Documentation ¶
Index ¶
- func CfnCertificateAuthorityActivation_CFN_RESOURCE_TYPE_NAME() *string
- func CfnCertificateAuthorityActivation_IsCfnElement(x interface{}) *bool
- func CfnCertificateAuthorityActivation_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnCertificateAuthorityActivation_IsConstruct(x interface{}) *bool
- func CfnCertificateAuthority_CFN_RESOURCE_TYPE_NAME() *string
- func CfnCertificateAuthority_IsCfnElement(x interface{}) *bool
- func CfnCertificateAuthority_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnCertificateAuthority_IsConstruct(x interface{}) *bool
- func CfnCertificate_CFN_RESOURCE_TYPE_NAME() *string
- func CfnCertificate_IsCfnElement(x interface{}) *bool
- func CfnCertificate_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnCertificate_IsConstruct(x interface{}) *bool
- func CfnPermission_CFN_RESOURCE_TYPE_NAME() *string
- func CfnPermission_IsCfnElement(x interface{}) *bool
- func CfnPermission_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnPermission_IsConstruct(x interface{}) *bool
- func NewCfnCertificateAuthorityActivation_Override(c CfnCertificateAuthorityActivation, scope awscdk.Construct, id *string, ...)
- func NewCfnCertificateAuthority_Override(c CfnCertificateAuthority, scope awscdk.Construct, id *string, ...)
- func NewCfnCertificate_Override(c CfnCertificate, scope awscdk.Construct, id *string, ...)
- func NewCfnPermission_Override(c CfnPermission, scope awscdk.Construct, id *string, props *CfnPermissionProps)
- type CertificateAuthority
- type CfnCertificate
- type CfnCertificateAuthority
- type CfnCertificateAuthorityActivation
- type CfnCertificateAuthorityActivationProps
- type CfnCertificateAuthorityProps
- type CfnCertificateAuthority_AccessDescriptionProperty
- type CfnCertificateAuthority_AccessMethodProperty
- type CfnCertificateAuthority_CrlConfigurationProperty
- type CfnCertificateAuthority_CsrExtensionsProperty
- type CfnCertificateAuthority_CustomAttributeProperty
- type CfnCertificateAuthority_EdiPartyNameProperty
- type CfnCertificateAuthority_GeneralNameProperty
- type CfnCertificateAuthority_KeyUsageProperty
- type CfnCertificateAuthority_OcspConfigurationProperty
- type CfnCertificateAuthority_OtherNameProperty
- type CfnCertificateAuthority_RevocationConfigurationProperty
- type CfnCertificateAuthority_SubjectProperty
- type CfnCertificateProps
- type CfnCertificate_ApiPassthroughProperty
- type CfnCertificate_CustomAttributeProperty
- type CfnCertificate_CustomExtensionProperty
- type CfnCertificate_EdiPartyNameProperty
- type CfnCertificate_ExtendedKeyUsageProperty
- type CfnCertificate_ExtensionsProperty
- type CfnCertificate_GeneralNameProperty
- type CfnCertificate_KeyUsageProperty
- type CfnCertificate_OtherNameProperty
- type CfnCertificate_PolicyInformationProperty
- type CfnCertificate_PolicyQualifierInfoProperty
- type CfnCertificate_QualifierProperty
- type CfnCertificate_SubjectProperty
- type CfnCertificate_ValidityProperty
- type CfnPermission
- type CfnPermissionProps
- type ICertificateAuthority
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CfnCertificateAuthorityActivation_CFN_RESOURCE_TYPE_NAME ¶
func CfnCertificateAuthorityActivation_CFN_RESOURCE_TYPE_NAME() *string
func CfnCertificateAuthorityActivation_IsCfnElement ¶
func CfnCertificateAuthorityActivation_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnCertificateAuthorityActivation_IsCfnResource ¶
func CfnCertificateAuthorityActivation_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnCertificateAuthorityActivation_IsConstruct ¶
func CfnCertificateAuthorityActivation_IsConstruct(x interface{}) *bool
Return whether the given object is a Construct. Experimental.
func CfnCertificateAuthority_CFN_RESOURCE_TYPE_NAME ¶
func CfnCertificateAuthority_CFN_RESOURCE_TYPE_NAME() *string
func CfnCertificateAuthority_IsCfnElement ¶
func CfnCertificateAuthority_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnCertificateAuthority_IsCfnResource ¶
func CfnCertificateAuthority_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnCertificateAuthority_IsConstruct ¶
func CfnCertificateAuthority_IsConstruct(x interface{}) *bool
Return whether the given object is a Construct. Experimental.
