1. Packages
  2. AWS Classic
  3. API Docs
  4. acm
  5. Certificate

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.24.0 published on Tuesday, Feb 27, 2024 by Pulumi

aws.acm.Certificate

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.24.0 published on Tuesday, Feb 27, 2024 by Pulumi

    The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager.

    ACM certificates can be created in three ways: Amazon-issued, where AWS provides the certificate authority and automatically manages renewal; imported certificates, issued by another certificate authority; and private certificates, issued using an ACM Private Certificate Authority.

    Amazon-Issued Certificates

    For Amazon-issued certificates, this resource deals with requesting certificates and managing their attributes and life-cycle. This resource does not deal with validation of a certificate but can provide inputs for other resources implementing the validation. It does not wait for a certificate to be issued. Use a aws.acm.CertificateValidation resource for this.

    Most commonly, this resource is used together with aws.route53.Record and aws.acm.CertificateValidation to request a DNS validated certificate, deploy the required validation records and wait for validation to complete.

    Domain validation through email is also supported but should be avoided as it requires a manual step outside of this provider.

    Certificates Imported from Other Certificate Authority

    Imported certificates can be used to make certificates created with an external certificate authority available for AWS services.

    As they are not managed by AWS, imported certificates are not eligible for automatic renewal. New certificate materials can be supplied to an existing imported certificate to update it in place.

    Private Certificates

    Private certificates are issued by an ACM Private Cerificate Authority, which can be created using the resource type aws.acmpca.CertificateAuthority.

    Private certificates created using this resource are eligible for managed renewal if they have been exported or associated with another AWS service. See managed renewal documentation for more information. By default, a certificate is valid for 395 days and the managed renewal process will start 60 days before expiration. To renew the certificate earlier than 60 days before expiration, configure early_renewal_duration.

    Example Usage

    Create Certificate

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var cert = new Aws.Acm.Certificate("cert", new()
        {
            DomainName = "example.com",
            Tags = 
            {
                { "Environment", "test" },
            },
            ValidationMethod = "DNS",
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acm"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := acm.NewCertificate(ctx, "cert", &acm.CertificateArgs{
    			DomainName: pulumi.String("example.com"),
    			Tags: pulumi.StringMap{
    				"Environment": pulumi.String("test"),
    			},
    			ValidationMethod: pulumi.String("DNS"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.acm.Certificate;
    import com.pulumi.aws.acm.CertificateArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var cert = new Certificate("cert", CertificateArgs.builder()        
                .domainName("example.com")
                .tags(Map.of("Environment", "test"))
                .validationMethod("DNS")
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    cert = aws.acm.Certificate("cert",
        domain_name="example.com",
        tags={
            "Environment": "test",
        },
        validation_method="DNS")
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const cert = new aws.acm.Certificate("cert", {
        domainName: "example.com",
        tags: {
            Environment: "test",
        },
        validationMethod: "DNS",
    });
    
    resources:
      cert:
        type: aws:acm:Certificate
        properties:
          domainName: example.com
          tags:
            Environment: test
          validationMethod: DNS
    

    Custom Domain Validation Options

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var cert = new Aws.Acm.Certificate("cert", new()
        {
            DomainName = "testing.example.com",
            ValidationMethod = "EMAIL",
            ValidationOptions = new[]
            {
                new Aws.Acm.Inputs.CertificateValidationOptionArgs
                {
                    DomainName = "testing.example.com",
                    ValidationDomain = "example.com",
                },
            },
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acm"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := acm.NewCertificate(ctx, "cert", &acm.CertificateArgs{
    			DomainName:       pulumi.String("testing.example.com"),
    			ValidationMethod: pulumi.String("EMAIL"),
    			ValidationOptions: acm.CertificateValidationOptionArray{
    				&acm.CertificateValidationOptionArgs{
    					DomainName:       pulumi.String("testing.example.com"),
    					ValidationDomain: pulumi.String("example.com"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.acm.Certificate;
    import com.pulumi.aws.acm.CertificateArgs;
    import com.pulumi.aws.acm.inputs.CertificateValidationOptionArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var cert = new Certificate("cert", CertificateArgs.builder()        
                .domainName("testing.example.com")
                .validationMethod("EMAIL")
                .validationOptions(CertificateValidationOptionArgs.builder()
                    .domainName("testing.example.com")
                    .validationDomain("example.com")
                    .build())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    
    cert = aws.acm.Certificate("cert",
        domain_name="testing.example.com",
        validation_method="EMAIL",
        validation_options=[aws.acm.CertificateValidationOptionArgs(
            domain_name="testing.example.com",
            validation_domain="example.com",
        )])
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const cert = new aws.acm.Certificate("cert", {
        domainName: "testing.example.com",
        validationMethod: "EMAIL",
        validationOptions: [{
            domainName: "testing.example.com",
            validationDomain: "example.com",
        }],
    });
    
    resources:
      cert:
        type: aws:acm:Certificate
        properties:
          domainName: testing.example.com
          validationMethod: EMAIL
          validationOptions:
            - domainName: testing.example.com
              validationDomain: example.com
    

    Existing Certificate Body Import

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    using Tls = Pulumi.Tls;
    
    return await Deployment.RunAsync(() => 
    {
        var examplePrivateKey = new Tls.PrivateKey("examplePrivateKey", new()
        {
            Algorithm = "RSA",
        });
    
        var exampleSelfSignedCert = new Tls.SelfSignedCert("exampleSelfSignedCert", new()
        {
            KeyAlgorithm = "RSA",
            PrivateKeyPem = examplePrivateKey.PrivateKeyPem,
            Subject = new Tls.Inputs.SelfSignedCertSubjectArgs
            {
                CommonName = "example.com",
                Organization = "ACME Examples, Inc",
            },
            ValidityPeriodHours = 12,
            AllowedUses = new[]
            {
                "key_encipherment",
                "digital_signature",
                "server_auth",
            },
        });
    
        var cert = new Aws.Acm.Certificate("cert", new()
        {
            PrivateKey = examplePrivateKey.PrivateKeyPem,
            CertificateBody = exampleSelfSignedCert.CertPem,
        });
    
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acm"
    	"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		examplePrivateKey, err := tls.NewPrivateKey(ctx, "examplePrivateKey", &tls.PrivateKeyArgs{
    			Algorithm: pulumi.String("RSA"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleSelfSignedCert, err := tls.NewSelfSignedCert(ctx, "exampleSelfSignedCert", &tls.SelfSignedCertArgs{
    			KeyAlgorithm:  pulumi.String("RSA"),
    			PrivateKeyPem: examplePrivateKey.PrivateKeyPem,
    			Subject: &tls.SelfSignedCertSubjectArgs{
    				CommonName:   pulumi.String("example.com"),
    				Organization: pulumi.String("ACME Examples, Inc"),
    			},
    			ValidityPeriodHours: pulumi.Int(12),
    			AllowedUses: pulumi.StringArray{
    				pulumi.String("key_encipherment"),
    				pulumi.String("digital_signature"),
    				pulumi.String("server_auth"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = acm.NewCertificate(ctx, "cert", &acm.CertificateArgs{
    			PrivateKey:      examplePrivateKey.PrivateKeyPem,
    			CertificateBody: exampleSelfSignedCert.CertPem,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.tls.PrivateKey;
    import com.pulumi.tls.PrivateKeyArgs;
    import com.pulumi.tls.SelfSignedCert;
    import com.pulumi.tls.SelfSignedCertArgs;
    import com.pulumi.tls.inputs.SelfSignedCertSubjectArgs;
    import com.pulumi.aws.acm.Certificate;
    import com.pulumi.aws.acm.CertificateArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var examplePrivateKey = new PrivateKey("examplePrivateKey", PrivateKeyArgs.builder()        
                .algorithm("RSA")
                .build());
    
            var exampleSelfSignedCert = new SelfSignedCert("exampleSelfSignedCert", SelfSignedCertArgs.builder()        
                .keyAlgorithm("RSA")
                .privateKeyPem(examplePrivateKey.privateKeyPem())
                .subject(SelfSignedCertSubjectArgs.builder()
                    .commonName("example.com")
                    .organization("ACME Examples, Inc")
                    .build())
                .validityPeriodHours(12)
                .allowedUses(            
                    "key_encipherment",
                    "digital_signature",
                    "server_auth")
                .build());
    
            var cert = new Certificate("cert", CertificateArgs.builder()        
                .privateKey(examplePrivateKey.privateKeyPem())
                .certificateBody(exampleSelfSignedCert.certPem())
                .build());
    
        }
    }
    
    import pulumi
    import pulumi_aws as aws
    import pulumi_tls as tls
    
    example_private_key = tls.PrivateKey("examplePrivateKey", algorithm="RSA")
    example_self_signed_cert = tls.SelfSignedCert("exampleSelfSignedCert",
        key_algorithm="RSA",
        private_key_pem=example_private_key.private_key_pem,
        subject=tls.SelfSignedCertSubjectArgs(
            common_name="example.com",
            organization="ACME Examples, Inc",
        ),
        validity_period_hours=12,
        allowed_uses=[
            "key_encipherment",
            "digital_signature",
            "server_auth",
        ])
    cert = aws.acm.Certificate("cert",
        private_key=example_private_key.private_key_pem,
        certificate_body=example_self_signed_cert.cert_pem)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    import * as tls from "@pulumi/tls";
    
    const examplePrivateKey = new tls.PrivateKey("examplePrivateKey", {algorithm: "RSA"});
    const exampleSelfSignedCert = new tls.SelfSignedCert("exampleSelfSignedCert", {
        keyAlgorithm: "RSA",
        privateKeyPem: examplePrivateKey.privateKeyPem,
        subject: {
            commonName: "example.com",
            organization: "ACME Examples, Inc",
        },
        validityPeriodHours: 12,
        allowedUses: [
            "key_encipherment",
            "digital_signature",
            "server_auth",
        ],
    });
    const cert = new aws.acm.Certificate("cert", {
        privateKey: examplePrivateKey.privateKeyPem,
        certificateBody: exampleSelfSignedCert.certPem,
    });
    
    resources:
      examplePrivateKey:
        type: tls:PrivateKey
        properties:
          algorithm: RSA
      exampleSelfSignedCert:
        type: tls:SelfSignedCert
        properties:
          keyAlgorithm: RSA
          privateKeyPem: ${examplePrivateKey.privateKeyPem}
          subject:
            commonName: example.com
            organization: ACME Examples, Inc
          validityPeriodHours: 12
          allowedUses:
            - key_encipherment
            - digital_signature
            - server_auth
      cert:
        type: aws:acm:Certificate
        properties:
          privateKey: ${examplePrivateKey.privateKeyPem}
          certificateBody: ${exampleSelfSignedCert.certPem}
    

