1. Packages
  2. AWS Native
  3. API Docs
  4. acmpca
  5. CertificateAuthority

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.100.0 published on Wednesday, Mar 27, 2024 by Pulumi

aws-native.acmpca.CertificateAuthority

Explore with Pulumi AI

aws-native logo

AWS Native is in preview. AWS Classic is fully supported.

AWS Native v0.100.0 published on Wednesday, Mar 27, 2024 by Pulumi

    Private certificate authority.

    Example Usage

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var rootCA = new AwsNative.Acmpca.CertificateAuthority("rootCA", new()
        {
            Type = "ROOT",
            KeyAlgorithm = "RSA_2048",
            SigningAlgorithm = "SHA256WITHRSA",
            Subject = new AwsNative.Acmpca.Inputs.CertificateAuthoritySubjectArgs
            {
                Country = "US",
                Organization = "string",
                OrganizationalUnit = "string",
                DistinguishedNameQualifier = "string",
                State = "string",
                CommonName = "123",
                SerialNumber = "string",
                Locality = "string",
                Title = "string",
                Surname = "string",
                GivenName = "string",
                Initials = "DG",
                Pseudonym = "string",
                GenerationQualifier = "DBG",
            },
            RevocationConfiguration = new AwsNative.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationArgs
            {
                CrlConfiguration = new AwsNative.Acmpca.Inputs.CertificateAuthorityCrlConfigurationArgs
                {
                    Enabled = false,
                },
            },
        });
    
        var rootCACertificate = new AwsNative.Acmpca.Certificate("rootCACertificate", new()
        {
            CertificateAuthorityArn = rootCA.Id,
            CertificateSigningRequest = rootCA.CertificateSigningRequest,
            SigningAlgorithm = "SHA256WITHRSA",
            TemplateArn = "arn:aws:acm-pca:::template/RootCACertificate/V1",
            Validity = new AwsNative.Acmpca.Inputs.CertificateValidityArgs
            {
                Type = "DAYS",
                Value = 100,
            },
        });
    
        var rootCAActivation = new AwsNative.Acmpca.CertificateAuthorityActivation("rootCAActivation", new()
        {
            CertificateAuthorityArn = rootCA.Id,
            Certificate = rootCACertificate.Certificate,
            Status = "ACTIVE",
        });
    
        var rootCAPermission = new AwsNative.Acmpca.Permission("rootCAPermission", new()
        {
            Actions = new[]
            {
                "IssueCertificate",
                "GetCertificate",
                "ListPermissions",
            },
            CertificateAuthorityArn = rootCA.Id,
            Principal = "acm.amazonaws.com",
        });
    
        var subordinateCAOne = new AwsNative.Acmpca.CertificateAuthority("subordinateCAOne", new()
        {
            Type = "SUBORDINATE",
            KeyAlgorithm = "RSA_2048",
            SigningAlgorithm = "SHA256WITHRSA",
            Subject = new AwsNative.Acmpca.Inputs.CertificateAuthoritySubjectArgs
            {
                Country = "US",
                Organization = "string",
                OrganizationalUnit = "string",
                DistinguishedNameQualifier = "string",
                State = "string",
                CommonName = "Sub1",
                SerialNumber = "string",
                Locality = "string",
                Title = "string",
                Surname = "string",
                GivenName = "string",
                Initials = "DG",
                Pseudonym = "string",
                GenerationQualifier = "DBG",
            },
            RevocationConfiguration = null,
            Tags = new[] {},
        });
    
        var subordinateCAOneCACertificate = new AwsNative.Acmpca.Certificate("subordinateCAOneCACertificate", new()
        {
            CertificateAuthorityArn = rootCA.Id,
            CertificateSigningRequest = subordinateCAOne.CertificateSigningRequest,
            SigningAlgorithm = "SHA256WITHRSA",
            TemplateArn = "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1",
            Validity = new AwsNative.Acmpca.Inputs.CertificateValidityArgs
            {
                Type = "DAYS",
                Value = 90,
            },
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                rootCAActivation,
            },
        });
    
        var subordinateCAOneActivation = new AwsNative.Acmpca.CertificateAuthorityActivation("subordinateCAOneActivation", new()
        {
            CertificateAuthorityArn = subordinateCAOne.Id,
            Certificate = subordinateCAOneCACertificate.Certificate,
            CertificateChain = rootCAActivation.CompleteCertificateChain,
            Status = "ACTIVE",
        });
    
        var subordinateCAOnePermission = new AwsNative.Acmpca.Permission("subordinateCAOnePermission", new()
        {
            Actions = new[]
            {
                "IssueCertificate",
                "GetCertificate",
                "ListPermissions",
            },
            CertificateAuthorityArn = subordinateCAOne.Id,
            Principal = "acm.amazonaws.com",
        });
    
        var subordinateCATwo = new AwsNative.Acmpca.CertificateAuthority("subordinateCATwo", new()
        {
            Type = "SUBORDINATE",
            KeyAlgorithm = "RSA_2048",
            SigningAlgorithm = "SHA256WITHRSA",
            Subject = new AwsNative.Acmpca.Inputs.CertificateAuthoritySubjectArgs
            {
                Country = "US",
                Organization = "string",
                OrganizationalUnit = "string",
                DistinguishedNameQualifier = "string",
                State = "string",
                SerialNumber = "string",
                Locality = "string",
                Title = "string",
                Surname = "string",
                GivenName = "string",
                Initials = "DG",
                Pseudonym = "string",
                GenerationQualifier = "DBG",
            },
            Tags = new[]
            {
                new AwsNative.Inputs.TagArgs
                {
                    Key = "Key1",
                    Value = "Value1",
                },
                new AwsNative.Inputs.TagArgs
                {
                    Key = "Key2",
                    Value = "Value2",
                },
            },
        });
    
        var subordinateCATwoCACertificate = new AwsNative.Acmpca.Certificate("subordinateCATwoCACertificate", new()
        {
            CertificateAuthorityArn = subordinateCAOne.Id,
            CertificateSigningRequest = subordinateCATwo.CertificateSigningRequest,
            SigningAlgorithm = "SHA256WITHRSA",
            TemplateArn = "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1",
            Validity = new AwsNative.Acmpca.Inputs.CertificateValidityArgs
            {
                Type = "DAYS",
                Value = 80,
            },
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                subordinateCAOneActivation,
            },
        });
    
        var subordinateCATwoActivation = new AwsNative.Acmpca.CertificateAuthorityActivation("subordinateCATwoActivation", new()
        {
            CertificateAuthorityArn = subordinateCATwo.Id,
            Certificate = subordinateCATwoCACertificate.Certificate,
            CertificateChain = subordinateCAOneActivation.CompleteCertificateChain,
        });
    
        var subordinateCATwoPermission = new AwsNative.Acmpca.Permission("subordinateCATwoPermission", new()
        {
            Actions = new[]
            {
                "IssueCertificate",
                "GetCertificate",
                "ListPermissions",
            },
            CertificateAuthorityArn = subordinateCATwo.Id,
            Principal = "acm.amazonaws.com",
        });
    
        var endEntityCertificate = new AwsNative.Acmpca.Certificate("endEntityCertificate", new()
        {
            CertificateAuthorityArn = subordinateCATwo.Id,
            CertificateSigningRequest = @"-----BEGIN CERTIFICATE REQUEST-----
    MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
    BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
    aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
    9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
    wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
    1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
    WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
    wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
    BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
    KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
    hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
    Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
    ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
    29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
    97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
    -----END CERTIFICATE REQUEST-----",
            SigningAlgorithm = "SHA256WITHRSA",
            Validity = new AwsNative.Acmpca.Inputs.CertificateValidityArgs
            {
                Type = "DAYS",
                Value = 70,
            },
        }, new CustomResourceOptions
        {
            DependsOn = new[]
            {
                subordinateCATwoActivation,
            },
        });
    
        return new Dictionary<string, object?>
        {
            ["completeCertificateChain"] = subordinateCATwoActivation.CompleteCertificateChain,
            ["certificateArn"] = endEntityCertificate.Arn,
        };
    });
    
    package main
    
    import (
    	awsnative "github.com/pulumi/pulumi-aws-native/sdk/go/aws"
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/acmpca"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		rootCA, err := acmpca.NewCertificateAuthority(ctx, "rootCA", &acmpca.CertificateAuthorityArgs{
    			Type:             pulumi.String("ROOT"),
    			KeyAlgorithm:     pulumi.String("RSA_2048"),
    			SigningAlgorithm: pulumi.String("SHA256WITHRSA"),
    			Subject: &acmpca.CertificateAuthoritySubjectArgs{
    				Country:                    pulumi.String("US"),
    				Organization:               pulumi.String("string"),
    				OrganizationalUnit:         pulumi.String("string"),
    				DistinguishedNameQualifier: pulumi.String("string"),
    				State:                      pulumi.String("string"),
    				CommonName:                 pulumi.String("123"),
    				SerialNumber:               pulumi.String("string"),
    				Locality:                   pulumi.String("string"),
    				Title:                      pulumi.String("string"),
    				Surname:                    pulumi.String("string"),
    				GivenName:                  pulumi.String("string"),
    				Initials:                   pulumi.String("DG"),
    				Pseudonym:                  pulumi.String("string"),
    				GenerationQualifier:        pulumi.String("DBG"),
    			},
    			RevocationConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationArgs{
    				CrlConfiguration: &acmpca.CertificateAuthorityCrlConfigurationArgs{
    					Enabled: pulumi.Bool(false),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		rootCACertificate, err := acmpca.NewCertificate(ctx, "rootCACertificate", &acmpca.CertificateArgs{
    			CertificateAuthorityArn:   rootCA.ID(),
    			CertificateSigningRequest: rootCA.CertificateSigningRequest,
    			SigningAlgorithm:          pulumi.String("SHA256WITHRSA"),
    			TemplateArn:               pulumi.String("arn:aws:acm-pca:::template/RootCACertificate/V1"),
    			Validity: &acmpca.CertificateValidityArgs{
    				Type:  pulumi.String("DAYS"),
    				Value: pulumi.Float64(100),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		rootCAActivation, err := acmpca.NewCertificateAuthorityActivation(ctx, "rootCAActivation", &acmpca.CertificateAuthorityActivationArgs{
    			CertificateAuthorityArn: rootCA.ID(),
    			Certificate:             rootCACertificate.Certificate,
    			Status:                  pulumi.String("ACTIVE"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = acmpca.NewPermission(ctx, "rootCAPermission", &acmpca.PermissionArgs{
    			Actions: pulumi.StringArray{
    				pulumi.String("IssueCertificate"),
    				pulumi.String("GetCertificate"),
    				pulumi.String("ListPermissions"),
    			},
    			CertificateAuthorityArn: rootCA.ID(),
    			Principal:               pulumi.String("acm.amazonaws.com"),
    		})
    		if err != nil {
    			return err
    		}
    		subordinateCAOne, err := acmpca.NewCertificateAuthority(ctx, "subordinateCAOne", &acmpca.CertificateAuthorityArgs{
    			Type:             pulumi.String("SUBORDINATE"),
    			KeyAlgorithm:     pulumi.String("RSA_2048"),
    			SigningAlgorithm: pulumi.String("SHA256WITHRSA"),
    			Subject: &acmpca.CertificateAuthoritySubjectArgs{
    				Country:                    pulumi.String("US"),
    				Organization:               pulumi.String("string"),
    				OrganizationalUnit:         pulumi.String("string"),
    				DistinguishedNameQualifier: pulumi.String("string"),
    				State:                      pulumi.String("string"),
    				CommonName:                 pulumi.String("Sub1"),
    				SerialNumber:               pulumi.String("string"),
    				Locality:                   pulumi.String("string"),
    				Title:                      pulumi.String("string"),
    				Surname:                    pulumi.String("string"),
    				GivenName:                  pulumi.String("string"),
    				Initials:                   pulumi.String("DG"),
    				Pseudonym:                  pulumi.String("string"),
    				GenerationQualifier:        pulumi.String("DBG"),
    			},
    			RevocationConfiguration: nil,
    			Tags:                    aws.TagArray{},
    		})
    		if err != nil {
    			return err
    		}
    		subordinateCAOneCACertificate, err := acmpca.NewCertificate(ctx, "subordinateCAOneCACertificate", &acmpca.CertificateArgs{
    			CertificateAuthorityArn:   rootCA.ID(),
    			CertificateSigningRequest: subordinateCAOne.CertificateSigningRequest,
    			SigningAlgorithm:          pulumi.String("SHA256WITHRSA"),
    			TemplateArn:               pulumi.String("arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1"),
    			Validity: &acmpca.CertificateValidityArgs{
    				Type:  pulumi.String("DAYS"),
    				Value: pulumi.Float64(90),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			rootCAActivation,
    		}))
    		if err != nil {
    			return err
    		}
    		subordinateCAOneActivation, err := acmpca.NewCertificateAuthorityActivation(ctx, "subordinateCAOneActivation", &acmpca.CertificateAuthorityActivationArgs{
    			CertificateAuthorityArn: subordinateCAOne.ID(),
    			Certificate:             subordinateCAOneCACertificate.Certificate,
    			CertificateChain:        rootCAActivation.CompleteCertificateChain,
    			Status:                  pulumi.String("ACTIVE"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = acmpca.NewPermission(ctx, "subordinateCAOnePermission", &acmpca.PermissionArgs{
    			Actions: pulumi.StringArray{
    				pulumi.String("IssueCertificate"),
    				pulumi.String("GetCertificate"),
    				pulumi.String("ListPermissions"),
    			},
    			CertificateAuthorityArn: subordinateCAOne.ID(),
    			Principal:               pulumi.String("acm.amazonaws.com"),
    		})
    		if err != nil {
    			return err
    		}
    		subordinateCATwo, err := acmpca.NewCertificateAuthority(ctx, "subordinateCATwo", &acmpca.CertificateAuthorityArgs{
    			Type:             pulumi.String("SUBORDINATE"),
    			KeyAlgorithm:     pulumi.String("RSA_2048"),
    			SigningAlgorithm: pulumi.String("SHA256WITHRSA"),
    			Subject: &acmpca.CertificateAuthoritySubjectArgs{
    				Country:                    pulumi.String("US"),
    				Organization:               pulumi.String("string"),
    				OrganizationalUnit:         pulumi.String("string"),
