pulumi-aws-kotlin/com.pulumi.aws.iot.kotlin/CaCertificate

CaCertificate

class CaCertificate : KotlinCustomResource

Creates and manages an AWS IoT CA Certificate.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as tls from "@pulumi/tls";
const caPrivateKey = new tls.index.PrivateKey("ca", {algorithm: "RSA"});
const ca = new tls.index.SelfSignedCert("ca", {
    privateKeyPem: caPrivateKey.privateKeyPem,
    subject: [{
        commonName: "example.com",
        organization: "ACME Examples, Inc",
    }],
    validityPeriodHours: 12,
    allowedUses: [
        "key_encipherment",
        "digital_signature",
        "server_auth",
    ],
    isCaCertificate: true,
});
const verificationPrivateKey = new tls.index.PrivateKey("verification", {algorithm: "RSA"});
const example = aws.iot.getRegistrationCode({});
const verification = new tls.index.CertRequest("verification", {
    privateKeyPem: verificationPrivateKey.privateKeyPem,
    subject: [{
        commonName: example.registrationCode,
    }],
});
const verificationLocallySignedCert = new tls.index.LocallySignedCert("verification", {
    certRequestPem: verification.certRequestPem,
    caPrivateKeyPem: caPrivateKey.privateKeyPem,
    caCertPem: ca.certPem,
    validityPeriodHours: 12,
    allowedUses: [
        "key_encipherment",
        "digital_signature",
        "server_auth",
    ],
});
const exampleCaCertificate = new aws.iot.CaCertificate("example", {
    active: true,
    caCertificatePem: ca.certPem,
    verificationCertificatePem: verificationLocallySignedCert.certPem,
    allowAutoRegistration: true,
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
import pulumi_tls as tls
ca_private_key = tls.index.PrivateKey("ca", algorithm=RSA)
ca = tls.index.SelfSignedCert("ca",
    private_key_pem=ca_private_key.private_key_pem,
    subject=[{
        commonName: example.com,
        organization: ACME Examples, Inc,
    }],
    validity_period_hours=12,
    allowed_uses=[
        key_encipherment,
        digital_signature,
        server_auth,
    ],
    is_ca_certificate=True)
verification_private_key = tls.index.PrivateKey("verification", algorithm=RSA)
example = aws.iot.get_registration_code()
verification = tls.index.CertRequest("verification",
    private_key_pem=verification_private_key.private_key_pem,
    subject=[{
        commonName: example.registration_code,
    }])
verification_locally_signed_cert = tls.index.LocallySignedCert("verification",
    cert_request_pem=verification.cert_request_pem,
    ca_private_key_pem=ca_private_key.private_key_pem,
    ca_cert_pem=ca.cert_pem,
    validity_period_hours=12,
    allowed_uses=[
        key_encipherment,
        digital_signature,
        server_auth,
    ])
example_ca_certificate = aws.iot.CaCertificate("example",
    active=True,
    ca_certificate_pem=ca["certPem"],
    verification_certificate_pem=verification_locally_signed_cert["certPem"],
    allow_auto_registration=True)
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Tls = Pulumi.Tls;
return await Deployment.RunAsync(() =>
{
    var caPrivateKey = new Tls.Index.PrivateKey("ca", new()
    {
        Algorithm = "RSA",
    });
    var ca = new Tls.Index.SelfSignedCert("ca", new()
    {
        PrivateKeyPem = caPrivateKey.PrivateKeyPem,
        Subject = new[]
        {
            {
                { "commonName", "example.com" },
                { "organization", "ACME Examples, Inc" },
            },
        },
        ValidityPeriodHours = 12,
        AllowedUses = new[]
        {
            "key_encipherment",
            "digital_signature",
            "server_auth",
        },
        IsCaCertificate = true,
    });
    var verificationPrivateKey = new Tls.Index.PrivateKey("verification", new()
    {
        Algorithm = "RSA",
    });
    var example = Aws.Iot.GetRegistrationCode.Invoke();
    var verification = new Tls.Index.CertRequest("verification", new()
    {
        PrivateKeyPem = verificationPrivateKey.PrivateKeyPem,
        Subject = new[]
        {
            {
                { "commonName", example.Apply(getRegistrationCodeResult => getRegistrationCodeResult.RegistrationCode) },
            },
        },
    });
    var verificationLocallySignedCert = new Tls.Index.LocallySignedCert("verification", new()
    {
        CertRequestPem = verification.CertRequestPem,
        CaPrivateKeyPem = caPrivateKey.PrivateKeyPem,
        CaCertPem = ca.CertPem,
        ValidityPeriodHours = 12,
        AllowedUses = new[]
        {
            "key_encipherment",
            "digital_signature",
            "server_auth",
        },
    });
    var exampleCaCertificate = new Aws.Iot.CaCertificate("example", new()
    {
        Active = true,
        CaCertificatePem = ca.CertPem,
        VerificationCertificatePem = verificationLocallySignedCert.CertPem,
        AllowAutoRegistration = true,
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iot"
	"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		caPrivateKey, err := tls.NewPrivateKey(ctx, "ca", &tls.PrivateKeyArgs{
			Algorithm: "RSA",
		})
		if err != nil {
			return err
		}
		ca, err := tls.NewSelfSignedCert(ctx, "ca", &tls.SelfSignedCertArgs{
			PrivateKeyPem: caPrivateKey.PrivateKeyPem,
			Subject: []map[string]interface{}{
				map[string]interface{}{
					"commonName":   "example.com",
					"organization": "ACME Examples, Inc",