func CfnCertificate_CFN_RESOURCE_TYPE_NAME ¶
func CfnCertificate_CFN_RESOURCE_TYPE_NAME() *string
func CfnCertificate_IsCfnElement ¶
func CfnCertificate_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnCertificate_IsCfnResource ¶
func CfnCertificate_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnCertificate_IsConstruct ¶
func CfnCertificate_IsConstruct(x interface{}) *bool
Return whether the given object is a Construct. Experimental.
func CfnPermission_CFN_RESOURCE_TYPE_NAME ¶
func CfnPermission_CFN_RESOURCE_TYPE_NAME() *string
func CfnPermission_IsCfnElement ¶
func CfnPermission_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnPermission_IsCfnResource ¶
func CfnPermission_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnPermission_IsConstruct ¶
func CfnPermission_IsConstruct(x interface{}) *bool
Return whether the given object is a Construct. Experimental.
func NewCfnCertificateAuthorityActivation_Override ¶
func NewCfnCertificateAuthorityActivation_Override(c CfnCertificateAuthorityActivation, scope awscdk.Construct, id *string, props *CfnCertificateAuthorityActivationProps)
Create a new `AWS::ACMPCA::CertificateAuthorityActivation`.
func NewCfnCertificateAuthority_Override ¶
func NewCfnCertificateAuthority_Override(c CfnCertificateAuthority, scope awscdk.Construct, id *string, props *CfnCertificateAuthorityProps)
Create a new `AWS::ACMPCA::CertificateAuthority`.
func NewCfnCertificate_Override ¶
func NewCfnCertificate_Override(c CfnCertificate, scope awscdk.Construct, id *string, props *CfnCertificateProps)
Create a new `AWS::ACMPCA::Certificate`.
func NewCfnPermission_Override ¶
func NewCfnPermission_Override(c CfnPermission, scope awscdk.Construct, id *string, props *CfnPermissionProps)
Create a new `AWS::ACMPCA::Permission`.
Types ¶
type CertificateAuthority ¶
type CertificateAuthority interface { }
Defines a Certificate for ACMPCA.
Example:
import acmpca "github.com/aws/aws-cdk-go/awscdk" var vpc vpc cluster := msk.NewCluster(this, jsii.String("Cluster"), &clusterProps{ clusterName: jsii.String("myCluster"), kafkaVersion: msk.kafkaVersion_V2_8_1(), vpc: vpc, encryptionInTransit: &encryptionInTransitConfig{ clientBroker: msk.clientBrokerEncryption_TLS, }, clientAuthentication: msk.clientAuthentication.tls(&tlsAuthProps{ certificateAuthorities: []iCertificateAuthority{ acmpca.certificateAuthority.fromCertificateAuthorityArn(this, jsii.String("CertificateAuthority"), jsii.String("arn:aws:acm-pca:us-west-2:1234567890:certificate-authority/11111111-1111-1111-1111-111111111111")), }, }), })
Experimental.
type CfnCertificate ¶
type CfnCertificate interface { awscdk.CfnResource awscdk.IInspectable // Specifies X.509 certificate information to be included in the issued certificate. An `APIPassthrough` or `APICSRPassthrough` template variant must be selected, or else this parameter is ignored. ApiPassthrough() interface{} SetApiPassthrough(val interface{}) // The Amazon Resource Name (ARN) of the issued certificate. AttrArn() *string // The issued Base64 PEM-encoded certificate. AttrCertificate() *string // The Amazon Resource Name (ARN) for the private CA issues the certificate. CertificateAuthorityArn() *string SetCertificateAuthorityArn(val *string) // The certificate signing request (CSR) for the certificate. CertificateSigningRequest() *string SetCertificateSigningRequest(val *string) // Options for this resource, such as condition, update policy etc. // Experimental. CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} // AWS resource type. // Experimental. CfnResourceType() *string // Returns: the stack trace of the point where this Resource was created from, sourced // from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most // node +internal+ entries filtered. // Experimental. CreationStack() *[]*string // The logical ID for this CloudFormation stack element. // // The logical ID of the element // is calculated from the path of the resource node in the construct tree. // // To override this value, use `overrideLogicalId(newLogicalId)`. // // Returns: the logical ID as a stringified token. This value will only get // resolved during synthesis. // Experimental. LogicalId() *string // The construct tree node associated with this construct. // Experimental. Node() awscdk.ConstructNode // Return a string that will be resolved to a CloudFormation `{ Ref }` for this element. // // If, by any chance, the intrinsic reference of a resource is not a string, you could // coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`. // Experimental. Ref() *string // The name of the algorithm that will be used to sign the certificate to be issued. // // This parameter should not be confused with the `SigningAlgorithm` parameter used to sign a CSR in the `CreateCertificateAuthority` action. // // > The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. SigningAlgorithm() *string SetSigningAlgorithm(val *string) // The stack in which this element is defined. // // CfnElements must be defined within a stack scope (directly or indirectly). // Experimental. Stack() awscdk.Stack // Specifies a custom configuration template to use when issuing a certificate. // // If this parameter is not provided, ACM Private CA defaults to the `EndEntityCertificate/V1` template. For more information about ACM Private CA templates, see [Using Templates](https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html) . TemplateArn() *string SetTemplateArn(val *string) // Return properties modified after initiation. // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. // Experimental. UpdatedProperites() *map[string]interface{} // The period of time during which the certificate will be valid. Validity() interface{} SetValidity(val interface{}) // Information describing the start of the validity period of the certificate. // // This parameter sets the “Not Before" date for the certificate. // // By default, when