    				DistinguishedNameQualifier: pulumi.String("string"),
    				State:                      pulumi.String("string"),
    				SerialNumber:               pulumi.String("string"),
    				Locality:                   pulumi.String("string"),
    				Title:                      pulumi.String("string"),
    				Surname:                    pulumi.String("string"),
    				GivenName:                  pulumi.String("string"),
    				Initials:                   pulumi.String("DG"),
    				Pseudonym:                  pulumi.String("string"),
    				GenerationQualifier:        pulumi.String("DBG"),
    			},
    			Tags: aws.TagArray{
    				&aws.TagArgs{
    					Key:   pulumi.String("Key1"),
    					Value: pulumi.String("Value1"),
    				},
    				&aws.TagArgs{
    					Key:   pulumi.String("Key2"),
    					Value: pulumi.String("Value2"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		subordinateCATwoCACertificate, err := acmpca.NewCertificate(ctx, "subordinateCATwoCACertificate", &acmpca.CertificateArgs{
    			CertificateAuthorityArn:   subordinateCAOne.ID(),
    			CertificateSigningRequest: subordinateCATwo.CertificateSigningRequest,
    			SigningAlgorithm:          pulumi.String("SHA256WITHRSA"),
    			TemplateArn:               pulumi.String("arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1"),
    			Validity: &acmpca.CertificateValidityArgs{
    				Type:  pulumi.String("DAYS"),
    				Value: pulumi.Float64(80),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			subordinateCAOneActivation,
    		}))
    		if err != nil {
    			return err
    		}
    		subordinateCATwoActivation, err := acmpca.NewCertificateAuthorityActivation(ctx, "subordinateCATwoActivation", &acmpca.CertificateAuthorityActivationArgs{
    			CertificateAuthorityArn: subordinateCATwo.ID(),
    			Certificate:             subordinateCATwoCACertificate.Certificate,
    			CertificateChain:        subordinateCAOneActivation.CompleteCertificateChain,
    		})
    		if err != nil {
    			return err
    		}
    		_, err = acmpca.NewPermission(ctx, "subordinateCATwoPermission", &acmpca.PermissionArgs{
    			Actions: pulumi.StringArray{
    				pulumi.String("IssueCertificate"),
    				pulumi.String("GetCertificate"),
    				pulumi.String("ListPermissions"),
    			},
    			CertificateAuthorityArn: subordinateCATwo.ID(),
    			Principal:               pulumi.String("acm.amazonaws.com"),
    		})
    		if err != nil {
    			return err
    		}
    		endEntityCertificate, err := acmpca.NewCertificate(ctx, "endEntityCertificate", &acmpca.CertificateArgs{
    			CertificateAuthorityArn: subordinateCATwo.ID(),
    			CertificateSigningRequest: pulumi.String(`-----BEGIN CERTIFICATE REQUEST-----
    MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
    BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
    aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
    9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
    wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
    1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
    WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
    wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
    BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
    KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
    hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
    Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
    ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
    29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
    97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
    -----END CERTIFICATE REQUEST-----`),
    			SigningAlgorithm: pulumi.String("SHA256WITHRSA"),
    			Validity: &acmpca.CertificateValidityArgs{
    				Type:  pulumi.String("DAYS"),
    				Value: pulumi.Float64(70),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			subordinateCATwoActivation,
    		}))
    		if err != nil {
    			return err
    		}
    		ctx.Export("completeCertificateChain", subordinateCATwoActivation.CompleteCertificateChain)
    		ctx.Export("certificateArn", endEntityCertificate.Arn)
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    root_ca = aws_native.acmpca.CertificateAuthority("rootCA",
        type="ROOT",
        key_algorithm="RSA_2048",
        signing_algorithm="SHA256WITHRSA",
        subject=aws_native.acmpca.CertificateAuthoritySubjectArgs(
            country="US",
            organization="string",
            organizational_unit="string",
            distinguished_name_qualifier="string",
            state="string",
            common_name="123",
            serial_number="string",
            locality="string",
            title="string",
            surname="string",
            given_name="string",
            initials="DG",
            pseudonym="string",
            generation_qualifier="DBG",
        ),
        revocation_configuration=aws_native.acmpca.CertificateAuthorityRevocationConfigurationArgs(
            crl_configuration=aws_native.acmpca.CertificateAuthorityCrlConfigurationArgs(
                enabled=False,
            ),
        ))
    root_ca_certificate = aws_native.acmpca.Certificate("rootCACertificate",
        certificate_authority_arn=root_ca.id,
        certificate_signing_request=root_ca.certificate_signing_request,
        signing_algorithm="SHA256WITHRSA",
        template_arn="arn:aws:acm-pca:::template/RootCACertificate/V1",
        validity=aws_native.acmpca.CertificateValidityArgs(
            type="DAYS",
            value=100,
        ))
    root_ca_activation = aws_native.acmpca.CertificateAuthorityActivation("rootCAActivation",
        certificate_authority_arn=root_ca.id,
        certificate=root_ca_certificate.certificate,
        status="ACTIVE")
    root_ca_permission = aws_native.acmpca.Permission("rootCAPermission",
        actions=[
            "IssueCertificate",
            "GetCertificate",
            "ListPermissions",
        ],
        certificate_authority_arn=root_ca.id,
        principal="acm.amazonaws.com")
    subordinate_ca_one = aws_native.acmpca.CertificateAuthority("subordinateCAOne",
        type="SUBORDINATE",
        key_algorithm="RSA_2048",
        signing_algorithm="SHA256WITHRSA",
        subject=aws_native.acmpca.CertificateAuthoritySubjectArgs(
            country="US",
            organization="string",
            organizational_unit="string",
            distinguished_name_qualifier="string",
            state="string",
            common_name="Sub1",
            serial_number="string",
            locality="string",
            title="string",
            surname="string",
            given_name="string",
            initials="DG",
            pseudonym="string",
            generation_qualifier="DBG",
        ),
        revocation_configuration=aws_native.acmpca.CertificateAuthorityRevocationConfigurationArgs(),
        tags=[])
    subordinate_ca_one_ca_certificate = aws_native.acmpca.Certificate("subordinateCAOneCACertificate",
        certificate_authority_arn=root_ca.id,
        certificate_signing_request=subordinate_ca_one.certificate_signing_request,
        signing_algorithm="SHA256WITHRSA",
        template_arn="arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1",
        validity=aws_native.acmpca.CertificateValidityArgs(
            type="DAYS",
            value=90,
        ),
        opts=pulumi.ResourceOptions(depends_on=[root_ca_activation]))
    subordinate_ca_one_activation = aws_native.acmpca.CertificateAuthorityActivation("subordinateCAOneActivation",
        certificate_authority_arn=subordinate_ca_one.id,
        certificate=subordinate_ca_one_ca_certificate.certificate,
        certificate_chain=root_ca_activation.complete_certificate_chain,
        status="ACTIVE")
    subordinate_ca_one_permission = aws_native.acmpca.Permission("subordinateCAOnePermission",
        actions=[
            "IssueCertificate",
            "GetCertificate",
            "ListPermissions",
        ],
        certificate_authority_arn=subordinate_ca_one.id,
        principal="acm.amazonaws.com")
    subordinate_ca_two = aws_native.acmpca.CertificateAuthority("subordinateCATwo",
        type="SUBORDINATE",
        key_algorithm="RSA_2048",
        signing_algorithm="SHA256WITHRSA",
        subject=aws_native.acmpca.CertificateAuthoritySubjectArgs(
            country="US",
            organization="string",
            organizational_unit="string",
            distinguished_name_qualifier="string",
            state="string",
            serial_number="string",
            locality="string",
            title="string",
            surname="string",
            given_name="string",
            initials="DG",
            pseudonym="string",
            generation_qualifier="DBG",
        ),
        tags=[
            aws_native.TagArgs(
                key="Key1",
                value="Value1",
            ),
            aws_native.TagArgs(
                key="Key2",
                value="Value2",
            ),
        ])
    subordinate_ca_two_ca_certificate = aws_native.acmpca.Certificate("subordinateCATwoCACertificate",
        certificate_authority_arn=subordinate_ca_one.id,
        certificate_signing_request=subordinate_ca_two.certificate_signing_request,
        signing_algorithm="SHA256WITHRSA",
        template_arn="arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1",
        validity=aws_native.acmpca.CertificateValidityArgs(
            type="DAYS",
            value=80,
        ),
        opts=pulumi.ResourceOptions(depends_on=[subordinate_ca_one_activation]))
    subordinate_ca_two_activation = aws_native.acmpca.CertificateAuthorityActivation("subordinateCATwoActivation",
        certificate_authority_arn=subordinate_ca_two.id,
        certificate=subordinate_ca_two_ca_certificate.certificate,
        certificate_chain=subordinate_ca_one_activation.complete_certificate_chain)
    subordinate_ca_two_permission = aws_native.acmpca.Permission("subordinateCATwoPermission",
        actions=[
            "IssueCertificate",
            "GetCertificate",
            "ListPermissions",
        ],
        certificate_authority_arn=subordinate_ca_two.id,
        principal="acm.amazonaws.com")
    end_entity_certificate = aws_native.acmpca.Certificate("endEntityCertificate",
        certificate_authority_arn=subordinate_ca_two.id,
        certificate_signing_request="""-----BEGIN CERTIFICATE REQUEST-----
    MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
    BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
    aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
    9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
    wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
    1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
    WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
    wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
    BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
    KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
    hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
    Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
    ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
    29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
    97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
    -----END CERTIFICATE REQUEST-----""",
        signing_algorithm="SHA256WITHRSA",
        validity=aws_native.acmpca.CertificateValidityArgs(
            type="DAYS",
            value=70,
        ),
        opts=pulumi.ResourceOptions(depends_on=[subordinate_ca_two_activation]))
    pulumi.export("completeCertificateChain", subordinate_ca_two_activation.complete_certificate_chain)
    pulumi.export("certificateArn", end_entity_certificate.arn)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const rootCA = new aws_native.acmpca.CertificateAuthority("rootCA", {
        type: "ROOT",
        keyAlgorithm: "RSA_2048",
        signingAlgorithm: "SHA256WITHRSA",
        subject: {
            country: "US",
            organization: "string",
            organizationalUnit: "string",
            distinguishedNameQualifier: "string",
            state: "string",
            commonName: "123",
            serialNumber: "string",
            locality: "string",
            title: "string",
            surname: "string",
            givenName: "string",
            initials: "DG",
            pseudonym: "string",
            generationQualifier: "DBG",
        },
        revocationConfiguration: {
            crlConfiguration: {
                enabled: false,
            },
        },
    });
    const rootCACertificate = new aws_native.acmpca.Certificate("rootCACertificate", {
        certificateAuthorityArn: rootCA.id,
        certificateSigningRequest: rootCA.certificateSigningRequest,
        signingAlgorithm: "SHA256WITHRSA",
        templateArn: "arn:aws:acm-pca:::template/RootCACertificate/V1",
        validity: {
            type: "DAYS",
            value: 100,
        },
    });
    const rootCAActivation = new aws_native.acmpca.CertificateAuthorityActivation("rootCAActivation", {
        certificateAuthorityArn: rootCA.id,
        certificate: rootCACertificate.certificate,
        status: "ACTIVE",
    });
    const rootCAPermission = new aws_native.acmpca.Permission("rootCAPermission", {
        actions: [
            "IssueCertificate",
            "GetCertificate",
            "ListPermissions",
        ],
        certificateAuthorityArn: rootCA.id,
        principal: "acm.amazonaws.com",
    });
    const subordinateCAOne = new aws_native.acmpca.CertificateAuthority("subordinateCAOne", {
        type: "SUBORDINATE",
        keyAlgorithm: "RSA_2048",
        signingAlgorithm: "SHA256WITHRSA",
        subject: {
            country: "US",
            organization: "string",
            organizationalUnit: "string",
            distinguishedNameQualifier: "string",
            state: "string",
            commonName: "Sub1",
            serialNumber: "string",
            locality: "string",
            title: "string",
            surname: "string",
            givenName: "string",
            initials: "DG",
            pseudonym: "string",
            generationQualifier: "DBG",
        },
        revocationConfiguration: {},
        tags: [],
    });
    const subordinateCAOneCACertificate = new aws_native.acmpca.Certificate("subordinateCAOneCACertificate", {
        certificateAuthorityArn: rootCA.id,
        certificateSigningRequest: subordinateCAOne.certificateSigningRequest,
        signingAlgorithm: "SHA256WITHRSA",
        templateArn: "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1",
        validity: {
            type: "DAYS",
            value: 90,
        },
    }, {
        dependsOn: [rootCAActivation],
    });
    const subordinateCAOneActivation = new aws_native.acmpca.CertificateAuthorityActivation("subordinateCAOneActivation", {
        certificateAuthorityArn: subordinateCAOne.id,
        certificate: subordinateCAOneCACertificate.certificate,
        certificateChain: rootCAActivation.completeCertificateChain,
        status: "ACTIVE",
    });
    const subordinateCAOnePermission = new aws_native.acmpca.Permission("subordinateCAOnePermission", {
        actions: [
            "IssueCertificate",
            "GetCertificate",
            "ListPermissions",
        ],
        certificateAuthorityArn: subordinateCAOne.id,
        principal: "acm.amazonaws.com",
    });
    const subordinateCATwo = new aws_native.acmpca.CertificateAuthority("subordinateCATwo", {
        type: "SUBORDINATE",
        keyAlgorithm: "RSA_2048",
        signingAlgorithm: "SHA256WITHRSA",
        subject: {
            country: "US",
            organization: "string",
            organizationalUnit: "string",
            distinguishedNameQualifier: "string",
            state: "string",
            serialNumber: "string",
            locality: "string",
            title: "string",
            surname: "string",
            givenName: "string",
            initials: "DG",
            pseudonym: "string",
            generationQualifier: "DBG",
        },
        tags: [
            {
                key: "Key1",
                value: "Value1",
            },
            {
                key: "Key2",
                value: "Value2",
            },
        ],
    });
    const subordinateCATwoCACertificate = new aws_native.acmpca.Certificate("subordinateCATwoCACertificate", {
        certificateAuthorityArn: subordinateCAOne.id,
        certificateSigningRequest: subordinateCATwo.certificateSigningRequest,
        signingAlgorithm: "SHA256WITHRSA",
        templateArn: "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1",
        validity: {
            type: "DAYS",
            value: 80,
        },
    }, {
        dependsOn: [subordinateCAOneActivation],
    });
    const subordinateCATwoActivation = new aws_native.acmpca.CertificateAuthorityActivation("subordinateCATwoActivation", {
        certificateAuthorityArn: subordinateCATwo.id,
        certificate: subordinateCATwoCACertificate.certificate,
        certificateChain: subordinateCAOneActivation.completeCertificateChain,
    });
    const subordinateCATwoPermission = new aws_native.acmpca.Permission("subordinateCATwoPermission", {
        actions: [
            "IssueCertificate",
            "GetCertificate",
            "ListPermissions",
        ],
        certificateAuthorityArn: subordinateCATwo.id,
        principal: "acm.amazonaws.com",
    });
    const endEntityCertificate = new aws_native.acmpca.Certificate("endEntityCertificate", {
        certificateAuthorityArn: subordinateCATwo.id,
        certificateSigningRequest: `-----BEGIN CERTIFICATE REQUEST-----
    MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
    BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
    aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
    9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
    wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
    1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
    WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
    wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
    BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
    KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
    hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
    Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
    ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
    29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
    97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
    -----END CERTIFICATE REQUEST-----`,
        signingAlgorithm: "SHA256WITHRSA",
        validity: {
            type: "DAYS",
            value: 70,
        },
    }, {
        dependsOn: [subordinateCATwoActivation],
    });
    export const completeCertificateChain = subordinateCATwoActivation.completeCertificateChain;
    export const certificateArn = endEntityCertificate.arn;
    

    Coming soon!

    Create CertificateAuthority Resource

    new CertificateAuthority(name: string, args: CertificateAuthorityArgs, opts?: CustomResourceOptions);
    @overload
    def CertificateAuthority(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             csr_extensions: Optional[CertificateAuthorityCsrExtensionsArgs] = None,
                             key_algorithm: Optional[str] = None,
                             key_storage_security_standard: Optional[str] = None,
                             revocation_configuration: Optional[CertificateAuthorityRevocationConfigurationArgs] = None,
                             signing_algorithm: Optional[str] = None,
                             subject: Optional[CertificateAuthoritySubjectArgs] = None,
                             tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
                             type: Optional[str] = None,
                             usage_mode: Optional[str] = None)
    @overload
    def CertificateAuthority(resource_name: str,
                             args: CertificateAuthorityArgs,
                             opts: Optional[ResourceOptions] = None)
    func NewCertificateAuthority(ctx *Context, name string, args CertificateAuthorityArgs, opts ...ResourceOption) (*CertificateAuthority, error)
    public CertificateAuthority(string name, CertificateAuthorityArgs args, CustomResourceOptions? opts = null)
    public CertificateAuthority(String name, CertificateAuthorityArgs args)
    public CertificateAuthority(String name, CertificateAuthorityArgs args, CustomResourceOptions options)
    
    type: aws-native:acmpca:CertificateAuthority
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    CertificateAuthority Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The CertificateAuthority resource accepts the following input properties:

    KeyAlgorithm string
    Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
    SigningAlgorithm string
    Algorithm your CA uses to sign certificate requests.
    Subject Pulumi.AwsNative.Acmpca.Inputs.CertificateAuthoritySubject
    Structure that contains X.500 distinguished name information for your CA.
    Type string
    The type of the certificate authority.
    CsrExtensions Pulumi.AwsNative.Acmpca.Inputs.CertificateAuthorityCsrExtensions
    Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
    KeyStorageSecurityStandard string
    KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
    RevocationConfiguration Pulumi.AwsNative.Acmpca.Inputs.CertificateAuthorityRevocationConfiguration
    Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
    Tags List<Pulumi.AwsNative.Inputs.Tag>
    UsageMode string
    Usage mode of the ceritificate authority.
    KeyAlgorithm string
    Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
    SigningAlgorithm string
    Algorithm your CA uses to sign certificate requests.
    Subject CertificateAuthoritySubjectArgs
    Structure that contains X.500 distinguished name information for your CA.
    Type string
    The type of the certificate authority.
    CsrExtensions CertificateAuthorityCsrExtensionsArgs
    Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
    KeyStorageSecurityStandard string
    KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
    RevocationConfiguration CertificateAuthorityRevocationConfigurationArgs
    Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
    Tags TagArgs
    UsageMode string
    Usage mode of the ceritificate authority.
    keyAlgorithm String
    Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
    signingAlgorithm String
    Algorithm your CA uses to sign certificate requests.
    subject CertificateAuthoritySubject
    Structure that contains X.500 distinguished name information for your CA.
    type String
    The type of the certificate authority.
    csrExtensions CertificateAuthorityCsrExtensions
    Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
    keyStorageSecurityStandard String
    KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
    revocationConfiguration CertificateAuthorityRevocationConfiguration
    Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
    tags List<Tag>
    usageMode String
    Usage mode of the ceritificate authority.
    keyAlgorithm string
    Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
    signingAlgorithm string
    Algorithm your CA uses to sign certificate requests.
    subject CertificateAuthoritySubject
    Structure that contains X.500 distinguished name information for your CA.
    type string
    The type of the certificate authority.
    csrExtensions CertificateAuthorityCsrExtensions
    Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
    keyStorageSecurityStandard string
    KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
    revocationConfiguration CertificateAuthorityRevocationConfiguration
    Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
    tags Tag[]
    usageMode string
    Usage mode of the ceritificate authority.
    key_algorithm str
    Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
    signing_algorithm str
    Algorithm your CA uses to sign certificate requests.
    subject CertificateAuthoritySubjectArgs
    Structure that contains X.500 distinguished name information for your CA.
    type str
    The type of the certificate authority.
    csr_extensions CertificateAuthorityCsrExtensionsArgs
    Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
    key_storage_security_standard str
    KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
    revocation_configuration CertificateAuthorityRevocationConfigurationArgs
    Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
    tags TagArgs]
    usage_mode str
    Usage mode of the ceritificate authority.
    keyAlgorithm String
    Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
    signingAlgorithm String
    Algorithm your CA uses to sign certificate requests.
    subject Property Map
    Structure that contains X.500 distinguished name information for your CA.
    type String
    The type of the certificate authority.
    csrExtensions Property Map
    Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
    keyStorageSecurityStandard String
    KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
    revocationConfiguration Property Map
    Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
    tags List<Property Map>
    usageMode String
    Usage mode of the ceritificate authority.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the CertificateAuthority resource produces the following output properties:

    Arn string
    The Amazon Resource Name (ARN) of the certificate authority.
    CertificateSigningRequest string
    The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
    Id string
    The provider-assigned unique ID for this managed resource.
    Arn string
    The Amazon Resource Name (ARN) of the certificate authority.
    CertificateSigningRequest string
    The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
    Id string
    The provider-assigned unique ID for this managed resource.
    arn String
    The Amazon Resource Name (ARN) of the certificate authority.
    certificateSigningRequest String
    The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
    id String
    The provider-assigned unique ID for this managed resource.
    arn string
    The Amazon Resource Name (ARN) of the certificate authority.
    certificateSigningRequest string
    The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
    id string
    The provider-assigned unique ID for this managed resource.
    arn str
    The Amazon Resource Name (ARN) of the certificate authority.
    certificate_signing_request str
    The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
    id str
    The provider-assigned unique ID for this managed resource.
    arn String
    The Amazon Resource Name (ARN) of the certificate authority.
    certificateSigningRequest String
    The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    CertificateAuthorityAccessDescription, CertificateAuthorityAccessDescriptionArgs

    CertificateAuthorityAccessMethod, CertificateAuthorityAccessMethodArgs

    CertificateAuthorityCrlConfiguration, CertificateAuthorityCrlConfigurationArgs

    CertificateAuthorityCrlDistributionPointExtensionConfiguration, CertificateAuthorityCrlDistributionPointExtensionConfigurationArgs

    CertificateAuthorityCsrExtensions, CertificateAuthorityCsrExtensionsArgs

    CertificateAuthorityCustomAttribute, CertificateAuthorityCustomAttributeArgs

    ObjectIdentifier string
    Value string
    ObjectIdentifier string
    Value string
    objectIdentifier String
    value String
    objectIdentifier string
    value string
    objectIdentifier String
    value String

    CertificateAuthorityEdiPartyName, CertificateAuthorityEdiPartyNameArgs

    NameAssigner string
    PartyName string
    NameAssigner string
    PartyName string
    nameAssigner String
    partyName String
    nameAssigner string
    partyName string
    nameAssigner String
    partyName String

    CertificateAuthorityGeneralName, CertificateAuthorityGeneralNameArgs

    CertificateAuthorityKeyUsage, CertificateAuthorityKeyUsageArgs

    CertificateAuthorityOcspConfiguration, CertificateAuthorityOcspConfigurationArgs

    enabled Boolean
    ocspCustomCname String
    enabled boolean
    ocspCustomCname string
    enabled Boolean
    ocspCustomCname String

    CertificateAuthorityOtherName, CertificateAuthorityOtherNameArgs

    TypeId string
    Value string
    TypeId string
    Value string
    typeId String
    value String
    typeId string
    value string
    type_id str
    value str
    typeId String
    value String

    CertificateAuthorityRevocationConfiguration, CertificateAuthorityRevocationConfigurationArgs

    CertificateAuthoritySubject, CertificateAuthoritySubjectArgs

    Tag, TagArgs

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    AWS Native is in preview. AWS Classic is fully supported.

    AWS Native v0.100.0 published on Wednesday, Mar 27, 2024 by Pulumi