aws.acmpca.getCertificateAuthority

AWS v7.31.0, May 26 26

Viewing docs for AWS v7.31.0
published on Tuesday, May 26, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-aws

Viewing docs for AWS v7.31.0
published on Tuesday, May 26, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-aws

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = aws.acmpca.getCertificateAuthority({
    arn: "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012",
});

import pulumi
import pulumi_aws as aws

example = aws.acmpca.get_certificate_authority(arn="arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012")

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/acmpca"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := acmpca.LookupCertificateAuthority(ctx, &acmpca.LookupCertificateAuthorityArgs{
			Arn: "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = Aws.Acmpca.GetCertificateAuthority.Invoke(new()
    {
        Arn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.AcmpcaFunctions;
import com.pulumi.aws.acmpca.inputs.GetCertificateAuthorityArgs;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var example = AcmpcaFunctions.getCertificateAuthority(GetCertificateAuthorityArgs.builder()
            .arn("arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012")
            .build());

    }
}

variables:
  example:
    fn::invoke:
      function: aws:acmpca:getCertificateAuthority
      arguments:
        arn: arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012

pulumi {
  required_providers {
    aws = {
      source = "pulumi/aws"
    }
  }
}

data "aws_acmpca_getcertificateauthority" "example" {
  arn = "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012"
}

Using getCertificateAuthority

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getCertificateAuthority(args: GetCertificateAuthorityArgs, opts?: InvokeOptions): Promise<GetCertificateAuthorityResult>
function getCertificateAuthorityOutput(args: GetCertificateAuthorityOutputArgs, opts?: InvokeOptions): Output<GetCertificateAuthorityResult>

def get_certificate_authority(arn: Optional[str] = None,
                              region: Optional[str] = None,
                              tags: Optional[Mapping[str, str]] = None,
                              opts: Optional[InvokeOptions] = None) -> GetCertificateAuthorityResult
def get_certificate_authority_output(arn: pulumi.Input[Optional[str]] = None,
                              region: pulumi.Input[Optional[str]] = None,
                              tags: pulumi.Input[Optional[Mapping[str, pulumi.Input[str]]]] = None,
                              opts: Optional[InvokeOptions] = None) -> Output[GetCertificateAuthorityResult]

func LookupCertificateAuthority(ctx *Context, args *LookupCertificateAuthorityArgs, opts ...InvokeOption) (*LookupCertificateAuthorityResult, error)
func LookupCertificateAuthorityOutput(ctx *Context, args *LookupCertificateAuthorityOutputArgs, opts ...InvokeOption) LookupCertificateAuthorityResultOutput

> Note: This function is named LookupCertificateAuthority in the Go SDK.

public static class GetCertificateAuthority 
{
    public static Task<GetCertificateAuthorityResult> InvokeAsync(GetCertificateAuthorityArgs args, InvokeOptions? opts = null)
    public static Output<GetCertificateAuthorityResult> Invoke(GetCertificateAuthorityInvokeArgs args, InvokeOptions? opts = null)
}

public static CompletableFuture<GetCertificateAuthorityResult> getCertificateAuthority(GetCertificateAuthorityArgs args, InvokeOptions options)
public static Output<GetCertificateAuthorityResult> getCertificateAuthority(GetCertificateAuthorityArgs args, InvokeOptions options)

fn::invoke:
  function: aws:acmpca/getCertificateAuthority:getCertificateAuthority
  arguments:
    # arguments dictionary

data "aws_acmpca_getcertificateauthority" "name" {
    # arguments
}

The following arguments are supported:

Arn string: ARN of the certificate authority.
Region string: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
Tags Dictionary<string, string>: Key-value map of user-defined tags that are attached to the certificate authority.

Arn string: ARN of the certificate authority.
Region string: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
Tags map[string]string: Key-value map of user-defined tags that are attached to the certificate authority.

arn string: ARN of the certificate authority.
region string: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
tags map(string): Key-value map of user-defined tags that are attached to the certificate authority.

arn String: ARN of the certificate authority.
region String: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
tags Map<String,String>: Key-value map of user-defined tags that are attached to the certificate authority.

arn string: ARN of the certificate authority.
region string: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
tags {[key: string]: string}: Key-value map of user-defined tags that are attached to the certificate authority.

arn str: ARN of the certificate authority.
region str: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
tags Mapping[str, str]: Key-value map of user-defined tags that are attached to the certificate authority.

arn String: ARN of the certificate authority.
region String: Region where this resource will be managed. Defaults to the Region set in the provider configuration.
tags Map<String>: Key-value map of user-defined tags that are attached to the certificate authority.

getCertificateAuthority Result

The following output properties are available:

Arn string
Certificate string: Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
CertificateChain string: Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
CertificateSigningRequest string: The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
Id string: The provider-assigned unique ID for this managed resource.
KeyStorageSecurityStandard string: Level of security of the key storage endpoint of the certificate authority.
NotAfter string: Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
NotBefore string: Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
Region string
RevocationConfigurations List<GetCertificateAuthorityRevocationConfiguration>: Nested attribute containing revocation configuration. See revocationConfiguration below.
Serial string: Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
Status string: Status of the certificate authority.
Tags Dictionary<string, string>: Key-value map of user-defined tags that are attached to the certificate authority.
Type string: Type of the certificate authority.
UsageMode string: Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.

Arn string
Certificate string: Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
CertificateChain string: Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
CertificateSigningRequest string: The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
Id string: The provider-assigned unique ID for this managed resource.
KeyStorageSecurityStandard string: Level of security of the key storage endpoint of the certificate authority.
NotAfter string: Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
NotBefore string: Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
Region string
RevocationConfigurations []GetCertificateAuthorityRevocationConfiguration: Nested attribute containing revocation configuration. See revocationConfiguration below.
Serial string: Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
Status string: Status of the certificate authority.
Tags map[string]string: Key-value map of user-defined tags that are attached to the certificate authority.
Type string: Type of the certificate authority.
UsageMode string: Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.

arn string
certificate string: Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
certificate_chain string: Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
certificate_signing_request string: The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
id string: The provider-assigned unique ID for this managed resource.
key_storage_security_standard string: Level of security of the key storage endpoint of the certificate authority.
not_after string: Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
not_before string: Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
region string
revocation_configurations list(object): Nested attribute containing revocation configuration. See revocationConfiguration below.
serial string: Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
status string: Status of the certificate authority.
tags map(string): Key-value map of user-defined tags that are attached to the certificate authority.
type string: Type of the certificate authority.
usage_mode string: Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.

arn String
certificate String: Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
certificateChain String: Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
certificateSigningRequest String: The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
id String: The provider-assigned unique ID for this managed resource.
keyStorageSecurityStandard String: Level of security of the key storage endpoint of the certificate authority.
notAfter String: Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
notBefore String: Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
region String
revocationConfigurations List<GetCertificateAuthorityRevocationConfiguration>: Nested attribute containing revocation configuration. See revocationConfiguration below.
serial String: Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
status String: Status of the certificate authority.
tags Map<String,String>: Key-value map of user-defined tags that are attached to the certificate authority.
type String: Type of the certificate authority.
usageMode String: Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.

arn string
certificate string: Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
certificateChain string: Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
certificateSigningRequest string: The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
id string: The provider-assigned unique ID for this managed resource.
keyStorageSecurityStandard string: Level of security of the key storage endpoint of the certificate authority.
notAfter string: Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
notBefore string: Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
region string
revocationConfigurations GetCertificateAuthorityRevocationConfiguration[]: Nested attribute containing revocation configuration. See revocationConfiguration below.
serial string: Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
status string: Status of the certificate authority.
tags {[key: string]: string}: Key-value map of user-defined tags that are attached to the certificate authority.
type string: Type of the certificate authority.
usageMode string: Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.

arn str
certificate str: Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
certificate_chain str: Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
certificate_signing_request str: The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
id str: The provider-assigned unique ID for this managed resource.
key_storage_security_standard str: Level of security of the key storage endpoint of the certificate authority.
not_after str: Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
not_before str: Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
region str
revocation_configurations Sequence[GetCertificateAuthorityRevocationConfiguration]: Nested attribute containing revocation configuration. See revocationConfiguration below.
serial str: Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
status str: Status of the certificate authority.
tags Mapping[str, str]: Key-value map of user-defined tags that are attached to the certificate authority.
type str: Type of the certificate authority.
usage_mode str: Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.

arn String
certificate String: Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
certificateChain String: Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
certificateSigningRequest String: The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
id String: The provider-assigned unique ID for this managed resource.
keyStorageSecurityStandard String: Level of security of the key storage endpoint of the certificate authority.
notAfter String: Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
notBefore String: Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
region String
revocationConfigurations List<Property Map>: Nested attribute containing revocation configuration. See revocationConfiguration below.
serial String: Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
status String: Status of the certificate authority.
tags Map<String>: Key-value map of user-defined tags that are attached to the certificate authority.
type String: Type of the certificate authority.
usageMode String: Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.

Supporting Types

GetCertificateAuthorityRevocationConfiguration

CrlConfigurations List<GetCertificateAuthorityRevocationConfigurationCrlConfiguration>: Nested attribute containing configuration of the certificate revocation list (CRL). See crlConfiguration below.
OcspConfigurations List<GetCertificateAuthorityRevocationConfigurationOcspConfiguration>: Nested attribute containing configuration of the Online Certificate Status Protocol (OCSP). See ocspConfiguration below.

CrlConfigurations []GetCertificateAuthorityRevocationConfigurationCrlConfiguration: Nested attribute containing configuration of the certificate revocation list (CRL). See crlConfiguration below.
OcspConfigurations []GetCertificateAuthorityRevocationConfigurationOcspConfiguration: Nested attribute containing configuration of the Online Certificate Status Protocol (OCSP). See ocspConfiguration below.

crl_configurations list(object): Nested attribute containing configuration of the certificate revocation list (CRL). See crlConfiguration below.
ocsp_configurations list(object): Nested attribute containing configuration of the Online Certificate Status Protocol (OCSP). See ocspConfiguration below.

crlConfigurations List<GetCertificateAuthorityRevocationConfigurationCrlConfiguration>: Nested attribute containing configuration of the certificate revocation list (CRL). See crlConfiguration below.
ocspConfigurations List<GetCertificateAuthorityRevocationConfigurationOcspConfiguration>: Nested attribute containing configuration of the Online Certificate Status Protocol (OCSP). See ocspConfiguration below.

crlConfigurations GetCertificateAuthorityRevocationConfigurationCrlConfiguration[]: Nested attribute containing configuration of the certificate revocation list (CRL). See crlConfiguration below.
ocspConfigurations GetCertificateAuthorityRevocationConfigurationOcspConfiguration[]: Nested attribute containing configuration of the Online Certificate Status Protocol (OCSP). See ocspConfiguration below.

crl_configurations Sequence[GetCertificateAuthorityRevocationConfigurationCrlConfiguration]: Nested attribute containing configuration of the certificate revocation list (CRL). See crlConfiguration below.
ocsp_configurations Sequence[GetCertificateAuthorityRevocationConfigurationOcspConfiguration]: Nested attribute containing configuration of the Online Certificate Status Protocol (OCSP). See ocspConfiguration below.

crlConfigurations List<Property Map>: Nested attribute containing configuration of the certificate revocation list (CRL). See crlConfiguration below.
ocspConfigurations List<Property Map>: Nested attribute containing configuration of the Online Certificate Status Protocol (OCSP). See ocspConfiguration below.

GetCertificateAuthorityRevocationConfigurationCrlConfiguration

CustomCname string: Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
CustomPath string: Custom path for the CRL in S3.
Enabled bool: Boolean value that specifies whether a custom OCSP responder is enabled.
ExpirationInDays int: Number of days until a certificate expires.
S3BucketName string: Name of the S3 bucket that contains the CRL.
S3ObjectAcl string: Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.

CustomCname string: Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
CustomPath string: Custom path for the CRL in S3.
Enabled bool: Boolean value that specifies whether a custom OCSP responder is enabled.
ExpirationInDays int: Number of days until a certificate expires.
S3BucketName string: Name of the S3 bucket that contains the CRL.
S3ObjectAcl string: Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.

custom_cname string: Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
custom_path string: Custom path for the CRL in S3.
enabled bool: Boolean value that specifies whether a custom OCSP responder is enabled.
expiration_in_days number: Number of days until a certificate expires.
s3_bucket_name string: Name of the S3 bucket that contains the CRL.
s3_object_acl string: Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.

customCname String: Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
customPath String: Custom path for the CRL in S3.
enabled Boolean: Boolean value that specifies whether a custom OCSP responder is enabled.
expirationInDays Integer: Number of days until a certificate expires.
s3BucketName String: Name of the S3 bucket that contains the CRL.
s3ObjectAcl String: Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.

customCname string: Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
customPath string: Custom path for the CRL in S3.
enabled boolean: Boolean value that specifies whether a custom OCSP responder is enabled.
expirationInDays number: Number of days until a certificate expires.
s3BucketName string: Name of the S3 bucket that contains the CRL.
s3ObjectAcl string: Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.

custom_cname str: Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
custom_path str: Custom path for the CRL in S3.
enabled bool: Boolean value that specifies whether a custom OCSP responder is enabled.
expiration_in_days int: Number of days until a certificate expires.
s3_bucket_name str: Name of the S3 bucket that contains the CRL.
s3_object_acl str: Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.

customCname String: Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
customPath String: Custom path for the CRL in S3.
enabled Boolean: Boolean value that specifies whether a custom OCSP responder is enabled.
expirationInDays Number: Number of days until a certificate expires.
s3BucketName String: Name of the S3 bucket that contains the CRL.
s3ObjectAcl String: Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.

GetCertificateAuthorityRevocationConfigurationOcspConfiguration

Enabled bool: Boolean value that specifies whether a custom OCSP responder is enabled.
OcspCustomCname string: A CNAME specifying a customized OCSP domain.

Enabled bool: Boolean value that specifies whether a custom OCSP responder is enabled.
OcspCustomCname string: A CNAME specifying a customized OCSP domain.

enabled bool: Boolean value that specifies whether a custom OCSP responder is enabled.
ocsp_custom_cname string: A CNAME specifying a customized OCSP domain.

enabled Boolean: Boolean value that specifies whether a custom OCSP responder is enabled.
ocspCustomCname String: A CNAME specifying a customized OCSP domain.

enabled boolean: Boolean value that specifies whether a custom OCSP responder is enabled.
ocspCustomCname string: A CNAME specifying a customized OCSP domain.

enabled bool: Boolean value that specifies whether a custom OCSP responder is enabled.
ocsp_custom_cname str: A CNAME specifying a customized OCSP domain.

enabled Boolean: Boolean value that specifies whether a custom OCSP responder is enabled.
ocspCustomCname String: A CNAME specifying a customized OCSP domain.

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

Viewing docs for AWS v7.31.0
published on Tuesday, May 26, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-aws

aws.acmpca.getCertificateAuthority

On this page

On this page

Example Usage

Using getCertificateAuthority

getCertificateAuthority Result

Supporting Types

GetCertificateAuthorityRevocationConfiguration

GetCertificateAuthorityRevocationConfigurationCrlConfiguration

GetCertificateAuthorityRevocationConfigurationOcspConfiguration

Package Details

On this page

On this page

Try Pulumi Cloud free.
Your team will thank you.

aws.acmpca.getCertificateAuthority

On this page

On this page

Example Usage

Using getCertificateAuthority

getCertificateAuthority Result

Supporting Types

GetCertificateAuthorityRevocationConfiguration

GetCertificateAuthorityRevocationConfigurationCrlConfiguration

GetCertificateAuthorityRevocationConfigurationOcspConfiguration

Package Details

On this page

On this page

Try Pulumi Cloud free.Your team will thank you.

Try Pulumi Cloud free.
Your team will thank you.