RDS / Client / describe_certificates

describe_certificates#

RDS.Client.describe_certificates(**kwargs)#

Lists the set of certificate authority (CA) certificates provided by Amazon RDS for this Amazon Web Services account.

For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to a DB cluster in the Amazon Aurora User Guide.

See also: AWS API Documentation

Request Syntax

response = client.describe_certificates(
    CertificateIdentifier='string',
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    MaxRecords=123,
    Marker='string'
)
Parameters:
  • CertificateIdentifier (string) –

    The user-supplied certificate identifier. If this parameter is specified, information for only the identified certificate is returned. This parameter isn’t case-sensitive.

    Constraints:

    • Must match an existing CertificateIdentifier.

  • Filters (list) –

    This parameter isn’t currently supported.

    • (dict) –

      A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as IDs. The filters supported by a describe operation are documented with the describe operation.

      Note

      Currently, wildcards are not supported in filters.

      The following actions can be filtered:

      • DescribeDBClusterBacktracks

      • DescribeDBClusterEndpoints

      • DescribeDBClusters

      • DescribeDBInstances

      • DescribeDBRecommendations

      • DescribeDBShardGroups

      • DescribePendingMaintenanceActions

      • Name (string) – [REQUIRED]

        The name of the filter. Filter names are case-sensitive.

      • Values (list) – [REQUIRED]

        One or more filter values. Filter values are case-sensitive.

        • (string) –

  • MaxRecords (integer) –

    The maximum number of records to include in the response. If more records exist than the specified MaxRecords value, a pagination token called a marker is included in the response so you can retrieve the remaining results.

    Default: 100

    Constraints: Minimum 20, maximum 100.

  • Marker (string) – An optional pagination token provided by a previous DescribeCertificates request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.

Return type:

dict

Returns:

Response Syntax

{
    'DefaultCertificateForNewLaunches': 'string',
    'Certificates': [
        {
            'CertificateIdentifier': 'string',
            'CertificateType': 'string',
            'Thumbprint': 'string',
            'ValidFrom': datetime(2015, 1, 1),
            'ValidTill': datetime(2015, 1, 1),
            'CertificateArn': 'string',
            'CustomerOverride': True|False,
            'CustomerOverrideValidTill': datetime(2015, 1, 1)
        },
    ],
    'Marker': 'string'
}

Response Structure

  • (dict) –

    Data returned by the DescribeCertificates action.

    • DefaultCertificateForNewLaunches (string) –

      The default root CA for new databases created by your Amazon Web Services account. This is either the root CA override set on your Amazon Web Services account or the system default CA for the Region if no override exists. To override the default CA, use the ModifyCertificates operation.

    • Certificates (list) –

      The list of Certificate objects for the Amazon Web Services account.

      • (dict) –

        A CA certificate for an Amazon Web Services account.

        For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to a DB cluster in the Amazon Aurora User Guide.

        • CertificateIdentifier (string) –

          The unique key that identifies a certificate.

        • CertificateType (string) –

          The type of the certificate.

        • Thumbprint (string) –

          The thumbprint of the certificate.

        • ValidFrom (datetime) –

          The starting date from which the certificate is valid.

        • ValidTill (datetime) –

          The final date that the certificate continues to be valid.

        • CertificateArn (string) –

          The Amazon Resource Name (ARN) for the certificate.

        • CustomerOverride (boolean) –

          Indicates whether there is an override for the default certificate identifier.

        • CustomerOverrideValidTill (datetime) –

          If there is an override for the default certificate identifier, when the override expires.

    • Marker (string) –

      An optional pagination token provided by a previous DescribeCertificates request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords .

Exceptions

Examples

This example lists up to 20 certificates for the specified certificate identifier.

response = client.describe_certificates(
    CertificateIdentifier='rds-ca-2015',
    MaxRecords=20,
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}