AWS::IoT::CACertificate - Amazon CloudFormation
SyntaxPropertiesReturn values
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::IoT::CACertificate

Specifies a CA certificate.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::IoT::CACertificate",
  "Properties" : {
      "AutoRegistrationStatus" : String,
      "CACertificatePem" : String,
      "CertificateMode" : String,
      "RegistrationConfig" : RegistrationConfig,
      "RemoveAutoRegistration" : Boolean,
      "Status" : String,
      "Tags" : [ Tag, ... ],
      "VerificationCertificatePem" : String
    }
}

YAML

Type: AWS::IoT::CACertificate
Properties:
  AutoRegistrationStatus: String
  CACertificatePem: String
  CertificateMode: String
  RegistrationConfig: 
    RegistrationConfig
  RemoveAutoRegistration: Boolean
  Status: String
  Tags: 
    - Tag
  VerificationCertificatePem: String

Properties

AutoRegistrationStatus

Whether the CA certificate is configured for auto registration of device certificates. Valid values are "ENABLE" and "DISABLE".

Required: No

Type: String

Allowed values: ENABLE | DISABLE

Update requires: No interruption

CACertificatePem

The certificate data in PEM format.

Required: Yes

Type: String

Pattern: [\s\S]*

Minimum: 1

Maximum: 65536

Update requires: Replacement

CertificateMode

The mode of the CA.

All the device certificates that are registered using this CA will be registered in the same mode as the CA. For more information about certificate mode for device certificates, see certificate mode.

Valid values are "DEFAULT" and "SNI_ONLY".

Required: No

Type: String

Allowed values: DEFAULT | SNI_ONLY

Update requires: Replacement

RegistrationConfig

Information about the registration configuration.

Required: No

Type: RegistrationConfig

Update requires: No interruption

RemoveAutoRegistration

If true, removes auto registration.

Required: No

Type: Boolean

Update requires: No interruption

Status

The status of the CA certificate.

Valid values are "ACTIVE" and "INACTIVE".

Required: Yes

Type: String

Allowed values: ACTIVE | INACTIVE

Update requires: No interruption

Tags

An array of key-value pairs to apply to this resource.

For more information, see Tag.

Required: No

Type: Array of Tag

Update requires: No interruption

VerificationCertificatePem

The private key verification certificate.

Required: No

Type: String

Pattern: [\s\S]*

Minimum: 1

Maximum: 65536

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the CA certificate ID.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

Arn

Returns the Amazon Resource Name (ARN) for the CA certificate. For example:

{ "Fn::GetAtt": ["MyCACertificate", "Arn"] }

A value similar to the following is returned:

arn:aws:iot:us-east-1:123456789012:cacert/a6be6b84559801927e35a8f901fae08b5971d78d1562e29504ff9663b276a5f5

Id

The CA certificate ID.