aws.acm-certificate-validation resource¶
Description¶
CertificateValidation is a barrier that completes only once an Amazon-issued certificate has reached the ISSUED status. It performs no AWS create call: the certificate is owned by the acm-certificate resource, and this resource exists so a downstream resource (a load balancer listener, an API domain) can depend on the certificate being validated before it is referenced. Create describes the certificate, refuses one that is not Amazon-issued (an imported certificate needs no validation), optionally cross-checks that the supplied DNS record FQDNs cover every domain-validation record, then waits until the certificate issues. Read reports the barrier satisfied only while the certificate exists and is still ISSUED. Update and Delete do nothing, since there is no separate object to reconcile or remove.
Source: internal/service/acm/certificate_validation_rsrc.go:36
Example usage:
imports: {
aws: 'github.com/cloudboss/unobin-library-aws'
}
resources: {
example: aws.acm-certificate-validation {
# Set input fields here.
}
}
Inputs¶
certificate-arn
string
CertificateArn identifies the certificate to wait on. It is the DescribeCertificate key and the resource's identity handle. ACM fixes a certificate's identity, so a change replaces this resource.
validation-record-fqdns
list(string)
ValidationRecordFqdns are the fully qualified names of the DNS validation records the user created elsewhere (in a route53-record-set, say). When set, Create cross-checks them against the records ACM expects before waiting, so a missing record fails fast instead of timing out 75 minutes later. The list is never sent to AWS; it is used only for the check. A change to it replaces this resource.
Input Constraints¶
This kind declares no extra input constraints.
Outputs¶
certificate-arn
string