software.amazon.awscdk.services.acmpca

Class CfnCertificateAuthority

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.CfnElement

software.amazon.awscdk.CfnRefElement

software.amazon.awscdk.CfnResource

software.amazon.awscdk.services.acmpca.CfnCertificateAuthority

All Implemented Interfaces:

IInspectable, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)",
           date="2022-09-19T20:26:35.977Z")
 @Stability(value=Stable)
public class CfnCertificateAuthority
extends CfnResource
implements IInspectable

A CloudFormation `AWS::ACMPCA::CertificateAuthority`.

Use the AWS::ACMPCA::CertificateAuthority resource to create a private CA. Once the CA exists, you can use the AWS::ACMPCA::Certificate resource to issue a new CA certificate. Alternatively, you can issue a CA certificate using an on-premises CA, and then use the AWS::ACMPCA::CertificateAuthorityActivation resource to import the new CA certificate and activate the CA.

Before removing a AWS::ACMPCA::CertificateAuthority resource from the CloudFormation stack, disable the affected CA. Otherwise, the action will fail. You can disable the CA by removing its associated AWS::ACMPCA::CertificateAuthorityActivation resource from CloudFormation.

Example:

 CfnCertificateAuthority cfnCertificateAuthority = CfnCertificateAuthority.Builder.create(this, "CA")
         .type("ROOT")
         .keyAlgorithm("RSA_2048")
         .signingAlgorithm("SHA256WITHRSA")
         .subject(SubjectProperty.builder()
                 .country("US")
                 .organization("string")
                 .organizationalUnit("string")
                 .distinguishedNameQualifier("string")
                 .state("string")
                 .commonName("123")
                 .serialNumber("string")
                 .locality("string")
                 .title("string")
                 .surname("string")
                 .givenName("string")
                 .initials("DG")
                 .pseudonym("string")
                 .generationQualifier("DBG")
                 .build())
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	CfnCertificateAuthority.AccessDescriptionProperty Provides access information used by the `authorityInfoAccess` and `subjectInfoAccess` extensions described in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) .
static interface	CfnCertificateAuthority.AccessMethodProperty Describes the type and format of extension access.
static class	CfnCertificateAuthority.Builder A fluent builder for CfnCertificateAuthority.
static interface	CfnCertificateAuthority.CrlConfigurationProperty Contains configuration information for a certificate revocation list (CRL).
static interface	CfnCertificateAuthority.CsrExtensionsProperty Describes the certificate extensions to be added to the certificate signing request (CSR).
static interface	CfnCertificateAuthority.CustomAttributeProperty Defines the X.500 relative distinguished name (RDN).
static interface	CfnCertificateAuthority.EdiPartyNameProperty Describes an Electronic Data Interchange (EDI) entity as described in as defined in [Subject Alternative Name](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) in RFC 5280.
static interface	CfnCertificateAuthority.GeneralNameProperty Describes an ASN.1 X.400 `GeneralName` as defined in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) .
static interface	CfnCertificateAuthority.KeyUsageProperty Defines one or more purposes for which the key contained in the certificate can be used.
static interface	CfnCertificateAuthority.OcspConfigurationProperty Contains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
static interface	CfnCertificateAuthority.OtherNameProperty Defines a custom ASN.1 X.400 `GeneralName` using an object identifier (OID) and value.
static interface	CfnCertificateAuthority.RevocationConfigurationProperty Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
static interface	CfnCertificateAuthority.SubjectProperty ASN1 subject for the certificate authority.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnCertificateAuthority(software.constructs.Construct scope, String id, CfnCertificateAuthorityProps props) Create a new `AWS::ACMPCA::CertificateAuthority`.
protected	CfnCertificateAuthority(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnCertificateAuthority(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
String	getAttrArn() The Amazon Resource Name (ARN) for the private CA that issued the certificate.
String	getAttrCertificateSigningRequest() The Base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.
protected Map<String,Object>	getCfnProperties()
Object	getCsrExtensions() Specifies information to be added to the extension section of the certificate signing request (CSR).
String	getKeyAlgorithm() Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
String	getKeyStorageSecurityStandard() Specifies a cryptographic key management compliance standard used for handling CA keys.
Object	getRevocationConfiguration() Information about the certificate revocation list (CRL) created and maintained by your private CA.
String	getSigningAlgorithm() Name of the algorithm your private CA uses to sign certificate requests.
Object	getSubject() Structure that contains X.500 distinguished name information for your private CA.
TagManager	getTags() Key-value pairs that will be attached to the new private CA.
String	getType() Type of your private CA.
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected Map<String,Object>	renderProperties(Map<String,Object> props)
void	setCsrExtensions(CfnCertificateAuthority.CsrExtensionsProperty value) Specifies information to be added to the extension section of the certificate signing request (CSR).
void	setCsrExtensions(IResolvable value) Specifies information to be added to the extension section of the certificate signing request (CSR).
void	setKeyAlgorithm(String value) Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
void	setKeyStorageSecurityStandard(String value) Specifies a cryptographic key management compliance standard used for handling CA keys.
void	setRevocationConfiguration(CfnCertificateAuthority.RevocationConfigurationProperty value) Information about the certificate revocation list (CRL) created and maintained by your private CA.
void	setRevocationConfiguration(IResolvable value) Information about the certificate revocation list (CRL) created and maintained by your private CA.
void	setSigningAlgorithm(String value) Name of the algorithm your private CA uses to sign certificate requests.
void	setSubject(CfnCertificateAuthority.SubjectProperty value) Structure that contains X.500 distinguished name information for your private CA.
void	setSubject(IResolvable value) Structure that contains X.500 distinguished name information for your private CA.
void	setType(String value) Type of your private CA.

Methods inherited from class software.amazon.awscdk.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, getUpdatedProperties, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.constructs.Construct

getNode, isConstruct

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Field Detail

CFN_RESOURCE_TYPE_NAME

@Stability(value=Stable)
public static final String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnCertificateAuthority

protected CfnCertificateAuthority(software.amazon.jsii.JsiiObjectRef objRef)

CfnCertificateAuthority

protected CfnCertificateAuthority(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnCertificateAuthority

@Stability(value=Stable)
public CfnCertificateAuthority(@NotNull
                                                        software.constructs.Construct scope,
                                                        @NotNull
                                                        String id,
                                                        @NotNull
                                                        CfnCertificateAuthorityProps props)

Create a new `AWS::ACMPCA::CertificateAuthority`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

@Stability(value=Stable)
public void inspect(@NotNull
                                             TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

@Stability(value=Stable)
 @NotNull
protected Map<String,Object> renderProperties(@NotNull
                                                                                 Map<String,Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getAttrArn

@Stability(value=Stable)
 @NotNull
public String getAttrArn()

The Amazon Resource Name (ARN) for the private CA that issued the certificate.

getAttrCertificateSigningRequest

@Stability(value=Stable)
 @NotNull
public String getAttrCertificateSigningRequest()

The Base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.

getCfnProperties

@Stability(value=Stable)
 @NotNull
protected Map<String,Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getTags

@Stability(value=Stable)
 @NotNull
public TagManager getTags()

Key-value pairs that will be attached to the new private CA.

You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .

getKeyAlgorithm

@Stability(value=Stable)
 @NotNull
public String getKeyAlgorithm()

Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.

When you create a subordinate CA, you must use a key algorithm supported by the parent CA.

setKeyAlgorithm

@Stability(value=Stable)
public void setKeyAlgorithm(@NotNull
                                                     String value)

Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.

When you create a subordinate CA, you must use a key algorithm supported by the parent CA.

getSigningAlgorithm

@Stability(value=Stable)
 @NotNull
public String getSigningAlgorithm()

Name of the algorithm your private CA uses to sign certificate requests.

This parameter should not be confused with the SigningAlgorithm parameter used to sign certificates when they are issued.

setSigningAlgorithm

@Stability(value=Stable)
public void setSigningAlgorithm(@NotNull
                                                         String value)

Name of the algorithm your private CA uses to sign certificate requests.

This parameter should not be confused with the SigningAlgorithm parameter used to sign certificates when they are issued.

getSubject

@Stability(value=Stable)
 @NotNull
public Object getSubject()

Structure that contains X.500 distinguished name information for your private CA.

setSubject

@Stability(value=Stable)
public void setSubject(@NotNull
                                                CfnCertificateAuthority.SubjectProperty value)

Structure that contains X.500 distinguished name information for your private CA.

setSubject

@Stability(value=Stable)
public void setSubject(@NotNull
                                                IResolvable value)

Structure that contains X.500 distinguished name information for your private CA.

getType

@Stability(value=Stable)
 @NotNull
public String getType()

Type of your private CA.

setType

@Stability(value=Stable)
public void setType(@NotNull
                                             String value)

Type of your private CA.

getCsrExtensions

@Stability(value=Stable)
 @Nullable
public Object getCsrExtensions()

Specifies information to be added to the extension section of the certificate signing request (CSR).

setCsrExtensions

@Stability(value=Stable)
public void setCsrExtensions(@Nullable
                                                      CfnCertificateAuthority.CsrExtensionsProperty value)

Specifies information to be added to the extension section of the certificate signing request (CSR).

setCsrExtensions

@Stability(value=Stable)
public void setCsrExtensions(@Nullable
                                                      IResolvable value)

Specifies information to be added to the extension section of the certificate signing request (CSR).

getKeyStorageSecurityStandard

@Stability(value=Stable)
 @Nullable
public String getKeyStorageSecurityStandard()

Specifies a cryptographic key management compliance standard used for handling CA keys.

Default: FIPS_140_2_LEVEL_3_OR_HIGHER

Note: FIPS_140_2_LEVEL_3_OR_HIGHER is not supported in the following Regions:

• ap-northeast-3
• ap-southeast-3

When creating a CA in these Regions, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER as the argument for KeyStorageSecurityStandard . Failure to do this results in an InvalidArgsException with the message, "A certificate authority cannot be created in this region with the specified security standard."

setKeyStorageSecurityStandard

@Stability(value=Stable)
public void setKeyStorageSecurityStandard(@Nullable
                                                                   String value)

Specifies a cryptographic key management compliance standard used for handling CA keys.

Default: FIPS_140_2_LEVEL_3_OR_HIGHER

Note: FIPS_140_2_LEVEL_3_OR_HIGHER is not supported in the following Regions:

• ap-northeast-3
• ap-southeast-3

When creating a CA in these Regions, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER as the argument for KeyStorageSecurityStandard . Failure to do this results in an InvalidArgsException with the message, "A certificate authority cannot be created in this region with the specified security standard."

getRevocationConfiguration

@Stability(value=Stable)
 @Nullable
public Object getRevocationConfiguration()

Information about the certificate revocation list (CRL) created and maintained by your private CA.

Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked.

setRevocationConfiguration

@Stability(value=Stable)
public void setRevocationConfiguration(@Nullable
                                                                CfnCertificateAuthority.RevocationConfigurationProperty value)

Information about the certificate revocation list (CRL) created and maintained by your private CA.

Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked.

setRevocationConfiguration

@Stability(value=Stable)
public void setRevocationConfiguration(@Nullable
                                                                IResolvable value)

Information about the certificate revocation list (CRL) created and maintained by your private CA.

Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked.