Documentation
¶
Index ¶
- func CfnCertificateAuthorityActivation_CFN_RESOURCE_TYPE_NAME() *string
- func CfnCertificateAuthorityActivation_IsCfnElement(x interface{}) *bool
- func CfnCertificateAuthorityActivation_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnCertificateAuthorityActivation_IsConstruct(x interface{}) *bool
- func CfnCertificateAuthority_CFN_RESOURCE_TYPE_NAME() *string
- func CfnCertificateAuthority_IsCfnElement(x interface{}) *bool
- func CfnCertificateAuthority_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnCertificateAuthority_IsConstruct(x interface{}) *bool
- func CfnCertificate_CFN_RESOURCE_TYPE_NAME() *string
- func CfnCertificate_IsCfnElement(x interface{}) *bool
- func CfnCertificate_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnCertificate_IsConstruct(x interface{}) *bool
- func CfnPermission_CFN_RESOURCE_TYPE_NAME() *string
- func CfnPermission_IsCfnElement(x interface{}) *bool
- func CfnPermission_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnPermission_IsConstruct(x interface{}) *bool
- func NewCfnCertificateAuthorityActivation_Override(c CfnCertificateAuthorityActivation, scope constructs.Construct, id *string, ...)
- func NewCfnCertificateAuthority_Override(c CfnCertificateAuthority, scope constructs.Construct, id *string, ...)
- func NewCfnCertificate_Override(c CfnCertificate, scope constructs.Construct, id *string, ...)
- func NewCfnPermission_Override(c CfnPermission, scope constructs.Construct, id *string, ...)
- type CertificateAuthority
- type CfnCertificate
- type CfnCertificateAuthority
- type CfnCertificateAuthorityActivation
- type CfnCertificateAuthorityActivationProps
- type CfnCertificateAuthorityProps
- type CfnCertificateAuthority_AccessDescriptionProperty
- type CfnCertificateAuthority_AccessMethodProperty
- type CfnCertificateAuthority_CrlConfigurationProperty
- type CfnCertificateAuthority_CsrExtensionsProperty
- type CfnCertificateAuthority_EdiPartyNameProperty
- type CfnCertificateAuthority_GeneralNameProperty
- type CfnCertificateAuthority_KeyUsageProperty
- type CfnCertificateAuthority_OcspConfigurationProperty
- type CfnCertificateAuthority_OtherNameProperty
- type CfnCertificateAuthority_RevocationConfigurationProperty
- type CfnCertificateAuthority_SubjectProperty
- type CfnCertificateProps
- type CfnCertificate_ApiPassthroughProperty
- type CfnCertificate_EdiPartyNameProperty
- type CfnCertificate_ExtendedKeyUsageProperty
- type CfnCertificate_ExtensionsProperty
- type CfnCertificate_GeneralNameProperty
- type CfnCertificate_KeyUsageProperty
- type CfnCertificate_OtherNameProperty
- type CfnCertificate_PolicyInformationProperty
- type CfnCertificate_PolicyQualifierInfoProperty
- type CfnCertificate_QualifierProperty
- type CfnCertificate_SubjectProperty
- type CfnCertificate_ValidityProperty
- type CfnPermission
- type CfnPermissionProps
- type ICertificateAuthority
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CfnCertificateAuthorityActivation_CFN_RESOURCE_TYPE_NAME ¶
func CfnCertificateAuthorityActivation_CFN_RESOURCE_TYPE_NAME() *string
func CfnCertificateAuthorityActivation_IsCfnElement ¶
func CfnCertificateAuthorityActivation_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnCertificateAuthorityActivation_IsCfnResource ¶
func CfnCertificateAuthorityActivation_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnCertificateAuthorityActivation_IsConstruct ¶
func CfnCertificateAuthorityActivation_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnCertificateAuthority_CFN_RESOURCE_TYPE_NAME ¶
func CfnCertificateAuthority_CFN_RESOURCE_TYPE_NAME() *string
func CfnCertificateAuthority_IsCfnElement ¶
func CfnCertificateAuthority_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnCertificateAuthority_IsCfnResource ¶
func CfnCertificateAuthority_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnCertificateAuthority_IsConstruct ¶
func CfnCertificateAuthority_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnCertificate_CFN_RESOURCE_TYPE_NAME ¶
func CfnCertificate_CFN_RESOURCE_TYPE_NAME() *string
func CfnCertificate_IsCfnElement ¶
func CfnCertificate_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnCertificate_IsCfnResource ¶
func CfnCertificate_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnCertificate_IsConstruct ¶
func CfnCertificate_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnPermission_CFN_RESOURCE_TYPE_NAME ¶
func CfnPermission_CFN_RESOURCE_TYPE_NAME() *string
func CfnPermission_IsCfnElement ¶
func CfnPermission_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element.
func CfnPermission_IsCfnResource ¶
func CfnPermission_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource.
func CfnPermission_IsConstruct ¶
func CfnPermission_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func NewCfnCertificateAuthorityActivation_Override ¶
func NewCfnCertificateAuthorityActivation_Override(c CfnCertificateAuthorityActivation, scope constructs.Construct, id *string, props *CfnCertificateAuthorityActivationProps)
Create a new `AWS::ACMPCA::CertificateAuthorityActivation`.
func NewCfnCertificateAuthority_Override ¶
func NewCfnCertificateAuthority_Override(c CfnCertificateAuthority, scope constructs.Construct, id *string, props *CfnCertificateAuthorityProps)
Create a new `AWS::ACMPCA::CertificateAuthority`.
func NewCfnCertificate_Override ¶
func NewCfnCertificate_Override(c CfnCertificate, scope constructs.Construct, id *string, props *CfnCertificateProps)
Create a new `AWS::ACMPCA::Certificate`.
func NewCfnPermission_Override ¶
func NewCfnPermission_Override(c CfnPermission, scope constructs.Construct, id *string, props *CfnPermissionProps)
Create a new `AWS::ACMPCA::Permission`.
Types ¶
type CertificateAuthority ¶
type CertificateAuthority interface {
}
Defines a Certificate for ACMPCA.
TODO: EXAMPLE
type CfnCertificate ¶
type CfnCertificate interface {
awscdk.CfnResource
awscdk.IInspectable
ApiPassthrough() interface{}
SetApiPassthrough(val interface{})
AttrArn() *string
AttrCertificate() *string
CertificateAuthorityArn() *string
SetCertificateAuthorityArn(val *string)
CertificateSigningRequest() *string
SetCertificateSigningRequest(val *string)
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
CfnResourceType() *string
CreationStack() *[]*string
LogicalId() *string
Node() constructs.Node
Ref() *string
SigningAlgorithm() *string
SetSigningAlgorithm(val *string)
Stack() awscdk.Stack
TemplateArn() *string
SetTemplateArn(val *string)
UpdatedProperites() *map[string]interface{}
Validity() interface{}
SetValidity(val interface{})
ValidityNotBefore() interface{}
SetValidityNotBefore(val interface{})
AddDeletionOverride(path *string)
AddDependsOn(target awscdk.CfnResource)
AddMetadata(key *string, value interface{})
AddOverride(path *string, value interface{})
AddPropertyDeletionOverride(propertyPath *string)
AddPropertyOverride(propertyPath *string, value interface{})
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
GetAtt(attributeName *string) awscdk.Reference
GetMetadata(key *string) interface{}
Inspect(inspector awscdk.TreeInspector)
OverrideLogicalId(newLogicalId *string)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
ShouldSynthesize() *bool
ToString() *string
ValidateProperties(_properties interface{})
}
A CloudFormation `AWS::ACMPCA::Certificate`.
The `AWS::ACMPCA::Certificate` resource is used to issue a certificate using your private certificate authority. For more information, see the [IssueCertificate](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html) action.
TODO: EXAMPLE
func NewCfnCertificate ¶
func NewCfnCertificate(scope constructs.Construct, id *string, props *CfnCertificateProps) CfnCertificate
Create a new `AWS::ACMPCA::Certificate`.
type CfnCertificateAuthority ¶
type CfnCertificateAuthority interface {
awscdk.CfnResource
awscdk.IInspectable
AttrArn() *string
AttrCertificateSigningRequest() *string
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
CfnResourceType() *string
CreationStack() *[]*string
CsrExtensions() interface{}
SetCsrExtensions(val interface{})
KeyAlgorithm() *string
SetKeyAlgorithm(val *string)
KeyStorageSecurityStandard() *string
SetKeyStorageSecurityStandard(val *string)
LogicalId() *string
Node() constructs.Node
Ref() *string
RevocationConfiguration() interface{}
SetRevocationConfiguration(val interface{})
SigningAlgorithm() *string
SetSigningAlgorithm(val *string)
Stack() awscdk.Stack
Subject() interface{}
SetSubject(val interface{})
Tags() awscdk.TagManager
Type() *string
SetType(val *string)
UpdatedProperites() *map[string]interface{}
AddDeletionOverride(path *string)
AddDependsOn(target awscdk.CfnResource)
AddMetadata(key *string, value interface{})
AddOverride(path *string, value interface{})
AddPropertyDeletionOverride(propertyPath *string)
AddPropertyOverride(propertyPath *string, value interface{})
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
GetAtt(attributeName *string) awscdk.Reference
GetMetadata(key *string) interface{}
Inspect(inspector awscdk.TreeInspector)
OverrideLogicalId(newLogicalId *string)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
ShouldSynthesize() *bool
ToString() *string
ValidateProperties(_properties interface{})
}
A CloudFormation `AWS::ACMPCA::CertificateAuthority`.
Use the `AWS::ACMPCA::CertificateAuthority` resource to create a private CA. Once the CA exists, you can use the `AWS::ACMPCA::Certificate` resource to issue a new CA certificate. Alternatively, you can issue a CA certificate using an on-premises CA, and then use the `AWS::ACMPCA::CertificateAuthorityActivation` resource to import the new CA certificate and activate the CA.
> Before removing a `AWS::ACMPCA::CertificateAuthority` resource from the CloudFormation stack, disable the affected CA. Otherwise, the action will fail. You can disable the CA by removing its associated `AWS::ACMPCA::CertificateAuthorityActivation` resource from CloudFormation.
TODO: EXAMPLE
func NewCfnCertificateAuthority ¶
func NewCfnCertificateAuthority(scope constructs.Construct, id *string, props *CfnCertificateAuthorityProps) CfnCertificateAuthority
Create a new `AWS::ACMPCA::CertificateAuthority`.
type CfnCertificateAuthorityActivation ¶
type CfnCertificateAuthorityActivation interface {
awscdk.CfnResource
awscdk.IInspectable
AttrCompleteCertificateChain() *string
Certificate() *string
SetCertificate(val *string)
CertificateAuthorityArn() *string
SetCertificateAuthorityArn(val *string)
CertificateChain() *string
SetCertificateChain(val *string)
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
CfnResourceType() *string
CreationStack() *[]*string
LogicalId() *string
Node() constructs.Node
Ref() *string
Stack() awscdk.Stack
Status() *string
SetStatus(val *string)
UpdatedProperites() *map[string]interface{}
AddDeletionOverride(path *string)
AddDependsOn(target awscdk.CfnResource)
AddMetadata(key *string, value interface{})
AddOverride(path *string, value interface{})
AddPropertyDeletionOverride(propertyPath *string)
AddPropertyOverride(propertyPath *string, value interface{})
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
GetAtt(attributeName *string) awscdk.Reference
GetMetadata(key *string) interface{}
Inspect(inspector awscdk.TreeInspector)
OverrideLogicalId(newLogicalId *string)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
ShouldSynthesize() *bool
ToString() *string
ValidateProperties(_properties interface{})
}
A CloudFormation `AWS::ACMPCA::CertificateAuthorityActivation`.
The `AWS::ACMPCA::CertificateAuthorityActivation` resource creates and installs a CA certificate on a CA. If no status is specified, the `AWS::ACMPCA::CertificateAuthorityActivation` resource status defaults to ACTIVE. Once the CA has a CA certificate installed, you can use the resource to toggle the CA status field between `ACTIVE` and `DISABLED` .
TODO: EXAMPLE
func NewCfnCertificateAuthorityActivation ¶
func NewCfnCertificateAuthorityActivation(scope constructs.Construct, id *string, props *CfnCertificateAuthorityActivationProps) CfnCertificateAuthorityActivation
Create a new `AWS::ACMPCA::CertificateAuthorityActivation`.
type CfnCertificateAuthorityActivationProps ¶
type CfnCertificateAuthorityActivationProps struct {
// The Base64 PEM-encoded certificate authority certificate.
Certificate *string `json:"certificate" yaml:"certificate"`
// The Amazon Resource Name (ARN) of your private CA.
CertificateAuthorityArn *string `json:"certificateAuthorityArn" yaml:"certificateAuthorityArn"`
// The Base64 PEM-encoded certificate chain that chains up to the root CA certificate that you used to sign your private CA certificate.
CertificateChain *string `json:"certificateChain" yaml:"certificateChain"`
// Status of your private CA.
Status *string `json:"status" yaml:"status"`
}
Properties for defining a `CfnCertificateAuthorityActivation`.
TODO: EXAMPLE
type CfnCertificateAuthorityProps ¶
type CfnCertificateAuthorityProps struct {
// Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
//
// When you create a subordinate CA, you must use a key algorithm supported by the parent CA.
KeyAlgorithm *string `json:"keyAlgorithm" yaml:"keyAlgorithm"`
// Name of the algorithm your private CA uses to sign certificate requests.
//
// This parameter should not be confused with the `SigningAlgorithm` parameter used to sign certificates when they are issued.
SigningAlgorithm *string `json:"signingAlgorithm" yaml:"signingAlgorithm"`
// Structure that contains X.500 distinguished name information for your private CA.
Subject interface{} `json:"subject" yaml:"subject"`
// Type of your private CA.
Type *string `json:"type" yaml:"type"`
// Specifies information to be added to the extension section of the certificate signing request (CSR).
CsrExtensions interface{} `json:"csrExtensions" yaml:"csrExtensions"`
// Specifies a cryptographic key management compliance standard used for handling CA keys.
//
// Default: FIPS_140_2_LEVEL_3_OR_HIGHER
//
// Note: `FIPS_140_2_LEVEL_3_OR_HIGHER` is not supported in Region ap-northeast-3. When creating a CA in the ap-northeast-3, you must provide `FIPS_140_2_LEVEL_2_OR_HIGHER` as the argument for `KeyStorageSecurityStandard` . Failure to do this results in an `InvalidArgsException` with the message, "A certificate authority cannot be created in this region with the specified security standard."
KeyStorageSecurityStandard *string `json:"keyStorageSecurityStandard" yaml:"keyStorageSecurityStandard"`
// Information about the certificate revocation list (CRL) created and maintained by your private CA.
//
// Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked.
RevocationConfiguration interface{} `json:"revocationConfiguration" yaml:"revocationConfiguration"`
// Key-value pairs that will be attached to the new private CA.
//
// You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see [Controlling Access Using IAM Tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html) .
Tags *[]*awscdk.CfnTag `json:"tags" yaml:"tags"`
}
Properties for defining a `CfnCertificateAuthority`.
TODO: EXAMPLE
type CfnCertificateAuthority_AccessDescriptionProperty ¶
type CfnCertificateAuthority_AccessDescriptionProperty struct {
// The location of `AccessDescription` information.
AccessLocation interface{} `json:"accessLocation" yaml:"accessLocation"`
// The type and format of `AccessDescription` information.
AccessMethod interface{} `json:"accessMethod" yaml:"accessMethod"`
}
Provides access information used by the `authorityInfoAccess` and `subjectInfoAccess` extensions described in [RFC 5280](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc5280) .
TODO: EXAMPLE
type CfnCertificateAuthority_AccessMethodProperty ¶
type CfnCertificateAuthority_AccessMethodProperty struct {
// Specifies the `AccessMethod` .
AccessMethodType *string `json:"accessMethodType" yaml:"accessMethodType"`
// An object identifier (OID) specifying the `AccessMethod` .
//
// The OID must satisfy the regular expression shown below. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .
CustomObjectIdentifier *string `json:"customObjectIdentifier" yaml:"customObjectIdentifier"`
}
Describes the type and format of extension access.
Only one of `CustomObjectIdentifier` or `AccessMethodType` may be provided. Providing both results in `InvalidArgsException` .
TODO: EXAMPLE
type CfnCertificateAuthority_CrlConfigurationProperty ¶
type CfnCertificateAuthority_CrlConfigurationProperty struct {
// Name inserted into the certificate *CRL Distribution Points* extension that enables the use of an alias for the CRL distribution point.
//
// Use this value if you don't want the name of your S3 bucket to be public.
CustomCname *string `json:"customCname" yaml:"customCname"`
// Boolean value that specifies whether certificate revocation lists (CRLs) are enabled.
//
// You can use this value to enable certificate revocation for a new CA when you call the `CreateCertificateAuthority` operation or for an existing CA when you call the `UpdateCertificateAuthority` operation.
Enabled interface{} `json:"enabled" yaml:"enabled"`
// Validity period of the CRL in days.
ExpirationInDays *float64 `json:"expirationInDays" yaml:"expirationInDays"`
// Name of the S3 bucket that contains the CRL.
//
// If you do not provide a value for the *CustomCname* argument, the name of your S3 bucket is placed into the *CRL Distribution Points* extension of the issued certificate. You can change the name of your bucket by calling the [UpdateCertificateAuthority](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) operation. You must specify a [bucket policy](https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies) that allows ACM Private CA to write the CRL to your bucket.
S3BucketName *string `json:"s3BucketName" yaml:"s3BucketName"`
// Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket.
//
// If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.
//
// If no value is specified, the default is PUBLIC_READ.
//
// > This default can cause CA creation to fail in some circumstances. If you have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as `BUCKET_OWNER_FULL_CONTROL` , and not doing so results in an error. If you have disabled BPA in S3, then you can specify either `BUCKET_OWNER_FULL_CONTROL` or `PUBLIC_READ` as the value.
//
// For more information, see [Blocking public access to the S3 bucket](https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-bpa) .
S3ObjectAcl *string `json:"s3ObjectAcl" yaml:"s3ObjectAcl"`
}
Contains configuration information for a certificate revocation list (CRL).
Your private certificate authority (CA) creates base CRLs. Delta CRLs are not supported. You can enable CRLs for your new or an existing private CA by setting the *Enabled* parameter to `true` . Your private CA writes CRLs to an S3 bucket that you specify in the *S3BucketName* parameter. You can hide the name of your bucket by specifying a value for the *CustomCname* parameter. Your private CA copies the CNAME or the S3 bucket name to the *CRL Distribution Points* extension of each certificate it issues. Your S3 bucket policy must give write permission to ACM Private CA.
ACM Private CA assets that are stored in Amazon S3 can be protected with encryption. For more information, see [Encrypting Your CRLs](https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption) .
Your private CA uses the value in the *ExpirationInDays* parameter to calculate the *nextUpdate* field in the CRL. The CRL is refreshed at 1/2 the age of next update or when a certificate is revoked. When a certificate is revoked, it is recorded in the next CRL that is generated and in the next audit report. Only time valid certificates are listed in the CRL. Expired certificates are not included.
A CRL is typically updated approximately 30 minutes after a certificate is revoked. If for any reason a CRL update fails, ACM Private CA makes further attempts every 15 minutes.
CRLs contain the following fields:
- *Version* : The current version number defined in RFC 5280 is V2. The integer value is 0x1. - *Signature Algorithm* : The name of the algorithm used to sign the CRL. - *Issuer* : The X.500 distinguished name of your private CA that issued the CRL. - *Last Update* : The issue date and time of this CRL. - *Next Update* : The day and time by which the next CRL will be issued. - *Revoked Certificates* : List of revoked certificates. Each list item contains the following information.
- *Serial Number* : The serial number, in hexadecimal format, of the revoked certificate. - *Revocation Date* : Date and time the certificate was revoked. - *CRL Entry Extensions* : Optional extensions for the CRL entry.
- *X509v3 CRL Reason Code* : Reason the certificate was revoked. - *CRL Extensions* : Optional extensions for the CRL.
- *X509v3 Authority Key Identifier* : Identifies the public key associated with the private key used to sign the certificate. - *X509v3 CRL Number:* : Decimal sequence number for the CRL. - *Signature Algorithm* : Algorithm used by your private CA to sign the CRL. - *Signature Value* : Signature computed over the CRL.
Certificate revocation lists created by ACM Private CA are DER-encoded. You can use the following OpenSSL command to list a CRL.
`openssl crl -inform DER -text -in *crl_path* -noout`
For more information, see [Planning a certificate revocation list (CRL)](https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html) in the *AWS Certificate Manager Private Certificate Authority (PCA) User Guide*
TODO: EXAMPLE
type CfnCertificateAuthority_CsrExtensionsProperty ¶
type CfnCertificateAuthority_CsrExtensionsProperty struct {
// Indicates the purpose of the certificate and of the key contained in the certificate.
KeyUsage interface{} `json:"keyUsage" yaml:"keyUsage"`
// For CA certificates, provides a path to additional information pertaining to the CA, such as revocation and policy.
//
// For more information, see [Subject Information Access](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc5280#section-4.2.2.2) in RFC 5280.
SubjectInformationAccess interface{} `json:"subjectInformationAccess" yaml:"subjectInformationAccess"`
}
Describes the certificate extensions to be added to the certificate signing request (CSR).
TODO: EXAMPLE
type CfnCertificateAuthority_EdiPartyNameProperty ¶
type CfnCertificateAuthority_EdiPartyNameProperty struct {
// Specifies the name assigner.
NameAssigner *string `json:"nameAssigner" yaml:"nameAssigner"`
// Specifies the party name.
PartyName *string `json:"partyName" yaml:"partyName"`
}
Describes an Electronic Data Interchange (EDI) entity as described in as defined in [Subject Alternative Name](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc5280) in RFC 5280.