				},
			},
			ValidityPeriodHours: 12,
			AllowedUses: []string{
				"key_encipherment",
				"digital_signature",
				"server_auth",
			},
			IsCaCertificate: true,
		})
		if err != nil {
			return err
		}
		verificationPrivateKey, err := tls.NewPrivateKey(ctx, "verification", &tls.PrivateKeyArgs{
			Algorithm: "RSA",
		})
		if err != nil {
			return err
		}
		example, err := iot.GetRegistrationCode(ctx, map[string]interface{}{}, nil)
		if err != nil {
			return err
		}
		verification, err := tls.NewCertRequest(ctx, "verification", &tls.CertRequestArgs{
			PrivateKeyPem: verificationPrivateKey.PrivateKeyPem,
			Subject: []map[string]interface{}{
				map[string]interface{}{
					"commonName": example.RegistrationCode,
				},
			},
		})
		if err != nil {
			return err
		}
		verificationLocallySignedCert, err := tls.NewLocallySignedCert(ctx, "verification", &tls.LocallySignedCertArgs{
			CertRequestPem:      verification.CertRequestPem,
			CaPrivateKeyPem:     caPrivateKey.PrivateKeyPem,
			CaCertPem:           ca.CertPem,
			ValidityPeriodHours: 12,
			AllowedUses: []string{
				"key_encipherment",
				"digital_signature",
				"server_auth",
			},
		})
		if err != nil {
			return err
		}
		_, err = iot.NewCaCertificate(ctx, "example", &iot.CaCertificateArgs{
			Active:                     pulumi.Bool(true),
			CaCertificatePem:           ca.CertPem,
			VerificationCertificatePem: verificationLocallySignedCert.CertPem,
			AllowAutoRegistration:      pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.tls.privateKey;
import com.pulumi.tls.PrivateKeyArgs;
import com.pulumi.tls.selfSignedCert;
import com.pulumi.tls.SelfSignedCertArgs;
import com.pulumi.aws.iot.IotFunctions;
import com.pulumi.tls.certRequest;
import com.pulumi.tls.CertRequestArgs;
import com.pulumi.tls.locallySignedCert;
import com.pulumi.tls.LocallySignedCertArgs;
import com.pulumi.aws.iot.CaCertificate;
import com.pulumi.aws.iot.CaCertificateArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var caPrivateKey = new PrivateKey("caPrivateKey", PrivateKeyArgs.builder()
            .algorithm("RSA")
            .build());
        var ca = new SelfSignedCert("ca", SelfSignedCertArgs.builder()
            .privateKeyPem(caPrivateKey.privateKeyPem())
            .subject(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
            .validityPeriodHours(12)
            .allowedUses(
                "key_encipherment",
                "digital_signature",
                "server_auth")
            .isCaCertificate(true)
            .build());
        var verificationPrivateKey = new PrivateKey("verificationPrivateKey", PrivateKeyArgs.builder()
            .algorithm("RSA")
            .build());
        final var example = IotFunctions.getRegistrationCode();
        var verification = new CertRequest("verification", CertRequestArgs.builder()
            .privateKeyPem(verificationPrivateKey.privateKeyPem())
            .subject(%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
            .build());
        var verificationLocallySignedCert = new LocallySignedCert("verificationLocallySignedCert", LocallySignedCertArgs.builder()
            .certRequestPem(verification.certRequestPem())
            .caPrivateKeyPem(caPrivateKey.privateKeyPem())
            .caCertPem(ca.certPem())
            .validityPeriodHours(12)
            .allowedUses(
                "key_encipherment",
                "digital_signature",
                "server_auth")
            .build());
        var exampleCaCertificate = new CaCertificate("exampleCaCertificate", CaCertificateArgs.builder()
            .active(true)
            .caCertificatePem(ca.certPem())
            .verificationCertificatePem(verificationLocallySignedCert.certPem())
            .allowAutoRegistration(true)
            .build());
    }
}
Content copied to clipboard
resources:
  ca:
    type: tls:selfSignedCert
    properties:
      privateKeyPem: ${caPrivateKey.privateKeyPem}
      subject:
        - commonName: example.com
          organization: ACME Examples, Inc
      validityPeriodHours: 12
      allowedUses:
        - key_encipherment
        - digital_signature
        - server_auth
      isCaCertificate: true
  caPrivateKey:
    type: tls:privateKey
    name: ca
    properties:
      algorithm: RSA
  verification:
    type: tls:certRequest
    properties:
      privateKeyPem: ${verificationPrivateKey.privateKeyPem}
      subject:
        - commonName: ${example.registrationCode}
  verificationPrivateKey:
    type: tls:privateKey
    name: verification
    properties:
      algorithm: RSA
  verificationLocallySignedCert:
    type: tls:locallySignedCert
    name: verification
    properties:
      certRequestPem: ${verification.certRequestPem}
      caPrivateKeyPem: ${caPrivateKey.privateKeyPem}
      caCertPem: ${ca.certPem}
      validityPeriodHours: 12
      allowedUses:
        - key_encipherment
        - digital_signature
        - server_auth
  exampleCaCertificate:
    type: aws:iot:CaCertificate
    name: example
    properties:
      active: true
      caCertificatePem: ${ca.certPem}
      verificationCertificatePem: ${verificationLocallySignedCert.certPem}
      allowAutoRegistration: true
variables:
  example:
    fn::invoke:
      function: aws:iot:getRegistrationCode
      arguments: {}
Content copied to clipboard

Properties

Link copied to clipboard
val active: Output<Boolean>

Boolean flag to indicate if the certificate should be active for device authentication.

Link copied to clipboard
val allowAutoRegistration: Output<Boolean>

Boolean flag to indicate if the certificate should be active for device regisration.

Link copied to clipboard
val arn: Output<String>

The ARN of the created CA certificate.

Link copied to clipboard
val caCertificatePem: Output<String>

PEM encoded CA certificate.

Link copied to clipboard
val certificateMode: Output<String>?

The certificate mode in which the CA will be registered. Valida values: DEFAULT and SNI_ONLY. Default: DEFAULT.

Link copied to clipboard
val customerVersion: Output<Int>

The customer version of the CA certificate.

Link copied to clipboard
val generationId: Output<String>

The generation ID of the CA certificate.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val registrationConfig: Output<CaCertificateRegistrationConfig>?

Information about the registration configuration. See below.

Link copied to clipboard
val tags: Output<Map<String, String>>?

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Link copied to clipboard
val tagsAll: Output<Map<String, String>>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

Link copied to clipboard
val urn: Output<String>
Link copied to clipboard
val validities: Output<List<CaCertificateValidity>>

When the CA certificate is valid.

Link copied to clipboard
val verificationCertificatePem: Output<String>?

PEM encoded verification certificate containing the common name of a registration code. Review CreateVerificationCSR. Reuired if certificate_mode is DEFAULT.