AWS CloudFormation
User Guide (API Version 2010-05-15)


The AWS::CertificateManager::Certificate resource requests an AWS Certificate Manager (ACM) certificate that you can use with AWS services to enable secure connections. For example, you can deploy an ACM certificate to an Elastic Load Balancing load balancer to enable HTTPS support. For more information, see the RequestCertificate action in the AWS Certificate Manager API Reference.


When you use the AWS::CertificateManager::Certificate resource in an AWS CloudFormation stack, the stack will remain in the CREATE_IN_PROGRESS state and any further stack operations will be delayed until you act upon the instructions in the certificate validation email.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::CertificateManager::Certificate", "Properties" : { "DomainName" : String, "DomainValidationOptions" : [ DomainValidationOptions, ... ], "SubjectAlternativeNames" : [ String, ... ], "Tags" : [ Resource Tag, ... ] } }


Type: "AWS::CertificateManager::Certificate" Properties: DomainName: String DomainValidationOptions: - DomainValidationOptions SubjectAlternativeNames: - String Tags: - Resource Tag



Fully qualified domain name (FQDN), such as, of the site that you want to secure with the ACM certificate. To protect several sites in the same domain, use an asterisk (*) to specify a wildcard. For example, * protects,, and

For constraints, see the DomainName parameter for the RequestCertificate action in the AWS Certificate Manager API Reference.

Required: Yes

Type: String

Update requires: Replacement


Domain information that domain name registrars use to verify your identity. For more information and the default values, see Configure Email for Your Domain and Validate Domain Ownership in the AWS Certificate Manager User Guide.

Required: No

Type: List of AWS Certificate Manager Certificate DomainValidationOption

Update requires: Replacement


FQDNs to be included in the Subject Alternative Name extension of the ACM certificate. For example, you can add to a certificate for the domain name so that users can reach your site by using either name.

Required: No

Type: List of String values

Update requires: Replacement


An arbitrary set of tags (key–value pairs) for this ACM certificate.

Required: No

Type: AWS CloudFormation Resource Tags

Update requires: No interruption.

Return Value


When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the certificate Amazon Resource Name (ARN), such as arn:aws:acm:us-east-1:123456789012:certificate/12ab3c4d-56789-0ef1-2345-3dab6fa3ee50.

For more information about using the Ref function, see Ref.


The following example creates an ACM certificate for the domain name. ACM sends validation emails to the email address that is registered to the domain.


"mycert" : { "Type" : "AWS::CertificateManager::Certificate", "Properties" : { "DomainName" : "", "DomainValidationOptions" : [{ "DomainName" : "", "ValidationDomain" : "" }] } }


mycert: Type: AWS::CertificateManager::Certificate Properties: DomainName: DomainValidationOptions: - DomainName: ValidationDomain: