Class CertificateAuthority

Provides a resource to manage AWS Certificate Manager Private Certificate Authorities (ACM PCA Certificate Authorities).

NOTE: Creating this resource will leave the certificate authority in a PENDING_CERTIFICATE status, which means it cannot yet issue certificates. To complete this setup, you must fully sign the certificate authority CSR available in the certificate_signing_request attribute and import the signed certificate using the AWS SDK, CLI or Console. This provider can support another resource to manage that workflow automatically in the future.

Example Usage

Basic

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.Acmpca.CertificateAuthority("example", new Aws.Acmpca.CertificateAuthorityArgs
    {
        CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
        {
            KeyAlgorithm = "RSA_4096",
            SigningAlgorithm = "SHA512WITHRSA",
            Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
            {
                CommonName = "example.com",
            },
        },
        PermanentDeletionTimeInDays = 7,
    });
}

}

Enable Certificate Revocation List

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var exampleBucket = new Aws.S3.Bucket("exampleBucket", new Aws.S3.BucketArgs
    {
    });
    var acmpcaBucketAccess = Output.Tuple(exampleBucket.Arn, exampleBucket.Arn).Apply(values =>
    {
        var exampleBucketArn = values.Item1;
        var exampleBucketArn1 = values.Item2;
        return Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
        {
            Statements = 
            {
                new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
                {
                    Actions = 
                    {
                        "s3:GetBucketAcl",
                        "s3:GetBucketLocation",
                        "s3:PutObject",
                        "s3:PutObjectAcl",
                    },
                    Principals = 
                    {
                        new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
                        {
                            Identifiers = 
                            {
                                "acm-pca.amazonaws.com",
                            },
                            Type = "Service",
                        },
                    },
                    Resources = 
                    {
                        exampleBucketArn,
                        $"{exampleBucketArn1}/*",
                    },
                },
            },
        });
    });
    var exampleBucketPolicy = new Aws.S3.BucketPolicy("exampleBucketPolicy", new Aws.S3.BucketPolicyArgs
    {
        Bucket = exampleBucket.Id,
        Policy = acmpcaBucketAccess.Apply(acmpcaBucketAccess => acmpcaBucketAccess.Json),
    });
    var exampleCertificateAuthority = new Aws.Acmpca.CertificateAuthority("exampleCertificateAuthority", new Aws.Acmpca.CertificateAuthorityArgs
    {
        CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
        {
            KeyAlgorithm = "RSA_4096",
            SigningAlgorithm = "SHA512WITHRSA",
            Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
            {
                CommonName = "example.com",
            },
        },
        RevocationConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationArgs
        {
            CrlConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs
            {
                CustomCname = "crl.example.com",
                Enabled = true,
                ExpirationInDays = 7,
                S3BucketName = exampleBucket.Id,
            },
        },
    });
}

}
Inheritance
System.Object
Resource
CustomResource
CertificateAuthority
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Aws.Acmpca
Assembly: Pulumi.Aws.dll
Syntax
public class CertificateAuthority : CustomResource

Constructors

View Source

CertificateAuthority(String, CertificateAuthorityArgs, CustomResourceOptions)

Create a CertificateAuthority resource with the given unique name, arguments, and options.

Declaration
public CertificateAuthority(string name, CertificateAuthorityArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
CertificateAuthorityArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

Arn

Amazon Resource Name (ARN) of the certificate authority.

Declaration
public Output<string> Arn { get; }
Property Value
Type Description
Output<System.String>
View Source

Certificate

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

Declaration
public Output<string> Certificate { get; }
Property Value
Type Description
Output<System.String>
View Source

CertificateAuthorityConfiguration

Nested argument containing algorithms and certificate subject information. Defined below.

Declaration
public Output<CertificateAuthorityCertificateAuthorityConfiguration> CertificateAuthorityConfiguration { get; }
Property Value
Type Description
Output<CertificateAuthorityCertificateAuthorityConfiguration>
View Source

CertificateChain

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

Declaration
public Output<string> CertificateChain { get; }
Property Value
Type Description
Output<System.String>
View Source

CertificateSigningRequest

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

Declaration
public Output<string> CertificateSigningRequest { get; }
Property Value
Type Description
Output<System.String>
View Source

Enabled

Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to false.

Declaration
public Output<bool?> Enabled { get; }
Property Value
Type Description
Output<System.Nullable<System.Boolean>>
View Source

NotAfter

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

Declaration
public Output<string> NotAfter { get; }
Property Value
Type Description
Output<System.String>
View Source

NotBefore

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

Declaration
public Output<string> NotBefore { get; }
Property Value
Type Description
Output<System.String>
View Source

PermanentDeletionTimeInDays

The number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

Declaration
public Output<int?> PermanentDeletionTimeInDays { get; }
Property Value
Type Description
Output<System.Nullable<System.Int32>>
View Source

RevocationConfiguration

Nested argument containing revocation configuration. Defined below.

Declaration
public Output<CertificateAuthorityRevocationConfiguration> RevocationConfiguration { get; }
Property Value
Type Description
Output<CertificateAuthorityRevocationConfiguration>
View Source

Serial

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

Declaration
public Output<string> Serial { get; }
Property Value
Type Description
Output<System.String>
View Source

Status

Status of the certificate authority.

Declaration
public Output<string> Status { get; }
Property Value
Type Description
Output<System.String>
View Source

Tags

Specifies a key-value map of user-defined tags that are attached to the certificate authority.

Declaration
public Output<ImmutableDictionary<string, object>> Tags { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>>
View Source

Type

The type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

Declaration
public Output<string> Type { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, CertificateAuthorityState, CustomResourceOptions)

Get an existing CertificateAuthority resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static CertificateAuthority Get(string name, Input<string> id, CertificateAuthorityState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
CertificateAuthorityState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
CertificateAuthority