github.com/pulumi/pulumi-aws/sdk/v6@v6.32.0/go/aws/apigateway/domainName.go

// Code generated by the Pulumi Terraform Bridge (tfgen) Tool DO NOT EDIT.
// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! ***

package apigateway

import (
	"context"
	"reflect"

	"errors"
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/internal"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

// Registers a custom domain name for use with AWS API Gateway. Additional information about this functionality
// can be found in the [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html).
//
// This resource just establishes ownership of and the TLS settings for
// a particular domain name. An API can be attached to a particular path
// under the registered domain name using
// the `apigateway.BasePathMapping` resource.
//
// API Gateway domains can be defined as either 'edge-optimized' or 'regional'.  In an edge-optimized configuration,
// API Gateway internally creates and manages a CloudFront distribution to route requests on the given hostname. In
// addition to this resource it's necessary to create a DNS record corresponding to the given domain name which is an alias
// (either Route53 alias or traditional CNAME) to the Cloudfront domain name exported in the `cloudfrontDomainName`
// attribute.
//
// In a regional configuration, API Gateway does not create a CloudFront distribution to route requests to the API, though
// a distribution can be created if needed. In either case, it is necessary to create a DNS record corresponding to the
// given domain name which is an alias (either Route53 alias or traditional CNAME) to the regional domain name exported in
// the `regionalDomainName` attribute.
//
// > **Note:** API Gateway requires the use of AWS Certificate Manager (ACM) certificates instead of Identity and Access Management (IAM) certificates in regions that support ACM. Regions that support ACM can be found in the [Regions and Endpoints Documentation](https://docs.aws.amazon.com/general/latest/gr/rande.html#acm_region). To import an existing private key and certificate into ACM or request an ACM certificate, see the `acm.Certificate` resource.
//
// > **Note:** The `apigateway.DomainName` resource expects dependency on the `acm.CertificateValidation` as
// only verified certificates can be used. This can be made either explicitly by adding the
// `dependsOn = [aws_acm_certificate_validation.cert]` attribute. Or implicitly by referring certificate ARN
// from the validation resource where it will be available after the resource creation:
// `regionalCertificateArn = aws_acm_certificate_validation.cert.certificate_arn`.
//
// ## Example Usage
//
// ### Edge Optimized (ACM Certificate)
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway"
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			example, err := apigateway.NewDomainName(ctx, "example", &apigateway.DomainNameArgs{
//				CertificateArn: pulumi.Any(exampleAwsAcmCertificateValidation.CertificateArn),
//				DomainName:     pulumi.String("api.example.com"),
//			})
//			if err != nil {
//				return err
//			}
//			// Example DNS record using Route53.
//			// Route53 is not specifically required; any DNS host can be used.
//			_, err = route53.NewRecord(ctx, "example", &route53.RecordArgs{
//				Name:   example.DomainName,
//				Type:   pulumi.String(route53.RecordTypeA),
//				ZoneId: pulumi.Any(exampleAwsRoute53Zone.Id),
//				Aliases: route53.RecordAliasArray{
//					&route53.RecordAliasArgs{
//						EvaluateTargetHealth: pulumi.Bool(true),
//						Name:                 example.CloudfrontDomainName,
//						ZoneId:               example.CloudfrontZoneId,
//					},
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ### Regional (ACM Certificate)
//
// <!--Start PulumiCodeChooser -->
// ```go
// package main
//
// import (
//
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/apigateway"
//	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/route53"
//	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
//
// )
//
//	func main() {
//		pulumi.Run(func(ctx *pulumi.Context) error {
//			example, err := apigateway.NewDomainName(ctx, "example", &apigateway.DomainNameArgs{
//				DomainName:             pulumi.String("api.example.com"),
//				RegionalCertificateArn: pulumi.Any(exampleAwsAcmCertificateValidation.CertificateArn),
//				EndpointConfiguration: &apigateway.DomainNameEndpointConfigurationArgs{
//					Types: pulumi.String("REGIONAL"),
//				},
//			})
//			if err != nil {
//				return err
//			}
//			// Example DNS record using Route53.
//			// Route53 is not specifically required; any DNS host can be used.
//			_, err = route53.NewRecord(ctx, "example", &route53.RecordArgs{
//				Name:   example.DomainName,
//				Type:   pulumi.String(route53.RecordTypeA),
//				ZoneId: pulumi.Any(exampleAwsRoute53Zone.Id),
//				Aliases: route53.RecordAliasArray{
//					&route53.RecordAliasArgs{
//						EvaluateTargetHealth: pulumi.Bool(true),
//						Name:                 example.RegionalDomainName,
//						ZoneId:               example.RegionalZoneId,
//					},
//				},
//			})
//			if err != nil {
//				return err
//			}
//			return nil
//		})
//	}
//
// ```
// <!--End PulumiCodeChooser -->
//
// ## Import
//
// Using `pulumi import`, import API Gateway domain names using their `name`. For example:
//
// ```sh
// $ pulumi import aws:apigateway/domainName:DomainName example dev.example.com
// ```
type DomainName struct {
	pulumi.CustomResourceState

	// ARN of domain name.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with `certificateName`, `certificateBody`, `certificateChain`, `certificatePrivateKey`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateArn pulumi.StringPtrOutput `pulumi:"certificateArn"`
	// Certificate issued for the domain name being registered, in PEM format. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateBody pulumi.StringPtrOutput `pulumi:"certificateBody"`
	// Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateChain pulumi.StringPtrOutput `pulumi:"certificateChain"`
	// Unique name to use when registering this certificate as an IAM server certificate. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`. Required if `certificateArn` is not set.
	CertificateName pulumi.StringPtrOutput `pulumi:"certificateName"`
	// Private key associated with the domain certificate given in `certificateBody`. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificatePrivateKey pulumi.StringPtrOutput `pulumi:"certificatePrivateKey"`
	// Upload date associated with the domain certificate.
	CertificateUploadDate pulumi.StringOutput `pulumi:"certificateUploadDate"`
	// Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
	CloudfrontDomainName pulumi.StringOutput `pulumi:"cloudfrontDomainName"`
	// For convenience, the hosted zone ID (`Z2FDTNDATAQYW2`) that can be used to create a Route53 alias record for the distribution.
	CloudfrontZoneId pulumi.StringOutput `pulumi:"cloudfrontZoneId"`
	// Fully-qualified domain name to register.
	DomainName pulumi.StringOutput `pulumi:"domainName"`
	// Configuration block defining API endpoint information including type. See below.
	EndpointConfiguration DomainNameEndpointConfigurationOutput `pulumi:"endpointConfiguration"`
	// Mutual TLS authentication configuration for the domain name. See below.
	MutualTlsAuthentication DomainNameMutualTlsAuthenticationPtrOutput `pulumi:"mutualTlsAuthentication"`
	// ARN of the AWS-issued certificate used to validate custom domain ownership (when `certificateArn` is issued via an ACM Private CA or `mutualTlsAuthentication` is configured with an ACM-imported certificate.)
	OwnershipVerificationCertificateArn pulumi.StringOutput `pulumi:"ownershipVerificationCertificateArn"`
	// ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with `certificateArn`, `certificateName`, `certificateBody`, `certificateChain`, and `certificatePrivateKey`.
	//
	// When uploading a certificate, the following arguments are supported:
	RegionalCertificateArn pulumi.StringPtrOutput `pulumi:"regionalCertificateArn"`
	// User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with `certificateArn`, `certificateName`, `certificateBody`, `certificateChain`, and `certificatePrivateKey`.
	RegionalCertificateName pulumi.StringPtrOutput `pulumi:"regionalCertificateName"`
	// Hostname for the custom domain's regional endpoint.
	RegionalDomainName pulumi.StringOutput `pulumi:"regionalDomainName"`
	// Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
	RegionalZoneId pulumi.StringOutput `pulumi:"regionalZoneId"`
	// Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are `TLS_1_0` and `TLS_1_2`. Must be configured to perform drift detection.
	SecurityPolicy pulumi.StringOutput `pulumi:"securityPolicy"`
	// Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	//
	// When referencing an AWS-managed certificate, the following arguments are supported:
	Tags pulumi.StringMapOutput `pulumi:"tags"`
	// Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	//
	// Deprecated: Please use `tags` instead.
	TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
}

