Module acm

@pulumi/aws > acm

Index

acm/certificate.ts acm/certificateValidation.ts acm/getCertificate.ts

class Certificate

The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager.

It deals with requesting certificates and managing their attributes and life-cycle. This resource does not deal with validation of a certificate but can provide inputs for other resources implementing the validation. It does not wait for a certificate to be issued. Use a aws_acm_certificate_validation resource for this.

Most commonly, this resource is used to together with aws_route53_record and aws_acm_certificate_validation to request a DNS validated certificate, deploy the required validation records and wait for validation to complete.

Domain validation through E-Mail is also supported but should be avoided as it requires a manual step outside of Terraform.

It’s recommended to specify create_before_destroy = true in a [lifecycle][1] block to replace a certificate which is currently in use (eg, by aws_lb_listener).

constructor

new Certificate(name: string, args: CertificateArgs, opts?: pulumi.CustomResourceOptions)

Create a Certificate resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CertificateState): Certificate

Get an existing Certificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

The ARN of the certificate

property domainName

public domainName: pulumi.Output<string>;

A domain name for which the certificate should be issued

property domainValidationOptions

public domainValidationOptions: pulumi.Output<{ ... }[]>;

A list of attributes to feed into other resources to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if DNS-validation was used.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property subjectAlternativeNames

public subjectAlternativeNames: pulumi.Output<string[] | undefined>;

A list of domains that should be SANs in the issued certificate

property tags

public tags: pulumi.Output<Tags | undefined>;

A mapping of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property validationEmails

public validationEmails: pulumi.Output<string[]>;

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

property validationMethod

public validationMethod: pulumi.Output<string>;

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into Terraform.

class CertificateValidation

This resource represents a successful validation of an ACM certificate in concert with other resources.

Most commonly, this resource is used together with aws_route53_record and aws_acm_certificate to request a DNS validated certificate, deploy the required validation records and wait for validation to complete.

~> WARNING: This resource implements a part of the validation workflow. It does not represent a real-world entity in AWS, therefore changing or deleting this resource on its own has no immediate effect.

constructor

new CertificateValidation(name: string, args: CertificateValidationArgs, opts?: pulumi.CustomResourceOptions)

Create a CertificateValidation resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CertificateValidationState): CertificateValidation

Get an existing CertificateValidation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

static isInstance(obj: any): boolean

Returns true if the given object is an instance of CustomResource. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property certificateArn

public certificateArn: pulumi.Output<string>;

The ARN of the certificate that is being validated.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property validationRecordFqdns

public validationRecordFqdns: pulumi.Output<string[] | undefined>;

List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation

function getCertificate

getCertificate(args: GetCertificateArgs, opts?: pulumi.InvokeOptions): Promise<GetCertificateResult>

Use this data source to get the ARN of a certificate in AWS Certificate Manager (ACM), you can reference it by domain without having to hard code the ARNs as input.

interface CertificateArgs

The set of arguments for constructing a Certificate resource.

property domainName

domainName: pulumi.Input<string>;

A domain name for which the certificate should be issued

property subjectAlternativeNames

subjectAlternativeNames?: pulumi.Input<pulumi.Input<string>[]>;

A list of domains that should be SANs in the issued certificate

property tags

tags?: pulumi.Input<Tags>;

A mapping of tags to assign to the resource.

property validationMethod

validationMethod: pulumi.Input<string>;

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into Terraform.

interface CertificateState

Input properties used for looking up and filtering Certificate resources.

property arn

arn?: pulumi.Input<string>;

The ARN of the certificate

property domainName

domainName?: pulumi.Input<string>;

A domain name for which the certificate should be issued

property domainValidationOptions

domainValidationOptions?: pulumi.Input<pulumi.Input<{ ... }>[]>;

A list of attributes to feed into other resources to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if DNS-validation was used.

property subjectAlternativeNames

subjectAlternativeNames?: pulumi.Input<pulumi.Input<string>[]>;

A list of domains that should be SANs in the issued certificate

property tags

tags?: pulumi.Input<Tags>;

A mapping of tags to assign to the resource.

property validationEmails

validationEmails?: pulumi.Input<pulumi.Input<string>[]>;

A list of addresses that received a validation E-Mail. Only set if EMAIL-validation was used.

property validationMethod

validationMethod?: pulumi.Input<string>;

Which method to use for validation. DNS or EMAIL are valid, NONE can be used for certificates that were imported into ACM and then into Terraform.

interface CertificateValidationArgs

The set of arguments for constructing a CertificateValidation resource.

property certificateArn

certificateArn: pulumi.Input<string>;

The ARN of the certificate that is being validated.

property validationRecordFqdns

validationRecordFqdns?: pulumi.Input<pulumi.Input<string>[]>;

List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation

interface CertificateValidationState

Input properties used for looking up and filtering CertificateValidation resources.

property certificateArn

certificateArn?: pulumi.Input<string>;

The ARN of the certificate that is being validated.

property validationRecordFqdns

validationRecordFqdns?: pulumi.Input<pulumi.Input<string>[]>;

List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation

interface GetCertificateArgs

A collection of arguments for invoking getCertificate.

property domain

domain: string;

The domain of the certificate to look up. If no certificate is found with this name, an error will be returned.

property mostRecent

mostRecent?: boolean;

If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.

property statuses

statuses?: string[];

A list of statuses on which to filter the returned list. Valid values are PENDING_VALIDATION, ISSUED, INACTIVE, EXPIRED, VALIDATION_TIMED_OUT, REVOKED and FAILED. If no value is specified, only certificates in the ISSUED state are returned.

property types

types?: string[];

A list of types on which to filter the returned list. Valid values are AMAZON_ISSUED and IMPORTED.

interface GetCertificateResult

A collection of values returned by getCertificate.

property arn

arn: string;

Set to the ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.