Module acmpca

This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

Resources

Resource CertificateAuthority

class CertificateAuthority extends CustomResource

Provides a resource to manage AWS Certificate Manager Private Certificate Authorities (ACM PCA Certificate Authorities).

NOTE: Creating this resource will leave the certificate authority in a PENDING_CERTIFICATE status, which means it cannot yet issue certificates. To complete this setup, you must fully sign the certificate authority CSR available in the certificateSigningRequest attribute and import the signed certificate using the AWS SDK, CLI or Console. This provider can support another resource to manage that workflow automatically in the future.

Example Usage

Basic

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.acmpca.CertificateAuthority("example", {
    certificateAuthorityConfiguration: {
        keyAlgorithm: "RSA_4096",
        signingAlgorithm: "SHA512WITHRSA",
        subject: {
            commonName: "example.com",
        },
    },
    permanentDeletionTimeInDays: 7,
});

Enable Certificate Revocation List

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleBucket = new aws.s3.Bucket("example", {});
const acmpcaBucketAccess = pulumi.all([exampleBucket.arn, exampleBucket.arn]).apply(([exampleBucketArn, exampleBucketArn1]) => aws.iam.getPolicyDocument({
    statements: [{
        actions: [
            "s3:GetBucketAcl",
            "s3:GetBucketLocation",
            "s3:PutObject",
            "s3:PutObjectAcl",
        ],
        principals: [{
            identifiers: ["acm-pca.amazonaws.com"],
            type: "Service",
        }],
        resources: [
            exampleBucketArn,
            `${exampleBucketArn1}/*`,
        ],
    }],
}, { async: true }));
const exampleBucketPolicy = new aws.s3.BucketPolicy("example", {
    bucket: exampleBucket.id,
    policy: acmpcaBucketAccess.json,
});
const exampleCertificateAuthority = new aws.acmpca.CertificateAuthority("example", {
    certificateAuthorityConfiguration: {
        keyAlgorithm: "RSA_4096",
        signingAlgorithm: "SHA512WITHRSA",
        subject: {
            commonName: "example.com",
        },
    },
    revocationConfiguration: {
        crlConfiguration: {
            customCname: "crl.example.com",
            enabled: true,
            expirationInDays: 7,
            s3BucketName: exampleBucket.id,
        },
    },
}, { dependsOn: [exampleBucketPolicy] });

constructor

new CertificateAuthority(name: string, args: CertificateAuthorityArgs, opts?: pulumi.CustomResourceOptions)

Create a CertificateAuthority resource with the given unique name, arguments, and options.

name The unique name of the resource.
args The arguments to use to populate this resource's properties.
opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CertificateAuthorityState, opts?: pulumi.CustomResourceOptions): CertificateAuthority

Get an existing CertificateAuthority resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is CertificateAuthority

Returns true if the given object is an instance of CertificateAuthority. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

Amazon Resource Name (ARN) of the certificate authority.

property certificate

public certificate: pulumi.Output<string>;

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

property certificateAuthorityConfiguration

public certificateAuthorityConfiguration: pulumi.Output<CertificateAuthorityCertificateAuthorityConfiguration>;

Nested argument containing algorithms and certificate subject information. Defined below.

property certificateChain

public certificateChain: pulumi.Output<string>;

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

property certificateSigningRequest

public certificateSigningRequest: pulumi.Output<string>;

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

property enabled

public enabled: pulumi.Output<boolean | undefined>;

Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to false.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property notAfter

public notAfter: pulumi.Output<string>;

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

property notBefore

public notBefore: pulumi.Output<string>;

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

property permanentDeletionTimeInDays

public permanentDeletionTimeInDays: pulumi.Output<number | undefined>;

The number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

property revocationConfiguration

public revocationConfiguration: pulumi.Output<CertificateAuthorityRevocationConfiguration | undefined>;

Nested argument containing revocation configuration. Defined below.

property serial

public serial: pulumi.Output<string>;

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

property status

public status: pulumi.Output<string>;

Status of the certificate authority.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

Specifies a key-value map of user-defined tags that are attached to the certificate authority.

property type

public type: pulumi.Output<string | undefined>;

The type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Functions

Function getCertificateAuthority

getCertificateAuthority(args: GetCertificateAuthorityArgs, opts?: pulumi.InvokeOptions): Promise<GetCertificateAuthorityResult>

Get information on a AWS Certificate Manager Private Certificate Authority (ACM PCA Certificate Authority).

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = pulumi.output(aws.acmpca.getCertificateAuthority({
    arn: "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012",
}, { async: true }));

Others

interface CertificateAuthorityArgs

interface CertificateAuthorityArgs

The set of arguments for constructing a CertificateAuthority resource.

property certificateAuthorityConfiguration

certificateAuthorityConfiguration: pulumi.Input<CertificateAuthorityCertificateAuthorityConfiguration>;

Nested argument containing algorithms and certificate subject information. Defined below.

property enabled

enabled?: pulumi.Input<boolean>;

Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to false.

property permanentDeletionTimeInDays

permanentDeletionTimeInDays?: pulumi.Input<number>;

The number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

property revocationConfiguration

revocationConfiguration?: pulumi.Input<CertificateAuthorityRevocationConfiguration>;

Nested argument containing revocation configuration. Defined below.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

Specifies a key-value map of user-defined tags that are attached to the certificate authority.

property type

type?: pulumi.Input<string>;

The type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

interface CertificateAuthorityState

interface CertificateAuthorityState

Input properties used for looking up and filtering CertificateAuthority resources.

property arn

arn?: pulumi.Input<string>;

Amazon Resource Name (ARN) of the certificate authority.

property certificate

certificate?: pulumi.Input<string>;

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

property certificateAuthorityConfiguration

certificateAuthorityConfiguration?: pulumi.Input<CertificateAuthorityCertificateAuthorityConfiguration>;

Nested argument containing algorithms and certificate subject information. Defined below.

property certificateChain

certificateChain?: pulumi.Input<string>;

property certificateSigningRequest

certificateSigningRequest?: pulumi.Input<string>;

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

property enabled

enabled?: pulumi.Input<boolean>;

Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to false.

property notAfter

notAfter?: pulumi.Input<string>;

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

property notBefore

notBefore?: pulumi.Input<string>;

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

property permanentDeletionTimeInDays

permanentDeletionTimeInDays?: pulumi.Input<number>;

The number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

property revocationConfiguration

revocationConfiguration?: pulumi.Input<CertificateAuthorityRevocationConfiguration>;

Nested argument containing revocation configuration. Defined below.

property serial

serial?: pulumi.Input<string>;

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

property status

status?: pulumi.Input<string>;

Status of the certificate authority.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

Specifies a key-value map of user-defined tags that are attached to the certificate authority.

property type

type?: pulumi.Input<string>;

The type of the certificate authority. Defaults to SUBORDINATE. Valid values: ROOT and SUBORDINATE.

interface GetCertificateAuthorityArgs

interface GetCertificateAuthorityArgs

A collection of arguments for invoking getCertificateAuthority.

property arn

arn: string;

Amazon Resource Name (ARN) of the certificate authority.

property revocationConfigurations

revocationConfigurations?: GetCertificateAuthorityRevocationConfiguration[];

Nested attribute containing revocation configuration. * revocation_configuration.0.crl_configuration - Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. * revocation_configuration.0.crl_configuration.0.custom_cname - Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. * revocation_configuration.0.crl_configuration.0.enabled - Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. * revocation_configuration.0.crl_configuration.0.expiration_in_days - Number of days until a certificate expires. * revocation_configuration.0.crl_configuration.0.s3_bucket_name - Name of the S3 bucket that contains the CRL.

property tags

tags?: undefined | {[key: string]: any};

Specifies a key-value map of user-defined tags that are attached to the certificate authority.

interface GetCertificateAuthorityResult

interface GetCertificateAuthorityResult

A collection of values returned by getCertificateAuthority.

property arn

arn: string;

property certificate

certificate: string;

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

property certificateChain

certificateChain: string;

property certificateSigningRequest

certificateSigningRequest: string;

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property notAfter

notAfter: string;

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

property notBefore

notBefore: string;

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

property revocationConfigurations

revocationConfigurations: GetCertificateAuthorityRevocationConfiguration[];

property serial

serial: string;

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

property status

status: string;

Status of the certificate authority.

property tags

tags: {[key: string]: any};

Specifies a key-value map of user-defined tags that are attached to the certificate authority.

property type

type: string;

The type of the certificate authority.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

Module acmpca

Resources

Functions

Others

Resources

Example Usage

Basic

Enable Certificate Revocation List

Functions

Example Usage

Others