acm

package
v5.24.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 16, 2022 License: Apache-2.0 Imports: 7 Imported by: 8

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Certificate

type Certificate struct {
	pulumi.CustomResourceState

	// ARN of the certificate
	Arn pulumi.StringOutput `pulumi:"arn"`
	// ARN of an ACM PCA
	CertificateAuthorityArn pulumi.StringPtrOutput `pulumi:"certificateAuthorityArn"`
	// Certificate's PEM-formatted public key
	CertificateBody pulumi.StringPtrOutput `pulumi:"certificateBody"`
	// Certificate's PEM-formatted chain
	// * Creating a private CA issued certificate
	CertificateChain pulumi.StringPtrOutput `pulumi:"certificateChain"`
	// Fully qualified domain name (FQDN) in the certificate.
	DomainName pulumi.StringOutput `pulumi:"domainName"`
	// Set of domain validation objects which can be used to complete certificate validation.
	// Can have more than one element, e.g., if SANs are defined.
	// Only set if `DNS`-validation was used.
	DomainValidationOptions CertificateDomainValidationOptionArrayOutput `pulumi:"domainValidationOptions"`
	// Amount of time to start automatic renewal process before expiration.
	// Has no effect if less than 60 days.
	// Represented by either
	// a subset of [RFC 3339 duration](https://www.rfc-editor.org/rfc/rfc3339) supporting years, months, and days (e.g., `P90D`),
	// or a string such as `2160h`.
	EarlyRenewalDuration pulumi.StringPtrOutput `pulumi:"earlyRenewalDuration"`
	// Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See [ACM Certificate characteristics](https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms) for more details.
	KeyAlgorithm pulumi.StringOutput `pulumi:"keyAlgorithm"`
	// Expiration date and time of the certificate.
	NotAfter pulumi.StringOutput `pulumi:"notAfter"`
	// Start of the validity period of the certificate.
	NotBefore pulumi.StringOutput `pulumi:"notBefore"`
	// Configuration block used to set certificate options. Detailed below.
	Options CertificateOptionsPtrOutput `pulumi:"options"`
	// `true` if a Private certificate eligible for managed renewal is within the `earlyRenewalDuration` period.
	PendingRenewal pulumi.BoolOutput `pulumi:"pendingRenewal"`
	// Certificate's PEM-formatted private key
	PrivateKey pulumi.StringPtrOutput `pulumi:"privateKey"`
	// Whether the certificate is eligible for managed renewal.
	RenewalEligibility pulumi.StringOutput `pulumi:"renewalEligibility"`
	// Contains information about the status of ACM's [managed renewal](https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html) for the certificate.
	RenewalSummaries CertificateRenewalSummaryArrayOutput `pulumi:"renewalSummaries"`
	// Status of the certificate.
	Status pulumi.StringOutput `pulumi:"status"`
	// Set of domains that should be SANs in the issued certificate.
	// To remove all elements of a previously configured list, set this value equal to an empty list (`[]`)
	SubjectAlternativeNames pulumi.StringArrayOutput `pulumi:"subjectAlternativeNames"`
	// Map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
	// Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
	// Source of the certificate.
	Type pulumi.StringOutput `pulumi:"type"`
	// List of addresses that received a validation email. Only set if `EMAIL` validation was used.
	ValidationEmails pulumi.StringArrayOutput `pulumi:"validationEmails"`
	// Which method to use for validation. `DNS` or `EMAIL` are valid, `NONE` can be used for certificates that were imported into ACM and then into the provider.
	ValidationMethod pulumi.StringOutput `pulumi:"validationMethod"`
	// Configuration block used to specify information about the initial validation of each domain name. Detailed below.
	// * Importing an existing certificate
	ValidationOptions CertificateValidationOptionArrayOutput `pulumi:"validationOptions"`
}

The ACM certificate resource allows requesting and management of certificates from the Amazon Certificate Manager.

ACM certificates can be created in three ways: Amazon-issued, where AWS provides the certificate authority and automatically manages renewal; imported certificates, issued by another certificate authority; and private certificates, issued using an ACM Private Certificate Authority.

## Amazon-Issued Certificates

For Amazon-issued certificates, this resource deals with requesting certificates and managing their attributes and life-cycle. This resource does not deal with validation of a certificate but can provide inputs for other resources implementing the validation. It does not wait for a certificate to be issued. Use a `acm.CertificateValidation` resource for this.

Most commonly, this resource is used together with `route53.Record` and `acm.CertificateValidation` to request a DNS validated certificate, deploy the required validation records and wait for validation to complete.

Domain validation through email is also supported but should be avoided as it requires a manual step outside of this provider.

## Certificates Imported from Other Certificate Authority

Imported certificates can be used to make certificates created with an external certificate authority available for AWS services.

As they are not managed by AWS, imported certificates are not eligible for automatic renewal. New certificate materials can be supplied to an existing imported certificate to update it in place.

## Private Certificates

Private certificates are issued by an ACM Private Cerificate Authority, which can be created using the resource type `acmpca.CertificateAuthority`.

Private certificates created using this resource are eligible for managed renewal if they have been exported or associated with another AWS service. See [managed renewal documentation](https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html) for more information. By default, a certificate is valid for 395 days and the managed renewal process will start 60 days before expiration. To renew the certificate earlier than 60 days before expiration, configure `earlyRenewalDuration`.

## Example Usage ### Create Certificate

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := acm.NewCertificate(ctx, "cert", &acm.CertificateArgs{
			DomainName: pulumi.String("example.com"),
			Tags: pulumi.StringMap{
				"Environment": pulumi.String("test"),
			},
			ValidationMethod: pulumi.String("DNS"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Custom Domain Validation Options

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := acm.NewCertificate(ctx, "cert", &acm.CertificateArgs{
			DomainName:       pulumi.String("testing.example.com"),
			ValidationMethod: pulumi.String("EMAIL"),
			ValidationOptions: acm.CertificateValidationOptionArray{
				&acm.CertificateValidationOptionArgs{
					DomainName:       pulumi.String("testing.example.com"),
					ValidationDomain: pulumi.String("example.com"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Existing Certificate Body Import

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acm"
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		examplePrivateKey, err := tls.NewPrivateKey(ctx, "examplePrivateKey", &tls.PrivateKeyArgs{
			Algorithm: pulumi.String("RSA"),
		})
		if err != nil {
			return err
		}
		exampleSelfSignedCert, err := tls.NewSelfSignedCert(ctx, "exampleSelfSignedCert", &tls.SelfSignedCertArgs{
			KeyAlgorithm:  pulumi.String("RSA"),
			PrivateKeyPem: examplePrivateKey.PrivateKeyPem,
			Subjects: SelfSignedCertSubjectArray{
				&SelfSignedCertSubjectArgs{
					CommonName:   pulumi.String("example.com"),
					Organization: pulumi.String("ACME Examples, Inc"),
				},
			},
			ValidityPeriodHours: pulumi.Int(12),
			AllowedUses: pulumi.StringArray{
				pulumi.String("key_encipherment"),
				pulumi.String("digital_signature"),
				pulumi.String("server_auth"),
			},
		})
		if err != nil {
			return err
		}
		_, err = acm.NewCertificate(ctx, "cert", &acm.CertificateArgs{
			PrivateKey:      examplePrivateKey.PrivateKeyPem,
			CertificateBody: exampleSelfSignedCert.CertPem,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Certificates can be imported using their ARN, e.g.,

```sh

$ pulumi import aws:acm/certificate:Certificate cert arn:aws:acm:eu-central-1:123456789012:certificate/7e7a28d2-163f-4b8f-b9cd-822f96c08d6a

```

func GetCertificate

func GetCertificate(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CertificateState, opts ...pulumi.ResourceOption) (*Certificate, error)

GetCertificate gets an existing Certificate resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCertificate

func NewCertificate(ctx *pulumi.Context,
	name string, args *CertificateArgs, opts ...pulumi.ResourceOption) (*Certificate, error)

NewCertificate registers a new resource with the given unique name, arguments, and options.

func (*Certificate) ElementType

func (*Certificate) ElementType() reflect.Type

func (*Certificate) ToCertificateOutput

func (i *Certificate) ToCertificateOutput() CertificateOutput

func (*Certificate) ToCertificateOutputWithContext

func (i *Certificate) ToCertificateOutputWithContext(ctx context.Context) CertificateOutput

type CertificateArgs

type CertificateArgs struct {
	// ARN of an ACM PCA
	CertificateAuthorityArn pulumi.StringPtrInput
	// Certificate's PEM-formatted public key
	CertificateBody pulumi.StringPtrInput
	// Certificate's PEM-formatted chain
	// * Creating a private CA issued certificate
	CertificateChain pulumi.StringPtrInput
	// Fully qualified domain name (FQDN) in the certificate.
	DomainName pulumi.StringPtrInput
	// Amount of time to start automatic renewal process before expiration.
	// Has no effect if less than 60 days.
	// Represented by either
	// a subset of [RFC 3339 duration](https://www.rfc-editor.org/rfc/rfc3339) supporting years, months, and days (e.g., `P90D`),
	// or a string such as `2160h`.
	EarlyRenewalDuration pulumi.StringPtrInput
	// Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See [ACM Certificate characteristics](https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms) for more details.
	KeyAlgorithm pulumi.StringPtrInput
	// Configuration block used to set certificate options. Detailed below.
	Options CertificateOptionsPtrInput
	// Certificate's PEM-formatted private key
	PrivateKey pulumi.StringPtrInput
	// Set of domains that should be SANs in the issued certificate.
	// To remove all elements of a previously configured list, set this value equal to an empty list (`[]`)
	SubjectAlternativeNames pulumi.StringArrayInput
	// Map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
	// Which method to use for validation. `DNS` or `EMAIL` are valid, `NONE` can be used for certificates that were imported into ACM and then into the provider.
	ValidationMethod pulumi.StringPtrInput
	// Configuration block used to specify information about the initial validation of each domain name. Detailed below.
	// * Importing an existing certificate
	ValidationOptions CertificateValidationOptionArrayInput
}

The set of arguments for constructing a Certificate resource.

func (CertificateArgs) ElementType

func (CertificateArgs) ElementType() reflect.Type

type CertificateArray

type CertificateArray []CertificateInput

func (CertificateArray) ElementType

func (CertificateArray) ElementType() reflect.Type

func (CertificateArray) ToCertificateArrayOutput

func (i CertificateArray) ToCertificateArrayOutput() CertificateArrayOutput

func (CertificateArray) ToCertificateArrayOutputWithContext

func (i CertificateArray) ToCertificateArrayOutputWithContext(ctx context.Context) CertificateArrayOutput

type CertificateArrayInput

type CertificateArrayInput interface {
	pulumi.Input

	ToCertificateArrayOutput() CertificateArrayOutput
	ToCertificateArrayOutputWithContext(context.Context) CertificateArrayOutput
}

CertificateArrayInput is an input type that accepts CertificateArray and CertificateArrayOutput values. You can construct a concrete instance of `CertificateArrayInput` via:

CertificateArray{ CertificateArgs{...} }

type CertificateArrayOutput

type CertificateArrayOutput struct{ *pulumi.OutputState }

func (CertificateArrayOutput) ElementType

func (CertificateArrayOutput) ElementType() reflect.Type

func (CertificateArrayOutput) Index

func (CertificateArrayOutput) ToCertificateArrayOutput

func (o CertificateArrayOutput) ToCertificateArrayOutput() CertificateArrayOutput

func (CertificateArrayOutput) ToCertificateArrayOutputWithContext

func (o CertificateArrayOutput) ToCertificateArrayOutputWithContext(ctx context.Context) CertificateArrayOutput

type CertificateDomainValidationOption

type CertificateDomainValidationOption struct {
	// Fully qualified domain name (FQDN) in the certificate.
	DomainName *string `pulumi:"domainName"`
	// The name of the DNS record to create to validate the certificate
	ResourceRecordName *string `pulumi:"resourceRecordName"`
	// The type of DNS record to create
	ResourceRecordType *string `pulumi:"resourceRecordType"`
	// The value the DNS record needs to have
	ResourceRecordValue *string `pulumi:"resourceRecordValue"`
}

type CertificateDomainValidationOptionArgs

type CertificateDomainValidationOptionArgs struct {
	// Fully qualified domain name (FQDN) in the certificate.
	DomainName pulumi.StringPtrInput `pulumi:"domainName"`
	// The name of the DNS record to create to validate the certificate
	ResourceRecordName pulumi.StringPtrInput `pulumi:"resourceRecordName"`
	// The type of DNS record to create
	ResourceRecordType pulumi.StringPtrInput `pulumi:"resourceRecordType"`
	// The value the DNS record needs to have
	ResourceRecordValue pulumi.StringPtrInput `pulumi:"resourceRecordValue"`
}

func (CertificateDomainValidationOptionArgs) ElementType

func (CertificateDomainValidationOptionArgs) ToCertificateDomainValidationOptionOutput

func (i CertificateDomainValidationOptionArgs) ToCertificateDomainValidationOptionOutput() CertificateDomainValidationOptionOutput

func (CertificateDomainValidationOptionArgs) ToCertificateDomainValidationOptionOutputWithContext

func (i CertificateDomainValidationOptionArgs) ToCertificateDomainValidationOptionOutputWithContext(ctx context.Context) CertificateDomainValidationOptionOutput

type CertificateDomainValidationOptionArray

type CertificateDomainValidationOptionArray []CertificateDomainValidationOptionInput

func (CertificateDomainValidationOptionArray) ElementType

func (CertificateDomainValidationOptionArray) ToCertificateDomainValidationOptionArrayOutput

func (i CertificateDomainValidationOptionArray) ToCertificateDomainValidationOptionArrayOutput() CertificateDomainValidationOptionArrayOutput

func (CertificateDomainValidationOptionArray) ToCertificateDomainValidationOptionArrayOutputWithContext

func (i CertificateDomainValidationOptionArray) ToCertificateDomainValidationOptionArrayOutputWithContext(ctx context.Context) CertificateDomainValidationOptionArrayOutput

type CertificateDomainValidationOptionArrayInput

type CertificateDomainValidationOptionArrayInput interface {
	pulumi.Input

	ToCertificateDomainValidationOptionArrayOutput() CertificateDomainValidationOptionArrayOutput
	ToCertificateDomainValidationOptionArrayOutputWithContext(context.Context) CertificateDomainValidationOptionArrayOutput
}

CertificateDomainValidationOptionArrayInput is an input type that accepts CertificateDomainValidationOptionArray and CertificateDomainValidationOptionArrayOutput values. You can construct a concrete instance of `CertificateDomainValidationOptionArrayInput` via:

CertificateDomainValidationOptionArray{ CertificateDomainValidationOptionArgs{...} }

type CertificateDomainValidationOptionArrayOutput

type CertificateDomainValidationOptionArrayOutput struct{ *pulumi.OutputState }

func (CertificateDomainValidationOptionArrayOutput) ElementType

func (CertificateDomainValidationOptionArrayOutput) Index

func (CertificateDomainValidationOptionArrayOutput) ToCertificateDomainValidationOptionArrayOutput

func (o CertificateDomainValidationOptionArrayOutput) ToCertificateDomainValidationOptionArrayOutput() CertificateDomainValidationOptionArrayOutput

func (CertificateDomainValidationOptionArrayOutput) ToCertificateDomainValidationOptionArrayOutputWithContext

func (o CertificateDomainValidationOptionArrayOutput) ToCertificateDomainValidationOptionArrayOutputWithContext(ctx context.Context) CertificateDomainValidationOptionArrayOutput

type CertificateDomainValidationOptionInput

type CertificateDomainValidationOptionInput interface {
	pulumi.Input

	ToCertificateDomainValidationOptionOutput() CertificateDomainValidationOptionOutput
	ToCertificateDomainValidationOptionOutputWithContext(context.Context) CertificateDomainValidationOptionOutput
}

CertificateDomainValidationOptionInput is an input type that accepts CertificateDomainValidationOptionArgs and CertificateDomainValidationOptionOutput values. You can construct a concrete instance of `CertificateDomainValidationOptionInput` via:

CertificateDomainValidationOptionArgs{...}

type CertificateDomainValidationOptionOutput

type CertificateDomainValidationOptionOutput struct{ *pulumi.OutputState }

func (CertificateDomainValidationOptionOutput) DomainName

Fully qualified domain name (FQDN) in the certificate.

func (CertificateDomainValidationOptionOutput) ElementType

func (CertificateDomainValidationOptionOutput) ResourceRecordName

The name of the DNS record to create to validate the certificate

func (CertificateDomainValidationOptionOutput) ResourceRecordType

The type of DNS record to create

func (CertificateDomainValidationOptionOutput) ResourceRecordValue

The value the DNS record needs to have

func (CertificateDomainValidationOptionOutput) ToCertificateDomainValidationOptionOutput

func (o CertificateDomainValidationOptionOutput) ToCertificateDomainValidationOptionOutput() CertificateDomainValidationOptionOutput

func (CertificateDomainValidationOptionOutput) ToCertificateDomainValidationOptionOutputWithContext

func (o CertificateDomainValidationOptionOutput) ToCertificateDomainValidationOptionOutputWithContext(ctx context.Context) CertificateDomainValidationOptionOutput

type CertificateInput

type CertificateInput interface {
	pulumi.Input

	ToCertificateOutput() CertificateOutput
	ToCertificateOutputWithContext(ctx context.Context) CertificateOutput
}

type CertificateMap

type CertificateMap map[string]CertificateInput

func (CertificateMap) ElementType

func (CertificateMap) ElementType() reflect.Type

func (CertificateMap) ToCertificateMapOutput

func (i CertificateMap) ToCertificateMapOutput() CertificateMapOutput

func (CertificateMap) ToCertificateMapOutputWithContext

func (i CertificateMap) ToCertificateMapOutputWithContext(ctx context.Context) CertificateMapOutput

type CertificateMapInput

type CertificateMapInput interface {
	pulumi.Input

	ToCertificateMapOutput() CertificateMapOutput
	ToCertificateMapOutputWithContext(context.Context) CertificateMapOutput
}

CertificateMapInput is an input type that accepts CertificateMap and CertificateMapOutput values. You can construct a concrete instance of `CertificateMapInput` via:

CertificateMap{ "key": CertificateArgs{...} }

type CertificateMapOutput

type CertificateMapOutput struct{ *pulumi.OutputState }

func (CertificateMapOutput) ElementType

func (CertificateMapOutput) ElementType() reflect.Type

func (CertificateMapOutput) MapIndex

func (CertificateMapOutput) ToCertificateMapOutput

func (o CertificateMapOutput) ToCertificateMapOutput() CertificateMapOutput

func (CertificateMapOutput) ToCertificateMapOutputWithContext

func (o CertificateMapOutput) ToCertificateMapOutputWithContext(ctx context.Context) CertificateMapOutput

type CertificateOptions

type CertificateOptions struct {
	// Whether certificate details should be added to a certificate transparency log. Valid values are `ENABLED` or `DISABLED`. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.
	CertificateTransparencyLoggingPreference *string `pulumi:"certificateTransparencyLoggingPreference"`
}

type CertificateOptionsArgs

type CertificateOptionsArgs struct {
	// Whether certificate details should be added to a certificate transparency log. Valid values are `ENABLED` or `DISABLED`. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.
	CertificateTransparencyLoggingPreference pulumi.StringPtrInput `pulumi:"certificateTransparencyLoggingPreference"`
}

func (CertificateOptionsArgs) ElementType

func (CertificateOptionsArgs) ElementType() reflect.Type

func (CertificateOptionsArgs) ToCertificateOptionsOutput

func (i CertificateOptionsArgs) ToCertificateOptionsOutput() CertificateOptionsOutput

func (CertificateOptionsArgs) ToCertificateOptionsOutputWithContext

func (i CertificateOptionsArgs) ToCertificateOptionsOutputWithContext(ctx context.Context) CertificateOptionsOutput

func (CertificateOptionsArgs) ToCertificateOptionsPtrOutput

func (i CertificateOptionsArgs) ToCertificateOptionsPtrOutput() CertificateOptionsPtrOutput

func (CertificateOptionsArgs) ToCertificateOptionsPtrOutputWithContext

func (i CertificateOptionsArgs) ToCertificateOptionsPtrOutputWithContext(ctx context.Context) CertificateOptionsPtrOutput

type CertificateOptionsInput

type CertificateOptionsInput interface {
	pulumi.Input

	ToCertificateOptionsOutput() CertificateOptionsOutput
	ToCertificateOptionsOutputWithContext(context.Context) CertificateOptionsOutput
}

CertificateOptionsInput is an input type that accepts CertificateOptionsArgs and CertificateOptionsOutput values. You can construct a concrete instance of `CertificateOptionsInput` via:

CertificateOptionsArgs{...}

type CertificateOptionsOutput

type CertificateOptionsOutput struct{ *pulumi.OutputState }

func (CertificateOptionsOutput) CertificateTransparencyLoggingPreference

func (o CertificateOptionsOutput) CertificateTransparencyLoggingPreference() pulumi.StringPtrOutput

Whether certificate details should be added to a certificate transparency log. Valid values are `ENABLED` or `DISABLED`. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.

func (CertificateOptionsOutput) ElementType

func (CertificateOptionsOutput) ElementType() reflect.Type

func (CertificateOptionsOutput) ToCertificateOptionsOutput

func (o CertificateOptionsOutput) ToCertificateOptionsOutput() CertificateOptionsOutput

func (CertificateOptionsOutput) ToCertificateOptionsOutputWithContext

func (o CertificateOptionsOutput) ToCertificateOptionsOutputWithContext(ctx context.Context) CertificateOptionsOutput

func (CertificateOptionsOutput) ToCertificateOptionsPtrOutput

func (o CertificateOptionsOutput) ToCertificateOptionsPtrOutput() CertificateOptionsPtrOutput

func (CertificateOptionsOutput) ToCertificateOptionsPtrOutputWithContext

func (o CertificateOptionsOutput) ToCertificateOptionsPtrOutputWithContext(ctx context.Context) CertificateOptionsPtrOutput

type CertificateOptionsPtrInput

type CertificateOptionsPtrInput interface {
	pulumi.Input

	ToCertificateOptionsPtrOutput() CertificateOptionsPtrOutput
	ToCertificateOptionsPtrOutputWithContext(context.Context) CertificateOptionsPtrOutput
}

CertificateOptionsPtrInput is an input type that accepts CertificateOptionsArgs, CertificateOptionsPtr and CertificateOptionsPtrOutput values. You can construct a concrete instance of `CertificateOptionsPtrInput` via:

        CertificateOptionsArgs{...}

or:

        nil

type CertificateOptionsPtrOutput

type CertificateOptionsPtrOutput struct{ *pulumi.OutputState }

func (CertificateOptionsPtrOutput) CertificateTransparencyLoggingPreference

func (o CertificateOptionsPtrOutput) CertificateTransparencyLoggingPreference() pulumi.StringPtrOutput

Whether certificate details should be added to a certificate transparency log. Valid values are `ENABLED` or `DISABLED`. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.

func (CertificateOptionsPtrOutput) Elem

func (CertificateOptionsPtrOutput) ElementType

func (CertificateOptionsPtrOutput) ToCertificateOptionsPtrOutput

func (o CertificateOptionsPtrOutput) ToCertificateOptionsPtrOutput() CertificateOptionsPtrOutput

func (CertificateOptionsPtrOutput) ToCertificateOptionsPtrOutputWithContext

func (o CertificateOptionsPtrOutput) ToCertificateOptionsPtrOutputWithContext(ctx context.Context) CertificateOptionsPtrOutput

type CertificateOutput

type CertificateOutput struct{ *pulumi.OutputState }

func (CertificateOutput) Arn added in v5.4.0

ARN of the certificate

func (CertificateOutput) CertificateAuthorityArn added in v5.4.0

func (o CertificateOutput) CertificateAuthorityArn() pulumi.StringPtrOutput

ARN of an ACM PCA

func (CertificateOutput) CertificateBody added in v5.4.0

func (o CertificateOutput) CertificateBody() pulumi.StringPtrOutput

Certificate's PEM-formatted public key

func (CertificateOutput) CertificateChain added in v5.4.0

func (o CertificateOutput) CertificateChain() pulumi.StringPtrOutput

Certificate's PEM-formatted chain * Creating a private CA issued certificate

func (CertificateOutput) DomainName added in v5.4.0

func (o CertificateOutput) DomainName() pulumi.StringOutput

Fully qualified domain name (FQDN) in the certificate.

func (CertificateOutput) DomainValidationOptions added in v5.4.0

Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g., if SANs are defined. Only set if `DNS`-validation was used.

func (CertificateOutput) EarlyRenewalDuration added in v5.17.0

func (o CertificateOutput) EarlyRenewalDuration() pulumi.StringPtrOutput

Amount of time to start automatic renewal process before expiration. Has no effect if less than 60 days. Represented by either a subset of [RFC 3339 duration](https://www.rfc-editor.org/rfc/rfc3339) supporting years, months, and days (e.g., `P90D`), or a string such as `2160h`.

func (CertificateOutput) ElementType

func (CertificateOutput) ElementType() reflect.Type

func (CertificateOutput) KeyAlgorithm added in v5.22.0

func (o CertificateOutput) KeyAlgorithm() pulumi.StringOutput

Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See [ACM Certificate characteristics](https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms) for more details.

func (CertificateOutput) NotAfter added in v5.12.1

func (o CertificateOutput) NotAfter() pulumi.StringOutput

Expiration date and time of the certificate.

func (CertificateOutput) NotBefore added in v5.12.1

func (o CertificateOutput) NotBefore() pulumi.StringOutput

Start of the validity period of the certificate.

func (CertificateOutput) Options added in v5.4.0

Configuration block used to set certificate options. Detailed below.

func (CertificateOutput) PendingRenewal added in v5.17.0

func (o CertificateOutput) PendingRenewal() pulumi.BoolOutput

`true` if a Private certificate eligible for managed renewal is within the `earlyRenewalDuration` period.

func (CertificateOutput) PrivateKey added in v5.4.0

func (o CertificateOutput) PrivateKey() pulumi.StringPtrOutput

Certificate's PEM-formatted private key

func (CertificateOutput) RenewalEligibility added in v5.17.0

func (o CertificateOutput) RenewalEligibility() pulumi.StringOutput

Whether the certificate is eligible for managed renewal.

func (CertificateOutput) RenewalSummaries added in v5.17.0

Contains information about the status of ACM's [managed renewal](https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html) for the certificate.

func (CertificateOutput) Status added in v5.4.0

Status of the certificate.

func (CertificateOutput) SubjectAlternativeNames added in v5.4.0

func (o CertificateOutput) SubjectAlternativeNames() pulumi.StringArrayOutput

Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list (`[]`)

func (CertificateOutput) Tags added in v5.4.0

Map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.

func (CertificateOutput) TagsAll added in v5.4.0

Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.

func (CertificateOutput) ToCertificateOutput

func (o CertificateOutput) ToCertificateOutput() CertificateOutput

func (CertificateOutput) ToCertificateOutputWithContext

func (o CertificateOutput) ToCertificateOutputWithContext(ctx context.Context) CertificateOutput

func (CertificateOutput) Type added in v5.17.0

Source of the certificate.

func (CertificateOutput) ValidationEmails added in v5.4.0

func (o CertificateOutput) ValidationEmails() pulumi.StringArrayOutput

List of addresses that received a validation email. Only set if `EMAIL` validation was used.

func (CertificateOutput) ValidationMethod added in v5.4.0

func (o CertificateOutput) ValidationMethod() pulumi.StringOutput

Which method to use for validation. `DNS` or `EMAIL` are valid, `NONE` can be used for certificates that were imported into ACM and then into the provider.

func (CertificateOutput) ValidationOptions added in v5.5.0

Configuration block used to specify information about the initial validation of each domain name. Detailed below. * Importing an existing certificate

type CertificateRenewalSummary added in v5.17.0

type CertificateRenewalSummary struct {
	// The status of ACM's managed renewal of the certificate
	RenewalStatus *string `pulumi:"renewalStatus"`
	// The reason that a renewal request was unsuccessful or is pending
	RenewalStatusReason *string `pulumi:"renewalStatusReason"`
	UpdatedAt           *string `pulumi:"updatedAt"`
}

type CertificateRenewalSummaryArgs added in v5.17.0

type CertificateRenewalSummaryArgs struct {
	// The status of ACM's managed renewal of the certificate
	RenewalStatus pulumi.StringPtrInput `pulumi:"renewalStatus"`
	// The reason that a renewal request was unsuccessful or is pending
	RenewalStatusReason pulumi.StringPtrInput `pulumi:"renewalStatusReason"`
	UpdatedAt           pulumi.StringPtrInput `pulumi:"updatedAt"`
}

func (CertificateRenewalSummaryArgs) ElementType added in v5.17.0

func (CertificateRenewalSummaryArgs) ToCertificateRenewalSummaryOutput added in v5.17.0

func (i CertificateRenewalSummaryArgs) ToCertificateRenewalSummaryOutput() CertificateRenewalSummaryOutput

func (CertificateRenewalSummaryArgs) ToCertificateRenewalSummaryOutputWithContext added in v5.17.0

func (i CertificateRenewalSummaryArgs) ToCertificateRenewalSummaryOutputWithContext(ctx context.Context) CertificateRenewalSummaryOutput

type CertificateRenewalSummaryArray added in v5.17.0

type CertificateRenewalSummaryArray []CertificateRenewalSummaryInput

func (CertificateRenewalSummaryArray) ElementType added in v5.17.0

func (CertificateRenewalSummaryArray) ToCertificateRenewalSummaryArrayOutput added in v5.17.0

func (i CertificateRenewalSummaryArray) ToCertificateRenewalSummaryArrayOutput() CertificateRenewalSummaryArrayOutput

func (CertificateRenewalSummaryArray) ToCertificateRenewalSummaryArrayOutputWithContext added in v5.17.0

func (i CertificateRenewalSummaryArray) ToCertificateRenewalSummaryArrayOutputWithContext(ctx context.Context) CertificateRenewalSummaryArrayOutput

type CertificateRenewalSummaryArrayInput added in v5.17.0

type CertificateRenewalSummaryArrayInput interface {
	pulumi.Input

	ToCertificateRenewalSummaryArrayOutput() CertificateRenewalSummaryArrayOutput
	ToCertificateRenewalSummaryArrayOutputWithContext(context.Context) CertificateRenewalSummaryArrayOutput
}

CertificateRenewalSummaryArrayInput is an input type that accepts CertificateRenewalSummaryArray and CertificateRenewalSummaryArrayOutput values. You can construct a concrete instance of `CertificateRenewalSummaryArrayInput` via:

CertificateRenewalSummaryArray{ CertificateRenewalSummaryArgs{...} }

type CertificateRenewalSummaryArrayOutput added in v5.17.0

type CertificateRenewalSummaryArrayOutput struct{ *pulumi.OutputState }

func (CertificateRenewalSummaryArrayOutput) ElementType added in v5.17.0

func (CertificateRenewalSummaryArrayOutput) Index added in v5.17.0

func (CertificateRenewalSummaryArrayOutput) ToCertificateRenewalSummaryArrayOutput added in v5.17.0

func (o CertificateRenewalSummaryArrayOutput) ToCertificateRenewalSummaryArrayOutput() CertificateRenewalSummaryArrayOutput

func (CertificateRenewalSummaryArrayOutput) ToCertificateRenewalSummaryArrayOutputWithContext added in v5.17.0

func (o CertificateRenewalSummaryArrayOutput) ToCertificateRenewalSummaryArrayOutputWithContext(ctx context.Context) CertificateRenewalSummaryArrayOutput

type CertificateRenewalSummaryInput added in v5.17.0

type CertificateRenewalSummaryInput interface {
	pulumi.Input

	ToCertificateRenewalSummaryOutput() CertificateRenewalSummaryOutput
	ToCertificateRenewalSummaryOutputWithContext(context.Context) CertificateRenewalSummaryOutput
}

CertificateRenewalSummaryInput is an input type that accepts CertificateRenewalSummaryArgs and CertificateRenewalSummaryOutput values. You can construct a concrete instance of `CertificateRenewalSummaryInput` via:

CertificateRenewalSummaryArgs{...}

type CertificateRenewalSummaryOutput added in v5.17.0

type CertificateRenewalSummaryOutput struct{ *pulumi.OutputState }

func (CertificateRenewalSummaryOutput) ElementType added in v5.17.0

func (CertificateRenewalSummaryOutput) RenewalStatus added in v5.17.0

The status of ACM's managed renewal of the certificate

func (CertificateRenewalSummaryOutput) RenewalStatusReason added in v5.17.0

func (o CertificateRenewalSummaryOutput) RenewalStatusReason() pulumi.StringPtrOutput

The reason that a renewal request was unsuccessful or is pending

func (CertificateRenewalSummaryOutput) ToCertificateRenewalSummaryOutput added in v5.17.0

func (o CertificateRenewalSummaryOutput) ToCertificateRenewalSummaryOutput() CertificateRenewalSummaryOutput

func (CertificateRenewalSummaryOutput) ToCertificateRenewalSummaryOutputWithContext added in v5.17.0

func (o CertificateRenewalSummaryOutput) ToCertificateRenewalSummaryOutputWithContext(ctx context.Context) CertificateRenewalSummaryOutput

func (CertificateRenewalSummaryOutput) UpdatedAt added in v5.17.0

type CertificateState

type CertificateState struct {
	// ARN of the certificate
	Arn pulumi.StringPtrInput
	// ARN of an ACM PCA
	CertificateAuthorityArn pulumi.StringPtrInput
	// Certificate's PEM-formatted public key
	CertificateBody pulumi.StringPtrInput
	// Certificate's PEM-formatted chain
	// * Creating a private CA issued certificate
	CertificateChain pulumi.StringPtrInput
	// Fully qualified domain name (FQDN) in the certificate.
	DomainName pulumi.StringPtrInput
	// Set of domain validation objects which can be used to complete certificate validation.
	// Can have more than one element, e.g., if SANs are defined.
	// Only set if `DNS`-validation was used.
	DomainValidationOptions CertificateDomainValidationOptionArrayInput
	// Amount of time to start automatic renewal process before expiration.
	// Has no effect if less than 60 days.
	// Represented by either
	// a subset of [RFC 3339 duration](https://www.rfc-editor.org/rfc/rfc3339) supporting years, months, and days (e.g., `P90D`),
	// or a string such as `2160h`.
	EarlyRenewalDuration pulumi.StringPtrInput
	// Specifies the algorithm of the public and private key pair that your Amazon issued certificate uses to encrypt data. See [ACM Certificate characteristics](https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms) for more details.
	KeyAlgorithm pulumi.StringPtrInput
	// Expiration date and time of the certificate.
	NotAfter pulumi.StringPtrInput
	// Start of the validity period of the certificate.
	NotBefore pulumi.StringPtrInput
	// Configuration block used to set certificate options. Detailed below.
	Options CertificateOptionsPtrInput
	// `true` if a Private certificate eligible for managed renewal is within the `earlyRenewalDuration` period.
	PendingRenewal pulumi.BoolPtrInput
	// Certificate's PEM-formatted private key
	PrivateKey pulumi.StringPtrInput
	// Whether the certificate is eligible for managed renewal.
	RenewalEligibility pulumi.StringPtrInput
	// Contains information about the status of ACM's [managed renewal](https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html) for the certificate.
	RenewalSummaries CertificateRenewalSummaryArrayInput
	// Status of the certificate.
	Status pulumi.StringPtrInput
	// Set of domains that should be SANs in the issued certificate.
	// To remove all elements of a previously configured list, set this value equal to an empty list (`[]`)
	SubjectAlternativeNames pulumi.StringArrayInput
	// Map of tags to assign to the resource. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
	// Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	TagsAll pulumi.StringMapInput
	// Source of the certificate.
	Type pulumi.StringPtrInput
	// List of addresses that received a validation email. Only set if `EMAIL` validation was used.
	ValidationEmails pulumi.StringArrayInput
	// Which method to use for validation. `DNS` or `EMAIL` are valid, `NONE` can be used for certificates that were imported into ACM and then into the provider.
	ValidationMethod pulumi.StringPtrInput
	// Configuration block used to specify information about the initial validation of each domain name. Detailed below.
	// * Importing an existing certificate
	ValidationOptions CertificateValidationOptionArrayInput
}

func (CertificateState) ElementType

func (CertificateState) ElementType() reflect.Type

type CertificateValidation

type CertificateValidation struct {
	pulumi.CustomResourceState

	// ARN of the certificate that is being validated.
	CertificateArn pulumi.StringOutput `pulumi:"certificateArn"`
	// List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation
	ValidationRecordFqdns pulumi.StringArrayOutput `pulumi:"validationRecordFqdns"`
}

This resource represents a successful validation of an ACM certificate in concert with other resources.

Most commonly, this resource is used together with `route53.Record` and `acm.Certificate` to request a DNS validated certificate, deploy the required validation records and wait for validation to complete.

> **WARNING:** This resource implements a part of the validation workflow. It does not represent a real-world entity in AWS, therefore changing or deleting this resource on its own has no immediate effect.

## Example Usage ### DNS Validation with Route 53 ```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acm"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/route53"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
        exampleCertificate, err := acm.NewCertificate(ctx, "exampleCertificate", &acm.CertificateArgs{
            DomainName:       pulumi.String("example.com"),
            ValidationMethod: pulumi.String("DNS"),
        })
        if err != nil {
            return err
        }

        exampleZone, err := route53.LookupZone(ctx, &route53.LookupZoneArgs{
            Name:        pulumi.StringRef("example.com"),
            PrivateZone: pulumi.BoolRef(false),
        }, nil)
        if err != nil {
            return err
        }

        domainValidationOption := exampleCertificate.DomainValidationOptions.ApplyT(func(options []acm.CertificateDomainValidationOption) interface{} {
            return options[0]
        })

        certValidation, err := route53.NewRecord(ctx, "certValidation", &route53.RecordArgs{
            Name: domainValidationOption.ApplyT(func(option interface{}) string {
                return *option.(acm.CertificateDomainValidationOption).ResourceRecordName
            }).(pulumi.StringOutput),
            Type: domainValidationOption.ApplyT(func(option interface{}) string {
                return *option.(acm.CertificateDomainValidationOption).ResourceRecordType
            }).(pulumi.StringOutput),
            Records: pulumi.StringArray{
                domainValidationOption.ApplyT(func(option interface{}) string {
                    return *option.(acm.CertificateDomainValidationOption).ResourceRecordValue
                }).(pulumi.StringOutput),
            },
            Ttl:    pulumi.Int(10 * 60),
            ZoneId: pulumi.String(exampleZone.ZoneId),
        })
        if err != nil {
            return err
        }

        certCertificateValidation, err := acm.NewCertificateValidation(ctx, "cert", &acm.CertificateValidationArgs{
            CertificateArn: exampleCertificate.Arn,
            ValidationRecordFqdns: pulumi.StringArray{
                certValidation.Fqdn,
            },
        })
        if err != nil {
            return err
        }

        ctx.Export("certificateArn", certCertificateValidation.CertificateArn)

        return nil
    })
}

``` ### Email Validation ```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
        exampleCertificate, err := acm.NewCertificate(ctx, "exampleCertificate", &acm.CertificateArgs{
            DomainName: pulumi.String("example.com"),
            ValidationMethod: pulumi.String("EMAIL"),
        })
        if err != nil {
            return err
        }

        _, err = acm.NewCertificateValidation(ctx, "exampleCertificateValidation", &acm.CertificateValidationArgs{
            CertificateArn: exampleCertificate.Arn,
        })
        if err != nil {
            return err
        }
		return nil
	})
}

```

{{% //examples %}}

func GetCertificateValidation

func GetCertificateValidation(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CertificateValidationState, opts ...pulumi.ResourceOption) (*CertificateValidation, error)

GetCertificateValidation gets an existing CertificateValidation resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCertificateValidation

func NewCertificateValidation(ctx *pulumi.Context,
	name string, args *CertificateValidationArgs, opts ...pulumi.ResourceOption) (*CertificateValidation, error)

NewCertificateValidation registers a new resource with the given unique name, arguments, and options.

func (*CertificateValidation) ElementType

func (*CertificateValidation) ElementType() reflect.Type

func (*CertificateValidation) ToCertificateValidationOutput

func (i *CertificateValidation) ToCertificateValidationOutput() CertificateValidationOutput

func (*CertificateValidation) ToCertificateValidationOutputWithContext

func (i *CertificateValidation) ToCertificateValidationOutputWithContext(ctx context.Context) CertificateValidationOutput

type CertificateValidationArgs

type CertificateValidationArgs struct {
	// ARN of the certificate that is being validated.
	CertificateArn pulumi.StringInput
	// List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation
	ValidationRecordFqdns pulumi.StringArrayInput
}

The set of arguments for constructing a CertificateValidation resource.

func (CertificateValidationArgs) ElementType

func (CertificateValidationArgs) ElementType() reflect.Type

type CertificateValidationArray

type CertificateValidationArray []CertificateValidationInput

func (CertificateValidationArray) ElementType

func (CertificateValidationArray) ElementType() reflect.Type

func (CertificateValidationArray) ToCertificateValidationArrayOutput

func (i CertificateValidationArray) ToCertificateValidationArrayOutput() CertificateValidationArrayOutput

func (CertificateValidationArray) ToCertificateValidationArrayOutputWithContext

func (i CertificateValidationArray) ToCertificateValidationArrayOutputWithContext(ctx context.Context) CertificateValidationArrayOutput

type CertificateValidationArrayInput

type CertificateValidationArrayInput interface {
	pulumi.Input

	ToCertificateValidationArrayOutput() CertificateValidationArrayOutput
	ToCertificateValidationArrayOutputWithContext(context.Context) CertificateValidationArrayOutput
}

CertificateValidationArrayInput is an input type that accepts CertificateValidationArray and CertificateValidationArrayOutput values. You can construct a concrete instance of `CertificateValidationArrayInput` via:

CertificateValidationArray{ CertificateValidationArgs{...} }

type CertificateValidationArrayOutput

type CertificateValidationArrayOutput struct{ *pulumi.OutputState }

func (CertificateValidationArrayOutput) ElementType

func (CertificateValidationArrayOutput) Index

func (CertificateValidationArrayOutput) ToCertificateValidationArrayOutput

func (o CertificateValidationArrayOutput) ToCertificateValidationArrayOutput() CertificateValidationArrayOutput

func (CertificateValidationArrayOutput) ToCertificateValidationArrayOutputWithContext

func (o CertificateValidationArrayOutput) ToCertificateValidationArrayOutputWithContext(ctx context.Context) CertificateValidationArrayOutput

type CertificateValidationInput

type CertificateValidationInput interface {
	pulumi.Input

	ToCertificateValidationOutput() CertificateValidationOutput
	ToCertificateValidationOutputWithContext(ctx context.Context) CertificateValidationOutput
}

type CertificateValidationMap

type CertificateValidationMap map[string]CertificateValidationInput

func (CertificateValidationMap) ElementType

func (CertificateValidationMap) ElementType() reflect.Type

func (CertificateValidationMap) ToCertificateValidationMapOutput

func (i CertificateValidationMap) ToCertificateValidationMapOutput() CertificateValidationMapOutput

func (CertificateValidationMap) ToCertificateValidationMapOutputWithContext

func (i CertificateValidationMap) ToCertificateValidationMapOutputWithContext(ctx context.Context) CertificateValidationMapOutput

type CertificateValidationMapInput

type CertificateValidationMapInput interface {
	pulumi.Input

	ToCertificateValidationMapOutput() CertificateValidationMapOutput
	ToCertificateValidationMapOutputWithContext(context.Context) CertificateValidationMapOutput
}

CertificateValidationMapInput is an input type that accepts CertificateValidationMap and CertificateValidationMapOutput values. You can construct a concrete instance of `CertificateValidationMapInput` via:

CertificateValidationMap{ "key": CertificateValidationArgs{...} }

type CertificateValidationMapOutput

type CertificateValidationMapOutput struct{ *pulumi.OutputState }

func (CertificateValidationMapOutput) ElementType

func (CertificateValidationMapOutput) MapIndex

func (CertificateValidationMapOutput) ToCertificateValidationMapOutput

func (o CertificateValidationMapOutput) ToCertificateValidationMapOutput() CertificateValidationMapOutput

func (CertificateValidationMapOutput) ToCertificateValidationMapOutputWithContext

func (o CertificateValidationMapOutput) ToCertificateValidationMapOutputWithContext(ctx context.Context) CertificateValidationMapOutput

type CertificateValidationOption added in v5.5.0

type CertificateValidationOption struct {
	// Fully qualified domain name (FQDN) in the certificate.
	DomainName string `pulumi:"domainName"`
	// Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the `domainName` value or a superdomain of the `domainName` value. For example, if you request a certificate for `"testing.example.com"`, you can specify `"example.com"` for this value.
	ValidationDomain string `pulumi:"validationDomain"`
}

type CertificateValidationOptionArgs added in v5.5.0

type CertificateValidationOptionArgs struct {
	// Fully qualified domain name (FQDN) in the certificate.
	DomainName pulumi.StringInput `pulumi:"domainName"`
	// Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the `domainName` value or a superdomain of the `domainName` value. For example, if you request a certificate for `"testing.example.com"`, you can specify `"example.com"` for this value.
	ValidationDomain pulumi.StringInput `pulumi:"validationDomain"`
}

func (CertificateValidationOptionArgs) ElementType added in v5.5.0

func (CertificateValidationOptionArgs) ToCertificateValidationOptionOutput added in v5.5.0

func (i CertificateValidationOptionArgs) ToCertificateValidationOptionOutput() CertificateValidationOptionOutput

func (CertificateValidationOptionArgs) ToCertificateValidationOptionOutputWithContext added in v5.5.0

func (i CertificateValidationOptionArgs) ToCertificateValidationOptionOutputWithContext(ctx context.Context) CertificateValidationOptionOutput

type CertificateValidationOptionArray added in v5.5.0

type CertificateValidationOptionArray []CertificateValidationOptionInput

func (CertificateValidationOptionArray) ElementType added in v5.5.0

func (CertificateValidationOptionArray) ToCertificateValidationOptionArrayOutput added in v5.5.0

func (i CertificateValidationOptionArray) ToCertificateValidationOptionArrayOutput() CertificateValidationOptionArrayOutput

func (CertificateValidationOptionArray) ToCertificateValidationOptionArrayOutputWithContext added in v5.5.0

func (i CertificateValidationOptionArray) ToCertificateValidationOptionArrayOutputWithContext(ctx context.Context) CertificateValidationOptionArrayOutput

type CertificateValidationOptionArrayInput added in v5.5.0

type CertificateValidationOptionArrayInput interface {
	pulumi.Input

	ToCertificateValidationOptionArrayOutput() CertificateValidationOptionArrayOutput
	ToCertificateValidationOptionArrayOutputWithContext(context.Context) CertificateValidationOptionArrayOutput
}

CertificateValidationOptionArrayInput is an input type that accepts CertificateValidationOptionArray and CertificateValidationOptionArrayOutput values. You can construct a concrete instance of `CertificateValidationOptionArrayInput` via:

CertificateValidationOptionArray{ CertificateValidationOptionArgs{...} }

type CertificateValidationOptionArrayOutput added in v5.5.0

type CertificateValidationOptionArrayOutput struct{ *pulumi.OutputState }

func (CertificateValidationOptionArrayOutput) ElementType added in v5.5.0

func (CertificateValidationOptionArrayOutput) Index added in v5.5.0

func (CertificateValidationOptionArrayOutput) ToCertificateValidationOptionArrayOutput added in v5.5.0

func (o CertificateValidationOptionArrayOutput) ToCertificateValidationOptionArrayOutput() CertificateValidationOptionArrayOutput

func (CertificateValidationOptionArrayOutput) ToCertificateValidationOptionArrayOutputWithContext added in v5.5.0

func (o CertificateValidationOptionArrayOutput) ToCertificateValidationOptionArrayOutputWithContext(ctx context.Context) CertificateValidationOptionArrayOutput

type CertificateValidationOptionInput added in v5.5.0

type CertificateValidationOptionInput interface {
	pulumi.Input

	ToCertificateValidationOptionOutput() CertificateValidationOptionOutput
	ToCertificateValidationOptionOutputWithContext(context.Context) CertificateValidationOptionOutput
}

CertificateValidationOptionInput is an input type that accepts CertificateValidationOptionArgs and CertificateValidationOptionOutput values. You can construct a concrete instance of `CertificateValidationOptionInput` via:

CertificateValidationOptionArgs{...}

type CertificateValidationOptionOutput added in v5.5.0

type CertificateValidationOptionOutput struct{ *pulumi.OutputState }

func (CertificateValidationOptionOutput) DomainName added in v5.5.0

Fully qualified domain name (FQDN) in the certificate.

func (CertificateValidationOptionOutput) ElementType added in v5.5.0

func (CertificateValidationOptionOutput) ToCertificateValidationOptionOutput added in v5.5.0

func (o CertificateValidationOptionOutput) ToCertificateValidationOptionOutput() CertificateValidationOptionOutput

func (CertificateValidationOptionOutput) ToCertificateValidationOptionOutputWithContext added in v5.5.0

func (o CertificateValidationOptionOutput) ToCertificateValidationOptionOutputWithContext(ctx context.Context) CertificateValidationOptionOutput

func (CertificateValidationOptionOutput) ValidationDomain added in v5.5.0

Domain name that you want ACM to use to send you validation emails. This domain name is the suffix of the email addresses that you want ACM to use. This must be the same as the `domainName` value or a superdomain of the `domainName` value. For example, if you request a certificate for `"testing.example.com"`, you can specify `"example.com"` for this value.

type CertificateValidationOutput

type CertificateValidationOutput struct{ *pulumi.OutputState }

func (CertificateValidationOutput) CertificateArn added in v5.4.0

func (o CertificateValidationOutput) CertificateArn() pulumi.StringOutput

ARN of the certificate that is being validated.

func (CertificateValidationOutput) ElementType

func (CertificateValidationOutput) ToCertificateValidationOutput

func (o CertificateValidationOutput) ToCertificateValidationOutput() CertificateValidationOutput

func (CertificateValidationOutput) ToCertificateValidationOutputWithContext

func (o CertificateValidationOutput) ToCertificateValidationOutputWithContext(ctx context.Context) CertificateValidationOutput

func (CertificateValidationOutput) ValidationRecordFqdns added in v5.4.0

func (o CertificateValidationOutput) ValidationRecordFqdns() pulumi.StringArrayOutput

List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation

type CertificateValidationState

type CertificateValidationState struct {
	// ARN of the certificate that is being validated.
	CertificateArn pulumi.StringPtrInput
	// List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation
	ValidationRecordFqdns pulumi.StringArrayInput
}

func (CertificateValidationState) ElementType

func (CertificateValidationState) ElementType() reflect.Type

type LookupCertificateArgs

type LookupCertificateArgs struct {
	// Domain of the certificate to look up. If no certificate is found with this name, an error will be returned.
	Domain string `pulumi:"domain"`
	// List of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. See the [ACM API Reference](https://docs.aws.amazon.com/acm/latest/APIReference/API_CertificateDetail.html#ACM-Type-CertificateDetail-KeyAlgorithm) for supported key algorithms.
	KeyTypes []string `pulumi:"keyTypes"`
	// If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.
	MostRecent *bool `pulumi:"mostRecent"`
	// List of statuses on which to filter the returned list. Valid values are `PENDING_VALIDATION`, `ISSUED`,
	// `INACTIVE`, `EXPIRED`, `VALIDATION_TIMED_OUT`, `REVOKED` and `FAILED`. If no value is specified, only certificates in the `ISSUED` state
	// are returned.
	Statuses []string `pulumi:"statuses"`
	// Mapping of tags for the resource.
	Tags map[string]string `pulumi:"tags"`
	// List of types on which to filter the returned list. Valid values are `AMAZON_ISSUED`, `PRIVATE`, and `IMPORTED`.
	Types []string `pulumi:"types"`
}

A collection of arguments for invoking getCertificate.

type LookupCertificateOutputArgs

type LookupCertificateOutputArgs struct {
	// Domain of the certificate to look up. If no certificate is found with this name, an error will be returned.
	Domain pulumi.StringInput `pulumi:"domain"`
	// List of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. See the [ACM API Reference](https://docs.aws.amazon.com/acm/latest/APIReference/API_CertificateDetail.html#ACM-Type-CertificateDetail-KeyAlgorithm) for supported key algorithms.
	KeyTypes pulumi.StringArrayInput `pulumi:"keyTypes"`
	// If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.
	MostRecent pulumi.BoolPtrInput `pulumi:"mostRecent"`
	// List of statuses on which to filter the returned list. Valid values are `PENDING_VALIDATION`, `ISSUED`,
	// `INACTIVE`, `EXPIRED`, `VALIDATION_TIMED_OUT`, `REVOKED` and `FAILED`. If no value is specified, only certificates in the `ISSUED` state
	// are returned.
	Statuses pulumi.StringArrayInput `pulumi:"statuses"`
	// Mapping of tags for the resource.
	Tags pulumi.StringMapInput `pulumi:"tags"`
	// List of types on which to filter the returned list. Valid values are `AMAZON_ISSUED`, `PRIVATE`, and `IMPORTED`.
	Types pulumi.StringArrayInput `pulumi:"types"`
}

A collection of arguments for invoking getCertificate.

func (LookupCertificateOutputArgs) ElementType

type LookupCertificateResult

type LookupCertificateResult struct {
	// ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.
	Arn string `pulumi:"arn"`
	// ACM-issued certificate.
	Certificate string `pulumi:"certificate"`
	// Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
	CertificateChain string `pulumi:"certificateChain"`
	Domain           string `pulumi:"domain"`
	// The provider-assigned unique ID for this managed resource.
	Id         string   `pulumi:"id"`
	KeyTypes   []string `pulumi:"keyTypes"`
	MostRecent *bool    `pulumi:"mostRecent"`
	// Status of the found certificate.
	Status   string   `pulumi:"status"`
	Statuses []string `pulumi:"statuses"`
	// Mapping of tags for the resource.
	Tags  map[string]string `pulumi:"tags"`
	Types []string          `pulumi:"types"`
}

A collection of values returned by getCertificate.

func LookupCertificate

func LookupCertificate(ctx *pulumi.Context, args *LookupCertificateArgs, opts ...pulumi.InvokeOption) (*LookupCertificateResult, error)

Use this data source to get the ARN of a certificate in AWS Certificate Manager (ACM), you can reference it by domain without having to hard code the ARNs as input.

## Example Usage

```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acm"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err = acm.LookupCertificate(ctx, &acm.LookupCertificateArgs{
			Domain: "tf.example.com",
			Statuses: []string{
				"ISSUED",
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = acm.LookupCertificate(ctx, &acm.LookupCertificateArgs{
			Domain:     "tf.example.com",
			MostRecent: pulumi.BoolRef(true),
			Types: []string{
				"AMAZON_ISSUED",
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = acm.LookupCertificate(ctx, &acm.LookupCertificateArgs{
			Domain: "tf.example.com",
			KeyTypes: []string{
				"RSA_4096",
			},
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupCertificateResultOutput

type LookupCertificateResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getCertificate.

func (LookupCertificateResultOutput) Arn

ARN of the found certificate, suitable for referencing in other resources that support ACM certificates.

func (LookupCertificateResultOutput) Certificate added in v5.5.0

ACM-issued certificate.

func (LookupCertificateResultOutput) CertificateChain added in v5.5.0

func (o LookupCertificateResultOutput) CertificateChain() pulumi.StringOutput

Certificates forming the requested ACM-issued certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.

func (LookupCertificateResultOutput) Domain

func (LookupCertificateResultOutput) ElementType

func (LookupCertificateResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (LookupCertificateResultOutput) KeyTypes

func (LookupCertificateResultOutput) MostRecent

func (LookupCertificateResultOutput) Status

Status of the found certificate.

func (LookupCertificateResultOutput) Statuses

func (LookupCertificateResultOutput) Tags

Mapping of tags for the resource.

func (LookupCertificateResultOutput) ToLookupCertificateResultOutput

func (o LookupCertificateResultOutput) ToLookupCertificateResultOutput() LookupCertificateResultOutput

func (LookupCertificateResultOutput) ToLookupCertificateResultOutputWithContext

func (o LookupCertificateResultOutput) ToLookupCertificateResultOutputWithContext(ctx context.Context) LookupCertificateResultOutput

func (LookupCertificateResultOutput) Types

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL