community / community.aws / 1.1.0 / module / aws_acm_info Retrieve certificate information from AWS Certificate Manager service | "added in version" 1.0.0 of community.aws" Authors: Will Thames (@willthames)community.aws.aws_acm_info (1.1.0) — module
Install with ansible-galaxy collection install community.aws:==1.1.0
collections: - name: community.aws version: 1.1.0
Retrieve information for ACM certificates
This module was called C(aws_acm_facts) before Ansible 2.9. The usage did not change.
Note that this will not return information about uploaded keys of size 4096 bits, due to a limitation of the ACM API.
- name: obtain all ACM certificates community.aws.aws_acm_info:
- name: obtain all information for a single ACM certificate community.aws.aws_acm_info: domain_name: "*.example_com"
- name: obtain all certificates pending validation community.aws.aws_acm_info: statuses: - PENDING_VALIDATION
- name: obtain all certificates with tag Name=foo and myTag=bar community.aws.aws_acm_info: tags: Name: foo myTag: bar
# The output is still a list of certificates, just one item long. - name: obtain information about a certificate with a particular ARN community.aws.aws_acm_info: certificate_arn: "arn:aws:acm:ap-southeast-2:123456789876:certificate/abcdeabc-abcd-1234-4321-abcdeabcde12"
tags: description: - Filter results to show only certificates with tags that match all the tags specified here. type: dict region: aliases: - aws_region - ec2_region description: - The AWS region to use. - For global services such as IAM, Route53 and CloudFront, I(region) is ignored. - The C(AWS_REGION) or C(EC2_REGION) environment variables may also be used. - See the Amazon AWS documentation for more information U(http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region). - The C(ec2_region) alias has been deprecated and will be removed in a release after 2024-12-01 - Support for the C(EC2_REGION) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str profile: aliases: - aws_profile description: - A named AWS profile to use for authentication. - See the AWS documentation for more information about named profiles U(https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html). - The C(AWS_PROFILE) environment variable may also be used. - The I(profile) option is mutually exclusive with the I(aws_access_key), I(aws_secret_key) and I(security_token) options. type: str statuses: choices: - PENDING_VALIDATION - ISSUED - INACTIVE - EXPIRED - VALIDATION_TIMED_OUT - REVOKED - FAILED description: - Status to filter the certificate results elements: str type: list access_key: aliases: - aws_access_key_id - aws_access_key - ec2_access_key description: - AWS access key ID. - See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). - The C(AWS_ACCESS_KEY_ID), C(AWS_ACCESS_KEY) or C(EC2_ACCESS_KEY) environment variables may also be used in decreasing order of preference. - The I(aws_access_key) and I(profile) options are mutually exclusive. - The I(aws_access_key_id) alias was added in release 5.1.0 for consistency with the AWS botocore SDK. - The I(ec2_access_key) alias has been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_ACCESS_KEY) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str aws_config: description: - A dictionary to modify the botocore configuration. - Parameters can be found in the AWS documentation U(https://botocore.amazonaws.com/v1/documentation/api/latest/reference/config.html#botocore.config.Config). type: dict secret_key: aliases: - aws_secret_access_key - aws_secret_key - ec2_secret_key description: - AWS secret access key. - See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). - The C(AWS_SECRET_ACCESS_KEY), C(AWS_SECRET_KEY), or C(EC2_SECRET_KEY) environment variables may also be used in decreasing order of preference. - The I(secret_key) and I(profile) options are mutually exclusive. - The I(aws_secret_access_key) alias was added in release 5.1.0 for consistency with the AWS botocore SDK. - The I(ec2_secret_key) alias has been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_SECRET_KEY) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str domain_name: aliases: - name description: - The domain name of an ACM certificate to limit the search to type: str endpoint_url: aliases: - ec2_url - aws_endpoint_url - s3_url description: - URL to connect to instead of the default AWS endpoints. While this can be used to connection to other AWS-compatible services the amazon.aws and community.aws collections are only tested against AWS. - The C(AWS_URL) or C(EC2_URL) environment variables may also be used, in decreasing order of preference. - The I(ec2_url) and I(s3_url) aliases have been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_URL) environment variable has been deprecated and will be removed in a release after 2024-12-01. type: str aws_ca_bundle: description: - The location of a CA Bundle to use when validating SSL certificates. - The C(AWS_CA_BUNDLE) environment variable may also be used. type: path session_token: aliases: - aws_session_token - security_token - aws_security_token - access_token description: - AWS STS session token for use with temporary credentials. - See the AWS documentation for more information about access tokens U(https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html#access-keys-and-secret-access-keys). - The C(AWS_SESSION_TOKEN), C(AWS_SECURITY_TOKEN) or C(EC2_SECURITY_TOKEN) environment variables may also be used in decreasing order of preference. - The I(security_token) and I(profile) options are mutually exclusive. - Aliases I(aws_session_token) and I(session_token) were added in release 3.2.0, with the parameter being renamed from I(security_token) to I(session_token) in release 6.0.0. - The I(security_token), I(aws_security_token), and I(access_token) aliases have been deprecated and will be removed in a release after 2024-12-01. - Support for the C(EC2_SECRET_KEY) and C(AWS_SECURITY_TOKEN) environment variables has been deprecated and will be removed in a release after 2024-12-01. type: str validate_certs: default: true description: - When set to C(false), SSL certificates will not be validated for communication with the AWS APIs. - Setting I(validate_certs=false) is strongly discouraged, as an alternative, consider setting I(aws_ca_bundle) instead. type: bool certificate_arn: aliases: - arn description: - If provided, the results will be filtered to show only the certificate with this ARN. - If no certificate with this ARN exists, this task will fail. - If a certificate with this ARN exists in a different region, this task will fail type: str debug_botocore_endpoint_logs: default: false description: - Use a C(botocore.endpoint) logger to parse the unique (rather than total) C("resource:action") API calls made during a task, outputing the set to the resource_actions key in the task results. Use the C(aws_resource_action) callback to output to total list made during a playbook. - The C(ANSIBLE_DEBUG_BOTOCORE_LOGS) environment variable may also be used. type: bool
certificates: contains: certificate: description: The ACM Certificate body returned: when certificate creation is complete sample: '-----BEGIN CERTIFICATE-----\\nMII.....-----END CERTIFICATE-----\\n' type: str certificate_arn: description: Certificate ARN returned: always sample: arn:aws:acm:ap-southeast-2:123456789012:certificate/abcd1234-abcd-1234-abcd-123456789abc type: str certificate_chain: description: Full certificate chain for the certificate returned: when certificate creation is complete sample: '-----BEGIN CERTIFICATE-----\\nMII...\\n-----END CERTIFICATE-----\\n-----BEGIN CERTIFICATE-----\\n...' type: str created_at: description: Date certificate was created returned: always sample: '2017-08-15T10:31:19+10:00' type: str domain_name: description: Domain name for the certificate returned: always sample: '*.example.com' type: str domain_validation_options: contains: domain_name: description: Fully qualified domain name of the certificate returned: always sample: example.com type: str validation_domain: description: The domain name ACM used to send validation emails returned: always sample: example.com type: str validation_emails: description: A list of email addresses that ACM used to send domain validation emails elements: str returned: always sample: - admin@example.com - postmaster@example.com type: list validation_status: description: Validation status of the domain returned: always sample: SUCCESS type: str description: Options used by ACM to validate the certificate returned: when certificate type is AMAZON_ISSUED type: complex failure_reason: description: Reason certificate request failed returned: only when certificate issuing failed sample: NO_AVAILABLE_CONTACTS type: str in_use_by: description: A list of ARNs for the AWS resources that are using the certificate. elements: str returned: always sample: [] type: list issued_at: description: Date certificate was issued returned: always sample: '2017-01-01T00:00:00+10:00' type: str issuer: description: Issuer of the certificate returned: always sample: Amazon type: str key_algorithm: description: Algorithm used to generate the certificate returned: always sample: RSA-2048 type: str not_after: description: Date after which the certificate is not valid returned: always sample: '2019-01-01T00:00:00+10:00' type: str not_before: description: Date before which the certificate is not valid returned: always sample: '2017-01-01T00:00:00+10:00' type: str renewal_summary: contains: domain_validation_options: contains: domain_name: description: Fully qualified domain name of the certificate returned: always sample: example.com type: str validation_domain: description: The domain name ACM used to send validation emails returned: always sample: example.com type: str validation_emails: description: A list of email addresses that ACM used to send domain validation emails elements: str returned: always sample: - admin@example.com - postmaster@example.com type: list validation_status: description: Validation status of the domain returned: always sample: SUCCESS type: str description: Options used by ACM to validate the certificate returned: when certificate type is AMAZON_ISSUED type: complex renewal_status: description: Status of the domain renewal returned: always sample: PENDING_AUTO_RENEWAL type: str description: Information about managed renewal process returned: when certificate is issued by Amazon and a renewal has been started type: complex revocation_reason: description: Reason for certificate revocation returned: when the certificate has been revoked sample: SUPERCEDED type: str revoked_at: description: Date certificate was revoked returned: when the certificate has been revoked sample: '2017-09-01T10:00:00+10:00' type: str serial: description: The serial number of the certificate returned: always sample: 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f type: str signature_algorithm: description: Algorithm used to sign the certificate returned: always sample: SHA256WITHRSA type: str status: description: Status of the certificate in ACM returned: always sample: ISSUED type: str subject: description: The name of the entity that is associated with the public key contained in the certificate returned: always sample: CN=*.example.com type: str subject_alternative_names: description: Subject Alternative Names for the certificate elements: str returned: always sample: - '*.example.com' type: list tags: description: Tags associated with the certificate returned: always sample: Application: helloworld Environment: test type: dict type: description: The source of the certificate returned: always sample: AMAZON_ISSUED type: str description: A list of certificates returned: always type: complex