Try AWS Native preview for resources not in the classic version.
aws.apigateway.DomainName
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
Registers a custom domain name for use with AWS API Gateway. Additional information about this functionality can be found in the API Gateway Developer Guide.
This resource just establishes ownership of and the TLS settings for
a particular domain name. An API can be attached to a particular path
under the registered domain name using
the aws.apigateway.BasePathMapping
resource.
API Gateway domains can be defined as either ’edge-optimized’ or ‘regional’. In an edge-optimized configuration,
API Gateway internally creates and manages a CloudFront distribution to route requests on the given hostname. In
addition to this resource it’s necessary to create a DNS record corresponding to the given domain name which is an alias
(either Route53 alias or traditional CNAME) to the Cloudfront domain name exported in the cloudfront_domain_name
attribute.
In a regional configuration, API Gateway does not create a CloudFront distribution to route requests to the API, though
a distribution can be created if needed. In either case, it is necessary to create a DNS record corresponding to the
given domain name which is an alias (either Route53 alias or traditional CNAME) to the regional domain name exported in
the regional_domain_name
attribute.
Note: API Gateway requires the use of AWS Certificate Manager (ACM) certificates instead of Identity and Access Management (IAM) certificates in regions that support ACM. Regions that support ACM can be found in the Regions and Endpoints Documentation. To import an existing private key and certificate into ACM or request an ACM certificate, see the
aws.acm.Certificate
resource.
Note: The
aws.apigateway.DomainName
resource expects dependency on theaws.acm.CertificateValidation
as only verified certificates can be used. This can be made either explicitly by adding thedepends_on = [aws_acm_certificate_validation.cert]
attribute. Or implicitly by referring certificate ARN from the validation resource where it will be available after the resource creation:regional_certificate_arn = aws_acm_certificate_validation.cert.certificate_arn
.
Example Usage
Edge Optimized (ACM Certificate)
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleDomainName = new Aws.ApiGateway.DomainName("exampleDomainName", new()
{
CertificateArn = aws_acm_certificate_validation.Example.Certificate_arn,
Domain = "api.example.com",
});
// Example DNS record using Route53.
// Route53 is not specifically required; any DNS host can be used.
var exampleRecord = new Aws.Route53.Record("exampleRecord", new()
{
Name = exampleDomainName.Domain,
Type = "A",
ZoneId = aws_route53_zone.Example.Id,
Aliases = new[]
{
new Aws.Route53.Inputs.RecordAliasArgs
{
EvaluateTargetHealth = true,
Name = exampleDomainName.CloudfrontDomainName,
ZoneId = exampleDomainName.CloudfrontZoneId,
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDomainName, err := apigateway.NewDomainName(ctx, "exampleDomainName", &apigateway.DomainNameArgs{
CertificateArn: pulumi.Any(aws_acm_certificate_validation.Example.Certificate_arn),
DomainName: pulumi.String("api.example.com"),
})
if err != nil {
return err
}
_, err = route53.NewRecord(ctx, "exampleRecord", &route53.RecordArgs{
Name: exampleDomainName.DomainName,
Type: pulumi.String("A"),
ZoneId: pulumi.Any(aws_route53_zone.Example.Id),
Aliases: route53.RecordAliasArray{
&route53.RecordAliasArgs{
EvaluateTargetHealth: pulumi.Bool(true),
Name: exampleDomainName.CloudfrontDomainName,
ZoneId: exampleDomainName.CloudfrontZoneId,
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.apigateway.DomainName;
import com.pulumi.aws.apigateway.DomainNameArgs;
import com.pulumi.aws.route53.Record;
import com.pulumi.aws.route53.RecordArgs;
import com.pulumi.aws.route53.inputs.RecordAliasArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleDomainName = new DomainName("exampleDomainName", DomainNameArgs.builder()
.certificateArn(aws_acm_certificate_validation.example().certificate_arn())
.domainName("api.example.com")
.build());
var exampleRecord = new Record("exampleRecord", RecordArgs.builder()
.name(exampleDomainName.domainName())
.type("A")
.zoneId(aws_route53_zone.example().id())
.aliases(RecordAliasArgs.builder()
.evaluateTargetHealth(true)
.name(exampleDomainName.cloudfrontDomainName())
.zoneId(exampleDomainName.cloudfrontZoneId())
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
example_domain_name = aws.apigateway.DomainName("exampleDomainName",
certificate_arn=aws_acm_certificate_validation["example"]["certificate_arn"],
domain_name="api.example.com")
# Example DNS record using Route53.
# Route53 is not specifically required; any DNS host can be used.
example_record = aws.route53.Record("exampleRecord",
name=example_domain_name.domain_name,
type="A",
zone_id=aws_route53_zone["example"]["id"],
aliases=[aws.route53.RecordAliasArgs(
evaluate_target_health=True,
name=example_domain_name.cloudfront_domain_name,
zone_id=example_domain_name.cloudfront_zone_id,
)])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleDomainName = new aws.apigateway.DomainName("exampleDomainName", {
certificateArn: aws_acm_certificate_validation.example.certificate_arn,
domainName: "api.example.com",
});
// Example DNS record using Route53.
// Route53 is not specifically required; any DNS host can be used.
const exampleRecord = new aws.route53.Record("exampleRecord", {
name: exampleDomainName.domainName,
type: "A",
zoneId: aws_route53_zone.example.id,
aliases: [{
evaluateTargetHealth: true,
name: exampleDomainName.cloudfrontDomainName,
zoneId: exampleDomainName.cloudfrontZoneId,
}],
});
resources:
exampleDomainName:
type: aws:apigateway:DomainName
properties:
certificateArn: ${aws_acm_certificate_validation.example.certificate_arn}
domainName: api.example.com
# Example DNS record using Route53.
# Route53 is not specifically required; any DNS host can be used.
exampleRecord:
type: aws:route53:Record
properties:
name: ${exampleDomainName.domainName}
type: A
zoneId: ${aws_route53_zone.example.id}
aliases:
- evaluateTargetHealth: true
name: ${exampleDomainName.cloudfrontDomainName}
zoneId: ${exampleDomainName.cloudfrontZoneId}
Edge Optimized (IAM Certificate)
using System.Collections.Generic;
using System.IO;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleDomainName = new Aws.ApiGateway.DomainName("exampleDomainName", new()
{
Domain = "api.example.com",
CertificateName = "example-api",
CertificateBody = File.ReadAllText($"{path.Module}/example.com/example.crt"),
CertificateChain = File.ReadAllText($"{path.Module}/example.com/ca.crt"),
CertificatePrivateKey = File.ReadAllText($"{path.Module}/example.com/example.key"),
});
// Example DNS record using Route53.
// Route53 is not specifically required; any DNS host can be used.
var exampleRecord = new Aws.Route53.Record("exampleRecord", new()
{
ZoneId = aws_route53_zone.Example.Id,
Name = exampleDomainName.Domain,
Type = "A",
Aliases = new[]
{
new Aws.Route53.Inputs.RecordAliasArgs
{
Name = exampleDomainName.CloudfrontDomainName,
ZoneId = exampleDomainName.CloudfrontZoneId,
EvaluateTargetHealth = true,
},
},
});
});
package main
import (
"fmt"
"os"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func readFileOrPanic(path string) pulumi.StringPtrInput {
data, err := os.ReadFile(path)
if err != nil {
panic(err.Error())
}
return pulumi.String(string(data))
}
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleDomainName, err := apigateway.NewDomainName(ctx, "exampleDomainName", &apigateway.DomainNameArgs{
DomainName: pulumi.String("api.example.com"),
CertificateName: pulumi.String("example-api"),
CertificateBody: readFileOrPanic(fmt.Sprintf("%v/example.com/example.crt", path.Module)),
CertificateChain: readFileOrPanic(fmt.Sprintf("%v/example.com/ca.crt", path.Module)),
CertificatePrivateKey: readFileOrPanic(fmt.Sprintf("%v/example.com/example.key", path.Module)),
})
if err != nil {
return err
}
_, err = route53.NewRecord(ctx, "exampleRecord", &route53.RecordArgs{
ZoneId: pulumi.Any(aws_route53_zone.Example.Id),
Name: exampleDomainName.DomainName,
Type: pulumi.String("A"),
Aliases: route53.RecordAliasArray{
&route53.RecordAliasArgs{
Name: exampleDomainName.CloudfrontDomainName,
ZoneId: exampleDomainName.CloudfrontZoneId,
EvaluateTargetHealth: pulumi.Bool(true),
},
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.apigateway.DomainName;
import com.pulumi.aws.apigateway.DomainNameArgs;
import com.pulumi.aws.route53.Record;
import com.pulumi.aws.route53.RecordArgs;
import com.pulumi.aws.route53.inputs.RecordAliasArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleDomainName = new DomainName("exampleDomainName", DomainNameArgs.builder()
.domainName("api.example.com")
.certificateName("example-api")
.certificateBody(Files.readString(Paths.get(String.format("%s/example.com/example.crt", path.module()))))
.certificateChain(Files.readString(Paths.get(String.format("%s/example.com/ca.crt", path.module()))))
.certificatePrivateKey(Files.readString(Paths.get(String.format("%s/example.com/example.key", path.module()))))
.build());
var exampleRecord = new Record("exampleRecord", RecordArgs.builder()
.zoneId(aws_route53_zone.example().id())
.name(exampleDomainName.domainName())
.type("A")
.aliases(RecordAliasArgs.builder()
.name(exampleDomainName.cloudfrontDomainName())
.zoneId(exampleDomainName.cloudfrontZoneId())
.evaluateTargetHealth(true)
.build())
.build());
}
}
import pulumi
import pulumi_aws as aws
example_domain_name = aws.apigateway.DomainName("exampleDomainName",
domain_name="api.example.com",
certificate_name="example-api",
certificate_body=(lambda path: open(path).read())(f"{path['module']}/example.com/example.crt"),
certificate_chain=(lambda path: open(path).read())(f"{path['module']}/example.com/ca.crt"),
certificate_private_key=(lambda path: open(path).read())(f"{path['module']}/example.com/example.key"))
# Example DNS record using Route53.
# Route53 is not specifically required; any DNS host can be used.
example_record = aws.route53.Record("exampleRecord",
zone_id=aws_route53_zone["example"]["id"],
name=example_domain_name.domain_name,
type="A",
aliases=[aws.route53.RecordAliasArgs(
name=example_domain_name.cloudfront_domain_name,
zone_id=example_domain_name.cloudfront_zone_id,
evaluate_target_health=True,
)])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as fs from "fs";
const exampleDomainName = new aws.apigateway.DomainName("exampleDomainName", {
domainName: "api.example.com",
certificateName: "example-api",
certificateBody: fs.readFileSync(`${path.module}/example.com/example.crt`),
certificateChain: fs.readFileSync(`${path.module}/example.com/ca.crt`),
certificatePrivateKey: fs.readFileSync(`${path.module}/example.com/example.key`),
});
// Example DNS record using Route53.
// Route53 is not specifically required; any DNS host can be used.
const exampleRecord = new aws.route53.Record("exampleRecord", {
zoneId: aws_route53_zone.example.id,
name: exampleDomainName.domainName,
type: "A",
aliases: [{
name: exampleDomainName.cloudfrontDomainName,
zoneId: exampleDomainName.cloudfrontZoneId,
evaluateTargetHealth: true,
}],
});
resources:
exampleDomainName:
type: aws:apigateway:DomainName
properties:
domainName: api.example.com
certificateName: example-api
certificateBody:
fn::readFile: ${path.module}/example.com/example.crt
certificateChain:
fn::readFile: ${path.module}/example.com/ca.crt
certificatePrivateKey:
fn::readFile: ${path.module}/example.com/example.key
# Example DNS record using Route53.
# Route53 is not specifically required; any DNS host can be used.
exampleRecord:
type: aws:route53:Record
properties:
zoneId: ${aws_route53_zone.example.id} # See aws_route53_zone for how to create this
name: ${exampleDomainName.domainName}
type: A
aliases:
- name: ${exampleDomainName.cloudfrontDomainName}
zoneId: ${exampleDomainName.cloudfrontZoneId}
evaluateTargetHealth: true
Regional (ACM Certificate)
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.apigateway.DomainName;
import com.pulumi.aws.apigateway.DomainNameArgs;
import com.pulumi.aws.apigateway.inputs.DomainNameEndpointConfigurationArgs;
import com.pulumi.aws.route53.Record;
import com.pulumi.aws.route53.RecordArgs;
import com.pulumi.aws.route53.inputs.RecordAliasArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleDomainName = new DomainName("exampleDomainName", DomainNameArgs.builder()
.domainName("api.example.com")
.regionalCertificateArn(aws_acm_certificate_validation.example().certificate_arn())
.endpointConfiguration(DomainNameEndpointConfigurationArgs.builder()
.types("REGIONAL")
.build())
.build());
var exampleRecord = new Record("exampleRecord", RecordArgs.builder()
.name(exampleDomainName.domainName())
.type("A")
.zoneId(aws_route53_zone.example().id())
.aliases(RecordAliasArgs.builder()
.evaluateTargetHealth(true)
.name(exampleDomainName.regionalDomainName())
.zoneId(exampleDomainName.regionalZoneId())
.build())
.build());
}
}
Coming soon!
