aws-cdk-lib.aws_iot.CfnCertificateProps

interface CfnCertificateProps

LanguageType name
.NETAmazon.CDK.AWS.IoT.CfnCertificateProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsiot#CfnCertificateProps
Javasoftware.amazon.awscdk.services.iot.CfnCertificateProps
Pythonaws_cdk.aws_iot.CfnCertificateProps
TypeScript aws-cdk-lib » aws_iot » CfnCertificateProps

Properties for defining a CfnCertificate.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_iot as iot } from 'aws-cdk-lib';
const cfnCertificateProps: iot.CfnCertificateProps = {
  status: 'status',

  // the properties below are optional
  caCertificatePem: 'caCertificatePem',
  certificateMode: 'certificateMode',
  certificatePem: 'certificatePem',
  certificateSigningRequest: 'certificateSigningRequest',
};

Properties

NameTypeDescription
statusstringThe status of the certificate.
caCertificatePem?stringThe CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.
certificateMode?stringSpecifies which mode of certificate registration to use with this resource.
certificatePem?stringThe certificate data in PEM format.
certificateSigningRequest?stringThe certificate signing request (CSR).

status

Type: string

The status of the certificate.

Valid values are ACTIVE, INACTIVE, REVOKED, PENDING_TRANSFER, and PENDING_ACTIVATION.

The status value REGISTER_INACTIVE is deprecated and should not be used.


caCertificatePem?

Type: string (optional)

The CA certificate used to sign the device certificate being registered, not available when CertificateMode is SNI_ONLY.


certificateMode?

Type: string (optional)

Specifies which mode of certificate registration to use with this resource.

Valid options are DEFAULT with CaCertificatePem and CertificatePem, SNI_ONLY with CertificatePem, and Default with CertificateSigningRequest.

DEFAULT : A certificate in DEFAULT mode is either generated by AWS IoT Core or registered with an issuer certificate authority (CA). Devices with certificates in DEFAULT mode aren't required to send the Server Name Indication (SNI) extension when connecting to AWS IoT Core . However, to use features such as custom domains and VPC endpoints, we recommend that you use the SNI extension when connecting to AWS IoT Core .

SNI_ONLY : A certificate in SNI_ONLY mode is registered without an issuer CA. Devices with certificates in SNI_ONLY mode must send the SNI extension when connecting to AWS IoT Core .


certificatePem?

Type: string (optional)

The certificate data in PEM format.

Requires SNI_ONLY for the certificate mode or the accompanying CACertificatePem for registration.


certificateSigningRequest?

Type: string (optional)

The certificate signing request (CSR).