AWS::IoT::Certificate - AWS CloudFormation

AWS::IoT::Certificate

Use the AWS::IoT::Certificate resource to declare an AWS IoT X.509 certificate. For information about working with X.509 certificates, see X.509 Client Certificates in the AWS IoT Developer Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::IoT::Certificate", "Properties" : { "CACertificatePem" : String, "CertificateMode" : String, "CertificatePem" : String, "CertificateSigningRequest" : String, "Status" : String } }

YAML

Type: AWS::IoT::Certificate Properties: CACertificatePem: String CertificateMode: String CertificatePem: String CertificateSigningRequest: String Status: String

Properties

CACertificatePem

The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.

Required: No

Type: String

Update requires: Replacement

CertificateMode

Specifies which mode of certificate registration to use with this resource. Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest.

Required: No

Type: String

Update requires: Replacement

CertificatePem

The certificate data in PEM format. Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration.

Required: No

Type: String

Update requires: Replacement

CertificateSigningRequest

The certificate signing request (CSR).

Required: No

Type: String

Update requires: Replacement

Status

The status of the certificate.

Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION.

The status value REGISTER_INACTIVE is deprecated and should not be used.

Required: Yes

Type: String

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the certificate ID. For example:

{ "Ref": "MyCertificate" }

A value similar to the following is returned:

a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2

For more information about using the Ref function, see Ref.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

Returns the Amazon Resource Name (ARN) for the instance profile. For example:

{ "Fn::GetAtt": ["MyCertificate", "Arn"] }

A value similar to the following is returned:

arn:aws:iot:ap-southeast-2:123456789012:cert/a1234567b89c012d3e4fg567hij8k9l01mno1p23q45678901rs234567890t1u2

Id

The certificate ID.