Coming soon!
resources:
exampleDomainName:
type: aws:apigateway:DomainName
properties:
domainName: api.example.com
regionalCertificateArn: ${aws_acm_certificate_validation.example.certificate_arn}
endpointConfiguration:
types:
- REGIONAL
# Example DNS record using Route53.
# Route53 is not specifically required; any DNS host can be used.
exampleRecord:
type: aws:route53:Record
properties:
name: ${exampleDomainName.domainName}
type: A
zoneId: ${aws_route53_zone.example.id}
aliases:
- evaluateTargetHealth: true
name: ${exampleDomainName.regionalDomainName}
zoneId: ${exampleDomainName.regionalZoneId}
Regional (IAM Certificate)
Coming soon!
Coming soon!
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.apigateway.DomainName;
import com.pulumi.aws.apigateway.DomainNameArgs;
import com.pulumi.aws.apigateway.inputs.DomainNameEndpointConfigurationArgs;
import com.pulumi.aws.route53.Record;
import com.pulumi.aws.route53.RecordArgs;
import com.pulumi.aws.route53.inputs.RecordAliasArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleDomainName = new DomainName("exampleDomainName", DomainNameArgs.builder()
.certificateBody(Files.readString(Paths.get(String.format("%s/example.com/example.crt", path.module()))))
.certificateChain(Files.readString(Paths.get(String.format("%s/example.com/ca.crt", path.module()))))
.certificatePrivateKey(Files.readString(Paths.get(String.format("%s/example.com/example.key", path.module()))))
.domainName("api.example.com")
.regionalCertificateName("example-api")
.endpointConfiguration(DomainNameEndpointConfigurationArgs.builder()
.types("REGIONAL")
.build())
.build());
var exampleRecord = new Record("exampleRecord", RecordArgs.builder()
.name(exampleDomainName.domainName())
.type("A")
.zoneId(aws_route53_zone.example().id())
.aliases(RecordAliasArgs.builder()
.evaluateTargetHealth(true)
.name(exampleDomainName.regionalDomainName())
.zoneId(exampleDomainName.regionalZoneId())
.build())
.build());
}
}
Coming soon!
Coming soon!
resources:
exampleDomainName:
type: aws:apigateway:DomainName
properties:
certificateBody:
fn::readFile: ${path.module}/example.com/example.crt
certificateChain:
fn::readFile: ${path.module}/example.com/ca.crt
certificatePrivateKey:
fn::readFile: ${path.module}/example.com/example.key
domainName: api.example.com
regionalCertificateName: example-api
endpointConfiguration:
types:
- REGIONAL
# Example DNS record using Route53.
# Route53 is not specifically required; any DNS host can be used.
exampleRecord:
type: aws:route53:Record
properties:
name: ${exampleDomainName.domainName}
type: A
zoneId: ${aws_route53_zone.example.id}
aliases:
- evaluateTargetHealth: true
name: ${exampleDomainName.regionalDomainName}
zoneId: ${exampleDomainName.regionalZoneId}
Create DomainName Resource
new DomainName(name: string, args: DomainNameArgs, opts?: CustomResourceOptions);
@overload
def DomainName(resource_name: str,
opts: Optional[ResourceOptions] = None,
certificate_arn: Optional[str] = None,
certificate_body: Optional[str] = None,
certificate_chain: Optional[str] = None,
certificate_name: Optional[str] = None,
certificate_private_key: Optional[str] = None,
domain_name: Optional[str] = None,
endpoint_configuration: Optional[DomainNameEndpointConfigurationArgs] = None,
mutual_tls_authentication: Optional[DomainNameMutualTlsAuthenticationArgs] = None,
ownership_verification_certificate_arn: Optional[str] = None,
regional_certificate_arn: Optional[str] = None,
regional_certificate_name: Optional[str] = None,
security_policy: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
@overload
def DomainName(resource_name: str,
args: DomainNameArgs,
opts: Optional[ResourceOptions] = None)
func NewDomainName(ctx *Context, name string, args DomainNameArgs, opts ...ResourceOption) (*DomainName, error)
public DomainName(string name, DomainNameArgs args, CustomResourceOptions? opts = null)
public DomainName(String name, DomainNameArgs args)
public DomainName(String name, DomainNameArgs args, CustomResourceOptions options)
type: aws:apigateway:DomainName
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DomainNameArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DomainNameArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DomainNameArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DomainNameArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DomainNameArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
DomainName Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The DomainName resource accepts the following input properties:
- Domain string
Fully-qualified domain name to register.
