aws_acm_facts - Retrieve certificate facts from AWS Certificate Manager service¶

New in version 2.5.

Synopsis
- Requirements
Parameters
Notes
Examples
Return Values
Status
Maintenance
- Author

Synopsis ¶

Retrieve facts for ACM certificates

Requirements ¶

The below requirements are needed on the host that executes this module.

boto
boto3
python >= 2.6

Parameters ¶

Parameter	Choices/Defaults	Comments
aws_access_key		AWS access key. If not set then the value of the AWS_ACCESS_KEY_ID, AWS_ACCESS_KEY or EC2_ACCESS_KEY environment variable is used. aliases: ec2_access_key, access_key
aws_secret_key		AWS secret key. If not set then the value of the AWS_SECRET_ACCESS_KEY, AWS_SECRET_KEY, or EC2_SECRET_KEY environment variable is used. aliases: ec2_secret_key, secret_key
domain_name		The domain name of an ACM certificate to limit the search to aliases: name
ec2_url		Url to use to connect to EC2 or your Eucalyptus cloud (by default the module will use EC2 endpoints). Ignored for modules where region is required. Must be specified for all other modules if region is not used. If not set then the value of the EC2_URL environment variable, if any, is used.
profile (added in 1.6)		Uses a boto profile. Only works with boto >= 2.24.0.
region		The AWS region to use. If not specified then the value of the AWS_REGION or EC2_REGION environment variable, if any, is used. See http://docs.aws.amazon.com/general/latest/gr/rande.html#ec2_region aliases: aws_region, ec2_region
security_token (added in 1.6)		AWS STS security token. If not set then the value of the AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN environment variable is used. aliases: access_token
status	Choices: PENDING_VALIDATION ISSUED INACTIVE EXPIRED VALIDATION_TIMED_OUT	Status to filter the certificate results
validate_certs bool (added in 1.5)	Choices: no yes ←	When set to "no", SSL certificates will not be validated for boto versions >= 2.6.0.

Notes ¶

Note

If parameters are not set within the module, the following environment variables can be used in decreasing order of precedence AWS_URL or EC2_URL, AWS_ACCESS_KEY_ID or AWS_ACCESS_KEY or EC2_ACCESS_KEY, AWS_SECRET_ACCESS_KEY or AWS_SECRET_KEY or EC2_SECRET_KEY, AWS_SECURITY_TOKEN or EC2_SECURITY_TOKEN, AWS_REGION or EC2_REGION
Ansible uses the boto configuration file (typically ~/.boto) if no credentials are provided. See https://boto.readthedocs.io/en/latest/boto_config_tut.html
AWS_REGION or EC2_REGION can be typically be used to specify the AWS region, when required, but this can also be configured in the boto config file

Examples ¶

- name: obtain all ACM certificates
  aws_acm_facts:

- name: obtain all facts for a single ACM certificate
  aws_acm_facts:
    domain_name: "*.example_com"

- name: obtain all certificates pending validiation
  aws_acm_facts:
    statuses:
    - PENDING_VALIDATION

Return Values ¶

Common return values are documented here, the following are the fields unique to this module:

Key				Returned	Description
certificates complex				always	A list of certificates
	status string			always	Status of the certificate in ACM Sample: ISSUED
	key_algorithm string			always	Algorithm used to generate the certificate Sample: RSA-2048
	tags dict			always	Tags associated with the certificate Sample: {'Environment': 'test', 'Application': 'helloworld'}
	certificate_chain string			when certificate creation is complete	Full certificate chain for the certificate Sample: -----BEGIN CERTIFICATE-----\nMII...\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\n...
	in_use_by list			always	A list of ARNs for the AWS resources that are using the certificate.
	signature_algorithm string			always	Algorithm used to sign the certificate Sample: SHA256WITHRSA
	issued_at string			always	Date certificate was issued Sample: 2017-01-01T00:00:00+10:00
	serial string			always	The serial number of the certificate Sample: 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0d:0e:0f
	subject_alternative_names list			always	Subject Alternative Names for the certificate Sample: ['*.example.com']
	not_before string			always	Date before which the certificate is not valid Sample: 2017-01-01T00:00:00+10:00
	subject string			always	The name of the entity that is associated with the public key contained in the certificate Sample: CN=*.example.com
	revoked_at string			when the certificate has been revoked	Date certificate was revoked Sample: 2017-09-01T10:00:00+10:00
	domain_validation_options complex			when certificate type is AMAZON_ISSUED	Options used by ACM to validate the certificate
		validation_domain string		always	The domain name ACM used to send validation emails Sample: example.com
		validation_status string		always	Validation status of the domain Sample: SUCCESS
		domain_name string		always	Fully qualified domain name of the certificate Sample: example.com
		validation_emails list		always	A list of email addresses that ACM used to send domain validation emails Sample: ['[email protected]', '[email protected]']
	certificate string			when certificate creation is complete	The ACM Certificate body Sample: -----BEGIN CERTIFICATE-----\nMII.....-----END CERTIFICATE-----\n
	renewal_summary complex			when certificate is issued by Amazon and a renewal has been started	Information about managed renewal process
		renewal_status string		always	Status of the domain renewal Sample: PENDING_AUTO_RENEWAL
		domain_validation_options complex		when certificate type is AMAZON_ISSUED	Options used by ACM to validate the certificate
			validation_domain string	always	The domain name ACM used to send validation emails Sample: example.com
			validation_status string	always	Validation status of the domain Sample: SUCCESS
			domain_name string	always	Fully qualified domain name of the certificate Sample: example.com
			validation_emails list	always	A list of email addresses that ACM used to send domain validation emails Sample: ['[email protected]', '[email protected]']
	not_after string			always	Date after which the certificate is not valid Sample: 2019-01-01T00:00:00+10:00
	created_at string			always	Date certificate was created Sample: 2017-08-15T10:31:19+10:00
	domain_name string			always	Domain name for the certificate Sample: *.example.com
	revocation_reason string			when the certificate has been revoked	Reason for certificate revocation Sample: SUPERCEDED
	failure_reason string			only when certificate issuing failed	Reason certificate request failed Sample: NO_AVAILABLE_CONTACTS
	certificate_arn string			always	Certificate ARN Sample: arn:aws:acm:ap-southeast-2:123456789012:certificate/abcd1234-abcd-1234-abcd-123456789abc
	issuer string			always	Issuer of the certificate Sample: Amazon
	type string			always	The source of the certificate Sample: AMAZON_ISSUED

Status ¶

This module is flagged as preview which means that it is not guaranteed to have a backwards compatible interface.

Maintenance ¶

This module is flagged as community which means that it is maintained by the Ansible Community. See Module Maintenance & Support for more info.

For a list of other modules that are also maintained by the Ansible Community, see here.

Author ¶

Will Thames (@willthames)

Hint

If you notice any issues in this documentation you can edit this document to improve it.