Namespace Pulumi.Aws.Acm
Classes
Certificate
The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager.
It deals with requesting certificates and managing their attributes and life-cycle.
This resource does not deal with validation of a certificate but can provide inputs
for other resources implementing the validation. It does not wait for a certificate to be issued.
Use a aws.acm.CertificateValidation resource for this.
Most commonly, this resource is used to together with aws.route53.Record and
aws.acm.CertificateValidation to request a DNS validated certificate,
deploy the required validation records and wait for validation to complete.
Domain validation through E-Mail is also supported but should be avoided as it requires a manual step outside of this provider.
It's recommended to specify create_before_destroy = true in a lifecycle block to replace a certificate
which is currently in use (eg, by aws.lb.Listener).
Example Usage
Certificate creation
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var cert = new Aws.Acm.Certificate("cert", new Aws.Acm.CertificateArgs
{
DomainName = "example.com",
Tags =
{
{ "Environment", "test" },
},
ValidationMethod = "DNS",
});
}
}
Importing an existing certificate
using Pulumi;
using Aws = Pulumi.Aws;
using Tls = Pulumi.Tls;
class MyStack : Stack
{
public MyStack()
{
var examplePrivateKey = new Tls.PrivateKey("examplePrivateKey", new Tls.PrivateKeyArgs
{
Algorithm = "RSA",
});
var exampleSelfSignedCert = new Tls.SelfSignedCert("exampleSelfSignedCert", new Tls.SelfSignedCertArgs
{
AllowedUses =
{
"key_encipherment",
"digital_signature",
"server_auth",
},
KeyAlgorithm = "RSA",
PrivateKeyPem = examplePrivateKey.PrivateKeyPem,
Subjects =
{
new Tls.Inputs.SelfSignedCertSubjectArgs
{
CommonName = "example.com",
Organization = "ACME Examples, Inc",
},
},
ValidityPeriodHours = 12,
});
var cert = new Aws.Acm.Certificate("cert", new Aws.Acm.CertificateArgs
{
CertificateBody = exampleSelfSignedCert.CertPem,
PrivateKey = examplePrivateKey.PrivateKeyPem,
});
}
}
CertificateArgs
CertificateState
CertificateValidation
This resource represents a successful validation of an ACM certificate in concert with other resources.
Most commonly, this resource is used together with aws.route53.Record and
aws.acm.Certificate to request a DNS validated certificate,
deploy the required validation records and wait for validation to complete.
WARNING: This resource implements a part of the validation workflow. It does not represent a real-world entity in AWS, therefore changing or deleting this resource on its own has no immediate effect.
Example Usage
DNS Validation with Route 53
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var certCertificate = new Aws.Acm.Certificate("certCertificate", new Aws.Acm.CertificateArgs
{
DomainName = "example.com",
ValidationMethod = "DNS",
});
var zone = Output.Create(Aws.Route53.GetZone.InvokeAsync(new Aws.Route53.GetZoneArgs
{
Name = "example.com.",
PrivateZone = false,
}));
var certValidation = new Aws.Route53.Record("certValidation", new Aws.Route53.RecordArgs
{
Name = certCertificate.DomainValidationOptions.Apply(domainValidationOptions => domainValidationOptions[0].ResourceRecordName),
Records =
{
certCertificate.DomainValidationOptions.Apply(domainValidationOptions => domainValidationOptions[0].ResourceRecordValue),
},
Ttl = 60,
Type = certCertificate.DomainValidationOptions.Apply(domainValidationOptions => domainValidationOptions[0].ResourceRecordType),
ZoneId = zone.Apply(zone => zone.ZoneId),
});
var certCertificateValidation = new Aws.Acm.CertificateValidation("certCertificateValidation", new Aws.Acm.CertificateValidationArgs
{
CertificateArn = certCertificate.Arn,
ValidationRecordFqdns =
{
certValidation.Fqdn,
},
});
var frontEnd = new Aws.LB.Listener("frontEnd", new Aws.LB.ListenerArgs
{
CertificateArn = certCertificateValidation.CertificateArn,
});
}
}
Alternative Domains DNS Validation with Route 53
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var certCertificate = new Aws.Acm.Certificate("certCertificate", new Aws.Acm.CertificateArgs
{
DomainName = "example.com",
SubjectAlternativeNames =
{
"www.example.com",
"example.org",
},
ValidationMethod = "DNS",
});
var zone = Output.Create(Aws.Route53.GetZone.InvokeAsync(new Aws.Route53.GetZoneArgs
{
Name = "example.com.",
PrivateZone = false,
}));
var zoneAlt = Output.Create(Aws.Route53.GetZone.InvokeAsync(new Aws.Route53.GetZoneArgs
{
Name = "example.org.",
PrivateZone = false,
}));
var certValidation = new Aws.Route53.Record("certValidation", new Aws.Route53.RecordArgs
{
Name = certCertificate.DomainValidationOptions.Apply(domainValidationOptions => domainValidationOptions[0].ResourceRecordName),
Records =
{
certCertificate.DomainValidationOptions.Apply(domainValidationOptions => domainValidationOptions[0].ResourceRecordValue),
},
Ttl = 60,
Type = certCertificate.DomainValidationOptions.Apply(domainValidationOptions => domainValidationOptions[0].ResourceRecordType),
ZoneId = zone.Apply(zone => zone.ZoneId),
});
var certValidationAlt1 = new Aws.Route53.Record("certValidationAlt1", new Aws.Route53.RecordArgs
{
Name = certCertificate.DomainValidationOptions.Apply(domainValidationOptions => domainValidationOptions[1].ResourceRecordName),
Records =
{
certCertificate.DomainValidationOptions.Apply(domainValidationOptions => domainValidationOptions[1].ResourceRecordValue),
},
Ttl = 60,
Type = certCertificate.DomainValidationOptions.Apply(domainValidationOptions => domainValidationOptions[1].ResourceRecordType),
ZoneId = zone.Apply(zone => zone.ZoneId),
});
var certValidationAlt2 = new Aws.Route53.Record("certValidationAlt2", new Aws.Route53.RecordArgs
{
Name = certCertificate.DomainValidationOptions.Apply(domainValidationOptions => domainValidationOptions[2].ResourceRecordName),
Records =
{
certCertificate.DomainValidationOptions.Apply(domainValidationOptions => domainValidationOptions[2].ResourceRecordValue),
},
Ttl = 60,
Type = certCertificate.DomainValidationOptions.Apply(domainValidationOptions => domainValidationOptions[2].ResourceRecordType),
ZoneId = zoneAlt.Apply(zoneAlt => zoneAlt.ZoneId),
});
var certCertificateValidation = new Aws.Acm.CertificateValidation("certCertificateValidation", new Aws.Acm.CertificateValidationArgs
{
CertificateArn = certCertificate.Arn,
ValidationRecordFqdns =
{
certValidation.Fqdn,
certValidationAlt1.Fqdn,
certValidationAlt2.Fqdn,
},
});
var frontEnd = new Aws.LB.Listener("frontEnd", new Aws.LB.ListenerArgs
{
CertificateArn = certCertificateValidation.CertificateArn,
});
}
}
Email Validation
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var certCertificate = new Aws.Acm.Certificate("certCertificate", new Aws.Acm.CertificateArgs
{
DomainName = "example.com",
ValidationMethod = "EMAIL",
});
var certCertificateValidation = new Aws.Acm.CertificateValidation("certCertificateValidation", new Aws.Acm.CertificateValidationArgs
{
CertificateArn = certCertificate.Arn,
});
}
}