issuing a certificate, ACM Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The `ValidityNotBefore` parameter can be used to customize the “Not Before” value. // // Unlike the `Validity` parameter, the `ValidityNotBefore` parameter is optional. // // The `ValidityNotBefore` value is expressed as an explicit date and time, using the `Validity` type value `ABSOLUTE` . ValidityNotBefore() interface{} SetValidityNotBefore(val interface{}) // Syntactic sugar for `addOverride(path, undefined)`. // Experimental. AddDeletionOverride(path *string) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // // This can be used for resources across stacks (or nested stack) boundaries // and the dependency will automatically be transferred to the relevant scope. // Experimental. AddDependsOn(target awscdk.CfnResource) // Add a value to the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // // Experimental. AddMetadata(key *string, value interface{}) // Adds an override to the synthesized CloudFormation resource. // // To add a // property override, either use `addPropertyOverride` or prefix `path` with // "Properties." (i.e. `Properties.TopicName`). // // If the override is nested, separate each nested level using a dot (.) in the path parameter. // If there is an array as part of the nesting, specify the index in the path. // // To include a literal `.` in the property name, prefix with a `\`. In most // programming languages you will need to write this as `"\\."` because the // `\` itself will need to be escaped. // // For example, // “`typescript // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); // “` // would add the overrides // “`json // "Properties": { // "GlobalSecondaryIndexes": [ // { // "Projection": { // "NonKeyAttributes": [ "myattribute" ] // ... // } // ... // }, // { // "ProjectionType": "INCLUDE" // ... // }, // ] // ... // } // “` // // The `value` argument to `addOverride` will not be processed or translated // in any way. Pass raw JSON values in here with the correct capitalization // for CloudFormation. If you pass CDK classes or structs, they will be // rendered with lowercased key names, and CloudFormation will reject the // template. // Experimental. AddOverride(path *string, value interface{}) // Adds an override that deletes the value of a property from the resource definition. // Experimental. AddPropertyDeletionOverride(propertyPath *string) // Adds an override to a resource property. // // Syntactic sugar for `addOverride("Properties.<...>", value)`. // Experimental. AddPropertyOverride(propertyPath *string, value interface{}) // Sets the deletion policy of the resource based on the removal policy specified. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). // Experimental. ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) // Returns a token for an runtime attribute of this resource. // // Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility // in case there is no generated attribute. // Experimental. GetAtt(attributeName *string) awscdk.Reference // Retrieve a value value from the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // // Experimental. GetMetadata(key *string) interface{} // Examines the CloudFormation resource and discloses attributes. Inspect(inspector awscdk.TreeInspector) // Perform final modifications before synthesis. // // This method can be implemented by derived constructs in order to perform // final changes before synthesis. prepare() will be called after child // constructs have been prepared. // // This is an advanced framework feature. Only use this if you // understand the implications. // Experimental. OnPrepare() // Allows this construct to emit artifacts into the cloud assembly during synthesis. // // This method is usually implemented by framework-level constructs such as `Stack` and `Asset` // as they participate in synthesizing the cloud assembly. // Experimental. OnSynthesize(session constructs.ISynthesisSession) // Validate the current construct. // // This method can be implemented by derived constructs in order to perform // validation logic. It is called on all constructs before synthesis. // // Returns: An array of validation error messages, or an empty array if the construct is valid. // Experimental. OnValidate() *[]*string // Overrides the auto-generated logical ID with a specific ID. // Experimental. OverrideLogicalId(newLogicalId *string) // Perform final modifications before synthesis. // // This method can be implemented by derived constructs in order to perform // final changes before synthesis. prepare() will be called after child // constructs have been prepared. // // This is an advanced framework feature. Only use this if you // understand the implications. // Experimental. Prepare() RenderProperties(props *map[string]interface{}) *map[string]interface{} // Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template. // // Returns: `true` if the resource should be included or `false` is the resource // should be omitted. // Experimental. ShouldSynthesize() *bool // Allows this construct to emit artifacts into the cloud assembly during synthesis. // // This method is usually implemented by framework-level constructs such as `Stack` and `Asset` // as they participate in synthesizing the cloud assembly. // Experimental. Synthesize(session awscdk.ISynthesisSession) // Returns a string representation of this construct. // // Returns: a string representation of this resource. // Experimental. ToString() *string // Validate the current construct. // // This method can be implemented by derived constructs in order to perform // validation logic. It is called on all constructs before synthesis. // // Returns: An array of validation error messages, or an empty array if the construct is valid. // Experimental. Validate() *[]*string // Experimental. ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::ACMPCA::Certificate`.
The `AWS::ACMPCA::Certificate` resource is used to issue a certificate using your private certificate authority. For more information, see the [IssueCertificate](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html) action.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnCertificate := awscdk.Aws_acmpca.NewCfnCertificate(this, jsii.String("MyCfnCertificate"), &cfnCertificateProps{ certificateAuthorityArn: jsii.String("certificateAuthorityArn"), certificateSigningRequest: jsii.String("certificateSigningRequest"), signingAlgorithm: jsii.String("signingAlgorithm"), validity: &validityProperty{ type: jsii.String("type"), value: jsii.Number(123), }, // the properties below are optional apiPassthrough: &apiPassthroughProperty{ extensions: &extensionsProperty{ certificatePolicies: []interface{}{ &policyInformationProperty{ certPolicyId: jsii.String("certPolicyId"), // the properties below are optional policyQualifiers: []interface{}{ &policyQualifierInfoProperty{ policyQualifierId: jsii.String("policyQualifierId"), qualifier: &qualifierProperty{ cpsUri: jsii.String("cpsUri"), }, }, }, }, }, customExtensions: []interface{}{ &customExtensionProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), // the properties below are optional critical: jsii.Boolean(false), }, }, extendedKeyUsage: []interface{}{ &extendedKeyUsageProperty{ extendedKeyUsageObjectIdentifier: jsii.String("extendedKeyUsageObjectIdentifier"), extendedKeyUsageType: jsii.String("extendedKeyUsageType"), }, }, keyUsage: &keyUsageProperty{ crlSign: jsii.Boolean(false), dataEncipherment: jsii.Boolean(false), decipherOnly: jsii.Boolean(false), digitalSignature: jsii.Boolean(false), encipherOnly: jsii.Boolean(false), keyAgreement: jsii.Boolean(false), keyCertSign: jsii.Boolean(false), keyEncipherment: jsii.Boolean(false), nonRepudiation: jsii.Boolean(false), }, subjectAlternativeNames: []interface{}{ &generalNameProperty{ directoryName: &subjectProperty{ commonName: jsii.String("commonName"), country: jsii.String("country"), customAttributes: []interface{}{ &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }, }, distinguishedNameQualifier: jsii.String("distinguishedNameQualifier"), generationQualifier: jsii.String("generationQualifier"), givenName: jsii.String("givenName"), initials: jsii.String("initials"), locality: jsii.String("locality"), organization: jsii.String("organization"), organizationalUnit: jsii.String("organizationalUnit"), pseudonym: jsii.String("pseudonym"), serialNumber: jsii.String("serialNumber"), state: jsii.String("state"), surname: jsii.String("surname"), title: jsii.String("title"), }, dnsName: jsii.String("dnsName"), ediPartyName: &ediPartyNameProperty{ nameAssigner: jsii.String("nameAssigner"), partyName: jsii.String("partyName"), }, ipAddress: jsii.String("ipAddress"), otherName: &otherNameProperty{ typeId: jsii.String("typeId"), value: jsii.String("value"), }, registeredId: jsii.String("registeredId"), rfc822Name: jsii.String("rfc822Name"), uniformResourceIdentifier: jsii.String("uniformResourceIdentifier"), }, }, }, subject: &subjectProperty{ commonName: jsii.String("commonName"), country: jsii.String("country"), customAttributes: []interface{}{ &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }, }, distinguishedNameQualifier: jsii.String("distinguishedNameQualifier"), generationQualifier: jsii.String("generationQualifier"), givenName: jsii.String("givenName"), initials: jsii.String("initials"), locality: jsii.String("locality"), organization: jsii.String("organization"), organizationalUnit: jsii.String("organizationalUnit"), pseudonym: jsii.String("pseudonym"), serialNumber: jsii.String("serialNumber"), state: jsii.String("state"), surname: jsii.String("surname"), title: jsii.String("title"), }, }, templateArn: jsii.String("templateArn"), validityNotBefore: &validityProperty{ type: jsii.String("type"), value: jsii.Number(123), }, })
func NewCfnCertificate ¶
func NewCfnCertificate(scope awscdk.Construct, id *string, props *CfnCertificateProps) CfnCertificate
Create a new `AWS::ACMPCA::Certificate`.
type CfnCertificateAuthority ¶
type CfnCertificateAuthority interface { awscdk.CfnResource awscdk.IInspectable // The Amazon Resource Name (ARN) for the private CA that issued the certificate. AttrArn() *string // The Base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate. AttrCertificateSigningRequest() *string // Options for this resource, such as condition, update policy etc. // Experimental. CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} // AWS resource type. // Experimental. CfnResourceType() *string // Returns: the stack trace of the point where this Resource was created from, sourced // from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most // node +internal+ entries filtered. // Experimental. CreationStack() *[]*string // Specifies information to be added to the extension section of the certificate signing request (CSR). CsrExtensions() interface{} SetCsrExtensions(val interface{}) // Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. // // When you create a subordinate CA, you must use a key algorithm supported by the parent CA. KeyAlgorithm() *string SetKeyAlgorithm(val *string) // Specifies a cryptographic key management compliance standard used for handling CA keys. // // Default: FIPS_140_2_LEVEL_3_OR_HIGHER // // *Note:* `FIPS_140_2_LEVEL_3_OR_HIGHER` is not supported in the following Regions: // // - ap-northeast-3 // - ap-southeast-3 // // When creating a CA in these Regions, you must provide `FIPS_140_2_LEVEL_2_OR_HIGHER` as the argument for `KeyStorageSecurityStandard` . Failure to do this results in an `InvalidArgsException` with the message, "A certificate authority cannot be created in this region with the specified security standard." KeyStorageSecurityStandard() *string SetKeyStorageSecurityStandard(val *string) // The logical ID for this CloudFormation stack element. // // The logical ID of the element // is calculated from the path of the resource node in the construct tree. // // To override this value, use `overrideLogicalId(newLogicalId)`. // // Returns: the logical ID as a stringified token. This value will only get // resolved during synthesis. // Experimental. LogicalId() *string // The construct tree node associated with this construct. // Experimental. Node() awscdk.ConstructNode // Return a string that will be resolved to a CloudFormation `{ Ref }` for this element. // // If, by any chance, the intrinsic reference of a resource is not a string, you could // coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`. // Experimental. Ref() *string // Information about the certificate revocation list (CRL) created and maintained by your private CA. // // Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked. RevocationConfiguration() interface{} SetRevocationConfiguration(val interface{}) // Name of the algorithm your private CA uses to sign certificate requests. // // This parameter should not be confused with the `SigningAlgorithm` parameter used to sign certificates when they are issued. SigningAlgorithm() *string SetSigningAlgorithm(val *string) // The stack in which this element is defined. // // CfnElements must be defined within a stack scope (directly or indirectly). // Experimental. Stack() awscdk.Stack // Structure that contains X.500 distinguished name information for your private CA. Subject() interface{} SetSubject(val interface{}) // Key-value pairs that will be attached to the new private CA. // // You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see [Controlling Access Using IAM Tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html) . Tags() awscdk.TagManager // Type of your private CA. Type() *string SetType(val *string) // Return properties modified after initiation. // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. // Experimental. UpdatedProperites() *map[string]interface{} // Syntactic sugar for `addOverride(path, undefined)`. // Experimental. AddDeletionOverride(path *string) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // // This can be used for resources across stacks (or nested stack) boundaries // and the dependency will automatically be transferred to the relevant scope. // Experimental. AddDependsOn(target awscdk.CfnResource) // Add a value to the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // // Experimental. AddMetadata(key *string, value interface{}) // Adds an override to the synthesized CloudFormation resource. // // To add a // property override, either use `addPropertyOverride` or prefix `path` with // "Properties." (i.e. `Properties.TopicName`). // // If the override is nested, separate each nested level using a dot (.) in the path parameter. // If there is an array as part of the nesting, specify the index in the path. // // To include a literal `.` in the property name, prefix with a `\`. In most // programming languages you will need to write this as `"\\."