Menu
AWS IoT
Developer Guide

TransferCertificate

Transfers the specified certificate to the specified AWS account.

You can cancel the transfer until it is acknowledged by the recipient.

No notification is sent to the transfer destination's account. It is up to the caller to notify the transfer target.

The certificate being transferred must not be in the ACTIVE state. You can use the UpdateCertificate API to deactivate it.

The certificate must not have any policies attached to it. You can use the DetachPrincipalPolicy API to detach them.

Request syntax:

PATCH /transfer-certificate/certificateId?targetAwsAccount=targetAwsAccount Content-type: application/json { "transferMessage": "string" }

URI Request Parameters:

Name

Type

Req?

Description

certificateId

CertificateId

yes

The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)

targetAwsAccount

AwsAccountId

yes

The AWS account.

Request Body Parameters:

Name

Type

Req?

Description

transferMessage

Message

no

The transfer message.

Response syntax:

Content-type: application/json { "transferredCertificateArn": "string" }

Response Body Parameters:

Name

Type

Req?

Description

transferredCertificateArn

CertificateArn

no

The ARN of the certificate.

Errors:

InvalidRequestException

The contents of the request were invalid. For example, this code is returned when an UpdateJobExecution request contains invalid status details. The message contains details about the error.

HTTP response code: 400

ResourceNotFoundException

The specified resource does not exist.

HTTP response code: 404

CertificateStateException

The certificate operation is not allowed.

HTTP response code: 406

TransferConflictException

You can't transfer the certificate because authorization policies are still attached.

HTTP response code: 409

ThrottlingException

The rate exceeds the limit.

HTTP response code: 429

UnauthorizedException

You are not authorized to perform this operation.

HTTP response code: 401

ServiceUnavailableException

The service is temporarily unavailable.

HTTP response code: 503

InternalFailureException

An unexpected error has occurred.

HTTP response code: 500

CLI

Synopsis:

aws iot transfer-certificate \ --certificate-id <value> \ --target-aws-account <value> \ [--transfer-message <value>] \ [--cli-input-json <value>] \ [--generate-cli-skeleton]

cli-input-json format:

{ "certificateId": "string", "targetAwsAccount": "string", "transferMessage": "string" }

cli-input-json fields:

Name

Type

Description

certificateId

string

length max:64 min:64

pattern: (0x)?[a-fA-F0-9]+

The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)

targetAwsAccount

string

pattern: [0-9]{12}

The AWS account.

transferMessage

string

length max:128

The transfer message.

Output:

{ "transferredCertificateArn": "string" }

cli output fields:

Name

Type

Description

transferredCertificateArn

string

The ARN of the certificate.

On this page: