Namespace Pulumi.Aws.Acmpca
Classes
CertificateAuthority
Provides a resource to manage AWS Certificate Manager Private Certificate Authorities (ACM PCA Certificate Authorities).
NOTE: Creating this resource will leave the certificate authority in a
PENDING_CERTIFICATEstatus, which means it cannot yet issue certificates. To complete this setup, you must fully sign the certificate authority CSR available in thecertificate_signing_requestattribute and import the signed certificate using the AWS SDK, CLI or Console. This provider can support another resource to manage that workflow automatically in the future.
Example Usage
Basic
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Acmpca.CertificateAuthority("example", new Aws.Acmpca.CertificateAuthorityArgs
{
CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
{
KeyAlgorithm = "RSA_4096",
SigningAlgorithm = "SHA512WITHRSA",
Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
{
CommonName = "example.com",
},
},
PermanentDeletionTimeInDays = 7,
});
}
}
Enable Certificate Revocation List
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var exampleBucket = new Aws.S3.Bucket("exampleBucket", new Aws.S3.BucketArgs
{
});
var acmpcaBucketAccess = Output.Tuple(exampleBucket.Arn, exampleBucket.Arn).Apply(values =>
{
var exampleBucketArn = values.Item1;
var exampleBucketArn1 = values.Item2;
return Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs
{
Statements =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs
{
Actions =
{
"s3:GetBucketAcl",
"s3:GetBucketLocation",
"s3:PutObject",
"s3:PutObjectAcl",
},
Principals =
{
new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs
{
Identifiers =
{
"acm-pca.amazonaws.com",
},
Type = "Service",
},
},
Resources =
{
exampleBucketArn,
$"{exampleBucketArn1}/*",
},
},
},
});
});
var exampleBucketPolicy = new Aws.S3.BucketPolicy("exampleBucketPolicy", new Aws.S3.BucketPolicyArgs
{
Bucket = exampleBucket.Id,
Policy = acmpcaBucketAccess.Apply(acmpcaBucketAccess => acmpcaBucketAccess.Json),
});
var exampleCertificateAuthority = new Aws.Acmpca.CertificateAuthority("exampleCertificateAuthority", new Aws.Acmpca.CertificateAuthorityArgs
{
CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
{
KeyAlgorithm = "RSA_4096",
SigningAlgorithm = "SHA512WITHRSA",
Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
{
CommonName = "example.com",
},
},
RevocationConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationArgs
{
CrlConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs
{
CustomCname = "crl.example.com",
Enabled = true,
ExpirationInDays = 7,
S3BucketName = exampleBucket.Id,
},
},
});
}
}