ansible / ansible.builtin / v2.5.12 / module / aws_acm_facts Retrieve certificate facts from AWS Certificate Manager service | "added in version" 2.5 of ansible.builtin" Authors: Will Thames (@willthames) preview | supported by communityansible.builtin.aws_acm_facts (v2.5.12) — module
pip
Install with pip install ansible==2.5.12
Retrieve facts for ACM certificates
- name: obtain all ACM certificates aws_acm_facts:
- name: obtain all facts for a single ACM certificate aws_acm_facts: name: "*.example_com"
- name: obtain all certificates pending validiation aws_acm_facts: statuses: - PENDING_VALIDATION
name: description: - The name of an ACM certificate region: aliases: - aws_region - ec2_region description: - The AWS region to use. - For global services such as IAM, Route53 and CloudFront, I(region) is ignored. - The C(AWS_REGION) or C(EC2_REGION) environment variables may also be used. - See the Amazon AWS documentation for more information U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region). - The C(ec2_region) alias has been deprecated and will be removed in a release after 2024-12-01 - Support for the C(EC2_REGION) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str status: choices: - PENDING_VALIDATION - ISSUED - INACTIVE - EXPIRED - VALIDATION_TIMED_OUT description: - Status to filter the certificate results profile: aliases: - aws_profile description: - A named AWS profile to use for authentication. - See the AWS documentation for more information about named profiles U(https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html). - The C(AWS_PROFILE) environment variable may also be used. - The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key) and I(security_token) options. type: str access_key: aliases: - aws_access_key_id - aws_access_key - ec2_access_key description: - AWS access key ID. - See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). - The C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY) or C(EC2_ACCESS_KEY) environment variables may also be used in decreasing order of preference. - The I(aws_access_key) and I(profile) options are mutually exclusive. - The I(aws_access_key_id) alias was added in release 5.1.0 for consistency with the AWS botocore SDK. - The I(ec2_access_key) alias has been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_ACCESS_KEY) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str aws_config: description: - A dictionary to modify the botocore configuration. - Parameters can be found in the AWS documentation U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config). type: dict secret_key: aliases: - aws_secret_access_key - aws_secret_key - ec2_secret_key description: - AWS secret access key. - See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). - The C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY), or C(EC2_SECRET_KEY) environment variables may also be used in decreasing order of preference. - The I(secret_key) and I(profile) options are mutually exclusive. - The I(aws_secret_access_key) alias was added in release 5.1.0 for consistency with the AWS botocore SDK. - The I(ec2_secret_key) alias has been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_SECRET_KEY) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str endpoint_url: aliases: - ec2_url - aws_endpoint_url - s3_url description: - URL to connect to instead of the default AWS endpoints. While this can be used to connection to other AWS-compatible services the amazon.aws and community.aws collections are only tested against AWS. - The C(AWS_URL) or C(EC2_URL) environment variables may also be used, in decreasing order of preference. - The I(ec2_url) and I(s3_url) aliases have been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_URL) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str aws_ca_bundle: description: - The location of a CA Bundle to use when validating SSL certificates. - The C(AWS_CA_BUNDLE) environment variable may also be used. type: path session_token: aliases: - aws_session_token - security_token - aws_security_token - access_token description: - AWS STS session token for use with temporary credentials. - See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). - The C(AWS_SESSION_TOKEN), C(AWS_SECURITY_TOKEN) or C(EC2_SECURITY_TOKEN) environment variables may also be used in decreasing order of preference. - The I(security_token) and I(profile) options are mutually exclusive. - Aliases I(aws_session_token) and I(session_token) were added in release 3.2.0, with the parameter being renamed from I(security_token) to I(session_token) in release 6.0.0. - The I(security_token), I(aws_security_token), and I(access_token) aliases have been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_SECRET_KEY) and C(AWS_SECURITY_TOKEN) environment variables has been deprecated and will be removed in a release after 2024-12-01. type: str validate_certs: default: true description: - When set to C(false), SSL certificates will not be validated for communication with the AWS APIs. - Setting I(validate_certs=false) is strongly discouraged, as an alternative, consider setting I(aws_ca_bundle) instead. type: bool debug_botocore_endpoint_logs: default: false description: - Use a C(botocore.endpoint) logger to parse the unique (rather than total) C("resource:action") API calls made during a task, outputing the set to the resource_actions key in the task results. Use the C(aws_resource_action) callback to output to total list made during a playbook. - The C(ANSIBLE_DEBUG_BOTOCORE_LOGS) environment variable may also be used. type: bool
