W3cubDocs

/Ansible 2.9

aws_acm_info – Retrieve certificate information from AWS Certificate Manager service

New in version 2.5.

Synopsis
Requirements
Parameters
Notes
Examples
Return Values
Status

Synopsis

Retrieve information for ACM certificates
This module was called aws_acm_facts before Ansible 2.9. The usage did not change.

Aliases: aws_acm_facts

Requirements

The below requirements are needed on the host that executes this module.

boto
boto3
python >= 2.6

Parameters

Parameter	Choices/Defaults	Comments
aws_access_key string		AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used. aliases: ec2_access_key, access_key
aws_secret_key string		AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used. aliases: ec2_secret_key, secret_key
debug_botocore_endpoint_logs boolean added in 2.8	Choices: no ← yes	Use a botocore.endpoint logger to parse the unique (rather than total) "resource:action" API calls made during a task, outputing the set to the resource_actions key in the task results. Use the aws_resource_action callback to output to total list made during a playbook. The ANSIBLE_DEBUG_BOTOCORE_LOGS environment variable may also be used.
domain_name -		The domain name of an ACM certificate to limit the search to aliases: name
ec2_url string		Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
profile string		Uses a boto profile. Only works with boto >= 2.24.0.
region string		The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region aliases: aws_region, ec2_region
security_token string		AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used. aliases: access_token
statuses -	Choices: PENDING_VALIDATION ISSUED INACTIVE EXPIRED VALIDATION_TIMED_OUT REVOKED FAILED	Status to filter the certificate results
validate_certs boolean	Choices: no yes ←	When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.

Notes

Note

If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence AWS_URL or EC2_URL, AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY or EC2_ACCESS_KEY, AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY or EC2_SECRET_KEY, AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN, AWS_REGION or EC2_REGION
Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html
AWS_REGION or EC2_REGION can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file

Examples

- name: obtain all ACM certificates
  aws_acm_info:

- name: obtain all information for a single ACM certificate
  aws_acm_info:
    domain_name: "*.example_com"

- name: obtain all certificates pending validation
  aws_acm_info:
    statuses:
    - PENDING_VALIDATION

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key				Returned	Description
certificates complex				always	A list of certificates
	certificate string			when certificate creation is complete	The ACM Certificate body Sample: -----BEGIN CERTIFICATE-----\nMII.....-----END CERTIFICATE-----\n
	certificate_arn string			always	Certificate ARN Sample: arn:aws:acm:ap-southeast-2:123456789012:certificate/abcd1234-abcd-1234-abcd-123456789abc
	certificate_chain string			when certificate creation is complete	Full certificate chain for the certificate Sample: -----BEGIN CERTIFICATE-----\nMII...\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n...
	created_at string			always	Date certificate was created Sample: 2017-08-15T10:31:19+10:00
	domain_name string			always	Domain name for the certificate Sample: *.example.com
	domain_validation_options complex			when certificate type is AMAZON_ISSUED	Options used by ACM to validate the certificate
		domain_name string		always	Fully qualified domain name of the certificate Sample: example.com
		validation_domain string		always	The domain name ACM used to send validation emails Sample: example.com
		validation_emails list		always	A list of email addresses that ACM used to send domain validation emails Sample: ['[email protected]', '[email protected]']
		validation_status string		always	Validation status of the domain Sample: SUCCESS
	failure_reason string			only when certificate issuing failed	Reason certificate request failed Sample: NO_AVAILABLE_CONTACTS
	in_use_by list			always	A list of ARNs for the AWS resources that are using the certificate.
	issued_at string			always	Date certificate was issued Sample: 2017-01-01T00:00:00+10:00
	issuer string			always	Issuer of the certificate Sample: Amazon
	key_algorithm string			always	Algorithm used to generate the certificate Sample: RSA-2048
	not_after string			always	Date after which the certificate is not valid Sample: 2019-01-01T00:00:00+10:00
	not_before string			always	Date before which the certificate is not valid Sample: 2017-01-01T00:00:00+10:00
	renewal_summary complex			when certificate is issued by Amazon and a renewal has been started	Information about managed renewal process
		domain_validation_options complex		when certificate type is AMAZON_ISSUED	Options used by ACM to validate the certificate
			domain_name string	always	Fully qualified domain name of the certificate Sample: example.com
			validation_domain string	always	The domain name ACM used to send validation emails Sample: example.com
			validation_emails list	always	A list of email addresses that ACM used to send domain validation emails Sample: ['[email protected]', '[email protected]']
			validation_status string	always	Validation status of the domain Sample: SUCCESS
		renewal_status string		always	Status of the domain renewal Sample: PENDING_AUTO_RENEWAL
	revocation_reason string			when the certificate has been revoked	Reason for certificate revocation Sample: SUPERCEDED
	revoked_at string			when the certificate has been revoked	Date certificate was revoked Sample: 2017-09-01T10:00:00+10:00
	serial string			always	The serial number of the certificate Sample: 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f
	signature_algorithm string			always	Algorithm used to sign the certificate Sample: SHA256WITHRSA
	status string			always	Status of the certificate in ACM Sample: ISSUED
	subject string			always	The name of the entity that is associated with the public key contained in the certificate Sample: CN=*.example.com
	subject_alternative_names list			always	Subject Alternative Names for the certificate Sample: ['*.example.com']
	tags dictionary			always	Tags associated with the certificate Sample: {'Application': 'helloworld', 'Environment': 'test'}
	type string			always	The source of the certificate Sample: AMAZON_ISSUED

Status

This module is not guaranteed to have a backwards compatible interface. [preview]
This module is maintained by the Ansible Community. [community]

Authors

Will Thames (@willthames)

Hint

If you notice any issues in this documentation, you can edit this document to improve it.

© 2012–2018 Michael DeHaan
© 2018–2019 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/2.9/modules/aws_acm_info_module.html