- Certificate
Arn string ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
.- Certificate
Body string Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- Certificate
Chain string Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- Certificate
Name string Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set.- Certificate
Private stringKey Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- Endpoint
Configuration DomainName Endpoint Configuration Configuration block defining API endpoint information including type. See below.
- Mutual
Tls DomainAuthentication Name Mutual Tls Authentication Mutual TLS authentication configuration for the domain name. See below.
- Ownership
Verification stringCertificate Arn ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.)- Regional
Certificate stringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- Regional
Certificate stringName User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.- Security
Policy string Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection.- Dictionary<string, string>
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- Domain
Name string Fully-qualified domain name to register.
- Certificate
Arn string ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
.- Certificate
Body string Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- Certificate
Chain string Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- Certificate
Name string Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set.- Certificate
Private stringKey Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- Endpoint
Configuration DomainName Endpoint Configuration Args Configuration block defining API endpoint information including type. See below.
- Mutual
Tls DomainAuthentication Name Mutual Tls Authentication Args Mutual TLS authentication configuration for the domain name. See below.
- Ownership
Verification stringCertificate Arn ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.)- Regional
Certificate stringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- Regional
Certificate stringName User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.- Security
Policy string Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection.- map[string]string
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- domain
Name String Fully-qualified domain name to register.
- certificate
Arn String ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Body String Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Chain String Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Name String Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set.- certificate
Private StringKey Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- endpoint
Configuration DomainName Endpoint Configuration Configuration block defining API endpoint information including type. See below.
- mutual
Tls DomainAuthentication Name Mutual Tls Authentication Mutual TLS authentication configuration for the domain name. See below.
- ownership
Verification StringCertificate Arn ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.)- regional
Certificate StringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional
Certificate StringName User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.- security
Policy String Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection.- Map<String,String>
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- domain
Name string Fully-qualified domain name to register.
- certificate
Arn string ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Body string Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Chain string Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Name string Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set.- certificate
Private stringKey Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- endpoint
Configuration DomainName Endpoint Configuration Configuration block defining API endpoint information including type. See below.
- mutual
Tls DomainAuthentication Name Mutual Tls Authentication Mutual TLS authentication configuration for the domain name. See below.
- ownership
Verification stringCertificate Arn ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.)- regional
Certificate stringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional
Certificate stringName User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.- security
Policy string Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection.- {[key: string]: string}
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- domain_
name str Fully-qualified domain name to register.
- certificate_
arn str ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
.- certificate_
body str Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate_
chain str Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate_
name str Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set.- certificate_
private_ strkey Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- endpoint_
configuration DomainName Endpoint Configuration Args Configuration block defining API endpoint information including type. See below.
- mutual_
tls_ Domainauthentication Name Mutual Tls Authentication Args Mutual TLS authentication configuration for the domain name. See below.
- ownership_
verification_ strcertificate_ arn ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.)- regional_
certificate_ strarn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional_
certificate_ strname User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.- security_
policy str Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection.- Mapping[str, str]
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- domain
Name String Fully-qualified domain name to register.
- certificate
Arn String ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Body String Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Chain String Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Name String Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set.- certificate
Private StringKey Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- endpoint
Configuration Property Map Configuration block defining API endpoint information including type. See below.
- mutual
Tls Property MapAuthentication Mutual TLS authentication configuration for the domain name. See below.
- ownership
Verification StringCertificate Arn ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.)- regional
Certificate StringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional
Certificate StringName User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.- security
Policy String Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection.- Map<String>
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
Outputs
All input properties are implicitly available as output properties. Additionally, the DomainName resource produces the following output properties:
- Arn string
ARN of domain name.
- Certificate
Upload stringDate Upload date associated with the domain certificate.
- Cloudfront
Domain stringName Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- Cloudfront
Zone stringId For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution.- Id string
The provider-assigned unique ID for this managed resource.
- Regional
Domain stringName Hostname for the custom domain's regional endpoint.
- Regional
Zone stringId Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- Dictionary<string, string>
Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.
- Arn string
ARN of domain name.
- Certificate
Upload stringDate Upload date associated with the domain certificate.
- Cloudfront
Domain stringName Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- Cloudfront
Zone stringId For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution.- Id string
The provider-assigned unique ID for this managed resource.
- Regional
Domain stringName Hostname for the custom domain's regional endpoint.
- Regional
Zone stringId Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- map[string]string
Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.
- arn String
ARN of domain name.
- certificate
Upload StringDate Upload date associated with the domain certificate.
- cloudfront
Domain StringName Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront
Zone StringId For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution.- id String
The provider-assigned unique ID for this managed resource.
- regional
Domain StringName Hostname for the custom domain's regional endpoint.
- regional
Zone StringId Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- Map<String,String>
Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.
- arn string
ARN of domain name.
- certificate
Upload stringDate Upload date associated with the domain certificate.
- cloudfront
Domain stringName Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront
Zone stringId For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution.- id string
The provider-assigned unique ID for this managed resource.
- regional
Domain stringName Hostname for the custom domain's regional endpoint.
- regional
Zone stringId Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- {[key: string]: string}
Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.
- arn str
ARN of domain name.
- certificate_
upload_ strdate Upload date associated with the domain certificate.
- cloudfront_
domain_ strname Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront_
zone_ strid For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution.- id str
The provider-assigned unique ID for this managed resource.
- regional_
domain_ strname Hostname for the custom domain's regional endpoint.
- regional_
zone_ strid Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- Mapping[str, str]
Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.
- arn String
ARN of domain name.
- certificate
Upload StringDate Upload date associated with the domain certificate.
- cloudfront
Domain StringName Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront
Zone StringId For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution.- id String
The provider-assigned unique ID for this managed resource.
- regional
Domain StringName Hostname for the custom domain's regional endpoint.
- regional
Zone StringId Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- Map<String>
Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.
Look up Existing DomainName Resource
Get an existing DomainName resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DomainNameState, opts?: CustomResourceOptions): DomainName
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
certificate_arn: Optional[str] = None,
certificate_body: Optional[str] = None,
certificate_chain: Optional[str] = None,
certificate_name: Optional[str] = None,
certificate_private_key: Optional[str] = None,
certificate_upload_date: Optional[str] = None,
cloudfront_domain_name: Optional[str] = None,
cloudfront_zone_id: Optional[str] = None,
domain_name: Optional[str] = None,
endpoint_configuration: Optional[DomainNameEndpointConfigurationArgs] = None,
mutual_tls_authentication: Optional[DomainNameMutualTlsAuthenticationArgs] = None,
ownership_verification_certificate_arn: Optional[str] = None,
regional_certificate_arn: Optional[str] = None,
regional_certificate_name: Optional[str] = None,
regional_domain_name: Optional[str] = None,
regional_zone_id: Optional[str] = None,
security_policy: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None) -> DomainName
func GetDomainName(ctx *Context, name string, id IDInput, state *DomainNameState, opts ...ResourceOption) (*DomainName, error)
public static DomainName Get(string name, Input<string> id, DomainNameState? state, CustomResourceOptions? opts = null)
public static DomainName get(String name, Output<String> id, DomainNameState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
ARN of domain name.
- Certificate
Arn string ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
.- Certificate
Body string Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- Certificate
Chain string Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- Certificate
Name string Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set.- Certificate
Private stringKey Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- Certificate
Upload stringDate Upload date associated with the domain certificate.
- Cloudfront
Domain stringName Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- Cloudfront
Zone stringId For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution.- Domain string
Fully-qualified domain name to register.
- Endpoint
Configuration DomainName Endpoint Configuration Configuration block defining API endpoint information including type. See below.
- Mutual
Tls DomainAuthentication Name Mutual Tls Authentication Mutual TLS authentication configuration for the domain name. See below.
- Ownership
Verification stringCertificate Arn ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.)- Regional
Certificate stringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- Regional
Certificate stringName User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.- Regional
Domain stringName Hostname for the custom domain's regional endpoint.
- Regional
Zone stringId Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- Security
Policy string Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection.- Dictionary<string, string>
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- Dictionary<string, string>
Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.
- Arn string
ARN of domain name.
- Certificate
Arn string ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
.- Certificate
Body string Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- Certificate
Chain string Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- Certificate
Name string Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set.- Certificate
Private stringKey Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- Certificate
Upload stringDate Upload date associated with the domain certificate.
- Cloudfront
Domain stringName Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- Cloudfront
Zone stringId For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution.- Domain
Name string Fully-qualified domain name to register.
- Endpoint
Configuration DomainName Endpoint Configuration Args Configuration block defining API endpoint information including type. See below.
- Mutual
Tls DomainAuthentication Name Mutual Tls Authentication Args Mutual TLS authentication configuration for the domain name. See below.
- Ownership
Verification stringCertificate Arn ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.)- Regional
Certificate stringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- Regional
Certificate stringName User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.- Regional
Domain stringName Hostname for the custom domain's regional endpoint.
- Regional
Zone stringId Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- Security
Policy string Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection.- map[string]string
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- map[string]string
Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.
- arn String
ARN of domain name.
- certificate
Arn String ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Body String Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Chain String Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Name String Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set.- certificate
Private StringKey Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Upload StringDate Upload date associated with the domain certificate.
- cloudfront
Domain StringName Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront
Zone StringId For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution.- domain
Name String Fully-qualified domain name to register.
- endpoint
Configuration DomainName Endpoint Configuration Configuration block defining API endpoint information including type. See below.
- mutual
Tls DomainAuthentication Name Mutual Tls Authentication Mutual TLS authentication configuration for the domain name. See below.
- ownership
Verification StringCertificate Arn ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.)- regional
Certificate StringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional
Certificate StringName User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.- regional
Domain StringName Hostname for the custom domain's regional endpoint.
- regional
Zone StringId Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- security
Policy String Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection.- Map<String,String>
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- Map<String,String>
Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.
- arn string
ARN of domain name.
- certificate
Arn string ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Body string Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Chain string Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Name string Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set.- certificate
Private stringKey Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Upload stringDate Upload date associated with the domain certificate.
- cloudfront
Domain stringName Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront
Zone stringId For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution.- domain
Name string Fully-qualified domain name to register.
- endpoint
Configuration DomainName Endpoint Configuration Configuration block defining API endpoint information including type. See below.
- mutual
Tls DomainAuthentication Name Mutual Tls Authentication Mutual TLS authentication configuration for the domain name. See below.
- ownership
Verification stringCertificate Arn ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.)- regional
Certificate stringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional
Certificate stringName User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.- regional
Domain stringName Hostname for the custom domain's regional endpoint.
- regional
Zone stringId Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- security
Policy string Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection.- {[key: string]: string}
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- {[key: string]: string}
Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.
- arn str
ARN of domain name.
- certificate_
arn str ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
.- certificate_
body str Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate_
chain str Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate_
name str Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set.- certificate_
private_ strkey Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate_
upload_ strdate Upload date associated with the domain certificate.
- cloudfront_
domain_ strname Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront_
zone_ strid For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution.- domain_
name str Fully-qualified domain name to register.
- endpoint_
configuration DomainName Endpoint Configuration Args Configuration block defining API endpoint information including type. See below.
- mutual_
tls_ Domainauthentication Name Mutual Tls Authentication Args Mutual TLS authentication configuration for the domain name. See below.
- ownership_
verification_ strcertificate_ arn ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.)- regional_
certificate_ strarn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional_
certificate_ strname User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.- regional_
domain_ strname Hostname for the custom domain's regional endpoint.
- regional_
zone_ strid Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- security_
policy str Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection.- Mapping[str, str]
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- Mapping[str, str]
Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.
- arn String
ARN of domain name.
- certificate
Arn String ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with
certificate_name
,certificate_body
,certificate_chain
,certificate_private_key
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Body String Certificate issued for the domain name being registered, in PEM format. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Chain String Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for
EDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Name String Unique name to use when registering this certificate as an IAM server certificate. Conflicts with
certificate_arn
,regional_certificate_arn
, andregional_certificate_name
. Required ifcertificate_arn
is not set.- certificate
Private StringKey Private key associated with the domain certificate given in
certificate_body
. Only valid forEDGE
endpoint configuration type. Conflicts withcertificate_arn
,regional_certificate_arn
, andregional_certificate_name
.- certificate
Upload StringDate Upload date associated with the domain certificate.
- cloudfront
Domain StringName Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
- cloudfront
Zone StringId For convenience, the hosted zone ID (
Z2FDTNDATAQYW2
) that can be used to create a Route53 alias record for the distribution.- domain
Name String Fully-qualified domain name to register.
- endpoint
Configuration Property Map Configuration block defining API endpoint information including type. See below.
- mutual
Tls Property MapAuthentication Mutual TLS authentication configuration for the domain name. See below.
- ownership
Verification StringCertificate Arn ARN of the AWS-issued certificate used to validate custom domain ownership (when
certificate_arn
is issued via an ACM Private CA ormutual_tls_authentication
is configured with an ACM-imported certificate.)- regional
Certificate StringArn ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.When uploading a certificate, the following arguments are supported:
- regional
Certificate StringName User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with
certificate_arn
,certificate_name
,certificate_body
,certificate_chain
, andcertificate_private_key
.- regional
Domain StringName Hostname for the custom domain's regional endpoint.
- regional
Zone StringId Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
- security
Policy String Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are
TLS_1_0
andTLS_1_2
. Must be configured to perform drift detection.- Map<String>
Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.When referencing an AWS-managed certificate, the following arguments are supported:
- Map<String>
Map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.Please use
tags
instead.
Supporting Types
DomainNameEndpointConfiguration, DomainNameEndpointConfigurationArgs
- Types string
List of endpoint types. This resource currently only supports managing a single value. Valid values:
EDGE
orREGIONAL
. If unspecified, defaults toEDGE
. Must be declared asREGIONAL
in non-Commercial partitions. Refer to the documentation for more information on the difference between edge-optimized and regional APIs.
- Types string
List of endpoint types. This resource currently only supports managing a single value. Valid values:
EDGE
orREGIONAL
. If unspecified, defaults toEDGE
. Must be declared asREGIONAL
in non-Commercial partitions. Refer to the documentation for more information on the difference between edge-optimized and regional APIs.
- types String
List of endpoint types. This resource currently only supports managing a single value. Valid values:
EDGE
orREGIONAL
. If unspecified, defaults toEDGE
. Must be declared asREGIONAL
in non-Commercial partitions. Refer to the documentation for more information on the difference between edge-optimized and regional APIs.
- types string
List of endpoint types. This resource currently only supports managing a single value. Valid values:
EDGE
orREGIONAL
. If unspecified, defaults toEDGE
. Must be declared asREGIONAL
in non-Commercial partitions. Refer to the documentation for more information on the difference between edge-optimized and regional APIs.
- types str
List of endpoint types. This resource currently only supports managing a single value. Valid values:
EDGE
orREGIONAL
. If unspecified, defaults toEDGE
. Must be declared asREGIONAL
in non-Commercial partitions. Refer to the documentation for more information on the difference between edge-optimized and regional APIs.
- types String
List of endpoint types. This resource currently only supports managing a single value. Valid values:
EDGE
orREGIONAL
. If unspecified, defaults toEDGE
. Must be declared asREGIONAL
in non-Commercial partitions. Refer to the documentation for more information on the difference between edge-optimized and regional APIs.
DomainNameMutualTlsAuthentication, DomainNameMutualTlsAuthenticationArgs
- Truststore
Uri string Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example,
s3://bucket-name/key-name
. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version.- Truststore
Version string Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.
- Truststore
Uri string Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example,
s3://bucket-name/key-name
. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version.- Truststore
Version string Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.
- truststore
Uri String Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example,
s3://bucket-name/key-name
. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version.- truststore
Version String Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.
- truststore
Uri string Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example,
s3://bucket-name/key-name
. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version.- truststore
Version string Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.
- truststore_
uri str Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example,
s3://bucket-name/key-name
. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version.- truststore_
version str Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.
- truststore
Uri String Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example,
s3://bucket-name/key-name
. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version.- truststore
Version String Version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.
Import
Using pulumi import
, import API Gateway domain names using their name
. For example:
$ pulumi import aws:apigateway/domainName:DomainName example dev.example.com
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
aws
Terraform Provider.
Try AWS Native preview for resources not in the classic version.