certificates: contains: certificate: description: The ACM Certificate body returned: when certificate creation is complete sample: '-----BEGIN CERTIFICATE-----\nMII.....-----END CERTIFICATE-----\n' type: string certificate_arn: description: Certificate ARN returned: always sample: arn:aws:acm:ap-southeast-2:123456789012:certificate/abcd1234-abcd-1234-abcd-123456789abc type: string certificate_chain: description: Full certificate chain for the certificate returned: when certificate creation is complete sample: '-----BEGIN CERTIFICATE-----\nMII...\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n...' type: string created_at: description: Date certificate was created returned: always sample: '2017-08-15T10:31:19+10:00' type: string domain_name: description: Domain name for the certificate returned: always sample: '*.example.com' type: string domain_validation_options: contains: domain_name: description: Fully qualified domain name of the certificate returned: always sample: example.com type: string validation_domain: description: The domain name ACM used to send validation emails returned: always sample: example.com type: string validation_emails: description: A list of email addresses that ACM used to send domain validation emails returned: always sample: - admin@example.com - postmaster@example.com type: list validation_status: description: Validation status of the domain returned: always sample: SUCCESS type: string description: Options used by ACM to validate the certificate returned: when certificate type is AMAZON_ISSUED type: complex failure_reason: description: Reason certificate request failed returned: only when certificate issuing failed sample: NO_AVAILABLE_CONTACTS type: string in_use_by: description: A list of ARNs for the AWS resources that are using the certificate. returned: always sample: [] type: list issued_at: description: Date certificate was issued returned: always sample: '2017-01-01T00:00:00+10:00' type: string issuer: description: Issuer of the certificate returned: always sample: Amazon type: string key_algorithm: description: Algorithm used to generate the certificate returned: always sample: RSA-2048 type: string not_after: description: Date after which the certificate is not valid returned: always sample: '2019-01-01T00:00:00+10:00' type: string not_before: description: Date before which the certificate is not valid returned: always sample: '2017-01-01T00:00:00+10:00' type: string renewal_summary: contains: domain_validation_options: contains: domain_name: description: Fully qualified domain name of the certificate returned: always sample: example.com type: string validation_domain: description: The domain name ACM used to send validation emails returned: always sample: example.com type: string validation_emails: description: A list of email addresses that ACM used to send domain validation emails returned: always sample: - admin@example.com - postmaster@example.com type: list validation_status: description: Validation status of the domain returned: always sample: SUCCESS type: string description: Options used by ACM to validate the certificate returned: when certificate type is AMAZON_ISSUED type: complex renewal_status: description: Status of the domain renewal returned: always sample: PENDING_AUTO_RENEWAL type: string description: Information about managed renewal process returned: when certificate is issued by Amazon and a renewal has been started type: complex revocation_reason: description: Reason for certificate revocation returned: when the certificate has been revoked sample: SUPERCEDED type: string revoked_at: description: Date certificate was revoked returned: when the certificate has been revoked sample: '2017-09-01T10:00:00+10:00' type: string serial: description: The serial number of the certificate returned: always sample: 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f type: string signature_algorithm: description: Algorithm used to sign the certificate returned: always sample: SHA256WITHRSA type: string status: description: Status of the certificate in ACM returned: always sample: ISSUED type: string subject: description: The name of the entity that is associated with the public key contained in the certificate returned: always sample: CN=*.example.com type: string subject_alternative_names: description: Subject Alternative Names for the certificate returned: always sample: - '*.example.com' type: list tags: description: Tags associated with the certificate returned: always sample: Application: helloworld Environment: test type: dict type: description: The source of the certificate returned: always sample: AMAZON_ISSUED type: string description: A list of certificates returned: always type: complex