AWS Classic

Pulumi Official
Package maintained by Pulumi
v5.9.2 published on Friday, Jun 24, 2022 by Pulumi

Certificate

The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager.

It deals with requesting certificates and managing their attributes and life-cycle. This resource does not deal with validation of a certificate but can provide inputs for other resources implementing the validation. It does not wait for a certificate to be issued. Use a aws.acm.CertificateValidation resource for this.

Most commonly, this resource is used together with aws.route53.Record and aws.acm.CertificateValidation to request a DNS validated certificate, deploy the required validation records and wait for validation to complete.

Domain validation through E-Mail is also supported but should be avoided as it requires a manual step outside of this provider.

Example Usage

Create Certificate

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var cert = new Aws.Acm.Certificate("cert", new Aws.Acm.CertificateArgs
        {
            DomainName = "example.com",
            Tags = 
            {
                { "Environment", "test" },
            },
            ValidationMethod = "DNS",
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := acm.NewCertificate(ctx, "cert", &acm.CertificateArgs{
			DomainName: pulumi.String("example.com"),
			Tags: pulumi.StringMap{
				"Environment": pulumi.String("test"),
			},
			ValidationMethod: pulumi.String("DNS"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var cert = new Certificate("cert", CertificateArgs.builder()        
            .domainName("example.com")
            .tags(Map.of("Environment", "test"))
            .validationMethod("DNS")
            .build());

    }
}
import pulumi
import pulumi_aws as aws

cert = aws.acm.Certificate("cert",
    domain_name="example.com",
    tags={
        "Environment": "test",
    },
    validation_method="DNS")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const cert = new aws.acm.Certificate("cert", {
    domainName: "example.com",
    tags: {
        Environment: "test",
    },
    validationMethod: "DNS",
});
resources:
  cert:
    type: aws:acm:Certificate
    properties:
      domainName: example.com
      tags:
        Environment: test
      validationMethod: DNS

Custom Domain Validation Options

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var cert = new Aws.Acm.Certificate("cert", new Aws.Acm.CertificateArgs
        {
            DomainName = "testing.example.com",
            ValidationMethod = "EMAIL",
            ValidationOptions = 
            {
                new Aws.Acm.Inputs.CertificateValidationOptionArgs
                {
                    DomainName = "testing.example.com",
                    ValidationDomain = "example.com",
                },
            },
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acm"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := acm.NewCertificate(ctx, "cert", &acm.CertificateArgs{
			DomainName:       pulumi.String("testing.example.com"),
			ValidationMethod: pulumi.String("EMAIL"),
			ValidationOptions: acm.CertificateValidationOptionArray{
				&acm.CertificateValidationOptionArgs{
					DomainName:       pulumi.String("testing.example.com"),
					ValidationDomain: pulumi.String("example.com"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var cert = new Certificate("cert", CertificateArgs.builder()        
            .domainName("testing.example.com")
            .validationMethod("EMAIL")
            .validationOptions(CertificateValidationOptionArgs.builder()
                .domainName("testing.example.com")
                .validationDomain("example.com")
                .build())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

cert = aws.acm.Certificate("cert",
    domain_name="testing.example.com",
    validation_method="EMAIL",
    validation_options=[aws.acm.CertificateValidationOptionArgs(
        domain_name="testing.example.com",
        validation_domain="example.com",
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const cert = new aws.acm.Certificate("cert", {
    domainName: "testing.example.com",
    validationMethod: "EMAIL",
    validationOptions: [{
        domainName: "testing.example.com",
        validationDomain: "example.com",
    }],
});
resources:
  cert:
    type: aws:acm:Certificate
    properties:
      domainName: testing.example.com
      validationMethod: EMAIL
      validationOptions:
        - domainName: testing.example.com
          validationDomain: example.com

