1. Packages
  2. AWS Classic
  3. API Docs
  4. acmpca
  5. Certificate

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi

aws.acmpca.Certificate

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi

    Provides a resource to issue a certificate using AWS Certificate Manager Private Certificate Authority (ACM PCA).

    Certificates created using aws.acmpca.Certificate are not eligible for automatic renewal, and must be replaced instead. To issue a renewable certificate using an ACM PCA, create a aws.acm.Certificate with the parameter certificate_authority_arn.

    Example Usage

    Basic

    Coming soon!

    Coming soon!

    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.acmpca.CertificateAuthority;
    import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
    import com.pulumi.tls.PrivateKey;
    import com.pulumi.tls.PrivateKeyArgs;
    import com.pulumi.tls.CertRequest;
    import com.pulumi.tls.CertRequestArgs;
    import com.pulumi.tls.inputs.CertRequestSubjectArgs;
    import com.pulumi.aws.acmpca.Certificate;
    import com.pulumi.aws.acmpca.CertificateArgs;
    import com.pulumi.aws.acmpca.inputs.CertificateValidityArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var exampleCertificateAuthority = new CertificateAuthority("exampleCertificateAuthority", CertificateAuthorityArgs.builder()        
                .privateCertificateConfiguration(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
                .permanentDeletionTimeInDays(7)
                .build());
    
            var key = new PrivateKey("key", PrivateKeyArgs.builder()        
                .algorithm("RSA")
                .build());
    
            var csr = new CertRequest("csr", CertRequestArgs.builder()        
                .keyAlgorithm("RSA")
                .privateKeyPem(key.privateKeyPem())
                .subject(CertRequestSubjectArgs.builder()
                    .commonName("example")
                    .build())
                .build());
    
            var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()        
                .certificateAuthorityArn(exampleCertificateAuthority.arn())
                .certificateSigningRequest(csr.certRequestPem())
                .signingAlgorithm("SHA256WITHRSA")
                .validity(CertificateValidityArgs.builder()
                    .type("YEARS")
                    .value(1)
                    .build())
                .build());
    
        }
    }
    

    Coming soon!

    Coming soon!

    resources:
      exampleCertificate:
        type: aws:acmpca:Certificate
        properties:
          certificateAuthorityArn: ${exampleCertificateAuthority.arn}
          certificateSigningRequest: ${csr.certRequestPem}
          signingAlgorithm: SHA256WITHRSA
          validity:
            type: YEARS
            value: 1
      exampleCertificateAuthority:
        type: aws:acmpca:CertificateAuthority
        properties:
          privateCertificateConfiguration:
            - keyAlgorithm: RSA_4096
              signingAlgorithm: SHA512WITHRSA
              subject:
                - commonName: example.com
          permanentDeletionTimeInDays: 7
      key:
        type: tls:PrivateKey
        properties:
          algorithm: RSA
      csr:
        type: tls:CertRequest
        properties:
          keyAlgorithm: RSA
          privateKeyPem: ${key.privateKeyPem}
          subject:
            commonName: example
    

    Create Certificate Resource

    new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);
    @overload
    def Certificate(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    api_passthrough: Optional[str] = None,
                    certificate_authority_arn: Optional[str] = None,
                    certificate_signing_request: Optional[str] = None,
                    signing_algorithm: Optional[str] = None,
                    template_arn: Optional[str] = None,
                    validity: Optional[CertificateValidityArgs] = None)
    @overload
    def Certificate(resource_name: str,
                    args: CertificateArgs,
                    opts: Optional[ResourceOptions] = None)
    func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)
    public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)
    public Certificate(String name, CertificateArgs args)
    public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
    
    type: aws:acmpca:Certificate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Certificate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Certificate resource accepts the following input properties:

    CertificateAuthorityArn string

    ARN of the certificate authority.

    CertificateSigningRequest string

    Certificate Signing Request in PEM format.

    SigningAlgorithm string

    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

    Validity CertificateValidity

    Configures end of the validity period for the certificate. See validity block below.

    ApiPassthrough string

    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates

    TemplateArn string

    Template to use when issuing a certificate. See ACM PCA Documentation for more information.

    CertificateAuthorityArn string

    ARN of the certificate authority.

    CertificateSigningRequest string

    Certificate Signing Request in PEM format.

    SigningAlgorithm string

    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

    Validity CertificateValidityArgs

    Configures end of the validity period for the certificate. See validity block below.

    ApiPassthrough string

    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates

    TemplateArn string

    Template to use when issuing a certificate. See ACM PCA Documentation for more information.

    certificateAuthorityArn String

    ARN of the certificate authority.

    certificateSigningRequest String

    Certificate Signing Request in PEM format.

    signingAlgorithm String

    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

    validity CertificateValidity

    Configures end of the validity period for the certificate. See validity block below.

    apiPassthrough String

    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates

    templateArn String

    Template to use when issuing a certificate. See ACM PCA Documentation for more information.

    certificateAuthorityArn string

    ARN of the certificate authority.

    certificateSigningRequest string

    Certificate Signing Request in PEM format.

    signingAlgorithm string

    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

    validity CertificateValidity

    Configures end of the validity period for the certificate. See validity block below.

    apiPassthrough string

    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates

    templateArn string

    Template to use when issuing a certificate. See ACM PCA Documentation for more information.

    certificate_authority_arn str

    ARN of the certificate authority.

    certificate_signing_request str

    Certificate Signing Request in PEM format.

    signing_algorithm str

    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

    validity CertificateValidityArgs

    Configures end of the validity period for the certificate. See validity block below.

    api_passthrough str

    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates

    template_arn str

    Template to use when issuing a certificate. See ACM PCA Documentation for more information.

    certificateAuthorityArn String

    ARN of the certificate authority.

    certificateSigningRequest String

    Certificate Signing Request in PEM format.

    signingAlgorithm String

    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

    validity Property Map

    Configures end of the validity period for the certificate. See validity block below.

    apiPassthrough String

    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates

    templateArn String

    Template to use when issuing a certificate. See ACM PCA Documentation for more information.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

    Arn string

    ARN of the certificate.

    CertificateChain string

    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

    CertificateDetails string

    PEM-encoded certificate value.

    Id string

    The provider-assigned unique ID for this managed resource.

    Arn string

    ARN of the certificate.

    Certificate string

    PEM-encoded certificate value.

    CertificateChain string

    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

    Id string

    The provider-assigned unique ID for this managed resource.

    arn String

    ARN of the certificate.

    certificate String

    PEM-encoded certificate value.

    certificateChain String

    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

    id String

    The provider-assigned unique ID for this managed resource.

    arn string

    ARN of the certificate.

    certificate string

    PEM-encoded certificate value.

    certificateChain string

    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

    id string

    The provider-assigned unique ID for this managed resource.

    arn str

    ARN of the certificate.

    certificate str

    PEM-encoded certificate value.

    certificate_chain str

    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

    id str

    The provider-assigned unique ID for this managed resource.

    arn String

    ARN of the certificate.

    certificate String

    PEM-encoded certificate value.

    certificateChain String

    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing Certificate Resource

    Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: CertificateState, opts?: CustomResourceOptions): Certificate
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            api_passthrough: Optional[str] = None,
            arn: Optional[str] = None,
            certificate: Optional[str] = None,
            certificate_authority_arn: Optional[str] = None,
            certificate_chain: Optional[str] = None,
            certificate_signing_request: Optional[str] = None,
            signing_algorithm: Optional[str] = None,
            template_arn: Optional[str] = None,
            validity: Optional[CertificateValidityArgs] = None) -> Certificate
    func GetCertificate(ctx *Context, name string, id IDInput, state *CertificateState, opts ...ResourceOption) (*Certificate, error)
    public static Certificate Get(string name, Input<string> id, CertificateState? state, CustomResourceOptions? opts = null)
    public static Certificate get(String name, Output<String> id, CertificateState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    ApiPassthrough string

    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates

    Arn string

    ARN of the certificate.

    CertificateAuthorityArn string

    ARN of the certificate authority.

    CertificateChain string

    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

    CertificateDetails string

    PEM-encoded certificate value.

    CertificateSigningRequest string

    Certificate Signing Request in PEM format.

    SigningAlgorithm string

    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

    TemplateArn string

    Template to use when issuing a certificate. See ACM PCA Documentation for more information.

    Validity CertificateValidity

    Configures end of the validity period for the certificate. See validity block below.

    ApiPassthrough string

    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates

    Arn string

    ARN of the certificate.

    Certificate string

    PEM-encoded certificate value.

    CertificateAuthorityArn string

    ARN of the certificate authority.

    CertificateChain string

    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

    CertificateSigningRequest string

    Certificate Signing Request in PEM format.

    SigningAlgorithm string

    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

    TemplateArn string

    Template to use when issuing a certificate. See ACM PCA Documentation for more information.

    Validity CertificateValidityArgs

    Configures end of the validity period for the certificate. See validity block below.

    apiPassthrough String

    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates

    arn String

    ARN of the certificate.

    certificate String

    PEM-encoded certificate value.

    certificateAuthorityArn String

    ARN of the certificate authority.

    certificateChain String

    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

    certificateSigningRequest String

    Certificate Signing Request in PEM format.

    signingAlgorithm String

    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

    templateArn String

    Template to use when issuing a certificate. See ACM PCA Documentation for more information.

    validity CertificateValidity

    Configures end of the validity period for the certificate. See validity block below.

    apiPassthrough string

    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates

    arn string

    ARN of the certificate.

    certificate string

    PEM-encoded certificate value.

    certificateAuthorityArn string

    ARN of the certificate authority.

    certificateChain string

    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

    certificateSigningRequest string

    Certificate Signing Request in PEM format.

    signingAlgorithm string

    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

    templateArn string

    Template to use when issuing a certificate. See ACM PCA Documentation for more information.

    validity CertificateValidity

    Configures end of the validity period for the certificate. See validity block below.

    api_passthrough str

    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates

    arn str

    ARN of the certificate.

    certificate str

    PEM-encoded certificate value.

    certificate_authority_arn str

    ARN of the certificate authority.

    certificate_chain str

    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

    certificate_signing_request str

    Certificate Signing Request in PEM format.

    signing_algorithm str

    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

    template_arn str

    Template to use when issuing a certificate. See ACM PCA Documentation for more information.

    validity CertificateValidityArgs

    Configures end of the validity period for the certificate. See validity block below.

    apiPassthrough String

    Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates

    arn String

    ARN of the certificate.

    certificate String

    PEM-encoded certificate value.

    certificateAuthorityArn String

    ARN of the certificate authority.

    certificateChain String

    PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

    certificateSigningRequest String

    Certificate Signing Request in PEM format.

    signingAlgorithm String

    Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.

    templateArn String

    Template to use when issuing a certificate. See ACM PCA Documentation for more information.

    validity Property Map

    Configures end of the validity period for the certificate. See validity block below.

    Supporting Types

    CertificateValidity, CertificateValidityArgs

    Type string

    Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.

    Value string

    If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.

    Type string

    Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.

    Value string

    If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.

    type String

    Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.

    value String

    If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.

    type string

    Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.

    value string

    If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.

    type str

    Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.

    value str

    If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.

    type String

    Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.

    value String

    If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.

    Import

    Using pulumi import, import ACM PCA Certificates using their ARN. For example:

     $ pulumi import aws:acmpca/certificate:Certificate cert arn:aws:acm-pca:eu-west-1:675225743824:certificate-authority/08319ede-83g9-1400-8f21-c7d12b2b6edb/certificate/a4e9c2aa4bcfab625g1b9136464cd3a
    

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the aws Terraform Provider.

    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi