1. Packages
  2. AWS Classic
  3. API Docs
  4. iam
  5. ServerCertificate

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi

aws.iam.ServerCertificate

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi

    Provides an IAM Server Certificate resource to upload Server Certificates. Certs uploaded to IAM can easily work with other AWS services such as:

    • AWS Elastic Beanstalk
    • Elastic Load Balancing
    • CloudFront
    • AWS OpsWorks

    For information about server certificates in IAM, see [Managing Server Certificates][2] in AWS Documentation.

    Example Usage

    Using certs on file:

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    import * as std from "@pulumi/std";
    
    const testCert = new aws.iam.ServerCertificate("test_cert", {
        name: "some_test_cert",
        certificateBody: std.file({
            input: "self-ca-cert.pem",
        }).then(invoke => invoke.result),
        privateKey: std.file({
            input: "test-key.pem",
        }).then(invoke => invoke.result),
    });
    
    import pulumi
    import pulumi_aws as aws
    import pulumi_std as std
    
    test_cert = aws.iam.ServerCertificate("test_cert",
        name="some_test_cert",
        certificate_body=std.file(input="self-ca-cert.pem").result,
        private_key=std.file(input="test-key.pem").result)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi-std/sdk/go/std"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		invokeFile, err := std.File(ctx, &std.FileArgs{
    			Input: "self-ca-cert.pem",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		invokeFile1, err := std.File(ctx, &std.FileArgs{
    			Input: "test-key.pem",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = iam.NewServerCertificate(ctx, "test_cert", &iam.ServerCertificateArgs{
    			Name:            pulumi.String("some_test_cert"),
    			CertificateBody: invokeFile.Result,
    			PrivateKey:      invokeFile1.Result,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    using Std = Pulumi.Std;
    
    return await Deployment.RunAsync(() => 
    {
        var testCert = new Aws.Iam.ServerCertificate("test_cert", new()
        {
            Name = "some_test_cert",
            CertificateBody = Std.File.Invoke(new()
            {
                Input = "self-ca-cert.pem",
            }).Apply(invoke => invoke.Result),
            PrivateKey = Std.File.Invoke(new()
            {
                Input = "test-key.pem",
            }).Apply(invoke => invoke.Result),
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.iam.ServerCertificate;
    import com.pulumi.aws.iam.ServerCertificateArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testCert = new ServerCertificate("testCert", ServerCertificateArgs.builder()        
                .name("some_test_cert")
                .certificateBody(StdFunctions.file(FileArgs.builder()
                    .input("self-ca-cert.pem")
                    .build()).result())
                .privateKey(StdFunctions.file(FileArgs.builder()
                    .input("test-key.pem")
                    .build()).result())
                .build());
    
        }
    }
    
    resources:
      testCert:
        type: aws:iam:ServerCertificate
        name: test_cert
        properties:
          name: some_test_cert
          certificateBody:
            fn::invoke:
              Function: std:file
              Arguments:
                input: self-ca-cert.pem
              Return: result
          privateKey:
            fn::invoke:
              Function: std:file
              Arguments:
                input: test-key.pem
              Return: result
    

    Example with cert in-line:

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const testCertAlt = new aws.iam.ServerCertificate("test_cert_alt", {
        name: "alt_test_cert",
        certificateBody: `-----BEGIN CERTIFICATE-----
    [......] # cert contents
    -----END CERTIFICATE-----
    `,
        privateKey: `-----BEGIN RSA PRIVATE KEY-----
    [......] # cert contents
    -----END RSA PRIVATE KEY-----
    `,
    });
    
    import pulumi
    import pulumi_aws as aws
    
    test_cert_alt = aws.iam.ServerCertificate("test_cert_alt",
        name="alt_test_cert",
        certificate_body="""-----BEGIN CERTIFICATE-----
    [......] # cert contents
    -----END CERTIFICATE-----
    """,
        private_key="""-----BEGIN RSA PRIVATE KEY-----
    [......] # cert contents
    -----END RSA PRIVATE KEY-----
    """)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := iam.NewServerCertificate(ctx, "test_cert_alt", &iam.ServerCertificateArgs{
    			Name:            pulumi.String("alt_test_cert"),
    			CertificateBody: pulumi.String("-----BEGIN CERTIFICATE-----\n[......] # cert contents\n-----END CERTIFICATE-----\n"),
    			PrivateKey:      pulumi.String("-----BEGIN RSA PRIVATE KEY-----\n[......] # cert contents\n-----END RSA PRIVATE KEY-----\n"),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var testCertAlt = new Aws.Iam.ServerCertificate("test_cert_alt", new()
        {
            Name = "alt_test_cert",
            CertificateBody = @"-----BEGIN CERTIFICATE-----
    [......] # cert contents
    -----END CERTIFICATE-----
    ",
            PrivateKey = @"-----BEGIN RSA PRIVATE KEY-----
    [......] # cert contents
    -----END RSA PRIVATE KEY-----
    ",
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.iam.ServerCertificate;
    import com.pulumi.aws.iam.ServerCertificateArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testCertAlt = new ServerCertificate("testCertAlt", ServerCertificateArgs.builder()        
                .name("alt_test_cert")
                .certificateBody("""
    -----BEGIN CERTIFICATE-----
    [......] # cert contents
    -----END CERTIFICATE-----
                """)
                .privateKey("""
    -----BEGIN RSA PRIVATE KEY-----
    [......] # cert contents
    -----END RSA PRIVATE KEY-----
                """)
                .build());
    
        }
    }
    
    resources:
      testCertAlt:
        type: aws:iam:ServerCertificate
        name: test_cert_alt
        properties:
          name: alt_test_cert
          certificateBody: |
            -----BEGIN CERTIFICATE-----
            [......] # cert contents
            -----END CERTIFICATE-----        
          privateKey: |
            -----BEGIN RSA PRIVATE KEY-----
            [......] # cert contents
            -----END RSA PRIVATE KEY-----        
    

    Use in combination with an AWS ELB resource:

    Some properties of an IAM Server Certificates cannot be updated while they are in use. In order for the provider to effectively manage a Certificate in this situation, it is recommended you utilize the name_prefix attribute and enable the create_before_destroy. This will allow this provider to create a new, updated aws.iam.ServerCertificate resource and replace it in dependant resources before attempting to destroy the old version.

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    import * as std from "@pulumi/std";
    
    const testCert = new aws.iam.ServerCertificate("test_cert", {
        namePrefix: "example-cert",
        certificateBody: std.file({
            input: "self-ca-cert.pem",
        }).then(invoke => invoke.result),
        privateKey: std.file({
            input: "test-key.pem",
        }).then(invoke => invoke.result),
    });
    const ourapp = new aws.elb.LoadBalancer("ourapp", {
        name: "asg-deployment-example",
        availabilityZones: ["us-west-2a"],
        crossZoneLoadBalancing: true,
        listeners: [{
            instancePort: 8000,
            instanceProtocol: "http",
            lbPort: 443,
            lbProtocol: "https",
            sslCertificateId: testCert.arn,
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    import pulumi_std as std
    
    test_cert = aws.iam.ServerCertificate("test_cert",
        name_prefix="example-cert",
        certificate_body=std.file(input="self-ca-cert.pem").result,
        private_key=std.file(input="test-key.pem").result)
    ourapp = aws.elb.LoadBalancer("ourapp",
        name="asg-deployment-example",
        availability_zones=["us-west-2a"],
        cross_zone_load_balancing=True,
        listeners=[aws.elb.LoadBalancerListenerArgs(
            instance_port=8000,
            instance_protocol="http",
            lb_port=443,
            lb_protocol="https",
            ssl_certificate_id=test_cert.arn,
        )])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/elb"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi-std/sdk/go/std"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		invokeFile, err := std.File(ctx, &std.FileArgs{
    			Input: "self-ca-cert.pem",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		invokeFile1, err := std.File(ctx, &std.FileArgs{
    			Input: "test-key.pem",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		testCert, err := iam.NewServerCertificate(ctx, "test_cert", &iam.ServerCertificateArgs{
    			NamePrefix:      pulumi.String("example-cert"),
    			CertificateBody: invokeFile.Result,
    			PrivateKey:      invokeFile1.Result,
    		})
    		if err != nil {
    			return err
    		}
    		_, err = elb.NewLoadBalancer(ctx, "ourapp", &elb.LoadBalancerArgs{
    			Name: pulumi.String("asg-deployment-example"),
    			AvailabilityZones: pulumi.StringArray{
    				pulumi.String("us-west-2a"),
    			},
    			CrossZoneLoadBalancing: pulumi.Bool(true),
    			Listeners: elb.LoadBalancerListenerArray{
    				&elb.LoadBalancerListenerArgs{
    					InstancePort:     pulumi.Int(8000),
    					InstanceProtocol: pulumi.String("http"),
    					LbPort:           pulumi.Int(443),
    					LbProtocol:       pulumi.String("https"),
    					SslCertificateId: testCert.Arn,
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    using Std = Pulumi.Std;
    
    return await Deployment.RunAsync(() => 
    {
        var testCert = new Aws.Iam.ServerCertificate("test_cert", new()
        {
            NamePrefix = "example-cert",
            CertificateBody = Std.File.Invoke(new()
            {
                Input = "self-ca-cert.pem",
            }).Apply(invoke => invoke.Result),
            PrivateKey = Std.File.Invoke(new()
            {
                Input = "test-key.pem",
            }).Apply(invoke => invoke.Result),
        });
    
        var ourapp = new Aws.Elb.LoadBalancer("ourapp", new()
        {
            Name = "asg-deployment-example",
            AvailabilityZones = new[]
            {
                "us-west-2a",
            },
            CrossZoneLoadBalancing = true,
            Listeners = new[]
            {
                new Aws.Elb.Inputs.LoadBalancerListenerArgs
                {
                    InstancePort = 8000,
                    InstanceProtocol = "http",
                    LbPort = 443,
                    LbProtocol = "https",
                    SslCertificateId = testCert.Arn,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.iam.ServerCertificate;
    import com.pulumi.aws.iam.ServerCertificateArgs;
    import com.pulumi.aws.elb.LoadBalancer;
    import com.pulumi.aws.elb.LoadBalancerArgs;
    import com.pulumi.aws.elb.inputs.LoadBalancerListenerArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testCert = new ServerCertificate("testCert", ServerCertificateArgs.builder()        
                .namePrefix("example-cert")
                .certificateBody(StdFunctions.file(FileArgs.builder()
                    .input("self-ca-cert.pem")
                    .build()).result())
                .privateKey(StdFunctions.file(FileArgs.builder()
                    .input("test-key.pem")
                    .build()).result())
                .build());
    
            var ourapp = new LoadBalancer("ourapp", LoadBalancerArgs.builder()        
                .name("asg-deployment-example")
                .availabilityZones("us-west-2a")
                .crossZoneLoadBalancing(true)
                .listeners(LoadBalancerListenerArgs.builder()
                    .instancePort(8000)
                    .instanceProtocol("http")
                    .lbPort(443)
                    .lbProtocol("https")
                    .sslCertificateId(testCert.arn())
                    .build())
                .build());
    
        }
    }
    
    resources:
      testCert:
        type: aws:iam:ServerCertificate
        name: test_cert
        properties:
          namePrefix: example-cert
          certificateBody:
            fn::invoke:
              Function: std:file
              Arguments:
                input: self-ca-cert.pem
              Return: result
          privateKey:
            fn::invoke:
              Function: std:file
              Arguments:
                input: test-key.pem
              Return: result
      ourapp:
        type: aws:elb:LoadBalancer
        properties:
          name: asg-deployment-example
          availabilityZones:
            - us-west-2a
          crossZoneLoadBalancing: true
          listeners:
            - instancePort: 8000
              instanceProtocol: http
              lbPort: 443
              lbProtocol: https
              sslCertificateId: ${testCert.arn}
    

    Create ServerCertificate Resource

    new ServerCertificate(name: string, args: ServerCertificateArgs, opts?: CustomResourceOptions);
    @overload
    def ServerCertificate(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          certificate_body: Optional[str] = None,
                          certificate_chain: Optional[str] = None,
                          name: Optional[str] = None,
                          name_prefix: Optional[str] = None,
                          path: Optional[str] = None,
                          private_key: Optional[str] = None,
                          tags: Optional[Mapping[str, str]] = None)
    @overload
    def ServerCertificate(resource_name: str,
                          args: ServerCertificateArgs,
                          opts: Optional[ResourceOptions] = None)
    func NewServerCertificate(ctx *Context, name string, args ServerCertificateArgs, opts ...ResourceOption) (*ServerCertificate, error)
    public ServerCertificate(string name, ServerCertificateArgs args, CustomResourceOptions? opts = null)
    public ServerCertificate(String name, ServerCertificateArgs args)
    public ServerCertificate(String name, ServerCertificateArgs args, CustomResourceOptions options)
    
    type: aws:iam:ServerCertificate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args ServerCertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ServerCertificateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ServerCertificateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ServerCertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ServerCertificateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    ServerCertificate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ServerCertificate resource accepts the following input properties:

    CertificateBody string
    The contents of the public key certificate in PEM-encoded format.
    PrivateKey string
    The contents of the private key in PEM-encoded format.
    CertificateChain string
    The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
    Name string
    The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
    NamePrefix string
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    Path string
    The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
    Tags Dictionary<string, string>

    Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

    CertificateBody string
    The contents of the public key certificate in PEM-encoded format.
    PrivateKey string
    The contents of the private key in PEM-encoded format.
    CertificateChain string
    The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
    Name string
    The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
    NamePrefix string
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    Path string
    The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
    Tags map[string]string

    Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

    certificateBody String
    The contents of the public key certificate in PEM-encoded format.
    privateKey String
    The contents of the private key in PEM-encoded format.
    certificateChain String
    The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
    name String
    The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
    namePrefix String
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    path String
    The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
    tags Map<String,String>

    Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

    certificateBody string
    The contents of the public key certificate in PEM-encoded format.
    privateKey string
    The contents of the private key in PEM-encoded format.
    certificateChain string
    The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
    name string
    The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
    namePrefix string
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    path string
    The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
    tags {[key: string]: string}

    Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

    certificate_body str
    The contents of the public key certificate in PEM-encoded format.
    private_key str
    The contents of the private key in PEM-encoded format.
    certificate_chain str
    The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
    name str
    The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
    name_prefix str
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    path str
    The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
    tags Mapping[str, str]

    Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

    certificateBody String
    The contents of the public key certificate in PEM-encoded format.
    privateKey String
    The contents of the private key in PEM-encoded format.
    certificateChain String
    The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
    name String
    The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
    namePrefix String
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    path String
    The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
    tags Map<String>

    Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ServerCertificate resource produces the following output properties:

    Arn string
    The Amazon Resource Name (ARN) specifying the server certificate.
    Expiration string
    Date and time in RFC3339 format on which the certificate is set to expire.
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    UploadDate string
    Date and time in RFC3339 format when the server certificate was uploaded.
    Arn string
    The Amazon Resource Name (ARN) specifying the server certificate.
    Expiration string
    Date and time in RFC3339 format on which the certificate is set to expire.
    Id string
    The provider-assigned unique ID for this managed resource.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    UploadDate string
    Date and time in RFC3339 format when the server certificate was uploaded.
    arn String
    The Amazon Resource Name (ARN) specifying the server certificate.
    expiration String
    Date and time in RFC3339 format on which the certificate is set to expire.
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    uploadDate String
    Date and time in RFC3339 format when the server certificate was uploaded.
    arn string
    The Amazon Resource Name (ARN) specifying the server certificate.
    expiration string
    Date and time in RFC3339 format on which the certificate is set to expire.
    id string
    The provider-assigned unique ID for this managed resource.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    uploadDate string
    Date and time in RFC3339 format when the server certificate was uploaded.
    arn str
    The Amazon Resource Name (ARN) specifying the server certificate.
    expiration str
    Date and time in RFC3339 format on which the certificate is set to expire.
    id str
    The provider-assigned unique ID for this managed resource.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    upload_date str
    Date and time in RFC3339 format when the server certificate was uploaded.
    arn String
    The Amazon Resource Name (ARN) specifying the server certificate.
    expiration String
    Date and time in RFC3339 format on which the certificate is set to expire.
    id String
    The provider-assigned unique ID for this managed resource.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    uploadDate String
    Date and time in RFC3339 format when the server certificate was uploaded.

    Look up Existing ServerCertificate Resource

    Get an existing ServerCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: ServerCertificateState, opts?: CustomResourceOptions): ServerCertificate
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            certificate_body: Optional[str] = None,
            certificate_chain: Optional[str] = None,
            expiration: Optional[str] = None,
            name: Optional[str] = None,
            name_prefix: Optional[str] = None,
            path: Optional[str] = None,
            private_key: Optional[str] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            upload_date: Optional[str] = None) -> ServerCertificate
    func GetServerCertificate(ctx *Context, name string, id IDInput, state *ServerCertificateState, opts ...ResourceOption) (*ServerCertificate, error)
    public static ServerCertificate Get(string name, Input<string> id, ServerCertificateState? state, CustomResourceOptions? opts = null)
    public static ServerCertificate get(String name, Output<String> id, ServerCertificateState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    The Amazon Resource Name (ARN) specifying the server certificate.
    CertificateBody string
    The contents of the public key certificate in PEM-encoded format.
    CertificateChain string
    The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
    Expiration string
    Date and time in RFC3339 format on which the certificate is set to expire.
    Name string
    The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
    NamePrefix string
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    Path string
    The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
    PrivateKey string
    The contents of the private key in PEM-encoded format.
    Tags Dictionary<string, string>

    Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    UploadDate string
    Date and time in RFC3339 format when the server certificate was uploaded.
    Arn string
    The Amazon Resource Name (ARN) specifying the server certificate.
    CertificateBody string
    The contents of the public key certificate in PEM-encoded format.
    CertificateChain string
    The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
    Expiration string
    Date and time in RFC3339 format on which the certificate is set to expire.
    Name string
    The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
    NamePrefix string
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    Path string
    The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
    PrivateKey string
    The contents of the private key in PEM-encoded format.
    Tags map[string]string

    Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    UploadDate string
    Date and time in RFC3339 format when the server certificate was uploaded.
    arn String
    The Amazon Resource Name (ARN) specifying the server certificate.
    certificateBody String
    The contents of the public key certificate in PEM-encoded format.
    certificateChain String
    The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
    expiration String
    Date and time in RFC3339 format on which the certificate is set to expire.
    name String
    The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
    namePrefix String
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    path String
    The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
    privateKey String
    The contents of the private key in PEM-encoded format.
    tags Map<String,String>

    Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    uploadDate String
    Date and time in RFC3339 format when the server certificate was uploaded.
    arn string
    The Amazon Resource Name (ARN) specifying the server certificate.
    certificateBody string
    The contents of the public key certificate in PEM-encoded format.
    certificateChain string
    The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
    expiration string
    Date and time in RFC3339 format on which the certificate is set to expire.
    name string
    The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
    namePrefix string
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    path string
    The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
    privateKey string
    The contents of the private key in PEM-encoded format.
    tags {[key: string]: string}

    Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    uploadDate string
    Date and time in RFC3339 format when the server certificate was uploaded.
    arn str
    The Amazon Resource Name (ARN) specifying the server certificate.
    certificate_body str
    The contents of the public key certificate in PEM-encoded format.
    certificate_chain str
    The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
    expiration str
    Date and time in RFC3339 format on which the certificate is set to expire.
    name str
    The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
    name_prefix str
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    path str
    The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
    private_key str
    The contents of the private key in PEM-encoded format.
    tags Mapping[str, str]

    Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    upload_date str
    Date and time in RFC3339 format when the server certificate was uploaded.
    arn String
    The Amazon Resource Name (ARN) specifying the server certificate.
    certificateBody String
    The contents of the public key certificate in PEM-encoded format.
    certificateChain String
    The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
    expiration String
    Date and time in RFC3339 format on which the certificate is set to expire.
    name String
    The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
    namePrefix String
    Creates a unique name beginning with the specified prefix. Conflicts with name.
    path String
    The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
    privateKey String
    The contents of the private key in PEM-encoded format.
    tags Map<String>

    Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated:Please use tags instead.

    uploadDate String
    Date and time in RFC3339 format when the server certificate was uploaded.

    Import

    Using pulumi import, import IAM Server Certificates using the name. For example:

    $ pulumi import aws:iam/serverCertificate:ServerCertificate certificate example.com-certificate-until-2018
    

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.28.1 published on Thursday, Mar 28, 2024 by Pulumi