Sign In to the Console
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource and Property Types Reference » AWS Certificate Manager Resource Types Reference » AWS::CertificateManager::Certificate

AWS::CertificateManager::Certificate

The AWS::CertificateManager::Certificate resource requests an AWS Certificate Manager (ACM) certificate that you can use with AWS services to enable secure connections. For example, you can deploy an ACM certificate to an Elastic Load Balancing load balancer to enable HTTPS support. For more information, see the RequestCertificate action in the AWS Certificate Manager API Reference.

Important

When you use the AWS::CertificateManager::Certificate resource in an AWS CloudFormation stack, the stack will remain in the CREATE_IN_PROGRESS state and any further stack operations will be delayed until you validate the certificate request, either by acting upon the instructions in the certificate validation email, or by adding a CNAME record to your DNS configuration.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::CertificateManager::Certificate",
  "Properties" : {
    "DomainName" : String,
    "DomainValidationOptions" : [ DomainValidationOptions, ... ],
    "SubjectAlternativeNames" : [ String, ... ],
    "Tags" : [ Resource Tag, ... ],
    "ValidationMethod" : String
  }
}

YAML

Type: AWS::CertificateManager::Certificate
Properties: 
  DomainName: String
  DomainValidationOptions:
    - DomainValidationOptions
  SubjectAlternativeNames:
    - String
  Tags:
    - Resource Tag
  ValidationMethod: String

Properties

DomainName

Fully qualified domain name (FQDN), such as www.example.com, of the site that you want to secure with the ACM certificate. To protect several sites in the same domain, use an asterisk (*) to specify a wildcard. For example, *.example.com protects www.example.com, site.example.com, and images.example.com.

For constraints, see the DomainName parameter for the RequestCertificate action in the AWS Certificate Manager API Reference.

Required: Yes

Type: String

Update requires: Replacement

DomainValidationOptions

Domain information that domain name registrars use to verify your identity. For more information and the default values, see Configure Email for Your Domain and Validate Domain Ownership in the AWS Certificate Manager User Guide.

Required: No

Type: List of AWS Certificate Manager Certificate DomainValidationOption

Update requires: Replacement

SubjectAlternativeNames

FQDNs to be included in the Subject Alternative Name extension of the ACM certificate. For example, you can add www.example.net to a certificate for the www.example.com domain name so that users can reach your site by using either name.

Required: No

Type: List of String values

Update requires: Replacement

Tags

An arbitrary set of tags (key–value pairs) for this ACM certificate.

Required: No

Type: Resource Tag

Update requires: No interruption.

ValidationMethod

The method you want to use if you are requesting a public certificate to validate that you own or control a domain. Valid values include EMAIL or DNS. We recommend that you use DNS validation. The default is EMAIL.

ACM uses CNAME (Canonical Name) records to validate that you own or control a domain. When you choose DNS validation, ACM provides you one or more CNAME records to insert into your DNS database. During stack creation, CloudFormation emits a CREATE_IN_PROGRESS event which lists these CNAME records. They are displayed in the Status reason column on the Events page for the stack. In order for CloudFormation to complete stack creation, you must add the CNAME records to your DNS database. For more information, see Use DNS to Validate Domain Ownership in the AWS Certificate Manager User Guide.

For more information on email validation, see Use Email to Validate Domain Ownership in the AWS Certificate Manager User Guide.

Required: No

Type: String

Update requires: Replacement

Return Value

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the certificate Amazon Resource Name (ARN), such as arn:aws:acm:us-east-1:123456789012:certificate/12ab3c4d-56789-0ef1-2345-3dab6fa3ee50.

For more information about using the Ref function, see Ref.

Example

The following example creates an ACM certificate for the example.com domain name. ACM sends validation emails to the email address that is registered to the example.com domain.

JSON

"mycert" : {
  "Type" : "AWS::CertificateManager::Certificate",
  "Properties" : {
    "DomainName" : "example.com",
    "DomainValidationOptions" : [{
      "DomainName" : "example.com",
      "ValidationDomain" : "example.com"
    }]
  }
}

YAML

mycert:
  Type: AWS::CertificateManager::Certificate
  Properties:
    DomainName: example.com
    DomainValidationOptions:
    - DomainName: example.com
      ValidationDomain: example.com