Skip to content

aws.acm-certificate-data data source

Description

CertificateData resolves one existing ACM certificate. ListCertificates is queried with the requested key algorithms and certificate statuses, defaulting statuses to ISSUED, then the summaries are filtered client-side by exact domain and type. An empty summary set is retried for one minute to absorb ACM list consistency. The remaining summaries are described, validation-timed-out and vanished candidates are skipped, optional tag filters are applied as a requested-subset match, and the data source returns either the sole match or the most recent match according to ACM's status-specific timestamps.

Source: internal/service/acm/certificate_data_dsrc.go:34

Example usage:

imports: {
  aws: 'github.com/cloudboss/unobin-library-aws'
}

data-sources: {
  example: aws.acm-certificate-data {
    # Set input fields here.
  }
}

Inputs

domain

optional(string)

tags

map(string)

key-types

list(string)

statuses

list(string)

types

list(string)

most-recent

boolean

default false

Input Constraints

Field combinations

At least one of domain or tags.

Key types rules

key-types entries must be valid ACM key algorithms.

Rule logic
For each
input.key-types
Require
@each.value == 'RSA_1024'
|| @each.value == 'RSA_2048'
|| @each.value == 'RSA_3072'
|| @each.value == 'RSA_4096'
|| @each.value == 'EC_prime256v1'
|| @each.value == 'EC_secp384r1'
|| @each.value == 'EC_secp521r1'

Statuses rules

statuses entries must be valid ACM certificate statuses.

Rule logic
For each
input.statuses
Require
@each.value == 'PENDING_VALIDATION'
|| @each.value == 'ISSUED'
|| @each.value == 'INACTIVE'
|| @each.value == 'EXPIRED'
|| @each.value == 'VALIDATION_TIMED_OUT'
|| @each.value == 'REVOKED'
|| @each.value == 'FAILED'

Types rules

types entries must be valid ACM certificate types.

Rule logic
For each
input.types
Require
@each.value == 'IMPORTED'
|| @each.value == 'AMAZON_ISSUED'
|| @each.value == 'PRIVATE'

Outputs

arn

string

domain

string

status

string

certificate

optional(string)

certificate-chain

optional(string)

tags

map(string)