pulumi-aws-kotlin/com.pulumi.aws.acmpca.kotlin/CertificateAuthorityCertificateArgs

CertificateAuthorityCertificateArgs

data class CertificateAuthorityCertificateArgs(val certificate: Output<String>? = null, val certificateAuthorityArn: Output<String>? = null, val certificateChain: Output<String>? = null) : ConvertibleToJava<CertificateAuthorityCertificateArgs>

Associates a certificate with an AWS Certificate Manager Private Certificate Authority (ACM PCA Certificate Authority). An ACM PCA Certificate Authority is unable to issue certificates until it has a certificate associated with it. A root level ACM PCA Certificate Authority is able to self-sign its own root certificate.

Example Usage

Self-Signed Root Certificate Authority Certificate

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.CertificateAuthority;
import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.acmpca.Certificate;
import com.pulumi.aws.acmpca.CertificateArgs;
import com.pulumi.aws.acmpca.inputs.CertificateValidityArgs;
import com.pulumi.aws.acmpca.CertificateAuthorityCertificate;
import com.pulumi.aws.acmpca.CertificateAuthorityCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleCertificateAuthority = new CertificateAuthority("exampleCertificateAuthority", CertificateAuthorityArgs.builder()
            .type("ROOT")
            .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
                .keyAlgorithm("RSA_4096")
                .signingAlgorithm("SHA512WITHRSA")
                .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
                    .commonName("example.com")
                    .build())
                .build())
            .build());
        final var current = AwsFunctions.getPartition();
        var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder()
            .certificateAuthorityArn(exampleCertificateAuthority.arn())
            .certificateSigningRequest(exampleCertificateAuthority.certificateSigningRequest())
            .signingAlgorithm("SHA512WITHRSA")
            .templateArn(String.format("arn:%s:acm-pca:::template/RootCACertificate/V1", current.applyValue(getPartitionResult -> getPartitionResult.partition())))
            .validity(CertificateValidityArgs.builder()
                .type("YEARS")
                .value(1)
                .build())
            .build());
        var exampleCertificateAuthorityCertificate = new CertificateAuthorityCertificate("exampleCertificateAuthorityCertificate", CertificateAuthorityCertificateArgs.builder()
            .certificateAuthorityArn(exampleCertificateAuthority.arn())
            .certificate(exampleCertificate.certificate())
            .certificateChain(exampleCertificate.certificateChain())
            .build());
    }
}
Content copied to clipboard

Certificate for Subordinate Certificate Authority

Note that the certificate for the subordinate certificate authority must be issued by the root certificate authority using a signing request from the subordinate certificate authority.

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.CertificateAuthority;
import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.acmpca.Certificate;
import com.pulumi.aws.acmpca.CertificateArgs;
import com.pulumi.aws.acmpca.inputs.CertificateValidityArgs;
import com.pulumi.aws.acmpca.CertificateAuthorityCertificate;
import com.pulumi.aws.acmpca.CertificateAuthorityCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var subordinateCertificateAuthority = new CertificateAuthority("subordinateCertificateAuthority", CertificateAuthorityArgs.builder()
            .type("SUBORDINATE")
            .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
                .keyAlgorithm("RSA_2048")
                .signingAlgorithm("SHA512WITHRSA")
                .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
                    .commonName("sub.example.com")
                    .build())
                .build())
            .build());
        var rootCertificateAuthority = new CertificateAuthority("rootCertificateAuthority");
        final var current = AwsFunctions.getPartition();
        var subordinateCertificate = new Certificate("subordinateCertificate", CertificateArgs.builder()
            .certificateAuthorityArn(rootCertificateAuthority.arn())
            .certificateSigningRequest(subordinateCertificateAuthority.certificateSigningRequest())
            .signingAlgorithm("SHA512WITHRSA")
            .templateArn(String.format("arn:%s:acm-pca:::template/SubordinateCACertificate_PathLen0/V1", current.applyValue(getPartitionResult -> getPartitionResult.partition())))
            .validity(CertificateValidityArgs.builder()
                .type("YEARS")
                .value(1)
                .build())
            .build());
        var subordinateCertificateAuthorityCertificate = new CertificateAuthorityCertificate("subordinateCertificateAuthorityCertificate", CertificateAuthorityCertificateArgs.builder()
            .certificateAuthorityArn(subordinateCertificateAuthority.arn())
            .certificate(subordinateCertificate.certificate())
            .certificateChain(subordinateCertificate.certificateChain())
            .build());
        var rootCertificateAuthorityCertificate = new CertificateAuthorityCertificate("rootCertificateAuthorityCertificate");
        var rootCertificate = new Certificate("rootCertificate");
    }
}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(certificate: Output<String>? = null, certificateAuthorityArn: Output<String>? = null, certificateChain: Output<String>? = null)

Properties

Link copied to clipboard
val certificate: Output<String>? = null

PEM-encoded certificate for the Certificate Authority.

Link copied to clipboard
val certificateAuthorityArn: Output<String>? = null

ARN of the Certificate Authority.

Link copied to clipboard
val certificateChain: Output<String>? = null

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA. Required for subordinate Certificate Authorities. Not allowed for root Certificate Authorities.

Functions

Link copied to clipboard
open override fun toJava(): CertificateAuthorityCertificateArgs