aws logo
AWS Classic v5.33.0, Mar 24 23

aws.acmpca.CertificateAuthority

Provides a resource to manage AWS Certificate Manager Private Certificate Authorities (ACM PCA Certificate Authorities).

NOTE: Creating this resource will leave the certificate authority in a PENDING_CERTIFICATE status, which means it cannot yet issue certificates. To complete this setup, you must fully sign the certificate authority CSR available in the certificate_signing_request attribute. The aws.acmpca.CertificateAuthorityCertificate resource can be used for this purpose.

Example Usage

Basic

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Acmpca.CertificateAuthority("example", new()
    {
        CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
        {
            KeyAlgorithm = "RSA_4096",
            SigningAlgorithm = "SHA512WITHRSA",
            Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
            {
                CommonName = "example.com",
            },
        },
        PermanentDeletionTimeInDays = 7,
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acmpca"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{
			CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
				KeyAlgorithm:     pulumi.String("RSA_4096"),
				SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
				Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
					CommonName: pulumi.String("example.com"),
				},
			},
			PermanentDeletionTimeInDays: pulumi.Int(7),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.CertificateAuthority;
import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new CertificateAuthority("example", CertificateAuthorityArgs.builder()        
            .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
                .keyAlgorithm("RSA_4096")
                .signingAlgorithm("SHA512WITHRSA")
                .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
                    .commonName("example.com")
                    .build())
                .build())
            .permanentDeletionTimeInDays(7)
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.acmpca.CertificateAuthority("example",
    certificate_authority_configuration=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs(
        key_algorithm="RSA_4096",
        signing_algorithm="SHA512WITHRSA",
        subject=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs(
            common_name="example.com",
        ),
    ),
    permanent_deletion_time_in_days=7)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.acmpca.CertificateAuthority("example", {
    certificateAuthorityConfiguration: {
        keyAlgorithm: "RSA_4096",
        signingAlgorithm: "SHA512WITHRSA",
        subject: {
            commonName: "example.com",
        },
    },
    permanentDeletionTimeInDays: 7,
});
resources:
  example:
    type: aws:acmpca:CertificateAuthority
    properties:
      certificateAuthorityConfiguration:
        keyAlgorithm: RSA_4096
        signingAlgorithm: SHA512WITHRSA
        subject:
          commonName: example.com
      permanentDeletionTimeInDays: 7

Short-lived certificate

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var example = new Aws.Acmpca.CertificateAuthority("example", new()
    {
        CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
        {
            KeyAlgorithm = "RSA_4096",
            SigningAlgorithm = "SHA512WITHRSA",
            Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
            {
                CommonName = "example.com",
            },
        },
        UsageMode = "SHORT_LIVED_CERTIFICATE",
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acmpca"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{
			CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
				KeyAlgorithm:     pulumi.String("RSA_4096"),
				SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
				Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
					CommonName: pulumi.String("example.com"),
				},
			},
			UsageMode: pulumi.String("SHORT_LIVED_CERTIFICATE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.CertificateAuthority;
import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var example = new CertificateAuthority("example", CertificateAuthorityArgs.builder()        
            .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
                .keyAlgorithm("RSA_4096")
                .signingAlgorithm("SHA512WITHRSA")
                .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
                    .commonName("example.com")
                    .build())
                .build())
            .usageMode("SHORT_LIVED_CERTIFICATE")
            .build());

    }
}
import pulumi
import pulumi_aws as aws

example = aws.acmpca.CertificateAuthority("example",
    certificate_authority_configuration=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs(
        key_algorithm="RSA_4096",
        signing_algorithm="SHA512WITHRSA",
        subject=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs(
            common_name="example.com",
        ),
    ),
    usage_mode="SHORT_LIVED_CERTIFICATE")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.acmpca.CertificateAuthority("example", {
    certificateAuthorityConfiguration: {
        keyAlgorithm: "RSA_4096",
        signingAlgorithm: "SHA512WITHRSA",
        subject: {
            commonName: "example.com",
        },
    },
    usageMode: "SHORT_LIVED_CERTIFICATE",
});
resources:
  example:
    type: aws:acmpca:CertificateAuthority
    properties:
      certificateAuthorityConfiguration:
        keyAlgorithm: RSA_4096
        signingAlgorithm: SHA512WITHRSA
        subject:
          commonName: example.com
      usageMode: SHORT_LIVED_CERTIFICATE

Enable Certificate Revocation List

using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var exampleBucketV2 = new Aws.S3.BucketV2("exampleBucketV2");

    var acmpcaBucketAccess = Aws.Iam.GetPolicyDocument.Invoke(new()
    {
        Statements = new[]
        {
            new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
            {
                Actions = new[]
                {
                    "s3:GetBucketAcl",
                    "s3:GetBucketLocation",
                    "s3:PutObject",
                    "s3:PutObjectAcl",
                },
                Resources = new[]
                {
                    exampleBucketV2.Arn,
                    $"{exampleBucketV2.Arn}/*",
                },
                Principals = new[]
                {
                    new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
                    {
                        Identifiers = new[]
                        {
                            "acm-pca.amazonaws.com",
                        },
                        Type = "Service",
                    },
                },
            },
        },
    });

    var exampleBucketPolicy = new Aws.S3.BucketPolicy("exampleBucketPolicy", new()
    {
        Bucket = exampleBucketV2.Id,
        Policy = acmpcaBucketAccess.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
    });

    var exampleCertificateAuthority = new Aws.Acmpca.CertificateAuthority("exampleCertificateAuthority", new()
    {
        CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
        {
            KeyAlgorithm = "RSA_4096",
            SigningAlgorithm = "SHA512WITHRSA",
            Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
            {
                CommonName = "example.com",
            },
        },
        RevocationConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationArgs
        {
            CrlConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs
            {
                CustomCname = "crl.example.com",
                Enabled = true,
                ExpirationInDays = 7,
                S3BucketName = exampleBucketV2.Id,
            },
        },
    }, new CustomResourceOptions
    {
        DependsOn = new[]
        {
            exampleBucketPolicy,
        },
    });

});
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acmpca"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleBucketV2, err := s3.NewBucketV2(ctx, "exampleBucketV2", nil)
		if err != nil {
			return err
		}
		acmpcaBucketAccess := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
			Statements: iam.GetPolicyDocumentStatementArray{
				&iam.GetPolicyDocumentStatementArgs{
					Actions: pulumi.StringArray{
						pulumi.String("s3:GetBucketAcl"),
						pulumi.String("s3:GetBucketLocation"),
						pulumi.String("s3:PutObject"),
						pulumi.String("s3:PutObjectAcl"),
					},
					Resources: pulumi.StringArray{
						exampleBucketV2.Arn,
						exampleBucketV2.Arn.ApplyT(func(arn string) (string, error) {
							return fmt.Sprintf("%v/*", arn), nil
						}).(pulumi.StringOutput),
					},
					Principals: iam.GetPolicyDocumentStatementPrincipalArray{
						&iam.GetPolicyDocumentStatementPrincipalArgs{
							Identifiers: pulumi.StringArray{
								pulumi.String("acm-pca.amazonaws.com"),
							},
							Type: pulumi.String("Service"),
						},
					},
				},
			},
		}, nil)
		exampleBucketPolicy, err := s3.NewBucketPolicy(ctx, "exampleBucketPolicy", &s3.BucketPolicyArgs{
			Bucket: exampleBucketV2.ID(),
			Policy: acmpcaBucketAccess.ApplyT(func(acmpcaBucketAccess iam.GetPolicyDocumentResult) (*string, error) {
				return &acmpcaBucketAccess.Json, nil
			}).(pulumi.StringPtrOutput),
		})
		if err != nil {
			return err
		}
		_, err = acmpca.NewCertificateAuthority(ctx, "exampleCertificateAuthority", &acmpca.CertificateAuthorityArgs{
			CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
				KeyAlgorithm:     pulumi.String("RSA_4096"),
				SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
				Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
					CommonName: pulumi.String("example.com"),
				},
			},
			RevocationConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationArgs{
				CrlConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs{
					CustomCname:      pulumi.String("crl.example.com"),
					Enabled:          pulumi.Bool(true),
					ExpirationInDays: pulumi.Int(7),
					S3BucketName:     exampleBucketV2.ID(),
				},
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			exampleBucketPolicy,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import com.pulumi.aws.acmpca.CertificateAuthority;
import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityRevocationConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var exampleBucketV2 = new BucketV2("exampleBucketV2");

        final var acmpcaBucketAccess = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(GetPolicyDocumentStatementArgs.builder()
                .actions(                
                    "s3:GetBucketAcl",
                    "s3:GetBucketLocation",
                    "s3:PutObject",
                    "s3:PutObjectAcl")
                .resources(                
                    exampleBucketV2.arn(),
                    exampleBucketV2.arn().applyValue(arn -> String.format("%s/*", arn)))
                .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                    .identifiers("acm-pca.amazonaws.com")
                    .type("Service")
                    .build())
                .build())
            .build());

        var exampleBucketPolicy = new BucketPolicy("exampleBucketPolicy", BucketPolicyArgs.builder()        
            .bucket(exampleBucketV2.id())
            .policy(acmpcaBucketAccess.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(acmpcaBucketAccess -> acmpcaBucketAccess.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
            .build());