Existing Certificate Body Import

using Pulumi;
using Aws = Pulumi.Aws;
using Tls = Pulumi.Tls;

class MyStack : Stack
{
    public MyStack()
    {
        var examplePrivateKey = new Tls.PrivateKey("examplePrivateKey", new Tls.PrivateKeyArgs
        {
            Algorithm = "RSA",
        });
        var exampleSelfSignedCert = new Tls.SelfSignedCert("exampleSelfSignedCert", new Tls.SelfSignedCertArgs
        {
            KeyAlgorithm = "RSA",
            PrivateKeyPem = examplePrivateKey.PrivateKeyPem,
            Subjects = 
            {
                new Tls.Inputs.SelfSignedCertSubjectArgs
                {
                    CommonName = "example.com",
                    Organization = "ACME Examples, Inc",
                },
            },
            ValidityPeriodHours = 12,
            AllowedUses = 
            {
                "key_encipherment",
                "digital_signature",
                "server_auth",
            },
        });
        var cert = new Aws.Acm.Certificate("cert", new Aws.Acm.CertificateArgs
        {
            PrivateKey = examplePrivateKey.PrivateKeyPem,
            CertificateBody = exampleSelfSignedCert.CertPem,
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acm"
	"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		examplePrivateKey, err := tls.NewPrivateKey(ctx, "examplePrivateKey", &tls.PrivateKeyArgs{
			Algorithm: pulumi.String("RSA"),
		})
		if err != nil {
			return err
		}
		exampleSelfSignedCert, err := tls.NewSelfSignedCert(ctx, "exampleSelfSignedCert", &tls.SelfSignedCertArgs{
			KeyAlgorithm:  pulumi.String("RSA"),
			PrivateKeyPem: examplePrivateKey.PrivateKeyPem,
			Subjects: SelfSignedCertSubjectArray{
				&SelfSignedCertSubjectArgs{
					CommonName:   pulumi.String("example.com"),
					Organization: pulumi.String("ACME Examples, Inc"),
				},
			},
			ValidityPeriodHours: pulumi.Int(12),
			AllowedUses: pulumi.StringArray{
				pulumi.String("key_encipherment"),
				pulumi.String("digital_signature"),
				pulumi.String("server_auth"),
			},
		})
		if err != nil {
			return err
		}
		_, err = acm.NewCertificate(ctx, "cert", &acm.CertificateArgs{
			PrivateKey:      examplePrivateKey.PrivateKeyPem,
			CertificateBody: exampleSelfSignedCert.CertPem,
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import java.util.*;
import java.io.*;
import java.nio.*;
import com.pulumi.*;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var examplePrivateKey = new PrivateKey("examplePrivateKey", PrivateKeyArgs.builder()        
            .algorithm("RSA")
            .build());

        var exampleSelfSignedCert = new SelfSignedCert("exampleSelfSignedCert", SelfSignedCertArgs.builder()        
            .keyAlgorithm("RSA")
            .privateKeyPem(examplePrivateKey.privateKeyPem())
            .subjects(SelfSignedCertSubjectArgs.builder()
                .commonName("example.com")
                .organization("ACME Examples, Inc")
                .build())
            .validityPeriodHours(12)
            .allowedUses(            
                "key_encipherment",
                "digital_signature",
                "server_auth")
            .build());

        var cert = new Certificate("cert", CertificateArgs.builder()        
            .privateKey(examplePrivateKey.privateKeyPem())
            .certificateBody(exampleSelfSignedCert.certPem())
            .build());

    }
}
import pulumi
import pulumi_aws as aws
import pulumi_tls as tls

example_private_key = tls.PrivateKey("examplePrivateKey", algorithm="RSA")
example_self_signed_cert = tls.SelfSignedCert("exampleSelfSignedCert",
    key_algorithm="RSA",
    private_key_pem=example_private_key.private_key_pem,
    subjects=[tls.SelfSignedCertSubjectArgs(
        common_name="example.com",
        organization="ACME Examples, Inc",
    )],
    validity_period_hours=12,
    allowed_uses=[
        "key_encipherment",
        "digital_signature",
        "server_auth",
    ])
cert = aws.acm.Certificate("cert",
    private_key=example_private_key.private_key_pem,
    certificate_body=example_self_signed_cert.cert_pem)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as tls from "@pulumi/tls";

const examplePrivateKey = new tls.PrivateKey("examplePrivateKey", {algorithm: "RSA"});
const exampleSelfSignedCert = new tls.SelfSignedCert("exampleSelfSignedCert", {
    keyAlgorithm: "RSA",
    privateKeyPem: examplePrivateKey.privateKeyPem,
    subjects: [{
        commonName: "example.com",
        organization: "ACME Examples, Inc",
    }],
    validityPeriodHours: 12,
    allowedUses: [
        "key_encipherment",
        "digital_signature",
        "server_auth",
    ],
});
const cert = new aws.acm.Certificate("cert", {
    privateKey: examplePrivateKey.privateKeyPem,
    certificateBody: exampleSelfSignedCert.certPem,
});
resources:
  examplePrivateKey:
    type: tls:PrivateKey
    properties:
      algorithm: RSA
  exampleSelfSignedCert:
    type: tls:SelfSignedCert
    properties:
      keyAlgorithm: RSA
      privateKeyPem: ${examplePrivateKey.privateKeyPem}
      subjects:
        - commonName: example.com
          organization: ACME Examples, Inc
      validityPeriodHours: 12
      allowedUses:
        - key_encipherment
        - digital_signature
        - server_auth
  cert:
    type: aws:acm:Certificate
    properties:
      privateKey: ${examplePrivateKey.privateKeyPem}
      certificateBody: ${exampleSelfSignedCert.certPem}

Referencing domain_validation_options With for_each Based Resources

Coming soon!

Coming soon!

Coming soon!

import pulumi
import pulumi_aws as aws

example = []
for range in [{"key": k, "value": v} for [k, v] in enumerate({dvo.domainName: {
    name: dvo.resourceRecordName,
    record: dvo.resourceRecordValue,
    type: dvo.resourceRecordType,
} for dvo in aws_acm_certificate.example.domain_validation_options})]:
    example.append(aws.route53.Record(f"example-{range['key']}",
        allow_overwrite=True,
        name=range["value"]["name"],
        records=[range["value"]["record"]],
        ttl=60,
        type=aws.route53/recordtype.RecordType(range["value"]["type"]),
        zone_id=aws_route53_zone["example"]["zone_id"]))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example: aws.route53.Record[];
for (const range of Object.entries(.reduce((__obj, dvo) => { ...__obj, [dvo.domainName]: {
    name: dvo.resourceRecordName,
    record: dvo.resourceRecordValue,
    type: dvo.resourceRecordType,
} })).map(([k, v]) => {key: k, value: v})) {
    example.push(new aws.route53.Record(`example-${range.key}`, {
        allowOverwrite: true,
        name: range.value.name,
        records: [range.value.record],
        ttl: 60,
        type: aws.route53.recordtype.RecordType[range.value.type],
        zoneId: aws_route53_zone.example.zone_id,
    }));
}
resources:
  example:
    type: aws:route53:Record
    properties:
      allowOverwrite: true
      name: ${range.value.name}
      records:
        - ${range.value.record}
      ttl: 60
      type: ${range.value.type}
      zoneId: ${aws_route53_zone.example.zone_id}
    options: {}

Create a Certificate Resource

new Certificate(name: string, args?: CertificateArgs, opts?: CustomResourceOptions);
@overload
def Certificate(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                certificate_authority_arn: Optional[str] = None,
                certificate_body: Optional[str] = None,
                certificate_chain: Optional[str] = None,
                domain_name: Optional[str] = None,
                options: Optional[CertificateOptionsArgs] = None,
                private_key: Optional[str] = None,
                subject_alternative_names: Optional[Sequence[str]] = None,
                tags: Optional[Mapping[str, str]] = None,
                validation_method: Optional[str] = None,
                validation_options: Optional[Sequence[CertificateValidationOptionArgs]] = None)
@overload
def Certificate(resource_name: str,
                args: Optional[CertificateArgs] = None,
                opts: Optional[ResourceOptions] = None)
func NewCertificate(ctx *Context, name string, args *CertificateArgs, opts ...ResourceOption) (*Certificate, error)
public Certificate(string name, CertificateArgs? args = null, CustomResourceOptions? opts = null)
public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
type: aws:acm:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Certificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Certificate resource accepts the following input properties:

CertificateAuthorityArn string

ARN of an ACM PCA

CertificateBody string

The certificate's PEM-formatted public key

CertificateChain string

The certificate's PEM-formatted chain

  • Creating a private CA issued certificate
DomainName string

A fully qualified domain name (FQDN) in the certificate.