TODO: EXAMPLE
type CfnCertificateAuthority_GeneralNameProperty ¶
type CfnCertificateAuthority_GeneralNameProperty struct {
// Contains information about the certificate subject.
//
// The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
DirectoryName interface{} `json:"directoryName" yaml:"directoryName"`
// Represents `GeneralName` as a DNS name.
DnsName *string `json:"dnsName" yaml:"dnsName"`
// Represents `GeneralName` as an `EdiPartyName` object.
EdiPartyName interface{} `json:"ediPartyName" yaml:"ediPartyName"`
// Represents `GeneralName` as an IPv4 or IPv6 address.
IpAddress *string `json:"ipAddress" yaml:"ipAddress"`
// Represents `GeneralName` using an `OtherName` object.
OtherName interface{} `json:"otherName" yaml:"otherName"`
// Represents `GeneralName` as an object identifier (OID).
RegisteredId *string `json:"registeredId" yaml:"registeredId"`
// Represents `GeneralName` as an [RFC 822](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc822) email address.
Rfc822Name *string `json:"rfc822Name" yaml:"rfc822Name"`
// Represents `GeneralName` as a URI.
UniformResourceIdentifier *string `json:"uniformResourceIdentifier" yaml:"uniformResourceIdentifier"`
}
Describes an ASN.1 X.400 `GeneralName` as defined in [RFC 5280](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc5280) . Only one of the following naming options should be provided. Providing more than one option results in an `InvalidArgsException` error.
TODO: EXAMPLE
type CfnCertificateAuthority_KeyUsageProperty ¶
type CfnCertificateAuthority_KeyUsageProperty struct {
// Key can be used to sign CRLs.
CrlSign interface{} `json:"crlSign" yaml:"crlSign"`
// Key can be used to decipher data.
DataEncipherment interface{} `json:"dataEncipherment" yaml:"dataEncipherment"`
// Key can be used only to decipher data.
DecipherOnly interface{} `json:"decipherOnly" yaml:"decipherOnly"`
// Key can be used for digital signing.
DigitalSignature interface{} `json:"digitalSignature" yaml:"digitalSignature"`
// Key can be used only to encipher data.
EncipherOnly interface{} `json:"encipherOnly" yaml:"encipherOnly"`
// Key can be used in a key-agreement protocol.
KeyAgreement interface{} `json:"keyAgreement" yaml:"keyAgreement"`
// Key can be used to sign certificates.
KeyCertSign interface{} `json:"keyCertSign" yaml:"keyCertSign"`
// Key can be used to encipher data.
KeyEncipherment interface{} `json:"keyEncipherment" yaml:"keyEncipherment"`
// Key can be used for non-repudiation.
NonRepudiation interface{} `json:"nonRepudiation" yaml:"nonRepudiation"`
}
Defines one or more purposes for which the key contained in the certificate can be used.
Default value for each option is false.
TODO: EXAMPLE
type CfnCertificateAuthority_OcspConfigurationProperty ¶
type CfnCertificateAuthority_OcspConfigurationProperty struct {
// Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
Enabled interface{} `json:"enabled" yaml:"enabled"`
// By default, ACM Private CA injects an Amazon domain into certificates being validated by the Online Certificate Status Protocol (OCSP).
//
// A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.
//
// Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".
OcspCustomCname *string `json:"ocspCustomCname" yaml:"ocspCustomCname"`
}
Contains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
TODO: EXAMPLE
type CfnCertificateAuthority_OtherNameProperty ¶
type CfnCertificateAuthority_OtherNameProperty struct {
// Specifies an OID.
TypeId *string `json:"typeId" yaml:"typeId"`
// Specifies an OID value.
Value *string `json:"value" yaml:"value"`
}
Defines a custom ASN.1 X.400 `GeneralName` using an object identifier (OID) and value. The OID must satisfy the regular expression shown below. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .
TODO: EXAMPLE
type CfnCertificateAuthority_RevocationConfigurationProperty ¶
type CfnCertificateAuthority_RevocationConfigurationProperty struct {
// Configuration of the certificate revocation list (CRL), if any, maintained by your private CA.
CrlConfiguration interface{} `json:"crlConfiguration" yaml:"crlConfiguration"`
// Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA.
OcspConfiguration interface{} `json:"ocspConfiguration" yaml:"ocspConfiguration"`
}
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see [RevokeCertificate](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html) .
TODO: EXAMPLE
type CfnCertificateAuthority_SubjectProperty ¶
type CfnCertificateAuthority_SubjectProperty struct {
// Fully qualified domain name (FQDN) associated with the certificate subject.
CommonName *string `json:"commonName" yaml:"commonName"`
// Two-digit code that specifies the country in which the certificate subject located.
Country *string `json:"country" yaml:"country"`
// Disambiguating information for the certificate subject.
DistinguishedNameQualifier *string `json:"distinguishedNameQualifier" yaml:"distinguishedNameQualifier"`
// Typically a qualifier appended to the name of an individual.
//
// Examples include Jr. for junior, Sr. for senior, and III for third.
GenerationQualifier *string `json:"generationQualifier" yaml:"generationQualifier"`
// First name.
GivenName *string `json:"givenName" yaml:"givenName"`
// Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the SurName.
Initials *string `json:"initials" yaml:"initials"`
// The locality (such as a city or town) in which the certificate subject is located.
Locality *string `json:"locality" yaml:"locality"`
// Legal name of the organization with which the certificate subject is affiliated.
Organization *string `json:"organization" yaml:"organization"`
// A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
OrganizationalUnit *string `json:"organizationalUnit" yaml:"organizationalUnit"`
// Typically a shortened version of a longer GivenName.
//
// For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
Pseudonym *string `json:"pseudonym" yaml:"pseudonym"`
// The certificate serial number.
SerialNumber *string `json:"serialNumber" yaml:"serialNumber"`
// State in which the subject of the certificate is located.
State *string `json:"state" yaml:"state"`
// Family name.
Surname *string `json:"surname" yaml:"surname"`
// A personal title such as Mr.
Title *string `json:"title" yaml:"title"`
}
ASN1 subject for the certificate authority.
TODO: EXAMPLE
type CfnCertificateProps ¶
type CfnCertificateProps struct {
// The Amazon Resource Name (ARN) for the private CA issues the certificate.
CertificateAuthorityArn *string `json:"certificateAuthorityArn" yaml:"certificateAuthorityArn"`
// The certificate signing request (CSR) for the certificate.
CertificateSigningRequest *string `json:"certificateSigningRequest" yaml:"certificateSigningRequest"`
// The name of the algorithm that will be used to sign the certificate to be issued.
//
// This parameter should not be confused with the `SigningAlgorithm` parameter used to sign a CSR in the `CreateCertificateAuthority` action.
//
// > The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
SigningAlgorithm *string `json:"signingAlgorithm" yaml:"signingAlgorithm"`
// The period of time during which the certificate will be valid.
Validity interface{} `json:"validity" yaml:"validity"`
// Specifies X.509 certificate information to be included in the issued certificate. An `APIPassthrough` or `APICSRPassthrough` template variant must be selected, or else this parameter is ignored.
ApiPassthrough interface{} `json:"apiPassthrough" yaml:"apiPassthrough"`
// Specifies a custom configuration template to use when issuing a certificate.
//
// If this parameter is not provided, ACM Private CA defaults to the `EndEntityCertificate/V1` template. For more information about ACM Private CA templates, see [Using Templates](https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html) .
TemplateArn *string `json:"templateArn" yaml:"templateArn"`
// Information describing the start of the validity period of the certificate.
//
// This parameter sets the “Not Before" date for the certificate.
//
// By default, when issuing a certificate, ACM Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The `ValidityNotBefore` parameter can be used to customize the “Not Before” value.
//
// Unlike the `Validity` parameter, the `ValidityNotBefore` parameter is optional.
//
// The `ValidityNotBefore` value is expressed as an explicit date and time, using the `Validity` type value `ABSOLUTE` .
ValidityNotBefore interface{} `json:"validityNotBefore" yaml:"validityNotBefore"`
}
Properties for defining a `CfnCertificate`.
TODO: EXAMPLE
type CfnCertificate_ApiPassthroughProperty ¶
type CfnCertificate_ApiPassthroughProperty struct {
// Specifies X.509 extension information for a certificate.
Extensions interface{} `json:"extensions" yaml:"extensions"`
// Contains information about the certificate subject.
//
// The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
Subject interface{} `json:"subject" yaml:"subject"`
}
Contains X.509 certificate information to be placed in an issued certificate. An `APIPassthrough` or `APICSRPassthrough` template variant must be selected, or else this parameter is ignored.
If conflicting or duplicate certificate information is supplied from other sources, ACM Private CA applies [order of operation rules](https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations) to determine what information is used.
TODO: EXAMPLE
type CfnCertificate_EdiPartyNameProperty ¶
type CfnCertificate_EdiPartyNameProperty struct {
// Specifies the name assigner.
NameAssigner *string `json:"nameAssigner" yaml:"nameAssigner"`
// Specifies the party name.
PartyName *string `json:"partyName" yaml:"partyName"`
}
Describes an Electronic Data Interchange (EDI) entity as described in as defined in [Subject Alternative Name](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc5280) in RFC 5280.
TODO: EXAMPLE
type CfnCertificate_ExtendedKeyUsageProperty ¶
type CfnCertificate_ExtendedKeyUsageProperty struct {
// Specifies a custom `ExtendedKeyUsage` with an object identifier (OID).
ExtendedKeyUsageObjectIdentifier *string `json:"extendedKeyUsageObjectIdentifier" yaml:"extendedKeyUsageObjectIdentifier"`
// Specifies a standard `ExtendedKeyUsage` as defined as in [RFC 5280](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc5280#section-4.2.1.12) .
ExtendedKeyUsageType *string `json:"extendedKeyUsageType" yaml:"extendedKeyUsageType"`
}
Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the `KeyUsage` extension.
TODO: EXAMPLE
type CfnCertificate_ExtensionsProperty ¶
type CfnCertificate_ExtensionsProperty struct {
// Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers.
//
// For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .
//
// In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
CertificatePolicies interface{} `json:"certificatePolicies" yaml:"certificatePolicies"`
// Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the `KeyUsage` extension.
ExtendedKeyUsage interface{} `json:"extendedKeyUsage" yaml:"extendedKeyUsage"`
// Defines one or more purposes for which the key contained in the certificate can be used.
//
// Default value for each option is false.
KeyUsage interface{} `json:"keyUsage" yaml:"keyUsage"`
// The subject alternative name extension allows identities to be bound to the subject of the certificate.
//
// These identities may be included in addition to or in place of the identity in the subject field of the certificate.
SubjectAlternativeNames interface{} `json:"subjectAlternativeNames" yaml:"subjectAlternativeNames"`
}
Contains X.509 extension information for a certificate.
TODO: EXAMPLE
type CfnCertificate_GeneralNameProperty ¶
type CfnCertificate_GeneralNameProperty struct {
// Contains information about the certificate subject.
//
// The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity.
DirectoryName interface{} `json:"directoryName" yaml:"directoryName"`
// Represents `GeneralName` as a DNS name.
DnsName *string `json:"dnsName" yaml:"dnsName"`
// Represents `GeneralName` as an `EdiPartyName` object.
EdiPartyName interface{} `json:"ediPartyName" yaml:"ediPartyName"`
// Represents `GeneralName` as an IPv4 or IPv6 address.
IpAddress *string `json:"ipAddress" yaml:"ipAddress"`
// Represents `GeneralName` using an `OtherName` object.
OtherName interface{} `json:"otherName" yaml:"otherName"`
// Represents `GeneralName` as an object identifier (OID).
RegisteredId *string `json:"registeredId" yaml:"registeredId"`
// Represents `GeneralName` as an [RFC 822](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc822) email address.
Rfc822Name *string `json:"rfc822Name" yaml:"rfc822Name"`
// Represents `GeneralName` as a URI.
UniformResourceIdentifier *string `json:"uniformResourceIdentifier" yaml:"uniformResourceIdentifier"`
}
Describes an ASN.1 X.400 `GeneralName` as defined in [RFC 5280](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc5280) . Only one of the following naming options should be provided. Providing more than one option results in an `InvalidArgsException` error.
TODO: EXAMPLE
type CfnCertificate_KeyUsageProperty ¶
type CfnCertificate_KeyUsageProperty struct {
// Key can be used to sign CRLs.
CrlSign interface{} `json:"crlSign" yaml:"crlSign"`
// Key can be used to decipher data.
DataEncipherment interface{} `json:"dataEncipherment" yaml:"dataEncipherment"`
// Key can be used only to decipher data.
DecipherOnly interface{} `json:"decipherOnly" yaml:"decipherOnly"`
// Key can be used for digital signing.
DigitalSignature interface{} `json:"digitalSignature" yaml:"digitalSignature"`
// Key can be used only to encipher data.
EncipherOnly interface{} `json:"encipherOnly" yaml:"encipherOnly"`
// Key can be used in a key-agreement protocol.
KeyAgreement interface{} `json:"keyAgreement" yaml:"keyAgreement"`
// Key can be used to sign certificates.
KeyCertSign interface{} `json:"keyCertSign" yaml:"keyCertSign"`
// Key can be used to encipher data.
KeyEncipherment interface{} `json:"keyEncipherment" yaml:"keyEncipherment"`
// Key can be used for non-repudiation.
NonRepudiation interface{} `json:"nonRepudiation" yaml:"nonRepudiation"`
}
Defines one or more purposes for which the key contained in the certificate can be used.
Default value for each option is false.
TODO: EXAMPLE
type CfnCertificate_OtherNameProperty ¶
type CfnCertificate_OtherNameProperty struct {
// Specifies an OID.
TypeId *string `json:"typeId" yaml:"typeId"`
// Specifies an OID value.
Value *string `json:"value" yaml:"value"`
}
Defines a custom ASN.1 X.400 `GeneralName` using an object identifier (OID) and value. The OID must satisfy the regular expression shown below. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .
TODO: EXAMPLE
type CfnCertificate_PolicyInformationProperty ¶
type CfnCertificate_PolicyInformationProperty struct {
// Specifies the object identifier (OID) of the certificate policy under which the certificate was issued.
//
// For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .
CertPolicyId *string `json:"certPolicyId" yaml:"certPolicyId"`
// Modifies the given `CertPolicyId` with a qualifier.
//
// ACM Private CA supports the certification practice statement (CPS) qualifier.
PolicyQualifiers interface{} `json:"policyQualifiers" yaml:"policyQualifiers"`
}
Defines the X.509 `CertificatePolicies` extension.
TODO: EXAMPLE
type CfnCertificate_PolicyQualifierInfoProperty ¶
type CfnCertificate_PolicyQualifierInfoProperty struct {
// Identifies the qualifier modifying a `CertPolicyId` .
PolicyQualifierId *string `json:"policyQualifierId" yaml:"policyQualifierId"`
// Defines the qualifier type.
//
// ACM Private CA supports the use of a URI for a CPS qualifier in this field.
Qualifier interface{} `json:"qualifier" yaml:"qualifier"`
}
Modifies the `CertPolicyId` of a `PolicyInformation` object with a qualifier.
ACM Private CA supports the certification practice statement (CPS) qualifier.
TODO: EXAMPLE
type CfnCertificate_QualifierProperty ¶
type CfnCertificate_QualifierProperty struct {
// Contains a pointer to a certification practice statement (CPS) published by the CA.
CpsUri *string `json:"cpsUri" yaml:"cpsUri"`
}
Defines a `PolicyInformation` qualifier.
ACM Private CA supports the [certification practice statement (CPS) qualifier](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc5280#section-4.2.1.4) defined in RFC 5280.
TODO: EXAMPLE
type CfnCertificate_SubjectProperty ¶
type CfnCertificate_SubjectProperty struct {
// For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit.
//
// Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
CommonName *string `json:"commonName" yaml:"commonName"`
// Two-digit code that specifies the country in which the certificate subject located.
Country *string `json:"country" yaml:"country"`
// Disambiguating information for the certificate subject.
DistinguishedNameQualifier *string `json:"distinguishedNameQualifier" yaml:"distinguishedNameQualifier"`
// Typically a qualifier appended to the name of an individual.
//
// Examples include Jr. for junior, Sr. for senior, and III for third.
GenerationQualifier *string `json:"generationQualifier" yaml:"generationQualifier"`
// First name.
GivenName *string `json:"givenName" yaml:"givenName"`
// Concatenation that typically contains the first letter of the *GivenName* , the first letter of the middle name if one exists, and the first letter of the *Surname* .
Initials *string `json:"initials" yaml:"initials"`
// The locality (such as a city or town) in which the certificate subject is located.
Locality *string `json:"locality" yaml:"locality"`
// Legal name of the organization with which the certificate subject is affiliated.
Organization *string `json:"organization" yaml:"organization"`
// A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
OrganizationalUnit *string `json:"organizationalUnit" yaml:"organizationalUnit"`
// Typically a shortened version of a longer *GivenName* .
//
// For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
Pseudonym *string `json:"pseudonym" yaml:"pseudonym"`
// The certificate serial number.
SerialNumber *string `json:"serialNumber" yaml:"serialNumber"`
// State in which the subject of the certificate is located.
State *string `json:"state" yaml:"state"`
// Family name.
//
// In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
Surname *string `json:"surname" yaml:"surname"`
// A title such as Mr.
//
// or Ms., which is pre-pended to the name to refer formally to the certificate subject.
Title *string `json:"title" yaml:"title"`
}
Contains information about the certificate subject.
The `Subject` field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The `Subject` must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
TODO: EXAMPLE
type CfnCertificate_ValidityProperty ¶
type CfnCertificate_ValidityProperty struct {
// Specifies whether the `Value` parameter represents days, months, or years.
Type *string `json:"type" yaml:"type"`
// A long integer interpreted according to the value of `Type` , below.
Value *float64 `json:"value" yaml:"value"`
}
Length of time for which the certificate issued by your private certificate authority (CA), or by the private CA itself, is valid in days, months, or years.
You can issue a certificate by calling the `IssueCertificate` operation.
TODO: EXAMPLE
type CfnPermission ¶
type CfnPermission interface {
awscdk.CfnResource
awscdk.IInspectable
Actions() *[]*string
SetActions(val *[]*string)
CertificateAuthorityArn() *string
SetCertificateAuthorityArn(val *string)
CfnOptions() awscdk.ICfnResourceOptions
CfnProperties() *map[string]interface{}
CfnResourceType() *string
CreationStack() *[]*string
LogicalId() *string
Node() constructs.Node
Principal() *string
SetPrincipal(val *string)
Ref() *string
SourceAccount() *string
SetSourceAccount(val *string)
Stack() awscdk.Stack
UpdatedProperites() *map[string]interface{}
AddDeletionOverride(path *string)
AddDependsOn(target awscdk.CfnResource)
AddMetadata(key *string, value interface{})
AddOverride(path *string, value interface{})
AddPropertyDeletionOverride(propertyPath *string)
AddPropertyOverride(propertyPath *string, value interface{})
ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
GetAtt(attributeName *string) awscdk.Reference
GetMetadata(key *string) interface{}
Inspect(inspector awscdk.TreeInspector)
OverrideLogicalId(newLogicalId *string)
RenderProperties(props *map[string]interface{}) *map[string]interface{}
ShouldSynthesize() *bool
ToString() *string
ValidateProperties(_properties interface{})
}
A CloudFormation `AWS::ACMPCA::Permission`.
Grants permissions to the AWS Certificate Manager (ACM) service principal ( `acm.amazonaws.com` ) to perform [IssueCertificate](https://docs.aws.amazon.com/latest/APIReference/API_IssueCertificate.html) , [GetCertificate](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html) , and [ListPermissions](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html) actions on a CA. These actions are needed for the ACM principal to renew private PKI certificates requested through ACM and residing in the same AWS account as the CA.
**About permissions** - If the private CA and the certificates it issues reside in the same account, you can use `AWS::ACMPCA::Permission` to grant permissions for ACM to carry out automatic certificate renewals. - For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve, and list permissions. - If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable cross-account issuance and renewals. For more information, see [Using a Resource Based Policy with ACM Private CA](https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html) .
> To update an `AWS::ACMPCA::Permission` resource, you must first delete the existing permission resource from the CloudFormation stack and then create a new permission resource with updated properties.
TODO: EXAMPLE
func NewCfnPermission ¶
func NewCfnPermission(scope constructs.Construct, id *string, props *CfnPermissionProps) CfnPermission
Create a new `AWS::ACMPCA::Permission`.
type CfnPermissionProps ¶
type CfnPermissionProps struct {
// The private CA actions that can be performed by the designated AWS service.
//
// Supported actions are `IssueCertificate` , `GetCertificate` , and `ListPermissions` .
Actions *[]*string `json:"actions" yaml:"actions"`
// The Amazon Resource Number (ARN) of the private CA from which the permission was issued.
CertificateAuthorityArn *string `json:"certificateAuthorityArn" yaml:"certificateAuthorityArn"`
// The AWS service or entity that holds the permission.
//
// At this time, the only valid principal is `acm.amazonaws.com` .
Principal *string `json:"principal" yaml:"principal"`
// The ID of the account that assigned the permission.
SourceAccount *string `json:"sourceAccount" yaml:"sourceAccount"`
}
Properties for defining a `CfnPermission`.
TODO: EXAMPLE
type ICertificateAuthority ¶
type ICertificateAuthority interface {
awscdk.IResource
// The Amazon Resource Name of the Certificate.
CertificateAuthorityArn() *string
}
Interface which all CertificateAuthority based class must implement.
func CertificateAuthority_FromCertificateAuthorityArn ¶
func CertificateAuthority_FromCertificateAuthorityArn(scope constructs.Construct, id *string, certificateAuthorityArn *string) ICertificateAuthority
Import an existing Certificate given an ARN.
Source Files
Directories