1. Packages
  2. AWS Classic
  3. API Docs
  4. acm
  5. getCertificate

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.41.0 published on Tuesday, Jun 18, 2024 by Pulumi

aws.acm.getCertificate

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.41.0 published on Tuesday, Jun 18, 2024 by Pulumi

    Use this data source to get the ARN of a certificate in AWS Certificate Manager (ACM), you can reference it by domain without having to hard code the ARNs as input.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    // Find a certificate that is issued
    const issued = aws.acm.getCertificate({
        domain: "tf.example.com",
        statuses: ["ISSUED"],
    });
    // Find a certificate issued by (not imported into) ACM
    const amazonIssued = aws.acm.getCertificate({
        domain: "tf.example.com",
        types: ["AMAZON_ISSUED"],
        mostRecent: true,
    });
    // Find a RSA 4096 bit certificate
    const rsa4096 = aws.acm.getCertificate({
        domain: "tf.example.com",
        keyTypes: ["RSA_4096"],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    # Find a certificate that is issued
    issued = aws.acm.get_certificate(domain="tf.example.com",
        statuses=["ISSUED"])
    # Find a certificate issued by (not imported into) ACM
    amazon_issued = aws.acm.get_certificate(domain="tf.example.com",
        types=["AMAZON_ISSUED"],
        most_recent=True)
    # Find a RSA 4096 bit certificate
    rsa4096 = aws.acm.get_certificate(domain="tf.example.com",
        key_types=["RSA_4096"])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acm"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		// Find a certificate that is issued
    		_, err := acm.LookupCertificate(ctx, &acm.LookupCertificateArgs{
    			Domain: "tf.example.com",
    			Statuses: []string{
    				"ISSUED",
    			},
    		}, nil)
    		if err != nil {
    			return err
    		}
    		// Find a certificate issued by (not imported into) ACM
    		_, err = acm.LookupCertificate(ctx, &acm.LookupCertificateArgs{
    			Domain: "tf.example.com",
    			Types: []string{
    				"AMAZON_ISSUED",
    			},
    			MostRecent: pulumi.BoolRef(true),
    		}, nil)
    		if err != nil {
    			return err
    		}
    		// Find a RSA 4096 bit certificate
    		_, err = acm.LookupCertificate(ctx, &acm.LookupCertificateArgs{
    			Domain: "tf.example.com",
    			KeyTypes: []string{
    				"RSA_4096",
    			},
    		}, nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        // Find a certificate that is issued
        var issued = Aws.Acm.GetCertificate.Invoke(new()
        {
            Domain = "tf.example.com",
            Statuses = new[]
            {
                "ISSUED",
            },
        });
    
        // Find a certificate issued by (not imported into) ACM
        var amazonIssued = Aws.Acm.GetCertificate.Invoke(new()
        {
            Domain = "tf.example.com",
            Types = new[]
            {
                "AMAZON_ISSUED",
            },
            MostRecent = true,
        });
    
        // Find a RSA 4096 bit certificate
        var rsa4096 = Aws.Acm.GetCertificate.Invoke(new()
        {
            Domain = "tf.example.com",
            KeyTypes = new[]
            {
                "RSA_4096",
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.acm.AcmFunctions;
    import com.pulumi.aws.acm.inputs.GetCertificateArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            // Find a certificate that is issued
            final var issued = AcmFunctions.getCertificate(GetCertificateArgs.builder()
                .domain("tf.example.com")
                .statuses("ISSUED")
                .build());
    
            // Find a certificate issued by (not imported into) ACM
            final var amazonIssued = AcmFunctions.getCertificate(GetCertificateArgs.builder()
                .domain("tf.example.com")
                .types("AMAZON_ISSUED")
                .mostRecent(true)
                .build());
    
            // Find a RSA 4096 bit certificate
            final var rsa4096 = AcmFunctions.getCertificate(GetCertificateArgs.builder()
                .domain("tf.example.com")
                .keyTypes("RSA_4096")
                .build());
    
        }
    }
    
    variables:
      # Find a certificate that is issued
      issued:
        fn::invoke:
          Function: aws:acm:getCertificate
          Arguments:
            domain: tf.example.com
            statuses:
              - ISSUED
      # Find a certificate issued by (not imported into) ACM
      amazonIssued:
        fn::invoke:
          Function: aws:acm:getCertificate
          Arguments:
            domain: tf.example.com
            types:
              - AMAZON_ISSUED
            mostRecent: true
      # Find a RSA 4096 bit certificate
      rsa4096:
        fn::invoke:
          Function: aws:acm:getCertificate
          Arguments:
            domain: tf.example.com
            keyTypes:
              - RSA_4096
    

    Using getCertificate

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getCertificate(args: GetCertificateArgs, opts?: InvokeOptions): Promise<GetCertificateResult>
    function getCertificateOutput(args: GetCertificateOutputArgs, opts?: InvokeOptions): Output<GetCertificateResult>
    def get_certificate(domain: Optional[str] = None,
                        key_types: Optional[Sequence[str]] = None,
                        most_recent: Optional[bool] = None,
                        statuses: Optional[Sequence[str]] = None,
                        tags: Optional[Mapping[str, str]] = None,
                        types: Optional[Sequence[str]] = None,
                        opts: Optional[InvokeOptions] = None) -> GetCertificateResult
    def get_certificate_output(domain: Optional[pulumi.Input[str]] = None,
                        key_types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                        most_recent: Optional[pulumi.Input[bool]] = None,
                        statuses: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                        tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
                        types: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None,
                        opts: Optional[InvokeOptions] = None) -> Output[GetCertificateResult]
    func LookupCertificate(ctx *Context, args *LookupCertificateArgs, opts ...InvokeOption) (*LookupCertificateResult, error)
    func LookupCertificateOutput(ctx *Context, args *LookupCertificateOutputArgs, opts ...InvokeOption) LookupCertificateResultOutput

    > Note: This function is named LookupCertificate in the Go SDK.

    public static class GetCertificate 
    {
        public static Task<GetCertificateResult> InvokeAsync(GetCertificateArgs args, InvokeOptions? opts = null)
        public static Output<GetCertificateResult> Invoke(GetCertificateInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetCertificateResult> getCertificate(GetCertificateArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: aws:acm/getCertificate:getCertificate
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Domain string
    Domain of the certificate to look up. If no certificate is found with this name, an error will be returned.
    KeyTypes List<string>
    List of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. See the ACM API Reference for supported key algorithms.
    MostRecent bool
    If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.
    Statuses List<string>
    List of statuses on which to filter the returned list. Valid values are PENDING_VALIDATION, ISSUED, INACTIVE, EXPIRED, VALIDATION_TIMED_OUT, REVOKED and FAILED. If no value is specified, only certificates in the ISSUED state are returned.
    Tags Dictionary<string, string>
    Mapping of tags for the resource.
    Types List<string>
    List of types on which to filter the returned list. Valid values are AMAZON_ISSUED, PRIVATE, and IMPORTED.
    Domain string
    Domain of the certificate to look up. If no certificate is found with this name, an error will be returned.
    KeyTypes []string
    List of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. See the ACM API Reference for supported key algorithms.
    MostRecent bool
    If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.
    Statuses []string
    List of statuses on which to filter the returned list. Valid values are PENDING_VALIDATION, ISSUED, INACTIVE, EXPIRED, VALIDATION_TIMED_OUT, REVOKED and FAILED. If no value is specified, only certificates in the ISSUED state are returned.
    Tags map[string]string
    Mapping of tags for the resource.
    Types []string
    List of types on which to filter the returned list. Valid values are AMAZON_ISSUED, PRIVATE, and IMPORTED.
    domain String
    Domain of the certificate to look up. If no certificate is found with this name, an error will be returned.
    keyTypes List<String>
    List of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. See the ACM API Reference for supported key algorithms.
    mostRecent Boolean
    If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.
    statuses List<String>
    List of statuses on which to filter the returned list. Valid values are PENDING_VALIDATION, ISSUED, INACTIVE, EXPIRED, VALIDATION_TIMED_OUT, REVOKED and FAILED. If no value is specified, only certificates in the ISSUED state are returned.
    tags Map<String,String>
    Mapping of tags for the resource.
    types List<String>
    List of types on which to filter the returned list. Valid values are AMAZON_ISSUED, PRIVATE, and IMPORTED.
    domain string
    Domain of the certificate to look up. If no certificate is found with this name, an error will be returned.
    keyTypes string[]
    List of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. See the ACM API Reference for supported key algorithms.
    mostRecent boolean
    If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.
    statuses string[]
    List of statuses on which to filter the returned list. Valid values are PENDING_VALIDATION, ISSUED, INACTIVE, EXPIRED, VALIDATION_TIMED_OUT, REVOKED and FAILED. If no value is specified, only certificates in the ISSUED state are returned.
    tags {[key: string]: string}
    Mapping of tags for the resource.
    types string[]
    List of types on which to filter the returned list. Valid values are AMAZON_ISSUED, PRIVATE, and IMPORTED.
    domain str
    Domain of the certificate to look up. If no certificate is found with this name, an error will be returned.
    key_types Sequence[str]
    List of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. See the ACM API Reference for supported key algorithms.
    most_recent bool
    If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.
    statuses Sequence[str]
    List of statuses on which to filter the returned list. Valid values are PENDING_VALIDATION, ISSUED, INACTIVE, EXPIRED, VALIDATION_TIMED_OUT, REVOKED and FAILED. If no value is specified, only certificates in the ISSUED state are returned.
    tags Mapping[str, str]
    Mapping of tags for the resource.
    types Sequence[str]
    List of types on which to filter the returned list. Valid values are AMAZON_ISSUED, PRIVATE, and IMPORTED.
    domain String
    Domain of the certificate to look up. If no certificate is found with this name, an error will be returned.
    keyTypes List<String>
    List of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. See the ACM API Reference for supported key algorithms.
    mostRecent Boolean
    If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.
    statuses List<String>
    List of statuses on which to filter the returned list. Valid values are PENDING_VALIDATION, ISSUED, INACTIVE, EXPIRED, VALIDATION_TIMED_OUT, REVOKED and FAILED. If no value is specified, only certificates in the ISSUED state are returned.
    tags Map<String>
    Mapping of tags for the resource.
    types List<String>
    List of types on which to filter the returned list. Valid values are AMAZON_ISSUED, PRIVATE, and IMPORTED.

    getCertificate Result

    The following output properties are available:

    Arn string
    ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.
    Certificate string
    ACM-issued certificate.
    CertificateChain string
    Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
    Domain string
    Id string
    The provider-assigned unique ID for this managed resource.
    Status string
    Status of the found certificate.
    Tags Dictionary<string, string>
    Mapping of tags for the resource.
    KeyTypes List<string>
    MostRecent bool
    Statuses List<string>
    Types List<string>
    Arn string
    ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.
    Certificate string
    ACM-issued certificate.
    CertificateChain string
    Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
    Domain string
    Id string
    The provider-assigned unique ID for this managed resource.
    Status string
    Status of the found certificate.
    Tags map[string]string
    Mapping of tags for the resource.
    KeyTypes []string
    MostRecent bool
    Statuses []string
    Types []string
    arn String
    ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.
    certificate String
    ACM-issued certificate.
    certificateChain String
    Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
    domain String
    id String
    The provider-assigned unique ID for this managed resource.
    status String
    Status of the found certificate.
    tags Map<String,String>
    Mapping of tags for the resource.
    keyTypes List<String>
    mostRecent Boolean
    statuses List<String>
    types List<String>
    arn string
    ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.
    certificate string
    ACM-issued certificate.
    certificateChain string
    Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
    domain string
    id string
    The provider-assigned unique ID for this managed resource.
    status string
    Status of the found certificate.
    tags {[key: string]: string}
    Mapping of tags for the resource.
    keyTypes string[]
    mostRecent boolean
    statuses string[]
    types string[]
    arn str
    ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.
    certificate str
    ACM-issued certificate.
    certificate_chain str
    Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
    domain str
    id str
    The provider-assigned unique ID for this managed resource.
    status str
    Status of the found certificate.
    tags Mapping[str, str]
    Mapping of tags for the resource.
    key_types Sequence[str]
    most_recent bool
    statuses Sequence[str]
    types Sequence[str]
    arn String
    ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.
    certificate String
    ACM-issued certificate.
    certificateChain String
    Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
    domain String
    id String
    The provider-assigned unique ID for this managed resource.
    status String
    Status of the found certificate.
    tags Map<String>
    Mapping of tags for the resource.
    keyTypes List<String>
    mostRecent Boolean
    statuses List<String>
    types List<String>

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.41.0 published on Tuesday, Jun 18, 2024 by Pulumi