AWS v6.71.0, Mar 7 25

AWS v6.71.0 published on Friday, Mar 7, 2025 by Pulumi

aws.iot.CaCertificate

Explore with Pulumi AI

AWS v6.71.0 published on Friday, Mar 7, 2025 by Pulumi

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as tls from "@pulumi/tls";

const caPrivateKey = new tls.index.PrivateKey("ca", {algorithm: "RSA"});
const ca = new tls.index.SelfSignedCert("ca", {
    privateKeyPem: caPrivateKey.privateKeyPem,
    subject: [{
        commonName: "example.com",
        organization: "ACME Examples, Inc",
    }],
    validityPeriodHours: 12,
    allowedUses: [
        "key_encipherment",
        "digital_signature",
        "server_auth",
    ],
    isCaCertificate: true,
});
const verificationPrivateKey = new tls.index.PrivateKey("verification", {algorithm: "RSA"});
const example = aws.iot.getRegistrationCode({});
const verification = new tls.index.CertRequest("verification", {
    privateKeyPem: verificationPrivateKey.privateKeyPem,
    subject: [{
        commonName: example.registrationCode,
    }],
});
const verificationLocallySignedCert = new tls.index.LocallySignedCert("verification", {
    certRequestPem: verification.certRequestPem,
    caPrivateKeyPem: caPrivateKey.privateKeyPem,
    caCertPem: ca.certPem,
    validityPeriodHours: 12,
    allowedUses: [
        "key_encipherment",
        "digital_signature",
        "server_auth",
    ],
});
const exampleCaCertificate = new aws.iot.CaCertificate("example", {
    active: true,
    caCertificatePem: ca.certPem,
    verificationCertificatePem: verificationLocallySignedCert.certPem,
    allowAutoRegistration: true,
});

import pulumi
import pulumi_aws as aws
import pulumi_tls as tls

ca_private_key = tls.index.PrivateKey("ca", algorithm=RSA)
ca = tls.index.SelfSignedCert("ca",
    private_key_pem=ca_private_key.private_key_pem,
    subject=[{
        commonName: example.com,
        organization: ACME Examples, Inc,
    }],
    validity_period_hours=12,
    allowed_uses=[
        key_encipherment,
        digital_signature,
        server_auth,
    ],
    is_ca_certificate=True)
verification_private_key = tls.index.PrivateKey("verification", algorithm=RSA)
example = aws.iot.get_registration_code()
verification = tls.index.CertRequest("verification",
    private_key_pem=verification_private_key.private_key_pem,
    subject=[{
        commonName: example.registration_code,
    }])
verification_locally_signed_cert = tls.index.LocallySignedCert("verification",
    cert_request_pem=verification.cert_request_pem,
    ca_private_key_pem=ca_private_key.private_key_pem,
    ca_cert_pem=ca.cert_pem,
    validity_period_hours=12,
    allowed_uses=[
        key_encipherment,
        digital_signature,
        server_auth,
    ])
example_ca_certificate = aws.iot.CaCertificate("example",
    active=True,
    ca_certificate_pem=ca["certPem"],
    verification_certificate_pem=verification_locally_signed_cert["certPem"],
    allow_auto_registration=True)

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot"
	"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		caPrivateKey, err := tls.NewPrivateKey(ctx, "ca", &tls.PrivateKeyArgs{
			Algorithm: "RSA",
		})
		if err != nil {
			return err
		}
		ca, err := tls.NewSelfSignedCert(ctx, "ca", &tls.SelfSignedCertArgs{
			PrivateKeyPem: caPrivateKey.PrivateKeyPem,
			Subject: []map[string]interface{}{
				map[string]interface{}{
					"commonName":   "example.com",
					"organization": "ACME Examples, Inc",
				},
			},
			ValidityPeriodHours: 12,
			AllowedUses: []string{
				"key_encipherment",
				"digital_signature",
				"server_auth",
			},
			IsCaCertificate: true,
		})
		if err != nil {
			return err
		}
		verificationPrivateKey, err := tls.NewPrivateKey(ctx, "verification", &tls.PrivateKeyArgs{
			Algorithm: "RSA",
		})
		if err != nil {
			return err
		}
		example, err := iot.GetRegistrationCode(ctx, map[string]interface{}{}, nil)
		if err != nil {
			return err
		}
		verification, err := tls.NewCertRequest(ctx, "verification", &tls.CertRequestArgs{
			PrivateKeyPem: verificationPrivateKey.PrivateKeyPem,
			Subject: []map[string]interface{}{
				map[string]interface{}{
					"commonName": example.RegistrationCode,
				},
			},
		})
		if err != nil {
			return err
		}
		verificationLocallySignedCert, err := tls.NewLocallySignedCert(ctx, "verification", &tls.LocallySignedCertArgs{
			CertRequestPem:      verification.CertRequestPem,
			CaPrivateKeyPem:     caPrivateKey.PrivateKeyPem,
			CaCertPem:           ca.CertPem,
			ValidityPeriodHours: 12,
			AllowedUses: []string{
				"key_encipherment",
				"digital_signature",
				"server_auth",
			},
		})
		if err != nil {
			return err
		}
		_, err = iot.NewCaCertificate(ctx, "example", &iot.CaCertificateArgs{
			Active:                     pulumi.Bool(true),
			CaCertificatePem:           ca.CertPem,
			VerificationCertificatePem: verificationLocallySignedCert.CertPem,
			AllowAutoRegistration:      pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Tls = Pulumi.Tls;

return await Deployment.RunAsync(() => 
{
    var caPrivateKey = new Tls.Index.PrivateKey("ca", new()
    {
        Algorithm = "RSA",
    });

    var ca = new Tls.Index.SelfSignedCert("ca", new()
    {
        PrivateKeyPem = caPrivateKey.PrivateKeyPem,
        Subject = new[]
        {
            
            {
                { "commonName", "example.com" },
                { "organization", "ACME Examples, Inc" },
            },
        },
        ValidityPeriodHours = 12,
        AllowedUses = new[]
        {
            "key_encipherment",
            "digital_signature",
            "server_auth",
        },
        IsCaCertificate = true,
    });

    var verificationPrivateKey = new Tls.Index.PrivateKey("verification", new()
    {
        Algorithm = "RSA",
    });

    var example = Aws.Iot.GetRegistrationCode.Invoke();

    var verification = new Tls.Index.CertRequest("verification", new()
    {
        PrivateKeyPem = verificationPrivateKey.PrivateKeyPem,
        Subject = new[]
        {
            
            {
                { "commonName", example.Apply(getRegistrationCodeResult => getRegistrationCodeResult.RegistrationCode) },
            },
        },
    });

    var verificationLocallySignedCert = new Tls.Index.LocallySignedCert("verification", new()
    {
        CertRequestPem = verification.CertRequestPem,
        CaPrivateKeyPem = caPrivateKey.PrivateKeyPem,
        CaCertPem = ca.CertPem,
        ValidityPeriodHours = 12,
        AllowedUses = new[]
        {
            "key_encipherment",
            "digital_signature",
            "server_auth",
        },
    });

    var exampleCaCertificate = new Aws.Iot.CaCertificate("example", new()
    {
        Active = true,
        CaCertificatePem = ca.CertPem,
        VerificationCertificatePem = verificationLocallySignedCert.CertPem,
        AllowAutoRegistration = true,
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tls.privateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.selfSignedCert;
import com.pulumi.tls.SelfSignedCertArgs;
import com.pulumi.aws.iot.IotFunctions;
import com.pulumi.tls.certRequest;
import com.pulumi.tls.CertRequestArgs;
import com.pulumi.tls.locallySignedCert;
import com.pulumi.tls.LocallySignedCertArgs;
import com.pulumi.aws.iot.CaCertificate;
import com.pulumi.aws.iot.CaCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var caPrivateKey = new PrivateKey("caPrivateKey", PrivateKeyArgs.builder()
            .algorithm("RSA")
            .build());

        var ca = new SelfSignedCert("ca", SelfSignedCertArgs.builder()
            .privateKeyPem(caPrivateKey.privateKeyPem())
            .subject(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
            .validityPeriodHours(12)
            .allowedUses(            
                "key_encipherment",
                "digital_signature",
                "server_auth")
            .isCaCertificate(true)
            .build());

        var verificationPrivateKey = new PrivateKey("verificationPrivateKey", PrivateKeyArgs.builder()
            .algorithm("RSA")
            .build());

        final var example = IotFunctions.getRegistrationCode();

        var verification = new CertRequest("verification", CertRequestArgs.builder()
            .privateKeyPem(verificationPrivateKey.privateKeyPem())
            .subject(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
            .build());

        var verificationLocallySignedCert = new LocallySignedCert("verificationLocallySignedCert", LocallySignedCertArgs.builder()
            .certRequestPem(verification.certRequestPem())
            .caPrivateKeyPem(caPrivateKey.privateKeyPem())
            .caCertPem(ca.certPem())
            .validityPeriodHours(12)
            .allowedUses(            
                "key_encipherment",
                "digital_signature",
                "server_auth")
            .build());

        var exampleCaCertificate = new CaCertificate("exampleCaCertificate", CaCertificateArgs.builder()
            .active(true)
            .caCertificatePem(ca.certPem())
            .verificationCertificatePem(verificationLocallySignedCert.certPem())
            .allowAutoRegistration(true)
            .build());

    }
}

resources:
  ca:
    type: tls:selfSignedCert
    properties:
      privateKeyPem: ${caPrivateKey.privateKeyPem}
      subject:
        - commonName: example.com
          organization: ACME Examples, Inc
      validityPeriodHours: 12
      allowedUses:
        - key_encipherment
        - digital_signature
        - server_auth
      isCaCertificate: true
  caPrivateKey:
    type: tls:privateKey
    name: ca
    properties:
      algorithm: RSA
  verification:
    type: tls:certRequest
    properties:
      privateKeyPem: ${verificationPrivateKey.privateKeyPem}
      subject:
        - commonName: ${example.registrationCode}
  verificationPrivateKey:
    type: tls:privateKey
    name: verification
    properties:
      algorithm: RSA
  verificationLocallySignedCert:
    type: tls:locallySignedCert
    name: verification
    properties:
      certRequestPem: ${verification.certRequestPem}
      caPrivateKeyPem: ${caPrivateKey.privateKeyPem}
      caCertPem: ${ca.certPem}
      validityPeriodHours: 12
      allowedUses:
        - key_encipherment
        - digital_signature
        - server_auth
  exampleCaCertificate:
    type: aws:iot:CaCertificate
    name: example
    properties:
      active: true
      caCertificatePem: ${ca.certPem}
      verificationCertificatePem: ${verificationLocallySignedCert.certPem}
      allowAutoRegistration: true
variables:
  example:
    fn::invoke:
      function: aws:iot:getRegistrationCode
      arguments: {}

Create CaCertificate Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new CaCertificate(name: string, args: CaCertificateArgs, opts?: CustomResourceOptions);

@overload
def CaCertificate(resource_name: str,
                  args: CaCertificateArgs,
                  opts: Optional[ResourceOptions] = None)

@overload
def CaCertificate(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  active: Optional[bool] = None,
                  allow_auto_registration: Optional[bool] = None,
                  ca_certificate_pem: Optional[str] = None,
                  certificate_mode: Optional[str] = None,
                  registration_config: Optional[CaCertificateRegistrationConfigArgs] = None,
                  tags: Optional[Mapping[str, str]] = None,
                  verification_certificate_pem: Optional[str] = None)

func NewCaCertificate(ctx *Context, name string, args CaCertificateArgs, opts ...ResourceOption) (*CaCertificate, error)

public CaCertificate(string name, CaCertificateArgs args, CustomResourceOptions? opts = null)

public CaCertificate(String name, CaCertificateArgs args)
public CaCertificate(String name, CaCertificateArgs args, CustomResourceOptions options)

type: aws:iot:CaCertificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args CaCertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args CaCertificateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args CaCertificateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args CaCertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args CaCertificateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var caCertificateResource = new Aws.Iot.CaCertificate("caCertificateResource", new()
{
    Active = false,
    AllowAutoRegistration = false,
    CaCertificatePem = "string",
    CertificateMode = "string",
    RegistrationConfig = new Aws.Iot.Inputs.CaCertificateRegistrationConfigArgs
    {
        RoleArn = "string",
        TemplateBody = "string",
        TemplateName = "string",
    },
    Tags = 
    {
        { "string", "string" },
    },
    VerificationCertificatePem = "string",
});

example, err := iot.NewCaCertificate(ctx, "caCertificateResource", &iot.CaCertificateArgs{
	Active:                pulumi.Bool(false),
	AllowAutoRegistration: pulumi.Bool(false),
	CaCertificatePem:      pulumi.String("string"),
	CertificateMode:       pulumi.String("string"),
	RegistrationConfig: &iot.CaCertificateRegistrationConfigArgs{
		RoleArn:      pulumi.String("string"),
		TemplateBody: pulumi.String("string"),
		TemplateName: pulumi.String("string"),
	},
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
	VerificationCertificatePem: pulumi.String("string"),
})

var caCertificateResource = new CaCertificate("caCertificateResource", CaCertificateArgs.builder()
    .active(false)
    .allowAutoRegistration(false)
    .caCertificatePem("string")
    .certificateMode("string")
    .registrationConfig(CaCertificateRegistrationConfigArgs.builder()
        .roleArn("string")
        .templateBody("string")
        .templateName("string")
        .build())
    .tags(Map.of("string", "string"))
    .verificationCertificatePem("string")
    .build());

ca_certificate_resource = aws.iot.CaCertificate("caCertificateResource",
    active=False,
    allow_auto_registration=False,
    ca_certificate_pem="string",
    certificate_mode="string",
    registration_config={
        "role_arn": "string",
        "template_body": "string",
        "template_name": "string",
    },
    tags={
        "string": "string",
    },
    verification_certificate_pem="string")

const caCertificateResource = new aws.iot.CaCertificate("caCertificateResource", {
    active: false,
    allowAutoRegistration: false,
    caCertificatePem: "string",
    certificateMode: "string",
    registrationConfig: {
        roleArn: "string",
        templateBody: "string",
        templateName: "string",
    },
    tags: {
        string: "string",
    },
    verificationCertificatePem: "string",
});

type: aws:iot:CaCertificate
properties:
    active: false
    allowAutoRegistration: false
    caCertificatePem: string
    certificateMode: string
    registrationConfig:
        roleArn: string
        templateBody: string
        templateName: string
    tags:
        string: string
    verificationCertificatePem: string

CaCertificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The CaCertificate resource accepts the following input properties:

Active bool: Boolean flag to indicate if the certificate should be active for device authentication.
AllowAutoRegistration bool: Boolean flag to indicate if the certificate should be active for device regisration.
CaCertificatePem string: PEM encoded CA certificate.
CertificateMode string: The certificate mode in which the CA will be registered. Valida values: DEFAULT and SNI_ONLY. Default: DEFAULT.
RegistrationConfig CaCertificateRegistrationConfig: Information about the registration configuration. See below.
Tags Dictionary<string, string>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
VerificationCertificatePem string: PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.

Active bool: Boolean flag to indicate if the certificate should be active for device authentication.
AllowAutoRegistration bool: Boolean flag to indicate if the certificate should be active for device regisration.
CaCertificatePem string: PEM encoded CA certificate.
CertificateMode string: The certificate mode in which the CA will be registered. Valida values: DEFAULT and SNI_ONLY. Default: DEFAULT.
RegistrationConfig CaCertificateRegistrationConfigArgs: Information about the registration configuration. See below.
Tags map[string]string: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
VerificationCertificatePem string: PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.

active Boolean: Boolean flag to indicate if the certificate should be active for device authentication.
allowAutoRegistration Boolean: Boolean flag to indicate if the certificate should be active for device regisration.
caCertificatePem String: PEM encoded CA certificate.
certificateMode String: The certificate mode in which the CA will be registered. Valida values: DEFAULT and SNI_ONLY. Default: DEFAULT.
registrationConfig CaCertificateRegistrationConfig: Information about the registration configuration. See below.
tags Map<String,String>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
verificationCertificatePem String: PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.

active boolean: Boolean flag to indicate if the certificate should be active for device authentication.
allowAutoRegistration boolean: Boolean flag to indicate if the certificate should be active for device regisration.
caCertificatePem string: PEM encoded CA certificate.
certificateMode string: The certificate mode in which the CA will be registered. Valida values: DEFAULT and SNI_ONLY. Default: DEFAULT.
registrationConfig CaCertificateRegistrationConfig: Information about the registration configuration. See below.
tags {[key: string]: string}: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
verificationCertificatePem string: PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.

active bool: Boolean flag to indicate if the certificate should be active for device authentication.
allow_auto_registration bool: Boolean flag to indicate if the certificate should be active for device regisration.
ca_certificate_pem str: PEM encoded CA certificate.
certificate_mode str: The certificate mode in which the CA will be registered. Valida values: DEFAULT and SNI_ONLY. Default: DEFAULT.
registration_config CaCertificateRegistrationConfigArgs: Information about the registration configuration. See below.
tags Mapping[str, str]: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
verification_certificate_pem str: PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.

active Boolean: Boolean flag to indicate if the certificate should be active for device authentication.
allowAutoRegistration Boolean: Boolean flag to indicate if the certificate should be active for device regisration.
caCertificatePem String: PEM encoded CA certificate.
certificateMode String: The certificate mode in which the CA will be registered. Valida values: DEFAULT and SNI_ONLY. Default: DEFAULT.
registrationConfig Property Map: Information about the registration configuration. See below.
tags Map<String>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
verificationCertificatePem String: PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.

Outputs

All input properties are implicitly available as output properties. Additionally, the CaCertificate resource produces the following output properties:

Arn string: The ARN of the created CA certificate.
CustomerVersion int: The customer version of the CA certificate.
GenerationId string: The generation ID of the CA certificate.
Id string: The provider-assigned unique ID for this managed resource.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
Validities List<CaCertificateValidity>: When the CA certificate is valid.

Arn string: The ARN of the created CA certificate.
CustomerVersion int: The customer version of the CA certificate.
GenerationId string: The generation ID of the CA certificate.
Id string: The provider-assigned unique ID for this managed resource.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
Validities []CaCertificateValidity: When the CA certificate is valid.

arn String: The ARN of the created CA certificate.
customerVersion Integer: The customer version of the CA certificate.
generationId String: The generation ID of the CA certificate.
id String: The provider-assigned unique ID for this managed resource.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
validities List<CaCertificateValidity>: When the CA certificate is valid.

arn string: The ARN of the created CA certificate.
customerVersion number: The customer version of the CA certificate.
generationId string: The generation ID of the CA certificate.
id string: The provider-assigned unique ID for this managed resource.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
validities CaCertificateValidity[]: When the CA certificate is valid.

arn str: The ARN of the created CA certificate.
customer_version int: The customer version of the CA certificate.
generation_id str: The generation ID of the CA certificate.
id str: The provider-assigned unique ID for this managed resource.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
validities Sequence[CaCertificateValidity]: When the CA certificate is valid.

arn String: The ARN of the created CA certificate.
customerVersion Number: The customer version of the CA certificate.
generationId String: The generation ID of the CA certificate.
id String: The provider-assigned unique ID for this managed resource.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
validities List<Property Map>: When the CA certificate is valid.

Look up Existing CaCertificate Resource

Get an existing CaCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CaCertificateState, opts?: CustomResourceOptions): CaCertificate

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        active: Optional[bool] = None,
        allow_auto_registration: Optional[bool] = None,
        arn: Optional[str] = None,
        ca_certificate_pem: Optional[str] = None,
        certificate_mode: Optional[str] = None,
        customer_version: Optional[int] = None,
        generation_id: Optional[str] = None,
        registration_config: Optional[CaCertificateRegistrationConfigArgs] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        validities: Optional[Sequence[CaCertificateValidityArgs]] = None,
        verification_certificate_pem: Optional[str] = None) -> CaCertificate

func GetCaCertificate(ctx *Context, name string, id IDInput, state *CaCertificateState, opts ...ResourceOption) (*CaCertificate, error)

public static CaCertificate Get(string name, Input<string> id, CaCertificateState? state, CustomResourceOptions? opts = null)

public static CaCertificate get(String name, Output<String> id, CaCertificateState state, CustomResourceOptions options)

resources:  _:    type: aws:iot:CaCertificate    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Active bool: Boolean flag to indicate if the certificate should be active for device authentication.
AllowAutoRegistration bool: Boolean flag to indicate if the certificate should be active for device regisration.
Arn string: The ARN of the created CA certificate.
CaCertificatePem string: PEM encoded CA certificate.
CertificateMode string: The certificate mode in which the CA will be registered. Valida values: DEFAULT and SNI_ONLY. Default: DEFAULT.
CustomerVersion int: The customer version of the CA certificate.
GenerationId string: The generation ID of the CA certificate.
RegistrationConfig CaCertificateRegistrationConfig: Information about the registration configuration. See below.
Tags Dictionary<string, string>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
Validities List<CaCertificateValidity>: When the CA certificate is valid.
VerificationCertificatePem string: PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.

Active bool: Boolean flag to indicate if the certificate should be active for device authentication.
AllowAutoRegistration bool: Boolean flag to indicate if the certificate should be active for device regisration.
Arn string: The ARN of the created CA certificate.
CaCertificatePem string: PEM encoded CA certificate.
CertificateMode string: The certificate mode in which the CA will be registered. Valida values: DEFAULT and SNI_ONLY. Default: DEFAULT.
CustomerVersion int: The customer version of the CA certificate.
GenerationId string: The generation ID of the CA certificate.
RegistrationConfig CaCertificateRegistrationConfigArgs: Information about the registration configuration. See below.
Tags map[string]string: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
Validities []CaCertificateValidityArgs: When the CA certificate is valid.
VerificationCertificatePem string: PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.

active Boolean: Boolean flag to indicate if the certificate should be active for device authentication.
allowAutoRegistration Boolean: Boolean flag to indicate if the certificate should be active for device regisration.
arn String: The ARN of the created CA certificate.
caCertificatePem String: PEM encoded CA certificate.
certificateMode String: The certificate mode in which the CA will be registered. Valida values: DEFAULT and SNI_ONLY. Default: DEFAULT.
customerVersion Integer: The customer version of the CA certificate.
generationId String: The generation ID of the CA certificate.
registrationConfig CaCertificateRegistrationConfig: Information about the registration configuration. See below.
tags Map<String,String>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
validities List<CaCertificateValidity>: When the CA certificate is valid.
verificationCertificatePem String: PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.

active boolean: Boolean flag to indicate if the certificate should be active for device authentication.
allowAutoRegistration boolean: Boolean flag to indicate if the certificate should be active for device regisration.
arn string: The ARN of the created CA certificate.
caCertificatePem string: PEM encoded CA certificate.
certificateMode string: The certificate mode in which the CA will be registered. Valida values: DEFAULT and SNI_ONLY. Default: DEFAULT.
customerVersion number: The customer version of the CA certificate.
generationId string: The generation ID of the CA certificate.
registrationConfig CaCertificateRegistrationConfig: Information about the registration configuration. See below.
tags {[key: string]: string}: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
validities CaCertificateValidity[]: When the CA certificate is valid.
verificationCertificatePem string: PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.

active bool: Boolean flag to indicate if the certificate should be active for device authentication.
allow_auto_registration bool: Boolean flag to indicate if the certificate should be active for device regisration.
arn str: The ARN of the created CA certificate.
ca_certificate_pem str: PEM encoded CA certificate.
certificate_mode str: The certificate mode in which the CA will be registered. Valida values: DEFAULT and SNI_ONLY. Default: DEFAULT.
customer_version int: The customer version of the CA certificate.
generation_id str: The generation ID of the CA certificate.
registration_config CaCertificateRegistrationConfigArgs: Information about the registration configuration. See below.
tags Mapping[str, str]: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
validities Sequence[CaCertificateValidityArgs]: When the CA certificate is valid.
verification_certificate_pem str: PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.

active Boolean: Boolean flag to indicate if the certificate should be active for device authentication.
allowAutoRegistration Boolean: Boolean flag to indicate if the certificate should be active for device regisration.
arn String: The ARN of the created CA certificate.
caCertificatePem String: PEM encoded CA certificate.
certificateMode String: The certificate mode in which the CA will be registered. Valida values: DEFAULT and SNI_ONLY. Default: DEFAULT.
customerVersion Number: The customer version of the CA certificate.
generationId String: The generation ID of the CA certificate.
registrationConfig Property Map: Information about the registration configuration. See below.
tags Map<String>: A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
validities List<Property Map>: When the CA certificate is valid.
verificationCertificatePem String: PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.

Supporting Types

CaCertificateRegistrationConfig, CaCertificateRegistrationConfigArgs

RoleArn string: The ARN of the role.
TemplateBody string: The template body.
TemplateName string: The name of the provisioning template.

RoleArn string: The ARN of the role.
TemplateBody string: The template body.
TemplateName string: The name of the provisioning template.

roleArn String: The ARN of the role.
templateBody String: The template body.
templateName String: The name of the provisioning template.

roleArn string: The ARN of the role.
templateBody string: The template body.
templateName string: The name of the provisioning template.

role_arn str: The ARN of the role.
template_body str: The template body.
template_name str: The name of the provisioning template.

roleArn String: The ARN of the role.
templateBody String: The template body.
templateName String: The name of the provisioning template.

CaCertificateValidity, CaCertificateValidityArgs

NotAfter string: The certificate is not valid after this date.
NotBefore string: The certificate is not valid before this date.

NotAfter string: The certificate is not valid after this date.
NotBefore string: The certificate is not valid before this date.

notAfter String: The certificate is not valid after this date.
notBefore String: The certificate is not valid before this date.

notAfter string: The certificate is not valid after this date.
notBefore string: The certificate is not valid before this date.

not_after str: The certificate is not valid after this date.
not_before str: The certificate is not valid before this date.

notAfter String: The certificate is not valid after this date.
notBefore String: The certificate is not valid before this date.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.71.0 published on Friday, Mar 7, 2025 by Pulumi

pulumi/pulumi-aws

aws.iot.CaCertificate

On this page

On this page

Example Usage

Create CaCertificate Resource

Constructor syntax

Parameters

Constructor example

CaCertificate Resource Properties

Inputs

Outputs

Look up Existing CaCertificate Resource

Supporting Types

CaCertificateRegistrationConfig, CaCertificateRegistrationConfigArgs

CaCertificateValidity, CaCertificateValidityArgs

Package Details

On this page

On this page