aws logo
AWS Classic v5.33.0, Mar 24 23

aws.acmpca.Certificate

Provides a resource to issue a certificate using AWS Certificate Manager Private Certificate Authority (ACM PCA).

Certificates created using aws.acmpca.Certificate are not eligible for automatic renewal, and must be replaced instead. To issue a renewable certificate using an ACM PCA, create a aws.acm.Certificate with the parameter certificate_authority_arn.

Example Usage

Basic

Coming soon!

Coming soon!

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.CertificateAuthority;
import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
import com.pulumi.tls.PrivateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.CertRequest;
import com.pulumi.tls.CertRequestArgs;
import com.pulumi.tls.inputs.CertRequestSubjectArgs;
import com.pulumi.aws.acmpca.Certificate;
import com.pulumi.aws.acmpca.CertificateArgs;
import com.pulumi.aws.acmpca.inputs.CertificateValidityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleCertificateAuthority = new CertificateAuthority("exampleCertificateAuthority", CertificateAuthorityArgs.builder()        
            .privateCertificateConfiguration(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
            .permanentDeletionTimeInDays(7)
            .build());

        var key = new PrivateKey("key", PrivateKeyArgs.builder()        
            .algorithm("RSA")
            .build());

        var csr = new CertRequest("csr", CertRequestArgs.builder()        
            .keyAlgorithm("RSA")
            .privateKeyPem(key.privateKeyPem())
            .subjects(CertRequestSubjectArgs.builder()
                .commonName("example")
                .build())
            .build());

        var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()        
            .certificateAuthorityArn(exampleCertificateAuthority.arn())
            .certificateSigningRequest(csr.certRequestPem())
            .signingAlgorithm("SHA256WITHRSA")
            .validity(CertificateValidityArgs.builder()
                .type("YEARS")
                .value(1)
                .build())
            .build());

    }
}

Coming soon!

Coming soon!

resources:
  exampleCertificate:
    type: aws:acmpca:Certificate
    properties:
      certificateAuthorityArn: ${exampleCertificateAuthority.arn}
      certificateSigningRequest: ${csr.certRequestPem}
      signingAlgorithm: SHA256WITHRSA
      validity:
        type: YEARS
        value: 1
  exampleCertificateAuthority:
    type: aws:acmpca:CertificateAuthority
    properties:
      privateCertificateConfiguration:
        - keyAlgorithm: RSA_4096
          signingAlgorithm: SHA512WITHRSA
          subject:
            - commonName: example.com
      permanentDeletionTimeInDays: 7
  key:
    type: tls:PrivateKey
    properties:
      algorithm: RSA
  csr:
    type: tls:CertRequest
    properties:
      keyAlgorithm: RSA
      privateKeyPem: ${key.privateKeyPem}
      subjects:
        - commonName: example

Create Certificate Resource

new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);
@overload
def Certificate(resource_name: str,
                opts: Optional[ResourceOptions] = None,
                certificate_authority_arn: Optional[str] = None,
                certificate_signing_request: Optional[str] = None,
                signing_algorithm: Optional[str] = None,
                template_arn: Optional[str] = None,
                validity: Optional[CertificateValidityArgs] = None)
@overload
def Certificate(resource_name: str,
                args: CertificateArgs,
                opts: Optional[ResourceOptions] = None)
func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)
public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)
public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
type: aws:acmpca:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args CertificateArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Certificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Certificate resource accepts the following input properties:

CertificateAuthorityArn string

ARN of the certificate authority.

CertificateSigningRequest string

Certificate Signing Request in PEM format.

SigningAlgorithm string

Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

Validity Pulumi.Aws.Acmpca.Inputs.CertificateValidityArgs

Configures end of the validity period for the certificate. See validity block below.

TemplateArn string

Template to use when issuing a certificate. See ACM PCA Documentation for more information.

CertificateAuthorityArn string

ARN of the certificate authority.

CertificateSigningRequest string

Certificate Signing Request in PEM format.

SigningAlgorithm string

Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

Validity CertificateValidityArgs

Configures end of the validity period for the certificate. See validity block below.

TemplateArn string

Template to use when issuing a certificate. See ACM PCA Documentation for more information.

certificateAuthorityArn String

ARN of the certificate authority.

certificateSigningRequest String

Certificate Signing Request in PEM format.

signingAlgorithm String

Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

validity CertificateValidityArgs

Configures end of the validity period for the certificate. See validity block below.

templateArn String

Template to use when issuing a certificate. See ACM PCA Documentation for more information.

certificateAuthorityArn string

ARN of the certificate authority.

certificateSigningRequest string

Certificate Signing Request in PEM format.

signingAlgorithm string

Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

validity CertificateValidityArgs

Configures end of the validity period for the certificate. See validity block below.

templateArn string

Template to use when issuing a certificate. See ACM PCA Documentation for more information.

certificate_authority_arn str

ARN of the certificate authority.

certificate_signing_request str

Certificate Signing Request in PEM format.

signing_algorithm str

Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

validity CertificateValidityArgs

Configures end of the validity period for the certificate. See validity block below.

template_arn str

Template to use when issuing a certificate. See ACM PCA Documentation for more information.

certificateAuthorityArn String

ARN of the certificate authority.

certificateSigningRequest String

Certificate Signing Request in PEM format.

signingAlgorithm String

Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

validity Property Map

Configures end of the validity period for the certificate. See validity block below.

templateArn String

Template to use when issuing a certificate. See ACM PCA Documentation for more information.

Outputs

All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

Arn string

ARN of the certificate.

CertificateChain string

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

CertificateDetails string

PEM-encoded certificate value.

Id string

The provider-assigned unique ID for this managed resource.

Arn string

ARN of the certificate.

Certificate string

PEM-encoded certificate value.

CertificateChain string

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

Id string

The provider-assigned unique ID for this managed resource.

arn String

ARN of the certificate.

certificate String

PEM-encoded certificate value.

certificateChain String

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

id String

The provider-assigned unique ID for this managed resource.

arn string

ARN of the certificate.

certificate string

PEM-encoded certificate value.

certificateChain string

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

id string

The provider-assigned unique ID for this managed resource.

arn str

ARN of the certificate.

certificate str

PEM-encoded certificate value.

certificate_chain str

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

id str

The provider-assigned unique ID for this managed resource.

arn String

ARN of the certificate.

certificate String

PEM-encoded certificate value.

certificateChain String

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing Certificate Resource

Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        certificate: Optional[str] = None,
        certificate_authority_arn: Optional[str] = None,
        certificate_chain: Optional[str] = None,
        certificate_signing_request: Optional[str] = None,
        signing_algorithm: Optional[str] = None,
        template_arn: Optional[str] = None,
        validity: Optional[CertificateValidityArgs] = None) -> Certificate
func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)
public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)
public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string

ARN of the certificate.

CertificateAuthorityArn string

ARN of the certificate authority.

CertificateChain string

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

CertificateDetails string

PEM-encoded certificate value.

CertificateSigningRequest string

Certificate Signing Request in PEM format.

SigningAlgorithm string

Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

TemplateArn string

Template to use when issuing a certificate. See ACM PCA Documentation for more information.

Validity Pulumi.Aws.Acmpca.Inputs.CertificateValidityArgs

Configures end of the validity period for the certificate. See validity block below.

Arn string

ARN of the certificate.

Certificate string

PEM-encoded certificate value.

CertificateAuthorityArn string

ARN of the certificate authority.

CertificateChain string

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

CertificateSigningRequest string

Certificate Signing Request in PEM format.

SigningAlgorithm string

Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

TemplateArn string

Template to use when issuing a certificate. See ACM PCA Documentation for more information.

Validity CertificateValidityArgs

Configures end of the validity period for the certificate. See validity block below.

arn String

ARN of the certificate.

certificate String

PEM-encoded certificate value.

certificateAuthorityArn String

ARN of the certificate authority.

certificateChain String

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

certificateSigningRequest String

Certificate Signing Request in PEM format.

signingAlgorithm String

Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

templateArn String

Template to use when issuing a certificate. See ACM PCA Documentation for more information.

validity CertificateValidityArgs

Configures end of the validity period for the certificate. See validity block below.

arn string

ARN of the certificate.

certificate string

PEM-encoded certificate value.

certificateAuthorityArn string

ARN of the certificate authority.

certificateChain string

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

certificateSigningRequest string

Certificate Signing Request in PEM format.

signingAlgorithm string

Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

templateArn string

Template to use when issuing a certificate. See ACM PCA Documentation for more information.

validity CertificateValidityArgs

Configures end of the validity period for the certificate. See validity block below.

arn str

ARN of the certificate.

certificate str

PEM-encoded certificate value.

certificate_authority_arn str

ARN of the certificate authority.

certificate_chain str

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

certificate_signing_request str

Certificate Signing Request in PEM format.

signing_algorithm str

Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

template_arn str

Template to use when issuing a certificate. See ACM PCA Documentation for more information.

validity CertificateValidityArgs

Configures end of the validity period for the certificate. See validity block below.

arn String

ARN of the certificate.

certificate String

PEM-encoded certificate value.

certificateAuthorityArn String

ARN of the certificate authority.

certificateChain String

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

certificateSigningRequest String

Certificate Signing Request in PEM format.

signingAlgorithm String

Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

templateArn String

Template to use when issuing a certificate. See ACM PCA Documentation for more information.

validity Property Map

Configures end of the validity period for the certificate. See validity block below.

Supporting Types

CertificateValidity

Type string

Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.

Value string

If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.

Type string

Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.

Value string

If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.

type String

Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.

value String

If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.

type string

Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.

value string

If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.

type str

Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.

value str

If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.

type String

Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.

value String

If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.

Import

ACM PCA Certificates can be imported using their ARN, e.g.,

 $ pulumi import aws:acmpca/certificate:Certificate cert arn:aws:acm-pca:eu-west-1:675225743824:certificate-authority/08319ede-83g9-1400-8f21-c7d12b2b6edb/certificate/a4e9c2aa4bcfab625g1b9136464cd3a

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.