AWS v6.76.0, Apr 8 25

AWS v6.76.0 published on Tuesday, Apr 8, 2025 by Pulumi

aws.iam.ServerCertificate

Explore with Pulumi AI

AWS v6.76.0 published on Tuesday, Apr 8, 2025 by Pulumi

Example Usage

Using certs on file:

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as std from "@pulumi/std";

const testCert = new aws.iam.ServerCertificate("test_cert", {
    name: "some_test_cert",
    certificateBody: std.file({
        input: "self-ca-cert.pem",
    }).then(invoke => invoke.result),
    privateKey: std.file({
        input: "test-key.pem",
    }).then(invoke => invoke.result),
});

import pulumi
import pulumi_aws as aws
import pulumi_std as std

test_cert = aws.iam.ServerCertificate("test_cert",
    name="some_test_cert",
    certificate_body=std.file(input="self-ca-cert.pem").result,
    private_key=std.file(input="test-key.pem").result)

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi-std/sdk/go/std"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		invokeFile, err := std.File(ctx, &std.FileArgs{
			Input: "self-ca-cert.pem",
		}, nil)
		if err != nil {
			return err
		}
		invokeFile1, err := std.File(ctx, &std.FileArgs{
			Input: "test-key.pem",
		}, nil)
		if err != nil {
			return err
		}
		_, err = iam.NewServerCertificate(ctx, "test_cert", &iam.ServerCertificateArgs{
			Name:            pulumi.String("some_test_cert"),
			CertificateBody: pulumi.String(invokeFile.Result),
			PrivateKey:      pulumi.String(invokeFile1.Result),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Std = Pulumi.Std;

return await Deployment.RunAsync(() => 
{
    var testCert = new Aws.Iam.ServerCertificate("test_cert", new()
    {
        Name = "some_test_cert",
        CertificateBody = Std.File.Invoke(new()
        {
            Input = "self-ca-cert.pem",
        }).Apply(invoke => invoke.Result),
        PrivateKey = Std.File.Invoke(new()
        {
            Input = "test-key.pem",
        }).Apply(invoke => invoke.Result),
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.ServerCertificate;
import com.pulumi.aws.iam.ServerCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var testCert = new ServerCertificate("testCert", ServerCertificateArgs.builder()
            .name("some_test_cert")
            .certificateBody(StdFunctions.file(FileArgs.builder()
                .input("self-ca-cert.pem")
                .build()).result())
            .privateKey(StdFunctions.file(FileArgs.builder()
                .input("test-key.pem")
                .build()).result())
            .build());

    }
}

resources:
  testCert:
    type: aws:iam:ServerCertificate
    name: test_cert
    properties:
      name: some_test_cert
      certificateBody:
        fn::invoke:
          function: std:file
          arguments:
            input: self-ca-cert.pem
          return: result
      privateKey:
        fn::invoke:
          function: std:file
          arguments:
            input: test-key.pem
          return: result

Example with cert in-line:

TypeScript
Python
Go
C#
Java
YAML

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const testCertAlt = new aws.iam.ServerCertificate("test_cert_alt", {
    name: "alt_test_cert",
    certificateBody: `-----BEGIN CERTIFICATE-----
[......] # cert contents
-----END CERTIFICATE-----
`,
    privateKey: `-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----
`,
});

import pulumi
import pulumi_aws as aws

test_cert_alt = aws.iam.ServerCertificate("test_cert_alt",
    name="alt_test_cert",
    certificate_body="""-----BEGIN CERTIFICATE-----
[......] # cert contents
-----END CERTIFICATE-----
""",
    private_key="""-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----
""")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := iam.NewServerCertificate(ctx, "test_cert_alt", &iam.ServerCertificateArgs{
			Name:            pulumi.String("alt_test_cert"),
			CertificateBody: pulumi.String("-----BEGIN CERTIFICATE-----\n[......] # cert contents\n-----END CERTIFICATE-----\n"),
			PrivateKey:      pulumi.String("-----BEGIN RSA PRIVATE KEY-----\n[......] # cert contents\n-----END RSA PRIVATE KEY-----\n"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var testCertAlt = new Aws.Iam.ServerCertificate("test_cert_alt", new()
    {
        Name = "alt_test_cert",
        CertificateBody = @"-----BEGIN CERTIFICATE-----
[......] # cert contents
-----END CERTIFICATE-----
",
        PrivateKey = @"-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----
",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.ServerCertificate;
import com.pulumi.aws.iam.ServerCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var testCertAlt = new ServerCertificate("testCertAlt", ServerCertificateArgs.builder()
            .name("alt_test_cert")
            .certificateBody("""
-----BEGIN CERTIFICATE-----
[......] # cert contents
-----END CERTIFICATE-----
            """)
            .privateKey("""
-----BEGIN RSA PRIVATE KEY-----
[......] # cert contents
-----END RSA PRIVATE KEY-----
            """)
            .build());

    }
}

resources:
  testCertAlt:
    type: aws:iam:ServerCertificate
    name: test_cert_alt
    properties:
      name: alt_test_cert
      certificateBody: |
        -----BEGIN CERTIFICATE-----
        [......] # cert contents
        -----END CERTIFICATE-----        
      privateKey: |
        -----BEGIN RSA PRIVATE KEY-----
        [......] # cert contents
        -----END RSA PRIVATE KEY-----

Use in combination with an AWS ELB resource:

Some properties of an IAM Server Certificates cannot be updated while they are in use. In order for the provider to effectively manage a Certificate in this situation, it is recommended you utilize the name_prefix attribute and enable the create_before_destroy. This will allow this provider to create a new, updated aws.iam.ServerCertificate resource and replace it in dependant resources before attempting to destroy the old version.

Create ServerCertificate Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

new ServerCertificate(name: string, args: ServerCertificateArgs, opts?: CustomResourceOptions);

@overload
def ServerCertificate(resource_name: str,
                      args: ServerCertificateArgs,
                      opts: Optional[ResourceOptions] = None)

@overload
def ServerCertificate(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      certificate_body: Optional[str] = None,
                      private_key: Optional[str] = None,
                      certificate_chain: Optional[str] = None,
                      name: Optional[str] = None,
                      name_prefix: Optional[str] = None,
                      path: Optional[str] = None,
                      tags: Optional[Mapping[str, str]] = None)

func NewServerCertificate(ctx *Context, name string, args ServerCertificateArgs, opts ...ResourceOption) (*ServerCertificate, error)

public ServerCertificate(string name, ServerCertificateArgs args, CustomResourceOptions? opts = null)

public ServerCertificate(String name, ServerCertificateArgs args)
public ServerCertificate(String name, ServerCertificateArgs args, CustomResourceOptions options)

type: aws:iam:ServerCertificate
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args ServerCertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args ServerCertificateArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args ServerCertificateArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args ServerCertificateArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args ServerCertificateArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

TypeScript
Python
Go
C#
Java
YAML

var serverCertificateResource = new Aws.Iam.ServerCertificate("serverCertificateResource", new()
{
    CertificateBody = "string",
    PrivateKey = "string",
    CertificateChain = "string",
    Name = "string",
    NamePrefix = "string",
    Path = "string",
    Tags = 
    {
        { "string", "string" },
    },
});

example, err := iam.NewServerCertificate(ctx, "serverCertificateResource", &iam.ServerCertificateArgs{
	CertificateBody:  pulumi.String("string"),
	PrivateKey:       pulumi.String("string"),
	CertificateChain: pulumi.String("string"),
	Name:             pulumi.String("string"),
	NamePrefix:       pulumi.String("string"),
	Path:             pulumi.String("string"),
	Tags: pulumi.StringMap{
		"string": pulumi.String("string"),
	},
})

var serverCertificateResource = new ServerCertificate("serverCertificateResource", ServerCertificateArgs.builder()
    .certificateBody("string")
    .privateKey("string")
    .certificateChain("string")
    .name("string")
    .namePrefix("string")
    .path("string")
    .tags(Map.of("string", "string"))
    .build());

server_certificate_resource = aws.iam.ServerCertificate("serverCertificateResource",
    certificate_body="string",
    private_key="string",
    certificate_chain="string",
    name="string",
    name_prefix="string",
    path="string",
    tags={
        "string": "string",
    })

const serverCertificateResource = new aws.iam.ServerCertificate("serverCertificateResource", {
    certificateBody: "string",
    privateKey: "string",
    certificateChain: "string",
    name: "string",
    namePrefix: "string",
    path: "string",
    tags: {
        string: "string",
    },
});

type: aws:iam:ServerCertificate
properties:
    certificateBody: string
    certificateChain: string
    name: string
    namePrefix: string
    path: string
    privateKey: string
    tags:
        string: string

ServerCertificate Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The ServerCertificate resource accepts the following input properties:

CertificateBody string: The contents of the public key certificate in PEM-encoded format.
PrivateKey string: The contents of the private key in PEM-encoded format.
CertificateChain string: The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
Name string: The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
Path string: The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
Tags Dictionary<string, string>: Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

CertificateBody string: The contents of the public key certificate in PEM-encoded format.
PrivateKey string: The contents of the private key in PEM-encoded format.
CertificateChain string: The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
Name string: The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
Path string: The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
Tags map[string]string: Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

certificateBody String: The contents of the public key certificate in PEM-encoded format.
privateKey String: The contents of the private key in PEM-encoded format.
certificateChain String: The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
name String: The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
path String: The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
tags Map<String,String>: Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

certificateBody string: The contents of the public key certificate in PEM-encoded format.
privateKey string: The contents of the private key in PEM-encoded format.
certificateChain string: The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
name string: The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
namePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
path string: The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
tags {[key: string]: string}: Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

certificate_body str: The contents of the public key certificate in PEM-encoded format.
private_key str: The contents of the private key in PEM-encoded format.
certificate_chain str: The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
name str: The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
name_prefix str: Creates a unique name beginning with the specified prefix. Conflicts with name.
path str: The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
tags Mapping[str, str]: Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

certificateBody String: The contents of the public key certificate in PEM-encoded format.
privateKey String: The contents of the private key in PEM-encoded format.
certificateChain String: The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
name String: The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
path String: The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
tags Map<String>: Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.

Outputs

All input properties are implicitly available as output properties. Additionally, the ServerCertificate resource produces the following output properties:

Arn string: The Amazon Resource Name (ARN) specifying the server certificate.
Expiration string: Date and time in RFC3339 format on which the certificate is set to expire.
Id string: The provider-assigned unique ID for this managed resource.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
UploadDate string: Date and time in RFC3339 format when the server certificate was uploaded.

Arn string: The Amazon Resource Name (ARN) specifying the server certificate.
Expiration string: Date and time in RFC3339 format on which the certificate is set to expire.
Id string: The provider-assigned unique ID for this managed resource.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
UploadDate string: Date and time in RFC3339 format when the server certificate was uploaded.

arn String: The Amazon Resource Name (ARN) specifying the server certificate.
expiration String: Date and time in RFC3339 format on which the certificate is set to expire.
id String: The provider-assigned unique ID for this managed resource.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
uploadDate String: Date and time in RFC3339 format when the server certificate was uploaded.

arn string: The Amazon Resource Name (ARN) specifying the server certificate.
expiration string: Date and time in RFC3339 format on which the certificate is set to expire.
id string: The provider-assigned unique ID for this managed resource.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
uploadDate string: Date and time in RFC3339 format when the server certificate was uploaded.

arn str: The Amazon Resource Name (ARN) specifying the server certificate.
expiration str: Date and time in RFC3339 format on which the certificate is set to expire.
id str: The provider-assigned unique ID for this managed resource.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
upload_date str: Date and time in RFC3339 format when the server certificate was uploaded.

arn String: The Amazon Resource Name (ARN) specifying the server certificate.
expiration String: Date and time in RFC3339 format on which the certificate is set to expire.
id String: The provider-assigned unique ID for this managed resource.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
uploadDate String: Date and time in RFC3339 format when the server certificate was uploaded.

Look up Existing ServerCertificate Resource

Get an existing ServerCertificate resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

TypeScript
Python
Go
C#
Java
YAML

public static get(name: string, id: Input<ID>, state?: ServerCertificateState, opts?: CustomResourceOptions): ServerCertificate

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        certificate_body: Optional[str] = None,
        certificate_chain: Optional[str] = None,
        expiration: Optional[str] = None,
        name: Optional[str] = None,
        name_prefix: Optional[str] = None,
        path: Optional[str] = None,
        private_key: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        upload_date: Optional[str] = None) -> ServerCertificate

func GetServerCertificate(ctx *Context, name string, id IDInput, state *ServerCertificateState, opts ...ResourceOption) (*ServerCertificate, error)

public static ServerCertificate Get(string name, Input<string> id, ServerCertificateState? state, CustomResourceOptions? opts = null)

public static ServerCertificate get(String name, Output<String> id, ServerCertificateState state, CustomResourceOptions options)

resources:  _:    type: aws:iam:ServerCertificate    get:      id: ${id}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string: The Amazon Resource Name (ARN) specifying the server certificate.
CertificateBody string: The contents of the public key certificate in PEM-encoded format.
CertificateChain string: The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
Expiration string: Date and time in RFC3339 format on which the certificate is set to expire.
Name string: The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
Path string: The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
PrivateKey string: The contents of the private key in PEM-encoded format.
Tags Dictionary<string, string>: Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.
TagsAll Dictionary<string, string>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
UploadDate string: Date and time in RFC3339 format when the server certificate was uploaded.

Arn string: The Amazon Resource Name (ARN) specifying the server certificate.
CertificateBody string: The contents of the public key certificate in PEM-encoded format.
CertificateChain string: The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
Expiration string: Date and time in RFC3339 format on which the certificate is set to expire.
Name string: The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
NamePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
Path string: The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
PrivateKey string: The contents of the private key in PEM-encoded format.
Tags map[string]string: Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.
TagsAll map[string]string: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
UploadDate string: Date and time in RFC3339 format when the server certificate was uploaded.

arn String: The Amazon Resource Name (ARN) specifying the server certificate.
certificateBody String: The contents of the public key certificate in PEM-encoded format.
certificateChain String: The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
expiration String: Date and time in RFC3339 format on which the certificate is set to expire.
name String: The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
path String: The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
privateKey String: The contents of the private key in PEM-encoded format.
tags Map<String,String>: Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.
tagsAll Map<String,String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
uploadDate String: Date and time in RFC3339 format when the server certificate was uploaded.

arn string: The Amazon Resource Name (ARN) specifying the server certificate.
certificateBody string: The contents of the public key certificate in PEM-encoded format.
certificateChain string: The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
expiration string: Date and time in RFC3339 format on which the certificate is set to expire.
name string: The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
namePrefix string: Creates a unique name beginning with the specified prefix. Conflicts with name.
path string: The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
privateKey string: The contents of the private key in PEM-encoded format.
tags {[key: string]: string}: Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.
tagsAll {[key: string]: string}: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
uploadDate string: Date and time in RFC3339 format when the server certificate was uploaded.

arn str: The Amazon Resource Name (ARN) specifying the server certificate.
certificate_body str: The contents of the public key certificate in PEM-encoded format.
certificate_chain str: The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
expiration str: Date and time in RFC3339 format on which the certificate is set to expire.
name str: The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
name_prefix str: Creates a unique name beginning with the specified prefix. Conflicts with name.
path str: The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
private_key str: The contents of the private key in PEM-encoded format.
tags Mapping[str, str]: Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.
tags_all Mapping[str, str]: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
upload_date str: Date and time in RFC3339 format when the server certificate was uploaded.

arn String: The Amazon Resource Name (ARN) specifying the server certificate.
certificateBody String: The contents of the public key certificate in PEM-encoded format.
certificateChain String: The contents of the certificate chain. This is typically a concatenation of the PEM-encoded public key certificates of the chain.
expiration String: Date and time in RFC3339 format on which the certificate is set to expire.
name String: The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name.
namePrefix String: Creates a unique name beginning with the specified prefix. Conflicts with name.
path String: The IAM path for the server certificate. If it is not included, it defaults to a slash (/). If this certificate is for use with AWS CloudFront, the path must be in format /cloudfront/your_path_here. See IAM Identifiers for more details on IAM Paths.
privateKey String: The contents of the private key in PEM-encoded format.
tags Map<String>: Map of resource tags for the server certificate. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
NOTE: AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that certificate_body contains only one certificate. All other certificates should go in certificate_chain. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain.
tagsAll Map<String>: A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.
Deprecated: Please use tags instead.
uploadDate String: Date and time in RFC3339 format when the server certificate was uploaded.

Import

Using pulumi import, import IAM Server Certificates using the name. For example:

$ pulumi import aws:iam/serverCertificate:ServerCertificate certificate example.com-certificate-until-2018

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

AWS v6.76.0 published on Tuesday, Apr 8, 2025 by Pulumi

pulumi/pulumi-aws

aws.iam.ServerCertificate

On this page

On this page

Example Usage

Create ServerCertificate Resource

Constructor syntax

Parameters

Constructor example

ServerCertificate Resource Properties

Inputs

Outputs

Look up Existing ServerCertificate Resource

Import

Package Details

On this page

On this page