    Referencing domain_validation_options With for_each Based Resources

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new List<Aws.Route53.Record>();
        foreach (var range in .ToDictionary(item => {
            var dvo = item.Value;
            return dvo.DomainName;
        }, item => {
            var dvo = item.Value;
            return 
            {
                { "name", dvo.ResourceRecordName },
                { "record", dvo.ResourceRecordValue },
                { "type", dvo.ResourceRecordType },
            };
        }).Select(pair => new { pair.Key, pair.Value }))
        {
            example.Add(new Aws.Route53.Record($"example-{range.Key}", new()
            {
                AllowOverwrite = true,
                Name = range.Value.Name,
                Records = new[]
                {
                    range.Value.Record,
                },
                Ttl = 60,
                Type = System.Enum.Parse<Aws.Route53.RecordType.RecordType>(range.Value.Type),
                ZoneId = aws_route53_zone.Example.Zone_id,
            }));
        }
    });
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		var example []*route53.Record
    		for key0, val0 := range "TODO: For expression" {
    			__res, err := route53.NewRecord(ctx, fmt.Sprintf("example-%v", key0), &route53.RecordArgs{
    				AllowOverwrite: pulumi.Bool(true),
    				Name:           pulumi.Any(val0),
    				Records: pulumi.StringArray{
    					val0,
    				},
    				Ttl:    pulumi.Int(60),
    				Type:   route53.RecordType(val0),
    				ZoneId: pulumi.Any(aws_route53_zone.Example.Zone_id),
    			})
    			if err != nil {
    				return err
    			}
    			example = append(example, __res)
    		}
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws as aws
    
    example = []
    for range in [{"key": k, "value": v} for [k, v] in enumerate({dvo.domain_name: {
        name: dvo.resource_record_name,
        record: dvo.resource_record_value,
        type: dvo.resource_record_type,
    } for dvo in aws_acm_certificate.example.domain_validation_options})]:
        example.append(aws.route53.Record(f"example-{range['key']}",
            allow_overwrite=True,
            name=range["value"]["name"],
            records=[range["value"]["record"]],
            ttl=60,
            type=aws.route53/recordtype.RecordType(range["value"]["type"]),
            zone_id=aws_route53_zone["example"]["zone_id"]))
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const example: aws.route53.Record[] = [];
    for (const range of Object.entries(.reduce((__obj, dvo) => ({ ...__obj, [dvo.domainName]: {
        name: dvo.resourceRecordName,
        record: dvo.resourceRecordValue,
        type: dvo.resourceRecordType,
    } }))).map(([k, v]) => ({key: k, value: v}))) {
        example.push(new aws.route53.Record(`example-${range.key}`, {
            allowOverwrite: true,
            name: range.value.name,
            records: [range.value.record],
            ttl: 60,
            type: aws.route53.recordtype.RecordType[range.value.type],
            zoneId: aws_route53_zone.example.zone_id,
        }));
    }
    
    resources:
      example:
        type: aws:route53:Record
        properties:
          allowOverwrite: true
          name: ${range.value.name}
          records:
            - ${range.value.record}
          ttl: 60
          type: ${range.value.type}
          zoneId: ${aws_route53_zone.example.zone_id}
        options: {}
    

    Create Certificate Resource

    new Certificate(name: string, args?: CertificateArgs, opts?: CustomResourceOptions);
    @overload
    def Certificate(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    certificate_authority_arn: Optional[str] = None,
                    certificate_body: Optional[str] = None,
                    certificate_chain: Optional[str] = None,
                    domain_name: Optional[str] = None,
                    early_renewal_duration: Optional[str] = None,
                    key_algorithm: Optional[str] = None,
                    options: Optional[CertificateOptionsArgs] = None,
                    private_key: Optional[str] = None,
                    subject_alternative_names: Optional[Sequence[str]] = None,
                    tags: Optional[Mapping[str, str]] = None,
                    validation_method: Optional[str] = None,
                    validation_options: Optional[Sequence[CertificateValidationOptionArgs]] = None)
    @overload
    def Certificate(resource_name: str,
                    args: Optional[CertificateArgs] = None,
                    opts: Optional[ResourceOptions] = None)
    func NewCertificate(ctx *Context, name string, args *CertificateArgs, opts ...ResourceOption) (*Certificate, error)
    public Certificate(string name, CertificateArgs? args = null, CustomResourceOptions? opts = null)
    public Certificate(String name, CertificateArgs args)
    public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
    
    type: aws:acm:Certificate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Certificate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Certificate resource accepts the following input properties:

    CertificateAuthorityArn string
    ARN of an ACM PCA
    CertificateBody string
    Certificate's PEM-formatted public key
    CertificateChain string
    Certificate's PEM-formatted chain

    • Creating a private CA issued certificate
    DomainName string
    Fully qualified domain name (FQDN) in the certificate.
    EarlyRenewalDuration string
    Amount of time to start automatic renewal process before expiration. Has no effect if less than 60 days. Represented by either a subset of RFC 3339 duration supporting years, months, and days (e.g., P90D), or a string such as 2160h.
    KeyAlgorithm string
    Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
    Options CertificateOptions
    Configuration block used to set certificate options. Detailed below.
    PrivateKey string
    Certificate's PEM-formatted private key
    SubjectAlternativeNames List<string>
    Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([])
    Tags Dictionary<string, string>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    ValidationMethod string
    Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi.
    ValidationOptions List<CertificateValidationOption>
    Configuration block used to specify information about the initial validation of each domain name. Detailed below.

    • Importing an existing certificate
    CertificateAuthorityArn string
    ARN of an ACM PCA
    CertificateBody string
    Certificate's PEM-formatted public key
    CertificateChain string
    Certificate's PEM-formatted chain

    • Creating a private CA issued certificate
    DomainName string
    Fully qualified domain name (FQDN) in the certificate.
    EarlyRenewalDuration string
    Amount of time to start automatic renewal process before expiration. Has no effect if less than 60 days. Represented by either a subset of RFC 3339 duration supporting years, months, and days (e.g., P90D), or a string such as 2160h.
    KeyAlgorithm string
    Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
    Options CertificateOptionsArgs
    Configuration block used to set certificate options. Detailed below.
    PrivateKey string
    Certificate's PEM-formatted private key
    SubjectAlternativeNames []string
    Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([])
    Tags map[string]string
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    ValidationMethod string
    Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi.
    ValidationOptions []CertificateValidationOptionArgs
    Configuration block used to specify information about the initial validation of each domain name. Detailed below.

    • Importing an existing certificate
    certificateAuthorityArn String
    ARN of an ACM PCA
    certificateBody String
    Certificate's PEM-formatted public key
    certificateChain String
    Certificate's PEM-formatted chain

    • Creating a private CA issued certificate
    domainName String
    Fully qualified domain name (FQDN) in the certificate.
    earlyRenewalDuration String
    Amount of time to start automatic renewal process before expiration. Has no effect if less than 60 days. Represented by either a subset of RFC 3339 duration supporting years, months, and days (e.g., P90D), or a string such as 2160h.
    keyAlgorithm String
    Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
    options CertificateOptions
    Configuration block used to set certificate options. Detailed below.
    privateKey String
    Certificate's PEM-formatted private key
    subjectAlternativeNames List<String>
    Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([])
    tags Map<String,String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    validationMethod String
    Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi.
    validationOptions List<CertificateValidationOption>
    Configuration block used to specify information about the initial validation of each domain name. Detailed below.

    • Importing an existing certificate
    certificateAuthorityArn string
    ARN of an ACM PCA
    certificateBody string
    Certificate's PEM-formatted public key
    certificateChain string
    Certificate's PEM-formatted chain

    • Creating a private CA issued certificate
    domainName string
    Fully qualified domain name (FQDN) in the certificate.
    earlyRenewalDuration string
    Amount of time to start automatic renewal process before expiration. Has no effect if less than 60 days. Represented by either a subset of RFC 3339 duration supporting years, months, and days (e.g., P90D), or a string such as 2160h.
    keyAlgorithm string
    Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
    options CertificateOptions
    Configuration block used to set certificate options. Detailed below.
    privateKey string
    Certificate's PEM-formatted private key
    subjectAlternativeNames string[]
    Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([])
    tags {[key: string]: string}
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    validationMethod string
    Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi.
    validationOptions CertificateValidationOption[]
    Configuration block used to specify information about the initial validation of each domain name. Detailed below.

    • Importing an existing certificate
    certificate_authority_arn str
    ARN of an ACM PCA
    certificate_body str
    Certificate's PEM-formatted public key
    certificate_chain str
    Certificate's PEM-formatted chain

    • Creating a private CA issued certificate
    domain_name str
    Fully qualified domain name (FQDN) in the certificate.
    early_renewal_duration str
    Amount of time to start automatic renewal process before expiration. Has no effect if less than 60 days. Represented by either a subset of RFC 3339 duration supporting years, months, and days (e.g., P90D), or a string such as 2160h.
    key_algorithm str
    Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
    options CertificateOptionsArgs
    Configuration block used to set certificate options. Detailed below.
    private_key str
    Certificate's PEM-formatted private key
    subject_alternative_names Sequence[str]
    Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([])
    tags Mapping[str, str]
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    validation_method str
    Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi.
    validation_options Sequence[CertificateValidationOptionArgs]
    Configuration block used to specify information about the initial validation of each domain name. Detailed below.

    • Importing an existing certificate
    certificateAuthorityArn String
    ARN of an ACM PCA
    certificateBody String
    Certificate's PEM-formatted public key
    certificateChain String
    Certificate's PEM-formatted chain

    • Creating a private CA issued certificate
    domainName String
    Fully qualified domain name (FQDN) in the certificate.
    earlyRenewalDuration String
    Amount of time to start automatic renewal process before expiration. Has no effect if less than 60 days. Represented by either a subset of RFC 3339 duration supporting years, months, and days (e.g., P90D), or a string such as 2160h.
    keyAlgorithm String
    Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
    options Property Map
    Configuration block used to set certificate options. Detailed below.
    privateKey String
    Certificate's PEM-formatted private key
    subjectAlternativeNames List<String>
    Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([])
    tags Map<String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    validationMethod String
    Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi.
    validationOptions List<Property Map>
    Configuration block used to specify information about the initial validation of each domain name. Detailed below.

    • Importing an existing certificate

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

    Arn string
    ARN of the certificate
    DomainValidationOptions List<CertificateDomainValidationOption>
    Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.
    Id string
    The provider-assigned unique ID for this managed resource.
    NotAfter string
    Expiration date and time of the certificate.
    NotBefore string
    Start of the validity period of the certificate.
    PendingRenewal bool
    true if a Private certificate eligible for managed renewal is within the early_renewal_duration period.
    RenewalEligibility string
    Whether the certificate is eligible for managed renewal.
    RenewalSummaries List<CertificateRenewalSummary>
    Contains information about the status of ACM's managed renewal for the certificate.
    Status string
    Status of the certificate.
    TagsAll Dictionary<string, string>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    Type string
    Source of the certificate.
    ValidationEmails List<string>
    List of addresses that received a validation email. Only set if EMAIL validation was used.
    Arn string
    ARN of the certificate
    DomainValidationOptions []CertificateDomainValidationOption
    Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.
    Id string
    The provider-assigned unique ID for this managed resource.
    NotAfter string
    Expiration date and time of the certificate.
    NotBefore string
    Start of the validity period of the certificate.
    PendingRenewal bool
    true if a Private certificate eligible for managed renewal is within the early_renewal_duration period.
    RenewalEligibility string
    Whether the certificate is eligible for managed renewal.
    RenewalSummaries []CertificateRenewalSummary
    Contains information about the status of ACM's managed renewal for the certificate.
    Status string
    Status of the certificate.
    TagsAll map[string]string
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    Type string
    Source of the certificate.
    ValidationEmails []string
    List of addresses that received a validation email. Only set if EMAIL validation was used.
    arn String
    ARN of the certificate
    domainValidationOptions List<CertificateDomainValidationOption>
    Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.
    id String
    The provider-assigned unique ID for this managed resource.
    notAfter String
    Expiration date and time of the certificate.
    notBefore String
    Start of the validity period of the certificate.
    pendingRenewal Boolean
    true if a Private certificate eligible for managed renewal is within the early_renewal_duration period.
    renewalEligibility String
    Whether the certificate is eligible for managed renewal.
    renewalSummaries List<CertificateRenewalSummary>
    Contains information about the status of ACM's managed renewal for the certificate.
    status String
    Status of the certificate.
    tagsAll Map<String,String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    type String
    Source of the certificate.
    validationEmails List<String>
    List of addresses that received a validation email. Only set if EMAIL validation was used.
    arn string
    ARN of the certificate
    domainValidationOptions CertificateDomainValidationOption[]
    Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.
    id string
    The provider-assigned unique ID for this managed resource.
    notAfter string
    Expiration date and time of the certificate.
    notBefore string
    Start of the validity period of the certificate.
    pendingRenewal boolean
    true if a Private certificate eligible for managed renewal is within the early_renewal_duration period.
    renewalEligibility string
    Whether the certificate is eligible for managed renewal.
    renewalSummaries CertificateRenewalSummary[]
    Contains information about the status of ACM's managed renewal for the certificate.
    status string
    Status of the certificate.
    tagsAll {[key: string]: string}
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    type string
    Source of the certificate.
    validationEmails string[]
    List of addresses that received a validation email. Only set if EMAIL validation was used.
    arn str
    ARN of the certificate
    domain_validation_options Sequence[CertificateDomainValidationOption]
    Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.
    id str
    The provider-assigned unique ID for this managed resource.
    not_after str
    Expiration date and time of the certificate.
    not_before str
    Start of the validity period of the certificate.
    pending_renewal bool
    true if a Private certificate eligible for managed renewal is within the early_renewal_duration period.
    renewal_eligibility str
    Whether the certificate is eligible for managed renewal.
    renewal_summaries Sequence[CertificateRenewalSummary]
    Contains information about the status of ACM's managed renewal for the certificate.
    status str
    Status of the certificate.
    tags_all Mapping[str, str]
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    type str
    Source of the certificate.
    validation_emails Sequence[str]
    List of addresses that received a validation email. Only set if EMAIL validation was used.
    arn String
    ARN of the certificate
    domainValidationOptions List<Property Map>
    Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.
    id String
    The provider-assigned unique ID for this managed resource.
    notAfter String
    Expiration date and time of the certificate.
    notBefore String
    Start of the validity period of the certificate.
    pendingRenewal Boolean
    true if a Private certificate eligible for managed renewal is within the early_renewal_duration period.
    renewalEligibility String
    Whether the certificate is eligible for managed renewal.
    renewalSummaries List<Property Map>
    Contains information about the status of ACM's managed renewal for the certificate.
    status String
    Status of the certificate.
    tagsAll Map<String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    type String
    Source of the certificate.
    validationEmails List<String>
    List of addresses that received a validation email. Only set if EMAIL validation was used.

    Look up Existing Certificate Resource

    Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            certificate_authority_arn: Optional[str] = None,
            certificate_body: Optional[str] = None,
            certificate_chain: Optional[str] = None,
            domain_name: Optional[str] = None,
            domain_validation_options: Optional[Sequence[CertificateDomainValidationOptionArgs]] = None,
            early_renewal_duration: Optional[str] = None,
            key_algorithm: Optional[str] = None,
            not_after: Optional[str] = None,
            not_before: Optional[str] = None,
            options: Optional[CertificateOptionsArgs] = None,
            pending_renewal: Optional[bool] = None,
            private_key: Optional[str] = None,
            renewal_eligibility: Optional[str] = None,
            renewal_summaries: Optional[Sequence[CertificateRenewalSummaryArgs]] = None,
            status: Optional[str] = None,
            subject_alternative_names: Optional[Sequence[str]] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            type: Optional[str] = None,
            validation_emails: Optional[Sequence[str]] = None,
            validation_method: Optional[str] = None,
            validation_options: Optional[Sequence[CertificateValidationOptionArgs]] = None) -> Certificate
    func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)
    public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)
    public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    ARN of the certificate
    CertificateAuthorityArn string
    ARN of an ACM PCA
    CertificateBody string
    Certificate's PEM-formatted public key
    CertificateChain string
    Certificate's PEM-formatted chain

    • Creating a private CA issued certificate
    DomainName string
    Fully qualified domain name (FQDN) in the certificate.
    DomainValidationOptions List<CertificateDomainValidationOption>
    Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.
    EarlyRenewalDuration string
    Amount of time to start automatic renewal process before expiration. Has no effect if less than 60 days. Represented by either a subset of RFC 3339 duration supporting years, months, and days (e.g., P90D), or a string such as 2160h.
    KeyAlgorithm string
    Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
    NotAfter string
    Expiration date and time of the certificate.
    NotBefore string
    Start of the validity period of the certificate.
    Options CertificateOptions
    Configuration block used to set certificate options. Detailed below.
    PendingRenewal bool
    true if a Private certificate eligible for managed renewal is within the early_renewal_duration period.
    PrivateKey string
    Certificate's PEM-formatted private key
    RenewalEligibility string
    Whether the certificate is eligible for managed renewal.
    RenewalSummaries List<CertificateRenewalSummary>
    Contains information about the status of ACM's managed renewal for the certificate.
    Status string
    Status of the certificate.
    SubjectAlternativeNames List<string>
    Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([])
    Tags Dictionary<string, string>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    Type string
    Source of the certificate.
    ValidationEmails List<string>
    List of addresses that received a validation email. Only set if EMAIL validation was used.
    ValidationMethod string
    Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi.
    ValidationOptions List<CertificateValidationOption>
    Configuration block used to specify information about the initial validation of each domain name. Detailed below.

    • Importing an existing certificate
    Arn string
    ARN of the certificate
    CertificateAuthorityArn string
    ARN of an ACM PCA
    CertificateBody string
    Certificate's PEM-formatted public key
    CertificateChain string
    Certificate's PEM-formatted chain

    • Creating a private CA issued certificate
    DomainName string
    Fully qualified domain name (FQDN) in the certificate.
    DomainValidationOptions []CertificateDomainValidationOptionArgs
    Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.
    EarlyRenewalDuration string
    Amount of time to start automatic renewal process before expiration. Has no effect if less than 60 days. Represented by either a subset of RFC 3339 duration supporting years, months, and days (e.g., P90D), or a string such as 2160h.
    KeyAlgorithm string
    Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
    NotAfter string
    Expiration date and time of the certificate.
    NotBefore string
    Start of the validity period of the certificate.
    Options CertificateOptionsArgs
    Configuration block used to set certificate options. Detailed below.
    PendingRenewal bool
    true if a Private certificate eligible for managed renewal is within the early_renewal_duration period.
    PrivateKey string
    Certificate's PEM-formatted private key
    RenewalEligibility string
    Whether the certificate is eligible for managed renewal.
    RenewalSummaries []CertificateRenewalSummaryArgs
    Contains information about the status of ACM's managed renewal for the certificate.
    Status string
    Status of the certificate.
    SubjectAlternativeNames []string
    Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([])
    Tags map[string]string
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    Type string
    Source of the certificate.
    ValidationEmails []string
    List of addresses that received a validation email. Only set if EMAIL validation was used.
    ValidationMethod string
    Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi.
    ValidationOptions []CertificateValidationOptionArgs
    Configuration block used to specify information about the initial validation of each domain name. Detailed below.

    • Importing an existing certificate
    arn String
    ARN of the certificate
    certificateAuthorityArn String
    ARN of an ACM PCA
    certificateBody String
    Certificate's PEM-formatted public key
    certificateChain String
    Certificate's PEM-formatted chain

    • Creating a private CA issued certificate
    domainName String
    Fully qualified domain name (FQDN) in the certificate.
    domainValidationOptions List<CertificateDomainValidationOption>
    Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.
    earlyRenewalDuration String
    Amount of time to start automatic renewal process before expiration. Has no effect if less than 60 days. Represented by either a subset of RFC 3339 duration supporting years, months, and days (e.g., P90D), or a string such as 2160h.
    keyAlgorithm String
    Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
    notAfter String
    Expiration date and time of the certificate.
    notBefore String
    Start of the validity period of the certificate.
    options CertificateOptions
    Configuration block used to set certificate options. Detailed below.
    pendingRenewal Boolean
    true if a Private certificate eligible for managed renewal is within the early_renewal_duration period.
    privateKey String
    Certificate's PEM-formatted private key
    renewalEligibility String
    Whether the certificate is eligible for managed renewal.
    renewalSummaries List<CertificateRenewalSummary>
    Contains information about the status of ACM's managed renewal for the certificate.
    status String
    Status of the certificate.
    subjectAlternativeNames List<String>
    Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([])
    tags Map<String,String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    type String
    Source of the certificate.
    validationEmails List<String>
    List of addresses that received a validation email. Only set if EMAIL validation was used.
    validationMethod String
    Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi.
    validationOptions List<CertificateValidationOption>
    Configuration block used to specify information about the initial validation of each domain name. Detailed below.

    • Importing an existing certificate
    arn string
    ARN of the certificate
    certificateAuthorityArn string
    ARN of an ACM PCA
    certificateBody string
    Certificate's PEM-formatted public key
    certificateChain string
    Certificate's PEM-formatted chain

    • Creating a private CA issued certificate
    domainName string
    Fully qualified domain name (FQDN) in the certificate.
    domainValidationOptions CertificateDomainValidationOption[]
    Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.
    earlyRenewalDuration string
    Amount of time to start automatic renewal process before expiration. Has no effect if less than 60 days. Represented by either a subset of RFC 3339 duration supporting years, months, and days (e.g., P90D), or a string such as 2160h.
    keyAlgorithm string
    Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
    notAfter string
    Expiration date and time of the certificate.
    notBefore string
    Start of the validity period of the certificate.
    options CertificateOptions
    Configuration block used to set certificate options. Detailed below.
    pendingRenewal boolean
    true if a Private certificate eligible for managed renewal is within the early_renewal_duration period.
    privateKey string
    Certificate's PEM-formatted private key
    renewalEligibility string
    Whether the certificate is eligible for managed renewal.
    renewalSummaries CertificateRenewalSummary[]
    Contains information about the status of ACM's managed renewal for the certificate.
    status string
    Status of the certificate.
    subjectAlternativeNames string[]
    Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([])
    tags {[key: string]: string}
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    type string
    Source of the certificate.
    validationEmails string[]
    List of addresses that received a validation email. Only set if EMAIL validation was used.
    validationMethod string
    Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi.
    validationOptions CertificateValidationOption[]
    Configuration block used to specify information about the initial validation of each domain name. Detailed below.

    • Importing an existing certificate
    arn str
    ARN of the certificate
    certificate_authority_arn str
    ARN of an ACM PCA
    certificate_body str
    Certificate's PEM-formatted public key
    certificate_chain str
    Certificate's PEM-formatted chain

    • Creating a private CA issued certificate
    domain_name str
    Fully qualified domain name (FQDN) in the certificate.
    domain_validation_options Sequence[CertificateDomainValidationOptionArgs]
    Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.
    early_renewal_duration str
    Amount of time to start automatic renewal process before expiration. Has no effect if less than 60 days. Represented by either a subset of RFC 3339 duration supporting years, months, and days (e.g., P90D), or a string such as 2160h.
    key_algorithm str
    Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
    not_after str
    Expiration date and time of the certificate.
    not_before str
    Start of the validity period of the certificate.
    options CertificateOptionsArgs
    Configuration block used to set certificate options. Detailed below.
    pending_renewal bool
    true if a Private certificate eligible for managed renewal is within the early_renewal_duration period.
    private_key str
    Certificate's PEM-formatted private key
    renewal_eligibility str
    Whether the certificate is eligible for managed renewal.
    renewal_summaries Sequence[CertificateRenewalSummaryArgs]
    Contains information about the status of ACM's managed renewal for the certificate.
    status str
    Status of the certificate.
    subject_alternative_names Sequence[str]
    Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([])
    tags Mapping[str, str]
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    type str
    Source of the certificate.
    validation_emails Sequence[str]
    List of addresses that received a validation email. Only set if EMAIL validation was used.
    validation_method str
    Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi.
    validation_options Sequence[CertificateValidationOptionArgs]
    Configuration block used to specify information about the initial validation of each domain name. Detailed below.

    • Importing an existing certificate
    arn String
    ARN of the certificate
    certificateAuthorityArn String
    ARN of an ACM PCA
    certificateBody String
    Certificate's PEM-formatted public key
    certificateChain String
    Certificate's PEM-formatted chain

    • Creating a private CA issued certificate
    domainName String
    Fully qualified domain name (FQDN) in the certificate.
    domainValidationOptions List<Property Map>
    Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if DNS-validation was used.
    earlyRenewalDuration String
    Amount of time to start automatic renewal process before expiration. Has no effect if less than 60 days. Represented by either a subset of RFC 3339 duration supporting years, months, and days (e.g., P90D), or a string such as 2160h.
    keyAlgorithm String
    Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See ACM Certificate characteristics for more details.
    notAfter String
    Expiration date and time of the certificate.
    notBefore String
    Start of the validity period of the certificate.
    options Property Map
    Configuration block used to set certificate options. Detailed below.
    pendingRenewal Boolean
    true if a Private certificate eligible for managed renewal is within the early_renewal_duration period.
    privateKey String
    Certificate's PEM-formatted private key
    renewalEligibility String
    Whether the certificate is eligible for managed renewal.
    renewalSummaries List<Property Map>
    Contains information about the status of ACM's managed renewal for the certificate.
    status String
    Status of the certificate.
    subjectAlternativeNames List<String>
    Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list ([])
    tags Map<String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    type String
    Source of the certificate.
    validationEmails List<String>
    List of addresses that received a validation email. Only set if EMAIL validation was used.
    validationMethod String
    Which method to use for validation. DNS or EMAIL are valid. This parameter must not be set for certificates that were imported into ACM and then into Pulumi.
    validationOptions List<Property Map>
    Configuration block used to specify information about the initial validation of each domain name. Detailed below.

    • Importing an existing certificate

    Supporting Types

    CertificateDomainValidationOption, CertificateDomainValidationOptionArgs

    DomainName string
    Fully qualified domain name (FQDN) in the certificate.
    ResourceRecordName string
    The name of the DNS record to create to validate the certificate
    ResourceRecordType string
    The type of DNS record to create
    ResourceRecordValue string
    The value the DNS record needs to have
    DomainName string
    Fully qualified domain name (FQDN) in the certificate.
    ResourceRecordName string
    The name of the DNS record to create to validate the certificate
    ResourceRecordType string
    The type of DNS record to create
    ResourceRecordValue string
    The value the DNS record needs to have
    domainName String
    Fully qualified domain name (FQDN) in the certificate.
    resourceRecordName String
    The name of the DNS record to create to validate the certificate
    resourceRecordType String
    The type of DNS record to create
    resourceRecordValue String
    The value the DNS record needs to have
    domainName string
    Fully qualified domain name (FQDN) in the certificate.
    resourceRecordName string
    The name of the DNS record to create to validate the certificate
    resourceRecordType string
    The type of DNS record to create
    resourceRecordValue string
    The value the DNS record needs to have
    domain_name str
    Fully qualified domain name (FQDN) in the certificate.
    resource_record_name str
    The name of the DNS record to create to validate the certificate
    resource_record_type str
    The type of DNS record to create
    resource_record_value str
    The value the DNS record needs to have
    domainName String
    Fully qualified domain name (FQDN) in the certificate.
    resourceRecordName String
    The name of the DNS record to create to validate the certificate
    resourceRecordType String
    The type of DNS record to create
    resourceRecordValue String
    The value the DNS record needs to have

    CertificateOptions, CertificateOptionsArgs

    CertificateTransparencyLoggingPreference string
    Whether certificate details should be added to a certificate transparency log. Valid values are ENABLED or DISABLED. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.
    CertificateTransparencyLoggingPreference string
    Whether certificate details should be added to a certificate transparency log. Valid values are ENABLED or DISABLED. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.
    certificateTransparencyLoggingPreference String
    Whether certificate details should be added to a certificate transparency log. Valid values are ENABLED or DISABLED. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.
    certificateTransparencyLoggingPreference string
    Whether certificate details should be added to a certificate transparency log. Valid values are ENABLED or DISABLED. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.
    certificate_transparency_logging_preference str
    Whether certificate details should be added to a certificate transparency log. Valid values are ENABLED or DISABLED. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.
    certificateTransparencyLoggingPreference String
    Whether certificate details should be added to a certificate transparency log. Valid values are ENABLED or DISABLED. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.

    CertificateRenewalSummary, CertificateRenewalSummaryArgs

    RenewalStatus string
    The status of ACM's managed renewal of the certificate
    RenewalStatusReason string
    The reason that a renewal request was unsuccessful or is pending
    UpdatedAt string
    RenewalStatus string
    The status of ACM's managed renewal of the certificate
    RenewalStatusReason string
    The reason that a renewal request was unsuccessful or is pending
    UpdatedAt string
    renewalStatus String
    The status of ACM's managed renewal of the certificate
    renewalStatusReason String
    The reason that a renewal request was unsuccessful or is pending
    updatedAt String
    renewalStatus string
    The status of ACM's managed renewal of the certificate
    renewalStatusReason string
    The reason that a renewal request was unsuccessful or is pending
    updatedAt string
    renewal_status str
    The status of ACM's managed renewal of the certificate
    renewal_status_reason str
    The reason that a renewal request was unsuccessful or is pending
    updated_at str
    renewalStatus String
    The status of ACM's managed renewal of the certificate
    renewalStatusReason String
    The reason that a renewal request was unsuccessful or is pending
    updatedAt String

    CertificateValidationOption, CertificateValidationOptionArgs

    DomainName string
    Fully qualified domain name (FQDN) in the certificate.
    ValidationDomain string
    Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the domain_name value or a superdomain of the domain_name value. For example, if you request a certificate for "testing.example.com", you can specify "example.com" for this value.
    DomainName string
    Fully qualified domain name (FQDN) in the certificate.
    ValidationDomain string
    Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the domain_name value or a superdomain of the domain_name value. For example, if you request a certificate for "testing.example.com", you can specify "example.com" for this value.
    domainName String
    Fully qualified domain name (FQDN) in the certificate.
    validationDomain String
    Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the domain_name value or a superdomain of the domain_name value. For example, if you request a certificate for "testing.example.com", you can specify "example.com" for this value.
    domainName string
    Fully qualified domain name (FQDN) in the certificate.
    validationDomain string
    Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the domain_name value or a superdomain of the domain_name value. For example, if you request a certificate for "testing.example.com", you can specify "example.com" for this value.
    domain_name str
    Fully qualified domain name (FQDN) in the certificate.
    validation_domain str
    Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the domain_name value or a superdomain of the domain_name value. For example, if you request a certificate for "testing.example.com", you can specify "example.com" for this value.
    domainName String
    Fully qualified domain name (FQDN) in the certificate.
    validationDomain String
    Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the domain_name value or a superdomain of the domain_name value. For example, if you request a certificate for "testing.example.com", you can specify "example.com" for this value.

    Import

    Using pulumi import, import certificates using their ARN. For example:

     $ pulumi import aws:acm/certificate:Certificate cert arn:aws:acm:eu-central-1:123456789012:certificate/7e7a28d2-163f-4b8f-b9cd-822f96c08d6a
    

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.24.0 published on Tuesday, Feb 27, 2024 by Pulumi