aws-native.acmpca.CertificateAuthority
Explore with Pulumi AI
Private certificate authority.
Example Usage
Example
using System.Collections.Generic;
using Pulumi;
using AwsNative = Pulumi.AwsNative;
return await Deployment.RunAsync(() =>
{
var rootCA = new AwsNative.ACMPCA.CertificateAuthority("rootCA", new()
{
Type = "ROOT",
KeyAlgorithm = "RSA_2048",
SigningAlgorithm = "SHA256WITHRSA",
Subject = new AwsNative.ACMPCA.Inputs.CertificateAuthoritySubjectArgs
{
Country = "US",
Organization = "string",
OrganizationalUnit = "string",
DistinguishedNameQualifier = "string",
State = "string",
CommonName = "123",
SerialNumber = "string",
Locality = "string",
Title = "string",
Surname = "string",
GivenName = "string",
Initials = "DG",
Pseudonym = "string",
GenerationQualifier = "DBG",
},
RevocationConfiguration = new AwsNative.ACMPCA.Inputs.CertificateAuthorityRevocationConfigurationArgs
{
CrlConfiguration = new AwsNative.ACMPCA.Inputs.CertificateAuthorityCrlConfigurationArgs
{
Enabled = false,
},
},
});
var rootCACertificate = new AwsNative.ACMPCA.Certificate("rootCACertificate", new()
{
CertificateAuthorityArn = rootCA.Id,
CertificateSigningRequest = rootCA.Certificate_signing_request,
SigningAlgorithm = "SHA256WITHRSA",
TemplateArn = "arn:aws:acm-pca:::template/RootCACertificate/V1",
Validity = new AwsNative.ACMPCA.Inputs.CertificateValidityArgs
{
Type = "DAYS",
Value = 100,
},
});
var rootCAActivation = new AwsNative.ACMPCA.CertificateAuthorityActivation("rootCAActivation", new()
{
CertificateAuthorityArn = rootCA.Id,
Certificate = rootCACertificate.Certificate,
Status = "ACTIVE",
});
var rootCAPermission = new AwsNative.ACMPCA.Permission("rootCAPermission", new()
{
Actions = new[]
{
"IssueCertificate",
"GetCertificate",
"ListPermissions",
},
CertificateAuthorityArn = rootCA.Id,
Principal = "acm.amazonaws.com",
});
var subordinateCAOne = new AwsNative.ACMPCA.CertificateAuthority("subordinateCAOne", new()
{
Type = "SUBORDINATE",
KeyAlgorithm = "RSA_2048",
SigningAlgorithm = "SHA256WITHRSA",
Subject = new AwsNative.ACMPCA.Inputs.CertificateAuthoritySubjectArgs
{
Country = "US",
Organization = "string",
OrganizationalUnit = "string",
DistinguishedNameQualifier = "string",
State = "string",
CommonName = "Sub1",
SerialNumber = "string",
Locality = "string",
Title = "string",
Surname = "string",
GivenName = "string",
Initials = "DG",
Pseudonym = "string",
GenerationQualifier = "DBG",
},
RevocationConfiguration = null,
Tags = new[] {},
});
var subordinateCAOneCACertificate = new AwsNative.ACMPCA.Certificate("subordinateCAOneCACertificate", new()
{
CertificateAuthorityArn = rootCA.Id,
CertificateSigningRequest = subordinateCAOne.Certificate_signing_request,
SigningAlgorithm = "SHA256WITHRSA",
TemplateArn = "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1",
Validity = new AwsNative.ACMPCA.Inputs.CertificateValidityArgs
{
Type = "DAYS",
Value = 90,
},
}, new CustomResourceOptions
{
DependsOn = new[]
{
rootCAActivation,
},
});
var subordinateCAOneActivation = new AwsNative.ACMPCA.CertificateAuthorityActivation("subordinateCAOneActivation", new()
{
CertificateAuthorityArn = subordinateCAOne.Id,
Certificate = subordinateCAOneCACertificate.Certificate,
CertificateChain = rootCAActivation.Complete_certificate_chain,
Status = "ACTIVE",
});
var subordinateCAOnePermission = new AwsNative.ACMPCA.Permission("subordinateCAOnePermission", new()
{
Actions = new[]
{
"IssueCertificate",
"GetCertificate",
"ListPermissions",
},
CertificateAuthorityArn = subordinateCAOne.Id,
Principal = "acm.amazonaws.com",
});
var subordinateCATwo = new AwsNative.ACMPCA.CertificateAuthority("subordinateCATwo", new()
{
Type = "SUBORDINATE",
KeyAlgorithm = "RSA_2048",
SigningAlgorithm = "SHA256WITHRSA",
Subject = new AwsNative.ACMPCA.Inputs.CertificateAuthoritySubjectArgs
{
Country = "US",
Organization = "string",
OrganizationalUnit = "string",
DistinguishedNameQualifier = "string",
State = "string",
SerialNumber = "string",
Locality = "string",
Title = "string",
Surname = "string",
GivenName = "string",
Initials = "DG",
Pseudonym = "string",
GenerationQualifier = "DBG",
},
Tags = new[]
{
new AwsNative.ACMPCA.Inputs.CertificateAuthorityTagArgs
{
Key = "Key1",
Value = "Value1",
},
new AwsNative.ACMPCA.Inputs.CertificateAuthorityTagArgs
{
Key = "Key2",
Value = "Value2",
},
},
});
var subordinateCATwoCACertificate = new AwsNative.ACMPCA.Certificate("subordinateCATwoCACertificate", new()
{
CertificateAuthorityArn = subordinateCAOne.Id,
CertificateSigningRequest = subordinateCATwo.Certificate_signing_request,
SigningAlgorithm = "SHA256WITHRSA",
TemplateArn = "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1",
Validity = new AwsNative.ACMPCA.Inputs.CertificateValidityArgs
{
Type = "DAYS",
Value = 80,
},
}, new CustomResourceOptions
{
DependsOn = new[]
{
subordinateCAOneActivation,
},
});
var subordinateCATwoActivation = new AwsNative.ACMPCA.CertificateAuthorityActivation("subordinateCATwoActivation", new()
{
CertificateAuthorityArn = subordinateCATwo.Id,
Certificate = subordinateCATwoCACertificate.Certificate,
CertificateChain = subordinateCAOneActivation.Complete_certificate_chain,
});
var subordinateCATwoPermission = new AwsNative.ACMPCA.Permission("subordinateCATwoPermission", new()
{
Actions = new[]
{
"IssueCertificate",
"GetCertificate",
"ListPermissions",
},
CertificateAuthorityArn = subordinateCATwo.Id,
Principal = "acm.amazonaws.com",
});
var endEntityCertificate = new AwsNative.ACMPCA.Certificate("endEntityCertificate", new()
{
CertificateAuthorityArn = subordinateCATwo.Id,
CertificateSigningRequest = @"-----BEGIN CERTIFICATE REQUEST-----
MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
-----END CERTIFICATE REQUEST-----",
SigningAlgorithm = "SHA256WITHRSA",
Validity = new AwsNative.ACMPCA.Inputs.CertificateValidityArgs
{
Type = "DAYS",
Value = 70,
},
}, new CustomResourceOptions
{
DependsOn = new[]
{
subordinateCATwoActivation,
},
});
return new Dictionary<string, object?>
{
["completeCertificateChain"] = subordinateCATwoActivation.Complete_certificate_chain,
["certificateArn"] = endEntityCertificate.Arn,
};
});
Coming soon!
Coming soon!
import pulumi
import pulumi_aws_native as aws_native
root_ca = aws_native.acmpca.CertificateAuthority("rootCA",
type="ROOT",
key_algorithm="RSA_2048",
signing_algorithm="SHA256WITHRSA",
subject=aws_native.acmpca.CertificateAuthoritySubjectArgs(
country="US",
organization="string",
organizational_unit="string",
distinguished_name_qualifier="string",
state="string",
common_name="123",
serial_number="string",
locality="string",
title="string",
surname="string",
given_name="string",
initials="DG",
pseudonym="string",
generation_qualifier="DBG",
),
revocation_configuration=aws_native.acmpca.CertificateAuthorityRevocationConfigurationArgs(
crl_configuration=aws_native.acmpca.CertificateAuthorityCrlConfigurationArgs(
enabled=False,
),
))
root_ca_certificate = aws_native.acmpca.Certificate("rootCACertificate",
certificate_authority_arn=root_ca.id,
certificate_signing_request=root_ca.certificate_signing_request,
signing_algorithm="SHA256WITHRSA",
template_arn="arn:aws:acm-pca:::template/RootCACertificate/V1",
validity=aws_native.acmpca.CertificateValidityArgs(
type="DAYS",
value=100,
))
root_ca_activation = aws_native.acmpca.CertificateAuthorityActivation("rootCAActivation",
certificate_authority_arn=root_ca.id,
certificate=root_ca_certificate.certificate,
status="ACTIVE")
root_ca_permission = aws_native.acmpca.Permission("rootCAPermission",
actions=[
"IssueCertificate",
"GetCertificate",
"ListPermissions",
],
certificate_authority_arn=root_ca.id,
principal="acm.amazonaws.com")
subordinate_ca_one = aws_native.acmpca.CertificateAuthority("subordinateCAOne",
type="SUBORDINATE",
key_algorithm="RSA_2048",
signing_algorithm="SHA256WITHRSA",
subject=aws_native.acmpca.CertificateAuthoritySubjectArgs(
country="US",
organization="string",
organizational_unit="string",
distinguished_name_qualifier="string",
state="string",
common_name="Sub1",
serial_number="string",
locality="string",
title="string",
surname="string",
given_name="string",
initials="DG",
pseudonym="string",
generation_qualifier="DBG",
),
revocation_configuration=aws_native.acmpca.CertificateAuthorityRevocationConfigurationArgs(),
tags=[])
subordinate_ca_one_ca_certificate = aws_native.acmpca.Certificate("subordinateCAOneCACertificate",
certificate_authority_arn=root_ca.id,
certificate_signing_request=subordinate_ca_one.certificate_signing_request,
signing_algorithm="SHA256WITHRSA",
template_arn="arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1",
validity=aws_native.acmpca.CertificateValidityArgs(
type="DAYS",
value=90,
),
opts=pulumi.ResourceOptions(depends_on=[root_ca_activation]))
subordinate_ca_one_activation = aws_native.acmpca.CertificateAuthorityActivation("subordinateCAOneActivation",
certificate_authority_arn=subordinate_ca_one.id,
certificate=subordinate_ca_one_ca_certificate.certificate,
certificate_chain=root_ca_activation.complete_certificate_chain,
status="ACTIVE")
subordinate_ca_one_permission = aws_native.acmpca.Permission("subordinateCAOnePermission",
actions=[
"IssueCertificate",
"GetCertificate",
"ListPermissions",
],
certificate_authority_arn=subordinate_ca_one.id,
principal="acm.amazonaws.com")
subordinate_ca_two = aws_native.acmpca.CertificateAuthority("subordinateCATwo",
type="SUBORDINATE",
key_algorithm="RSA_2048",
signing_algorithm="SHA256WITHRSA",
subject=aws_native.acmpca.CertificateAuthoritySubjectArgs(
country="US",
organization="string",
organizational_unit="string",
distinguished_name_qualifier="string",
state="string",
serial_number="string",
locality="string",
title="string",
surname="string",
given_name="string",
initials="DG",
pseudonym="string",
generation_qualifier="DBG",
),
tags=[
aws_native.acmpca.CertificateAuthorityTagArgs(
key="Key1",
value="Value1",
),
aws_native.acmpca.CertificateAuthorityTagArgs(
key="Key2",
value="Value2",
),
])
subordinate_ca_two_ca_certificate = aws_native.acmpca.Certificate("subordinateCATwoCACertificate",
certificate_authority_arn=subordinate_ca_one.id,
certificate_signing_request=subordinate_ca_two.certificate_signing_request,
signing_algorithm="SHA256WITHRSA",
template_arn="arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1",
validity=aws_native.acmpca.CertificateValidityArgs(
type="DAYS",
value=80,
),
opts=pulumi.ResourceOptions(depends_on=[subordinate_ca_one_activation]))
subordinate_ca_two_activation = aws_native.acmpca.CertificateAuthorityActivation("subordinateCATwoActivation",
certificate_authority_arn=subordinate_ca_two.id,
certificate=subordinate_ca_two_ca_certificate.certificate,
certificate_chain=subordinate_ca_one_activation.complete_certificate_chain)
subordinate_ca_two_permission = aws_native.acmpca.Permission("subordinateCATwoPermission",
actions=[
"IssueCertificate",
"GetCertificate",
"ListPermissions",
],
certificate_authority_arn=subordinate_ca_two.id,
principal="acm.amazonaws.com")
end_entity_certificate = aws_native.acmpca.Certificate("endEntityCertificate",
certificate_authority_arn=subordinate_ca_two.id,
certificate_signing_request="""-----BEGIN CERTIFICATE REQUEST-----
MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
-----END CERTIFICATE REQUEST-----""",
signing_algorithm="SHA256WITHRSA",
validity=aws_native.acmpca.CertificateValidityArgs(
type="DAYS",
value=70,
),
opts=pulumi.ResourceOptions(depends_on=[subordinate_ca_two_activation]))
pulumi.export("completeCertificateChain", subordinate_ca_two_activation.complete_certificate_chain)
pulumi.export("certificateArn", end_entity_certificate.arn)
import * as pulumi from "@pulumi/pulumi";
import * as aws_native from "@pulumi/aws-native";
const rootCA = new aws_native.acmpca.CertificateAuthority("rootCA", {
type: "ROOT",
keyAlgorithm: "RSA_2048",
signingAlgorithm: "SHA256WITHRSA",
subject: {
country: "US",
organization: "string",
organizationalUnit: "string",
distinguishedNameQualifier: "string",
state: "string",
commonName: "123",
serialNumber: "string",
locality: "string",
title: "string",
surname: "string",
givenName: "string",
initials: "DG",
pseudonym: "string",
generationQualifier: "DBG",
},
revocationConfiguration: {
crlConfiguration: {
enabled: false,
},
},
});
const rootCACertificate = new aws_native.acmpca.Certificate("rootCACertificate", {
certificateAuthorityArn: rootCA.id,
certificateSigningRequest: rootCA.certificateSigningRequest,
signingAlgorithm: "SHA256WITHRSA",
templateArn: "arn:aws:acm-pca:::template/RootCACertificate/V1",
validity: {
type: "DAYS",
value: 100,
},
});
const rootCAActivation = new aws_native.acmpca.CertificateAuthorityActivation("rootCAActivation", {
certificateAuthorityArn: rootCA.id,
certificate: rootCACertificate.certificate,
status: "ACTIVE",
});
const rootCAPermission = new aws_native.acmpca.Permission("rootCAPermission", {
actions: [
"IssueCertificate",
"GetCertificate",
"ListPermissions",
],
certificateAuthorityArn: rootCA.id,
principal: "acm.amazonaws.com",
});
const subordinateCAOne = new aws_native.acmpca.CertificateAuthority("subordinateCAOne", {
type: "SUBORDINATE",
