1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. acmpca
  5. CertificateAuthority

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

aws-native.acmpca.CertificateAuthority

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

    Private certificate authority.

    Example Usage

    Example

    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AwsNative = Pulumi.AwsNative;
    
    return await Deployment.RunAsync(() => 
    {
        var rootCA = new AwsNative.Acmpca.CertificateAuthority("rootCA", new()
        {
            Type = "ROOT",
            KeyAlgorithm = "RSA_2048",
            SigningAlgorithm = "SHA256WITHRSA",
            Subject = new AwsNative.Acmpca.Inputs.CertificateAuthoritySubjectArgs
            {
                Country = "US",
                Organization = "string",
                OrganizationalUnit = "string",
                DistinguishedNameQualifier = "string",
                State = "string",
                CommonName = "123",
                SerialNumber = "string",
                Locality = "string",
                Title = "string",
                Surname = "string",
                GivenName = "string",
                Initials = "DG",
                Pseudonym = "string",
                GenerationQualifier = "DBG",
            },
            RevocationConfiguration = new AwsNative.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationArgs
            {
                CrlConfiguration = new AwsNative.Acmpca.Inputs.CertificateAuthorityCrlConfigurationArgs
                {
                    Enabled = false,
                },
            },
        });
    
        var rootCACertificate = new AwsNative.Acmpca.Certificate("rootCACertificate", new()
        {
            CertificateAuthorityArn = rootCA.Id,
            CertificateSigningRequest = rootCA.CertificateSigningRequest,
            SigningAlgorithm = "SHA256WITHRSA",
            TemplateArn = "arn:aws:acm-pca:::template/RootCACertificate/V1",
            Validity = new AwsNative.Acmpca.Inputs.CertificateValidityArgs
            {
                Type = "DAYS",
                Value = 100,
            },
        });
    
        var rootCAActivation = new AwsNative.Acmpca.CertificateAuthorityActivation("rootCAActivation", new()
        {
            CertificateAuthorityArn = rootCA.Id,
            Certificate = rootCACertificate.Certificate,
            Status = "ACTIVE",
        });
    
        var rootCAPermission = new AwsNative.Acmpca.Permission("rootCAPermission", new()
        {
            Actions = new[]
            {
                "IssueCertificate",
                "GetCertificate",
                "ListPermissions",
            },
            CertificateAuthorityArn = rootCA.Id,
            Principal = "acm.amazonaws.com",
        });
    
        var subordinateCAOne = new AwsNative.Acmpca.CertificateAuthority("subordinateCAOne", new()
        {
            Type = "SUBORDINATE",
            KeyAlgorithm = "RSA_2048",
            SigningAlgorithm = "SHA256WITHRSA",
            Subject = new AwsNative.Acmpca.Inputs.CertificateAuthoritySubjectArgs
            {
                Country = "US",
                Organization = "string",
                OrganizationalUnit = "string",
                DistinguishedNameQualifier = "string",
                State = "string",
                CommonName = "Sub1",
                SerialNumber = "string",
                Locality = "string",
                Title = "string",
                Surname = "string",
                GivenName = "string",
                Initials = "DG",
                Pseudonym = "string",
                GenerationQualifier = "DBG",
            },
            RevocationConfiguration = null,
            Tags = new[] {},
        });
    
        var subordinateCAOneCACertificate = new AwsNative.Acmpca.Certificate("subordinateCAOneCACertificate", new()
        {
            CertificateAuthorityArn = rootCA.Id,
            CertificateSigningRequest = subordinateCAOne.CertificateSigningRequest,
            SigningAlgorithm = "SHA256WITHRSA",
            TemplateArn = "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1",
            Validity = new AwsNative.Acmpca.Inputs.CertificateValidityArgs
            {
                Type = "DAYS",
                Value = 90,
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                rootCAActivation,
            },
        });
    
        var subordinateCAOneActivation = new AwsNative.Acmpca.CertificateAuthorityActivation("subordinateCAOneActivation", new()
        {
            CertificateAuthorityArn = subordinateCAOne.Id,
            Certificate = subordinateCAOneCACertificate.Certificate,
            CertificateChain = rootCAActivation.CompleteCertificateChain,
            Status = "ACTIVE",
        });
    
        var subordinateCAOnePermission = new AwsNative.Acmpca.Permission("subordinateCAOnePermission", new()
        {
            Actions = new[]
            {
                "IssueCertificate",
                "GetCertificate",
                "ListPermissions",
            },
            CertificateAuthorityArn = subordinateCAOne.Id,
            Principal = "acm.amazonaws.com",
        });
    
        var subordinateCATwo = new AwsNative.Acmpca.CertificateAuthority("subordinateCATwo", new()
        {
            Type = "SUBORDINATE",
            KeyAlgorithm = "RSA_2048",
            SigningAlgorithm = "SHA256WITHRSA",
            Subject = new AwsNative.Acmpca.Inputs.CertificateAuthoritySubjectArgs
            {
                Country = "US",
                Organization = "string",
                OrganizationalUnit = "string",
                DistinguishedNameQualifier = "string",
                State = "string",
                SerialNumber = "string",
                Locality = "string",
                Title = "string",
                Surname = "string",
                GivenName = "string",
                Initials = "DG",
                Pseudonym = "string",
                GenerationQualifier = "DBG",
            },
            Tags = new[]
            {
                new AwsNative.Inputs.TagArgs
                {
                    Key = "Key1",
                    Value = "Value1",
                },
                new AwsNative.Inputs.TagArgs
                {
                    Key = "Key2",
                    Value = "Value2",
                },
            },
        });
    
        var subordinateCATwoCACertificate = new AwsNative.Acmpca.Certificate("subordinateCATwoCACertificate", new()
        {
            CertificateAuthorityArn = subordinateCAOne.Id,
            CertificateSigningRequest = subordinateCATwo.CertificateSigningRequest,
            SigningAlgorithm = "SHA256WITHRSA",
            TemplateArn = "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1",
            Validity = new AwsNative.Acmpca.Inputs.CertificateValidityArgs
            {
                Type = "DAYS",
                Value = 80,
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                subordinateCAOneActivation,
            },
        });
    
        var subordinateCATwoActivation = new AwsNative.Acmpca.CertificateAuthorityActivation("subordinateCATwoActivation", new()
        {
            CertificateAuthorityArn = subordinateCATwo.Id,
            Certificate = subordinateCATwoCACertificate.Certificate,
            CertificateChain = subordinateCAOneActivation.CompleteCertificateChain,
        });
    
        var subordinateCATwoPermission = new AwsNative.Acmpca.Permission("subordinateCATwoPermission", new()
        {
            Actions = new[]
            {
                "IssueCertificate",
                "GetCertificate",
                "ListPermissions",
            },
            CertificateAuthorityArn = subordinateCATwo.Id,
            Principal = "acm.amazonaws.com",
        });
    
        var endEntityCertificate = new AwsNative.Acmpca.Certificate("endEntityCertificate", new()
        {
            CertificateAuthorityArn = subordinateCATwo.Id,
            CertificateSigningRequest = @"-----BEGIN CERTIFICATE REQUEST-----
    MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
    BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
    aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
    9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
    wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
    1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
    WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
    wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
    BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
    KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
    hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
    Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
    ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
    29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
    97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
    -----END CERTIFICATE REQUEST-----",
            SigningAlgorithm = "SHA256WITHRSA",
            Validity = new AwsNative.Acmpca.Inputs.CertificateValidityArgs
            {
                Type = "DAYS",
                Value = 70,
            },
        }, new CustomResourceOptions
        {
            DependsOn =
            {
                subordinateCATwoActivation,
            },
        });
    
        return new Dictionary<string, object?>
        {
            ["completeCertificateChain"] = subordinateCATwoActivation.CompleteCertificateChain,
            ["certificateArn"] = endEntityCertificate.Arn,
        };
    });
    
    package main
    
    import (
    	awsnative "github.com/pulumi/pulumi-aws-native/sdk/go/aws"
    	"github.com/pulumi/pulumi-aws-native/sdk/go/aws/acmpca"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		rootCA, err := acmpca.NewCertificateAuthority(ctx, "rootCA", &acmpca.CertificateAuthorityArgs{
    			Type:             pulumi.String("ROOT"),
    			KeyAlgorithm:     pulumi.String("RSA_2048"),
    			SigningAlgorithm: pulumi.String("SHA256WITHRSA"),
    			Subject: &acmpca.CertificateAuthoritySubjectArgs{
    				Country:                    pulumi.String("US"),
    				Organization:               pulumi.String("string"),
    				OrganizationalUnit:         pulumi.String("string"),
    				DistinguishedNameQualifier: pulumi.String("string"),
    				State:                      pulumi.String("string"),
    				CommonName:                 pulumi.String("123"),
    				SerialNumber:               pulumi.String("string"),
    				Locality:                   pulumi.String("string"),
    				Title:                      pulumi.String("string"),
    				Surname:                    pulumi.String("string"),
    				GivenName:                  pulumi.String("string"),
    				Initials:                   pulumi.String("DG"),
    				Pseudonym:                  pulumi.String("string"),
    				GenerationQualifier:        pulumi.String("DBG"),
    			},
    			RevocationConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationArgs{
    				CrlConfiguration: &acmpca.CertificateAuthorityCrlConfigurationArgs{
    					Enabled: pulumi.Bool(false),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		rootCACertificate, err := acmpca.NewCertificate(ctx, "rootCACertificate", &acmpca.CertificateArgs{
    			CertificateAuthorityArn:   rootCA.ID(),
    			CertificateSigningRequest: rootCA.CertificateSigningRequest,
    			SigningAlgorithm:          pulumi.String("SHA256WITHRSA"),
    			TemplateArn:               pulumi.String("arn:aws:acm-pca:::template/RootCACertificate/V1"),
    			Validity: &acmpca.CertificateValidityArgs{
    				Type:  pulumi.String("DAYS"),
    				Value: pulumi.Float64(100),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		rootCAActivation, err := acmpca.NewCertificateAuthorityActivation(ctx, "rootCAActivation", &acmpca.CertificateAuthorityActivationArgs{
    			CertificateAuthorityArn: rootCA.ID(),
    			Certificate:             rootCACertificate.Certificate,
    			Status:                  pulumi.String("ACTIVE"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = acmpca.NewPermission(ctx, "rootCAPermission", &acmpca.PermissionArgs{
    			Actions: pulumi.StringArray{
    				pulumi.String("IssueCertificate"),
    				pulumi.String("GetCertificate"),
    				pulumi.String("ListPermissions"),
    			},
    			CertificateAuthorityArn: rootCA.ID(),
    			Principal:               pulumi.String("acm.amazonaws.com"),
    		})
    		if err != nil {
    			return err
    		}
    		subordinateCAOne, err := acmpca.NewCertificateAuthority(ctx, "subordinateCAOne", &acmpca.CertificateAuthorityArgs{
    			Type:             pulumi.String("SUBORDINATE"),
    			KeyAlgorithm:     pulumi.String("RSA_2048"),
    			SigningAlgorithm: pulumi.String("SHA256WITHRSA"),
    			Subject: &acmpca.CertificateAuthoritySubjectArgs{
    				Country:                    pulumi.String("US"),
    				Organization:               pulumi.String("string"),
    				OrganizationalUnit:         pulumi.String("string"),
    				DistinguishedNameQualifier: pulumi.String("string"),
    				State:                      pulumi.String("string"),
    				CommonName:                 pulumi.String("Sub1"),
    				SerialNumber:               pulumi.String("string"),
    				Locality:                   pulumi.String("string"),
    				Title:                      pulumi.String("string"),
    				Surname:                    pulumi.String("string"),
    				GivenName:                  pulumi.String("string"),
    				Initials:                   pulumi.String("DG"),
    				Pseudonym:                  pulumi.String("string"),
    				GenerationQualifier:        pulumi.String("DBG"),
    			},
    			RevocationConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationArgs{},
    			Tags:                    aws.TagArray{},
    		})
    		if err != nil {
    			return err
    		}
    		subordinateCAOneCACertificate, err := acmpca.NewCertificate(ctx, "subordinateCAOneCACertificate", &acmpca.CertificateArgs{
    			CertificateAuthorityArn:   rootCA.ID(),
    			CertificateSigningRequest: subordinateCAOne.CertificateSigningRequest,
    			SigningAlgorithm:          pulumi.String("SHA256WITHRSA"),
    			TemplateArn:               pulumi.String("arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1"),
    			Validity: &acmpca.CertificateValidityArgs{
    				Type:  pulumi.String("DAYS"),
    				Value: pulumi.Float64(90),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			rootCAActivation,
    		}))
    		if err != nil {
    			return err
    		}
    		subordinateCAOneActivation, err := acmpca.NewCertificateAuthorityActivation(ctx, "subordinateCAOneActivation", &acmpca.CertificateAuthorityActivationArgs{
    			CertificateAuthorityArn: subordinateCAOne.ID(),
    			Certificate:             subordinateCAOneCACertificate.Certificate,
    			CertificateChain:        rootCAActivation.CompleteCertificateChain,
    			Status:                  pulumi.String("ACTIVE"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = acmpca.NewPermission(ctx, "subordinateCAOnePermission", &acmpca.PermissionArgs{
    			Actions: pulumi.StringArray{
    				pulumi.String("IssueCertificate"),
    				pulumi.String("GetCertificate"),
    				pulumi.String("ListPermissions"),
    			},
    			CertificateAuthorityArn: subordinateCAOne.ID(),
    			Principal:               pulumi.String("acm.amazonaws.com"),
    		})
    		if err != nil {
    			return err
    		}
    		subordinateCATwo, err := acmpca.NewCertificateAuthority(ctx, "subordinateCATwo", &acmpca.CertificateAuthorityArgs{
    			Type:             pulumi.String("SUBORDINATE"),
    			KeyAlgorithm:     pulumi.String("RSA_2048"),
    			SigningAlgorithm: pulumi.String("SHA256WITHRSA"),
    			Subject: &acmpca.CertificateAuthoritySubjectArgs{
    				Country:                    pulumi.String("US"),
    				Organization:               pulumi.String("string"),
    				OrganizationalUnit:         pulumi.String("string"),
    				DistinguishedNameQualifier: pulumi.String("string"),
    				State:                      pulumi.String("string"),
    				SerialNumber:               pulumi.String("string"),
    				Locality:                   pulumi.String("string"),
    				Title:                      pulumi.String("string"),
    				Surname:                    pulumi.String("string"),
    				GivenName:                  pulumi.String("string"),
    				Initials:                   pulumi.String("DG"),
    				Pseudonym:                  pulumi.String("string"),
    				GenerationQualifier:        pulumi.String("DBG"),
    			},
    			Tags: aws.TagArray{
    				&aws.TagArgs{
    					Key:   pulumi.String("Key1"),
    					Value: pulumi.String("Value1"),
    				},
    				&aws.TagArgs{
    					Key:   pulumi.String("Key2"),
    					Value: pulumi.String("Value2"),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		subordinateCATwoCACertificate, err := acmpca.NewCertificate(ctx, "subordinateCATwoCACertificate", &acmpca.CertificateArgs{
    			CertificateAuthorityArn:   subordinateCAOne.ID(),
    			CertificateSigningRequest: subordinateCATwo.CertificateSigningRequest,
    			SigningAlgorithm:          pulumi.String("SHA256WITHRSA"),
    			TemplateArn:               pulumi.String("arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1"),
    			Validity: &acmpca.CertificateValidityArgs{
    				Type:  pulumi.String("DAYS"),
    				Value: pulumi.Float64(80),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			subordinateCAOneActivation,
    		}))
    		if err != nil {
    			return err
    		}
    		subordinateCATwoActivation, err := acmpca.NewCertificateAuthorityActivation(ctx, "subordinateCATwoActivation", &acmpca.CertificateAuthorityActivationArgs{
    			CertificateAuthorityArn: subordinateCATwo.ID(),
    			Certificate:             subordinateCATwoCACertificate.Certificate,
    			CertificateChain:        subordinateCAOneActivation.CompleteCertificateChain,
    		})
    		if err != nil {
    			return err
    		}
    		_, err = acmpca.NewPermission(ctx, "subordinateCATwoPermission", &acmpca.PermissionArgs{
    			Actions: pulumi.StringArray{
    				pulumi.String("IssueCertificate"),
    				pulumi.String("GetCertificate"),
    				pulumi.String("ListPermissions"),
    			},
    			CertificateAuthorityArn: subordinateCATwo.ID(),
    			Principal:               pulumi.String("acm.amazonaws.com"),
    		})
    		if err != nil {
    			return err
    		}
    		endEntityCertificate, err := acmpca.NewCertificate(ctx, "endEntityCertificate", &acmpca.CertificateArgs{
    			CertificateAuthorityArn: subordinateCATwo.ID(),
    			CertificateSigningRequest: pulumi.String(`-----BEGIN CERTIFICATE REQUEST-----
    MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
    BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
    aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
    9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
    wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
    1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
    WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
    wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
    BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
    KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
    hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
    Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
    ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
    29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
    97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
    -----END CERTIFICATE REQUEST-----`),
    			SigningAlgorithm: pulumi.String("SHA256WITHRSA"),
    			Validity: &acmpca.CertificateValidityArgs{
    				Type:  pulumi.String("DAYS"),
    				Value: pulumi.Float64(70),
    			},
    		}, pulumi.DependsOn([]pulumi.Resource{
    			subordinateCATwoActivation,
    		}))
    		if err != nil {
    			return err
    		}
    		ctx.Export("completeCertificateChain", subordinateCATwoActivation.CompleteCertificateChain)
    		ctx.Export("certificateArn", endEntityCertificate.Arn)
    		return nil
    	})
    }
    

    Coming soon!

    import pulumi
    import pulumi_aws_native as aws_native
    
    root_ca = aws_native.acmpca.CertificateAuthority("rootCA",
        type="ROOT",
        key_algorithm="RSA_2048",
        signing_algorithm="SHA256WITHRSA",
        subject={
            "country": "US",
            "organization": "string",
            "organizational_unit": "string",
            "distinguished_name_qualifier": "string",
            "state": "string",
            "common_name": "123",
            "serial_number": "string",
            "locality": "string",
            "title": "string",
            "surname": "string",
            "given_name": "string",
            "initials": "DG",
            "pseudonym": "string",
            "generation_qualifier": "DBG",
        },
        revocation_configuration={
            "crl_configuration": {
                "enabled": False,
            },
        })
    root_ca_certificate = aws_native.acmpca.Certificate("rootCACertificate",
        certificate_authority_arn=root_ca.id,
        certificate_signing_request=root_ca.certificate_signing_request,
        signing_algorithm="SHA256WITHRSA",
        template_arn="arn:aws:acm-pca:::template/RootCACertificate/V1",
        validity={
            "type": "DAYS",
            "value": 100,
        })
    root_ca_activation = aws_native.acmpca.CertificateAuthorityActivation("rootCAActivation",
        certificate_authority_arn=root_ca.id,
        certificate=root_ca_certificate.certificate,
        status="ACTIVE")
    root_ca_permission = aws_native.acmpca.Permission("rootCAPermission",
        actions=[
            "IssueCertificate",
            "GetCertificate",
            "ListPermissions",
        ],
        certificate_authority_arn=root_ca.id,
        principal="acm.amazonaws.com")
    subordinate_ca_one = aws_native.acmpca.CertificateAuthority("subordinateCAOne",
        type="SUBORDINATE",
        key_algorithm="RSA_2048",
        signing_algorithm="SHA256WITHRSA",
        subject={
            "country": "US",
            "organization": "string",
            "organizational_unit": "string",
            "distinguished_name_qualifier": "string",
            "state": "string",
            "common_name": "Sub1",
            "serial_number": "string",
            "locality": "string",
            "title": "string",
            "surname": "string",
            "given_name": "string",
            "initials": "DG",
            "pseudonym": "string",
            "generation_qualifier": "DBG",
        },
        revocation_configuration={},
        tags=[])
    subordinate_ca_one_ca_certificate = aws_native.acmpca.Certificate("subordinateCAOneCACertificate",
        certificate_authority_arn=root_ca.id,
        certificate_signing_request=subordinate_ca_one.certificate_signing_request,
        signing_algorithm="SHA256WITHRSA",
        template_arn="arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1",
        validity={
            "type": "DAYS",
            "value": 90,
        },
        opts = pulumi.ResourceOptions(depends_on=[root_ca_activation]))
    subordinate_ca_one_activation = aws_native.acmpca.CertificateAuthorityActivation("subordinateCAOneActivation",
        certificate_authority_arn=subordinate_ca_one.id,
        certificate=subordinate_ca_one_ca_certificate.certificate,
        certificate_chain=root_ca_activation.complete_certificate_chain,
        status="ACTIVE")
    subordinate_ca_one_permission = aws_native.acmpca.Permission("subordinateCAOnePermission",
        actions=[
            "IssueCertificate",
            "GetCertificate",
            "ListPermissions",
        ],
        certificate_authority_arn=subordinate_ca_one.id,
        principal="acm.amazonaws.com")
    subordinate_ca_two = aws_native.acmpca.CertificateAuthority("subordinateCATwo",
        type="SUBORDINATE",
        key_algorithm="RSA_2048",
        signing_algorithm="SHA256WITHRSA",
        subject={
            "country": "US",
            "organization": "string",
            "organizational_unit": "string",
            "distinguished_name_qualifier": "string",
            "state": "string",
            "serial_number": "string",
            "locality": "string",
            "title": "string",
            "surname": "string",
            "given_name": "string",
            "initials": "DG",
            "pseudonym": "string",
            "generation_qualifier": "DBG",
        },
        tags=[
            {
                "key": "Key1",
                "value": "Value1",
            },
            {
                "key": "Key2",
                "value": "Value2",
            },
        ])
    subordinate_ca_two_ca_certificate = aws_native.acmpca.Certificate("subordinateCATwoCACertificate",
        certificate_authority_arn=subordinate_ca_one.id,
        certificate_signing_request=subordinate_ca_two.certificate_signing_request,
        signing_algorithm="SHA256WITHRSA",
        template_arn="arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1",
        validity={
            "type": "DAYS",
            "value": 80,
        },
        opts = pulumi.ResourceOptions(depends_on=[subordinate_ca_one_activation]))
    subordinate_ca_two_activation = aws_native.acmpca.CertificateAuthorityActivation("subordinateCATwoActivation",
        certificate_authority_arn=subordinate_ca_two.id,
        certificate=subordinate_ca_two_ca_certificate.certificate,
        certificate_chain=subordinate_ca_one_activation.complete_certificate_chain)
    subordinate_ca_two_permission = aws_native.acmpca.Permission("subordinateCATwoPermission",
        actions=[
            "IssueCertificate",
            "GetCertificate",
            "ListPermissions",
        ],
        certificate_authority_arn=subordinate_ca_two.id,
        principal="acm.amazonaws.com")
    end_entity_certificate = aws_native.acmpca.Certificate("endEntityCertificate",
        certificate_authority_arn=subordinate_ca_two.id,
        certificate_signing_request="""-----BEGIN CERTIFICATE REQUEST-----
    MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
    BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
    aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
    9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
    wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
    1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
    WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
    wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
    BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
    KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
    hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
    Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
    ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
    29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
    97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
    -----END CERTIFICATE REQUEST-----""",
        signing_algorithm="SHA256WITHRSA",
        validity={
            "type": "DAYS",
            "value": 70,
        },
        opts = pulumi.ResourceOptions(depends_on=[subordinate_ca_two_activation]))
    pulumi.export("completeCertificateChain", subordinate_ca_two_activation.complete_certificate_chain)
    pulumi.export("certificateArn", end_entity_certificate.arn)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws_native from "@pulumi/aws-native";
    
