Docs
PackagesTry AWS Native preview for resources not in the classic version.
AWS Classic v6.32.0 published on Friday, Apr 19, 2024 by Pulumi
aws.iot.CaCertificate
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
AWS Classic v6.32.0 published on Friday, Apr 19, 2024 by Pulumi
Creates and manages an AWS IoT CA Certificate.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as tls from "@pulumi/tls";
const caPrivateKey = new tls.PrivateKey("ca", {algorithm: "RSA"});
const ca = new tls.SelfSignedCert("ca", {
privateKeyPem: caPrivateKey.privateKeyPem,
subject: {
commonName: "example.com",
organization: "ACME Examples, Inc",
},
validityPeriodHours: 12,
allowedUses: [
"key_encipherment",
"digital_signature",
"server_auth",
],
isCaCertificate: true,
});
const verificationPrivateKey = new tls.PrivateKey("verification", {algorithm: "RSA"});
const example = aws.iot.getRegistrationCode({});
const verification = new tls.CertRequest("verification", {
privateKeyPem: verificationPrivateKey.privateKeyPem,
subject: {
commonName: example.then(example => example.registrationCode),
},
});
const verificationLocallySignedCert = new tls.LocallySignedCert("verification", {
certRequestPem: verification.certRequestPem,
caPrivateKeyPem: caPrivateKey.privateKeyPem,
caCertPem: ca.certPem,
validityPeriodHours: 12,
allowedUses: [
"key_encipherment",
"digital_signature",
"server_auth",
],
});
const exampleCaCertificate = new aws.iot.CaCertificate("example", {
active: true,
caCertificatePem: ca.certPem,
verificationCertificatePem: verificationLocallySignedCert.certPem,
allowAutoRegistration: true,
});
import pulumi
import pulumi_aws as aws
import pulumi_tls as tls
ca_private_key = tls.PrivateKey("ca", algorithm="RSA")
ca = tls.SelfSignedCert("ca",
private_key_pem=ca_private_key.private_key_pem,
subject=tls.SelfSignedCertSubjectArgs(
common_name="example.com",
organization="ACME Examples, Inc",
),
validity_period_hours=12,
allowed_uses=[
"key_encipherment",
"digital_signature",
"server_auth",
],
is_ca_certificate=True)
verification_private_key = tls.PrivateKey("verification", algorithm="RSA")
example = aws.iot.get_registration_code()
verification = tls.CertRequest("verification",
private_key_pem=verification_private_key.private_key_pem,
subject=tls.CertRequestSubjectArgs(
common_name=example.registration_code,
))
verification_locally_signed_cert = tls.LocallySignedCert("verification",
cert_request_pem=verification.cert_request_pem,
ca_private_key_pem=ca_private_key.private_key_pem,
ca_cert_pem=ca.cert_pem,
validity_period_hours=12,
allowed_uses=[
"key_encipherment",
"digital_signature",
"server_auth",
])
example_ca_certificate = aws.iot.CaCertificate("example",
active=True,
ca_certificate_pem=ca.cert_pem,
verification_certificate_pem=verification_locally_signed_cert.cert_pem,
allow_auto_registration=True)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot"
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
caPrivateKey, err := tls.NewPrivateKey(ctx, "ca", &tls.PrivateKeyArgs{
Algorithm: pulumi.String("RSA"),
})
if err != nil {
return err
}
ca, err := tls.NewSelfSignedCert(ctx, "ca", &tls.SelfSignedCertArgs{
PrivateKeyPem: caPrivateKey.PrivateKeyPem,
Subject: &tls.SelfSignedCertSubjectArgs{
CommonName: pulumi.String("example.com"),
Organization: pulumi.String("ACME Examples, Inc"),
},
ValidityPeriodHours: pulumi.Int(12),
AllowedUses: pulumi.StringArray{
pulumi.String("key_encipherment"),
pulumi.String("digital_signature"),
pulumi.String("server_auth"),
},
IsCaCertificate: pulumi.Bool(true),
})
if err != nil {
return err
}
verificationPrivateKey, err := tls.NewPrivateKey(ctx, "verification", &tls.PrivateKeyArgs{
Algorithm: pulumi.String("RSA"),
})
if err != nil {
return err
}
example, err := iot.GetRegistrationCode(ctx, nil, nil)
if err != nil {
return err
}
verification, err := tls.NewCertRequest(ctx, "verification", &tls.CertRequestArgs{
PrivateKeyPem: verificationPrivateKey.PrivateKeyPem,
Subject: &tls.CertRequestSubjectArgs{
CommonName: pulumi.String(example.RegistrationCode),
},
})
if err != nil {
return err
}
verificationLocallySignedCert, err := tls.NewLocallySignedCert(ctx, "verification", &tls.LocallySignedCertArgs{
CertRequestPem: verification.CertRequestPem,
CaPrivateKeyPem: caPrivateKey.PrivateKeyPem,
CaCertPem: ca.CertPem,
ValidityPeriodHours: pulumi.Int(12),
AllowedUses: pulumi.StringArray{
pulumi.String("key_encipherment"),
pulumi.String("digital_signature"),
pulumi.String("server_auth"),
},
})
if err != nil {
return err
}
_, err = iot.NewCaCertificate(ctx, "example", &iot.CaCertificateArgs{
Active: pulumi.Bool(true),
CaCertificatePem: ca.CertPem,
VerificationCertificatePem: verificationLocallySignedCert.CertPem,
AllowAutoRegistration: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Tls = Pulumi.Tls;
return await Deployment.RunAsync(() =>
{
var caPrivateKey = new Tls.PrivateKey("ca", new()
{
Algorithm = "RSA",
});
var ca = new Tls.SelfSignedCert("ca", new()
{
PrivateKeyPem = caPrivateKey.PrivateKeyPem,
Subject = new Tls.Inputs.SelfSignedCertSubjectArgs
{
CommonName = "example.com",
Organization = "ACME Examples, Inc",
},
ValidityPeriodHours = 12,
AllowedUses = new[]
{
"key_encipherment",
"digital_signature",
"server_auth",
},
IsCaCertificate = true,
});
var verificationPrivateKey = new Tls.PrivateKey("verification", new()
{
Algorithm = "RSA",
});
var example = Aws.Iot.GetRegistrationCode.Invoke();
var verification = new Tls.CertRequest("verification", new()
{
PrivateKeyPem = verificationPrivateKey.PrivateKeyPem,
Subject = new Tls.Inputs.CertRequestSubjectArgs
{
CommonName = example.Apply(getRegistrationCodeResult => getRegistrationCodeResult.RegistrationCode),
},
});
var verificationLocallySignedCert = new Tls.LocallySignedCert("verification", new()
{
CertRequestPem = verification.CertRequestPem,
CaPrivateKeyPem = caPrivateKey.PrivateKeyPem,
CaCertPem = ca.CertPem,
ValidityPeriodHours = 12,
AllowedUses = new[]
{
"key_encipherment",
"digital_signature",
"server_auth",
},
});
var exampleCaCertificate = new Aws.Iot.CaCertificate("example", new()
{
Active = true,
CaCertificatePem = ca.CertPem,
VerificationCertificatePem = verificationLocallySignedCert.CertPem,
AllowAutoRegistration = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tls.PrivateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.SelfSignedCert;
import com.pulumi.tls.SelfSignedCertArgs;
import com.pulumi.tls.inputs.SelfSignedCertSubjectArgs;
import com.pulumi.aws.iot.IotFunctions;
import com.pulumi.tls.CertRequest;
import com.pulumi.tls.CertRequestArgs;
import com.pulumi.tls.inputs.CertRequestSubjectArgs;
import com.pulumi.tls.LocallySignedCert;
import com.pulumi.tls.LocallySignedCertArgs;
import com.pulumi.aws.iot.CaCertificate;
import com.pulumi.aws.iot.CaCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var caPrivateKey = new PrivateKey("caPrivateKey", PrivateKeyArgs.builder()
.algorithm("RSA")
.build());
var ca = new SelfSignedCert("ca", SelfSignedCertArgs.builder()
.privateKeyPem(caPrivateKey.privateKeyPem())
.subject(SelfSignedCertSubjectArgs.builder()
.commonName("example.com")
.organization("ACME Examples, Inc")
.build())
.validityPeriodHours(12)
.allowedUses(
"key_encipherment",
"digital_signature",
"server_auth")
.isCaCertificate(true)
.build());
var verificationPrivateKey = new PrivateKey("verificationPrivateKey", PrivateKeyArgs.builder()
.algorithm("RSA")
.build());
final var example = IotFunctions.getRegistrationCode();
var verification = new CertRequest("verification", CertRequestArgs.builder()
.privateKeyPem(verificationPrivateKey.privateKeyPem())
.subject(CertRequestSubjectArgs.builder()
.commonName(example.applyValue(getRegistrationCodeResult -> getRegistrationCodeResult.registrationCode()))
.build())
.build());
var verificationLocallySignedCert = new LocallySignedCert("verificationLocallySignedCert", LocallySignedCertArgs.builder()
.certRequestPem(verification.certRequestPem())
.caPrivateKeyPem(caPrivateKey.privateKeyPem())
.caCertPem(ca.certPem())
.validityPeriodHours(12)
.allowedUses(
"key_encipherment",
"digital_signature",
"server_auth")
.build());
var exampleCaCertificate = new CaCertificate("exampleCaCertificate", CaCertificateArgs.builder()
.active(true)
.caCertificatePem(ca.certPem())
.verificationCertificatePem(verificationLocallySignedCert.certPem())
.allowAutoRegistration(true)
.build());
}
}
resources:
ca:
type: tls:SelfSignedCert
properties:
privateKeyPem: ${caPrivateKey.privateKeyPem}
subject:
commonName: example.com
organization: ACME Examples, Inc
validityPeriodHours: 12
allowedUses:
- key_encipherment
- digital_signature
- server_auth
isCaCertificate: true
caPrivateKey:
type: tls:PrivateKey
name: ca
properties:
algorithm: RSA
verification:
type: tls:CertRequest
properties:
privateKeyPem: ${verificationPrivateKey.privateKeyPem}
subject:
commonName: ${example.registrationCode}
verificationPrivateKey:
type: tls:PrivateKey
name: verification
properties:
algorithm: RSA
verificationLocallySignedCert:
type: tls:LocallySignedCert
name: verification
properties:
certRequestPem: ${verification.certRequestPem}
caPrivateKeyPem: ${caPrivateKey.privateKeyPem}
caCertPem: ${ca.certPem}
validityPeriodHours: 12
allowedUses:
- key_encipherment
- digital_signature
- server_auth
exampleCaCertificate:
type: aws:iot:CaCertificate
name: example
properties:
active: true
caCertificatePem: ${ca.certPem}
verificationCertificatePem: ${verificationLocallySignedCert.certPem}
allowAutoRegistration: true
variables:
example:
fn::invoke:
Function: aws:iot:getRegistrationCode
Arguments: {}
Create CaCertificate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new CaCertificate(name: string, args: CaCertificateArgs, opts?: CustomResourceOptions);@overload
def CaCertificate(resource_name: str,
args: CaCertificateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def CaCertificate(resource_name: str,
opts: Optional[ResourceOptions] = None,
active: Optional[bool] = None,
allow_auto_registration: Optional[bool] = None,
ca_certificate_pem: Optional[str] = None,
certificate_mode: Optional[str] = None,
registration_config: Optional[CaCertificateRegistrationConfigArgs] = None,
tags: Optional[Mapping[str, str]] = None,
verification_certificate_pem: Optional[str] = None)func NewCaCertificate(ctx *Context, name string, args CaCertificateArgs, opts ...ResourceOption) (*CaCertificate, error)public CaCertificate(string name, CaCertificateArgs args, CustomResourceOptions? opts = null)
public CaCertificate(String name, CaCertificateArgs args)
public CaCertificate(String name, CaCertificateArgs args, CustomResourceOptions options)
type: aws:iot:CaCertificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CaCertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CaCertificateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CaCertificateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CaCertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CaCertificateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var caCertificateResource = new Aws.Iot.CaCertificate("caCertificateResource", new()
{
Active = false,
AllowAutoRegistration = false,
CaCertificatePem = "string",
CertificateMode = "string",
RegistrationConfig = new Aws.Iot.Inputs.CaCertificateRegistrationConfigArgs
{
RoleArn = "string",
TemplateBody = "string",
TemplateName = "string",
},
Tags =
{
{ "string", "string" },
},
VerificationCertificatePem = "string",
