aws_acm_facts – Retrieve certificate facts from AWS Certificate Manager service

From Get docs
Ansible/docs/2.7/modules/aws acm facts module


aws_acm_facts – Retrieve certificate facts from AWS Certificate Manager service

New in version 2.5.


Synopsis

  • Retrieve facts for ACM certificates

Requirements

The below requirements are needed on the host that executes this module.

  • boto
  • boto3
  • python >= 2.6

Parameters

Parameter Choices/Defaults Comments

aws_access_key

-

AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used.


aliases: ec2_access_key, access_key

aws_secret_key

-

AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used.


aliases: ec2_secret_key, secret_key

domain_name

-

The domain name of an ACM certificate to limit the search to


aliases: name

ec2_url

-

Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.

profile

-

added in 1.6

Uses a boto profile. Only works with boto >= 2.24.0.

region

-

The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region


aliases: aws_region, ec2_region

security_token

-

added in 1.6

AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used.


aliases: access_token

status

-

  • PENDING_VALIDATION
  • ISSUED
  • INACTIVE
  • EXPIRED
  • VALIDATION_TIMED_OUT

Status to filter the certificate results

validate_certs

boolean

added in 1.5

  • no
  • yes

When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.



Notes

Note

  • If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence AWS_URL or EC2_URL, AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY or EC2_ACCESS_KEY, AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY or EC2_SECRET_KEY, AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN, AWS_REGION or EC2_REGION
  • Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html
  • AWS_REGION or EC2_REGION can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file


Examples

- name: obtain all ACM certificates
  aws_acm_facts:

- name: obtain all facts for a single ACM certificate
  aws_acm_facts:
    domain_name: "*.example_com"

- name: obtain all certificates pending validiation
  aws_acm_facts:
    statuses:
    - PENDING_VALIDATION

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description

certificates

complex

always

A list of certificates


certificate

string

when certificate creation is complete

The ACM Certificate body


Sample:


BEGIN CERTIFICATE-----\nMII.....-----END CERTIFICATE-----\n

certificate_arn

string

always

Certificate ARN


Sample:

arn:aws:acm:ap-southeast-2:123456789012:certificate/abcd1234-abcd-1234-abcd-123456789abc

certificate_chain

string

when certificate creation is complete

Full certificate chain for the certificate


Sample:


BEGIN CERTIFICATE-----\nMII...\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n...

created_at

string

always

Date certificate was created


Sample:

2017-08-15T10:31:19+10:00

domain_name

string

always

Domain name for the certificate


Sample:

  • .example.com

domain_validation_options

complex

when certificate type is AMAZON_ISSUED

Options used by ACM to validate the certificate


domain_name

string

always

Fully qualified domain name of the certificate


Sample:

example.com

validation_domain

string

always

The domain name ACM used to send validation emails


Sample:

example.com

validation_emails

list

always

A list of email addresses that ACM used to send domain validation emails


Sample:

validation_status

string

always

Validation status of the domain


Sample:

SUCCESS

failure_reason

string

only when certificate issuing failed

Reason certificate request failed


Sample:

NO_AVAILABLE_CONTACTS

in_use_by

list

always

A list of ARNs for the AWS resources that are using the certificate.


issued_at

string

always

Date certificate was issued


Sample:

2017-01-01T00:00:00+10:00

issuer

string

always

Issuer of the certificate


Sample:

Amazon

key_algorithm

string

always

Algorithm used to generate the certificate


Sample:

RSA-2048

not_after

string

always

Date after which the certificate is not valid


Sample:

2019-01-01T00:00:00+10:00

not_before

string

always

Date before which the certificate is not valid


Sample:

2017-01-01T00:00:00+10:00

renewal_summary

complex

when certificate is issued by Amazon and a renewal has been started

Information about managed renewal process


domain_validation_options

complex

when certificate type is AMAZON_ISSUED

Options used by ACM to validate the certificate


domain_name

string

always

Fully qualified domain name of the certificate


Sample:

example.com

validation_domain

string

always

The domain name ACM used to send validation emails


Sample:

example.com

validation_emails

list

always

A list of email addresses that ACM used to send domain validation emails


Sample:

validation_status

string

always

Validation status of the domain


Sample:

SUCCESS

renewal_status

string

always

Status of the domain renewal


Sample:

PENDING_AUTO_RENEWAL

revocation_reason

string

when the certificate has been revoked

Reason for certificate revocation


Sample:

SUPERCEDED

revoked_at

string

when the certificate has been revoked

Date certificate was revoked


Sample:

2017-09-01T10:00:00+10:00

serial

string

always

The serial number of the certificate


Sample:

00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f

signature_algorithm

string

always

Algorithm used to sign the certificate


Sample:

SHA256WITHRSA

status

string

always

Status of the certificate in ACM


Sample:

ISSUED

subject

string

always

The name of the entity that is associated with the public key contained in the certificate


Sample:

CN=*.example.com

subject_alternative_names

list

always

Subject Alternative Names for the certificate


Sample:

['*.example.com']

tags

dictionary

always

Tags associated with the certificate


Sample:

{'Application': 'helloworld', 'Environment': 'test'}

type

string

always

The source of the certificate


Sample:

AMAZON_ISSUED




Status

Authors

  • Will Thames (@willthames)

Hint

If you notice any issues in this documentation you can edit this document to improve it.


© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.7/modules/aws_acm_facts_module.html