// NewDomainName registers a new resource with the given unique name, arguments, and options.
func NewDomainName(ctx *pulumi.Context,
	name string, args *DomainNameArgs, opts ...pulumi.ResourceOption) (*DomainName, error) {
	if args == nil {
		return nil, errors.New("missing one or more required arguments")
	}

	if args.DomainName == nil {
		return nil, errors.New("invalid value for required argument 'DomainName'")
	}
	if args.CertificatePrivateKey != nil {
		args.CertificatePrivateKey = pulumi.ToSecret(args.CertificatePrivateKey).(pulumi.StringPtrInput)
	}
	secrets := pulumi.AdditionalSecretOutputs([]string{
		"certificatePrivateKey",
	})
	opts = append(opts, secrets)
	opts = internal.PkgResourceDefaultOpts(opts)
	var resource DomainName
	err := ctx.RegisterResource("aws:apigateway/domainName:DomainName", name, args, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// GetDomainName gets an existing DomainName resource's state with the given name, ID, and optional
// state properties that are used to uniquely qualify the lookup (nil if not required).
func GetDomainName(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *DomainNameState, opts ...pulumi.ResourceOption) (*DomainName, error) {
	var resource DomainName
	err := ctx.ReadResource("aws:apigateway/domainName:DomainName", name, id, state, &resource, opts...)
	if err != nil {
		return nil, err
	}
	return &resource, nil
}

// Input properties used for looking up and filtering DomainName resources.
type domainNameState struct {
	// ARN of domain name.
	Arn *string `pulumi:"arn"`
	// ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with `certificateName`, `certificateBody`, `certificateChain`, `certificatePrivateKey`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateArn *string `pulumi:"certificateArn"`
	// Certificate issued for the domain name being registered, in PEM format. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateBody *string `pulumi:"certificateBody"`
	// Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateChain *string `pulumi:"certificateChain"`
	// Unique name to use when registering this certificate as an IAM server certificate. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`. Required if `certificateArn` is not set.
	CertificateName *string `pulumi:"certificateName"`
	// Private key associated with the domain certificate given in `certificateBody`. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificatePrivateKey *string `pulumi:"certificatePrivateKey"`
	// Upload date associated with the domain certificate.
	CertificateUploadDate *string `pulumi:"certificateUploadDate"`
	// Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
	CloudfrontDomainName *string `pulumi:"cloudfrontDomainName"`
	// For convenience, the hosted zone ID (`Z2FDTNDATAQYW2`) that can be used to create a Route53 alias record for the distribution.
	CloudfrontZoneId *string `pulumi:"cloudfrontZoneId"`
	// Fully-qualified domain name to register.
	DomainName *string `pulumi:"domainName"`
	// Configuration block defining API endpoint information including type. See below.
	EndpointConfiguration *DomainNameEndpointConfiguration `pulumi:"endpointConfiguration"`
	// Mutual TLS authentication configuration for the domain name. See below.
	MutualTlsAuthentication *DomainNameMutualTlsAuthentication `pulumi:"mutualTlsAuthentication"`
	// ARN of the AWS-issued certificate used to validate custom domain ownership (when `certificateArn` is issued via an ACM Private CA or `mutualTlsAuthentication` is configured with an ACM-imported certificate.)
	OwnershipVerificationCertificateArn *string `pulumi:"ownershipVerificationCertificateArn"`
	// ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with `certificateArn`, `certificateName`, `certificateBody`, `certificateChain`, and `certificatePrivateKey`.
	//
	// When uploading a certificate, the following arguments are supported:
	RegionalCertificateArn *string `pulumi:"regionalCertificateArn"`
	// User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with `certificateArn`, `certificateName`, `certificateBody`, `certificateChain`, and `certificatePrivateKey`.
	RegionalCertificateName *string `pulumi:"regionalCertificateName"`
	// Hostname for the custom domain's regional endpoint.
	RegionalDomainName *string `pulumi:"regionalDomainName"`
	// Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
	RegionalZoneId *string `pulumi:"regionalZoneId"`
	// Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are `TLS_1_0` and `TLS_1_2`. Must be configured to perform drift detection.
	SecurityPolicy *string `pulumi:"securityPolicy"`
	// Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	//
	// When referencing an AWS-managed certificate, the following arguments are supported:
	Tags map[string]string `pulumi:"tags"`
	// Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	//
	// Deprecated: Please use `tags` instead.
	TagsAll map[string]string `pulumi:"tagsAll"`
}

type DomainNameState struct {
	// ARN of domain name.
	Arn pulumi.StringPtrInput
	// ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with `certificateName`, `certificateBody`, `certificateChain`, `certificatePrivateKey`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateArn pulumi.StringPtrInput
	// Certificate issued for the domain name being registered, in PEM format. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateBody pulumi.StringPtrInput
	// Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateChain pulumi.StringPtrInput
	// Unique name to use when registering this certificate as an IAM server certificate. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`. Required if `certificateArn` is not set.
	CertificateName pulumi.StringPtrInput
	// Private key associated with the domain certificate given in `certificateBody`. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificatePrivateKey pulumi.StringPtrInput
	// Upload date associated with the domain certificate.
	CertificateUploadDate pulumi.StringPtrInput
	// Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
	CloudfrontDomainName pulumi.StringPtrInput
	// For convenience, the hosted zone ID (`Z2FDTNDATAQYW2`) that can be used to create a Route53 alias record for the distribution.
	CloudfrontZoneId pulumi.StringPtrInput
	// Fully-qualified domain name to register.
	DomainName pulumi.StringPtrInput
	// Configuration block defining API endpoint information including type. See below.
	EndpointConfiguration DomainNameEndpointConfigurationPtrInput
	// Mutual TLS authentication configuration for the domain name. See below.
	MutualTlsAuthentication DomainNameMutualTlsAuthenticationPtrInput
	// ARN of the AWS-issued certificate used to validate custom domain ownership (when `certificateArn` is issued via an ACM Private CA or `mutualTlsAuthentication` is configured with an ACM-imported certificate.)
	OwnershipVerificationCertificateArn pulumi.StringPtrInput
	// ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with `certificateArn`, `certificateName`, `certificateBody`, `certificateChain`, and `certificatePrivateKey`.
	//
	// When uploading a certificate, the following arguments are supported:
	RegionalCertificateArn pulumi.StringPtrInput
	// User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with `certificateArn`, `certificateName`, `certificateBody`, `certificateChain`, and `certificatePrivateKey`.
	RegionalCertificateName pulumi.StringPtrInput
	// Hostname for the custom domain's regional endpoint.
	RegionalDomainName pulumi.StringPtrInput
	// Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
	RegionalZoneId pulumi.StringPtrInput
	// Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are `TLS_1_0` and `TLS_1_2`. Must be configured to perform drift detection.
	SecurityPolicy pulumi.StringPtrInput
	// Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	//
	// When referencing an AWS-managed certificate, the following arguments are supported:
	Tags pulumi.StringMapInput
	// Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	//
	// Deprecated: Please use `tags` instead.
	TagsAll pulumi.StringMapInput
}

func (DomainNameState) ElementType() reflect.Type {
	return reflect.TypeOf((*domainNameState)(nil)).Elem()
}

type domainNameArgs struct {
	// ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with `certificateName`, `certificateBody`, `certificateChain`, `certificatePrivateKey`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateArn *string `pulumi:"certificateArn"`
	// Certificate issued for the domain name being registered, in PEM format. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateBody *string `pulumi:"certificateBody"`
	// Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateChain *string `pulumi:"certificateChain"`
	// Unique name to use when registering this certificate as an IAM server certificate. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`. Required if `certificateArn` is not set.
	CertificateName *string `pulumi:"certificateName"`
	// Private key associated with the domain certificate given in `certificateBody`. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificatePrivateKey *string `pulumi:"certificatePrivateKey"`
	// Fully-qualified domain name to register.
	DomainName string `pulumi:"domainName"`
	// Configuration block defining API endpoint information including type. See below.
	EndpointConfiguration *DomainNameEndpointConfiguration `pulumi:"endpointConfiguration"`
	// Mutual TLS authentication configuration for the domain name. See below.
	MutualTlsAuthentication *DomainNameMutualTlsAuthentication `pulumi:"mutualTlsAuthentication"`
	// ARN of the AWS-issued certificate used to validate custom domain ownership (when `certificateArn` is issued via an ACM Private CA or `mutualTlsAuthentication` is configured with an ACM-imported certificate.)
	OwnershipVerificationCertificateArn *string `pulumi:"ownershipVerificationCertificateArn"`
	// ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with `certificateArn`, `certificateName`, `certificateBody`, `certificateChain`, and `certificatePrivateKey`.
	//
	// When uploading a certificate, the following arguments are supported:
	RegionalCertificateArn *string `pulumi:"regionalCertificateArn"`
	// User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with `certificateArn`, `certificateName`, `certificateBody`, `certificateChain`, and `certificatePrivateKey`.
	RegionalCertificateName *string `pulumi:"regionalCertificateName"`
	// Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are `TLS_1_0` and `TLS_1_2`. Must be configured to perform drift detection.
	SecurityPolicy *string `pulumi:"securityPolicy"`
	// Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	//
	// When referencing an AWS-managed certificate, the following arguments are supported:
	Tags map[string]string `pulumi:"tags"`
}

// The set of arguments for constructing a DomainName resource.
type DomainNameArgs struct {
	// ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with `certificateName`, `certificateBody`, `certificateChain`, `certificatePrivateKey`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateArn pulumi.StringPtrInput
	// Certificate issued for the domain name being registered, in PEM format. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateBody pulumi.StringPtrInput
	// Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificateChain pulumi.StringPtrInput
	// Unique name to use when registering this certificate as an IAM server certificate. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`. Required if `certificateArn` is not set.
	CertificateName pulumi.StringPtrInput
	// Private key associated with the domain certificate given in `certificateBody`. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
	CertificatePrivateKey pulumi.StringPtrInput
	// Fully-qualified domain name to register.
	DomainName pulumi.StringInput
	// Configuration block defining API endpoint information including type. See below.
	EndpointConfiguration DomainNameEndpointConfigurationPtrInput
	// Mutual TLS authentication configuration for the domain name. See below.
	MutualTlsAuthentication DomainNameMutualTlsAuthenticationPtrInput
	// ARN of the AWS-issued certificate used to validate custom domain ownership (when `certificateArn` is issued via an ACM Private CA or `mutualTlsAuthentication` is configured with an ACM-imported certificate.)
	OwnershipVerificationCertificateArn pulumi.StringPtrInput
	// ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with `certificateArn`, `certificateName`, `certificateBody`, `certificateChain`, and `certificatePrivateKey`.
	//
	// When uploading a certificate, the following arguments are supported:
	RegionalCertificateArn pulumi.StringPtrInput
	// User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with `certificateArn`, `certificateName`, `certificateBody`, `certificateChain`, and `certificatePrivateKey`.
	RegionalCertificateName pulumi.StringPtrInput
	// Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are `TLS_1_0` and `TLS_1_2`. Must be configured to perform drift detection.
	SecurityPolicy pulumi.StringPtrInput
	// Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	//
	// When referencing an AWS-managed certificate, the following arguments are supported:
	Tags pulumi.StringMapInput
}

func (DomainNameArgs) ElementType() reflect.Type {
	return reflect.TypeOf((*domainNameArgs)(nil)).Elem()
}

type DomainNameInput interface {
	pulumi.Input

	ToDomainNameOutput() DomainNameOutput
	ToDomainNameOutputWithContext(ctx context.Context) DomainNameOutput
}

func (*DomainName) ElementType() reflect.Type {
	return reflect.TypeOf((**DomainName)(nil)).Elem()
}

func (i *DomainName) ToDomainNameOutput() DomainNameOutput {
	return i.ToDomainNameOutputWithContext(context.Background())
}

func (i *DomainName) ToDomainNameOutputWithContext(ctx context.Context) DomainNameOutput {
	return pulumi.ToOutputWithContext(ctx, i).(DomainNameOutput)
}

// DomainNameArrayInput is an input type that accepts DomainNameArray and DomainNameArrayOutput values.
// You can construct a concrete instance of `DomainNameArrayInput` via:
//
//	DomainNameArray{ DomainNameArgs{...} }
type DomainNameArrayInput interface {
	pulumi.Input

	ToDomainNameArrayOutput() DomainNameArrayOutput
	ToDomainNameArrayOutputWithContext(context.Context) DomainNameArrayOutput
}

type DomainNameArray []DomainNameInput

func (DomainNameArray) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*DomainName)(nil)).Elem()
}

func (i DomainNameArray) ToDomainNameArrayOutput() DomainNameArrayOutput {
	return i.ToDomainNameArrayOutputWithContext(context.Background())
}

func (i DomainNameArray) ToDomainNameArrayOutputWithContext(ctx context.Context) DomainNameArrayOutput {
	return pulumi.ToOutputWithContext(ctx, i).(DomainNameArrayOutput)
}

// DomainNameMapInput is an input type that accepts DomainNameMap and DomainNameMapOutput values.
// You can construct a concrete instance of `DomainNameMapInput` via:
//
//	DomainNameMap{ "key": DomainNameArgs{...} }
type DomainNameMapInput interface {
	pulumi.Input

	ToDomainNameMapOutput() DomainNameMapOutput
	ToDomainNameMapOutputWithContext(context.Context) DomainNameMapOutput
}

type DomainNameMap map[string]DomainNameInput

func (DomainNameMap) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*DomainName)(nil)).Elem()
}

func (i DomainNameMap) ToDomainNameMapOutput() DomainNameMapOutput {
	return i.ToDomainNameMapOutputWithContext(context.Background())
}

func (i DomainNameMap) ToDomainNameMapOutputWithContext(ctx context.Context) DomainNameMapOutput {
	return pulumi.ToOutputWithContext(ctx, i).(DomainNameMapOutput)
}

type DomainNameOutput struct{ *pulumi.OutputState }

func (DomainNameOutput) ElementType() reflect.Type {
	return reflect.TypeOf((**DomainName)(nil)).Elem()
}

func (o DomainNameOutput) ToDomainNameOutput() DomainNameOutput {
	return o
}

func (o DomainNameOutput) ToDomainNameOutputWithContext(ctx context.Context) DomainNameOutput {
	return o
}

// ARN of domain name.
func (o DomainNameOutput) Arn() pulumi.StringOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringOutput { return v.Arn }).(pulumi.StringOutput)
}

// ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with `certificateName`, `certificateBody`, `certificateChain`, `certificatePrivateKey`, `regionalCertificateArn`, and `regionalCertificateName`.
func (o DomainNameOutput) CertificateArn() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringPtrOutput { return v.CertificateArn }).(pulumi.StringPtrOutput)
}

// Certificate issued for the domain name being registered, in PEM format. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
func (o DomainNameOutput) CertificateBody() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringPtrOutput { return v.CertificateBody }).(pulumi.StringPtrOutput)
}

// Certificate for the CA that issued the certificate, along with any intermediate CA certificates required to create an unbroken chain to a certificate trusted by the intended API clients. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
func (o DomainNameOutput) CertificateChain() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringPtrOutput { return v.CertificateChain }).(pulumi.StringPtrOutput)
}

// Unique name to use when registering this certificate as an IAM server certificate. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`. Required if `certificateArn` is not set.
func (o DomainNameOutput) CertificateName() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringPtrOutput { return v.CertificateName }).(pulumi.StringPtrOutput)
}

// Private key associated with the domain certificate given in `certificateBody`. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificateArn`, `regionalCertificateArn`, and `regionalCertificateName`.
func (o DomainNameOutput) CertificatePrivateKey() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringPtrOutput { return v.CertificatePrivateKey }).(pulumi.StringPtrOutput)
}

// Upload date associated with the domain certificate.
func (o DomainNameOutput) CertificateUploadDate() pulumi.StringOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringOutput { return v.CertificateUploadDate }).(pulumi.StringOutput)
}

// Hostname created by Cloudfront to represent the distribution that implements this domain name mapping.
func (o DomainNameOutput) CloudfrontDomainName() pulumi.StringOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringOutput { return v.CloudfrontDomainName }).(pulumi.StringOutput)
}

// For convenience, the hosted zone ID (`Z2FDTNDATAQYW2`) that can be used to create a Route53 alias record for the distribution.
func (o DomainNameOutput) CloudfrontZoneId() pulumi.StringOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringOutput { return v.CloudfrontZoneId }).(pulumi.StringOutput)
}

// Fully-qualified domain name to register.
func (o DomainNameOutput) DomainName() pulumi.StringOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringOutput { return v.DomainName }).(pulumi.StringOutput)
}

// Configuration block defining API endpoint information including type. See below.
func (o DomainNameOutput) EndpointConfiguration() DomainNameEndpointConfigurationOutput {
	return o.ApplyT(func(v *DomainName) DomainNameEndpointConfigurationOutput { return v.EndpointConfiguration }).(DomainNameEndpointConfigurationOutput)
}

// Mutual TLS authentication configuration for the domain name. See below.
func (o DomainNameOutput) MutualTlsAuthentication() DomainNameMutualTlsAuthenticationPtrOutput {
	return o.ApplyT(func(v *DomainName) DomainNameMutualTlsAuthenticationPtrOutput { return v.MutualTlsAuthentication }).(DomainNameMutualTlsAuthenticationPtrOutput)
}

// ARN of the AWS-issued certificate used to validate custom domain ownership (when `certificateArn` is issued via an ACM Private CA or `mutualTlsAuthentication` is configured with an ACM-imported certificate.)
func (o DomainNameOutput) OwnershipVerificationCertificateArn() pulumi.StringOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringOutput { return v.OwnershipVerificationCertificateArn }).(pulumi.StringOutput)
}

// ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with `certificateArn`, `certificateName`, `certificateBody`, `certificateChain`, and `certificatePrivateKey`.
//
// When uploading a certificate, the following arguments are supported:
func (o DomainNameOutput) RegionalCertificateArn() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringPtrOutput { return v.RegionalCertificateArn }).(pulumi.StringPtrOutput)
}

// User-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with `certificateArn`, `certificateName`, `certificateBody`, `certificateChain`, and `certificatePrivateKey`.
func (o DomainNameOutput) RegionalCertificateName() pulumi.StringPtrOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringPtrOutput { return v.RegionalCertificateName }).(pulumi.StringPtrOutput)
}

// Hostname for the custom domain's regional endpoint.
func (o DomainNameOutput) RegionalDomainName() pulumi.StringOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringOutput { return v.RegionalDomainName }).(pulumi.StringOutput)
}

// Hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.
func (o DomainNameOutput) RegionalZoneId() pulumi.StringOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringOutput { return v.RegionalZoneId }).(pulumi.StringOutput)
}

// Transport Layer Security (TLS) version + cipher suite for this DomainName. Valid values are `TLS_1_0` and `TLS_1_2`. Must be configured to perform drift detection.
func (o DomainNameOutput) SecurityPolicy() pulumi.StringOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringOutput { return v.SecurityPolicy }).(pulumi.StringOutput)
}

// Key-value map of resource tags. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
//
// When referencing an AWS-managed certificate, the following arguments are supported:
func (o DomainNameOutput) Tags() pulumi.StringMapOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringMapOutput { return v.Tags }).(pulumi.StringMapOutput)
}

// Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
//
// Deprecated: Please use `tags` instead.
func (o DomainNameOutput) TagsAll() pulumi.StringMapOutput {
	return o.ApplyT(func(v *DomainName) pulumi.StringMapOutput { return v.TagsAll }).(pulumi.StringMapOutput)
}

type DomainNameArrayOutput struct{ *pulumi.OutputState }

func (DomainNameArrayOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*[]*DomainName)(nil)).Elem()
}

func (o DomainNameArrayOutput) ToDomainNameArrayOutput() DomainNameArrayOutput {
	return o
}

func (o DomainNameArrayOutput) ToDomainNameArrayOutputWithContext(ctx context.Context) DomainNameArrayOutput {
	return o
}

func (o DomainNameArrayOutput) Index(i pulumi.IntInput) DomainNameOutput {
	return pulumi.All(o, i).ApplyT(func(vs []interface{}) *DomainName {
		return vs[0].([]*DomainName)[vs[1].(int)]
	}).(DomainNameOutput)
}

type DomainNameMapOutput struct{ *pulumi.OutputState }

func (DomainNameMapOutput) ElementType() reflect.Type {
	return reflect.TypeOf((*map[string]*DomainName)(nil)).Elem()
}

func (o DomainNameMapOutput) ToDomainNameMapOutput() DomainNameMapOutput {
	return o
}

func (o DomainNameMapOutput) ToDomainNameMapOutputWithContext(ctx context.Context) DomainNameMapOutput {
	return o
}

func (o DomainNameMapOutput) MapIndex(k pulumi.StringInput) DomainNameOutput {
	return pulumi.All(o, k).ApplyT(func(vs []interface{}) *DomainName {
		return vs[0].(map[string]*DomainName)[vs[1].(string)]
	}).(DomainNameOutput)
}

func init() {
	pulumi.RegisterInputType(reflect.TypeOf((*DomainNameInput)(nil)).Elem(), &DomainName{})
	pulumi.RegisterInputType(reflect.TypeOf((*DomainNameArrayInput)(nil)).Elem(), DomainNameArray{})
	pulumi.RegisterInputType(reflect.TypeOf((*DomainNameMapInput)(nil)).Elem(), DomainNameMap{})
	pulumi.RegisterOutputType(DomainNameOutput{})
	pulumi.RegisterOutputType(DomainNameArrayOutput{})
	pulumi.RegisterOutputType(DomainNameMapOutput{})
}