Ca
Creates and manages an AWS IoT CA Certificate.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tls.PrivateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.SelfSignedCert;
import com.pulumi.tls.SelfSignedCertArgs;
import com.pulumi.tls.inputs.SelfSignedCertSubjectArgs;
import com.pulumi.aws.iot.IotFunctions;
import com.pulumi.tls.CertRequest;
import com.pulumi.tls.CertRequestArgs;
import com.pulumi.tls.inputs.CertRequestSubjectArgs;
import com.pulumi.tls.LocallySignedCert;
import com.pulumi.tls.LocallySignedCertArgs;
import com.pulumi.aws.iot.CaCertificate;
import com.pulumi.aws.iot.CaCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var caPrivateKey = new PrivateKey("caPrivateKey", PrivateKeyArgs.builder()
.algorithm("RSA")
.build());
var caSelfSignedCert = new SelfSignedCert("caSelfSignedCert", SelfSignedCertArgs.builder()
.privateKeyPem(caPrivateKey.privateKeyPem())
.subject(SelfSignedCertSubjectArgs.builder()
.commonName("example.com")
.organization("ACME Examples, Inc")
.build())
.validityPeriodHours(12)
.allowedUses(
"key_encipherment",
"digital_signature",
"server_auth")
.isCaCertificate(true)
.build());
var verificationPrivateKey = new PrivateKey("verificationPrivateKey", PrivateKeyArgs.builder()
.algorithm("RSA")
.build());
final var exampleRegistrationCode = IotFunctions.getRegistrationCode();
var verificationCertRequest = new CertRequest("verificationCertRequest", CertRequestArgs.builder()
.privateKeyPem(verificationPrivateKey.privateKeyPem())
.subject(CertRequestSubjectArgs.builder()
.commonName(exampleRegistrationCode.applyValue(getRegistrationCodeResult -> getRegistrationCodeResult.registrationCode()))
.build())
.build());
var verificationLocallySignedCert = new LocallySignedCert("verificationLocallySignedCert", LocallySignedCertArgs.builder()
.certRequestPem(verificationCertRequest.certRequestPem())
.caPrivateKeyPem(caPrivateKey.privateKeyPem())
.caCertPem(caSelfSignedCert.certPem())
.validityPeriodHours(12)
.allowedUses(
"key_encipherment",
"digital_signature",
"server_auth")
.build());
var exampleCaCertificate = new CaCertificate("exampleCaCertificate", CaCertificateArgs.builder()
.active(true)
.caCertificatePem(caSelfSignedCert.certPem())
.verificationCertificatePem(verificationLocallySignedCert.certPem())
.allowAutoRegistration(true)
.build());
}
}Content copied to clipboard
Properties
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.