});
example, err := iot.NewCaCertificate(ctx, "caCertificateResource", &iot.CaCertificateArgs{
Active: pulumi.Bool(false),
AllowAutoRegistration: pulumi.Bool(false),
CaCertificatePem: pulumi.String("string"),
CertificateMode: pulumi.String("string"),
RegistrationConfig: &iot.CaCertificateRegistrationConfigArgs{
RoleArn: pulumi.String("string"),
TemplateBody: pulumi.String("string"),
TemplateName: pulumi.String("string"),
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
VerificationCertificatePem: pulumi.String("string"),
})
var caCertificateResource = new CaCertificate("caCertificateResource", CaCertificateArgs.builder()
.active(false)
.allowAutoRegistration(false)
.caCertificatePem("string")
.certificateMode("string")
.registrationConfig(CaCertificateRegistrationConfigArgs.builder()
.roleArn("string")
.templateBody("string")
.templateName("string")
.build())
.tags(Map.of("string", "string"))
.verificationCertificatePem("string")
.build());
ca_certificate_resource = aws.iot.CaCertificate("caCertificateResource",
active=False,
allow_auto_registration=False,
ca_certificate_pem="string",
certificate_mode="string",
registration_config=aws.iot.CaCertificateRegistrationConfigArgs(
role_arn="string",
template_body="string",
template_name="string",
),
tags={
"string": "string",
},
verification_certificate_pem="string")
const caCertificateResource = new aws.iot.CaCertificate("caCertificateResource", {
active: false,
allowAutoRegistration: false,
caCertificatePem: "string",
certificateMode: "string",
registrationConfig: {
roleArn: "string",
templateBody: "string",
templateName: "string",
},
tags: {
string: "string",
},
verificationCertificatePem: "string",
});
type: aws:iot:CaCertificate
properties:
active: false
allowAutoRegistration: false
caCertificatePem: string
certificateMode: string
registrationConfig:
roleArn: string
templateBody: string
templateName: string
tags:
string: string
verificationCertificatePem: string
CaCertificate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CaCertificate resource accepts the following input properties:
- Active bool
- Boolean flag to indicate if the certificate should be active for device authentication.
- Allow
Auto boolRegistration - Boolean flag to indicate if the certificate should be active for device regisration.
- Ca
Certificate stringPem - PEM encoded CA certificate.
- Certificate
Mode string - The certificate mode in which the CA will be registered. Valida values:
DEFAULTandSNI_ONLY. Default:DEFAULT. - Registration
Config CaCertificate Registration Config - Information about the registration configuration. See below.
- Dictionary<string, string>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Verification
Certificate stringPem - PEM encoded verification certificate containing the common name of a registration code. Review
CreateVerificationCSR. Reuired if
certificate_modeisDEFAULT.
- Active bool
- Boolean flag to indicate if the certificate should be active for device authentication.
- Allow
Auto boolRegistration - Boolean flag to indicate if the certificate should be active for device regisration.
- Ca
Certificate stringPem - PEM encoded CA certificate.
- Certificate
Mode string - The certificate mode in which the CA will be registered. Valida values:
DEFAULTandSNI_ONLY. Default:DEFAULT. - Registration
Config CaCertificate Registration Config Args - Information about the registration configuration. See below.
- map[string]string
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Verification
Certificate stringPem - PEM encoded verification certificate containing the common name of a registration code. Review
CreateVerificationCSR. Reuired if
certificate_modeisDEFAULT.
- active Boolean
- Boolean flag to indicate if the certificate should be active for device authentication.
- allow
Auto BooleanRegistration - Boolean flag to indicate if the certificate should be active for device regisration.
- ca
Certificate StringPem - PEM encoded CA certificate.
- certificate
Mode String - The certificate mode in which the CA will be registered. Valida values:
DEFAULTandSNI_ONLY. Default:DEFAULT. - registration
Config CaCertificate Registration Config - Information about the registration configuration. See below.
- Map<String,String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - verification
Certificate StringPem - PEM encoded verification certificate containing the common name of a registration code. Review
CreateVerificationCSR. Reuired if
certificate_modeisDEFAULT.
- active boolean
- Boolean flag to indicate if the certificate should be active for device authentication.
- allow
Auto booleanRegistration - Boolean flag to indicate if the certificate should be active for device regisration.
- ca
Certificate stringPem - PEM encoded CA certificate.
- certificate
Mode string - The certificate mode in which the CA will be registered. Valida values:
DEFAULTandSNI_ONLY. Default:DEFAULT. - registration
Config CaCertificate Registration Config - Information about the registration configuration. See below.
- {[key: string]: string}
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - verification
Certificate stringPem - PEM encoded verification certificate containing the common name of a registration code. Review
CreateVerificationCSR. Reuired if
certificate_modeisDEFAULT.
- active bool
- Boolean flag to indicate if the certificate should be active for device authentication.
- allow_
auto_ boolregistration - Boolean flag to indicate if the certificate should be active for device regisration.
- ca_
certificate_ strpem - PEM encoded CA certificate.
- certificate_
mode str - The certificate mode in which the CA will be registered. Valida values:
DEFAULTandSNI_ONLY. Default:DEFAULT. - registration_
config CaCertificate Registration Config Args - Information about the registration configuration. See below.
- Mapping[str, str]
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - verification_
certificate_ strpem - PEM encoded verification certificate containing the common name of a registration code. Review
CreateVerificationCSR. Reuired if
certificate_modeisDEFAULT.
- active Boolean
- Boolean flag to indicate if the certificate should be active for device authentication.
- allow
Auto BooleanRegistration - Boolean flag to indicate if the certificate should be active for device regisration.
- ca
Certificate StringPem - PEM encoded CA certificate.
- certificate
Mode String - The certificate mode in which the CA will be registered. Valida values:
DEFAULTandSNI_ONLY. Default:DEFAULT. - registration
Config Property Map - Information about the registration configuration. See below.
- Map<String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - verification
Certificate StringPem - PEM encoded verification certificate containing the common name of a registration code. Review
CreateVerificationCSR. Reuired if
certificate_modeisDEFAULT.
Outputs
All input properties are implicitly available as output properties. Additionally, the CaCertificate resource produces the following output properties:
- Arn string
- The ARN of the created CA certificate.
- Customer
Version int - The customer version of the CA certificate.
- Generation
Id string - The generation ID of the CA certificate.
- Id string
- The provider-assigned unique ID for this managed resource.
- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Validities
List<Ca
Certificate Validity> - When the CA certificate is valid.
- Arn string
- The ARN of the created CA certificate.
- Customer
Version int - The customer version of the CA certificate.
- Generation
Id string - The generation ID of the CA certificate.
- Id string
- The provider-assigned unique ID for this managed resource.
- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Validities
[]Ca
Certificate Validity - When the CA certificate is valid.
- arn String
- The ARN of the created CA certificate.
- customer
Version Integer - The customer version of the CA certificate.
- generation
Id String - The generation ID of the CA certificate.
- id String
- The provider-assigned unique ID for this managed resource.
- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - validities
List<Ca
Certificate Validity> - When the CA certificate is valid.
- arn string
- The ARN of the created CA certificate.
- customer
Version number - The customer version of the CA certificate.
- generation
Id string - The generation ID of the CA certificate.
- id string
- The provider-assigned unique ID for this managed resource.
- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - validities
Ca
Certificate Validity[] - When the CA certificate is valid.
- arn str
- The ARN of the created CA certificate.
- customer_
version int - The customer version of the CA certificate.
- generation_
id str - The generation ID of the CA certificate.
- id str
- The provider-assigned unique ID for this managed resource.
- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - validities
Sequence[Ca
Certificate Validity] - When the CA certificate is valid.
- arn String
- The ARN of the created CA certificate.
- customer
Version Number - The customer version of the CA certificate.
- generation
Id String - The generation ID of the CA certificate.
- id String
- The provider-assigned unique ID for this managed resource.
- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - validities List<Property Map>
- When the CA certificate is valid.
Look up Existing CaCertificate Resource
Get an existing CaCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CaCertificateState, opts?: CustomResourceOptions): CaCertificate@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
active: Optional[bool] = None,
allow_auto_registration: Optional[bool] = None,
arn: Optional[str] = None,
ca_certificate_pem: Optional[str] = None,
certificate_mode: Optional[str] = None,
customer_version: Optional[int] = None,
generation_id: Optional[str] = None,
registration_config: Optional[CaCertificateRegistrationConfigArgs] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
validities: Optional[Sequence[CaCertificateValidityArgs]] = None,
verification_certificate_pem: Optional[str] = None) -> CaCertificatefunc GetCaCertificate(ctx *Context, name string, id IDInput, state *CaCertificateState, opts ...ResourceOption) (*CaCertificate, error)public static CaCertificate Get(string name, Input<string> id, CaCertificateState? state, CustomResourceOptions? opts = null)public static CaCertificate get(String name, Output<String> id, CaCertificateState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Active bool
- Boolean flag to indicate if the certificate should be active for device authentication.
- Allow
Auto boolRegistration - Boolean flag to indicate if the certificate should be active for device regisration.
- Arn string
- The ARN of the created CA certificate.
- Ca
Certificate stringPem - PEM encoded CA certificate.
- Certificate
Mode string - The certificate mode in which the CA will be registered. Valida values:
DEFAULTandSNI_ONLY. Default:DEFAULT. - Customer
Version int - The customer version of the CA certificate.
- Generation
Id string - The generation ID of the CA certificate.
- Registration
Config CaCertificate Registration Config - Information about the registration configuration. See below.
- Dictionary<string, string>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Validities
List<Ca
Certificate Validity> - When the CA certificate is valid.
- Verification
Certificate stringPem - PEM encoded verification certificate containing the common name of a registration code. Review
CreateVerificationCSR. Reuired if
certificate_modeisDEFAULT.
- Active bool
- Boolean flag to indicate if the certificate should be active for device authentication.
- Allow
Auto boolRegistration - Boolean flag to indicate if the certificate should be active for device regisration.
- Arn string
- The ARN of the created CA certificate.
- Ca
Certificate stringPem - PEM encoded CA certificate.
- Certificate
Mode string - The certificate mode in which the CA will be registered. Valida values:
DEFAULTandSNI_ONLY. Default:DEFAULT. - Customer
Version int - The customer version of the CA certificate.
- Generation
Id string - The generation ID of the CA certificate.
- Registration
Config CaCertificate Registration Config Args - Information about the registration configuration. See below.
- map[string]string
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Validities
[]Ca
Certificate Validity Args - When the CA certificate is valid.
- Verification
Certificate stringPem - PEM encoded verification certificate containing the common name of a registration code. Review
CreateVerificationCSR. Reuired if
certificate_modeisDEFAULT.
- active Boolean
- Boolean flag to indicate if the certificate should be active for device authentication.
- allow
Auto BooleanRegistration - Boolean flag to indicate if the certificate should be active for device regisration.
- arn String
- The ARN of the created CA certificate.
- ca
Certificate StringPem - PEM encoded CA certificate.
- certificate
Mode String - The certificate mode in which the CA will be registered. Valida values:
DEFAULTandSNI_ONLY. Default:DEFAULT. - customer
Version Integer - The customer version of the CA certificate.
- generation
Id String - The generation ID of the CA certificate.
- registration
Config CaCertificate Registration Config - Information about the registration configuration. See below.
- Map<String,String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - validities
List<Ca
Certificate Validity> - When the CA certificate is valid.
- verification
Certificate StringPem - PEM encoded verification certificate containing the common name of a registration code. Review
CreateVerificationCSR. Reuired if
certificate_modeisDEFAULT.
- active boolean
- Boolean flag to indicate if the certificate should be active for device authentication.
- allow
Auto booleanRegistration - Boolean flag to indicate if the certificate should be active for device regisration.
- arn string
- The ARN of the created CA certificate.
- ca
Certificate stringPem - PEM encoded CA certificate.
- certificate
Mode string - The certificate mode in which the CA will be registered. Valida values:
DEFAULTandSNI_ONLY. Default:DEFAULT. - customer
Version number - The customer version of the CA certificate.
- generation
Id string - The generation ID of the CA certificate.
- registration
Config CaCertificate Registration Config - Information about the registration configuration. See below.
- {[key: string]: string}
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - validities
Ca
Certificate Validity[] - When the CA certificate is valid.
- verification
Certificate stringPem - PEM encoded verification certificate containing the common name of a registration code. Review
CreateVerificationCSR. Reuired if
certificate_modeisDEFAULT.
- active bool
- Boolean flag to indicate if the certificate should be active for device authentication.
- allow_
auto_ boolregistration - Boolean flag to indicate if the certificate should be active for device regisration.
- arn str
- The ARN of the created CA certificate.
- ca_
certificate_ strpem - PEM encoded CA certificate.
- certificate_
mode str - The certificate mode in which the CA will be registered. Valida values:
DEFAULTandSNI_ONLY. Default:DEFAULT. - customer_
version int - The customer version of the CA certificate.
- generation_
id str - The generation ID of the CA certificate.
- registration_
config CaCertificate Registration Config Args - Information about the registration configuration. See below.
- Mapping[str, str]
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - validities
Sequence[Ca
Certificate Validity Args] - When the CA certificate is valid.
- verification_
certificate_ strpem - PEM encoded verification certificate containing the common name of a registration code. Review
CreateVerificationCSR. Reuired if
certificate_modeisDEFAULT.
- active Boolean
- Boolean flag to indicate if the certificate should be active for device authentication.
- allow
Auto BooleanRegistration - Boolean flag to indicate if the certificate should be active for device regisration.
- arn String
- The ARN of the created CA certificate.
- ca
Certificate StringPem - PEM encoded CA certificate.
- certificate
Mode String - The certificate mode in which the CA will be registered. Valida values:
DEFAULTandSNI_ONLY. Default:DEFAULT. - customer
Version Number - The customer version of the CA certificate.
- generation
Id String - The generation ID of the CA certificate.
- registration
Config Property Map - Information about the registration configuration. See below.
- Map<String>
- A map of tags to assign to the resource. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - validities List<Property Map>
- When the CA certificate is valid.
- verification
Certificate StringPem - PEM encoded verification certificate containing the common name of a registration code. Review
CreateVerificationCSR. Reuired if
certificate_modeisDEFAULT.
Supporting Types
CaCertificateRegistrationConfig, CaCertificateRegistrationConfigArgs
- Role
Arn string - The ARN of the role.
- Template
Body string - The template body.
- Template
Name string - The name of the provisioning template.
- Role
Arn string - The ARN of the role.
- Template
Body string - The template body.
- Template
Name string - The name of the provisioning template.
- role
Arn String - The ARN of the role.
- template
Body String - The template body.
- template
Name String - The name of the provisioning template.
- role
Arn string - The ARN of the role.
- template
Body string - The template body.
- template
Name string - The name of the provisioning template.
- role_
arn str - The ARN of the role.
- template_
body str - The template body.
- template_
name str - The name of the provisioning template.
- role
Arn String - The ARN of the role.
- template
Body String - The template body.
- template
Name String - The name of the provisioning template.
CaCertificateValidity, CaCertificateValidityArgs
- not_
after str - The certificate is not valid after this date.
- not_
before str - The certificate is not valid before this date.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
Try AWS Native preview for resources not in the classic version.
AWS Classic v6.32.0 published on Friday, Apr 19, 2024 by Pulumi