        var exampleCertificateAuthority = new CertificateAuthority("exampleCertificateAuthority", CertificateAuthorityArgs.builder()        
            .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
                .keyAlgorithm("RSA_4096")
                .signingAlgorithm("SHA512WITHRSA")
                .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
                    .commonName("example.com")
                    .build())
                .build())
            .revocationConfiguration(CertificateAuthorityRevocationConfigurationArgs.builder()
                .crlConfiguration(CertificateAuthorityRevocationConfigurationCrlConfigurationArgs.builder()
                    .customCname("crl.example.com")
                    .enabled(true)
                    .expirationInDays(7)
                    .s3BucketName(exampleBucketV2.id())
                    .build())
                .build())
            .build(), CustomResourceOptions.builder()
                .dependsOn(exampleBucketPolicy)
                .build());

    }
}
import pulumi
import pulumi_aws as aws

example_bucket_v2 = aws.s3.BucketV2("exampleBucketV2")
acmpca_bucket_access = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
    actions=[
        "s3:GetBucketAcl",
        "s3:GetBucketLocation",
        "s3:PutObject",
        "s3:PutObjectAcl",
    ],
    resources=[
        example_bucket_v2.arn,
        example_bucket_v2.arn.apply(lambda arn: f"{arn}/*"),
    ],
    principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
        identifiers=["acm-pca.amazonaws.com"],
        type="Service",
    )],
)])
example_bucket_policy = aws.s3.BucketPolicy("exampleBucketPolicy",
    bucket=example_bucket_v2.id,
    policy=acmpca_bucket_access.json)
example_certificate_authority = aws.acmpca.CertificateAuthority("exampleCertificateAuthority",
    certificate_authority_configuration=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs(
        key_algorithm="RSA_4096",
        signing_algorithm="SHA512WITHRSA",
        subject=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs(
            common_name="example.com",
        ),
    ),
    revocation_configuration=aws.acmpca.CertificateAuthorityRevocationConfigurationArgs(
        crl_configuration=aws.acmpca.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs(
            custom_cname="crl.example.com",
            enabled=True,
            expiration_in_days=7,
            s3_bucket_name=example_bucket_v2.id,
        ),
    ),
    opts=pulumi.ResourceOptions(depends_on=[example_bucket_policy]))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleBucketV2 = new aws.s3.BucketV2("exampleBucketV2", {});
const acmpcaBucketAccess = aws.iam.getPolicyDocumentOutput({
    statements: [{
        actions: [
            "s3:GetBucketAcl",
            "s3:GetBucketLocation",
            "s3:PutObject",
            "s3:PutObjectAcl",
        ],
        resources: [
            exampleBucketV2.arn,
            pulumi.interpolate`${exampleBucketV2.arn}/*`,
        ],
        principals: [{
            identifiers: ["acm-pca.amazonaws.com"],
            type: "Service",
        }],
    }],
});
const exampleBucketPolicy = new aws.s3.BucketPolicy("exampleBucketPolicy", {
    bucket: exampleBucketV2.id,
    policy: acmpcaBucketAccess.apply(acmpcaBucketAccess => acmpcaBucketAccess.json),
});
const exampleCertificateAuthority = new aws.acmpca.CertificateAuthority("exampleCertificateAuthority", {
    certificateAuthorityConfiguration: {
        keyAlgorithm: "RSA_4096",
        signingAlgorithm: "SHA512WITHRSA",
        subject: {
            commonName: "example.com",
        },
    },
    revocationConfiguration: {
        crlConfiguration: {
            customCname: "crl.example.com",
            enabled: true,
            expirationInDays: 7,
            s3BucketName: exampleBucketV2.id,
        },
    },
}, {
    dependsOn: [exampleBucketPolicy],
});
resources:
  exampleBucketV2:
    type: aws:s3:BucketV2
  exampleBucketPolicy:
    type: aws:s3:BucketPolicy
    properties:
      bucket: ${exampleBucketV2.id}
      policy: ${acmpcaBucketAccess.json}
  exampleCertificateAuthority:
    type: aws:acmpca:CertificateAuthority
    properties:
      certificateAuthorityConfiguration:
        keyAlgorithm: RSA_4096
        signingAlgorithm: SHA512WITHRSA
        subject:
          commonName: example.com
      revocationConfiguration:
        crlConfiguration:
          customCname: crl.example.com
          enabled: true
          expirationInDays: 7
          s3BucketName: ${exampleBucketV2.id}
    options:
      dependson:
        - ${exampleBucketPolicy}
variables:
  acmpcaBucketAccess:
    fn::invoke:
      Function: aws:iam:getPolicyDocument
      Arguments:
        statements:
          - actions:
              - s3:GetBucketAcl
              - s3:GetBucketLocation
              - s3:PutObject
              - s3:PutObjectAcl
            resources:
              - ${exampleBucketV2.arn}
              - ${exampleBucketV2.arn}/*
            principals:
              - identifiers:
                  - acm-pca.amazonaws.com
                type: Service

Create CertificateAuthority Resource

new CertificateAuthority(name: string, args: CertificateAuthorityArgs, opts?: CustomResourceOptions);
@overload
def CertificateAuthority(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         certificate_authority_configuration: Optional[CertificateAuthorityCertificateAuthorityConfigurationArgs] = None,
                         enabled: Optional[bool] = None,
                         permanent_deletion_time_in_days: Optional[int] = None,
                         revocation_configuration: Optional[CertificateAuthorityRevocationConfigurationArgs] = None,
                         tags: Optional[Mapping[str, str]] = None,
                         type: Optional[str] = None,
                         usage_mode: Optional[str] = None)
@overload
def CertificateAuthority(resource_name: str,
                         args: CertificateAuthorityArgs,
                         opts: Optional[ResourceOptions] = None)
func NewCertificateAuthority(ctx *Context, name string, args CertificateAuthorityArgs, opts ...ResourceOption) (*CertificateAuthority, error)
public CertificateAuthority(string name, CertificateAuthorityArgs args, CustomResourceOptions? opts = null)
public CertificateAuthority(String name, CertificateAuthorityArgs args)
public CertificateAuthority(String name, CertificateAuthorityArgs args, CustomResourceOptions options)
type: aws:acmpca:CertificateAuthority
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args CertificateAuthorityArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args CertificateAuthorityArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args CertificateAuthorityArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args CertificateAuthorityArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args CertificateAuthorityArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

CertificateAuthority Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The CertificateAuthority resource accepts the following input properties:

CertificateAuthorityConfiguration Pulumi.Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs

Nested argument containing algorithms and certificate subject information. Defined below.

Enabled bool

Whether the certificate authority is enabled or disabled. Defaults to true. Can only be disabled if the CA is in an ACTIVE state.

PermanentDeletionTimeInDays int

Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

RevocationConfiguration Pulumi.Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationArgs

Nested argument containing revocation configuration. Defined below.

Tags Dictionary<string, string>

Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Type string

Type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

UsageMode string

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to GENERAL_PURPOSE. Valid values: GENERAL_PURPOSE and SHORT_LIVED_CERTIFICATE.

CertificateAuthorityConfiguration CertificateAuthorityCertificateAuthorityConfigurationArgs

Nested argument containing algorithms and certificate subject information. Defined below.

Enabled bool

Whether the certificate authority is enabled or disabled. Defaults to true. Can only be disabled if the CA is in an ACTIVE state.

PermanentDeletionTimeInDays int

Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

RevocationConfiguration CertificateAuthorityRevocationConfigurationArgs

Nested argument containing revocation configuration. Defined below.

Tags map[string]string

Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Type string

Type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

UsageMode string

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to GENERAL_PURPOSE. Valid values: GENERAL_PURPOSE and SHORT_LIVED_CERTIFICATE.

certificateAuthorityConfiguration CertificateAuthorityCertificateAuthorityConfigurationArgs

Nested argument containing algorithms and certificate subject information. Defined below.

enabled Boolean

Whether the certificate authority is enabled or disabled. Defaults to true. Can only be disabled if the CA is in an ACTIVE state.

permanentDeletionTimeInDays Integer

Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

revocationConfiguration CertificateAuthorityRevocationConfigurationArgs

Nested argument containing revocation configuration. Defined below.

tags Map<String,String>

Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

type String

Type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

usageMode String

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to GENERAL_PURPOSE. Valid values: GENERAL_PURPOSE and SHORT_LIVED_CERTIFICATE.

certificateAuthorityConfiguration CertificateAuthorityCertificateAuthorityConfigurationArgs

Nested argument containing algorithms and certificate subject information. Defined below.

enabled boolean

Whether the certificate authority is enabled or disabled. Defaults to true. Can only be disabled if the CA is in an ACTIVE state.

permanentDeletionTimeInDays number

Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

revocationConfiguration CertificateAuthorityRevocationConfigurationArgs

Nested argument containing revocation configuration. Defined below.

tags {[key: string]: string}

Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

type string

Type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

usageMode string

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to GENERAL_PURPOSE. Valid values: GENERAL_PURPOSE and SHORT_LIVED_CERTIFICATE.

certificate_authority_configuration CertificateAuthorityCertificateAuthorityConfigurationArgs

Nested argument containing algorithms and certificate subject information. Defined below.