Options CertificateOptionsArgs

Configuration block used to set certificate options. Detailed below.

PrivateKey string

The certificate's PEM-formatted private key

SubjectAlternativeNames List<string>

Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([]).

Tags Dictionary<string, string>

A map of tags to assign to the resource..

ValidationMethod string

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into the provider.

ValidationOptions List<CertificateValidationOptionArgs>

Configuration block used to specify information about the initial validation of each domain name. Detailed below.

  • Importing an existing certificate
CertificateAuthorityArn string

ARN of an ACM PCA

CertificateBody string

The certificate's PEM-formatted public key

CertificateChain string

The certificate's PEM-formatted chain

  • Creating a private CA issued certificate
DomainName string

A fully qualified domain name (FQDN) in the certificate.

Options CertificateOptionsArgs

Configuration block used to set certificate options. Detailed below.

PrivateKey string

The certificate's PEM-formatted private key

SubjectAlternativeNames []string

Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([]).

Tags map[string]string

A map of tags to assign to the resource..

ValidationMethod string

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into the provider.

ValidationOptions []CertificateValidationOptionArgs

Configuration block used to specify information about the initial validation of each domain name. Detailed below.

  • Importing an existing certificate
certificateAuthorityArn String

ARN of an ACM PCA

certificateBody String

The certificate's PEM-formatted public key

certificateChain String

The certificate's PEM-formatted chain

  • Creating a private CA issued certificate
domainName String

A fully qualified domain name (FQDN) in the certificate.

options CertificateOptionsArgs

Configuration block used to set certificate options. Detailed below.

privateKey String

The certificate's PEM-formatted private key

subjectAlternativeNames List<String>

Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([]).

tags Map<String,String>

A map of tags to assign to the resource..

validationMethod String

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into the provider.

validationOptions List<CertificateValidationOptionArgs>

Configuration block used to specify information about the initial validation of each domain name. Detailed below.

  • Importing an existing certificate
certificateAuthorityArn string

ARN of an ACM PCA

certificateBody string

The certificate's PEM-formatted public key

certificateChain string

The certificate's PEM-formatted chain

  • Creating a private CA issued certificate
domainName string

A fully qualified domain name (FQDN) in the certificate.

options CertificateOptionsArgs

Configuration block used to set certificate options. Detailed below.

privateKey string

The certificate's PEM-formatted private key

subjectAlternativeNames string[]

Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([]).

tags {[key: string]: string}

A map of tags to assign to the resource..

validationMethod string

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into the provider.

validationOptions CertificateValidationOptionArgs[]

Configuration block used to specify information about the initial validation of each domain name. Detailed below.

  • Importing an existing certificate
certificate_authority_arn str

ARN of an ACM PCA

certificate_body str

The certificate's PEM-formatted public key

certificate_chain str

The certificate's PEM-formatted chain

  • Creating a private CA issued certificate
domain_name str

A fully qualified domain name (FQDN) in the certificate.

options CertificateOptionsArgs

Configuration block used to set certificate options. Detailed below.

private_key str

The certificate's PEM-formatted private key

subject_alternative_names Sequence[str]

Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([]).

tags Mapping[str, str]

A map of tags to assign to the resource..

validation_method str

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into the provider.

validation_options Sequence[CertificateValidationOptionArgs]

Configuration block used to specify information about the initial validation of each domain name. Detailed below.

