Module acmpca

acmpca

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.
class pulumi_aws.acmpca.AwaitableGetCertificateAuthorityResult(arn=None, certificate=None, certificate_chain=None, certificate_signing_request=None, not_after=None, not_before=None, revocation_configurations=None, serial=None, status=None, tags=None, type=None, id=None)
class pulumi_aws.acmpca.CertificateAuthority(resource_name, opts=None, certificate_authority_configuration=None, enabled=None, permanent_deletion_time_in_days=None, revocation_configuration=None, tags=None, type=None, __props__=None, __name__=None, __opts__=None)

Provides a resource to manage AWS Certificate Manager Private Certificate Authorities (ACM PCA Certificate Authorities).

NOTE: Creating this resource will leave the certificate authority in a PENDING_CERTIFICATE status, which means it cannot yet issue certificates. To complete this setup, you must fully sign the certificate authority CSR available in the certificate_signing_request attribute and import the signed certificate using the AWS SDK, CLI or Console. This provider can support another resource to manage that workflow automatically in the future.
Parameters:
  • resource_name (str) – The name of the resource.
  • opts (pulumi.ResourceOptions) – Options for the resource.
  • certificate_authority_configuration (pulumi.Input[dict]) – Nested argument containing algorithms and certificate subject information. Defined below.
  • enabled (pulumi.Input[bool]) – Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to false.
  • permanent_deletion_time_in_days (pulumi.Input[float]) – The number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
  • revocation_configuration (pulumi.Input[dict]) – Nested argument containing revocation configuration. Defined below.
  • tags (pulumi.Input[dict]) – Specifies a key-value map of user-defined tags that are attached to the certificate authority.
  • type (pulumi.Input[str]) – The type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.
arn = None

Amazon Resource Name (ARN) of the certificate authority.

certificate = None

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

certificate_authority_configuration = None

Nested argument containing algorithms and certificate subject information. Defined below.

certificate_chain = None

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

certificate_signing_request = None

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

enabled = None

Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to false.

not_after = None

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

not_before = None

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

permanent_deletion_time_in_days = None

The number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

revocation_configuration = None

Nested argument containing revocation configuration. Defined below.

serial = None

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

status = None

Status of the certificate authority.

tags = None

Specifies a key-value map of user-defined tags that are attached to the certificate authority.

type = None

The type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

static get(resource_name, id, opts=None, arn=None, certificate=None, certificate_authority_configuration=None, certificate_chain=None, certificate_signing_request=None, enabled=None, not_after=None, not_before=None, permanent_deletion_time_in_days=None, revocation_configuration=None, serial=None, status=None, tags=None, type=None)

Get an existing CertificateAuthority resource’s state with the given name, id, and optional extra properties used to qualify the lookup. :param str resource_name: The unique name of the resulting resource. :param str id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] arn: Amazon Resource Name (ARN) of the certificate authority. :param pulumi.Input[str] certificate: Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported. :param pulumi.Input[dict] certificate_authority_configuration: Nested argument containing algorithms and certificate subject information. Defined below. :param pulumi.Input[str] certificate_chain: Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported. :param pulumi.Input[str] certificate_signing_request: The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate. :param pulumi.Input[bool] enabled: Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to false. :param pulumi.Input[str] not_after: Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported. :param pulumi.Input[str] not_before: Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported. :param pulumi.Input[float] permanent_deletion_time_in_days: The number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days. :param pulumi.Input[dict] revocation_configuration: Nested argument containing revocation configuration. Defined below. :param pulumi.Input[str] serial: Serial number of the certificate authority. Only available after the certificate authority certificate has been imported. :param pulumi.Input[str] status: Status of the certificate authority. :param pulumi.Input[dict] tags: Specifies a key-value map of user-defined tags that are attached to the certificate authority. :param pulumi.Input[str] type: The type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters:prop (str) – A property name.
Returns:A potentially transformed property name.
Return type:str
class pulumi_aws.acmpca.GetCertificateAuthorityResult(arn=None, certificate=None, certificate_chain=None, certificate_signing_request=None, not_after=None, not_before=None, revocation_configurations=None, serial=None, status=None, tags=None, type=None, id=None)

A collection of values returned by getCertificateAuthority.

certificate = None

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

certificate_chain = None

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

certificate_signing_request = None

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

not_after = None

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

not_before = None

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

revocation_configurations = None

Nested attribute containing revocation configuration.

  • revocation_configuration.0.crl_configuration - Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority.
  • revocation_configuration.0.crl_configuration.0.custom_cname - Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
  • revocation_configuration.0.crl_configuration.0.enabled - Boolean value that specifies whether certificate revocation lists (CRLs) are enabled.
  • revocation_configuration.0.crl_configuration.0.expiration_in_days - Number of days until a certificate expires.
  • revocation_configuration.0.crl_configuration.0.s3_bucket_name - Name of the S3 bucket that contains the CRL.
serial = None

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

status = None

Status of the certificate authority.

tags = None

Specifies a key-value map of user-defined tags that are attached to the certificate authority.

type = None

The type of the certificate authority.

id = None

id is the provider-assigned unique ID for this managed resource.

pulumi_aws.acmpca.get_certificate_authority(arn=None, revocation_configurations=None, tags=None, opts=None)

Get information on a AWS Certificate Manager Private Certificate Authority (ACM PCA Certificate Authority).