AWS Fundamentals Logo
AWS Fundamentals
AWS::ACMPCA::Certificate

ACMPCA Certificate

The AWS::ACMPCA::Certificate resource is used to issue a certificate using your private certificate authority. For more information, see the [IssueCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html) action.

Properties

7 configurable properties. 4 required. Click a row to see details.

Filter:
PropertyTypeFlags
CertificateAuthorityArn
string
RequiredCreate-only
CertificateSigningRequest
string
RequiredCreate-onlyWrite-only
SigningAlgorithm
string
RequiredCreate-onlyWrite-only
Validity
Validity
RequiredCreate-onlyWrite-only
ApiPassthrough
ApiPassthrough
Create-onlyWrite-only
TemplateArn
string
Create-onlyWrite-only
ValidityNotBefore
Validity
Create-onlyWrite-only

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

AttributeTypeDescription
Arnstring-
Certificatestring-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::ACMPCA::Certificate

Resources:
  MyResource:
    Type: AWS::ACMPCA::Certificate
    Properties:
      CertificateAuthorityArn: "arn:aws:service:region:account:resource"
      CertificateSigningRequest: "value"
      SigningAlgorithm: "value"
      Validity: "my-validity"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

acm-pca:IssueCertificateacm-pca:GetCertificate

read

acm-pca:GetCertificate

delete

acm-pca:GetCertificate

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceACMPCA
Properties9
Required4
TaggingNot supported
Primary IDArn

Supported Operations

CreateReadDelete

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

ApiPassthroughCertificateAuthorityArnCertificateSigningRequestSigningAlgorithmTemplateArnValidityValidityNotBefore

Related Resources

External Links