Server
data class ServerCertificateArgs(val certificateBody: Output<String>? = null, val certificateChain: Output<String>? = null, val name: Output<String>? = null, val namePrefix: Output<String>? = null, val path: Output<String>? = null, val privateKey: Output<String>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<ServerCertificateArgs>
Provides an IAM Server Certificate resource to upload Server Certificates. Certs uploaded to IAM can easily work with other AWS services such as:
AWS Elastic Beanstalk
Elastic Load Balancing
CloudFront
AWS OpsWorks For information about server certificates in IAM, see 2 in AWS Documentation.
Example Usage
Using certs on file:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as std from "@pulumi/std";
const testCert = new aws.iam.ServerCertificate("test_cert", {
name: "some_test_cert",
certificateBody: std.file({
input: "self-ca-cert.pem",
}).then(invoke => invoke.result),
privateKey: std.file({
input: "test-key.pem",
}).then(invoke => invoke.result),
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
import pulumi_std as std
test_cert = aws.iam.ServerCertificate("test_cert",
name="some_test_cert",
certificate_body=std.file(input="self-ca-cert.pem").result,
private_key=std.file(input="test-key.pem").result)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var testCert = new Aws.Iam.ServerCertificate("test_cert", new()
{
Name = "some_test_cert",
CertificateBody = Std.File.Invoke(new()
{
Input = "self-ca-cert.pem",
}).Apply(invoke => invoke.Result),
PrivateKey = Std.File.Invoke(new()
{
Input = "test-key.pem",
}).Apply(invoke => invoke.Result),
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "self-ca-cert.pem",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, &std.FileArgs{
Input: "test-key.pem",
}, nil)
if err != nil {
return err
}
_, err = iam.NewServerCertificate(ctx, "test_cert", &iam.ServerCertificateArgs{
Name: pulumi.String("some_test_cert"),
CertificateBody: pulumi.String(invokeFile.Result),
PrivateKey: pulumi.String(invokeFile1.Result),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.ServerCertificate;
import com.pulumi.aws.iam.ServerCertificateArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.std.inputs.FileArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testCert = new ServerCertificate("testCert", ServerCertificateArgs.builder()
.name("some_test_cert")
.certificateBody(StdFunctions.file(FileArgs.builder()
.input("self-ca-cert.pem")
.build()).result())
.privateKey(StdFunctions.file(FileArgs.builder()
.input("test-key.pem")
.build()).result())
.build());
}
}Content copied to clipboard
resources:
testCert:
type: aws:iam:ServerCertificate
name: test_cert
properties:
name: some_test_cert
certificateBody:
fn::invoke:
function: std:file
arguments:
input: self-ca-cert.pem
return: result
privateKey:
fn::invoke:
function: std:file
arguments:
input: test-key.pem
return: resultContent copied to clipboard
Example with cert in-line:
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const testCertAlt = new aws.iam.ServerCertificate("test_cert_alt", {
name: "alt_test_cert",
certificateBody: `-----BEGIN CERTIFICATE-----
[......] # cert contents
-----END CERTIFICATE-----
`,
privateKey: `-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----
`,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
test_cert_alt = aws.iam.ServerCertificate("test_cert_alt",
name="alt_test_cert",
certificate_body="""-----BEGIN CERTIFICATE-----
[......] # cert contents
-----END CERTIFICATE-----
""",
private_key="""-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----
""")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var testCertAlt = new Aws.Iam.ServerCertificate("test_cert_alt", new()
{
Name = "alt_test_cert",
CertificateBody = @"-----BEGIN CERTIFICATE-----
[......] # cert contents
-----END CERTIFICATE-----
",
PrivateKey = @"-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----
",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := iam.NewServerCertificate(ctx, "test_cert_alt", &iam.ServerCertificateArgs{
Name: pulumi.String("alt_test_cert"),
CertificateBody: pulumi.String("-----BEGIN CERTIFICATE-----\n[......] # cert contents\n-----END CERTIFICATE-----\n"),
PrivateKey: pulumi.String("-----BEGIN RSA PRIVATE KEY-----\n[......] # cert contents\n-----END RSA PRIVATE KEY-----\n"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.ServerCertificate;
import com.pulumi.aws.iam.ServerCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var testCertAlt = new ServerCertificate("testCertAlt", ServerCertificateArgs.builder()
.name("alt_test_cert")
.certificateBody("""
-----BEGIN CERTIFICATE-----
[......] # cert contents
-----END CERTIFICATE-----
""")
.privateKey("""
-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----
""")
.build());
}
}Content copied to clipboard
resources:
testCertAlt:
type: aws:iam:ServerCertificate
name: test_cert_alt
properties:
name: alt_test_cert
certificateBody: |
-----BEGIN CERTIFICATE-----
[......] # cert contents
-----END CERTIFICATE-----
privateKey: |
-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----Content copied to clipboard
Use in combination with an AWS ELB resource: Some properties of an IAM Server Certificates cannot be updated while they are in use. In order for the provider to effectively manage a Certificate in this situation, it is recommended you utilize the name_prefix attribute and enable the create_before_destroy. This will allow this provider to create a new, updated aws.iam.ServerCertificate resource and replace it in dependant resources before attempting to destroy the old version.
Import
Using pulumi import, import IAM Server Certificates using the name. For example:
$ pulumi import aws:iam/serverCertificate:ServerCertificate certificate example.com-certificate-until-2018Content copied to clipboard
Properties
Link copied to clipboard
The contents of the public key certificate in PEM-encoded format.
Link copied to clipboard
The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
Link copied to clipboard
Creates a unique name beginning with the specified prefix. Conflicts with name.
Link copied to clipboard
The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
Link copied to clipboard
The contents of the private key in PEM-encoded format.