aws.acmpca.CertificateAuthority
Provides a resource to manage AWS Certificate Manager Private Certificate Authorities (ACM PCA Certificate Authorities).
NOTE: Creating this resource will leave the certificate authority in a
PENDING_CERTIFICATEstatus, which means it cannot yet issue certificates. To complete this setup, you must fully sign the certificate authority CSR available in thecertificate_signing_requestattribute. Theaws.acmpca.CertificateAuthorityCertificateresource can be used for this purpose.
Example Usage
Basic
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Acmpca.CertificateAuthority("example", new()
{
CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
{
KeyAlgorithm = "RSA_4096",
SigningAlgorithm = "SHA512WITHRSA",
Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
{
CommonName = "example.com",
},
},
PermanentDeletionTimeInDays = 7,
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acmpca"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{
CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
KeyAlgorithm: pulumi.String("RSA_4096"),
SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
CommonName: pulumi.String("example.com"),
},
},
PermanentDeletionTimeInDays: pulumi.Int(7),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.CertificateAuthority;
import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new CertificateAuthority("example", CertificateAuthorityArgs.builder()
.certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
.keyAlgorithm("RSA_4096")
.signingAlgorithm("SHA512WITHRSA")
.subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
.commonName("example.com")
.build())
.build())
.permanentDeletionTimeInDays(7)
.build());
}
}
import pulumi
import pulumi_aws as aws
example = aws.acmpca.CertificateAuthority("example",
certificate_authority_configuration=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs(
key_algorithm="RSA_4096",
signing_algorithm="SHA512WITHRSA",
subject=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs(
common_name="example.com",
),
),
permanent_deletion_time_in_days=7)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.acmpca.CertificateAuthority("example", {
certificateAuthorityConfiguration: {
keyAlgorithm: "RSA_4096",
signingAlgorithm: "SHA512WITHRSA",
subject: {
commonName: "example.com",
},
},
permanentDeletionTimeInDays: 7,
});
resources:
example:
type: aws:acmpca:CertificateAuthority
properties:
certificateAuthorityConfiguration:
keyAlgorithm: RSA_4096
signingAlgorithm: SHA512WITHRSA
subject:
commonName: example.com
permanentDeletionTimeInDays: 7
Short-lived certificate
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Acmpca.CertificateAuthority("example", new()
{
CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
{
KeyAlgorithm = "RSA_4096",
SigningAlgorithm = "SHA512WITHRSA",
Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
{
CommonName = "example.com",
},
},
UsageMode = "SHORT_LIVED_CERTIFICATE",
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acmpca"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{
CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
KeyAlgorithm: pulumi.String("RSA_4096"),
SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
CommonName: pulumi.String("example.com"),
},
},
UsageMode: pulumi.String("SHORT_LIVED_CERTIFICATE"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.CertificateAuthority;
import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new CertificateAuthority("example", CertificateAuthorityArgs.builder()
.certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
.keyAlgorithm("RSA_4096")
.signingAlgorithm("SHA512WITHRSA")
.subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
.commonName("example.com")
.build())
.build())
.usageMode("SHORT_LIVED_CERTIFICATE")
.build());
}
}
import pulumi
import pulumi_aws as aws
example = aws.acmpca.CertificateAuthority("example",
certificate_authority_configuration=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs(
key_algorithm="RSA_4096",
signing_algorithm="SHA512WITHRSA",
subject=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs(
common_name="example.com",
),
),
usage_mode="SHORT_LIVED_CERTIFICATE")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.acmpca.CertificateAuthority("example", {
certificateAuthorityConfiguration: {
keyAlgorithm: "RSA_4096",
signingAlgorithm: "SHA512WITHRSA",
subject: {
commonName: "example.com",
},
},
usageMode: "SHORT_LIVED_CERTIFICATE",
});
resources:
example:
type: aws:acmpca:CertificateAuthority
properties:
certificateAuthorityConfiguration:
keyAlgorithm: RSA_4096
signingAlgorithm: SHA512WITHRSA
subject:
commonName: example.com
usageMode: SHORT_LIVED_CERTIFICATE
Enable Certificate Revocation List
using System.Collections.Generic;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var exampleBucketV2 = new Aws.S3.BucketV2("exampleBucketV2");
var acmpcaBucketAccess = Aws.Iam.GetPolicyDocument.Invoke(new()
{
Statements = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
{
Actions = new[]
{
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:PutObject",
"s3:PutObjectAcl",
},
Resources = new[]
{
exampleBucketV2.Arn,
$"{exampleBucketV2.Arn}/*",
},
Principals = new[]
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
{
Identifiers = new[]
{
"acm-pca.amazonaws.com",
},
Type = "Service",
},
},
},
},
});
var exampleBucketPolicy = new Aws.S3.BucketPolicy("exampleBucketPolicy", new()
{
Bucket = exampleBucketV2.Id,
Policy = acmpcaBucketAccess.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
});
var exampleCertificateAuthority = new Aws.Acmpca.CertificateAuthority("exampleCertificateAuthority", new()
{
CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
{
KeyAlgorithm = "RSA_4096",
SigningAlgorithm = "SHA512WITHRSA",
Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
{
CommonName = "example.com",
},
},
RevocationConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationArgs
{
CrlConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs
{
CustomCname = "crl.example.com",
Enabled = true,
ExpirationInDays = 7,
S3BucketName = exampleBucketV2.Id,
},
},
}, new CustomResourceOptions
{
DependsOn = new[]
{
exampleBucketPolicy,
},
});
});
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acmpca"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleBucketV2, err := s3.NewBucketV2(ctx, "exampleBucketV2", nil)
if err != nil {
return err
}
acmpcaBucketAccess := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
Statements: iam.GetPolicyDocumentStatementArray{
&iam.GetPolicyDocumentStatementArgs{
Actions: pulumi.StringArray{
pulumi.String("s3:GetBucketAcl"),
pulumi.String("s3:GetBucketLocation"),
pulumi.String("s3:PutObject"),
pulumi.String("s3:PutObjectAcl"),
},
Resources: pulumi.StringArray{
exampleBucketV2.Arn,
exampleBucketV2.Arn.ApplyT(func(arn string) (string, error) {
return fmt.Sprintf("%v/*", arn), nil
}).(pulumi.StringOutput),
},
Principals: iam.GetPolicyDocumentStatementPrincipalArray{
&iam.GetPolicyDocumentStatementPrincipalArgs{
Identifiers: pulumi.StringArray{
pulumi.String("acm-pca.amazonaws.com"),
},
Type: pulumi.String("Service"),
},
},
},
},
}, nil)
exampleBucketPolicy, err := s3.NewBucketPolicy(ctx, "exampleBucketPolicy", &s3.BucketPolicyArgs{
Bucket: exampleBucketV2.ID(),
Policy: acmpcaBucketAccess.ApplyT(func(acmpcaBucketAccess iam.GetPolicyDocumentResult) (*string, error) {
return &acmpcaBucketAccess.Json, nil
}).(pulumi.StringPtrOutput),
})
if err != nil {
return err
}
_, err = acmpca.NewCertificateAuthority(ctx, "exampleCertificateAuthority", &acmpca.CertificateAuthorityArgs{
CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
KeyAlgorithm: pulumi.String("RSA_4096"),
SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
CommonName: pulumi.String("example.com"),
},
},
RevocationConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationArgs{
CrlConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs{
CustomCname: pulumi.String("crl.example.com"),
Enabled: pulumi.Bool(true),
ExpirationInDays: pulumi.Int(7),
S3BucketName: exampleBucketV2.ID(),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleBucketPolicy,
}))
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.s3.BucketV2;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.s3.BucketPolicy;
import com.pulumi.aws.s3.BucketPolicyArgs;
import com.pulumi.aws.acmpca.CertificateAuthority;
import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityRevocationConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleBucketV2 = new BucketV2("exampleBucketV2");
final var acmpcaBucketAccess = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
.statements(GetPolicyDocumentStatementArgs.builder()
.actions(
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:PutObject",
"s3:PutObjectAcl")
.resources(
exampleBucketV2.arn(),
exampleBucketV2.arn().applyValue(arn -> String.format("%s/*", arn)))
.principals(GetPolicyDocumentStatementPrincipalArgs.builder()
.identifiers("acm-pca.amazonaws.com")
.type("Service")
.build())
.build())
.build());
var exampleBucketPolicy = new BucketPolicy("exampleBucketPolicy", BucketPolicyArgs.builder()
.bucket(exampleBucketV2.id())
.policy(acmpcaBucketAccess.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(acmpcaBucketAccess -> acmpcaBucketAccess.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
.build());
var exampleCertificateAuthority = new CertificateAuthority("exampleCertificateAuthority", CertificateAuthorityArgs.builder()
.certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
.keyAlgorithm("RSA_4096")
.signingAlgorithm("SHA512WITHRSA")
.subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
.commonName("example.com")
.build())
.build())
.revocationConfiguration(CertificateAuthorityRevocationConfigurationArgs.builder()
.crlConfiguration(CertificateAuthorityRevocationConfigurationCrlConfigurationArgs.builder()
.customCname("crl.example.com")
.enabled(true)
.expirationInDays(7)
.s3BucketName(exampleBucketV2.id())
.build())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(exampleBucketPolicy)
.build());
}
}
import pulumi
import pulumi_aws as aws
example_bucket_v2 = aws.s3.BucketV2("exampleBucketV2")
acmpca_bucket_access = aws.iam.get_policy_document_output(statements=[aws.iam.GetPolicyDocumentStatementArgs(
actions=[
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:PutObject",
"s3:PutObjectAcl",
],
resources=[
example_bucket_v2.arn,
example_bucket_v2.arn.apply(lambda arn: f"{arn}/*"),
],
principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(
identifiers=["acm-pca.amazonaws.com"],
type="Service",
)],
)])
example_bucket_policy = aws.s3.BucketPolicy("exampleBucketPolicy",
bucket=example_bucket_v2.id,
policy=acmpca_bucket_access.json)
example_certificate_authority = aws.acmpca.CertificateAuthority("exampleCertificateAuthority",
certificate_authority_configuration=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs(
key_algorithm="RSA_4096",
signing_algorithm="SHA512WITHRSA",
subject=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs(
common_name="example.com",
),
),
revocation_configuration=aws.acmpca.CertificateAuthorityRevocationConfigurationArgs(
crl_configuration=aws.acmpca.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs(
custom_cname="crl.example.com",
enabled=True,
expiration_in_days=7,
s3_bucket_name=example_bucket_v2.id,
),
),
opts=pulumi.ResourceOptions(depends_on=[example_bucket_policy]))
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleBucketV2 = new aws.s3.BucketV2("exampleBucketV2", {});
const acmpcaBucketAccess = aws.iam.getPolicyDocumentOutput({
statements: [{
actions: [
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:PutObject",
"s3:PutObjectAcl",
],
resources: [
exampleBucketV2.arn,
pulumi.interpolate`${exampleBucketV2.arn}/*`,
],
principals: [{
identifiers: ["acm-pca.amazonaws.com"],
type: "Service",
}],
}],
});
const exampleBucketPolicy = new aws.s3.BucketPolicy("exampleBucketPolicy", {
bucket: exampleBucketV2.id,
policy: acmpcaBucketAccess.apply(acmpcaBucketAccess => acmpcaBucketAccess.json),
});
const exampleCertificateAuthority = new aws.acmpca.CertificateAuthority("exampleCertificateAuthority", {
certificateAuthorityConfiguration: {
keyAlgorithm: "RSA_4096",
signingAlgorithm: "SHA512WITHRSA",
subject: {
commonName: "example.com",
},
},
revocationConfiguration: {
crlConfiguration: {
customCname: "crl.example.com",
enabled: true,
expirationInDays: 7,
s3BucketName: exampleBucketV2.id,
},
},
}, {
dependsOn: [exampleBucketPolicy],
});
resources:
exampleBucketV2:
type: aws:s3:BucketV2
exampleBucketPolicy:
type: aws:s3:BucketPolicy
properties:
bucket: ${exampleBucketV2.id}
policy: ${acmpcaBucketAccess.json}
exampleCertificateAuthority:
type: aws:acmpca:CertificateAuthority
properties:
certificateAuthorityConfiguration:
keyAlgorithm: RSA_4096
signingAlgorithm: SHA512WITHRSA
subject:
commonName: example.com
revocationConfiguration:
crlConfiguration:
customCname: crl.example.com
enabled: true
expirationInDays: 7
s3BucketName: ${exampleBucketV2.id}
options:
dependson:
- ${exampleBucketPolicy}
variables:
acmpcaBucketAccess:
fn::invoke:
Function: aws:iam:getPolicyDocument
Arguments:
statements:
- actions:
- s3:GetBucketAcl
- s3:GetBucketLocation
- s3:PutObject
- s3:PutObjectAcl
resources:
- ${exampleBucketV2.arn}
- ${exampleBucketV2.arn}/*
principals:
- identifiers:
- acm-pca.amazonaws.com
type: Service
Create CertificateAuthority Resource
new CertificateAuthority(name: string, args: CertificateAuthorityArgs, opts?: CustomResourceOptions);@overload
def CertificateAuthority(resource_name: str,
opts: Optional[ResourceOptions] = None,
certificate_authority_configuration: Optional[CertificateAuthorityCertificateAuthorityConfigurationArgs] = None,
enabled: Optional[bool] = None,
permanent_deletion_time_in_days: Optional[int] = None,
revocation_configuration: Optional[CertificateAuthorityRevocationConfigurationArgs] = None,
tags: Optional[Mapping[str, str]] = None,
type: Optional[str] = None,
usage_mode: Optional[str] = None)
@overload
def CertificateAuthority(resource_name: str,
args: CertificateAuthorityArgs,
opts: Optional[ResourceOptions] = None)func NewCertificateAuthority(ctx *Context, name string, args CertificateAuthorityArgs, opts ...ResourceOption) (*CertificateAuthority, error)public CertificateAuthority(string name, CertificateAuthorityArgs args, CustomResourceOptions? opts = null)
public CertificateAuthority(String name, CertificateAuthorityArgs args)
public CertificateAuthority(String name, CertificateAuthorityArgs args, CustomResourceOptions options)
type: aws:acmpca:CertificateAuthority
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args CertificateAuthorityArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
CertificateAuthority Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The CertificateAuthority resource accepts the following input properties:
-
Pulumi.
Aws. Acmpca. Inputs. Certificate Authority Certificate Authority Configuration Args Nested argument containing algorithms and certificate subject information. Defined below.
- Enabled bool
Whether the certificate authority is enabled or disabled. Defaults to
true. Can only be disabled if the CA is in anACTIVEstate.- Permanent
Deletion intTime In Days Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
- Revocation
Configuration Pulumi.Aws. Acmpca. Inputs. Certificate Authority Revocation Configuration Args Nested argument containing revocation configuration. Defined below.
- Dictionary<string, string>
Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Type string
Type of the certificate authority. Defaults to
SUBORDINATE. Valid values:ROOTandSUBORDINATE.- Usage
Mode string Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to
GENERAL_PURPOSE. Valid values:GENERAL_PURPOSEandSHORT_LIVED_CERTIFICATE.
-
Certificate
Authority Certificate Authority Configuration Args Nested argument containing algorithms and certificate subject information. Defined below.
- Enabled bool
Whether the certificate authority is enabled or disabled. Defaults to
true. Can only be disabled if the CA is in anACTIVEstate.- Permanent
Deletion intTime In Days Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
- Revocation
Configuration CertificateAuthority Revocation Configuration Args Nested argument containing revocation configuration. Defined below.
- map[string]string
Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Type string
Type of the certificate authority. Defaults to
SUBORDINATE. Valid values:ROOTandSUBORDINATE.- Usage
Mode string Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to
GENERAL_PURPOSE. Valid values:GENERAL_PURPOSEandSHORT_LIVED_CERTIFICATE.
-
Certificate
Authority Certificate Authority Configuration Args Nested argument containing algorithms and certificate subject information. Defined below.
- enabled Boolean
Whether the certificate authority is enabled or disabled. Defaults to
true. Can only be disabled if the CA is in anACTIVEstate.- permanent
Deletion IntegerTime In Days Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
- revocation
Configuration CertificateAuthority Revocation Configuration Args Nested argument containing revocation configuration. Defined below.
- Map<String,String>
Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- type String
Type of the certificate authority. Defaults to
SUBORDINATE. Valid values:ROOTandSUBORDINATE.- usage
Mode String Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to
GENERAL_PURPOSE. Valid values:GENERAL_PURPOSEandSHORT_LIVED_CERTIFICATE.
-
Certificate
Authority Certificate Authority Configuration Args Nested argument containing algorithms and certificate subject information. Defined below.
- enabled boolean
Whether the certificate authority is enabled or disabled. Defaults to
true. Can only be disabled if the CA is in anACTIVEstate.- permanent
Deletion numberTime In Days Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
- revocation
Configuration CertificateAuthority Revocation Configuration Args Nested argument containing revocation configuration. Defined below.
- {[key: string]: string}
Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- type string
Type of the certificate authority. Defaults to
SUBORDINATE. Valid values:ROOTandSUBORDINATE.- usage
Mode string Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to
GENERAL_PURPOSE. Valid values:GENERAL_PURPOSEandSHORT_LIVED_CERTIFICATE.
-
Certificate
Authority Certificate Authority Configuration Args Nested argument containing algorithms and certificate subject information. Defined below.
- enabled bool
Whether the certificate authority is enabled or disabled. Defaults to
true. Can only be disabled if the CA is in anACTIVEstate.- permanent_
deletion_ inttime_ in_ days Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
- revocation_
configuration CertificateAuthority Revocation Configuration Args Nested argument containing revocation configuration. Defined below.
- Mapping[str, str]
Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- type str
Type of the certificate authority. Defaults to
SUBORDINATE. Valid values:ROOTandSUBORDINATE.- usage_
mode str Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to
GENERAL_PURPOSE. Valid values:GENERAL_PURPOSEandSHORT_LIVED_CERTIFICATE.
- Property Map
Nested argument containing algorithms and certificate subject information. Defined below.
- enabled Boolean
Whether the certificate authority is enabled or disabled. Defaults to
true. Can only be disabled if the CA is in anACTIVEstate.- permanent
Deletion NumberTime In Days Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
- revocation
Configuration Property Map Nested argument containing revocation configuration. Defined below.
- Map<String>
Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- type String
Type of the certificate authority. Defaults to
SUBORDINATE. Valid values:ROOTandSUBORDINATE.- usage
Mode String Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to
GENERAL_PURPOSE. Valid values:GENERAL_PURPOSEandSHORT_LIVED_CERTIFICATE.
Outputs
All input properties are implicitly available as output properties. Additionally, the CertificateAuthority resource produces the following output properties:
- Arn string
ARN of the certificate authority.
- Certificate string
Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
- Certificate
Chain string Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- Certificate
Signing stringRequest The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- Id string
The provider-assigned unique ID for this managed resource.
- Not
After string Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- Not
Before string Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- Serial string
Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- Status string
(Deprecated use the
enabledattribute instead) Status of the certificate authority.The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.
- Dictionary<string, string>
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- Arn string
ARN of the certificate authority.
- Certificate string
Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
- Certificate
Chain string Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- Certificate
Signing stringRequest The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- Id string
The provider-assigned unique ID for this managed resource.
- Not
After string Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- Not
Before string Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- Serial string
Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- Status string
(Deprecated use the
enabledattribute instead) Status of the certificate authority.The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.
- map[string]string
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn String
ARN of the certificate authority.
- certificate String
Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
- certificate
Chain String Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- certificate
Signing StringRequest The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- id String
The provider-assigned unique ID for this managed resource.
- not
After String Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- not
Before String Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- serial String
Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- status String
(Deprecated use the
enabledattribute instead) Status of the certificate authority.The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.
- Map<String,String>
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn string
ARN of the certificate authority.
- certificate string
Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
- certificate
Chain string Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- certificate
Signing stringRequest The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- id string
The provider-assigned unique ID for this managed resource.
- not
After string Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- not
Before string Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- serial string
Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- status string
(Deprecated use the
enabledattribute instead) Status of the certificate authority.The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.
- {[key: string]: string}
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn str
ARN of the certificate authority.
- certificate str
Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
- certificate_
chain str Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- certificate_
signing_ strrequest The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- id str
The provider-assigned unique ID for this managed resource.
- not_
after str Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- not_
before str Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- serial str
Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- status str
(Deprecated use the
enabledattribute instead) Status of the certificate authority.The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.
- Mapping[str, str]
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn String
ARN of the certificate authority.
- certificate String
Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
- certificate
Chain String Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- certificate
Signing StringRequest The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- id String
The provider-assigned unique ID for this managed resource.
- not
After String Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- not
Before String Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- serial String
Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- status String
(Deprecated use the
enabledattribute instead) Status of the certificate authority.The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.
- Map<String>
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
Look up Existing CertificateAuthority Resource
Get an existing CertificateAuthority resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: CertificateAuthorityState, opts?: CustomResourceOptions): CertificateAuthority@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
certificate: Optional[str] = None,
certificate_authority_configuration: Optional[CertificateAuthorityCertificateAuthorityConfigurationArgs] = None,
certificate_chain: Optional[str] = None,
certificate_signing_request: Optional[str] = None,
enabled: Optional[bool] = None,
not_after: Optional[str] = None,
not_before: Optional[str] = None,
permanent_deletion_time_in_days: Optional[int] = None,
revocation_configuration: Optional[CertificateAuthorityRevocationConfigurationArgs] = None,
serial: Optional[str] = None,
status: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
type: Optional[str] = None,
usage_mode: Optional[str] = None) -> CertificateAuthorityfunc GetCertificateAuthority(ctx *Context, name string, id IDInput, state *CertificateAuthorityState, opts ...ResourceOption) (*CertificateAuthority, error)public static CertificateAuthority Get(string name, Input<string> id, CertificateAuthorityState? state, CustomResourceOptions? opts = null)public static CertificateAuthority get(String name, Output<String> id, CertificateAuthorityState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
ARN of the certificate authority.
- Certificate string
Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
-
Pulumi.
Aws. Acmpca. Inputs. Certificate Authority Certificate Authority Configuration Args Nested argument containing algorithms and certificate subject information. Defined below.
- Certificate
Chain string Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- Certificate
Signing stringRequest The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- Enabled bool
Whether the certificate authority is enabled or disabled. Defaults to
true. Can only be disabled if the CA is in anACTIVEstate.- Not
After string Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- Not
Before string Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- Permanent
Deletion intTime In Days Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
- Revocation
Configuration Pulumi.Aws. Acmpca. Inputs. Certificate Authority Revocation Configuration Args Nested argument containing revocation configuration. Defined below.
- Serial string
Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- Status string
(Deprecated use the
enabledattribute instead) Status of the certificate authority.The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.
- Dictionary<string, string>
Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Dictionary<string, string>
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- Type string
Type of the certificate authority. Defaults to
SUBORDINATE. Valid values:ROOTandSUBORDINATE.- Usage
Mode string Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to
GENERAL_PURPOSE. Valid values:GENERAL_PURPOSEandSHORT_LIVED_CERTIFICATE.
- Arn string
ARN of the certificate authority.
- Certificate string
Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
-
Certificate
Authority Certificate Authority Configuration Args Nested argument containing algorithms and certificate subject information. Defined below.
- Certificate
Chain string Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- Certificate
Signing stringRequest The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- Enabled bool
Whether the certificate authority is enabled or disabled. Defaults to
true. Can only be disabled if the CA is in anACTIVEstate.- Not
After string Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- Not
Before string Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- Permanent
Deletion intTime In Days Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
- Revocation
Configuration CertificateAuthority Revocation Configuration Args Nested argument containing revocation configuration. Defined below.
- Serial string
Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- Status string
(Deprecated use the
enabledattribute instead) Status of the certificate authority.The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.
- map[string]string
Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- map[string]string
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- Type string
Type of the certificate authority. Defaults to
SUBORDINATE. Valid values:ROOTandSUBORDINATE.- Usage
Mode string Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to
GENERAL_PURPOSE. Valid values:GENERAL_PURPOSEandSHORT_LIVED_CERTIFICATE.
- arn String
ARN of the certificate authority.
- certificate String
Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
-
Certificate
Authority Certificate Authority Configuration Args Nested argument containing algorithms and certificate subject information. Defined below.
- certificate
Chain String Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- certificate
Signing StringRequest The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- enabled Boolean
Whether the certificate authority is enabled or disabled. Defaults to
true. Can only be disabled if the CA is in anACTIVEstate.- not
After String Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- not
Before String Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- permanent
Deletion IntegerTime In Days Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
- revocation
Configuration CertificateAuthority Revocation Configuration Args Nested argument containing revocation configuration. Defined below.
- serial String
Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- status String
(Deprecated use the
enabledattribute instead) Status of the certificate authority.The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.
- Map<String,String>
Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String,String>
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- type String
Type of the certificate authority. Defaults to
SUBORDINATE. Valid values:ROOTandSUBORDINATE.- usage
Mode String Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to
GENERAL_PURPOSE. Valid values:GENERAL_PURPOSEandSHORT_LIVED_CERTIFICATE.
- arn string
ARN of the certificate authority.
- certificate string
Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
-
Certificate
Authority Certificate Authority Configuration Args Nested argument containing algorithms and certificate subject information. Defined below.
- certificate
Chain string Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- certificate
Signing stringRequest The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- enabled boolean
Whether the certificate authority is enabled or disabled. Defaults to
true. Can only be disabled if the CA is in anACTIVEstate.- not
After string Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- not
Before string Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- permanent
Deletion numberTime In Days Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
- revocation
Configuration CertificateAuthority Revocation Configuration Args Nested argument containing revocation configuration. Defined below.
- serial string
Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- status string
(Deprecated use the
enabledattribute instead) Status of the certificate authority.The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.
- {[key: string]: string}
Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- {[key: string]: string}
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- type string
Type of the certificate authority. Defaults to
SUBORDINATE. Valid values:ROOTandSUBORDINATE.- usage
Mode string Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to
GENERAL_PURPOSE. Valid values:GENERAL_PURPOSEandSHORT_LIVED_CERTIFICATE.
- arn str
ARN of the certificate authority.
- certificate str
Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
-
Certificate
Authority Certificate Authority Configuration Args Nested argument containing algorithms and certificate subject information. Defined below.
- certificate_
chain str Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- certificate_
signing_ strrequest The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- enabled bool
Whether the certificate authority is enabled or disabled. Defaults to
true. Can only be disabled if the CA is in anACTIVEstate.- not_
after str Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- not_
before str Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- permanent_
deletion_ inttime_ in_ days Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
- revocation_
configuration CertificateAuthority Revocation Configuration Args Nested argument containing revocation configuration. Defined below.
- serial str
Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- status str
(Deprecated use the
enabledattribute instead) Status of the certificate authority.The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.
- Mapping[str, str]
Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Mapping[str, str]
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- type str
Type of the certificate authority. Defaults to
SUBORDINATE. Valid values:ROOTandSUBORDINATE.- usage_
mode str Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to
GENERAL_PURPOSE. Valid values:GENERAL_PURPOSEandSHORT_LIVED_CERTIFICATE.
- arn String
ARN of the certificate authority.
- certificate String
Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
- Property Map
Nested argument containing algorithms and certificate subject information. Defined below.
- certificate
Chain String Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
- certificate
Signing StringRequest The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
- enabled Boolean
Whether the certificate authority is enabled or disabled. Defaults to
true. Can only be disabled if the CA is in anACTIVEstate.- not
After String Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- not
Before String Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
- permanent
Deletion NumberTime In Days Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
- revocation
Configuration Property Map Nested argument containing revocation configuration. Defined below.
- serial String
Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
- status String
(Deprecated use the
enabledattribute instead) Status of the certificate authority.The reported value of the "status" attribute is often inaccurate. Use the resource's "enabled" attribute to explicitly set status.
- Map<String>
Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String>
Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.- type String
Type of the certificate authority. Defaults to
SUBORDINATE. Valid values:ROOTandSUBORDINATE.- usage
Mode String Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to
GENERAL_PURPOSE. Valid values:GENERAL_PURPOSEandSHORT_LIVED_CERTIFICATE.
Supporting Types
CertificateAuthorityCertificateAuthorityConfiguration
- Key
Algorithm string Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the ACM PCA Documentation.
- Signing
Algorithm string Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the ACM PCA Documentation.
- Subject
Pulumi.
Aws. Acmpca. Inputs. Certificate Authority Certificate Authority Configuration Subject Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.
- Key
Algorithm string Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the ACM PCA Documentation.
- Signing
Algorithm string Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the ACM PCA Documentation.
- Subject
Certificate
Authority Certificate Authority Configuration Subject Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.
- key
Algorithm String Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the ACM PCA Documentation.
- signing
Algorithm String Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the ACM PCA Documentation.
- subject
Certificate
Authority Certificate Authority Configuration Subject Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.
- key
Algorithm string Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the ACM PCA Documentation.
- signing
Algorithm string Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the ACM PCA Documentation.
- subject
Certificate
Authority Certificate Authority Configuration Subject Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.
- key_
algorithm str Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the ACM PCA Documentation.
- signing_
algorithm str Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the ACM PCA Documentation.
- subject
Certificate
Authority Certificate Authority Configuration Subject Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.
- key
Algorithm String Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the ACM PCA Documentation.
- signing
Algorithm String Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the ACM PCA Documentation.
- subject Property Map
Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.
CertificateAuthorityCertificateAuthorityConfigurationSubject
- Common
Name string Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.
- Country string
Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.
- Distinguished
Name stringQualifier Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.
- Generation
Qualifier string Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.
- Given
Name string First name. Must be less than or equal to 16 characters in length.
- Initials string
Concatenation that typically contains the first letter of the
given_name, the first letter of the middle name if one exists, and the first letter of thesurname. Must be less than or equal to 5 characters in length.- Locality string
Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.
- Organization string
Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
- Organizational
Unit string Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
- Pseudonym string
Typically a shortened version of a longer
given_name. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.- State string
State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.
- Surname string
Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.
- Title string
Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.
- Common
Name string Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.
- Country string
Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.
- Distinguished
Name stringQualifier Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.
- Generation
Qualifier string Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.
- Given
Name string First name. Must be less than or equal to 16 characters in length.
- Initials string
Concatenation that typically contains the first letter of the
given_name, the first letter of the middle name if one exists, and the first letter of thesurname. Must be less than or equal to 5 characters in length.- Locality string
Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.
- Organization string
Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
- Organizational
Unit string Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
- Pseudonym string
Typically a shortened version of a longer
given_name. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.- State string
State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.
- Surname string
Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.
- Title string
Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.
- common
Name String Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.
- country String
Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.
- distinguished
Name StringQualifier Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.
- generation
Qualifier String Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.
- given
Name String First name. Must be less than or equal to 16 characters in length.
- initials String
Concatenation that typically contains the first letter of the
given_name, the first letter of the middle name if one exists, and the first letter of thesurname. Must be less than or equal to 5 characters in length.- locality String
Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.
- organization String
Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
- organizational
Unit String Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
- pseudonym String
Typically a shortened version of a longer
given_name. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.- state String
State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.
- surname String
Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.
- title String
Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.
- common
Name string Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.
- country string
Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.
- distinguished
Name stringQualifier Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.
- generation
Qualifier string Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.
- given
Name string First name. Must be less than or equal to 16 characters in length.
- initials string
Concatenation that typically contains the first letter of the
given_name, the first letter of the middle name if one exists, and the first letter of thesurname. Must be less than or equal to 5 characters in length.- locality string
Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.
- organization string
Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
- organizational
Unit string Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
- pseudonym string
Typically a shortened version of a longer
given_name. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.- state string
State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.
- surname string
Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.
- title string
Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.
- common_
name str Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.
- country str
Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.
- distinguished_
name_ strqualifier Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.
- generation_
qualifier str Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.
- given_
name str First name. Must be less than or equal to 16 characters in length.
- initials str
Concatenation that typically contains the first letter of the
given_name, the first letter of the middle name if one exists, and the first letter of thesurname. Must be less than or equal to 5 characters in length.- locality str
Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.
- organization str
Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
- organizational_
unit str Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
- pseudonym str
Typically a shortened version of a longer
given_name. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.- state str
State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.
- surname str
Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.
- title str
Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.
- common
Name String Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.
- country String
Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.
- distinguished
Name StringQualifier Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.
- generation
Qualifier String Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.
- given
Name String First name. Must be less than or equal to 16 characters in length.
- initials String
Concatenation that typically contains the first letter of the
given_name, the first letter of the middle name if one exists, and the first letter of thesurname. Must be less than or equal to 5 characters in length.- locality String
Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.
- organization String
Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
- organizational
Unit String Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
- pseudonym String
Typically a shortened version of a longer
given_name. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.- state String
State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.
- surname String
Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.
- title String
Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.
CertificateAuthorityRevocationConfiguration
- Crl
Configuration Pulumi.Aws. Acmpca. Inputs. Certificate Authority Revocation Configuration Crl Configuration Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.
- Ocsp
Configuration Pulumi.Aws. Acmpca. Inputs. Certificate Authority Revocation Configuration Ocsp Configuration Nested argument containing configuration of the custom OCSP responder endpoint. Defined below.
- Crl
Configuration CertificateAuthority Revocation Configuration Crl Configuration Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.
- Ocsp
Configuration CertificateAuthority Revocation Configuration Ocsp Configuration Nested argument containing configuration of the custom OCSP responder endpoint. Defined below.
- crl
Configuration CertificateAuthority Revocation Configuration Crl Configuration Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.
- ocsp
Configuration CertificateAuthority Revocation Configuration Ocsp Configuration Nested argument containing configuration of the custom OCSP responder endpoint. Defined below.
- crl
Configuration CertificateAuthority Revocation Configuration Crl Configuration Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.
- ocsp
Configuration CertificateAuthority Revocation Configuration Ocsp Configuration Nested argument containing configuration of the custom OCSP responder endpoint. Defined below.
- crl_
configuration CertificateAuthority Revocation Configuration Crl Configuration Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.
- ocsp_
configuration CertificateAuthority Revocation Configuration Ocsp Configuration Nested argument containing configuration of the custom OCSP responder endpoint. Defined below.
- crl
Configuration Property Map Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.
- ocsp
Configuration Property Map Nested argument containing configuration of the custom OCSP responder endpoint. Defined below.
CertificateAuthorityRevocationConfigurationCrlConfiguration
- Custom
Cname string Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.
- Enabled bool
Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to
false.- Expiration
In intDays Number of days until a certificate expires. Must be between 1 and 5000.
- S3Bucket
Name string Name of the S3 bucket that contains the CRL. If you do not provide a value for the
custom_cnameargument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.- S3Object
Acl string Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to
PUBLIC_READ.
- Custom
Cname string Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.
- Enabled bool
Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to
false.- Expiration
In intDays Number of days until a certificate expires. Must be between 1 and 5000.
- S3Bucket
Name string Name of the S3 bucket that contains the CRL. If you do not provide a value for the
custom_cnameargument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.- S3Object
Acl string Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to
PUBLIC_READ.
- custom
Cname String Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.
- enabled Boolean
Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to
false.- expiration
In IntegerDays Number of days until a certificate expires. Must be between 1 and 5000.
- s3Bucket
Name String Name of the S3 bucket that contains the CRL. If you do not provide a value for the
custom_cnameargument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.- s3Object
Acl String Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to
PUBLIC_READ.
- custom
Cname string Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.
- enabled boolean
Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to
false.- expiration
In numberDays Number of days until a certificate expires. Must be between 1 and 5000.
- s3Bucket
Name string Name of the S3 bucket that contains the CRL. If you do not provide a value for the
custom_cnameargument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.- s3Object
Acl string Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to
PUBLIC_READ.
- custom_
cname str Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.
- enabled bool
Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to
false.- expiration_
in_ intdays Number of days until a certificate expires. Must be between 1 and 5000.
- s3_
bucket_ strname Name of the S3 bucket that contains the CRL. If you do not provide a value for the
custom_cnameargument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.- s3_
object_ stracl Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to
PUBLIC_READ.
- custom
Cname String Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.
- enabled Boolean
Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to
false.- expiration
In NumberDays Number of days until a certificate expires. Must be between 1 and 5000.
- s3Bucket
Name String Name of the S3 bucket that contains the CRL. If you do not provide a value for the
custom_cnameargument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.- s3Object
Acl String Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to
PUBLIC_READ.
CertificateAuthorityRevocationConfigurationOcspConfiguration
- Enabled bool
Boolean value that specifies whether a custom OCSP responder is enabled.
- Ocsp
Custom stringCname CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".
- Enabled bool
Boolean value that specifies whether a custom OCSP responder is enabled.
- Ocsp
Custom stringCname CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".
- enabled Boolean
Boolean value that specifies whether a custom OCSP responder is enabled.
- ocsp
Custom StringCname CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".
- enabled boolean
Boolean value that specifies whether a custom OCSP responder is enabled.
- ocsp
Custom stringCname CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".
- enabled bool
Boolean value that specifies whether a custom OCSP responder is enabled.
- ocsp_
custom_ strcname CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".
- enabled Boolean
Boolean value that specifies whether a custom OCSP responder is enabled.
- ocsp
Custom StringCname CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".
Import
aws_acmpca_certificate_authority can be imported by using the certificate authority ARN, e.g.,
$ pulumi import aws:acmpca/certificateAuthority:CertificateAuthority example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
awsTerraform Provider.