aws-cdk-lib
Version:
Version 2 of the AWS Cloud Development Kit library
921 lines • 93.1 kB
TypeScript
import * as cdk from "../../core";
import * as constructs from "constructs";
import * as cfn_parse from "../../core/lib/helpers-internal";
/**
* The `AWS::ACMPCA::Certificate` resource is used to issue a certificate using your private certificate authority.
*
* For more information, see the [IssueCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html) action.
*
* @cloudformationResource AWS::ACMPCA::Certificate
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificate.html
*/
export declare class CfnCertificate extends cdk.CfnResource implements cdk.IInspectable {
/**
* The CloudFormation resource type name for this resource class.
*/
static readonly CFN_RESOURCE_TYPE_NAME: string;
/**
* Build a CfnCertificate from CloudFormation properties
*
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnCertificate;
/**
* The Amazon Resource Name (ARN) of the issued certificate.
*
* @cloudformationAttribute Arn
*/
readonly attrArn: string;
/**
* The issued Base64 PEM-encoded certificate.
*
* @cloudformationAttribute Certificate
*/
readonly attrCertificate: string;
/**
* Specifies X.509 certificate information to be included in the issued certificate. An `APIPassthrough` or `APICSRPassthrough` template variant must be selected, or else this parameter is ignored.
*/
apiPassthrough?: CfnCertificate.ApiPassthroughProperty | cdk.IResolvable;
/**
* The Amazon Resource Name (ARN) for the private CA issues the certificate.
*/
certificateAuthorityArn: string;
/**
* The certificate signing request (CSR) for the certificate.
*/
certificateSigningRequest: string;
/**
* The name of the algorithm that will be used to sign the certificate to be issued.
*/
signingAlgorithm: string;
/**
* Specifies a custom configuration template to use when issuing a certificate.
*/
templateArn?: string;
/**
* The period of time during which the certificate will be valid.
*/
validity: cdk.IResolvable | CfnCertificate.ValidityProperty;
/**
* Information describing the start of the validity period of the certificate.
*/
validityNotBefore?: cdk.IResolvable | CfnCertificate.ValidityProperty;
/**
* @param scope Scope in which this resource is defined
* @param id Construct identifier for this resource (unique in its scope)
* @param props Resource properties
*/
constructor(scope: constructs.Construct, id: string, props: CfnCertificateProps);
protected get cfnProperties(): Record<string, any>;
/**
* Examines the CloudFormation resource and discloses attributes
*
* @param inspector tree inspector to collect and process attributes
*/
inspect(inspector: cdk.TreeInspector): void;
protected renderProperties(props: Record<string, any>): Record<string, any>;
}
export declare namespace CfnCertificate {
/**
* Length of time for which the certificate issued by your private certificate authority (CA), or by the private CA itself, is valid in days, months, or years.
*
* You can issue a certificate by calling the `IssueCertificate` operation.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-validity.html
*/
interface ValidityProperty {
/**
* Specifies whether the `Value` parameter represents days, months, or years.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-validity.html#cfn-acmpca-certificate-validity-type
*/
readonly type: string;
/**
* A long integer interpreted according to the value of `Type` , below.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-validity.html#cfn-acmpca-certificate-validity-value
*/
readonly value: number;
}
/**
* Contains X.509 certificate information to be placed in an issued certificate. An `APIPassthrough` or `APICSRPassthrough` template variant must be selected, or else this parameter is ignored.
*
* If conflicting or duplicate certificate information is supplied from other sources, AWS Private CA applies [order of operation rules](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations) to determine what information is used.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-apipassthrough.html
*/
interface ApiPassthroughProperty {
/**
* Specifies X.509 extension information for a certificate.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-apipassthrough.html#cfn-acmpca-certificate-apipassthrough-extensions
*/
readonly extensions?: CfnCertificate.ExtensionsProperty | cdk.IResolvable;
/**
* Contains information about the certificate subject.
*
* The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-apipassthrough.html#cfn-acmpca-certificate-apipassthrough-subject
*/
readonly subject?: cdk.IResolvable | CfnCertificate.SubjectProperty;
}
/**
* Contains X.509 extension information for a certificate.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-extensions.html
*/
interface ExtensionsProperty {
/**
* Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers.
*
* For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .
*
* In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-extensions.html#cfn-acmpca-certificate-extensions-certificatepolicies
*/
readonly certificatePolicies?: Array<cdk.IResolvable | CfnCertificate.PolicyInformationProperty> | cdk.IResolvable;
/**
* Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the [Global OID reference database.](https://docs.aws.amazon.com/https://oidref.com/2.5.29).
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-extensions.html#cfn-acmpca-certificate-extensions-customextensions
*/
readonly customExtensions?: Array<CfnCertificate.CustomExtensionProperty | cdk.IResolvable> | cdk.IResolvable;
/**
* Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the `KeyUsage` extension.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-extensions.html#cfn-acmpca-certificate-extensions-extendedkeyusage
*/
readonly extendedKeyUsage?: Array<CfnCertificate.ExtendedKeyUsageProperty | cdk.IResolvable> | cdk.IResolvable;
/**
* Defines one or more purposes for which the key contained in the certificate can be used.
*
* Default value for each option is false.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-extensions.html#cfn-acmpca-certificate-extensions-keyusage
*/
readonly keyUsage?: cdk.IResolvable | CfnCertificate.KeyUsageProperty;
/**
* The subject alternative name extension allows identities to be bound to the subject of the certificate.
*
* These identities may be included in addition to or in place of the identity in the subject field of the certificate.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-extensions.html#cfn-acmpca-certificate-extensions-subjectalternativenames
*/
readonly subjectAlternativeNames?: Array<CfnCertificate.GeneralNameProperty | cdk.IResolvable> | cdk.IResolvable;
}
/**
* Specifies the X.509 extension information for a certificate.
*
* Extensions present in `CustomExtensions` follow the `ApiPassthrough` [template rules](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations) .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-customextension.html
*/
interface CustomExtensionProperty {
/**
* Specifies the critical flag of the X.509 extension.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-customextension.html#cfn-acmpca-certificate-customextension-critical
*/
readonly critical?: boolean | cdk.IResolvable;
/**
* Specifies the object identifier (OID) of the X.509 extension. For more information, see the [Global OID reference database.](https://docs.aws.amazon.com/https://oidref.com/2.5.29).
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-customextension.html#cfn-acmpca-certificate-customextension-objectidentifier
*/
readonly objectIdentifier: string;
/**
* Specifies the base64-encoded value of the X.509 extension.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-customextension.html#cfn-acmpca-certificate-customextension-value
*/
readonly value: string;
}
/**
* Defines the X.509 `CertificatePolicies` extension.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-policyinformation.html
*/
interface PolicyInformationProperty {
/**
* Specifies the object identifier (OID) of the certificate policy under which the certificate was issued.
*
* For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-policyinformation.html#cfn-acmpca-certificate-policyinformation-certpolicyid
*/
readonly certPolicyId: string;
/**
* Modifies the given `CertPolicyId` with a qualifier.
*
* AWS Private CA supports the certification practice statement (CPS) qualifier.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-policyinformation.html#cfn-acmpca-certificate-policyinformation-policyqualifiers
*/
readonly policyQualifiers?: Array<cdk.IResolvable | CfnCertificate.PolicyQualifierInfoProperty> | cdk.IResolvable;
}
/**
* Modifies the `CertPolicyId` of a `PolicyInformation` object with a qualifier.
*
* AWS Private CA supports the certification practice statement (CPS) qualifier.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-policyqualifierinfo.html
*/
interface PolicyQualifierInfoProperty {
/**
* Identifies the qualifier modifying a `CertPolicyId` .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-policyqualifierinfo.html#cfn-acmpca-certificate-policyqualifierinfo-policyqualifierid
*/
readonly policyQualifierId: string;
/**
* Defines the qualifier type.
*
* AWS Private CA supports the use of a URI for a CPS qualifier in this field.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-policyqualifierinfo.html#cfn-acmpca-certificate-policyqualifierinfo-qualifier
*/
readonly qualifier: cdk.IResolvable | CfnCertificate.QualifierProperty;
}
/**
* Defines a `PolicyInformation` qualifier.
*
* AWS Private CA supports the [certification practice statement (CPS) qualifier](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4) defined in RFC 5280.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-qualifier.html
*/
interface QualifierProperty {
/**
* Contains a pointer to a certification practice statement (CPS) published by the CA.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-qualifier.html#cfn-acmpca-certificate-qualifier-cpsuri
*/
readonly cpsUri: string;
}
/**
* Defines one or more purposes for which the key contained in the certificate can be used.
*
* Default value for each option is false.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-keyusage.html
*/
interface KeyUsageProperty {
/**
* Key can be used to sign CRLs.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-keyusage.html#cfn-acmpca-certificate-keyusage-crlsign
*/
readonly crlSign?: boolean | cdk.IResolvable;
/**
* Key can be used to decipher data.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-keyusage.html#cfn-acmpca-certificate-keyusage-dataencipherment
*/
readonly dataEncipherment?: boolean | cdk.IResolvable;
/**
* Key can be used only to decipher data.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-keyusage.html#cfn-acmpca-certificate-keyusage-decipheronly
*/
readonly decipherOnly?: boolean | cdk.IResolvable;
/**
* Key can be used for digital signing.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-keyusage.html#cfn-acmpca-certificate-keyusage-digitalsignature
*/
readonly digitalSignature?: boolean | cdk.IResolvable;
/**
* Key can be used only to encipher data.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-keyusage.html#cfn-acmpca-certificate-keyusage-encipheronly
*/
readonly encipherOnly?: boolean | cdk.IResolvable;
/**
* Key can be used in a key-agreement protocol.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-keyusage.html#cfn-acmpca-certificate-keyusage-keyagreement
*/
readonly keyAgreement?: boolean | cdk.IResolvable;
/**
* Key can be used to sign certificates.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-keyusage.html#cfn-acmpca-certificate-keyusage-keycertsign
*/
readonly keyCertSign?: boolean | cdk.IResolvable;
/**
* Key can be used to encipher data.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-keyusage.html#cfn-acmpca-certificate-keyusage-keyencipherment
*/
readonly keyEncipherment?: boolean | cdk.IResolvable;
/**
* Key can be used for non-repudiation.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-keyusage.html#cfn-acmpca-certificate-keyusage-nonrepudiation
*/
readonly nonRepudiation?: boolean | cdk.IResolvable;
}
/**
* Describes an ASN.1 X.400 `GeneralName` as defined in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) . Only one of the following naming options should be provided. Providing more than one option results in an `InvalidArgsException` error.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-generalname.html
*/
interface GeneralNameProperty {
/**
* Contains information about the certificate subject.
*
* The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-generalname.html#cfn-acmpca-certificate-generalname-directoryname
*/
readonly directoryName?: cdk.IResolvable | CfnCertificate.SubjectProperty;
/**
* Represents `GeneralName` as a DNS name.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-generalname.html#cfn-acmpca-certificate-generalname-dnsname
*/
readonly dnsName?: string;
/**
* Represents `GeneralName` as an `EdiPartyName` object.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-generalname.html#cfn-acmpca-certificate-generalname-edipartyname
*/
readonly ediPartyName?: CfnCertificate.EdiPartyNameProperty | cdk.IResolvable;
/**
* Represents `GeneralName` as an IPv4 or IPv6 address.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-generalname.html#cfn-acmpca-certificate-generalname-ipaddress
*/
readonly ipAddress?: string;
/**
* Represents `GeneralName` using an `OtherName` object.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-generalname.html#cfn-acmpca-certificate-generalname-othername
*/
readonly otherName?: cdk.IResolvable | CfnCertificate.OtherNameProperty;
/**
* Represents `GeneralName` as an object identifier (OID).
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-generalname.html#cfn-acmpca-certificate-generalname-registeredid
*/
readonly registeredId?: string;
/**
* Represents `GeneralName` as an [RFC 822](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc822) email address.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-generalname.html#cfn-acmpca-certificate-generalname-rfc822name
*/
readonly rfc822Name?: string;
/**
* Represents `GeneralName` as a URI.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-generalname.html#cfn-acmpca-certificate-generalname-uniformresourceidentifier
*/
readonly uniformResourceIdentifier?: string;
}
/**
* Describes an Electronic Data Interchange (EDI) entity as described in as defined in [Subject Alternative Name](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) in RFC 5280.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-edipartyname.html
*/
interface EdiPartyNameProperty {
/**
* Specifies the name assigner.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-edipartyname.html#cfn-acmpca-certificate-edipartyname-nameassigner
*/
readonly nameAssigner: string;
/**
* Specifies the party name.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-edipartyname.html#cfn-acmpca-certificate-edipartyname-partyname
*/
readonly partyName: string;
}
/**
* Defines a custom ASN.1 X.400 `GeneralName` using an object identifier (OID) and value. The OID must satisfy the regular expression shown below. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-othername.html
*/
interface OtherNameProperty {
/**
* Specifies an OID.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-othername.html#cfn-acmpca-certificate-othername-typeid
*/
readonly typeId: string;
/**
* Specifies an OID value.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-othername.html#cfn-acmpca-certificate-othername-value
*/
readonly value: string;
}
/**
* Contains information about the certificate subject.
*
* The `Subject` field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The `Subject` must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html
*/
interface SubjectProperty {
/**
* For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit.
*
* Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-commonname
*/
readonly commonName?: string;
/**
* Two-digit code that specifies the country in which the certificate subject located.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-country
*/
readonly country?: string;
/**
* Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .
*
* > Custom attributes cannot be used in combination with standard attributes.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-customattributes
*/
readonly customAttributes?: Array<CfnCertificate.CustomAttributeProperty | cdk.IResolvable> | cdk.IResolvable;
/**
* Disambiguating information for the certificate subject.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-distinguishednamequalifier
*/
readonly distinguishedNameQualifier?: string;
/**
* Typically a qualifier appended to the name of an individual.
*
* Examples include Jr. for junior, Sr. for senior, and III for third.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-generationqualifier
*/
readonly generationQualifier?: string;
/**
* First name.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-givenname
*/
readonly givenName?: string;
/**
* Concatenation that typically contains the first letter of the *GivenName* , the first letter of the middle name if one exists, and the first letter of the *Surname* .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-initials
*/
readonly initials?: string;
/**
* The locality (such as a city or town) in which the certificate subject is located.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-locality
*/
readonly locality?: string;
/**
* Legal name of the organization with which the certificate subject is affiliated.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-organization
*/
readonly organization?: string;
/**
* A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-organizationalunit
*/
readonly organizationalUnit?: string;
/**
* Typically a shortened version of a longer *GivenName* .
*
* For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-pseudonym
*/
readonly pseudonym?: string;
/**
* The certificate serial number.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-serialnumber
*/
readonly serialNumber?: string;
/**
* State in which the subject of the certificate is located.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-state
*/
readonly state?: string;
/**
* Family name.
*
* In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-surname
*/
readonly surname?: string;
/**
* A title such as Mr.
*
* or Ms., which is pre-pended to the name to refer formally to the certificate subject.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-subject.html#cfn-acmpca-certificate-subject-title
*/
readonly title?: string;
}
/**
* Defines the X.500 relative distinguished name (RDN).
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-customattribute.html
*/
interface CustomAttributeProperty {
/**
* Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN).
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-customattribute.html#cfn-acmpca-certificate-customattribute-objectidentifier
*/
readonly objectIdentifier: string;
/**
* Specifies the attribute value of relative distinguished name (RDN).
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-customattribute.html#cfn-acmpca-certificate-customattribute-value
*/
readonly value: string;
}
/**
* Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the `KeyUsage` extension.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-extendedkeyusage.html
*/
interface ExtendedKeyUsageProperty {
/**
* Specifies a custom `ExtendedKeyUsage` with an object identifier (OID).
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-extendedkeyusage.html#cfn-acmpca-certificate-extendedkeyusage-extendedkeyusageobjectidentifier
*/
readonly extendedKeyUsageObjectIdentifier?: string;
/**
* Specifies a standard `ExtendedKeyUsage` as defined as in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificate-extendedkeyusage.html#cfn-acmpca-certificate-extendedkeyusage-extendedkeyusagetype
*/
readonly extendedKeyUsageType?: string;
}
}
/**
* Properties for defining a `CfnCertificate`
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificate.html
*/
export interface CfnCertificateProps {
/**
* Specifies X.509 certificate information to be included in the issued certificate. An `APIPassthrough` or `APICSRPassthrough` template variant must be selected, or else this parameter is ignored.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificate.html#cfn-acmpca-certificate-apipassthrough
*/
readonly apiPassthrough?: CfnCertificate.ApiPassthroughProperty | cdk.IResolvable;
/**
* The Amazon Resource Name (ARN) for the private CA issues the certificate.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificate.html#cfn-acmpca-certificate-certificateauthorityarn
*/
readonly certificateAuthorityArn: string;
/**
* The certificate signing request (CSR) for the certificate.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificate.html#cfn-acmpca-certificate-certificatesigningrequest
*/
readonly certificateSigningRequest: string;
/**
* The name of the algorithm that will be used to sign the certificate to be issued.
*
* This parameter should not be confused with the `SigningAlgorithm` parameter used to sign a CSR in the `CreateCertificateAuthority` action.
*
* > The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificate.html#cfn-acmpca-certificate-signingalgorithm
*/
readonly signingAlgorithm: string;
/**
* Specifies a custom configuration template to use when issuing a certificate.
