Class Certificate

The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager.

It deals with requesting certificates and managing their attributes and life-cycle. This resource does not deal with validation of a certificate but can provide inputs for other resources implementing the validation. It does not wait for a certificate to be issued. Use a aws.acm.CertificateValidation resource for this.

Most commonly, this resource is used to together with aws.route53.Record and aws.acm.CertificateValidation to request a DNS validated certificate, deploy the required validation records and wait for validation to complete.

Domain validation through E-Mail is also supported but should be avoided as it requires a manual step outside of this provider.

It's recommended to specify create_before_destroy = true in a lifecycle block to replace a certificate which is currently in use (eg, by aws.lb.Listener).

Example Usage

Certificate creation

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var cert = new Aws.Acm.Certificate("cert", new Aws.Acm.CertificateArgs
    {
        DomainName = "example.com",
        Tags = 
        {
            { "Environment", "test" },
        },
        ValidationMethod = "DNS",
    });
}

}

Importing an existing certificate

using Pulumi;
using Aws = Pulumi.Aws;
using Tls = Pulumi.Tls;

class MyStack : Stack
{
public MyStack()
{
    var examplePrivateKey = new Tls.PrivateKey("examplePrivateKey", new Tls.PrivateKeyArgs
    {
        Algorithm = "RSA",
    });
    var exampleSelfSignedCert = new Tls.SelfSignedCert("exampleSelfSignedCert", new Tls.SelfSignedCertArgs
    {
        AllowedUses = 
        {
            "key_encipherment",
            "digital_signature",
            "server_auth",
        },
        KeyAlgorithm = "RSA",
        PrivateKeyPem = examplePrivateKey.PrivateKeyPem,
        Subjects = 
        {
            new Tls.Inputs.SelfSignedCertSubjectArgs
            {
                CommonName = "example.com",
                Organization = "ACME Examples, Inc",
            },
        },
        ValidityPeriodHours = 12,
    });
    var cert = new Aws.Acm.Certificate("cert", new Aws.Acm.CertificateArgs
    {
        CertificateBody = exampleSelfSignedCert.CertPem,
        PrivateKey = examplePrivateKey.PrivateKeyPem,
    });
}

}
Inheritance
System.Object
Resource
CustomResource
Certificate
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Aws.Acm
Assembly: Pulumi.Aws.dll
Syntax
public class Certificate : CustomResource

Constructors

View Source

Certificate(String, CertificateArgs, CustomResourceOptions)

Create a Certificate resource with the given unique name, arguments, and options.

Declaration
public Certificate(string name, CertificateArgs args = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
CertificateArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

Arn

The ARN of the certificate

Declaration
public Output<string> Arn { get; }
Property Value
Type Description
Output<System.String>
View Source

CertificateAuthorityArn

ARN of an ACMPCA

Declaration
public Output<string> CertificateAuthorityArn { get; }
Property Value
Type Description
Output<System.String>
View Source

CertificateBody

The certificate's PEM-formatted public key

Declaration
public Output<string> CertificateBody { get; }
Property Value
Type Description
Output<System.String>
View Source

CertificateChain

The certificate's PEM-formatted chain

  • Creating a private CA issued certificate
Declaration
public Output<string> CertificateChain { get; }
Property Value
Type Description
Output<System.String>
View Source

DomainName

A domain name for which the certificate should be issued

Declaration
public Output<string> DomainName { get; }
Property Value
Type Description
Output<System.String>
View Source

DomainValidationOptions

A list of attributes to feed into other resources to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if DNS-validation was used.

Declaration
public Output<ImmutableArray<CertificateDomainValidationOption>> DomainValidationOptions { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<CertificateDomainValidationOption>>
View Source

Options

Declaration
public Output<CertificateOptions> Options { get; }
Property Value
Type Description
Output<CertificateOptions>
View Source

PrivateKey

The certificate's PEM-formatted private key

Declaration
public Output<string> PrivateKey { get; }
Property Value
Type Description
Output<System.String>
View Source

SubjectAlternativeNames

A list of domains that should be SANs in the issued certificate

Declaration
public Output<ImmutableArray<string>> SubjectAlternativeNames { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

Tags

A map of tags to assign to the resource.

Declaration
public Output<ImmutableDictionary<string, object>> Tags { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>>
View Source

ValidationEmails

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

Declaration
public Output<ImmutableArray<string>> ValidationEmails { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

ValidationMethod

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into state managed by this provider.

  • Importing an existing certificate
Declaration
public Output<string> ValidationMethod { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, CertificateState, CustomResourceOptions)

Get an existing Certificate resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static Certificate Get(string name, Input<string> id, CertificateState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
CertificateState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
Certificate