Query

aws::acmpca-certificate-authority

Creates a ACM PCA Certificate Authority.

Example

aws::acmpca-certificate-authority certificate-authority-example
    type: "ROOT"
    configuration
        key-algorithm: "RSA_2048"
        signing-algorithm: "SHA256WITHRSA"
        subject
            country: "US"
            organization: "Gyro LLC"
            organizational-unit: "Dev"
            state: "Virginia"
            common-name: "VA R2"
            locality: "Reston"
        end
    end

    permission
        actions: [
            "IssueCertificate",
            "GetCertificate",
            "ListPermissions"
        ]
        principal: "acm.amazonaws.com"
    end

    tags: {
        Name: "certificate-authority-example"
    }
end

Attributes

Attribute	Description
configuration subresource	The configuration setting for the Certificate Authority. (Required) key-algorithm The type of the key algorithm. Valid values are RSA_2048, RSA_4096, EC_prime256v1 or EC_secp384r1. signing-algorithm The type of signing algorithm. Valid values are SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA or SHA512WITHRSA. subject subresource The subject configuration. common-name Fully qualified domain name (FQDN) associated with the certificate subject. country Two-digit code that specifies the country in which the certificate subject located. distinguished-name-qualifier Disambiguating information for the certificate subject. generation-qualifier Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. given-name First name. initials Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the SurName. locality The locality (such as a city or town) in which the certificate subject is located. organization Legal name of the organization with which the certificate subject is affiliated. organizational-unit A subdivision or unit of the organization with which the certificate subject is affiliated. pseudonym Typically a shortened version of a longer GivenName. serial-number The certificate serial number. state State in which the subject of the certificate is located. surname Family name. title A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
type	The type of Certificate Authority. Valid values are ROOT or SUBORDINATE. (Required)
revocation-configuration subresource	The revocation configuration for the Certificate Authority. crl-configuration subresource The Crl configuration. custom-name Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. enabled Enable or Disable this CRL. Defaults to Disabled. expiration-days Number of days until a certificate expires. bucket The S3 bucket that contains the CRL
tags map	Tags for the Certificate Authority.
permission subresource	The permission setting for the Certificate Authority. actions set Actions associated with the permission. principal The AWS service or entity that holds the permission. Defaults to acm.amazonaws.com. Currently the only supported value is acm.amazonaws.com.
enabled	Enable or Disable the Certificate Authority. Defaults to enabled.

Outputs

Attribute	Description
arn	The ARN for the Certificate Authority.
serial	The Serial for the Certificate Authority.
failure-reason	The failure reason for the Certificate Authority.
created-at	Creation time for the Certificate Authority.
last-state-change-at	Last update time for the Certificate Authority.
not-after	Date and time after which the Certificate Authority is not valid.
not-before	Date and time before which the Certificate Authority is not valid.
status	The status of the Certificate Authority.