keyAlgorithm: "RSA_2048",
signingAlgorithm: "SHA256WITHRSA",
subject: {
country: "US",
organization: "string",
organizationalUnit: "string",
distinguishedNameQualifier: "string",
state: "string",
commonName: "Sub1",
serialNumber: "string",
locality: "string",
title: "string",
surname: "string",
givenName: "string",
initials: "DG",
pseudonym: "string",
generationQualifier: "DBG",
},
revocationConfiguration: {},
tags: [],
});
const subordinateCAOneCACertificate = new aws_native.acmpca.Certificate("subordinateCAOneCACertificate", {
certificateAuthorityArn: rootCA.id,
certificateSigningRequest: subordinateCAOne.certificateSigningRequest,
signingAlgorithm: "SHA256WITHRSA",
templateArn: "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1",
validity: {
type: "DAYS",
value: 90,
},
}, {
dependsOn: [rootCAActivation],
});
const subordinateCAOneActivation = new aws_native.acmpca.CertificateAuthorityActivation("subordinateCAOneActivation", {
certificateAuthorityArn: subordinateCAOne.id,
certificate: subordinateCAOneCACertificate.certificate,
certificateChain: rootCAActivation.completeCertificateChain,
status: "ACTIVE",
});
const subordinateCAOnePermission = new aws_native.acmpca.Permission("subordinateCAOnePermission", {
actions: [
"IssueCertificate",
"GetCertificate",
"ListPermissions",
],
certificateAuthorityArn: subordinateCAOne.id,
principal: "acm.amazonaws.com",
});
const subordinateCATwo = new aws_native.acmpca.CertificateAuthority("subordinateCATwo", {
type: "SUBORDINATE",
keyAlgorithm: "RSA_2048",
signingAlgorithm: "SHA256WITHRSA",
subject: {
country: "US",
organization: "string",
organizationalUnit: "string",
distinguishedNameQualifier: "string",
state: "string",
serialNumber: "string",
locality: "string",
title: "string",
surname: "string",
givenName: "string",
initials: "DG",
pseudonym: "string",
generationQualifier: "DBG",
},
tags: [
{
key: "Key1",
value: "Value1",
},
{
key: "Key2",
value: "Value2",
},
],
});
const subordinateCATwoCACertificate = new aws_native.acmpca.Certificate("subordinateCATwoCACertificate", {
certificateAuthorityArn: subordinateCAOne.id,
certificateSigningRequest: subordinateCATwo.certificateSigningRequest,
signingAlgorithm: "SHA256WITHRSA",
templateArn: "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1",
validity: {
type: "DAYS",
value: 80,
},
}, {
dependsOn: [subordinateCAOneActivation],
});
const subordinateCATwoActivation = new aws_native.acmpca.CertificateAuthorityActivation("subordinateCATwoActivation", {
certificateAuthorityArn: subordinateCATwo.id,
certificate: subordinateCATwoCACertificate.certificate,
certificateChain: subordinateCAOneActivation.completeCertificateChain,
});
const subordinateCATwoPermission = new aws_native.acmpca.Permission("subordinateCATwoPermission", {
actions: [
"IssueCertificate",
"GetCertificate",
"ListPermissions",
],
certificateAuthorityArn: subordinateCATwo.id,
principal: "acm.amazonaws.com",
});
const endEntityCertificate = new aws_native.acmpca.Certificate("endEntityCertificate", {
certificateAuthorityArn: subordinateCATwo.id,
certificateSigningRequest: `-----BEGIN CERTIFICATE REQUEST-----
MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
-----END CERTIFICATE REQUEST-----`,
signingAlgorithm: "SHA256WITHRSA",
validity: {
type: "DAYS",
value: 70,
},
}, {
dependsOn: [subordinateCATwoActivation],
});
export const completeCertificateChain = subordinateCATwoActivation.completeCertificateChain;
export const certificateArn = endEntityCertificate.arn;
Coming soon!
Create CertificateAuthority Resource
new CertificateAuthority(name: string, args: CertificateAuthorityArgs, opts?: CustomResourceOptions);
@overload
def CertificateAuthority(resource_name: str,
opts: Optional[ResourceOptions] = None,
csr_extensions: Optional[CertificateAuthorityCsrExtensionsArgs] = None,
key_algorithm: Optional[str] = None,
key_storage_security_standard: Optional[str] = None,
revocation_configuration: Optional[CertificateAuthorityRevocationConfigurationArgs] = None,
signing_algorithm: Optional[str] = None,
subject: Optional[CertificateAuthoritySubjectArgs] = None,
tags: Optional[Sequence[CertificateAuthorityTagArgs]] = None,
type: Optional[str] = None,
usage_mode: Optional[str] = None)
@overload
def CertificateAuthority(resource_name: str,
args: CertificateAuthorityArgs,
opts: Optional[ResourceOptions] = None)
func NewCertificateAuthority(ctx *Context, name string, args CertificateAuthorityArgs, opts ...ResourceOption) (*CertificateAuthority, error)
public CertificateAuthority(string name, CertificateAuthorityArgs args, CustomResourceOptions? opts = null)
public CertificateAuthority(String name, CertificateAuthorityArgs args)
public CertificateAuthority(String name, CertificateAuthorityArgs args, CustomResourceOptions options)
type: aws-native:acmpca:CertificateAuthority
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
CertificateAuthority Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CertificateAuthority resource accepts the following input properties:
- Key
Algorithm string Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
- Signing
Algorithm string Algorithm your CA uses to sign certificate requests.
- Subject
Pulumi.
Aws Native. ACMPCA. Inputs. Certificate Authority Subject Args Structure that contains X.500 distinguished name information for your CA.
- Type string
The type of the certificate authority.
- Csr
Extensions Pulumi.Aws Native. ACMPCA. Inputs. Certificate Authority Csr Extensions Args Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
- Key
Storage stringSecurity Standard KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
- Revocation
Configuration Pulumi.Aws Native. ACMPCA. Inputs. Certificate Authority Revocation Configuration Args Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
- List<Pulumi.
Aws Native. ACMPCA. Inputs. Certificate Authority Tag Args> - Usage
Mode string Usage mode of the ceritificate authority.
- Key
Algorithm string Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
- Signing
Algorithm string Algorithm your CA uses to sign certificate requests.
- Subject
Certificate
Authority Subject Args Structure that contains X.500 distinguished name information for your CA.
- Type string
The type of the certificate authority.
- Csr
Extensions CertificateAuthority Csr Extensions Args Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
- Key
Storage stringSecurity Standard KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
- Revocation
Configuration CertificateAuthority Revocation Configuration Args Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
- []Certificate
Authority Tag Args - Usage
Mode string Usage mode of the ceritificate authority.
- key
Algorithm String Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
- signing
Algorithm String Algorithm your CA uses to sign certificate requests.
- subject
Certificate
Authority Subject Args Structure that contains X.500 distinguished name information for your CA.
- type String
The type of the certificate authority.
- csr
Extensions CertificateAuthority Csr Extensions Args Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
- key
Storage StringSecurity Standard KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
- revocation
Configuration CertificateAuthority Revocation Configuration Args Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
- List<Certificate
Authority Tag Args> - usage
Mode String Usage mode of the ceritificate authority.
- key
Algorithm string Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
- signing
Algorithm string Algorithm your CA uses to sign certificate requests.
- subject
Certificate
Authority Subject Args Structure that contains X.500 distinguished name information for your CA.
- type string
The type of the certificate authority.
- csr
Extensions CertificateAuthority Csr Extensions Args Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
- key
Storage stringSecurity Standard KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
- revocation
Configuration CertificateAuthority Revocation Configuration Args Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
- Certificate
Authority Tag Args[] - usage
Mode string Usage mode of the ceritificate authority.
- key_
algorithm str Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
- signing_
algorithm str Algorithm your CA uses to sign certificate requests.
- subject
Certificate
Authority Subject Args Structure that contains X.500 distinguished name information for your CA.
- type str
The type of the certificate authority.
- csr_
extensions CertificateAuthority Csr Extensions Args Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
- key_
storage_ strsecurity_ standard KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
- revocation_
configuration CertificateAuthority Revocation Configuration Args Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
- Sequence[Certificate
Authority Tag Args] - usage_
mode str Usage mode of the ceritificate authority.