    const rootCA = new aws_native.acmpca.CertificateAuthority("rootCA", {
        type: "ROOT",
        keyAlgorithm: "RSA_2048",
        signingAlgorithm: "SHA256WITHRSA",
        subject: {
            country: "US",
            organization: "string",
            organizationalUnit: "string",
            distinguishedNameQualifier: "string",
            state: "string",
            commonName: "123",
            serialNumber: "string",
            locality: "string",
            title: "string",
            surname: "string",
            givenName: "string",
            initials: "DG",
            pseudonym: "string",
            generationQualifier: "DBG",
        },
        revocationConfiguration: {
            crlConfiguration: {
                enabled: false,
            },
        },
    });
    const rootCACertificate = new aws_native.acmpca.Certificate("rootCACertificate", {
        certificateAuthorityArn: rootCA.id,
        certificateSigningRequest: rootCA.certificateSigningRequest,
        signingAlgorithm: "SHA256WITHRSA",
        templateArn: "arn:aws:acm-pca:::template/RootCACertificate/V1",
        validity: {
            type: "DAYS",
            value: 100,
        },
    });
    const rootCAActivation = new aws_native.acmpca.CertificateAuthorityActivation("rootCAActivation", {
        certificateAuthorityArn: rootCA.id,
        certificate: rootCACertificate.certificate,
        status: "ACTIVE",
    });
    const rootCAPermission = new aws_native.acmpca.Permission("rootCAPermission", {
        actions: [
            "IssueCertificate",
            "GetCertificate",
            "ListPermissions",
        ],
        certificateAuthorityArn: rootCA.id,
        principal: "acm.amazonaws.com",
    });
    const subordinateCAOne = new aws_native.acmpca.CertificateAuthority("subordinateCAOne", {
        type: "SUBORDINATE",
        keyAlgorithm: "RSA_2048",
        signingAlgorithm: "SHA256WITHRSA",
        subject: {
            country: "US",
            organization: "string",
            organizationalUnit: "string",
            distinguishedNameQualifier: "string",
            state: "string",
            commonName: "Sub1",
            serialNumber: "string",
            locality: "string",
            title: "string",
            surname: "string",
            givenName: "string",
            initials: "DG",
            pseudonym: "string",
            generationQualifier: "DBG",
        },
        revocationConfiguration: {},
        tags: [],
    });
    const subordinateCAOneCACertificate = new aws_native.acmpca.Certificate("subordinateCAOneCACertificate", {
        certificateAuthorityArn: rootCA.id,
        certificateSigningRequest: subordinateCAOne.certificateSigningRequest,
        signingAlgorithm: "SHA256WITHRSA",
        templateArn: "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1",
        validity: {
            type: "DAYS",
            value: 90,
        },
    }, {
        dependsOn: [rootCAActivation],
    });
    const subordinateCAOneActivation = new aws_native.acmpca.CertificateAuthorityActivation("subordinateCAOneActivation", {
        certificateAuthorityArn: subordinateCAOne.id,
        certificate: subordinateCAOneCACertificate.certificate,
        certificateChain: rootCAActivation.completeCertificateChain,
        status: "ACTIVE",
    });
    const subordinateCAOnePermission = new aws_native.acmpca.Permission("subordinateCAOnePermission", {
        actions: [
            "IssueCertificate",
            "GetCertificate",
            "ListPermissions",
        ],
        certificateAuthorityArn: subordinateCAOne.id,
        principal: "acm.amazonaws.com",
    });
    const subordinateCATwo = new aws_native.acmpca.CertificateAuthority("subordinateCATwo", {
        type: "SUBORDINATE",
        keyAlgorithm: "RSA_2048",
        signingAlgorithm: "SHA256WITHRSA",
        subject: {
            country: "US",
            organization: "string",
            organizationalUnit: "string",
            distinguishedNameQualifier: "string",
            state: "string",
            serialNumber: "string",
            locality: "string",
            title: "string",
            surname: "string",
            givenName: "string",
            initials: "DG",
            pseudonym: "string",
            generationQualifier: "DBG",
        },
        tags: [
            {
                key: "Key1",
                value: "Value1",
            },
            {
                key: "Key2",
                value: "Value2",
            },
        ],
    });
    const subordinateCATwoCACertificate = new aws_native.acmpca.Certificate("subordinateCATwoCACertificate", {
        certificateAuthorityArn: subordinateCAOne.id,
        certificateSigningRequest: subordinateCATwo.certificateSigningRequest,
        signingAlgorithm: "SHA256WITHRSA",
        templateArn: "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1",
        validity: {
            type: "DAYS",
            value: 80,
        },
    }, {
        dependsOn: [subordinateCAOneActivation],
    });
    const subordinateCATwoActivation = new aws_native.acmpca.CertificateAuthorityActivation("subordinateCATwoActivation", {
        certificateAuthorityArn: subordinateCATwo.id,
        certificate: subordinateCATwoCACertificate.certificate,
        certificateChain: subordinateCAOneActivation.completeCertificateChain,
    });
    const subordinateCATwoPermission = new aws_native.acmpca.Permission("subordinateCATwoPermission", {
        actions: [
            "IssueCertificate",
            "GetCertificate",
            "ListPermissions",
        ],
        certificateAuthorityArn: subordinateCATwo.id,
        principal: "acm.amazonaws.com",
    });
    const endEntityCertificate = new aws_native.acmpca.Certificate("endEntityCertificate", {
        certificateAuthorityArn: subordinateCATwo.id,
        certificateSigningRequest: `-----BEGIN CERTIFICATE REQUEST-----
    MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV
    BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln
    aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG
    9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo
    wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c
    1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI
    WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ
    wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR
    BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ
    KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D
    hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY
    Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/
    ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn
    29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2
    97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w=
    -----END CERTIFICATE REQUEST-----`,
        signingAlgorithm: "SHA256WITHRSA",
        validity: {
            type: "DAYS",
            value: 70,
        },
    }, {
        dependsOn: [subordinateCATwoActivation],
    });
    export const completeCertificateChain = subordinateCATwoActivation.completeCertificateChain;
    export const certificateArn = endEntityCertificate.arn;
    

    Coming soon!

    Create CertificateAuthority Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new CertificateAuthority(name: string, args: CertificateAuthorityArgs, opts?: CustomResourceOptions);
    @overload
    def CertificateAuthority(resource_name: str,
                             args: CertificateAuthorityArgs,
                             opts: Optional[ResourceOptions] = None)
    
    @overload
    def CertificateAuthority(resource_name: str,
                             opts: Optional[ResourceOptions] = None,
                             key_algorithm: Optional[str] = None,
                             signing_algorithm: Optional[str] = None,
                             subject: Optional[CertificateAuthoritySubjectArgs] = None,
                             type: Optional[str] = None,
                             csr_extensions: Optional[CertificateAuthorityCsrExtensionsArgs] = None,
                             key_storage_security_standard: Optional[str] = None,
                             revocation_configuration: Optional[CertificateAuthorityRevocationConfigurationArgs] = None,
                             tags: Optional[Sequence[_root_inputs.TagArgs]] = None,
                             usage_mode: Optional[str] = None)
    func NewCertificateAuthority(ctx *Context, name string, args CertificateAuthorityArgs, opts ...ResourceOption) (*CertificateAuthority, error)
    public CertificateAuthority(string name, CertificateAuthorityArgs args, CustomResourceOptions? opts = null)
    public CertificateAuthority(String name, CertificateAuthorityArgs args)
    public CertificateAuthority(String name, CertificateAuthorityArgs args, CustomResourceOptions options)
    
    type: aws-native:acmpca:CertificateAuthority
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args CertificateAuthorityArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    CertificateAuthority Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The CertificateAuthority resource accepts the following input properties:

    KeyAlgorithm string
    Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
    SigningAlgorithm string
    Algorithm your CA uses to sign certificate requests.
    Subject Pulumi.AwsNative.Acmpca.Inputs.CertificateAuthoritySubject
    Structure that contains X.500 distinguished name information for your CA.
    Type string
    The type of the certificate authority.
    CsrExtensions Pulumi.AwsNative.Acmpca.Inputs.CertificateAuthorityCsrExtensions
    Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
    KeyStorageSecurityStandard string
    KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
    RevocationConfiguration Pulumi.AwsNative.Acmpca.Inputs.CertificateAuthorityRevocationConfiguration
    Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
    Tags List<Pulumi.AwsNative.Inputs.Tag>
    Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .
    UsageMode string
    Usage mode of the ceritificate authority.
    KeyAlgorithm string
    Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
    SigningAlgorithm string
    Algorithm your CA uses to sign certificate requests.
    Subject CertificateAuthoritySubjectArgs
    Structure that contains X.500 distinguished name information for your CA.
    Type string
    The type of the certificate authority.
    CsrExtensions CertificateAuthorityCsrExtensionsArgs
    Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
    KeyStorageSecurityStandard string
    KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
    RevocationConfiguration CertificateAuthorityRevocationConfigurationArgs
    Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
    Tags TagArgs
    Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .
    UsageMode string
    Usage mode of the ceritificate authority.
    keyAlgorithm String
    Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
    signingAlgorithm String
    Algorithm your CA uses to sign certificate requests.
    subject CertificateAuthoritySubject
    Structure that contains X.500 distinguished name information for your CA.
    type String
    The type of the certificate authority.
    csrExtensions CertificateAuthorityCsrExtensions
    Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
    keyStorageSecurityStandard String
    KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
    revocationConfiguration CertificateAuthorityRevocationConfiguration
    Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
    tags List<Tag>
    Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .
    usageMode String
    Usage mode of the ceritificate authority.
    keyAlgorithm string
    Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
    signingAlgorithm string
    Algorithm your CA uses to sign certificate requests.
    subject CertificateAuthoritySubject
    Structure that contains X.500 distinguished name information for your CA.
    type string
    The type of the certificate authority.
    csrExtensions CertificateAuthorityCsrExtensions
    Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
    keyStorageSecurityStandard string
    KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
    revocationConfiguration CertificateAuthorityRevocationConfiguration
    Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
    tags Tag[]
    Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .
    usageMode string
    Usage mode of the ceritificate authority.
    key_algorithm str
    Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
    signing_algorithm str
    Algorithm your CA uses to sign certificate requests.
    subject CertificateAuthoritySubjectArgs
    Structure that contains X.500 distinguished name information for your CA.
    type str
    The type of the certificate authority.
    csr_extensions CertificateAuthorityCsrExtensionsArgs
    Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
    key_storage_security_standard str
    KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
    revocation_configuration CertificateAuthorityRevocationConfigurationArgs
    Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
    tags Sequence[TagArgs]
    Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .
    usage_mode str
    Usage mode of the ceritificate authority.
    keyAlgorithm String
    Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
    signingAlgorithm String
    Algorithm your CA uses to sign certificate requests.
    subject Property Map
    Structure that contains X.500 distinguished name information for your CA.
    type String
    The type of the certificate authority.
    csrExtensions Property Map
    Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.
    keyStorageSecurityStandard String
    KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.
    revocationConfiguration Property Map
    Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
    tags List<Property Map>
    Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .
    usageMode String
    Usage mode of the ceritificate authority.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the CertificateAuthority resource produces the following output properties:

    Arn string
    The Amazon Resource Name (ARN) of the certificate authority.
    CertificateSigningRequest string
    The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
    Id string
    The provider-assigned unique ID for this managed resource.
    Arn string
    The Amazon Resource Name (ARN) of the certificate authority.
    CertificateSigningRequest string
    The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
    Id string
    The provider-assigned unique ID for this managed resource.
    arn String
    The Amazon Resource Name (ARN) of the certificate authority.
    certificateSigningRequest String
    The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
    id String
    The provider-assigned unique ID for this managed resource.
    arn string
    The Amazon Resource Name (ARN) of the certificate authority.
    certificateSigningRequest string
    The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
    id string
    The provider-assigned unique ID for this managed resource.
    arn str
    The Amazon Resource Name (ARN) of the certificate authority.
    certificate_signing_request str
    The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
    id str
    The provider-assigned unique ID for this managed resource.
    arn String
    The Amazon Resource Name (ARN) of the certificate authority.
    certificateSigningRequest String
    The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
    id String
    The provider-assigned unique ID for this managed resource.

    Supporting Types

    CertificateAuthorityAccessDescription, CertificateAuthorityAccessDescriptionArgs

    CertificateAuthorityAccessMethod, CertificateAuthorityAccessMethodArgs

    CertificateAuthorityCrlConfiguration, CertificateAuthorityCrlConfigurationArgs

    Enabled bool
    Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the CreateCertificateAuthority operation or for an existing CA when you call the UpdateCertificateAuthority operation.
    CrlDistributionPointExtensionConfiguration Pulumi.AwsNative.Acmpca.Inputs.CertificateAuthorityCrlDistributionPointExtensionConfiguration
    Configures the default behavior of the CRL Distribution Point extension for certificates issued by your CA. If this field is not provided, then the CRL Distribution Point extension will be present and contain the default CRL URL.
    CustomCname string

    Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.

    The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

    ExpirationInDays int
    Validity period of the CRL in days.
    S3BucketName string

    Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority operation. You must specify a bucket policy that allows AWS Private CA to write the CRL to your bucket.

    The S3BucketName parameter must conform to the S3 bucket naming rules .

    S3ObjectAcl string

    Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.

    If no value is specified, the default is PUBLIC_READ.

    Note: This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as BUCKET_OWNER_FULL_CONTROL , and not doing so results in an error. If you have disabled BPA in S3, then you can specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value.

    For more information, see Blocking public access to the S3 bucket .

    Enabled bool
    Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the CreateCertificateAuthority operation or for an existing CA when you call the UpdateCertificateAuthority operation.
    CrlDistributionPointExtensionConfiguration CertificateAuthorityCrlDistributionPointExtensionConfiguration
    Configures the default behavior of the CRL Distribution Point extension for certificates issued by your CA. If this field is not provided, then the CRL Distribution Point extension will be present and contain the default CRL URL.
    CustomCname string

    Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.

    The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

    ExpirationInDays int
    Validity period of the CRL in days.
    S3BucketName string

    Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority operation. You must specify a bucket policy that allows AWS Private CA to write the CRL to your bucket.

    The S3BucketName parameter must conform to the S3 bucket naming rules .

    S3ObjectAcl string

    Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.

    If no value is specified, the default is PUBLIC_READ.

    Note: This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as BUCKET_OWNER_FULL_CONTROL , and not doing so results in an error. If you have disabled BPA in S3, then you can specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value.

    For more information, see Blocking public access to the S3 bucket .

    enabled Boolean
    Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the CreateCertificateAuthority operation or for an existing CA when you call the UpdateCertificateAuthority operation.
    crlDistributionPointExtensionConfiguration CertificateAuthorityCrlDistributionPointExtensionConfiguration
    Configures the default behavior of the CRL Distribution Point extension for certificates issued by your CA. If this field is not provided, then the CRL Distribution Point extension will be present and contain the default CRL URL.
    customCname String

    Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.

    The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

    expirationInDays Integer
    Validity period of the CRL in days.
    s3BucketName String

    Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority operation. You must specify a bucket policy that allows AWS Private CA to write the CRL to your bucket.

    The S3BucketName parameter must conform to the S3 bucket naming rules .

    s3ObjectAcl String

    Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.

    If no value is specified, the default is PUBLIC_READ.

    Note: This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as BUCKET_OWNER_FULL_CONTROL , and not doing so results in an error. If you have disabled BPA in S3, then you can specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value.

    For more information, see Blocking public access to the S3 bucket .

    enabled boolean
    Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the CreateCertificateAuthority operation or for an existing CA when you call the UpdateCertificateAuthority operation.
    crlDistributionPointExtensionConfiguration CertificateAuthorityCrlDistributionPointExtensionConfiguration
    Configures the default behavior of the CRL Distribution Point extension for certificates issued by your CA. If this field is not provided, then the CRL Distribution Point extension will be present and contain the default CRL URL.
    customCname string

    Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.

    The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

    expirationInDays number
    Validity period of the CRL in days.
    s3BucketName string

    Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority operation. You must specify a bucket policy that allows AWS Private CA to write the CRL to your bucket.

    The S3BucketName parameter must conform to the S3 bucket naming rules .

    s3ObjectAcl string

    Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.

    If no value is specified, the default is PUBLIC_READ.

    Note: This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as BUCKET_OWNER_FULL_CONTROL , and not doing so results in an error. If you have disabled BPA in S3, then you can specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value.

    For more information, see Blocking public access to the S3 bucket .

    enabled bool
    Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the CreateCertificateAuthority operation or for an existing CA when you call the UpdateCertificateAuthority operation.
    crl_distribution_point_extension_configuration CertificateAuthorityCrlDistributionPointExtensionConfiguration
    Configures the default behavior of the CRL Distribution Point extension for certificates issued by your CA. If this field is not provided, then the CRL Distribution Point extension will be present and contain the default CRL URL.
    custom_cname str

    Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.

    The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

    expiration_in_days int
    Validity period of the CRL in days.
    s3_bucket_name str

    Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority operation. You must specify a bucket policy that allows AWS Private CA to write the CRL to your bucket.

    The S3BucketName parameter must conform to the S3 bucket naming rules .

    s3_object_acl str

    Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.

    If no value is specified, the default is PUBLIC_READ.

    Note: This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as BUCKET_OWNER_FULL_CONTROL , and not doing so results in an error. If you have disabled BPA in S3, then you can specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value.

    For more information, see Blocking public access to the S3 bucket .

    enabled Boolean
    Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the CreateCertificateAuthority operation or for an existing CA when you call the UpdateCertificateAuthority operation.
    crlDistributionPointExtensionConfiguration Property Map
    Configures the default behavior of the CRL Distribution Point extension for certificates issued by your CA. If this field is not provided, then the CRL Distribution Point extension will be present and contain the default CRL URL.
    customCname String

    Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.

    The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

    expirationInDays Number
    Validity period of the CRL in days.
    s3BucketName String

    Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority operation. You must specify a bucket policy that allows AWS Private CA to write the CRL to your bucket.

    The S3BucketName parameter must conform to the S3 bucket naming rules .

    s3ObjectAcl String

    Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.

    If no value is specified, the default is PUBLIC_READ.

    Note: This default can cause CA creation to fail in some circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as BUCKET_OWNER_FULL_CONTROL , and not doing so results in an error. If you have disabled BPA in S3, then you can specify either BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the value.

    For more information, see Blocking public access to the S3 bucket .

    CertificateAuthorityCrlDistributionPointExtensionConfiguration, CertificateAuthorityCrlDistributionPointExtensionConfigurationArgs

    OmitExtension bool

    Configures whether the CRL Distribution Point extension should be populated with the default URL to the CRL. If set to true , then the CDP extension will not be present in any certificates issued by that CA unless otherwise specified through CSR or API passthrough.

    Only set this if you have another way to distribute the CRL Distribution Points for certificates issued by your CA, such as the Matter Distributed Compliance Ledger.

    This configuration cannot be enabled with a custom CNAME set.

    OmitExtension bool

    Configures whether the CRL Distribution Point extension should be populated with the default URL to the CRL. If set to true , then the CDP extension will not be present in any certificates issued by that CA unless otherwise specified through CSR or API passthrough.

    Only set this if you have another way to distribute the CRL Distribution Points for certificates issued by your CA, such as the Matter Distributed Compliance Ledger.

    This configuration cannot be enabled with a custom CNAME set.

    omitExtension Boolean

    Configures whether the CRL Distribution Point extension should be populated with the default URL to the CRL. If set to true , then the CDP extension will not be present in any certificates issued by that CA unless otherwise specified through CSR or API passthrough.

    Only set this if you have another way to distribute the CRL Distribution Points for certificates issued by your CA, such as the Matter Distributed Compliance Ledger.

    This configuration cannot be enabled with a custom CNAME set.

    omitExtension boolean

    Configures whether the CRL Distribution Point extension should be populated with the default URL to the CRL. If set to true , then the CDP extension will not be present in any certificates issued by that CA unless otherwise specified through CSR or API passthrough.

    Only set this if you have another way to distribute the CRL Distribution Points for certificates issued by your CA, such as the Matter Distributed Compliance Ledger.

    This configuration cannot be enabled with a custom CNAME set.

    omit_extension bool

    Configures whether the CRL Distribution Point extension should be populated with the default URL to the CRL. If set to true , then the CDP extension will not be present in any certificates issued by that CA unless otherwise specified through CSR or API passthrough.

    Only set this if you have another way to distribute the CRL Distribution Points for certificates issued by your CA, such as the Matter Distributed Compliance Ledger.

    This configuration cannot be enabled with a custom CNAME set.

    omitExtension Boolean

    Configures whether the CRL Distribution Point extension should be populated with the default URL to the CRL. If set to true , then the CDP extension will not be present in any certificates issued by that CA unless otherwise specified through CSR or API passthrough.

    Only set this if you have another way to distribute the CRL Distribution Points for certificates issued by your CA, such as the Matter Distributed Compliance Ledger.

    This configuration cannot be enabled with a custom CNAME set.

    CertificateAuthorityCsrExtensions, CertificateAuthorityCsrExtensionsArgs

    KeyUsage Pulumi.AwsNative.Acmpca.Inputs.CertificateAuthorityKeyUsage
    Indicates the purpose of the certificate and of the key contained in the certificate.
    SubjectInformationAccess List<Pulumi.AwsNative.Acmpca.Inputs.CertificateAuthorityAccessDescription>
    For CA certificates, provides a path to additional information pertaining to the CA, such as revocation and policy. For more information, see Subject Information Access in RFC 5280.
    KeyUsage CertificateAuthorityKeyUsage
    Indicates the purpose of the certificate and of the key contained in the certificate.
    SubjectInformationAccess []CertificateAuthorityAccessDescription
    For CA certificates, provides a path to additional information pertaining to the CA, such as revocation and policy. For more information, see Subject Information Access in RFC 5280.
    keyUsage CertificateAuthorityKeyUsage
    Indicates the purpose of the certificate and of the key contained in the certificate.
    subjectInformationAccess List<CertificateAuthorityAccessDescription>
    For CA certificates, provides a path to additional information pertaining to the CA, such as revocation and policy. For more information, see Subject Information Access in RFC 5280.
    keyUsage CertificateAuthorityKeyUsage
    Indicates the purpose of the certificate and of the key contained in the certificate.
    subjectInformationAccess CertificateAuthorityAccessDescription[]
    For CA certificates, provides a path to additional information pertaining to the CA, such as revocation and policy. For more information, see Subject Information Access in RFC 5280.
    key_usage CertificateAuthorityKeyUsage
    Indicates the purpose of the certificate and of the key contained in the certificate.
    subject_information_access Sequence[CertificateAuthorityAccessDescription]
    For CA certificates, provides a path to additional information pertaining to the CA, such as revocation and policy. For more information, see Subject Information Access in RFC 5280.
    keyUsage Property Map
    Indicates the purpose of the certificate and of the key contained in the certificate.
    subjectInformationAccess List<Property Map>
    For CA certificates, provides a path to additional information pertaining to the CA, such as revocation and policy. For more information, see Subject Information Access in RFC 5280.

    CertificateAuthorityCustomAttribute, CertificateAuthorityCustomAttributeArgs

    ObjectIdentifier string
    Value string
    ObjectIdentifier string
    Value string
    objectIdentifier String
    value String
    objectIdentifier string
    value string
    objectIdentifier String
    value String

    CertificateAuthorityEdiPartyName, CertificateAuthorityEdiPartyNameArgs

    PartyName string
    NameAssigner string
    PartyName string
    NameAssigner string
    partyName String
    nameAssigner String
    partyName string
    nameAssigner string
    partyName String
    nameAssigner String

    CertificateAuthorityGeneralName, CertificateAuthorityGeneralNameArgs

    CertificateAuthorityKeyUsage, CertificateAuthorityKeyUsageArgs

    CrlSign bool
    Key can be used to sign CRLs.
    DataEncipherment bool
    Key can be used to decipher data.
    DecipherOnly bool
    Key can be used only to decipher data.
    DigitalSignature bool
    Key can be used for digital signing.
    EncipherOnly bool
    Key can be used only to encipher data.
    KeyAgreement bool
    Key can be used in a key-agreement protocol.
    KeyCertSign bool
    Key can be used to sign certificates.
    KeyEncipherment bool
    Key can be used to encipher data.
    NonRepudiation bool
    Key can be used for non-repudiation.
    CrlSign bool
    Key can be used to sign CRLs.
    DataEncipherment bool
    Key can be used to decipher data.
    DecipherOnly bool
    Key can be used only to decipher data.
    DigitalSignature bool
    Key can be used for digital signing.
    EncipherOnly bool
    Key can be used only to encipher data.
    KeyAgreement bool
    Key can be used in a key-agreement protocol.
    KeyCertSign bool
    Key can be used to sign certificates.
    KeyEncipherment bool
    Key can be used to encipher data.
    NonRepudiation bool
    Key can be used for non-repudiation.
    crlSign Boolean
    Key can be used to sign CRLs.
    dataEncipherment Boolean
    Key can be used to decipher data.
    decipherOnly Boolean
    Key can be used only to decipher data.
    digitalSignature Boolean
    Key can be used for digital signing.
    encipherOnly Boolean
    Key can be used only to encipher data.
    keyAgreement Boolean
    Key can be used in a key-agreement protocol.
    keyCertSign Boolean
    Key can be used to sign certificates.
    keyEncipherment Boolean
    Key can be used to encipher data.
    nonRepudiation Boolean
    Key can be used for non-repudiation.
    crlSign boolean
    Key can be used to sign CRLs.
    dataEncipherment boolean
    Key can be used to decipher data.
    decipherOnly boolean
    Key can be used only to decipher data.
    digitalSignature boolean
    Key can be used for digital signing.
    encipherOnly boolean
    Key can be used only to encipher data.
    keyAgreement boolean
    Key can be used in a key-agreement protocol.
    keyCertSign boolean
    Key can be used to sign certificates.
    keyEncipherment boolean
    Key can be used to encipher data.
    nonRepudiation boolean
    Key can be used for non-repudiation.
    crl_sign bool
    Key can be used to sign CRLs.
    data_encipherment bool
    Key can be used to decipher data.
    decipher_only bool
    Key can be used only to decipher data.
    digital_signature bool
    Key can be used for digital signing.
    encipher_only bool
    Key can be used only to encipher data.
    key_agreement bool
    Key can be used in a key-agreement protocol.
    key_cert_sign bool
    Key can be used to sign certificates.
    key_encipherment bool
    Key can be used to encipher data.
    non_repudiation bool
    Key can be used for non-repudiation.
    crlSign Boolean
    Key can be used to sign CRLs.
    dataEncipherment Boolean
    Key can be used to decipher data.
    decipherOnly Boolean
    Key can be used only to decipher data.
    digitalSignature Boolean
    Key can be used for digital signing.
    encipherOnly Boolean
    Key can be used only to encipher data.
    keyAgreement Boolean
    Key can be used in a key-agreement protocol.
    keyCertSign Boolean
    Key can be used to sign certificates.
    keyEncipherment Boolean
    Key can be used to encipher data.
    nonRepudiation Boolean
    Key can be used for non-repudiation.

    CertificateAuthorityOcspConfiguration, CertificateAuthorityOcspConfigurationArgs

    Enabled bool
    Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
    OcspCustomCname string

    By default, AWS Private CA injects an Amazon domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.

    The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

    Enabled bool
    Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
    OcspCustomCname string

    By default, AWS Private CA injects an Amazon domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.

    The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

    enabled Boolean
    Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
    ocspCustomCname String

    By default, AWS Private CA injects an Amazon domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.

    The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

    enabled boolean
    Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
    ocspCustomCname string

    By default, AWS Private CA injects an Amazon domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.

    The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

    enabled bool
    Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
    ocsp_custom_cname str

    By default, AWS Private CA injects an Amazon domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.

    The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

    enabled Boolean
    Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
    ocspCustomCname String

    By default, AWS Private CA injects an Amazon domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.

    The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".

    CertificateAuthorityOtherName, CertificateAuthorityOtherNameArgs

    TypeId string
    Value string
    TypeId string
    Value string
    typeId String
    value String
    typeId string
    value string
    type_id str
    value str
    typeId String
    value String

    CertificateAuthorityRevocationConfiguration, CertificateAuthorityRevocationConfigurationArgs

    CrlConfiguration Pulumi.AwsNative.Acmpca.Inputs.CertificateAuthorityCrlConfiguration
    Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
    OcspConfiguration Pulumi.AwsNative.Acmpca.Inputs.CertificateAuthorityOcspConfiguration
    Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.
    CrlConfiguration CertificateAuthorityCrlConfiguration
    Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
    OcspConfiguration CertificateAuthorityOcspConfiguration
    Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.
    crlConfiguration CertificateAuthorityCrlConfiguration
    Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
    ocspConfiguration CertificateAuthorityOcspConfiguration
    Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.
    crlConfiguration CertificateAuthorityCrlConfiguration
    Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
    ocspConfiguration CertificateAuthorityOcspConfiguration
    Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.
    crl_configuration CertificateAuthorityCrlConfiguration
    Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
    ocsp_configuration CertificateAuthorityOcspConfiguration
    Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.
    crlConfiguration Property Map
    Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
    ocspConfiguration Property Map
    Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.

    CertificateAuthoritySubject, CertificateAuthoritySubjectArgs

    Tag, TagArgs

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi