UNPKG

@pulumi/aws

Version:

A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.

pulumi.io

pulumi/pulumi-aws

258 lines (257 loc) • 12.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
import * as pulumi from "@pulumi/pulumi"; /** * Provides an IAM Server Certificate resource to upload Server Certificates. * Certs uploaded to IAM can easily work with other AWS services such as: * * - AWS Elastic Beanstalk * - Elastic Load Balancing * - CloudFront * - AWS OpsWorks * * For information about server certificates in IAM, see [Managing Server * Certificates][2] in AWS Documentation. * * ## Example Usage * * **Using certs on file:** * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * import * as std from "@pulumi/std"; * * const testCert = new aws.iam.ServerCertificate("test_cert", { * name: "some_test_cert", * certificateBody: std.file({ * input: "self-ca-cert.pem", * }).then(invoke => invoke.result), * privateKey: std.file({ * input: "test-key.pem", * }).then(invoke => invoke.result), * }); * ``` * * **Example with cert in-line:** * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws from "@pulumi/aws"; * * const testCertAlt = new aws.iam.ServerCertificate("test_cert_alt", { * name: "alt_test_cert", * certificateBody: `-----BEGIN CERTIFICATE----- * [......] # cert contents * -----END CERTIFICATE----- * `, * privateKey: `-----BEGIN RSA PRIVATE KEY----- * [......] # cert contents * -----END RSA PRIVATE KEY----- * `, * }); * ``` * * **Use in combination with an AWS ELB resource:** * * Some properties of an IAM Server Certificates cannot be updated while they are * in use. In order for the provider to effectively manage a Certificate in this situation, it is * recommended you utilize the `namePrefix` attribute and enable the * `createBeforeDestroy`. This will allow this provider * to create a new, updated `aws.iam.ServerCertificate` resource and replace it in * dependant resources before attempting to destroy the old version. * * ## Import * * Using `pulumi import`, import IAM Server Certificates using the `name`. For example: * * ```sh * $ pulumi import aws:iam/serverCertificate:ServerCertificate certificate example.com-certificate-until-2018 * ``` */ export declare class ServerCertificate extends pulumi.CustomResource { /** * Get an existing ServerCertificate resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ServerCertificateState, opts?: pulumi.CustomResourceOptions): ServerCertificate; /** * Returns true if the given object is an instance of ServerCertificate. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is ServerCertificate; /** * The Amazon Resource Name (ARN) specifying the server certificate. */ readonly arn: pulumi.Output<string>; /** * The contents of the public key certificate in * PEM-encoded format. */ readonly certificateBody: pulumi.Output<string>; /** * The contents of the certificate chain. * This is typically a concatenation of the PEM-encoded public key certificates * of the chain. */ readonly certificateChain: pulumi.Output<string | undefined>; /** * Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) on which the certificate is set to expire. */ readonly expiration: pulumi.Output<string>; /** * The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name. */ readonly name: pulumi.Output<string>; /** * Creates a unique name beginning with the specified * prefix. Conflicts with `name`. */ readonly namePrefix: pulumi.Output<string>; /** * The IAM path for the server certificate. If it is not * included, it defaults to a slash (/). If this certificate is for use with * AWS CloudFront, the path must be in format `/cloudfront/your_path_here`. * See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more details on IAM Paths. */ readonly path: pulumi.Output<string | undefined>; /** * The contents of the private key in PEM-encoded format. */ readonly privateKey: pulumi.Output<string>; /** * Map of resource tags for the server certificate. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. * * > **NOTE:** AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that `certificateBody` contains only one certificate. All other certificates should go in `certificateChain`. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain. */ readonly tags: pulumi.Output<{ [key: string]: string; } | undefined>; /** * A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ readonly tagsAll: pulumi.Output<{ [key: string]: string; }>; /** * Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) when the server certificate was uploaded. */ readonly uploadDate: pulumi.Output<string>; /** * Create a ServerCertificate resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: ServerCertificateArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering ServerCertificate resources. */ export interface ServerCertificateState { /** * The Amazon Resource Name (ARN) specifying the server certificate. */ arn?: pulumi.Input<string>; /** * The contents of the public key certificate in * PEM-encoded format. */ certificateBody?: pulumi.Input<string>; /** * The contents of the certificate chain. * This is typically a concatenation of the PEM-encoded public key certificates * of the chain. */ certificateChain?: pulumi.Input<string>; /** * Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) on which the certificate is set to expire. */ expiration?: pulumi.Input<string>; /** * The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name. */ name?: pulumi.Input<string>; /** * Creates a unique name beginning with the specified * prefix. Conflicts with `name`. */ namePrefix?: pulumi.Input<string>; /** * The IAM path for the server certificate. If it is not * included, it defaults to a slash (/). If this certificate is for use with * AWS CloudFront, the path must be in format `/cloudfront/your_path_here`. * See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more details on IAM Paths. */ path?: pulumi.Input<string>; /** * The contents of the private key in PEM-encoded format. */ privateKey?: pulumi.Input<string>; /** * Map of resource tags for the server certificate. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. * * > **NOTE:** AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that `certificateBody` contains only one certificate. All other certificates should go in `certificateChain`. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. */ tagsAll?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) when the server certificate was uploaded. */ uploadDate?: pulumi.Input<string>; } /** * The set of arguments for constructing a ServerCertificate resource. */ export interface ServerCertificateArgs { /** * The contents of the public key certificate in * PEM-encoded format. */ certificateBody: pulumi.Input<string>; /** * The contents of the certificate chain. * This is typically a concatenation of the PEM-encoded public key certificates * of the chain. */ certificateChain?: pulumi.Input<string>; /** * The name of the Server Certificate. Do not include the path in this value. If omitted, the provider will assign a random, unique name. */ name?: pulumi.Input<string>; /** * Creates a unique name beginning with the specified * prefix. Conflicts with `name`. */ namePrefix?: pulumi.Input<string>; /** * The IAM path for the server certificate. If it is not * included, it defaults to a slash (/). If this certificate is for use with * AWS CloudFront, the path must be in format `/cloudfront/your_path_here`. * See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more details on IAM Paths. */ path?: pulumi.Input<string>; /** * The contents of the private key in PEM-encoded format. */ privateKey: pulumi.Input<string>; /** * Map of resource tags for the server certificate. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. * * > **NOTE:** AWS performs behind-the-scenes modifications to some certificate files if they do not adhere to a specific format. These modifications will result in this provider forever believing that it needs to update the resources since the local and AWS file contents will not match after theses modifications occur. In order to prevent this from happening you must ensure that all your PEM-encoded files use UNIX line-breaks and that `certificateBody` contains only one certificate. All other certificates should go in `certificateChain`. It is common for some Certificate Authorities to issue certificate files that have DOS line-breaks and that are actually multiple certificates concatenated together in order to form a full certificate chain. */ tags?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; }