Try SpotterRetrieve certificate facts from AWS Certificate Manager service
| "added in version" 2.5 of ansible.builtin"
Authors: Will Thames (@willthames)
preview | supported by community
pipInstall with pip install ansible==2.6.20
Retrieve facts for ACM certificates
- name: obtain all ACM certificates aws_acm_facts:
- name: obtain all facts for a single ACM certificate
aws_acm_facts:
domain_name: "*.example_com"
- name: obtain all certificates pending validiation
aws_acm_facts:
statuses:
- PENDING_VALIDATION
region:
aliases:
- aws_region
- ec2_region
description:
- The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION
environment variable, if any, is used. See U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region)
type: str
status:
choices:
- PENDING_VALIDATION
- ISSUED
- INACTIVE
- EXPIRED
- VALIDATION_TIMED_OUT
description:
- Status to filter the certificate results
profile:
aliases:
- aws_profile
description:
- The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key)
and I(security_token) options.
type: str
aws_config:
description:
- A dictionary to modify the botocore configuration.
- Parameters can be found at U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config).
type: dict
domain_name:
aliases:
- name
description:
- The domain name of an ACM certificate to limit the search to
endpoint_url:
aliases:
- ec2_url
- aws_endpoint_url
- s3_url
description:
- URL to use to connect to EC2 or your Eucalyptus cloud (by default the module will
use EC2 endpoints). Ignored for modules where region is required. Must be specified
for all other modules if region is not used. If not set then the value of the EC2_URL
environment variable, if any, is used.
type: str
aws_ca_bundle:
description:
- The location of a CA Bundle to use when validating SSL certificates.
- 'Note: The CA Bundle is read ''module'' side and may need to be explicitly copied
from the controller if not run locally.'
type: path
aws_access_key:
aliases:
- ec2_access_key
- access_key
description:
- C(AWS access key). If not set then the value of the C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY)
or C(EC2_ACCESS_KEY) environment variable is used.
- The I(aws_access_key) and I(profile) options are mutually exclusive.
type: str
aws_secret_key:
aliases:
- ec2_secret_key
- secret_key
description:
- C(AWS secret key). If not set then the value of the C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY),
or C(EC2_SECRET_KEY) environment variable is used.
- The I(aws_secret_key) and I(profile) options are mutually exclusive.
type: str
security_token:
aliases:
- aws_session_token
- session_token
- aws_security_token
- access_token
description:
- C(AWS STS security token). If not set then the value of the C(AWS_SECURITY_TOKEN)
or C(EC2_SECURITY_TOKEN) environment variable is used.
- The I(security_token) and I(profile) options are mutually exclusive.
- Aliases I(aws_session_token) and I(session_token) have been added in version 3.2.0.
type: str
validate_certs:
default: true
description:
- When set to "no", SSL certificates will not be validated for communication with
the AWS APIs.
type: bool
debug_botocore_endpoint_logs:
default: 'no'
description:
- Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action"
API calls made during a task, outputing the set to the resource_actions key in the
task results. Use the aws_resource_action callback to output to total list made
during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also
be used.
type: bool
certificates:
contains:
certificate:
description: The ACM Certificate body
returned: when certificate creation is complete
sample: '-----BEGIN CERTIFICATE-----\nMII.....-----END CERTIFICATE-----\n'
type: string
certificate_arn:
description: Certificate ARN
returned: always
sample: arn:aws:acm:ap-southeast-2:123456789012:certificate/abcd1234-abcd-1234-abcd-123456789abc
type: string
certificate_chain:
description: Full certificate chain for the certificate
returned: when certificate creation is complete
sample: '-----BEGIN CERTIFICATE-----\nMII...\n-----END CERTIFICATE-----\n-----BEGIN
CERTIFICATE-----\n...'
type: string
created_at:
description: Date certificate was created
returned: always
sample: '2017-08-15T10:31:19+10:00'
type: string
domain_name:
description: Domain name for the certificate
returned: always
sample: '*.example.com'
type: string
domain_validation_options:
contains:
domain_name:
description: Fully qualified domain name of the certificate
returned: always
sample: example.com
type: string
validation_domain:
description: The domain name ACM used to send validation emails
returned: always
sample: example.com
type: string
validation_emails:
description: A list of email addresses that ACM used to send domain validation
emails
returned: always
sample:
- admin@example.com
- postmaster@example.com
type: list
validation_status:
description: Validation status of the domain
returned: always
sample: SUCCESS
type: string
description: Options used by ACM to validate the certificate
returned: when certificate type is AMAZON_ISSUED
type: complex
failure_reason:
description: Reason certificate request failed
returned: only when certificate issuing failed
sample: NO_AVAILABLE_CONTACTS
type: string
in_use_by:
description: A list of ARNs for the AWS resources that are using the certificate.
returned: always
sample: []
type: list
issued_at:
description: Date certificate was issued
returned: always
sample: '2017-01-01T00:00:00+10:00'
type: string
issuer:
description: Issuer of the certificate
returned: always
sample: Amazon
type: string
key_algorithm:
description: Algorithm used to generate the certificate
returned: always
sample: RSA-2048
type: string
not_after:
description: Date after which the certificate is not valid
returned: always
sample: '2019-01-01T00:00:00+10:00'
type: string
not_before:
description: Date before which the certificate is not valid
returned: always
sample: '2017-01-01T00:00:00+10:00'
type: string
renewal_summary:
contains:
domain_validation_options:
contains:
domain_name:
description: Fully qualified domain name of the certificate
returned: always
sample: example.com
type: string
validation_domain:
description: The domain name ACM used to send validation emails
returned: always
sample: example.com
type: string
validation_emails:
description: A list of email addresses that ACM used to send domain
validation emails
returned: always
sample:
- admin@example.com
- postmaster@example.com
type: list
validation_status:
description: Validation status of the domain
returned: always
sample: SUCCESS
type: string
description: Options used by ACM to validate the certificate
returned: when certificate type is AMAZON_ISSUED
type: complex
renewal_status:
description: Status of the domain renewal
returned: always
sample: PENDING_AUTO_RENEWAL
type: string
description: Information about managed renewal process
returned: when certificate is issued by Amazon and a renewal has been started
type: complex
revocation_reason:
description: Reason for certificate revocation
returned: when the certificate has been revoked
sample: SUPERCEDED
type: string
revoked_at:
description: Date certificate was revoked
returned: when the certificate has been revoked
sample: '2017-09-01T10:00:00+10:00'
type: string
serial:
description: The serial number of the certificate
returned: always
sample: 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f
type: string
signature_algorithm:
description: Algorithm used to sign the certificate
returned: always
sample: SHA256WITHRSA
type: string
status:
description: Status of the certificate in ACM
returned: always
sample: ISSUED
type: string
subject:
description: The name of the entity that is associated with the public key contained
in the certificate
returned: always
sample: CN=*.example.com
type: string
subject_alternative_names:
description: Subject Alternative Names for the certificate
returned: always
sample:
- '*.example.com'
type: list
tags:
description: Tags associated with the certificate
returned: always
sample:
Application: helloworld
Environment: test
type: dict
type:
description: The source of the certificate
returned: always
sample: AMAZON_ISSUED
type: string
description: A list of certificates
returned: always
type: complex