*
* If this parameter is not provided, AWS Private CA defaults to the `EndEntityCertificate/V1` template. For more information about AWS Private CA templates, see [Using Templates](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificate.html#cfn-acmpca-certificate-templatearn
*/
readonly templateArn?: string;
/**
* The period of time during which the certificate will be valid.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificate.html#cfn-acmpca-certificate-validity
*/
readonly validity: cdk.IResolvable | CfnCertificate.ValidityProperty;
/**
* Information describing the start of the validity period of the certificate.
*
* This parameter sets the “Not Before" date for the certificate.
*
* By default, when issuing a certificate, AWS Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The `ValidityNotBefore` parameter can be used to customize the “Not Before” value.
*
* Unlike the `Validity` parameter, the `ValidityNotBefore` parameter is optional.
*
* The `ValidityNotBefore` value is expressed as an explicit date and time, using the `Validity` type value `ABSOLUTE` .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificate.html#cfn-acmpca-certificate-validitynotbefore
*/
readonly validityNotBefore?: cdk.IResolvable | CfnCertificate.ValidityProperty;
}
/**
* Use the `AWS::ACMPCA::CertificateAuthority` resource to create a private CA.
*
* Once the CA exists, you can use the `AWS::ACMPCA::Certificate` resource to issue a new CA certificate. Alternatively, you can issue a CA certificate using an on-premises CA, and then use the `AWS::ACMPCA::CertificateAuthorityActivation` resource to import the new CA certificate and activate the CA.
*
* > Before removing a `AWS::ACMPCA::CertificateAuthority` resource from the CloudFormation stack, disable the affected CA. Otherwise, the action will fail. You can disable the CA by removing its associated `AWS::ACMPCA::CertificateAuthorityActivation` resource from CloudFormation.
*
* @cloudformationResource AWS::ACMPCA::CertificateAuthority
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.html
*/
export declare class CfnCertificateAuthority extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable {
/**
* The CloudFormation resource type name for this resource class.
*/
static readonly CFN_RESOURCE_TYPE_NAME: string;
/**
* Build a CfnCertificateAuthority from CloudFormation properties
*
* A factory method that creates a new instance of this class from an object
* containing the CloudFormation properties of this resource.
* Used in the @aws-cdk/cloudformation-include module.
*
* @internal
*/
static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnCertificateAuthority;
/**
* The Amazon Resource Name (ARN) for the private CA that issued the certificate.
*
* @cloudformationAttribute Arn
*/
readonly attrArn: string;
/**
* The Base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
*
* @cloudformationAttribute CertificateSigningRequest
*/
readonly attrCertificateSigningRequest: string;
/**
* Specifies information to be added to the extension section of the certificate signing request (CSR).
*/
csrExtensions?: CfnCertificateAuthority.CsrExtensionsProperty | cdk.IResolvable;
/**
* Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
*/
keyAlgorithm: string;
/**
* Specifies a cryptographic key management compliance standard used for handling CA keys.
*/
keyStorageSecurityStandard?: string;
/**
* Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.
*/
revocationConfiguration?: cdk.IResolvable | CfnCertificateAuthority.RevocationConfigurationProperty;
/**
* Name of the algorithm your private CA uses to sign certificate requests.
*/
signingAlgorithm: string;
/**
* Structure that contains X.500 distinguished name information for your private CA.
*/
subject: cdk.IResolvable | CfnCertificateAuthority.SubjectProperty;
/**
* Tag Manager which manages the tags for this resource
*/
readonly tags: cdk.TagManager;
/**
* Key-value pairs that will be attached to the new private CA.
*/
tagsRaw?: Array<cdk.CfnTag>;
/**
* Type of your private CA.
*/
type: string;
/**
* Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
*/
usageMode?: string;
/**
* @param scope Scope in which this resource is defined
* @param id Construct identifier for this resource (unique in its scope)
* @param props Resource properties
*/
constructor(scope: constructs.Construct, id: string, props: CfnCertificateAuthorityProps);
protected get cfnProperties(): Record<string, any>;
/**
* Examines the CloudFormation resource and discloses attributes
*
* @param inspector tree inspector to collect and process attributes
*/
inspect(inspector: cdk.TreeInspector): void;
protected renderProperties(props: Record<string, any>): Record<string, any>;
}
export declare namespace CfnCertificateAuthority {
/**
* Describes the certificate extensions to be added to the certificate signing request (CSR).
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-csrextensions.html
*/
interface CsrExtensionsProperty {
/**
* Indicates the purpose of the certificate and of the key contained in the certificate.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-csrextensions.html#cfn-acmpca-certificateauthority-csrextensions-keyusage
*/
readonly keyUsage?: cdk.IResolvable | CfnCertificateAuthority.KeyUsageProperty;
/**
* For CA certificates, provides a path to additional information pertaining to the CA, such as revocation and policy.
*
* For more information, see [Subject Information Access](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.2) in RFC 5280.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-csrextensions.html#cfn-acmpca-certificateauthority-csrextensions-subjectinformationaccess
*/
readonly subjectInformationAccess?: Array<CfnCertificateAuthority.AccessDescriptionProperty | cdk.IResolvable> | cdk.IResolvable;
}
/**
* Defines one or more purposes for which the key contained in the certificate can be used.
*
* Default value for each option is false.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-keyusage.html
*/
interface KeyUsageProperty {
/**
* Key can be used to sign CRLs.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-keyusage.html#cfn-acmpca-certificateauthority-keyusage-crlsign
*/
readonly crlSign?: boolean | cdk.IResolvable;
/**
* Key can be used to decipher data.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-keyusage.html#cfn-acmpca-certificateauthority-keyusage-dataencipherment
*/
readonly dataEncipherment?: boolean | cdk.IResolvable;
/**
* Key can be used only to decipher data.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-keyusage.html#cfn-acmpca-certificateauthority-keyusage-decipheronly
*/
readonly decipherOnly?: boolean | cdk.IResolvable;
/**
* Key can be used for digital signing.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-keyusage.html#cfn-acmpca-certificateauthority-keyusage-digitalsignature
*/
readonly digitalSignature?: boolean | cdk.IResolvable;
/**
* Key can be used only to encipher data.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-keyusage.html#cfn-acmpca-certificateauthority-keyusage-encipheronly
*/
readonly encipherOnly?: boolean | cdk.IResolvable;
/**
* Key can be used in a key-agreement protocol.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-keyusage.html#cfn-acmpca-certificateauthority-keyusage-keyagreement
*/
readonly keyAgreement?: boolean | cdk.IResolvable;
/**
* Key can be used to sign certificates.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-keyusage.html#cfn-acmpca-certificateauthority-keyusage-keycertsign
*/
readonly keyCertSign?: boolean | cdk.IResolvable;
/**
* Key can be used to encipher data.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-keyusage.html#cfn-acmpca-certificateauthority-keyusage-keyencipherment
*/
readonly keyEncipherment?: boolean | cdk.IResolvable;
/**
* Key can be used for non-repudiation.
*
* @default - false
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-keyusage.html#cfn-acmpca-certificateauthority-keyusage-nonrepudiation
*/
readonly nonRepudiation?: boolean | cdk.IResolvable;
}
/**
* Provides access information used by the `authorityInfoAccess` and `subjectInfoAccess` extensions described in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-accessdescription.html
*/
interface AccessDescriptionProperty {
/**
* The location of `AccessDescription` information.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-accessdescription.html#cfn-acmpca-certificateauthority-accessdescription-accesslocation
*/
readonly accessLocation: CfnCertificateAuthority.GeneralNameProperty | cdk.IResolvable;
/**
* The type and format of `AccessDescription` information.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-accessdescription.html#cfn-acmpca-certificateauthority-accessdescription-accessmethod
*/
readonly accessMethod: CfnCertificateAuthority.AccessMethodProperty | cdk.IResolvable;
}
/**
* Describes the type and format of extension access.
*
* Only one of `CustomObjectIdentifier` or `AccessMethodType` may be provided. Providing both results in `InvalidArgsException` .
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-accessmethod.html
*/
interface AccessMethodProperty {
/**
* Specifies the `AccessMethod` .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-accessmethod.html#cfn-acmpca-certificateauthority-accessmethod-accessmethodtype
*/
readonly accessMethodType?: string;
/**
* An object identifier (OID) specifying the `AccessMethod` .
*
* The OID must satisfy the regular expression shown below. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-accessmethod.html#cfn-acmpca-certificateauthority-accessmethod-customobjectidentifier
*/
readonly customObjectIdentifier?: string;
}
/**
* Describes an ASN.1 X.400 `GeneralName` as defined in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) . Only one of the following naming options should be provided. Providing more than one option results in an `InvalidArgsException` error.
*
* @struct
* @stability external
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acmpca-certificateauthority-generalname.html
*/
interface GeneralNameProperty {
/**
* Contains information about the certificate subject.
*
* The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
*
* @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-acm