Resource: aws_acmpca_certificate

Provides a resource to issue a certificate using AWS Certificate Manager Private Certificate Authority (ACM PCA).

Example Usage


resource "aws_acmpca_certificate" "example" {
certificate_authority_arn = aws_acmpca_certificate_authority.example.arn
certificate_signing_request = tls_cert_request.csr.cert_request_pem
signing_algorithm = "SHA256WITHRSA"
validity {
type = "YEARS"
value = 1
resource "aws_acmpca_certificate_authority" "example" {
private_certificate_configuration {
key_algorithm = "RSA_4096"
signing_algorithm = "SHA512WITHRSA"
subject {
common_name = ""
permanent_deletion_time_in_days = 7
resource "tls_private_key" "key" {
algorithm = "RSA"
resource "tls_cert_request" "csr" {
key_algorithm = "RSA"
private_key_pem = tls_private_key.key.private_key_pem
subject {
common_name = "example"

Argument Reference

The following arguments are supported:

validity block

  • type - (Required) Determines how value is interpreted. Valid values: DAYS, MONTHS, YEARS, ABSOLUTE, END_DATE.
  • value - (Required) If type is DAYS, MONTHS, or YEARS, the relative time until the certificate expires. If type is ABSOLUTE, the date in seconds since the Unix epoch. If type is END_DATE, the date in RFC 3339 format.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - Amazon Resource Name (ARN) of the certificate.
  • certificate - The PEM-encoded certificate value.
  • certificate_chain - The PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.


aws_acmpca_certificate can not be imported at this time.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rakesh Tripathi

Rakesh Tripathi

Consulting Engineer, Software Developer, Infra, Quora