Ca
data class CaCertificateArgs(val active: Output<Boolean>? = null, val allowAutoRegistration: Output<Boolean>? = null, val caCertificatePem: Output<String>? = null, val certificateMode: Output<String>? = null, val registrationConfig: Output<CaCertificateRegistrationConfigArgs>? = null, val tags: Output<Map<String, String>>? = null, val verificationCertificatePem: Output<String>? = null) : ConvertibleToJava<CaCertificateArgs>
Creates and manages an AWS IoT CA Certificate.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as tls from "@pulumi/tls";
const caPrivateKey = new tls.index.PrivateKey("ca", {algorithm: "RSA"});
const ca = new tls.index.SelfSignedCert("ca", {
privateKeyPem: caPrivateKey.privateKeyPem,
subject: [{
commonName: "example.com",
organization: "ACME Examples, Inc",
}],
validityPeriodHours: 12,
allowedUses: [
"key_encipherment",
"digital_signature",
"server_auth",
],
isCaCertificate: true,
});
const verificationPrivateKey = new tls.index.PrivateKey("verification", {algorithm: "RSA"});
const example = aws.iot.getRegistrationCode({});
const verification = new tls.index.CertRequest("verification", {
privateKeyPem: verificationPrivateKey.privateKeyPem,
subject: [{
commonName: example.registrationCode,
}],
});
const verificationLocallySignedCert = new tls.index.LocallySignedCert("verification", {
certRequestPem: verification.certRequestPem,
caPrivateKeyPem: caPrivateKey.privateKeyPem,
caCertPem: ca.certPem,
validityPeriodHours: 12,
allowedUses: [
"key_encipherment",
"digital_signature",
"server_auth",
],
});
const exampleCaCertificate = new aws.iot.CaCertificate("example", {
active: true,
caCertificatePem: ca.certPem,
verificationCertificatePem: verificationLocallySignedCert.certPem,
allowAutoRegistration: true,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
import pulumi_tls as tls
ca_private_key = tls.index.PrivateKey("ca", algorithm=RSA)
ca = tls.index.SelfSignedCert("ca",
private_key_pem=ca_private_key.private_key_pem,
subject=[{
commonName: example.com,
organization: ACME Examples, Inc,
}],
validity_period_hours=12,
allowed_uses=[
key_encipherment,
digital_signature,
server_auth,
],
is_ca_certificate=True)
verification_private_key = tls.index.PrivateKey("verification", algorithm=RSA)
example = aws.iot.get_registration_code()
verification = tls.index.CertRequest("verification",
private_key_pem=verification_private_key.private_key_pem,
subject=[{
commonName: example.registration_code,
}])
verification_locally_signed_cert = tls.index.LocallySignedCert("verification",
cert_request_pem=verification.cert_request_pem,
ca_private_key_pem=ca_private_key.private_key_pem,
ca_cert_pem=ca.cert_pem,
validity_period_hours=12,
allowed_uses=[
key_encipherment,
digital_signature,
server_auth,
])
example_ca_certificate = aws.iot.CaCertificate("example",
active=True,
ca_certificate_pem=ca["certPem"],
verification_certificate_pem=verification_locally_signed_cert["certPem"],
allow_auto_registration=True)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Tls = Pulumi.Tls;
return await Deployment.RunAsync(() =>
{
var caPrivateKey = new Tls.Index.PrivateKey("ca", new()
{
Algorithm = "RSA",
});
var ca = new Tls.Index.SelfSignedCert("ca", new()
{
PrivateKeyPem = caPrivateKey.PrivateKeyPem,
Subject = new[]
{
{
{ "commonName", "example.com" },
{ "organization", "ACME Examples, Inc" },
},
},
ValidityPeriodHours = 12,
AllowedUses = new[]
{
"key_encipherment",
"digital_signature",
"server_auth",
},
IsCaCertificate = true,
});
var verificationPrivateKey = new Tls.Index.PrivateKey("verification", new()
{
Algorithm = "RSA",
});
var example = Aws.Iot.GetRegistrationCode.Invoke();
var verification = new Tls.Index.CertRequest("verification", new()
{
PrivateKeyPem = verificationPrivateKey.PrivateKeyPem,
Subject = new[]
{
{
{ "commonName", example.Apply(getRegistrationCodeResult => getRegistrationCodeResult.RegistrationCode) },
},
},
});
var verificationLocallySignedCert = new Tls.Index.LocallySignedCert("verification", new()
{
CertRequestPem = verification.CertRequestPem,
CaPrivateKeyPem = caPrivateKey.PrivateKeyPem,
CaCertPem = ca.CertPem,
ValidityPeriodHours = 12,
AllowedUses = new[]
{
"key_encipherment",
"digital_signature",
"server_auth",
},
});
var exampleCaCertificate = new Aws.Iot.CaCertificate("example", new()
{
Active = true,
CaCertificatePem = ca.CertPem,
VerificationCertificatePem = verificationLocallySignedCert.CertPem,
AllowAutoRegistration = true,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot"
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
caPrivateKey, err := tls.NewPrivateKey(ctx, "ca", &tls.PrivateKeyArgs{
Algorithm: "RSA",
})
if err != nil {
return err
}
ca, err := tls.NewSelfSignedCert(ctx, "ca", &tls.SelfSignedCertArgs{
PrivateKeyPem: caPrivateKey.PrivateKeyPem,
Subject: []map[string]interface{}{
map[string]interface{}{
"commonName": "example.com",
"organization": "ACME Examples, Inc",
},
},
ValidityPeriodHours: 12,
AllowedUses: []string{
"key_encipherment",
"digital_signature",
"server_auth",
},
IsCaCertificate: true,
})
if err != nil {
return err
}
verificationPrivateKey, err := tls.NewPrivateKey(ctx, "verification", &tls.PrivateKeyArgs{
Algorithm: "RSA",
})
if err != nil {
return err
}
example, err := iot.GetRegistrationCode(ctx, map[string]interface{}{}, nil)
if err != nil {
return err
}
verification, err := tls.NewCertRequest(ctx, "verification", &tls.CertRequestArgs{
PrivateKeyPem: verificationPrivateKey.PrivateKeyPem,
Subject: []map[string]interface{}{
map[string]interface{}{
"commonName": example.RegistrationCode,
},
},
})
if err != nil {
return err
}
verificationLocallySignedCert, err := tls.NewLocallySignedCert(ctx, "verification", &tls.LocallySignedCertArgs{
CertRequestPem: verification.CertRequestPem,
CaPrivateKeyPem: caPrivateKey.PrivateKeyPem,
CaCertPem: ca.CertPem,
ValidityPeriodHours: 12,
AllowedUses: []string{
"key_encipherment",
"digital_signature",
"server_auth",
},
})
if err != nil {
return err
}
_, err = iot.NewCaCertificate(ctx, "example", &iot.CaCertificateArgs{
Active: pulumi.Bool(true),
CaCertificatePem: ca.CertPem,
VerificationCertificatePem: verificationLocallySignedCert.CertPem,
AllowAutoRegistration: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tls.privateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.selfSignedCert;
import com.pulumi.tls.SelfSignedCertArgs;
import com.pulumi.aws.iot.IotFunctions;
import com.pulumi.tls.certRequest;
import com.pulumi.tls.CertRequestArgs;
import com.pulumi.tls.locallySignedCert;
import com.pulumi.tls.LocallySignedCertArgs;
import com.pulumi.aws.iot.CaCertificate;
import com.pulumi.aws.iot.CaCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var caPrivateKey = new PrivateKey("caPrivateKey", PrivateKeyArgs.builder()
.algorithm("RSA")
.build());
var ca = new SelfSignedCert("ca", SelfSignedCertArgs.builder()
.privateKeyPem(caPrivateKey.privateKeyPem())
.subject(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.validityPeriodHours(12)
.allowedUses(
"key_encipherment",
"digital_signature",
"server_auth")
.isCaCertificate(true)
.build());
var verificationPrivateKey = new PrivateKey("verificationPrivateKey", PrivateKeyArgs.builder()
.algorithm("RSA")
.build());
final var example = IotFunctions.getRegistrationCode();
var verification = new CertRequest("verification", CertRequestArgs.builder()
.privateKeyPem(verificationPrivateKey.privateKeyPem())
.subject(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
.build());
var verificationLocallySignedCert = new LocallySignedCert("verificationLocallySignedCert", LocallySignedCertArgs.builder()
.certRequestPem(verification.certRequestPem())
.caPrivateKeyPem(caPrivateKey.privateKeyPem())
.caCertPem(ca.certPem())
.validityPeriodHours(12)
.allowedUses(
"key_encipherment",
"digital_signature",
"server_auth")
.build());
var exampleCaCertificate = new CaCertificate("exampleCaCertificate", CaCertificateArgs.builder()
.active(true)
.caCertificatePem(ca.certPem())
.verificationCertificatePem(verificationLocallySignedCert.certPem())
.allowAutoRegistration(true)
.build());
}
}Content copied to clipboard
resources:
ca:
type: tls:selfSignedCert
properties:
privateKeyPem: ${caPrivateKey.privateKeyPem}
subject:
- commonName: example.com
organization: ACME Examples, Inc
validityPeriodHours: 12
allowedUses:
- key_encipherment
- digital_signature
- server_auth
isCaCertificate: true
caPrivateKey:
type: tls:privateKey
name: ca
properties:
algorithm: RSA
verification:
type: tls:certRequest
properties:
privateKeyPem: ${verificationPrivateKey.privateKeyPem}
subject:
- commonName: ${example.registrationCode}
verificationPrivateKey:
type: tls:privateKey
name: verification
properties:
algorithm: RSA
verificationLocallySignedCert:
type: tls:locallySignedCert
name: verification
properties:
certRequestPem: ${verification.certRequestPem}
caPrivateKeyPem: ${caPrivateKey.privateKeyPem}
caCertPem: ${ca.certPem}
validityPeriodHours: 12
allowedUses:
- key_encipherment
- digital_signature
- server_auth
exampleCaCertificate:
type: aws:iot:CaCertificate
name: example
properties:
active: true
caCertificatePem: ${ca.certPem}
verificationCertificatePem: ${verificationLocallySignedCert.certPem}
allowAutoRegistration: true
variables:
example:
fn::invoke:
function: aws:iot:getRegistrationCode
arguments: {}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(active: Output<Boolean>? = null, allowAutoRegistration: Output<Boolean>? = null, caCertificatePem: Output<String>? = null, certificateMode: Output<String>? = null, registrationConfig: Output<CaCertificateRegistrationConfigArgs>? = null, tags: Output<Map<String, String>>? = null, verificationCertificatePem: Output<String>? = null)
Properties
Link copied to clipboard
Boolean flag to indicate if the certificate should be active for device regisration.
Link copied to clipboard
PEM encoded CA certificate.
Link copied to clipboard
The certificate mode in which the CA will be registered. Valida values: DEFAULT and SNI_ONLY. Default: DEFAULT.
Link copied to clipboard
Information about the registration configuration. See below.
Link copied to clipboard
PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.