- key
Algorithm String Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
- signing
Algorithm String Algorithm your CA uses to sign certificate requests.
- subject Property Map
Structure that contains X.500 distinguished name information for your CA.
- type String
The type of the certificate authority.
- csr
Extensions Property Map Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
- key
Storage StringSecurity Standard KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
- revocation
Configuration Property Map Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
- List<Property Map>
- usage
Mode String Usage mode of the ceritificate authority.
Outputs
All input properties are implicitly available as output properties. Additionally, the CertificateAuthority resource produces the following output properties:
- Arn string
The Amazon Resource Name (ARN) of the certificate authority.
- Certificate
Signing stringRequest The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
- Id string
The provider-assigned unique ID for this managed resource.
- Arn string
The Amazon Resource Name (ARN) of the certificate authority.
- Certificate
Signing stringRequest The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
- Id string
The provider-assigned unique ID for this managed resource.
- arn String
The Amazon Resource Name (ARN) of the certificate authority.
- certificate
Signing StringRequest The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
- id String
The provider-assigned unique ID for this managed resource.
- arn string
The Amazon Resource Name (ARN) of the certificate authority.
- certificate
Signing stringRequest The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
- id string
The provider-assigned unique ID for this managed resource.
- arn str
The Amazon Resource Name (ARN) of the certificate authority.
- certificate_
signing_ strrequest The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
- id str
The provider-assigned unique ID for this managed resource.
- arn String
The Amazon Resource Name (ARN) of the certificate authority.
- certificate
Signing StringRequest The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
- id String
The provider-assigned unique ID for this managed resource.
Supporting Types
CertificateAuthorityAccessDescription
CertificateAuthorityAccessMethod
- Access
Method stringType - Custom
Object stringIdentifier
- Access
Method stringType - Custom
Object stringIdentifier
- access
Method StringType - custom
Object StringIdentifier
- access
Method stringType - custom
Object stringIdentifier
- access
Method StringType - custom
Object StringIdentifier
CertificateAuthorityCrlConfiguration
- Custom
Cname string - Enabled bool
- Expiration
In intDays - S3Bucket
Name string - S3Object
Acl string
- Custom
Cname string - Enabled bool
- Expiration
In intDays - S3Bucket
Name string - S3Object
Acl string
- custom
Cname String - enabled Boolean
- expiration
In IntegerDays - s3Bucket
Name String - s3Object
Acl String
- custom
Cname string - enabled boolean
- expiration
In numberDays - s3Bucket
Name string - s3Object
Acl string
- custom_
cname str - enabled bool
- expiration_
in_ intdays - s3_
bucket_ strname - s3_
object_ stracl
- custom
Cname String - enabled Boolean
- expiration
In NumberDays - s3Bucket
Name String - s3Object
Acl String
CertificateAuthorityCsrExtensions
CertificateAuthorityCustomAttribute
- Object
Identifier string - Value string
- Object
Identifier string - Value string
- object
Identifier String - value String
- object
Identifier string - value string
- object_
identifier str - value str
- object
Identifier String - value String
CertificateAuthorityEdiPartyName
- Name
Assigner string - Party
Name string
- Name
Assigner string - Party
Name string
- name
Assigner String - party
Name String
- name
Assigner string - party
Name string
- name_
assigner str - party_
name str
- name
Assigner String - party
Name String
CertificateAuthorityGeneralName
- Directory
Name Pulumi.Aws Native. ACMPCA. Inputs. Certificate Authority Subject - Dns
Name string - Edi
Party Pulumi.Name Aws Native. ACMPCA. Inputs. Certificate Authority Edi Party Name - Ip
Address string - Other
Name Pulumi.Aws Native. ACMPCA. Inputs. Certificate Authority Other Name - Registered
Id string - Rfc822Name string
- Uniform
Resource stringIdentifier
- directory
Name Property Map - dns
Name String - edi
Party Property MapName - ip
Address String - other
Name Property Map - registered
Id String - rfc822Name String
- uniform
Resource StringIdentifier
CertificateAuthorityKeyUsage
- CRLSign bool
- Data
Encipherment bool - Decipher
Only bool - Digital
Signature bool - Encipher
Only bool - Key
Agreement bool - Key
Cert boolSign - Key
Encipherment bool - Non
Repudiation bool
- CRLSign bool
- Data
Encipherment bool - Decipher
Only bool - Digital
Signature bool - Encipher
Only bool - Key
Agreement bool - Key
Cert boolSign - Key
Encipherment bool - Non
Repudiation bool
- c
RLSign Boolean - data
Encipherment Boolean - decipher
Only Boolean - digital
Signature Boolean - encipher
Only Boolean - key
Agreement Boolean - key
Cert BooleanSign - key
Encipherment Boolean - non
Repudiation Boolean
- c
RLSign boolean - data
Encipherment boolean - decipher
Only boolean - digital
Signature boolean - encipher
Only boolean - key
Agreement boolean - key
Cert booleanSign - key
Encipherment boolean - non
Repudiation boolean
- c_
rl_ boolsign - data_
encipherment bool - decipher_
only bool - digital_
signature bool - encipher_
only bool - key_
agreement bool - key_
cert_ boolsign - key_
encipherment bool - non_
repudiation bool
- c
RLSign Boolean - data
Encipherment Boolean - decipher
Only Boolean - digital
Signature Boolean - encipher
Only Boolean - key
Agreement Boolean - key
Cert BooleanSign - key
Encipherment Boolean - non
Repudiation Boolean
CertificateAuthorityOcspConfiguration
- Enabled bool
- Ocsp
Custom stringCname
- Enabled bool
- Ocsp
Custom stringCname
- enabled Boolean
- ocsp
Custom StringCname
- enabled boolean
- ocsp
Custom stringCname
- enabled bool
- ocsp_
custom_ strcname
- enabled Boolean
- ocsp
Custom StringCname
CertificateAuthorityOtherName
CertificateAuthorityRevocationConfiguration
CertificateAuthoritySubject
- Common
Name string - Country string
- Custom
Attributes List<Pulumi.Aws Native. ACMPCA. Inputs. Certificate Authority Custom Attribute> - Distinguished
Name stringQualifier - Generation
Qualifier string - Given
Name string - Initials string
- Locality string
- Organization string
- Organizational
Unit string - Pseudonym string
- Serial
Number string - State string
- Surname string
- Title string
- Common
Name string - Country string
- Custom
Attributes []CertificateAuthority Custom Attribute - Distinguished
Name stringQualifier - Generation
Qualifier string - Given
Name string - Initials string
- Locality string
- Organization string
- Organizational
Unit string - Pseudonym string
- Serial
Number string - State string
- Surname string
- Title string
- common
Name String - country String
- custom
Attributes List<CertificateAuthority Custom Attribute> - distinguished
Name StringQualifier - generation
Qualifier String - given
Name String - initials String
- locality String
- organization String
- organizational
Unit String - pseudonym String
- serial
Number String - state String
- surname String
- title String
- common
Name string - country string
- custom
Attributes CertificateAuthority Custom Attribute[] - distinguished
Name stringQualifier - generation
Qualifier string - given
Name string - initials string
- locality string
- organization string
- organizational
Unit string - pseudonym string
- serial
Number string - state string
- surname string
- title string
- common_
name str - country str
- custom_
attributes Sequence[CertificateAuthority Custom Attribute] - distinguished_
name_ strqualifier - generation_
qualifier str - given_
name str - initials str
- locality str
- organization str
- organizational_
unit str - pseudonym str
- serial_
number str - state str
- surname str
- title str
- common
Name String - country String
- custom
Attributes List<Property Map> - distinguished
Name StringQualifier - generation
Qualifier String - given
Name String - initials String
- locality String
- organization String
- organizational
Unit String - pseudonym String
- serial
Number String - state String
- surname String
- title String
CertificateAuthorityTag
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0