pulumi-aws-kotlin/com.pulumi.aws.acmpca.kotlin/CertificateAuthorityCertificateArgs

CertificateAuthorityCertificateArgs

data class CertificateAuthorityCertificateArgs(val certificate: Output<String>? = null, val certificateAuthorityArn: Output<String>? = null, val certificateChain: Output<String>? = null) : ConvertibleToJava<CertificateAuthorityCertificateArgs>

Associates a certificate with an AWS Certificate Manager Private Certificate Authority (ACM PCA Certificate Authority). An ACM PCA Certificate Authority is unable to issue certificates until it has a certificate associated with it. A root level ACM PCA Certificate Authority is able to self-sign its own root certificate.

Example Usage

Self-Signed Root Certificate Authority Certificate

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.CertificateAuthority;
import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.acmpca.Certificate;
import com.pulumi.aws.acmpca.CertificateArgs;
import com.pulumi.aws.acmpca.inputs.CertificateValidityArgs;
import com.pulumi.aws.acmpca.CertificateAuthorityCertificate;
import com.pulumi.aws.acmpca.CertificateAuthorityCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleCertificateAuthority = new CertificateAuthority("exampleCertificateAuthority", CertificateAuthorityArgs.builder()
            .type("ROOT")
            .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
                .keyAlgorithm("RSA_4096")
                .signingAlgorithm("SHA512WITHRSA")
                .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
                    .commonName("example.com")
                    .build())
                .build())
            .build());
        final var current = AwsFunctions.getPartition();
        var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()
            .certificateAuthorityArn(exampleCertificateAuthority.arn())
            .certificateSigningRequest(exampleCertificateAuthority.certificateSigningRequest())
            .signingAlgorithm("SHA512WITHRSA")
            .templateArn(String.format("arn:%s:acm-pca:::template/RootCACertificate/V1", current.applyValue(getPartitionResult -> getPartitionResult.partition())))
            .validity(CertificateValidityArgs.builder()
                .type("YEARS")
                .value(1)
                .build())
            .build());
        var exampleCertificateAuthorityCertificate = new CertificateAuthorityCertificate("exampleCertificateAuthorityCertificate", CertificateAuthorityCertificateArgs.builder()
            .certificateAuthorityArn(exampleCertificateAuthority.arn())
            .certificate(exampleCertificate.certificate())
            .certificateChain(exampleCertificate.certificateChain())
            .build());
    }
}
Content copied to clipboard

Certificate for Subordinate Certificate Authority

Note that the certificate for the subordinate certificate authority must be issued by the root certificate authority using a signing request from the subordinate certificate authority.

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.CertificateAuthority;
import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.acmpca.Certificate;
import com.pulumi.aws.acmpca.CertificateArgs;
import com.pulumi.aws.acmpca.inputs.CertificateValidityArgs;
import com.pulumi.aws.acmpca.CertificateAuthorityCertificate;
import com.pulumi.aws.acmpca.CertificateAuthorityCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var subordinateCertificateAuthority = new CertificateAuthority("subordinateCertificateAuthority", CertificateAuthorityArgs.builder()
            .type("SUBORDINATE")
            .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
                .keyAlgorithm("RSA_2048")
                .signingAlgorithm("SHA512WITHRSA")
                .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
                    .commonName("sub.example.com")
                    .build())
                .build())
            .build());
        var rootCertificateAuthority = new CertificateAuthority("rootCertificateAuthority");
        final var current = AwsFunctions.getPartition();
        var subordinateCertificate = new Certificate("subordinateCertificate", CertificateArgs.builder()
            .certificateAuthorityArn(rootCertificateAuthority.arn())
            .certificateSigningRequest(subordinateCertificateAuthority.certificateSigningRequest())
            .signingAlgorithm("SHA512WITHRSA")
            .templateArn(String.format("arn:%s:acm-pca:::template/SubordinateCACertificate_PathLen0/V1", current.applyValue(getPartitionResult -> getPartitionResult.partition())))
            .validity(CertificateValidityArgs.builder()
                .type("YEARS")
                .value(1)
                .build())
            .build());
        var subordinateCertificateAuthorityCertificate = new CertificateAuthorityCertificate("subordinateCertificateAuthorityCertificate", CertificateAuthorityCertificateArgs.builder()
            .certificateAuthorityArn(subordinateCertificateAuthority.arn())
            .certificate(subordinateCertificate.certificate())
            .certificateChain(subordinateCertificate.certificateChain())
            .build());
        var rootCertificateAuthorityCertificate = new CertificateAuthorityCertificate("rootCertificateAuthorityCertificate");
        var rootCertificate = new Certificate("rootCertificate");
    }
}
Content copied to clipboard

Constructors

Link copied to clipboard
fun CertificateAuthorityCertificateArgs(certificate: Output<String>? = null, certificateAuthorityArn: Output<String>? = null, certificateChain: Output<String>? = null)

Functions

Link copied to clipboard
open override fun toJava(): CertificateAuthorityCertificateArgs

Properties

Link copied to clipboard
val certificate: Output<String>? = null

PEM-encoded certificate for the Certificate Authority.

Link copied to clipboard
val certificateAuthorityArn: Output<String>? = null

ARN of the Certificate Authority.

Link copied to clipboard
val certificateChain: Output<String>? = null

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA. Required for subordinate Certificate Authorities. Not allowed for root Certificate Authorities.