]: string}
Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
certificate_body str
The contents of the public key certificate in PEM-encoded format.
private_key str
The contents of the private key in PEM-encoded format.
certificate_chain str
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
name str
The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.
name_prefix str
Creates a unique name beginning with the specified prefix. Conflicts with name.
path str
The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
tags Mapping[str, str]
Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .

Outputs

All input properties are implicitly available as output properties. Additionally, the ServerCertificate resource produces the following output properties:

Arn string
The Amazon Resource Name (ARN) specifying the server certificate.
Expiration string
Date and time in RFC3339 format on which the certificate is set to expire.
Id string
The provider-assigned unique ID for this managed resource.
UploadDate string
Date and time in RFC3339 format when the server certificate was uploaded.
Arn string
The Amazon Resource Name (ARN) specifying the server certificate.
Expiration string
Date and time in RFC3339 format on which the certificate is set to expire.
Id string
The provider-assigned unique ID for this managed resource.
UploadDate string
Date and time in RFC3339 format when the server certificate was uploaded.
arn string
The Amazon Resource Name (ARN) specifying the server certificate.
expiration string
Date and time in RFC3339 format on which the certificate is set to expire.
id string
The provider-assigned unique ID for this managed resource.
uploadDate string
Date and time in RFC3339 format when the server certificate was uploaded.
arn str
The Amazon Resource Name (ARN) specifying the server certificate.
expiration str
Date and time in RFC3339 format on which the certificate is set to expire.
id str
The provider-assigned unique ID for this managed resource.
upload_date str
Date and time in RFC3339 format when the server certificate was uploaded.

Look up an Existing ServerCertificate Resource

Get an existing ServerCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ServerCertificateState, opts?: CustomResourceOptions): ServerCertificate
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        certificate_body: Optional[str] = None,
        certificate_chain: Optional[str] = None,
        expiration: Optional[str] = None,
        name: Optional[str] = None,
        name_prefix: Optional[str] = None,
        path: Optional[str] = None,
        private_key: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        upload_date: Optional[str] = None) -> ServerCertificate
func GetServerCertificate(ctx *Context, name string, id IDInput, state *ServerCertificateState, opts ...ResourceOption) (*ServerCertificate, error)
public static ServerCertificate Get(string name, Input<string> id, ServerCertificateState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string
The Amazon Resource Name (ARN) specifying the server certificate.
CertificateBody string
The contents of the public key certificate in PEM-encoded format.
CertificateChain string
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
Expiration string
Date and time in RFC3339 format on which the certificate is set to expire.
Name string
The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.
NamePrefix string
Creates a unique name beginning with the specified prefix. Conflicts with name.
Path string
The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
PrivateKey string
The contents of the private key in PEM-encoded format.
Tags Dictionary<string, string>
Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider .
UploadDate string
Date and time in RFC3339 format when the server certificate was uploaded.
Arn string
The Amazon Resource Name (ARN) specifying the server certificate.
CertificateBody string
The contents of the public key certificate in PEM-encoded format.
CertificateChain string
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
Expiration string
Date and time in RFC3339 format on which the certificate is set to expire.
Name string
The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.
NamePrefix string
Creates a unique name beginning with the specified prefix. Conflicts with name.
Path string
The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
PrivateKey string
The contents of the private key in PEM-encoded format.
Tags map[string]string
Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string
A map of tags assigned to the resource, including those inherited from the provider .
UploadDate string
Date and time in RFC3339 format when the server certificate was uploaded.
arn string
The Amazon Resource Name (ARN) specifying the server certificate.
certificateBody string
The contents of the public key certificate in PEM-encoded format.
certificateChain string
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
expiration string
Date and time in RFC3339 format on which the certificate is set to expire.
name string
The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.
namePrefix string
Creates a unique name beginning with the specified prefix. Conflicts with name.
path string
The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
privateKey string
The contents of the private key in PEM-encoded format.
tags {[key: string]: string}
Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider .
uploadDate string
Date and time in RFC3339 format when the server certificate was uploaded.
arn str
The Amazon Resource Name (ARN) specifying the server certificate.
certificate_body str
The contents of the public key certificate in PEM-encoded format.
certificate_chain str
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
expiration str
Date and time in RFC3339 format on which the certificate is set to expire.
name str
The name of the Server Certificate. Do not include the path in this value. If omitted, this provider will assign a random, unique name.
name_prefix str
Creates a unique name beginning with the specified prefix. Conflicts with name.
path str
The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
private_key str
The contents of the private key in PEM-encoded format.
tags Mapping[str, str]
Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider .
upload_date str
Date and time in RFC3339 format when the server certificate was uploaded.

Import

IAM Server Certificates can be imported using the name, e.g.

 $ pulumi import aws:iam/serverCertificate:ServerCertificate certificate example.com-certificate-until-2018

[1]https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html [2]https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingServerCerts.html [lifecycle]/docs/configuration/resources.html

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.