  • Importing an existing certificate
certificateAuthorityArn String

ARN of an ACM PCA

certificateBody String

The certificate's PEM-formatted public key

certificateChain String

The certificate's PEM-formatted chain

  • Creating a private CA issued certificate
domainName String

A fully qualified domain name (FQDN) in the certificate.

options Property Map

Configuration block used to set certificate options. Detailed below.

privateKey String

The certificate's PEM-formatted private key

subjectAlternativeNames List<String>

Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([]).

tags Map<String>

A map of tags to assign to the resource..

validationMethod String

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into the provider.

validationOptions List<Property Map>

Configuration block used to specify information about the initial validation of each domain name. Detailed below.

  • Importing an existing certificate

Outputs

All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

Arn string

The ARN of the certificate

DomainValidationOptions List<CertificateDomainValidationOption>

Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.

Id string

The provider-assigned unique ID for this managed resource.

Status string

Status of the certificate.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider .

ValidationEmails List<string>

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

Arn string

The ARN of the certificate

DomainValidationOptions []CertificateDomainValidationOption

Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.

Id string

The provider-assigned unique ID for this managed resource.

Status string

Status of the certificate.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider .

ValidationEmails []string

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

arn String

The ARN of the certificate

domainValidationOptions List<CertificateDomainValidationOption>

Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.

id String

The provider-assigned unique ID for this managed resource.

status String

Status of the certificate.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider .

validationEmails List<String>

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

arn string

The ARN of the certificate

domainValidationOptions CertificateDomainValidationOption[]

Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.

id string

The provider-assigned unique ID for this managed resource.

status string

Status of the certificate.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider .

validationEmails string[]

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

arn str

The ARN of the certificate

domain_validation_options Sequence[CertificateDomainValidationOption]

Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.

id str

The provider-assigned unique ID for this managed resource.

status str

Status of the certificate.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider .

validation_emails Sequence[str]

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

arn String

The ARN of the certificate

domainValidationOptions List<Property Map>

Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.

id String

The provider-assigned unique ID for this managed resource.

status String

Status of the certificate.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider .

validationEmails List<String>

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

Look up an Existing Certificate Resource

Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        certificate_authority_arn: Optional[str] = None,
        certificate_body: Optional[str] = None,
        certificate_chain: Optional[str] = None,
        domain_name: Optional[str] = None,
        domain_validation_options: Optional[Sequence[CertificateDomainValidationOptionArgs]] = None,
        options: Optional[CertificateOptionsArgs] = None,
        private_key: Optional[str] = None,
        status: Optional[str] = None,
        subject_alternative_names: Optional[Sequence[str]] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        validation_emails: Optional[Sequence[str]] = None,
        validation_method: Optional[str] = None,
        validation_options: Optional[Sequence[CertificateValidationOptionArgs]] = None) -> Certificate
func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)
public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)
public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string

The ARN of the certificate

CertificateAuthorityArn string

ARN of an ACM PCA

CertificateBody string

The certificate's PEM-formatted public key

CertificateChain string

The certificate's PEM-formatted chain

  • Creating a private CA issued certificate
DomainName string

A fully qualified domain name (FQDN) in the certificate.

DomainValidationOptions List<CertificateDomainValidationOptionArgs>

Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.

Options CertificateOptionsArgs

Configuration block used to set certificate options. Detailed below.

PrivateKey string

The certificate's PEM-formatted private key

Status string

Status of the certificate.

SubjectAlternativeNames List<string>

Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([]).

Tags Dictionary<string, string>

A map of tags to assign to the resource..

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider .

ValidationEmails List<string>

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

ValidationMethod string

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into the provider.

ValidationOptions List<CertificateValidationOptionArgs>

Configuration block used to specify information about the initial validation of each domain name. Detailed below.

  • Importing an existing certificate
Arn string

The ARN of the certificate

CertificateAuthorityArn string

ARN of an ACM PCA

CertificateBody string

The certificate's PEM-formatted public key

CertificateChain string

The certificate's PEM-formatted chain

  • Creating a private CA issued certificate
DomainName string

A fully qualified domain name (FQDN) in the certificate.

DomainValidationOptions []CertificateDomainValidationOptionArgs

Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.

Options CertificateOptionsArgs

Configuration block used to set certificate options. Detailed below.

PrivateKey string

The certificate's PEM-formatted private key

Status string

Status of the certificate.

SubjectAlternativeNames []string

Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([]).

Tags map[string]string

A map of tags to assign to the resource..

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider .

ValidationEmails []string

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

ValidationMethod string

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into the provider.

ValidationOptions []CertificateValidationOptionArgs

Configuration block used to specify information about the initial validation of each domain name. Detailed below.

  • Importing an existing certificate
arn String

The ARN of the certificate

certificateAuthorityArn String

ARN of an ACM PCA

certificateBody String

The certificate's PEM-formatted public key

certificateChain String

The certificate's PEM-formatted chain

  • Creating a private CA issued certificate
domainName String

A fully qualified domain name (FQDN) in the certificate.

domainValidationOptions List<CertificateDomainValidationOptionArgs>

Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.

options CertificateOptionsArgs

Configuration block used to set certificate options. Detailed below.

privateKey String

The certificate's PEM-formatted private key

status String

Status of the certificate.

subjectAlternativeNames List<String>

Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([]).

tags Map<String,String>

A map of tags to assign to the resource..

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider .

validationEmails List<String>

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

validationMethod String

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into the provider.

validationOptions List<CertificateValidationOptionArgs>

Configuration block used to specify information about the initial validation of each domain name. Detailed below.

  • Importing an existing certificate
arn string

The ARN of the certificate

certificateAuthorityArn string

ARN of an ACM PCA

certificateBody string

The certificate's PEM-formatted public key

certificateChain string

The certificate's PEM-formatted chain

  • Creating a private CA issued certificate
domainName string

A fully qualified domain name (FQDN) in the certificate.

domainValidationOptions CertificateDomainValidationOptionArgs[]

Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.

options CertificateOptionsArgs

Configuration block used to set certificate options. Detailed below.

privateKey string

The certificate's PEM-formatted private key

status string

Status of the certificate.

subjectAlternativeNames string[]

Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([]).

tags {[key: string]: string}

A map of tags to assign to the resource..

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider .

validationEmails string[]

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

validationMethod string

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into the provider.

validationOptions CertificateValidationOptionArgs[]

Configuration block used to specify information about the initial validation of each domain name. Detailed below.

  • Importing an existing certificate
arn str

The ARN of the certificate

certificate_authority_arn str

ARN of an ACM PCA

certificate_body str

The certificate's PEM-formatted public key

certificate_chain str

The certificate's PEM-formatted chain

  • Creating a private CA issued certificate
domain_name str

A fully qualified domain name (FQDN) in the certificate.

domain_validation_options Sequence[CertificateDomainValidationOptionArgs]

Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.

options CertificateOptionsArgs

Configuration block used to set certificate options. Detailed below.

private_key str

The certificate's PEM-formatted private key

status str

Status of the certificate.

subject_alternative_names Sequence[str]

Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([]).

tags Mapping[str, str]

A map of tags to assign to the resource..

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider .

validation_emails Sequence[str]

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

validation_method str

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into the provider.

validation_options Sequence[CertificateValidationOptionArgs]

Configuration block used to specify information about the initial validation of each domain name. Detailed below.

  • Importing an existing certificate
arn String

The ARN of the certificate

certificateAuthorityArn String

ARN of an ACM PCA

certificateBody String

The certificate's PEM-formatted public key

certificateChain String

The certificate's PEM-formatted chain

  • Creating a private CA issued certificate
domainName String

A fully qualified domain name (FQDN) in the certificate.

domainValidationOptions List<Property Map>

Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.

options Property Map

Configuration block used to set certificate options. Detailed below.

privateKey String

The certificate's PEM-formatted private key

status String

Status of the certificate.

subjectAlternativeNames List<String>

Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([]).

tags Map<String>

A map of tags to assign to the resource..

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider .

validationEmails List<String>

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

validationMethod String

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into the provider.

validationOptions List<Property Map>

Configuration block used to specify information about the initial validation of each domain name. Detailed below.

  • Importing an existing certificate

Supporting Types

CertificateDomainValidationOption

DomainName string

A fully qualified domain name (FQDN) in the certificate.

ResourceRecordName string

The name of the DNS record to create to validate the certificate

ResourceRecordType string

The type of DNS record to create

ResourceRecordValue string

The value the DNS record needs to have

DomainName string

A fully qualified domain name (FQDN) in the certificate.

ResourceRecordName string

The name of the DNS record to create to validate the certificate

ResourceRecordType string

The type of DNS record to create

ResourceRecordValue string

The value the DNS record needs to have

domainName String

A fully qualified domain name (FQDN) in the certificate.

resourceRecordName String

The name of the DNS record to create to validate the certificate

resourceRecordType String

The type of DNS record to create

resourceRecordValue String

The value the DNS record needs to have

domainName string

A fully qualified domain name (FQDN) in the certificate.

resourceRecordName string

The name of the DNS record to create to validate the certificate

resourceRecordType string

The type of DNS record to create

resourceRecordValue string

The value the DNS record needs to have

domain_name str

A fully qualified domain name (FQDN) in the certificate.

resource_record_name str

The name of the DNS record to create to validate the certificate

resource_record_type str

The type of DNS record to create

resource_record_value str

The value the DNS record needs to have

domainName String

A fully qualified domain name (FQDN) in the certificate.

resourceRecordName String

The name of the DNS record to create to validate the certificate

resourceRecordType String

The type of DNS record to create

resourceRecordValue String

The value the DNS record needs to have

CertificateOptions

CertificateTransparencyLoggingPreference string

Specifies whether certificate details should be added to a certificate transparency log. Valid values are ENABLED or DISABLED. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.

CertificateTransparencyLoggingPreference string

Specifies whether certificate details should be added to a certificate transparency log. Valid values are ENABLED or DISABLED. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.

certificateTransparencyLoggingPreference String

Specifies whether certificate details should be added to a certificate transparency log. Valid values are ENABLED or DISABLED. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.

certificateTransparencyLoggingPreference string

Specifies whether certificate details should be added to a certificate transparency log. Valid values are ENABLED or DISABLED. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.

certificate_transparency_logging_preference str

Specifies whether certificate details should be added to a certificate transparency log. Valid values are ENABLED or DISABLED. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.

certificateTransparencyLoggingPreference String

Specifies whether certificate details should be added to a certificate transparency log. Valid values are ENABLED or DISABLED. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.

CertificateValidationOption

DomainName string

A fully qualified domain name (FQDN) in the certificate.

ValidationDomain string

The domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the domain_name value or a superdomain of the domain_name value. For example, if you request a certificate for "testing.example.com", you can specify "example.com" for this value.

DomainName string

A fully qualified domain name (FQDN) in the certificate.

ValidationDomain string

The domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the domain_name value or a superdomain of the domain_name value. For example, if you request a certificate for "testing.example.com", you can specify "example.com" for this value.

domainName String

A fully qualified domain name (FQDN) in the certificate.

validationDomain String

The domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the domain_name value or a superdomain of the domain_name value. For example, if you request a certificate for "testing.example.com", you can specify "example.com" for this value.

domainName string

A fully qualified domain name (FQDN) in the certificate.

validationDomain string

The domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the domain_name value or a superdomain of the domain_name value. For example, if you request a certificate for "testing.example.com", you can specify "example.com" for this value.

domain_name str

A fully qualified domain name (FQDN) in the certificate.

validation_domain str

The domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the domain_name value or a superdomain of the domain_name value. For example, if you request a certificate for "testing.example.com", you can specify "example.com" for this value.

domainName String

A fully qualified domain name (FQDN) in the certificate.

validationDomain String

The domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the domain_name value or a superdomain of the domain_name value. For example, if you request a certificate for "testing.example.com", you can specify "example.com" for this value.

Import

Certificates can be imported using their ARN, e.g.,

 $ pulumi import aws:acm/certificate:Certificate cert arn:aws:acm:eu-central-1:123456789012:certificate/7e7a28d2-163f-4b8f-b9cd-822f96c08d6a

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.