enabled bool

Whether the certificate authority is enabled or disabled. Defaults to true. Can only be disabled if the CA is in an ACTIVE state.

permanent_deletion_time_in_days int

Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

revocation_configuration CertificateAuthorityRevocationConfigurationArgs

Nested argument containing revocation configuration. Defined below.

tags Mapping[str, str]

Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

type str

Type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

usage_mode str

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to GENERAL_PURPOSE. Valid values: GENERAL_PURPOSE and SHORT_LIVED_CERTIFICATE.

certificateAuthorityConfiguration Property Map

Nested argument containing algorithms and certificate subject information. Defined below.

enabled Boolean

Whether the certificate authority is enabled or disabled. Defaults to true. Can only be disabled if the CA is in an ACTIVE state.

permanentDeletionTimeInDays Number

Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

revocationConfiguration Property Map

Nested argument containing revocation configuration. Defined below.

tags Map<String>

Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

type String

Type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

usageMode String

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to GENERAL_PURPOSE. Valid values: GENERAL_PURPOSE and SHORT_LIVED_CERTIFICATE.

Outputs

All input properties are implicitly available as output properties. Additionally, the CertificateAuthority resource produces the following output properties:

Arn string

ARN of the certificate authority.

Certificate string

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

CertificateChain string

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

CertificateSigningRequest string

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

Id string

The provider-assigned unique ID for this managed resource.

NotAfter string

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

NotBefore string

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

Serial string

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

Status string

(Deprecated use the enabled attribute instead) Status of the certificate authority.

Deprecated:

The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Arn string

ARN of the certificate authority.

Certificate string

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

CertificateChain string

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

CertificateSigningRequest string

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

Id string

The provider-assigned unique ID for this managed resource.

NotAfter string

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

NotBefore string

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

Serial string

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

Status string

(Deprecated use the enabled attribute instead) Status of the certificate authority.

Deprecated:

The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

ARN of the certificate authority.

certificate String

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

certificateChain String

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

certificateSigningRequest String

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

id String

The provider-assigned unique ID for this managed resource.

notAfter String

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

notBefore String

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

serial String

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

status String

(Deprecated use the enabled attribute instead) Status of the certificate authority.

Deprecated:

The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn string

ARN of the certificate authority.

certificate string

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

certificateChain string

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

certificateSigningRequest string

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

id string

The provider-assigned unique ID for this managed resource.

notAfter string

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

notBefore string

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

serial string

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

status string

(Deprecated use the enabled attribute instead) Status of the certificate authority.

Deprecated:

The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn str

ARN of the certificate authority.

certificate str

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

certificate_chain str

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

certificate_signing_request str

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

id str

The provider-assigned unique ID for this managed resource.

not_after str

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

not_before str

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

serial str

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

status str

(Deprecated use the enabled attribute instead) Status of the certificate authority.

Deprecated:

The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

arn String

ARN of the certificate authority.

certificate String

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

certificateChain String

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

certificateSigningRequest String

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

id String

The provider-assigned unique ID for this managed resource.

notAfter String

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

notBefore String

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

serial String

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

status String

(Deprecated use the enabled attribute instead) Status of the certificate authority.

Deprecated:

The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Look up Existing CertificateAuthority Resource

Get an existing CertificateAuthority resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: CertificateAuthorityState, opts?: CustomResourceOptions): CertificateAuthority
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        certificate: Optional[str] = None,
        certificate_authority_configuration: Optional[CertificateAuthorityCertificateAuthorityConfigurationArgs] = None,
        certificate_chain: Optional[str] = None,
        certificate_signing_request: Optional[str] = None,
        enabled: Optional[bool] = None,
        not_after: Optional[str] = None,
        not_before: Optional[str] = None,
        permanent_deletion_time_in_days: Optional[int] = None,
        revocation_configuration: Optional[CertificateAuthorityRevocationConfigurationArgs] = None,
        serial: Optional[str] = None,
        status: Optional[str] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        type: Optional[str] = None,
        usage_mode: Optional[str] = None) -> CertificateAuthority
func GetCertificateAuthority(ctx *Context, name string, id IDInput, state *CertificateAuthorityState, opts ...ResourceOption) (*CertificateAuthority, error)
public static CertificateAuthority Get(string name, Input<string> id, CertificateAuthorityState? state, CustomResourceOptions? opts = null)
public static CertificateAuthority get(String name, Output<String> id, CertificateAuthorityState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string

ARN of the certificate authority.

Certificate string

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

CertificateAuthorityConfiguration Pulumi.Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs

Nested argument containing algorithms and certificate subject information. Defined below.

CertificateChain string

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

CertificateSigningRequest string

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

Enabled bool

Whether the certificate authority is enabled or disabled. Defaults to true. Can only be disabled if the CA is in an ACTIVE state.

NotAfter string

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

NotBefore string

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

PermanentDeletionTimeInDays int

Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

RevocationConfiguration Pulumi.Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationArgs

Nested argument containing revocation configuration. Defined below.

Serial string

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

Status string

(Deprecated use the enabled attribute instead) Status of the certificate authority.

Deprecated:

The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.

Tags Dictionary<string, string>

Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Type string

Type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

UsageMode string

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to GENERAL_PURPOSE. Valid values: GENERAL_PURPOSE and SHORT_LIVED_CERTIFICATE.

Arn string

ARN of the certificate authority.

Certificate string

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

CertificateAuthorityConfiguration CertificateAuthorityCertificateAuthorityConfigurationArgs

Nested argument containing algorithms and certificate subject information. Defined below.

CertificateChain string

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

CertificateSigningRequest string

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

Enabled bool

Whether the certificate authority is enabled or disabled. Defaults to true. Can only be disabled if the CA is in an ACTIVE state.

NotAfter string

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

NotBefore string

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

PermanentDeletionTimeInDays int

Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

RevocationConfiguration CertificateAuthorityRevocationConfigurationArgs

Nested argument containing revocation configuration. Defined below.

Serial string

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

Status string

(Deprecated use the enabled attribute instead) Status of the certificate authority.

Deprecated:

The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.

Tags map[string]string

Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Type string

Type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

UsageMode string

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to GENERAL_PURPOSE. Valid values: GENERAL_PURPOSE and SHORT_LIVED_CERTIFICATE.

arn String

ARN of the certificate authority.

certificate String

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

certificateAuthorityConfiguration CertificateAuthorityCertificateAuthorityConfigurationArgs

Nested argument containing algorithms and certificate subject information. Defined below.

certificateChain String

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

certificateSigningRequest String

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

enabled Boolean

Whether the certificate authority is enabled or disabled. Defaults to true. Can only be disabled if the CA is in an ACTIVE state.

notAfter String

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

notBefore String

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

permanentDeletionTimeInDays Integer

Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

revocationConfiguration CertificateAuthorityRevocationConfigurationArgs

Nested argument containing revocation configuration. Defined below.

serial String

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

status String

(Deprecated use the enabled attribute instead) Status of the certificate authority.

Deprecated:

The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.

tags Map<String,String>

Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

type String

Type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

usageMode String

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to GENERAL_PURPOSE. Valid values: GENERAL_PURPOSE and SHORT_LIVED_CERTIFICATE.

arn string

ARN of the certificate authority.

certificate string

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

certificateAuthorityConfiguration CertificateAuthorityCertificateAuthorityConfigurationArgs

Nested argument containing algorithms and certificate subject information. Defined below.

certificateChain string

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

certificateSigningRequest string

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

enabled boolean

Whether the certificate authority is enabled or disabled. Defaults to true. Can only be disabled if the CA is in an ACTIVE state.

notAfter string

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

notBefore string

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

permanentDeletionTimeInDays number

Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

revocationConfiguration CertificateAuthorityRevocationConfigurationArgs

Nested argument containing revocation configuration. Defined below.

serial string

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

status string

(Deprecated use the enabled attribute instead) Status of the certificate authority.

Deprecated:

The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.

tags {[key: string]: string}

Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

type string

Type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

usageMode string

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to GENERAL_PURPOSE. Valid values: GENERAL_PURPOSE and SHORT_LIVED_CERTIFICATE.

arn str

ARN of the certificate authority.

certificate str

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

certificate_authority_configuration CertificateAuthorityCertificateAuthorityConfigurationArgs

Nested argument containing algorithms and certificate subject information. Defined below.

certificate_chain str

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

certificate_signing_request str

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

enabled bool

Whether the certificate authority is enabled or disabled. Defaults to true. Can only be disabled if the CA is in an ACTIVE state.

not_after str

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

not_before str

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

permanent_deletion_time_in_days int

Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

revocation_configuration CertificateAuthorityRevocationConfigurationArgs

Nested argument containing revocation configuration. Defined below.

serial str

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

status str

(Deprecated use the enabled attribute instead) Status of the certificate authority.

Deprecated:

The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.

tags Mapping[str, str]

Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

type str

Type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

usage_mode str

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to GENERAL_PURPOSE. Valid values: GENERAL_PURPOSE and SHORT_LIVED_CERTIFICATE.

arn String

ARN of the certificate authority.

certificate String

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

certificateAuthorityConfiguration Property Map

Nested argument containing algorithms and certificate subject information. Defined below.

certificateChain String

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

certificateSigningRequest String

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

enabled Boolean

Whether the certificate authority is enabled or disabled. Defaults to true. Can only be disabled if the CA is in an ACTIVE state.

notAfter String

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

notBefore String

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

permanentDeletionTimeInDays Number

Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

revocationConfiguration Property Map

Nested argument containing revocation configuration. Defined below.

serial String

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

status String

(Deprecated use the enabled attribute instead) Status of the certificate authority.

Deprecated:

The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.

tags Map<String>

Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

Map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

type String

Type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

usageMode String

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to GENERAL_PURPOSE. Valid values: GENERAL_PURPOSE and SHORT_LIVED_CERTIFICATE.

Supporting Types

CertificateAuthorityCertificateAuthorityConfiguration

KeyAlgorithm string

Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the ACM PCA Documentation.

SigningAlgorithm string

Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the ACM PCA Documentation.

Subject Pulumi.Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubject

Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.

KeyAlgorithm string

Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the ACM PCA Documentation.

SigningAlgorithm string

Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the ACM PCA Documentation.

Subject CertificateAuthorityCertificateAuthorityConfigurationSubject

Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.

keyAlgorithm String

Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the ACM PCA Documentation.

signingAlgorithm String

Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the ACM PCA Documentation.

subject CertificateAuthorityCertificateAuthorityConfigurationSubject

Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.

keyAlgorithm string

Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the ACM PCA Documentation.

signingAlgorithm string

Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the ACM PCA Documentation.

subject CertificateAuthorityCertificateAuthorityConfigurationSubject

Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.

key_algorithm str

Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the ACM PCA Documentation.

signing_algorithm str

Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the ACM PCA Documentation.

subject CertificateAuthorityCertificateAuthorityConfigurationSubject

Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.

keyAlgorithm String

Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the ACM PCA Documentation.

signingAlgorithm String

Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the ACM PCA Documentation.

subject Property Map

Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.

CertificateAuthorityCertificateAuthorityConfigurationSubject

CommonName string

Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.

Country string

Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.

DistinguishedNameQualifier string

Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.

GenerationQualifier string

Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.

GivenName string

First name. Must be less than or equal to 16 characters in length.

Initials string

Concatenation that typically contains the first letter of the given_name, the first letter of the middle name if one exists, and the first letter of the surname. Must be less than or equal to 5 characters in length.

Locality string

Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.

Organization string

Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

OrganizationalUnit string

Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

Pseudonym string

Typically a shortened version of a longer given_name. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.

State string

State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.

Surname string

Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.

Title string

Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.

CommonName string

Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.

Country string

Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.

DistinguishedNameQualifier string

Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.

GenerationQualifier string

Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.

GivenName string

First name. Must be less than or equal to 16 characters in length.

Initials string

Concatenation that typically contains the first letter of the given_name, the first letter of the middle name if one exists, and the first letter of the surname. Must be less than or equal to 5 characters in length.

Locality string

Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.

Organization string

Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

OrganizationalUnit string

Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

Pseudonym string

Typically a shortened version of a longer given_name. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.

State string

State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.

Surname string

Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.

Title string

Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.

commonName String

Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.

country String

Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.

distinguishedNameQualifier String

Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.

generationQualifier String

Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.

givenName String

First name. Must be less than or equal to 16 characters in length.

initials String

Concatenation that typically contains the first letter of the given_name, the first letter of the middle name if one exists, and the first letter of the surname. Must be less than or equal to 5 characters in length.

locality String

Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.

organization String

Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

organizationalUnit String

Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

pseudonym String

Typically a shortened version of a longer given_name. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.

state String

State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.

surname String

Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.

title String

Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.

commonName string

Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.

country string

Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.

distinguishedNameQualifier string

Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.

generationQualifier string

Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.

givenName string

First name. Must be less than or equal to 16 characters in length.

initials string

Concatenation that typically contains the first letter of the given_name, the first letter of the middle name if one exists, and the first letter of the surname. Must be less than or equal to 5 characters in length.

locality string

Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.

organization string

Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

organizationalUnit string

Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

pseudonym string

Typically a shortened version of a longer given_name. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.

state string

State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.

surname string

Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.

title string

Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.

common_name str

Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.

country str

Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.

distinguished_name_qualifier str

Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.

generation_qualifier str

Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.

given_name str

First name. Must be less than or equal to 16 characters in length.

initials str

Concatenation that typically contains the first letter of the given_name, the first letter of the middle name if one exists, and the first letter of the surname. Must be less than or equal to 5 characters in length.

locality str

Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.

organization str

Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

organizational_unit str

Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

pseudonym str

Typically a shortened version of a longer given_name. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.

state str

State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.

surname str

Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.

title str

Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.

commonName String

Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.

country String

Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.

distinguishedNameQualifier String

Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.

generationQualifier String

Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.

givenName String

First name. Must be less than or equal to 16 characters in length.

initials String

Concatenation that typically contains the first letter of the given_name, the first letter of the middle name if one exists, and the first letter of the surname. Must be less than or equal to 5 characters in length.

locality String

Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.

organization String

Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

organizationalUnit String

Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

pseudonym String

Typically a shortened version of a longer given_name. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.

state String

State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.

surname String

Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.

title String

Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.

CertificateAuthorityRevocationConfiguration

CrlConfiguration Pulumi.Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationCrlConfiguration

Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.

OcspConfiguration Pulumi.Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationOcspConfiguration

Nested argument containing configuration of the custom OCSP responder endpoint. Defined below.

CrlConfiguration CertificateAuthorityRevocationConfigurationCrlConfiguration

Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.

OcspConfiguration CertificateAuthorityRevocationConfigurationOcspConfiguration

Nested argument containing configuration of the custom OCSP responder endpoint. Defined below.

crlConfiguration CertificateAuthorityRevocationConfigurationCrlConfiguration

Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.

ocspConfiguration CertificateAuthorityRevocationConfigurationOcspConfiguration

Nested argument containing configuration of the custom OCSP responder endpoint. Defined below.

crlConfiguration CertificateAuthorityRevocationConfigurationCrlConfiguration

Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.

ocspConfiguration CertificateAuthorityRevocationConfigurationOcspConfiguration

Nested argument containing configuration of the custom OCSP responder endpoint. Defined below.

crl_configuration CertificateAuthorityRevocationConfigurationCrlConfiguration

Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.

ocsp_configuration CertificateAuthorityRevocationConfigurationOcspConfiguration

Nested argument containing configuration of the custom OCSP responder endpoint. Defined below.

crlConfiguration Property Map

Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.

ocspConfiguration Property Map

Nested argument containing configuration of the custom OCSP responder endpoint. Defined below.

CertificateAuthorityRevocationConfigurationCrlConfiguration

CustomCname string

Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.

Enabled bool

Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to false.

ExpirationInDays int

Number of days until a certificate expires. Must be between 1 and 5000.

S3BucketName string

Name of the S3 bucket that contains the CRL. If you do not provide a value for the custom_cname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.

S3ObjectAcl string

Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to PUBLIC_READ.

CustomCname string

Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.

Enabled bool

Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to false.

ExpirationInDays int

Number of days until a certificate expires. Must be between 1 and 5000.

S3BucketName string

Name of the S3 bucket that contains the CRL. If you do not provide a value for the custom_cname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.

S3ObjectAcl string

Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to PUBLIC_READ.

customCname String

Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.

enabled Boolean

Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to false.

expirationInDays Integer

Number of days until a certificate expires. Must be between 1 and 5000.

s3BucketName String

Name of the S3 bucket that contains the CRL. If you do not provide a value for the custom_cname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.

s3ObjectAcl String

Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to PUBLIC_READ.

customCname string

Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.

enabled boolean

Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to false.

expirationInDays number

Number of days until a certificate expires. Must be between 1 and 5000.

s3BucketName string

Name of the S3 bucket that contains the CRL. If you do not provide a value for the custom_cname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.

s3ObjectAcl string

Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to PUBLIC_READ.

custom_cname str

Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.

enabled bool

Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to false.

expiration_in_days int

Number of days until a certificate expires. Must be between 1 and 5000.

s3_bucket_name str

Name of the S3 bucket that contains the CRL. If you do not provide a value for the custom_cname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.

s3_object_acl str

Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to PUBLIC_READ.

customCname String

Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.

enabled Boolean

Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to false.

expirationInDays Number

Number of days until a certificate expires. Must be between 1 and 5000.

s3BucketName String

Name of the S3 bucket that contains the CRL. If you do not provide a value for the custom_cname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.

s3ObjectAcl String

Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to PUBLIC_READ.

CertificateAuthorityRevocationConfigurationOcspConfiguration

Enabled bool

Boolean value that specifies whether a custom OCSP responder is enabled.

OcspCustomCname string

CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".

Enabled bool

Boolean value that specifies whether a custom OCSP responder is enabled.

OcspCustomCname string

CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".

enabled Boolean

Boolean value that specifies whether a custom OCSP responder is enabled.

ocspCustomCname String

CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".

enabled boolean

Boolean value that specifies whether a custom OCSP responder is enabled.

ocspCustomCname string

CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".

enabled bool

Boolean value that specifies whether a custom OCSP responder is enabled.

ocsp_custom_cname str

CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".

enabled Boolean

Boolean value that specifies whether a custom OCSP responder is enabled.

ocspCustomCname String

CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".

Import

aws_acmpca_certificate_authority can be imported by using the certificate authority ARN, e.g.,

 $ pulumi import aws:acmpca/certificateAuthority:CertificateAuthority example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.