Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::CertificateManager::Certificate

The AWS::CertificateManager::Certificate resource requests an AWS Certificate Manager (ACM) certificate that you can use with AWS services to enable secure connections. For example, you can deploy an ACM certificate to an Elastic Load Balancing load balancer to enable HTTPS support. For more information, see the RequestCertificate action in the AWS Certificate Manager API Reference.

Important

When you use the AWS::CertificateManager::Certificate resource in an AWS CloudFormation stack, the stack will remain in the CREATE_IN_PROGRESS state and any further stack operations will be delayed until you act upon the instructions in the certificate validation email.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

Copy
{ "Type" : "AWS::CertificateManager::Certificate", "Properties" : { "DomainName" : String, "DomainValidationOptions" : [ DomainValidationOptions, ... ], "SubjectAlternativeNames" : [ String, ... ], "Tags" : [ Resource Tag, ... ] } }

YAML

Copy
Type: "AWS::CertificateManager::Certificate" Properties: DomainName: String DomainValidationOptions: - DomainValidationOptions SubjectAlternativeNames: - String Tags: - Resource Tag

Properties

DomainName

Fully qualified domain name (FQDN), such as www.example.com, of the site that you want to secure with the ACM certificate. To protect several sites in the same domain, use an asterisk (*) to specify a wildcard. For example, *.example.com protects www.example.com, site.example.com, and images.example.com.

For constraints, see the DomainName parameter for the RequestCertificate action in the AWS Certificate Manager API Reference.

Required: Yes

Type: String

Update requires: Replacement

DomainValidationOptions

Domain information that domain name registrars use to verify your identity. For more information and the default values, see Configure Email for Your Domain and Validate Domain Ownership in the AWS Certificate Manager User Guide.

Required: No

Type: List of AWS Certificate Manager Certificate DomainValidationOption

Update requires: Replacement

SubjectAlternativeNames

FQDNs to be included in the Subject Alternative Name extension of the ACM certificate. For example, you can add www.example.net to a certificate for the www.example.com domain name so that users can reach your site by using either name.

Required: No

Type: List of String values

Update requires: Replacement

Tags

An arbitrary set of tags (key–value pairs) for this ACM certificate.

Required: No

Type: AWS CloudFormation Resource Tags

Update requires: No interruption.

Return Value

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the certificate Amazon Resource Name (ARN), such as arn:aws:acm:us-east-1:123456789012:certificate/12ab3c4d-56789-0ef1-2345-3dab6fa3ee50.

For more information about using the Ref function, see Ref.

Example

The following example creates an ACM certificate for the example.com domain name. ACM sends validation emails to the email address that is registered to the example.com domain.

JSON

Copy
"mycert" : { "Type" : "AWS::CertificateManager::Certificate", "Properties" : { "DomainName" : "example.com", "DomainValidationOptions" : [{ "DomainName" : "example.com", "ValidationDomain" : "example.com" }] } }

YAML

Copy
mycert: Type: AWS::CertificateManager::Certificate Properties: DomainName: example.com DomainValidationOptions: - DomainName: example.com ValidationDomain: example.com