1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. acmpca
  5. Certificate

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

aws-native.acmpca.Certificate

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

    The AWS::ACMPCA::Certificate resource is used to issue a certificate using your private certificate authority. For more information, see the IssueCertificate action.

    Create Certificate Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Certificate(name: string, args: CertificateArgs, opts?: CustomResourceOptions);
    @overload
    def Certificate(resource_name: str,
                    args: CertificateArgs,
                    opts: Optional[ResourceOptions] = None)
    
    @overload
    def Certificate(resource_name: str,
                    opts: Optional[ResourceOptions] = None,
                    certificate_authority_arn: Optional[str] = None,
                    certificate_signing_request: Optional[str] = None,
                    signing_algorithm: Optional[str] = None,
                    validity: Optional[CertificateValidityArgs] = None,
                    api_passthrough: Optional[CertificateApiPassthroughArgs] = None,
                    template_arn: Optional[str] = None,
                    validity_not_before: Optional[CertificateValidityArgs] = None)
    func NewCertificate(ctx *Context, name string, args CertificateArgs, opts ...ResourceOption) (*Certificate, error)
    public Certificate(string name, CertificateArgs args, CustomResourceOptions? opts = null)
    public Certificate(String name, CertificateArgs args)
    public Certificate(String name, CertificateArgs args, CustomResourceOptions options)
    
    type: aws-native:acmpca:Certificate
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertificateArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Certificate Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Certificate resource accepts the following input properties:

    CertificateAuthorityArn string
    The Amazon Resource Name (ARN) for the private CA issues the certificate.
    CertificateSigningRequest string
    The certificate signing request (CSR) for the certificate.
    SigningAlgorithm string
    The name of the algorithm that will be used to sign the certificate to be issued. This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
    Validity Pulumi.AwsNative.Acmpca.Inputs.CertificateValidity
    The period of time during which the certificate will be valid.
    ApiPassthrough Pulumi.AwsNative.Acmpca.Inputs.CertificateApiPassthrough
    Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
    TemplateArn string
    Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the EndEntityCertificate/V1 template. For more information about PCAshort templates, see Using Templates.
    ValidityNotBefore Pulumi.AwsNative.Acmpca.Inputs.CertificateValidity
    Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate. By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the "Not Before" value. Unlike the Validity parameter, the ValidityNotBefore parameter is optional. The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE.
    CertificateAuthorityArn string
    The Amazon Resource Name (ARN) for the private CA issues the certificate.
    CertificateSigningRequest string
    The certificate signing request (CSR) for the certificate.
    SigningAlgorithm string
    The name of the algorithm that will be used to sign the certificate to be issued. This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
    Validity CertificateValidityArgs
    The period of time during which the certificate will be valid.
    ApiPassthrough CertificateApiPassthroughArgs
    Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
    TemplateArn string
    Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the EndEntityCertificate/V1 template. For more information about PCAshort templates, see Using Templates.
    ValidityNotBefore CertificateValidityArgs
    Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate. By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the "Not Before" value. Unlike the Validity parameter, the ValidityNotBefore parameter is optional. The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE.
    certificateAuthorityArn String
    The Amazon Resource Name (ARN) for the private CA issues the certificate.
    certificateSigningRequest String
    The certificate signing request (CSR) for the certificate.
    signingAlgorithm String
    The name of the algorithm that will be used to sign the certificate to be issued. This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
    validity CertificateValidity
    The period of time during which the certificate will be valid.
    apiPassthrough CertificateApiPassthrough
    Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
    templateArn String
    Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the EndEntityCertificate/V1 template. For more information about PCAshort templates, see Using Templates.
    validityNotBefore CertificateValidity
    Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate. By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the "Not Before" value. Unlike the Validity parameter, the ValidityNotBefore parameter is optional. The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE.
    certificateAuthorityArn string
    The Amazon Resource Name (ARN) for the private CA issues the certificate.
    certificateSigningRequest string
    The certificate signing request (CSR) for the certificate.
    signingAlgorithm string
    The name of the algorithm that will be used to sign the certificate to be issued. This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
    validity CertificateValidity
    The period of time during which the certificate will be valid.
    apiPassthrough CertificateApiPassthrough
    Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
    templateArn string
    Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the EndEntityCertificate/V1 template. For more information about PCAshort templates, see Using Templates.
    validityNotBefore CertificateValidity
    Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate. By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the "Not Before" value. Unlike the Validity parameter, the ValidityNotBefore parameter is optional. The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE.
    certificate_authority_arn str
    The Amazon Resource Name (ARN) for the private CA issues the certificate.
    certificate_signing_request str
    The certificate signing request (CSR) for the certificate.
    signing_algorithm str
    The name of the algorithm that will be used to sign the certificate to be issued. This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
    validity CertificateValidityArgs
    The period of time during which the certificate will be valid.
    api_passthrough CertificateApiPassthroughArgs
    Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
    template_arn str
    Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the EndEntityCertificate/V1 template. For more information about PCAshort templates, see Using Templates.
    validity_not_before CertificateValidityArgs
    Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate. By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the "Not Before" value. Unlike the Validity parameter, the ValidityNotBefore parameter is optional. The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE.
    certificateAuthorityArn String
    The Amazon Resource Name (ARN) for the private CA issues the certificate.
    certificateSigningRequest String
    The certificate signing request (CSR) for the certificate.
    signingAlgorithm String
    The name of the algorithm that will be used to sign the certificate to be issued. This parameter should not be confused with the SigningAlgorithm parameter used to sign a CSR in the CreateCertificateAuthority action. The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
    validity Property Map
    The period of time during which the certificate will be valid.
    apiPassthrough Property Map
    Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough or APICSRPassthrough template variant must be selected, or else this parameter is ignored.
    templateArn String
    Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, PCAshort defaults to the EndEntityCertificate/V1 template. For more information about PCAshort templates, see Using Templates.
    validityNotBefore Property Map
    Information describing the start of the validity period of the certificate. This parameter sets the "Not Before" date for the certificate. By default, when issuing a certificate, PCAshort sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The ValidityNotBefore parameter can be used to customize the "Not Before" value. Unlike the Validity parameter, the ValidityNotBefore parameter is optional. The ValidityNotBefore value is expressed as an explicit date and time, using the Validity type value ABSOLUTE.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Certificate resource produces the following output properties:

    Arn string
    The Amazon Resource Name (ARN) of the issued certificate.
    CertificateValue string
    The issued Base64 PEM-encoded certificate.
    Id string
    The provider-assigned unique ID for this managed resource.
    Arn string
    The Amazon Resource Name (ARN) of the issued certificate.
    Certificate string
    The issued Base64 PEM-encoded certificate.
    Id string
    The provider-assigned unique ID for this managed resource.
    arn String
    The Amazon Resource Name (ARN) of the issued certificate.
    certificate String
    The issued Base64 PEM-encoded certificate.
    id String
    The provider-assigned unique ID for this managed resource.
    arn string
    The Amazon Resource Name (ARN) of the issued certificate.
    certificate string
    The issued Base64 PEM-encoded certificate.
    id string
    The provider-assigned unique ID for this managed resource.
    arn str
    The Amazon Resource Name (ARN) of the issued certificate.
    certificate str
    The issued Base64 PEM-encoded certificate.
    id str
    The provider-assigned unique ID for this managed resource.
    arn String
    The Amazon Resource Name (ARN) of the issued certificate.
    certificate String
    The issued Base64 PEM-encoded certificate.
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    CertificateApiPassthrough, CertificateApiPassthroughArgs

    Extensions Pulumi.AwsNative.Acmpca.Inputs.CertificateExtensions
    Specifies X.509 extension information for a certificate.
    Subject Pulumi.AwsNative.Acmpca.Inputs.CertificateSubject
    Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
    Extensions CertificateExtensions
    Specifies X.509 extension information for a certificate.
    Subject CertificateSubject
    Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
    extensions CertificateExtensions
    Specifies X.509 extension information for a certificate.
    subject CertificateSubject
    Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
    extensions CertificateExtensions
    Specifies X.509 extension information for a certificate.
    subject CertificateSubject
    Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
    extensions CertificateExtensions
    Specifies X.509 extension information for a certificate.
    subject CertificateSubject
    Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
    extensions Property Map
    Specifies X.509 extension information for a certificate.
    subject Property Map
    Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.

    CertificateCustomAttribute, CertificateCustomAttributeArgs

    ObjectIdentifier string
    Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
    Value string
    Specifies the attribute value of relative distinguished name (RDN).
    ObjectIdentifier string
    Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
    Value string
    Specifies the attribute value of relative distinguished name (RDN).
    objectIdentifier String
    Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
    value String
    Specifies the attribute value of relative distinguished name (RDN).
    objectIdentifier string
    Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
    value string
    Specifies the attribute value of relative distinguished name (RDN).
    object_identifier str
    Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
    value str
    Specifies the attribute value of relative distinguished name (RDN).
    objectIdentifier String
    Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
    value String
    Specifies the attribute value of relative distinguished name (RDN).

    CertificateCustomExtension, CertificateCustomExtensionArgs

    ObjectIdentifier string
    Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
    Value string
    Specifies the base64-encoded value of the X.509 extension.
    Critical bool
    Specifies the critical flag of the X.509 extension.
    ObjectIdentifier string
    Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
    Value string
    Specifies the base64-encoded value of the X.509 extension.
    Critical bool
    Specifies the critical flag of the X.509 extension.
    objectIdentifier String
    Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
    value String
    Specifies the base64-encoded value of the X.509 extension.
    critical Boolean
    Specifies the critical flag of the X.509 extension.
    objectIdentifier string
    Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
    value string
    Specifies the base64-encoded value of the X.509 extension.
    critical boolean
    Specifies the critical flag of the X.509 extension.
    object_identifier str
    Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
    value str
    Specifies the base64-encoded value of the X.509 extension.
    critical bool
    Specifies the critical flag of the X.509 extension.
    objectIdentifier String
    Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
    value String
    Specifies the base64-encoded value of the X.509 extension.
    critical Boolean
    Specifies the critical flag of the X.509 extension.

    CertificateEdiPartyName, CertificateEdiPartyNameArgs

    NameAssigner string
    Specifies the name assigner.
    PartyName string
    Specifies the party name.
    NameAssigner string
    Specifies the name assigner.
    PartyName string
    Specifies the party name.
    nameAssigner String
    Specifies the name assigner.
    partyName String
    Specifies the party name.
    nameAssigner string
    Specifies the name assigner.
    partyName string
    Specifies the party name.
    name_assigner str
    Specifies the name assigner.
    party_name str
    Specifies the party name.
    nameAssigner String
    Specifies the name assigner.
    partyName String
    Specifies the party name.

    CertificateExtendedKeyUsage, CertificateExtendedKeyUsageArgs

    ExtendedKeyUsageObjectIdentifier string
    Specifies a custom ExtendedKeyUsage with an object identifier (OID).
    ExtendedKeyUsageType string
    Specifies a standard ExtendedKeyUsage as defined as in RFC 5280.
    ExtendedKeyUsageObjectIdentifier string
    Specifies a custom ExtendedKeyUsage with an object identifier (OID).
    ExtendedKeyUsageType string
    Specifies a standard ExtendedKeyUsage as defined as in RFC 5280.
    extendedKeyUsageObjectIdentifier String
    Specifies a custom ExtendedKeyUsage with an object identifier (OID).
    extendedKeyUsageType String
    Specifies a standard ExtendedKeyUsage as defined as in RFC 5280.
    extendedKeyUsageObjectIdentifier string
    Specifies a custom ExtendedKeyUsage with an object identifier (OID).
    extendedKeyUsageType string
    Specifies a standard ExtendedKeyUsage as defined as in RFC 5280.
    extended_key_usage_object_identifier str
    Specifies a custom ExtendedKeyUsage with an object identifier (OID).
    extended_key_usage_type str
    Specifies a standard ExtendedKeyUsage as defined as in RFC 5280.
    extendedKeyUsageObjectIdentifier String
    Specifies a custom ExtendedKeyUsage with an object identifier (OID).
    extendedKeyUsageType String
    Specifies a standard ExtendedKeyUsage as defined as in RFC 5280.

    CertificateExtensions, CertificateExtensionsArgs

    CertificatePolicies List<Pulumi.AwsNative.Acmpca.Inputs.CertificatePolicyInformation>
    Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
    CustomExtensions List<Pulumi.AwsNative.Acmpca.Inputs.CertificateCustomExtension>
    Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
    ExtendedKeyUsage List<Pulumi.AwsNative.Acmpca.Inputs.CertificateExtendedKeyUsage>
    Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
    KeyUsage Pulumi.AwsNative.Acmpca.Inputs.CertificateKeyUsage
    Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
    SubjectAlternativeNames List<Pulumi.AwsNative.Acmpca.Inputs.CertificateGeneralName>
    The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
    CertificatePolicies []CertificatePolicyInformation
    Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
    CustomExtensions []CertificateCustomExtension
    Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
    ExtendedKeyUsage []CertificateExtendedKeyUsage
    Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
    KeyUsage CertificateKeyUsage
    Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
    SubjectAlternativeNames []CertificateGeneralName
    The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
    certificatePolicies List<CertificatePolicyInformation>
    Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
    customExtensions List<CertificateCustomExtension>
    Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
    extendedKeyUsage List<CertificateExtendedKeyUsage>
    Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
    keyUsage CertificateKeyUsage
    Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
    subjectAlternativeNames List<CertificateGeneralName>
    The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
    certificatePolicies CertificatePolicyInformation[]
    Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
    customExtensions CertificateCustomExtension[]
    Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
    extendedKeyUsage CertificateExtendedKeyUsage[]
    Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
    keyUsage CertificateKeyUsage
    Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
    subjectAlternativeNames CertificateGeneralName[]
    The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
    certificate_policies Sequence[CertificatePolicyInformation]
    Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
    custom_extensions Sequence[CertificateCustomExtension]
    Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
    extended_key_usage Sequence[CertificateExtendedKeyUsage]
    Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
    key_usage CertificateKeyUsage
    Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
    subject_alternative_names Sequence[CertificateGeneralName]
    The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
    certificatePolicies List<Property Map>
    Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID). In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
    customExtensions List<Property Map>
    Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
    extendedKeyUsage List<Property Map>
    Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the KeyUsage extension.
    keyUsage Property Map
    Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.
    subjectAlternativeNames List<Property Map>
    The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.

    CertificateGeneralName, CertificateGeneralNameArgs

    DirectoryName Pulumi.AwsNative.Acmpca.Inputs.CertificateSubject
    Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
    DnsName string
    Represents GeneralName as a DNS name.
    EdiPartyName Pulumi.AwsNative.Acmpca.Inputs.CertificateEdiPartyName
    Represents GeneralName as an EdiPartyName object.
    IpAddress string
    Represents GeneralName as an IPv4 or IPv6 address.
    OtherName Pulumi.AwsNative.Acmpca.Inputs.CertificateOtherName
    Represents GeneralName using an OtherName object.
    RegisteredId string
    Represents GeneralName as an object identifier (OID).
    Rfc822Name string
    Represents GeneralName as an RFC 822 email address.
    UniformResourceIdentifier string
    Represents GeneralName as a URI.
    DirectoryName CertificateSubject
    Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
    DnsName string
    Represents GeneralName as a DNS name.
    EdiPartyName CertificateEdiPartyName
    Represents GeneralName as an EdiPartyName object.
    IpAddress string
    Represents GeneralName as an IPv4 or IPv6 address.
    OtherName CertificateOtherName
    Represents GeneralName using an OtherName object.
    RegisteredId string
    Represents GeneralName as an object identifier (OID).
    Rfc822Name string
    Represents GeneralName as an RFC 822 email address.
    UniformResourceIdentifier string
    Represents GeneralName as a URI.
    directoryName CertificateSubject
    Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
    dnsName String
    Represents GeneralName as a DNS name.
    ediPartyName CertificateEdiPartyName
    Represents GeneralName as an EdiPartyName object.
    ipAddress String
    Represents GeneralName as an IPv4 or IPv6 address.
    otherName CertificateOtherName
    Represents GeneralName using an OtherName object.
    registeredId String
    Represents GeneralName as an object identifier (OID).
    rfc822Name String
    Represents GeneralName as an RFC 822 email address.
    uniformResourceIdentifier String
    Represents GeneralName as a URI.
    directoryName CertificateSubject
    Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
    dnsName string
    Represents GeneralName as a DNS name.
    ediPartyName CertificateEdiPartyName
    Represents GeneralName as an EdiPartyName object.
    ipAddress string
    Represents GeneralName as an IPv4 or IPv6 address.
    otherName CertificateOtherName
    Represents GeneralName using an OtherName object.
    registeredId string
    Represents GeneralName as an object identifier (OID).
    rfc822Name string
    Represents GeneralName as an RFC 822 email address.
    uniformResourceIdentifier string
    Represents GeneralName as a URI.
    directory_name CertificateSubject
    Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
    dns_name str
    Represents GeneralName as a DNS name.
    edi_party_name CertificateEdiPartyName
    Represents GeneralName as an EdiPartyName object.
    ip_address str
    Represents GeneralName as an IPv4 or IPv6 address.
    other_name CertificateOtherName
    Represents GeneralName using an OtherName object.
    registered_id str
    Represents GeneralName as an object identifier (OID).
    rfc822_name str
    Represents GeneralName as an RFC 822 email address.
    uniform_resource_identifier str
    Represents GeneralName as a URI.
    directoryName Property Map
    Contains information about the certificate subject. The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
    dnsName String
    Represents GeneralName as a DNS name.
    ediPartyName Property Map
    Represents GeneralName as an EdiPartyName object.
    ipAddress String
    Represents GeneralName as an IPv4 or IPv6 address.
    otherName Property Map
    Represents GeneralName using an OtherName object.
    registeredId String
    Represents GeneralName as an object identifier (OID).
    rfc822Name String
    Represents GeneralName as an RFC 822 email address.
    uniformResourceIdentifier String
    Represents GeneralName as a URI.

    CertificateKeyUsage, CertificateKeyUsageArgs

    CrlSign bool
    Key can be used to sign CRLs.
    DataEncipherment bool
    Key can be used to decipher data.
    DecipherOnly bool
    Key can be used only to decipher data.
    DigitalSignature bool
    Key can be used for digital signing.
    EncipherOnly bool
    Key can be used only to encipher data.
    KeyAgreement bool
    Key can be used in a key-agreement protocol.
    KeyCertSign bool
    Key can be used to sign certificates.
    KeyEncipherment bool
    Key can be used to encipher data.
    NonRepudiation bool
    Key can be used for non-repudiation.
    CrlSign bool
    Key can be used to sign CRLs.
    DataEncipherment bool
    Key can be used to decipher data.
    DecipherOnly bool
    Key can be used only to decipher data.
    DigitalSignature bool
    Key can be used for digital signing.
    EncipherOnly bool
    Key can be used only to encipher data.
    KeyAgreement bool
    Key can be used in a key-agreement protocol.
    KeyCertSign bool
    Key can be used to sign certificates.
    KeyEncipherment bool
    Key can be used to encipher data.
    NonRepudiation bool
    Key can be used for non-repudiation.
    crlSign Boolean
    Key can be used to sign CRLs.
    dataEncipherment Boolean
    Key can be used to decipher data.
    decipherOnly Boolean
    Key can be used only to decipher data.
    digitalSignature Boolean
    Key can be used for digital signing.
    encipherOnly Boolean
    Key can be used only to encipher data.
    keyAgreement Boolean
    Key can be used in a key-agreement protocol.
    keyCertSign Boolean
    Key can be used to sign certificates.
    keyEncipherment Boolean
    Key can be used to encipher data.
    nonRepudiation Boolean
    Key can be used for non-repudiation.
    crlSign boolean
    Key can be used to sign CRLs.
    dataEncipherment boolean
    Key can be used to decipher data.
    decipherOnly boolean
    Key can be used only to decipher data.
    digitalSignature boolean
    Key can be used for digital signing.
    encipherOnly boolean
    Key can be used only to encipher data.
    keyAgreement boolean
    Key can be used in a key-agreement protocol.
    keyCertSign boolean
    Key can be used to sign certificates.
    keyEncipherment boolean
    Key can be used to encipher data.
    nonRepudiation boolean
    Key can be used for non-repudiation.
    crl_sign bool
    Key can be used to sign CRLs.
    data_encipherment bool
    Key can be used to decipher data.
    decipher_only bool
    Key can be used only to decipher data.
    digital_signature bool
    Key can be used for digital signing.
    encipher_only bool
    Key can be used only to encipher data.
    key_agreement bool
    Key can be used in a key-agreement protocol.
    key_cert_sign bool
    Key can be used to sign certificates.
    key_encipherment bool
    Key can be used to encipher data.
    non_repudiation bool
    Key can be used for non-repudiation.
    crlSign Boolean
    Key can be used to sign CRLs.
    dataEncipherment Boolean
    Key can be used to decipher data.
    decipherOnly Boolean
    Key can be used only to decipher data.
    digitalSignature Boolean
    Key can be used for digital signing.
    encipherOnly Boolean
    Key can be used only to encipher data.
    keyAgreement Boolean
    Key can be used in a key-agreement protocol.
    keyCertSign Boolean
    Key can be used to sign certificates.
    keyEncipherment Boolean
    Key can be used to encipher data.
    nonRepudiation Boolean
    Key can be used for non-repudiation.

    CertificateOtherName, CertificateOtherNameArgs

    TypeId string
    Specifies an OID.
    Value string
    Specifies an OID value.
    TypeId string
    Specifies an OID.
    Value string
    Specifies an OID value.
    typeId String
    Specifies an OID.
    value String
    Specifies an OID value.
    typeId string
    Specifies an OID.
    value string
    Specifies an OID value.
    type_id str
    Specifies an OID.
    value str
    Specifies an OID value.
    typeId String
    Specifies an OID.
    value String
    Specifies an OID value.

    CertificatePolicyInformation, CertificatePolicyInformationArgs

    CertPolicyId string
    Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
    PolicyQualifiers List<Pulumi.AwsNative.Acmpca.Inputs.CertificatePolicyQualifierInfo>
    Modifies the given CertPolicyId with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
    CertPolicyId string
    Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
    PolicyQualifiers []CertificatePolicyQualifierInfo
    Modifies the given CertPolicyId with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
    certPolicyId String
    Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
    policyQualifiers List<CertificatePolicyQualifierInfo>
    Modifies the given CertPolicyId with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
    certPolicyId string
    Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
    policyQualifiers CertificatePolicyQualifierInfo[]
    Modifies the given CertPolicyId with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
    cert_policy_id str
    Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
    policy_qualifiers Sequence[CertificatePolicyQualifierInfo]
    Modifies the given CertPolicyId with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.
    certPolicyId String
    Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
    policyQualifiers List<Property Map>
    Modifies the given CertPolicyId with a qualifier. AWS Private CA supports the certification practice statement (CPS) qualifier.

    CertificatePolicyQualifierInfo, CertificatePolicyQualifierInfoArgs

    PolicyQualifierId string
    Identifies the qualifier modifying a CertPolicyId.
    Qualifier Pulumi.AwsNative.Acmpca.Inputs.CertificateQualifier
    Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.
    PolicyQualifierId string
    Identifies the qualifier modifying a CertPolicyId.
    Qualifier CertificateQualifier
    Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.
    policyQualifierId String
    Identifies the qualifier modifying a CertPolicyId.
    qualifier CertificateQualifier
    Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.
    policyQualifierId string
    Identifies the qualifier modifying a CertPolicyId.
    qualifier CertificateQualifier
    Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.
    policy_qualifier_id str
    Identifies the qualifier modifying a CertPolicyId.
    qualifier CertificateQualifier
    Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.
    policyQualifierId String
    Identifies the qualifier modifying a CertPolicyId.
    qualifier Property Map
    Defines the qualifier type. AWS Private CA supports the use of a URI for a CPS qualifier in this field.

    CertificateQualifier, CertificateQualifierArgs

    CpsUri string
    Contains a pointer to a certification practice statement (CPS) published by the CA.
    CpsUri string
    Contains a pointer to a certification practice statement (CPS) published by the CA.
    cpsUri String
    Contains a pointer to a certification practice statement (CPS) published by the CA.
    cpsUri string
    Contains a pointer to a certification practice statement (CPS) published by the CA.
    cps_uri str
    Contains a pointer to a certification practice statement (CPS) published by the CA.
    cpsUri String
    Contains a pointer to a certification practice statement (CPS) published by the CA.

    CertificateSubject, CertificateSubjectArgs

    CommonName string
    For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
    Country string
    Two-digit code that specifies the country in which the certificate subject located.
    CustomAttributes List<Pulumi.AwsNative.Acmpca.Inputs.CertificateCustomAttribute>
    Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
    DistinguishedNameQualifier string
    Disambiguating information for the certificate subject.
    GenerationQualifier string
    Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
    GivenName string
    First name.
    Initials string
    Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
    Locality string
    The locality (such as a city or town) in which the certificate subject is located.
    Organization string
    Legal name of the organization with which the certificate subject is affiliated.
    OrganizationalUnit string
    A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
    Pseudonym string
    Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
    SerialNumber string
    The certificate serial number.
    State string
    State in which the subject of the certificate is located.
    Surname string
    Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
    Title string
    A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
    CommonName string
    For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
    Country string
    Two-digit code that specifies the country in which the certificate subject located.
    CustomAttributes []CertificateCustomAttribute
    Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
    DistinguishedNameQualifier string
    Disambiguating information for the certificate subject.
    GenerationQualifier string
    Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
    GivenName string
    First name.
    Initials string
    Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
    Locality string
    The locality (such as a city or town) in which the certificate subject is located.
    Organization string
    Legal name of the organization with which the certificate subject is affiliated.
    OrganizationalUnit string
    A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
    Pseudonym string
    Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
    SerialNumber string
    The certificate serial number.
    State string
    State in which the subject of the certificate is located.
    Surname string
    Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
    Title string
    A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
    commonName String
    For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
    country String
    Two-digit code that specifies the country in which the certificate subject located.
    customAttributes List<CertificateCustomAttribute>
    Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
    distinguishedNameQualifier String
    Disambiguating information for the certificate subject.
    generationQualifier String
    Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
    givenName String
    First name.
    initials String
    Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
    locality String
    The locality (such as a city or town) in which the certificate subject is located.
    organization String
    Legal name of the organization with which the certificate subject is affiliated.
    organizationalUnit String
    A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
    pseudonym String
    Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
    serialNumber String
    The certificate serial number.
    state String
    State in which the subject of the certificate is located.
    surname String
    Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
    title String
    A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
    commonName string
    For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
    country string
    Two-digit code that specifies the country in which the certificate subject located.
    customAttributes CertificateCustomAttribute[]
    Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
    distinguishedNameQualifier string
    Disambiguating information for the certificate subject.
    generationQualifier string
    Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
    givenName string
    First name.
    initials string
    Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
    locality string
    The locality (such as a city or town) in which the certificate subject is located.
    organization string
    Legal name of the organization with which the certificate subject is affiliated.
    organizationalUnit string
    A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
    pseudonym string
    Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
    serialNumber string
    The certificate serial number.
    state string
    State in which the subject of the certificate is located.
    surname string
    Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
    title string
    A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
    common_name str
    For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
    country str
    Two-digit code that specifies the country in which the certificate subject located.
    custom_attributes Sequence[CertificateCustomAttribute]
    Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
    distinguished_name_qualifier str
    Disambiguating information for the certificate subject.
    generation_qualifier str
    Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
    given_name str
    First name.
    initials str
    Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
    locality str
    The locality (such as a city or town) in which the certificate subject is located.
    organization str
    Legal name of the organization with which the certificate subject is affiliated.
    organizational_unit str
    A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
    pseudonym str
    Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
    serial_number str
    The certificate serial number.
    state str
    State in which the subject of the certificate is located.
    surname str
    Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
    title str
    A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
    commonName String
    For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
    country String
    Two-digit code that specifies the country in which the certificate subject located.
    customAttributes List<Property Map>
    Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID). Custom attributes cannot be used in combination with standard attributes.
    distinguishedNameQualifier String
    Disambiguating information for the certificate subject.
    generationQualifier String
    Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
    givenName String
    First name.
    initials String
    Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
    locality String
    The locality (such as a city or town) in which the certificate subject is located.
    organization String
    Legal name of the organization with which the certificate subject is affiliated.
    organizationalUnit String
    A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
    pseudonym String
    Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
    serialNumber String
    The certificate serial number.
    state String
    State in which the subject of the certificate is located.
    surname String
    Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
    title String
    A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.

    CertificateValidity, CertificateValidityArgs

    Type string
    Specifies whether the Value parameter represents days, months, or years.
    Value double
    A long integer interpreted according to the value of Type, below.
    Type string
    Specifies whether the Value parameter represents days, months, or years.
    Value float64
    A long integer interpreted according to the value of Type, below.
    type String
    Specifies whether the Value parameter represents days, months, or years.
    value Double
    A long integer interpreted according to the value of Type, below.
    type string
    Specifies whether the Value parameter represents days, months, or years.
    value number
    A long integer interpreted according to the value of Type, below.
    type str
    Specifies whether the Value parameter represents days, months, or years.
    value float
    A long integer interpreted according to the value of Type, below.
    type String
    Specifies whether the Value parameter represents days, months, or years.
    value Number
    A long integer interpreted according to the value of Type, below.

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi