AWS::Transfer::Certificate
Imports the signing and encryption certificates that you need to create local (AS2) profiles and partner profiles.
You can import both the certificate and its chain in the Certificate
parameter.
Note
If you use the Certificate parameter to upload both the certificate and its
chain, don't use the CertificateChain parameter.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Transfer::Certificate", "Properties" : { "ActiveDate" :String, "Certificate" :String, "CertificateChain" :String, "Description" :String, "InactiveDate" :String, "PrivateKey" :String, "Tags" :[ Tag, ... ], "Usage" :String} }
YAML
Type: AWS::Transfer::Certificate Properties: ActiveDate:StringCertificate:StringCertificateChain:StringDescription:StringInactiveDate:StringPrivateKey:StringTags:- TagUsage:String
Properties
ActiveDate-
An optional date that specifies when the certificate becomes active. If you do not specify a value,
ActiveDatetakes the same value asNotBeforeDate, which is specified by the CA.Required: No
Type: String
Update requires: No interruption
Certificate-
The file name for the certificate.
Required: Yes
Type: String
Pattern:
^[\t\n\r\u0020-\u00FF]+$Minimum:
1Maximum:
16384Update requires: Replacement
CertificateChain-
The list of certificates that make up the chain for the certificate.
Required: No
Type: String
Pattern:
^[\t\n\r\u0020-\u00FF]+$Minimum:
1Maximum:
2097152Update requires: Replacement
Description-
The name or description that's used to identity the certificate.
Required: No
Type: String
Pattern:
^[\u0021-\u007E]+$Minimum:
1Maximum:
200Update requires: No interruption
InactiveDate-
An optional date that specifies when the certificate becomes inactive. If you do not specify a value,
InactiveDatetakes the same value asNotAfterDate, which is specified by the CA.Required: No
Type: String
Update requires: No interruption
PrivateKey-
The file that contains the private key for the certificate that's being imported.
Required: No
Type: String
Pattern:
^[\t\n\r\u0020-\u00FF]+$Minimum:
1Maximum:
16384Update requires: Replacement
-
Key-value pairs that can be used to group and search for certificates.
Required: No
Type: Array of Tag
Maximum:
50Update requires: No interruption
Usage-
Specifies how this certificate is used. It can be used in the following ways:
-
SIGNING: For signing AS2 messages -
ENCRYPTION: For encrypting AS2 messages -
TLS: For securing AS2 communications sent over HTTPS
Required: Yes
Type: String
Allowed values:
SIGNING | ENCRYPTION | TLSUpdate requires: No interruption
-
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the certificateId, such as
cert-1c698edce1654f869.
For more information about using the Ref function, see Ref.
Fn::GetAtt
The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.
Arn-
The unique Amazon Resource Name (ARN) for the certificate.
CertificateId-
An array of identifiers for the imported certificates. You use this identifier for working with profiles and partner profiles.
NotAfterDate-
The final date that the certificate is valid.
NotBeforeDate-
The earliest date that the certificate is valid.
Serial-
The serial number for the certificate.
Status-
The certificate can be either
ACTIVE,PENDING_ROTATION, orINACTIVE.PENDING_ROTATIONmeans that this certificate will replace the current certificate when it expires. Type-
If a private key has been specified for the certificate, its type is
CERTIFICATE_WITH_PRIVATE_KEY. If there is no private key, the type isCERTIFICATE.
