Skip to content

Resource: awsIotCertificate

Creates and manages an AWS IoT certificate.

Example Usage

With CSR

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.iotCertificate.IotCertificate(this, "cert", {
  active: true,
  csr: '${file("/my/csr.pem")}',
});

Without CSR

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.iotCertificate.IotCertificate(this, "cert", {
  active: true,
});

From existing certificate without a CA

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.iotCertificate.IotCertificate(this, "cert", {
  active: true,
  certificatePem: '${file("/my/cert.pem")}',
});

Argument Reference

  • active - (Required) Boolean flag to indicate if the certificate should be active
  • csr - (Optional) The certificate signing request. Review CreateCertificateFromCsr for more information on generating a certificate from a certificate signing request (CSR). If none is specified both the certificate and keys will be generated, review CreateKeysAndCertificate for more information on generating keys and a certificate.
  • certificatePem - (Optional) The certificate to be registered. If caPem is unspecified, review RegisterCertificateWithoutCA. If caPem is specified, review RegisterCertificate for more information on registering a certificate.
  • caPem - (Optional) The CA certificate for the certificate to be registered. If this is set, the CA needs to be registered with AWS IoT beforehand.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The internal ID assigned to this certificate.
  • arn - The ARN of the created certificate.
  • certificatePem - The certificate data, in PEM format.
  • publicKey - When neither CSR nor certificate is provided, the public key.
  • privateKey - When neither CSR nor certificate is provided, the private key.