Docs Home
AWS v6.83.0 published on Monday, Jun 16, 2025 by Pulumi
aws.acmpca.getCertificateAuthority
Explore with Pulumi AI
Get information on a AWS Certificate Manager Private Certificate Authority (ACM PCA Certificate Authority).
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.acmpca.getCertificateAuthority({
arn: "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012",
});
import pulumi
import pulumi_aws as aws
example = aws.acmpca.get_certificate_authority(arn="arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := acmpca.LookupCertificateAuthority(ctx, &acmpca.LookupCertificateAuthorityArgs{
Arn: "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012",
}, nil)
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.Acmpca.GetCertificateAuthority.Invoke(new()
{
Arn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.AcmpcaFunctions;
import com.pulumi.aws.acmpca.inputs.GetCertificateAuthorityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = AcmpcaFunctions.getCertificateAuthority(GetCertificateAuthorityArgs.builder()
.arn("arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012")
.build());
}
}
variables:
example:
fn::invoke:
function: aws:acmpca:getCertificateAuthority
arguments:
arn: arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012
Using getCertificateAuthority
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getCertificateAuthority(args: GetCertificateAuthorityArgs, opts?: InvokeOptions): Promise<GetCertificateAuthorityResult>
function getCertificateAuthorityOutput(args: GetCertificateAuthorityOutputArgs, opts?: InvokeOptions): Output<GetCertificateAuthorityResult>def get_certificate_authority(arn: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
opts: Optional[InvokeOptions] = None) -> GetCertificateAuthorityResult
def get_certificate_authority_output(arn: Optional[pulumi.Input[str]] = None,
tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetCertificateAuthorityResult]func LookupCertificateAuthority(ctx *Context, args *LookupCertificateAuthorityArgs, opts ...InvokeOption) (*LookupCertificateAuthorityResult, error)
func LookupCertificateAuthorityOutput(ctx *Context, args *LookupCertificateAuthorityOutputArgs, opts ...InvokeOption) LookupCertificateAuthorityResultOutput> Note: This function is named LookupCertificateAuthority in the Go SDK.
public static class GetCertificateAuthority
{
public static Task<GetCertificateAuthorityResult> InvokeAsync(GetCertificateAuthorityArgs args, InvokeOptions? opts = null)
public static Output<GetCertificateAuthorityResult> Invoke(GetCertificateAuthorityInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetCertificateAuthorityResult> getCertificateAuthority(GetCertificateAuthorityArgs args, InvokeOptions options)
public static Output<GetCertificateAuthorityResult> getCertificateAuthority(GetCertificateAuthorityArgs args, InvokeOptions options)
fn::invoke:
function: aws:acmpca/getCertificateAuthority:getCertificateAuthority
arguments:
# arguments dictionaryThe following arguments are supported:
- Arn string
- ARN of the certificate authority.
- Dictionary<string, string>
- Key-value map of user-defined tags that are attached to the certificate authority.
- Arn string
- ARN of the certificate authority.
- map[string]string
- Key-value map of user-defined tags that are attached to the certificate authority.
- arn String
- ARN of the certificate authority.
- Map<String,String>
- Key-value map of user-defined tags that are attached to the certificate authority.
- arn string
- ARN of the certificate authority.
- {[key: string]: string}
- Key-value map of user-defined tags that are attached to the certificate authority.
- arn str
- ARN of the certificate authority.
- Mapping[str, str]
- Key-value map of user-defined tags that are attached to the certificate authority.
- arn String
- ARN of the certificate authority.
- Map<String>
- Key-value map of user-defined tags that are attached to the certificate authority.
getCertificateAuthority Result
The following output properties are available:
- Arn string
- Certificate string
- Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
- Certificate
Chain string - Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- Certificate
Signing stringRequest - The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Storage stringSecurity Standard - Not
After string - Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- Not
Before string - Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- Revocation
Configurations List<GetCertificate Authority Revocation Configuration> - Nested attribute containing revocation configuration.
- Serial string
- Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- Status string
- Status of the certificate authority.
- Dictionary<string, string>
- Key-value map of user-defined tags that are attached to the certificate authority.
- Type string
- Type of the certificate authority.
- Usage
Mode string - Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
- Arn string
- Certificate string
- Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
- Certificate
Chain string - Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- Certificate
Signing stringRequest - The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Storage stringSecurity Standard - Not
After string - Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- Not
Before string - Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- Revocation
Configurations []GetCertificate Authority Revocation Configuration - Nested attribute containing revocation configuration.
- Serial string
- Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- Status string
- Status of the certificate authority.
- map[string]string
- Key-value map of user-defined tags that are attached to the certificate authority.
- Type string
- Type of the certificate authority.
- Usage
Mode string - Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
- arn String
- certificate String
- Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
- certificate
Chain String - Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- certificate
Signing StringRequest - The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Storage StringSecurity Standard - not
After String - Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- not
Before String - Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- revocation
Configurations List<GetCertificate Authority Revocation Configuration> - Nested attribute containing revocation configuration.
- serial String
- Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- status String
- Status of the certificate authority.
- Map<String,String>
- Key-value map of user-defined tags that are attached to the certificate authority.
- type String
- Type of the certificate authority.
- usage
Mode String - Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
- arn string
- certificate string
- Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
- certificate
Chain string - Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- certificate
Signing stringRequest - The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- id string
- The provider-assigned unique ID for this managed resource.
- key
Storage stringSecurity Standard - not
After string - Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- not
Before string - Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- revocation
Configurations GetCertificate Authority Revocation Configuration[] - Nested attribute containing revocation configuration.
- serial string
- Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- status string
- Status of the certificate authority.
- {[key: string]: string}
- Key-value map of user-defined tags that are attached to the certificate authority.
- type string
- Type of the certificate authority.
- usage
Mode string - Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
- arn str
- certificate str
- Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
- certificate_
chain str - Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- certificate_
signing_ strrequest - The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- id str
- The provider-assigned unique ID for this managed resource.
- key_
storage_ strsecurity_ standard - not_
after str - Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- not_
before str - Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- revocation_
configurations Sequence[GetCertificate Authority Revocation Configuration] - Nested attribute containing revocation configuration.
- serial str
- Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- status str
- Status of the certificate authority.
- Mapping[str, str]
- Key-value map of user-defined tags that are attached to the certificate authority.
- type str
- Type of the certificate authority.
- usage_
mode str - Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
- arn String
- certificate String
- Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
- certificate
Chain String - Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- certificate
Signing StringRequest - The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- id String
- The provider-assigned unique ID for this managed resource.
- key
Storage StringSecurity Standard - not
After String - Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- not
Before String - Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- revocation
Configurations List<Property Map> - Nested attribute containing revocation configuration.
- serial String
- Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- status String
- Status of the certificate authority.
- Map<String>
- Key-value map of user-defined tags that are attached to the certificate authority.
- type String
- Type of the certificate authority.
- usage
Mode String - Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
Supporting Types
GetCertificateAuthorityRevocationConfiguration
- Crl
Configurations List<GetCertificate Authority Revocation Configuration Crl Configuration> - Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority.
- Ocsp
Configurations List<GetCertificate Authority Revocation Configuration Ocsp Configuration>
- Crl
Configurations []GetCertificate Authority Revocation Configuration Crl Configuration - Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority.
- Ocsp
Configurations []GetCertificate Authority Revocation Configuration Ocsp Configuration
- crl
Configurations List<GetCertificate Authority Revocation Configuration Crl Configuration> - Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority.
- ocsp
Configurations List<GetCertificate Authority Revocation Configuration Ocsp Configuration>
- crl
Configurations GetCertificate Authority Revocation Configuration Crl Configuration[] - Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority.
- ocsp
Configurations GetCertificate Authority Revocation Configuration Ocsp Configuration[]
- crl_
configurations Sequence[GetCertificate Authority Revocation Configuration Crl Configuration] - Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority.
- ocsp_
configurations Sequence[GetCertificate Authority Revocation Configuration Ocsp Configuration]
- crl
Configurations List<Property Map> - Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority.
- ocsp
Configurations List<Property Map>
GetCertificateAuthorityRevocationConfigurationCrlConfiguration
- Custom
Cname string - Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
- Enabled bool
- Boolean value that specifies whether certificate revocation lists (CRLs) are enabled.
- Expiration
In intDays - Number of days until a certificate expires.
- S3Bucket
Name string - Name of the S3 bucket that contains the CRL.
- S3Object
Acl string - Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.
- Custom
Cname string - Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
- Enabled bool
- Boolean value that specifies whether certificate revocation lists (CRLs) are enabled.
- Expiration
In intDays - Number of days until a certificate expires.
- S3Bucket
Name string - Name of the S3 bucket that contains the CRL.
- S3Object
Acl string - Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.
- custom
Cname String - Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
- enabled Boolean
- Boolean value that specifies whether certificate revocation lists (CRLs) are enabled.
- expiration
In IntegerDays - Number of days until a certificate expires.
- s3Bucket
Name String - Name of the S3 bucket that contains the CRL.
- s3Object
Acl String - Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.
- custom
Cname string - Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
- enabled boolean
- Boolean value that specifies whether certificate revocation lists (CRLs) are enabled.
- expiration
In numberDays - Number of days until a certificate expires.
- s3Bucket
Name string - Name of the S3 bucket that contains the CRL.
- s3Object
Acl string - Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.
- custom_
cname str - Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
- enabled bool
- Boolean value that specifies whether certificate revocation lists (CRLs) are enabled.
- expiration_
in_ intdays - Number of days until a certificate expires.
- s3_
bucket_ strname - Name of the S3 bucket that contains the CRL.
- s3_
object_ stracl - Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.
- custom
Cname String - Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
- enabled Boolean
- Boolean value that specifies whether certificate revocation lists (CRLs) are enabled.
- expiration
In NumberDays - Number of days until a certificate expires.
- s3Bucket
Name String - Name of the S3 bucket that contains the CRL.
- s3Object
Acl String - Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.
GetCertificateAuthorityRevocationConfigurationOcspConfiguration
- Enabled bool
- Boolean value that specifies whether a custom OCSP responder is enabled.
- Ocsp
Custom stringCname - A CNAME specifying a customized OCSP domain.
- Enabled bool
- Boolean value that specifies whether a custom OCSP responder is enabled.
- Ocsp
Custom stringCname - A CNAME specifying a customized OCSP domain.
- enabled Boolean
- Boolean value that specifies whether a custom OCSP responder is enabled.
- ocsp
Custom StringCname - A CNAME specifying a customized OCSP domain.
- enabled boolean
- Boolean value that specifies whether a custom OCSP responder is enabled.
- ocsp
Custom stringCname - A CNAME specifying a customized OCSP domain.
- enabled bool
- Boolean value that specifies whether a custom OCSP responder is enabled.
- ocsp_
custom_ strcname - A CNAME specifying a customized OCSP domain.
- enabled Boolean
- Boolean value that specifies whether a custom OCSP responder is enabled.
- ocsp
Custom StringCname - A CNAME specifying a customized OCSP domain.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.