Docs Home
We recommend new projects start with resources from the AWS provider.
aws-native.iot.Certificate
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
Use the AWS::IoT::Certificate resource to declare an AWS IoT X.509 certificate.
Create Certificate Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);@overload
def Certificate(resource_name: str,
args: CertificateArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Certificate(resource_name: str,
opts: Optional[ResourceOptions] = None,
status: Optional[CertificateStatus] = None,
ca_certificate_pem: Optional[str] = None,
certificate_mode: Optional[CertificateMode] = None,
certificate_pem: Optional[str] = None,
certificate_signing_request: Optional[str] = None)func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)
public Certificate(String name, CertificateArgs args)
public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
type: aws-native:iot:Certificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertificateArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Certificate Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Certificate resource accepts the following input properties:
- Status
Pulumi.
Aws Native. Io T. Certificate Status The status of the certificate.
Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION.
The status value REGISTER_INACTIVE is deprecated and should not be used.
- Ca
Certificate stringPem - The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.
- Certificate
Mode Pulumi.Aws Native. Io T. Certificate Mode Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest.
DEFAULT: A certificate inDEFAULTmode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates inDEFAULTmode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core .SNI_ONLY: A certificate inSNI_ONLYmode is registered without an issuer CA. Devices with certificates inSNI_ONLYmode must send the SNI extension when connecting to AWS IoT Core .- Certificate
Pem string - The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration.
- Certificate
Signing stringRequest - The certificate signing request (CSR).
- Status
Certificate
Status The status of the certificate.
Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION.
The status value REGISTER_INACTIVE is deprecated and should not be used.
- Ca
Certificate stringPem - The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.
- Certificate
Mode CertificateMode Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest.
DEFAULT: A certificate inDEFAULTmode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates inDEFAULTmode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core .SNI_ONLY: A certificate inSNI_ONLYmode is registered without an issuer CA. Devices with certificates inSNI_ONLYmode must send the SNI extension when connecting to AWS IoT Core .- Certificate
Pem string - The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration.
- Certificate
Signing stringRequest - The certificate signing request (CSR).
- status
Certificate
Status The status of the certificate.
Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION.
The status value REGISTER_INACTIVE is deprecated and should not be used.
- ca
Certificate StringPem - The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.
- certificate
Mode CertificateMode Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest.
DEFAULT: A certificate inDEFAULTmode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates inDEFAULTmode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core .SNI_ONLY: A certificate inSNI_ONLYmode is registered without an issuer CA. Devices with certificates inSNI_ONLYmode must send the SNI extension when connecting to AWS IoT Core .- certificate
Pem String - The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration.
- certificate
Signing StringRequest - The certificate signing request (CSR).
- status
Certificate
Status The status of the certificate.
Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION.
The status value REGISTER_INACTIVE is deprecated and should not be used.
- ca
Certificate stringPem - The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.
- certificate
Mode CertificateMode Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest.
DEFAULT: A certificate inDEFAULTmode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates inDEFAULTmode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core .SNI_ONLY: A certificate inSNI_ONLYmode is registered without an issuer CA. Devices with certificates inSNI_ONLYmode must send the SNI extension when connecting to AWS IoT Core .- certificate
Pem string - The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration.
- certificate
Signing stringRequest - The certificate signing request (CSR).
- status
Certificate
Status The status of the certificate.
Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION.
The status value REGISTER_INACTIVE is deprecated and should not be used.
- ca_
certificate_ strpem - The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.
- certificate_
mode CertificateMode Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest.
DEFAULT: A certificate inDEFAULTmode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates inDEFAULTmode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core .SNI_ONLY: A certificate inSNI_ONLYmode is registered without an issuer CA. Devices with certificates inSNI_ONLYmode must send the SNI extension when connecting to AWS IoT Core .- certificate_
pem str - The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration.
- certificate_
signing_ strrequest - The certificate signing request (CSR).
- status "ACTIVE" | "INACTIVE" | "REVOKED" | "PENDING_TRANSFER" | "PENDING_ACTIVATION"
The status of the certificate.
Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION.
The status value REGISTER_INACTIVE is deprecated and should not be used.
- ca
Certificate StringPem - The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.
- certificate
Mode "DEFAULT" | "SNI_ONLY" Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest.
DEFAULT: A certificate inDEFAULTmode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates inDEFAULTmode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core .SNI_ONLY: A certificate inSNI_ONLYmode is registered without an issuer CA. Devices with certificates inSNI_ONLYmode must send the SNI extension when connecting to AWS IoT Core .- certificate
Pem String - The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration.
- certificate
Signing StringRequest - The certificate signing request (CSR).
Outputs
All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:
- Arn string
Returns the Amazon Resource Name (ARN) for the certificate. For example:
{ "Fn::GetAtt": ["MyCertificate", "Arn"] }A value similar to the following is returned:
arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2- Aws
Id string - The certificate ID.
- Id string
- The provider-assigned unique ID for this managed resource.
- Arn string
Returns the Amazon Resource Name (ARN) for the certificate. For example:
{ "Fn::GetAtt": ["MyCertificate", "Arn"] }A value similar to the following is returned:
arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2- Aws
Id string - The certificate ID.
- Id string
- The provider-assigned unique ID for this managed resource.
- arn String
Returns the Amazon Resource Name (ARN) for the certificate. For example:
{ "Fn::GetAtt": ["MyCertificate", "Arn"] }A value similar to the following is returned:
arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2- aws
Id String - The certificate ID.
- id String
- The provider-assigned unique ID for this managed resource.
- arn string
Returns the Amazon Resource Name (ARN) for the certificate. For example:
{ "Fn::GetAtt": ["MyCertificate", "Arn"] }A value similar to the following is returned:
arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2- aws
Id string - The certificate ID.
- id string
- The provider-assigned unique ID for this managed resource.
- arn str
Returns the Amazon Resource Name (ARN) for the certificate. For example:
{ "Fn::GetAtt": ["MyCertificate", "Arn"] }A value similar to the following is returned:
arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2- aws_
id str - The certificate ID.
- id str
- The provider-assigned unique ID for this managed resource.
- arn String
Returns the Amazon Resource Name (ARN) for the certificate. For example:
{ "Fn::GetAtt": ["MyCertificate", "Arn"] }A value similar to the following is returned:
arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2- aws
Id String - The certificate ID.
- id String
- The provider-assigned unique ID for this managed resource.
Supporting Types
CertificateMode, CertificateModeArgs
- Default
- DEFAULT
- Sni
Only - SNI_ONLY
- Certificate
Mode Default - DEFAULT
- Certificate
Mode Sni Only - SNI_ONLY
- Default
- DEFAULT
- Sni
Only - SNI_ONLY
- Default
- DEFAULT
- Sni
Only - SNI_ONLY
- DEFAULT
- DEFAULT
- SNI_ONLY
- SNI_ONLY
- "DEFAULT"
- DEFAULT
- "SNI_ONLY"
- SNI_ONLY
CertificateStatus, CertificateStatusArgs
- Active
- ACTIVE
- Inactive
- INACTIVE
- Revoked
- REVOKED
- Pending
Transfer - PENDING_TRANSFER
- Pending
Activation - PENDING_ACTIVATION
- Certificate
Status Active - ACTIVE
- Certificate
Status Inactive - INACTIVE
- Certificate
Status Revoked - REVOKED
- Certificate
Status Pending Transfer - PENDING_TRANSFER
- Certificate
Status Pending Activation - PENDING_ACTIVATION
- Active
- ACTIVE
- Inactive
- INACTIVE
- Revoked
- REVOKED
- Pending
Transfer - PENDING_TRANSFER
- Pending
Activation - PENDING_ACTIVATION
- Active
- ACTIVE
- Inactive
- INACTIVE
- Revoked
- REVOKED
- Pending
Transfer - PENDING_TRANSFER
- Pending
Activation - PENDING_ACTIVATION
- ACTIVE
- ACTIVE
- INACTIVE
- INACTIVE
- REVOKED
- REVOKED
- PENDING_TRANSFER
- PENDING_TRANSFER
- PENDING_ACTIVATION
- PENDING_ACTIVATION
- "ACTIVE"
- ACTIVE
- "INACTIVE"
- INACTIVE
- "REVOKED"
- REVOKED
- "PENDING_TRANSFER"
- PENDING_TRANSFER
- "PENDING_ACTIVATION"
- PENDING_ACTIVATION
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.