@pulumi/aws-native

Version:

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

pulumi.com

pulumi/pulumi-aws-native

311 lines (310 loc) • 12.7 kB

TypeScript

import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Private certificate authority. * * ## Example Usage * ### Example * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as aws_native from "@pulumi/aws-native"; * * const rootCA = new aws_native.acmpca.CertificateAuthority("rootCA", { * type: "ROOT", * keyAlgorithm: "RSA_2048", * signingAlgorithm: "SHA256WITHRSA", * subject: { * country: "US", * organization: "string", * organizationalUnit: "string", * distinguishedNameQualifier: "string", * state: "string", * commonName: "123", * serialNumber: "string", * locality: "string", * title: "string", * surname: "string", * givenName: "string", * initials: "DG", * pseudonym: "string", * generationQualifier: "DBG", * }, * revocationConfiguration: { * crlConfiguration: { * enabled: false, * }, * }, * }); * const rootCACertificate = new aws_native.acmpca.Certificate("rootCACertificate", { * certificateAuthorityArn: rootCA.id, * certificateSigningRequest: rootCA.certificateSigningRequest, * signingAlgorithm: "SHA256WITHRSA", * templateArn: "arn:aws:acm-pca:::template/RootCACertificate/V1", * validity: { * type: "DAYS", * value: 100, * }, * }); * const rootCAActivation = new aws_native.acmpca.CertificateAuthorityActivation("rootCAActivation", { * certificateAuthorityArn: rootCA.id, * certificate: rootCACertificate.certificate, * status: "ACTIVE", * }); * const rootCAPermission = new aws_native.acmpca.Permission("rootCAPermission", { * actions: [ * "IssueCertificate", * "GetCertificate", * "ListPermissions", * ], * certificateAuthorityArn: rootCA.id, * principal: "acm.amazonaws.com", * }); * const subordinateCAOne = new aws_native.acmpca.CertificateAuthority("subordinateCAOne", { * type: "SUBORDINATE", * keyAlgorithm: "RSA_2048", * signingAlgorithm: "SHA256WITHRSA", * subject: { * country: "US", * organization: "string", * organizationalUnit: "string", * distinguishedNameQualifier: "string", * state: "string", * commonName: "Sub1", * serialNumber: "string", * locality: "string", * title: "string", * surname: "string", * givenName: "string", * initials: "DG", * pseudonym: "string", * generationQualifier: "DBG", * }, * revocationConfiguration: {}, * tags: [], * }); * const subordinateCAOneCACertificate = new aws_native.acmpca.Certificate("subordinateCAOneCACertificate", { * certificateAuthorityArn: rootCA.id, * certificateSigningRequest: subordinateCAOne.certificateSigningRequest, * signingAlgorithm: "SHA256WITHRSA", * templateArn: "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen3/V1", * validity: { * type: "DAYS", * value: 90, * }, * }, { * dependsOn: [rootCAActivation], * }); * const subordinateCAOneActivation = new aws_native.acmpca.CertificateAuthorityActivation("subordinateCAOneActivation", { * certificateAuthorityArn: subordinateCAOne.id, * certificate: subordinateCAOneCACertificate.certificate, * certificateChain: rootCAActivation.completeCertificateChain, * status: "ACTIVE", * }); * const subordinateCAOnePermission = new aws_native.acmpca.Permission("subordinateCAOnePermission", { * actions: [ * "IssueCertificate", * "GetCertificate", * "ListPermissions", * ], * certificateAuthorityArn: subordinateCAOne.id, * principal: "acm.amazonaws.com", * }); * const subordinateCATwo = new aws_native.acmpca.CertificateAuthority("subordinateCATwo", { * type: "SUBORDINATE", * keyAlgorithm: "RSA_2048", * signingAlgorithm: "SHA256WITHRSA", * subject: { * country: "US", * organization: "string", * organizationalUnit: "string", * distinguishedNameQualifier: "string", * state: "string", * serialNumber: "string", * locality: "string", * title: "string", * surname: "string", * givenName: "string", * initials: "DG", * pseudonym: "string", * generationQualifier: "DBG", * }, * tags: [ * { * key: "Key1", * value: "Value1", * }, * { * key: "Key2", * value: "Value2", * }, * ], * }); * const subordinateCATwoCACertificate = new aws_native.acmpca.Certificate("subordinateCATwoCACertificate", { * certificateAuthorityArn: subordinateCAOne.id, * certificateSigningRequest: subordinateCATwo.certificateSigningRequest, * signingAlgorithm: "SHA256WITHRSA", * templateArn: "arn:aws:acm-pca:::template/SubordinateCACertificate_PathLen2/V1", * validity: { * type: "DAYS", * value: 80, * }, * }, { * dependsOn: [subordinateCAOneActivation], * }); * const subordinateCATwoActivation = new aws_native.acmpca.CertificateAuthorityActivation("subordinateCATwoActivation", { * certificateAuthorityArn: subordinateCATwo.id, * certificate: subordinateCATwoCACertificate.certificate, * certificateChain: subordinateCAOneActivation.completeCertificateChain, * }); * const subordinateCATwoPermission = new aws_native.acmpca.Permission("subordinateCATwoPermission", { * actions: [ * "IssueCertificate", * "GetCertificate", * "ListPermissions", * ], * certificateAuthorityArn: subordinateCATwo.id, * principal: "acm.amazonaws.com", * }); * const endEntityCertificate = new aws_native.acmpca.Certificate("endEntityCertificate", { * certificateAuthorityArn: subordinateCATwo.id, * certificateSigningRequest: `-----BEGIN CERTIFICATE REQUEST----- * MIICvDCCAaQCAQAwdzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxDzANBgNV * BAcMBkxpbmRvbjEWMBQGA1UECgwNRGlnaUNlcnQgSW5jLjERMA8GA1UECwwIRGln * aUNlcnQxHTAbBgNVBAMMFGV4YW1wbGUuZGlnaWNlcnQuY29tMIIBIjANBgkqhkiG * 9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8+To7d+2kPWeBv/orU3LVbJwDrSQbeKamCmo * wp5bqDxIwV20zqRb7APUOKYoVEFFOEQs6T6gImnIolhbiH6m4zgZ/CPvWBOkZc+c * 1Po2EmvBz+AD5sBdT5kzGQA6NbWyZGldxRthNLOs1efOhdnWFuhI162qmcflgpiI * WDuwq4C9f+YkeJhNn9dF5+owm8cOQmDrV8NNdiTqin8q3qYAHHJRW28glJUCZkTZ * wIaSR6crBQ8TbYNE0dc+Caa3DOIkz1EOsHWzTx+n0zKfqcbgXi4DJx+C1bjptYPR * BPZL8DAeWuA8ebudVT44yEp82G96/Ggcf7F33xMxe0yc+Xa6owIDAQABoAAwDQYJ * KoZIhvcNAQEFBQADggEBAB0kcrFccSmFDmxox0Ne01UIqSsDqHgL+XmHTXJwre6D * hJSZwbvEtOK0G3+dr4Fs11WuUNt5qcLsx5a8uk4G6AKHMzuhLsJ7XZjgmQXGECpY * Q4mC3yT3ZoCGpIXbw+iP3lmEEXgaQL0Tx5LFl/okKbKYwIqNiyKWOMj7ZR/wxWg/ * ZDGRs55xuoeLDJ/ZRFf9bI+IaCUd1YrfYcHIl3G87Av+r49YVwqRDT0VDV7uLgqn * 29XI1PpVUNCPQGn9p/eX6Qo7vpDaPybRtA2R7XLKjQaF9oXWeCUqy1hvJac9QFO2 * 97Ob1alpHPoZ7mWiEuJwjBPii6a9M9G30nUo39lBi1w= * -----END CERTIFICATE REQUEST-----`, * signingAlgorithm: "SHA256WITHRSA", * validity: { * type: "DAYS", * value: 70, * }, * }, { * dependsOn: [subordinateCATwoActivation], * }); * export const completeCertificateChain = subordinateCATwoActivation.completeCertificateChain; * export const certificateArn = endEntityCertificate.arn; * * ``` */ export declare class CertificateAuthority extends pulumi.CustomResource { /** * Get an existing CertificateAuthority resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): CertificateAuthority; /** * Returns true if the given object is an instance of CertificateAuthority. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is CertificateAuthority; /** * The Amazon Resource Name (ARN) of the certificate authority. */ readonly arn: pulumi.Output<string>; /** * The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate. */ readonly certificateSigningRequest: pulumi.Output<string>; /** * Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action. */ readonly csrExtensions: pulumi.Output<outputs.acmpca.CertificateAuthorityCsrExtensions | undefined>; /** * Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. */ readonly keyAlgorithm: pulumi.Output<string>; /** * KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys. */ readonly keyStorageSecurityStandard: pulumi.Output<string | undefined>; /** * Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. */ readonly revocationConfiguration: pulumi.Output<outputs.acmpca.CertificateAuthorityRevocationConfiguration | undefined>; /** * Algorithm your CA uses to sign certificate requests. */ readonly signingAlgorithm: pulumi.Output<string>; /** * Structure that contains X.500 distinguished name information for your CA. */ readonly subject: pulumi.Output<outputs.acmpca.CertificateAuthoritySubject>; /** * Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see [Controlling Access Using IAM Tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html) . */ readonly tags: pulumi.Output<outputs.Tag[] | undefined>; /** * The type of the certificate authority. */ readonly type: pulumi.Output<string>; /** * Usage mode of the ceritificate authority. */ readonly usageMode: pulumi.Output<string | undefined>; /** * Create a CertificateAuthority resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: CertificateAuthorityArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a CertificateAuthority resource. */ export interface CertificateAuthorityArgs { /** * Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action. */ csrExtensions?: pulumi.Input<inputs.acmpca.CertificateAuthorityCsrExtensionsArgs>; /** * Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. */ keyAlgorithm: pulumi.Input<string>; /** * KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys. */ keyStorageSecurityStandard?: pulumi.Input<string>; /** * Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. */ revocationConfiguration?: pulumi.Input<inputs.acmpca.CertificateAuthorityRevocationConfigurationArgs>; /** * Algorithm your CA uses to sign certificate requests. */ signingAlgorithm: pulumi.Input<string>; /** * Structure that contains X.500 distinguished name information for your CA. */ subject: pulumi.Input<inputs.acmpca.CertificateAuthoritySubjectArgs>; /** * Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see [Controlling Access Using IAM Tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html) . */ tags?: pulumi.Input<pulumi.Input<inputs.TagArgs>[]>; /** * The type of the certificate authority. */ type: pulumi.Input<string>; /** * Usage mode of the ceritificate authority. */ usageMode?: pulumi.Input<string>; }