LinuxCommandLibrary

aws-acm

Manage AWS Certificate Manager certificates

TLDR

Import a certificate

$ aws acm import-certificate --certificate-arn [certificate_arn] --certificate [certificate] --private-key [private_key] --certificate-chain [certificate_chain]
copy

List certificates
$ aws acm list-certificates
copy

Describe a certificate
$ aws acm describe-certificate --certificate-arn [certificate_arn]
copy

Request a certificate
$ aws acm request-certificate --domain-name [domain_name] --validation-method [validation_method]
copy

Delete a certificate
$ aws acm delete-certificate --certificate-arn [certificate_arn]
copy

List certificate validations
$ aws acm list-certificates --certificate-statuses [status]
copy

Get certificate details
$ aws acm get-certificate --certificate-arn [certificate_arn]
copy

Update certificate options
$ aws acm update-certificate-options --certificate-arn [certificate_arn] --options [options]
copy

SYNOPSIS

The `aws acm` command itself acts as a gateway to various ACM operations. Its general syntax is:
aws acm <subcommand> [ <options> ]

Examples of common subcommands include:

  • `aws acm request-certificate`: To request a new public SSL/TLS certificate.
  • `aws acm list-certificates`: To list all certificates in your account.
  • `aws acm delete-certificate`: To remove a certificate.
  • `aws acm describe-certificate`: To get detailed information about a specific certificate.

PARAMETERS

--region <region-name>
    Specifies the AWS region to operate in (e.g., us-east-1). Overrides environment variables or configuration files.

--output <format>
    Specifies the output format (e.g., json, text, table).

--profile <profile-name>
    Uses a specific named profile from your credential file.

--cli-input-json <value>
    Reads arguments from the specified JSON string or path to a JSON file.

--generate-cli-skeleton
    Prints a JSON skeleton for parameters to an operation, which can be used with --cli-input-json for complex inputs.

--debug
    Turns on debug logging, providing detailed information about the execution.

--no-paginate
    Disables pagination for commands that support it, returning all results in a single call rather than multiple API requests.

--query <jmespath-expression>
    Filters and transforms the output of a command using a JMESPath expression, allowing precise data extraction.

--domain-name <string> (example for request-certificate)
    The fully qualified domain name (FQDN) for which the certificate is being requested. (Specific to `request-certificate`).

--validation-method <string> (example for request-certificate)
    The method used to validate ownership of the domain (DNS or EMAIL). (Specific to `request-certificate`).

DESCRIPTION

AWS Certificate Manager (ACM) is an AWS service for provisioning, managing, and deploying public and private SSL/TLS certificates. The `aws acm` command group, part of the AWS Command Line Interface (CLI), provides a powerful way to interact with ACM programmatically from your terminal. It allows users to automate tasks such as requesting new SSL/TLS certificates, listing existing certificates, importing third-party certificates, deleting certificates, and managing certificate tags. This command group is essential for DevOps engineers and system administrators who manage infrastructure on AWS, enabling seamless integration into CI/CD pipelines and scripting for certificate lifecycle management. It abstracts the underlying API calls, providing a user-friendly interface to a critical security service.

CAVEATS

  • AWS CLI Installation: The `aws acm` commands require the AWS CLI to be installed and configured correctly with appropriate AWS credentials and default region.
  • IAM Permissions: Users must have the necessary AWS Identity and Access Management (IAM) permissions for specific ACM actions (e.g., `acm:RequestCertificate`, `acm:ListCertificates`). Without sufficient permissions, operations will fail with access denied errors.
  • Service Limits: AWS ACM has service quotas (e.g., maximum number of certificates per account). Exceeding these limits will result in API errors.
  • Certificate Validation: Domain validation (DNS or Email) is a crucial step for public certificates. Operations might hang or fail if validation is not completed successfully within the required timeframe by the domain owner.

CONFIGURATION

The AWS CLI can be configured globally or per profile using the `aws configure` command. This sets up default region, output format, and credentials. These settings can be overridden by command-line parameters or environment variables for specific commands.

CREDENTIAL MANAGEMENT

AWS credentials (Access Key ID and Secret Access Key) are typically stored securely in `~/.aws/credentials`, and configuration settings in `~/.aws/config`. For enhanced security and ease of management, it is highly recommended to use IAM roles for EC2 instances and other AWS services when running `aws acm` commands.

OUTPUT FILTERING AND TRANSFORMATION

The `--query` option, leveraging JMESPath expressions, is an extremely powerful feature for extracting specific data from the JSON output of `aws acm` commands. This is invaluable for scripting, automation, and integrating AWS CLI output into other tools or processes.

SEE ALSO

aws(1): The main AWS CLI command, which all service-specific commands are subcommands of., aws s3(1): AWS CLI commands for interacting with Amazon S3 storage service., aws ec2(1): AWS CLI commands for managing Amazon Elastic Compute Cloud (EC2) instances., jq(1): A lightweight and flexible command-line JSON processor, commonly used to parse and manipulate output from the AWS CLI.

Copied to clipboard