Certificate
data class CertificateArgs(val apiPassthrough: Output<String>? = null, val certificateAuthorityArn: Output<String>? = null, val certificateSigningRequest: Output<String>? = null, val signingAlgorithm: Output<String>? = null, val templateArn: Output<String>? = null, val validity: Output<CertificateValidityArgs>? = null) : ConvertibleToJava<CertificateArgs>
Provides a resource to issue a certificate using AWS Certificate Manager Private Certificate Authority (ACM PCA). Certificates created using aws.acmpca.Certificate are not eligible for automatic renewal, and must be replaced instead. To issue a renewable certificate using an ACM PCA, create a aws.acm.Certificate with the parameter certificate_authority_arn.
Example Usage
Basic
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as tls from "@pulumi/tls";
const exampleCertificateAuthority = new aws.acmpca.CertificateAuthority("example", {
certificateAuthorityConfiguration: {
keyAlgorithm: "RSA_4096",
signingAlgorithm: "SHA512WITHRSA",
subject: {
commonName: "example.com",
},
},
permanentDeletionTimeInDays: 7,
});
const key = new tls.index.PrivateKey("key", {algorithm: "RSA"});
const csr = new tls.index.CertRequest("csr", {
privateKeyPem: key.privateKeyPem,
subject: [{
commonName: "example",
}],
});
const example = new aws.acmpca.Certificate("example", {
certificateAuthorityArn: exampleCertificateAuthority.arn,
certificateSigningRequest: csr.certRequestPem,
signingAlgorithm: "SHA256WITHRSA",
validity: {
type: "YEARS",
value: "1",
},
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
import pulumi_tls as tls
example_certificate_authority = aws.acmpca.CertificateAuthority("example",
certificate_authority_configuration={
"key_algorithm": "RSA_4096",
"signing_algorithm": "SHA512WITHRSA",
"subject": {
"common_name": "example.com",
},
},
permanent_deletion_time_in_days=7)
key = tls.index.PrivateKey("key", algorithm=RSA)
csr = tls.index.CertRequest("csr",
private_key_pem=key.private_key_pem,
subject=[{
commonName: example,
}])
example = aws.acmpca.Certificate("example",
certificate_authority_arn=example_certificate_authority.arn,
certificate_signing_request=csr["certRequestPem"],
signing_algorithm="SHA256WITHRSA",
validity={
"type": "YEARS",
"value": "1",
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Tls = Pulumi.Tls;
return await Deployment.RunAsync(() =>
{
var exampleCertificateAuthority = new Aws.Acmpca.CertificateAuthority("example", new()
{
CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
{
KeyAlgorithm = "RSA_4096",
SigningAlgorithm = "SHA512WITHRSA",
Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
{
CommonName = "example.com",
},
},
PermanentDeletionTimeInDays = 7,
});
var key = new Tls.Index.PrivateKey("key", new()
{
Algorithm = "RSA",
});
var csr = new Tls.Index.CertRequest("csr", new()
{
PrivateKeyPem = key.PrivateKeyPem,
Subject = new[]
{
{
{ "commonName", "example" },
},
},
});
var example = new Aws.Acmpca.Certificate("example", new()
{
CertificateAuthorityArn = exampleCertificateAuthority.Arn,
CertificateSigningRequest = csr.CertRequestPem,
SigningAlgorithm = "SHA256WITHRSA",
Validity = new Aws.Acmpca.Inputs.CertificateValidityArgs
{
Type = "YEARS",
Value = "1",
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleCertificateAuthority, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{
CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
KeyAlgorithm: pulumi.String("RSA_4096"),
SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
CommonName: pulumi.String("example.com"),
},
},
PermanentDeletionTimeInDays: pulumi.Int(7),
})
if err != nil {
return err
}
key, err := tls.NewPrivateKey(ctx, "key", &tls.PrivateKeyArgs{
Algorithm: "RSA",
})
if err != nil {
return err
}
csr, err := tls.NewCertRequest(ctx, "csr", &tls.CertRequestArgs{
PrivateKeyPem: key.PrivateKeyPem,
Subject: []map[string]interface{}{
map[string]interface{}{
"commonName": "example",
},
},
})
if err != nil {
return err
}
_, err = acmpca.NewCertificate(ctx, "example", &acmpca.CertificateArgs{
CertificateAuthorityArn: exampleCertificateAuthority.Arn,
CertificateSigningRequest: csr.CertRequestPem,
SigningAlgorithm: pulumi.String("SHA256WITHRSA"),
Validity: &acmpca.CertificateValidityArgs{
Type: pulumi.String("YEARS"),
Value: pulumi.String("1"),
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.CertificateAuthority;
import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
import com.pulumi.tls.privateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.certRequest;
import com.pulumi.tls.CertRequestArgs;
import com.pulumi.aws.acmpca.Certificate;
import com.pulumi.aws.acmpca.CertificateArgs;
import com.pulumi.aws.acmpca.inputs.CertificateValidityArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleCertificateAuthority = new CertificateAuthority("exampleCertificateAuthority", CertificateAuthorityArgs.builder()
.certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
.keyAlgorithm("RSA_4096")
.signingAlgorithm("SHA512WITHRSA")
.subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
.commonName("example.com")
.build())
.build())
.permanentDeletionTimeInDays(7)
.build());
var key = new PrivateKey("key", PrivateKeyArgs.builder()
.algorithm("RSA")
.build());
var csr = new CertRequest("csr", CertRequestArgs.builder()
.privateKeyPem(key.privateKeyPem())
.subject(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.build());
var example = new Certificate("example", CertificateArgs.builder()
.certificateAuthorityArn(exampleCertificateAuthority.arn())
.certificateSigningRequest(csr.certRequestPem())
.signingAlgorithm("SHA256WITHRSA")
.validity(CertificateValidityArgs.builder()
.type("YEARS")
.value(1)
.build())
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:acmpca:Certificate
properties:
certificateAuthorityArn: ${exampleCertificateAuthority.arn}
certificateSigningRequest: ${csr.certRequestPem}
signingAlgorithm: SHA256WITHRSA
validity:
type: YEARS
value: 1
exampleCertificateAuthority:
type: aws:acmpca:CertificateAuthority
name: example
properties:
certificateAuthorityConfiguration:
keyAlgorithm: RSA_4096
signingAlgorithm: SHA512WITHRSA
subject:
commonName: example.com
permanentDeletionTimeInDays: 7
key:
type: tls:privateKey
properties:
algorithm: RSA
csr:
type: tls:certRequest
properties:
privateKeyPem: ${key.privateKeyPem}
subject:
- commonName: exampleContent copied to clipboard
Import
Using pulumi import, import ACM PCA Certificates using their ARN. For example:
$ pulumi import aws:acmpca/certificate:Certificate cert arn:aws:acm-pca:eu-west-1:675225743824:certificate-authority/08319ede-83g9-1400-8f21-c7d12b2b6edb/certificate/a4e9c2aa4bcfab625g1b9136464cd3aContent copied to clipboard
Properties
Link copied to clipboard
Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
Link copied to clipboard
ARN of the certificate authority.
Link copied to clipboard
Certificate Signing Request in PEM format.
Link copied to clipboard
Algorithm to use to sign certificate requests. Valid values: SHA256WITHRSA, SHA256WITHECDSA, SHA384WITHRSA, SHA384WITHECDSA, SHA512WITHRSA, SHA512WITHECDSA.
Link copied to clipboard
Template to use when issuing a certificate. See ACM PCA Documentation for more information.
Link copied to clipboard
Configures end of the validity period for the certificate. See validity block below.