AWS::Lightsail::LoadBalancerTlsCertificate
The AWS::Lightsail::LoadBalancerTlsCertificate
resource specifies a TLS
certificate that can be used with a Lightsail load balancer.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::Lightsail::LoadBalancerTlsCertificate", "Properties" : { "CertificateAlternativeNames" :
[ String, ... ]
, "CertificateDomainName" :String
, "CertificateName" :String
, "HttpsRedirectionEnabled" :Boolean
, "IsAttached" :Boolean
, "LoadBalancerName" :String
} }
YAML
Type: AWS::Lightsail::LoadBalancerTlsCertificate Properties: CertificateAlternativeNames:
- String
CertificateDomainName:String
CertificateName:String
HttpsRedirectionEnabled:Boolean
IsAttached:Boolean
LoadBalancerName:String
Properties
CertificateAlternativeNames
-
An array of alternative domain names and subdomain names for your SSL/TLS certificate.
In addition to the primary domain name, you can have up to nine alternative domain names. Wildcards (such as
*.example.com
) are not supported.Required: No
Type: Array of String
Update requires: Updates are not supported.
CertificateDomainName
-
The domain name for the SSL/TLS certificate. For example,
example.com
orwww.example.com
.Required: Yes
Type: String
Update requires: Updates are not supported.
CertificateName
-
The name of the SSL/TLS certificate.
Required: Yes
Type: String
Update requires: Replacement
HttpsRedirectionEnabled
-
A Boolean value indicating whether HTTPS redirection is enabled for the load balancer that the TLS certificate is attached to.
Required: No
Type: Boolean
Update requires: No interruption
IsAttached
-
A Boolean value indicating whether the SSL/TLS certificate is attached to a Lightsail load balancer.
Required: No
Type: Boolean
Update requires: No interruption
LoadBalancerName
-
The name of the load balancer that the SSL/TLS certificate is attached to.
Required: Yes
Type: String
Pattern:
\w[\w\-]*\w
Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns a unique identifier for this resource.
Fn::GetAtt
The Fn::GetAtt
intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAtt
intrinsic function, see Fn::GetAtt
.
LoadBalancerTlsCertificateArn
-
The Amazon Resource Name (ARN) of the SSL/TLS certificate.
Status
-
The validation status of the SSL/TLS certificate.
Valid Values:
PENDING_VALIDATION
|ISSUED
|INACTIVE
|EXPIRED
|VALIDATION_TIMED_OUT
|REVOKED
|FAILED
|UNKNOWN
Remarks
Attaching certificates to load balancers
Use the IsAttached
parameter to attach a certificate to a load balancer.
The certificate must be in a valid state before it can be attached.
Replacing certificates attached to load balancers
After a certificate is attached to a load balancer, it cannot be detached. It can only be replaced.
If the isAttached
parameter is changed from true
to
false
for a certificate, it won’t be detached from the load balancer and
the stack will drift. You can replace a certificate by changing the
isAttached
parameter of a different certificate to true
and
changing the current certificate’s isAttached
parameter to
false
.
Maximum attached certificates
Don't attach more than one certificate to a load balancer. If you attach multiple certificates to a load balancer, the behavior is unpredictable, and any one of the certificates might be in effect. This will cause the stack to drift because only one of the certificates is attached to the load balancer, but the template shows multiple.
Configuring HTTPS redirection
The HttpsRedirectionEnabled
parameter can only be set on a certificate
that is in a valid state and is also attached to a load balancer.