acm

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class pulumi_aws.acm.AwaitableGetCertificateResult(arn=None, domain=None, key_types=None, most_recent=None, statuses=None, types=None, id=None)
class pulumi_aws.acm.Certificate(resource_name, opts=None, certificate_authority_arn=None, certificate_body=None, certificate_chain=None, domain_name=None, options=None, private_key=None, subject_alternative_names=None, tags=None, validation_method=None, __props__=None, __name__=None, __opts__=None)

The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager.

It deals with requesting certificates and managing their attributes and life-cycle. This resource does not deal with validation of a certificate but can provide inputs for other resources implementing the validation. It does not wait for a certificate to be issued. Use a acm.CertificateValidation resource for this.

Most commonly, this resource is used to together with route53.Record and acm.CertificateValidation to request a DNS validated certificate, deploy the required validation records and wait for validation to complete.

Domain validation through E-Mail is also supported but should be avoided as it requires a manual step outside of this provider.

It’s recommended to specify create_before_destroy = true in a [lifecycle][1] block to replace a certificate which is currently in use (eg, by lb.Listener).

Supported nested arguments for the options configuration block:

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • certificate_authority_arn (pulumi.Input[str]) – ARN of an ACMPCA

  • certificate_body (pulumi.Input[str]) – The certificate’s PEM-formatted public key

  • certificate_chain (pulumi.Input[str]) – The certificate’s PEM-formatted chain

* Creating a private CA issued certificate
Parameters
  • domain_name (pulumi.Input[str]) – A domain name for which the certificate should be issued

  • private_key (pulumi.Input[str]) – The certificate’s PEM-formatted private key

  • subject_alternative_names (pulumi.Input[list]) – A list of domains that should be SANs in the issued certificate

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • validation_method (pulumi.Input[str]) – Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into state managed by this provider.

* Importing an existing certificate

The options object supports the following:

  • certificateTransparencyLoggingPreference (pulumi.Input[str])

arn = None

The ARN of the certificate

certificate_authority_arn = None

ARN of an ACMPCA

certificate_body = None

The certificate’s PEM-formatted public key

certificate_chain = None

The certificate’s PEM-formatted chain

  • Creating a private CA issued certificate

domain_name = None

A domain name for which the certificate should be issued

domain_validation_options = None

A list of attributes to feed into other resources to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if DNS-validation was used.

  • domain_name (str) - A domain name for which the certificate should be issued

  • resourceRecordName (str) - The name of the DNS record to create to validate the certificate

  • resourceRecordType (str) - The type of DNS record to create

  • resourceRecordValue (str) - The value the DNS record needs to have

private_key = None

The certificate’s PEM-formatted private key

subject_alternative_names = None

A list of domains that should be SANs in the issued certificate

tags = None

A mapping of tags to assign to the resource.

validation_emails = None

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

validation_method = None

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into state managed by this provider.

  • Importing an existing certificate

static get(resource_name, id, opts=None, arn=None, certificate_authority_arn=None, certificate_body=None, certificate_chain=None, domain_name=None, domain_validation_options=None, options=None, private_key=None, subject_alternative_names=None, tags=None, validation_emails=None, validation_method=None)

Get an existing Certificate resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • arn (pulumi.Input[str]) – The ARN of the certificate

  • certificate_authority_arn (pulumi.Input[str]) – ARN of an ACMPCA

  • certificate_body (pulumi.Input[str]) – The certificate’s PEM-formatted public key

  • certificate_chain (pulumi.Input[str]) – The certificate’s PEM-formatted chain

* Creating a private CA issued certificate
Parameters
  • domain_name (pulumi.Input[str]) – A domain name for which the certificate should be issued

  • domain_validation_options (pulumi.Input[list]) – A list of attributes to feed into other resources to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if DNS-validation was used.

  • private_key (pulumi.Input[str]) – The certificate’s PEM-formatted private key

  • subject_alternative_names (pulumi.Input[list]) – A list of domains that should be SANs in the issued certificate

  • tags (pulumi.Input[dict]) – A mapping of tags to assign to the resource.

  • validation_emails (pulumi.Input[list]) – A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

  • validation_method (pulumi.Input[str]) – Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into state managed by this provider.

* Importing an existing certificate

The domain_validation_options object supports the following:

  • domain_name (pulumi.Input[str]) - A domain name for which the certificate should be issued

  • resourceRecordName (pulumi.Input[str]) - The name of the DNS record to create to validate the certificate

  • resourceRecordType (pulumi.Input[str]) - The type of DNS record to create

  • resourceRecordValue (pulumi.Input[str]) - The value the DNS record needs to have

The options object supports the following:

  • certificateTransparencyLoggingPreference (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.acm.CertificateValidation(resource_name, opts=None, certificate_arn=None, validation_record_fqdns=None, __props__=None, __name__=None, __opts__=None)

This resource represents a successful validation of an ACM certificate in concert with other resources.

Most commonly, this resource is used together with route53.Record and acm.Certificate to request a DNS validated certificate, deploy the required validation records and wait for validation to complete.

WARNING: This resource implements a part of the validation workflow. It does not represent a real-world entity in AWS, therefore changing or deleting this resource on its own has no immediate effect.

Parameters
  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • certificate_arn (pulumi.Input[str]) – The ARN of the certificate that is being validated.

  • validation_record_fqdns (pulumi.Input[list]) – List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation

certificate_arn = None

The ARN of the certificate that is being validated.

validation_record_fqdns = None

List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation

static get(resource_name, id, opts=None, certificate_arn=None, validation_record_fqdns=None)

Get an existing CertificateValidation resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters
  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • certificate_arn (pulumi.Input[str]) – The ARN of the certificate that is being validated.

  • validation_record_fqdns (pulumi.Input[list]) – List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_aws.acm.GetCertificateResult(arn=None, domain=None, key_types=None, most_recent=None, statuses=None, types=None, id=None)

A collection of values returned by getCertificate.

arn = None

Set to the ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.

id = None

id is the provider-assigned unique ID for this managed resource.

pulumi_aws.acm.get_certificate(domain=None, key_types=None, most_recent=None, statuses=None, types=None, opts=None)

Use this data source to get the ARN of a certificate in AWS Certificate Manager (ACM), you can reference it by domain without having to hard code the ARNs as input.

Parameters
  • domain (str) – The domain of the certificate to look up. If no certificate is found with this name, an error will be returned.

  • key_types (list) – A list of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. Valid values are RSA_1024, RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1, and EC_secp521r1.

  • most_recent (bool) – If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.

  • statuses (list) – A list of statuses on which to filter the returned list. Valid values are PENDING_VALIDATION, ISSUED, INACTIVE, EXPIRED, VALIDATION_TIMED_OUT, REVOKED and FAILED. If no value is specified, only certificates in the ISSUED state are returned.

  • types (list) – A list of types on which to filter the returned list. Valid values are AMAZON_ISSUED and IMPORTED.