AWS::Lightsail::LoadBalancerTlsCertificate - AWS CloudFormation
SyntaxPropertiesReturn valuesRemarks

AWS::Lightsail::LoadBalancerTlsCertificate

The AWS::Lightsail::LoadBalancerTlsCertificate resource specifies a TLS certificate that can be used with a Lightsail load balancer.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::Lightsail::LoadBalancerTlsCertificate",
  "Properties" : {
      "CertificateAlternativeNames" : [ String, ... ],
      "CertificateDomainName" : String,
      "CertificateName" : String,
      "HttpsRedirectionEnabled" : Boolean,
      "IsAttached" : Boolean,
      "LoadBalancerName" : String
    }
}

YAML

Type: AWS::Lightsail::LoadBalancerTlsCertificate
Properties:
  CertificateAlternativeNames: 
    - String
  CertificateDomainName: String
  CertificateName: String
  HttpsRedirectionEnabled: Boolean
  IsAttached: Boolean
  LoadBalancerName: String

Properties

CertificateAlternativeNames

An array of alternative domain names and subdomain names for your SSL/TLS certificate.

In addition to the primary domain name, you can have up to nine alternative domain names. Wildcards (such as *.example.com) are not supported.

Required: No

Type: Array of String

Update requires: Updates are not supported.

CertificateDomainName

The domain name for the SSL/TLS certificate. For example, example.com or www.example.com.

Required: Yes

Type: String

Update requires: Updates are not supported.

CertificateName

The name of the SSL/TLS certificate.

Required: Yes

Type: String

Update requires: Replacement

HttpsRedirectionEnabled

A Boolean value indicating whether HTTPS redirection is enabled for the load balancer that the TLS certificate is attached to.

Required: No

Type: Boolean

Update requires: No interruption

IsAttached

A Boolean value indicating whether the SSL/TLS certificate is attached to a Lightsail load balancer.

Required: No

Type: Boolean

Update requires: No interruption

LoadBalancerName

The name of the load balancer that the SSL/TLS certificate is attached to.

Required: Yes

Type: String

Pattern: \w[\w\-]*\w

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns a unique identifier for this resource.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

LoadBalancerTlsCertificateArn

The Amazon Resource Name (ARN) of the SSL/TLS certificate.

Status

The validation status of the SSL/TLS certificate.

Valid Values: PENDING_VALIDATION | ISSUED | INACTIVE | EXPIRED | VALIDATION_TIMED_OUT | REVOKED | FAILED | UNKNOWN

Remarks

Attaching certificates to load balancers

Use the IsAttached parameter to attach a certificate to a load balancer. The certificate must be in a valid state before it can be attached.

Replacing certificates attached to load balancers

After a certificate is attached to a load balancer, it cannot be detached. It can only be replaced. If the isAttached parameter is changed from true to false for a certificate, it won’t be detached from the load balancer and the stack will drift. You can replace a certificate by changing the isAttached parameter of a different certificate to true and changing the current certificate’s isAttached parameter to false.

Maximum attached certificates

Don't attach more than one certificate to a load balancer. If you attach multiple certificates to a load balancer, the behavior is unpredictable, and any one of the certificates might be in effect. This will cause the stack to drift because only one of the certificates is attached to the load balancer, but the template shows multiple.

Configuring HTTPS redirection

The HttpsRedirectionEnabled parameter can only be set on a certificate that is in a valid state and is also attached to a load balancer.