` because the // `\` itself will need to be escaped. // // For example, // “`typescript // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); // “` // would add the overrides // “`json // "Properties": { // "GlobalSecondaryIndexes": [ // { // "Projection": { // "NonKeyAttributes": [ "myattribute" ] // ... // } // ... // }, // { // "ProjectionType": "INCLUDE" // ... // }, // ] // ... // } // “` // // The `value` argument to `addOverride` will not be processed or translated // in any way. Pass raw JSON values in here with the correct capitalization // for CloudFormation. If you pass CDK classes or structs, they will be // rendered with lowercased key names, and CloudFormation will reject the // template. // Experimental. AddOverride(path *string, value interface{}) // Adds an override that deletes the value of a property from the resource definition. // Experimental. AddPropertyDeletionOverride(propertyPath *string) // Adds an override to a resource property. // // Syntactic sugar for `addOverride("Properties.<...>", value)`. // Experimental. AddPropertyOverride(propertyPath *string, value interface{}) // Sets the deletion policy of the resource based on the removal policy specified. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). // Experimental. ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) // Returns a token for an runtime attribute of this resource. // // Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility // in case there is no generated attribute. // Experimental. GetAtt(attributeName *string) awscdk.Reference // Retrieve a value value from the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // // Experimental. GetMetadata(key *string) interface{} // Examines the CloudFormation resource and discloses attributes. Inspect(inspector awscdk.TreeInspector) // Perform final modifications before synthesis. // // This method can be implemented by derived constructs in order to perform // final changes before synthesis. prepare() will be called after child // constructs have been prepared. // // This is an advanced framework feature. Only use this if you // understand the implications. // Experimental. OnPrepare() // Allows this construct to emit artifacts into the cloud assembly during synthesis. // // This method is usually implemented by framework-level constructs such as `Stack` and `Asset` // as they participate in synthesizing the cloud assembly. // Experimental. OnSynthesize(session constructs.ISynthesisSession) // Validate the current construct. // // This method can be implemented by derived constructs in order to perform // validation logic. It is called on all constructs before synthesis. // // Returns: An array of validation error messages, or an empty array if the construct is valid. // Experimental. OnValidate() *[]*string // Overrides the auto-generated logical ID with a specific ID. // Experimental. OverrideLogicalId(newLogicalId *string) // Perform final modifications before synthesis. // // This method can be implemented by derived constructs in order to perform // final changes before synthesis. prepare() will be called after child // constructs have been prepared. // // This is an advanced framework feature. Only use this if you // understand the implications. // Experimental. Prepare() RenderProperties(props *map[string]interface{}) *map[string]interface{} // Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template. // // Returns: `true` if the resource should be included or `false` is the resource // should be omitted. // Experimental. ShouldSynthesize() *bool // Allows this construct to emit artifacts into the cloud assembly during synthesis. // // This method is usually implemented by framework-level constructs such as `Stack` and `Asset` // as they participate in synthesizing the cloud assembly. // Experimental. Synthesize(session awscdk.ISynthesisSession) // Returns a string representation of this construct. // // Returns: a string representation of this resource. // Experimental. ToString() *string // Validate the current construct. // // This method can be implemented by derived constructs in order to perform // validation logic. It is called on all constructs before synthesis. // // Returns: An array of validation error messages, or an empty array if the construct is valid. // Experimental. Validate() *[]*string // Experimental. ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::ACMPCA::CertificateAuthority`.
Use the `AWS::ACMPCA::CertificateAuthority` resource to create a private CA. Once the CA exists, you can use the `AWS::ACMPCA::Certificate` resource to issue a new CA certificate. Alternatively, you can issue a CA certificate using an on-premises CA, and then use the `AWS::ACMPCA::CertificateAuthorityActivation` resource to import the new CA certificate and activate the CA.
> Before removing a `AWS::ACMPCA::CertificateAuthority` resource from the CloudFormation stack, disable the affected CA. Otherwise, the action will fail. You can disable the CA by removing its associated `AWS::ACMPCA::CertificateAuthorityActivation` resource from CloudFormation.
Example:
cfnCertificateAuthority := acmpca.NewCfnCertificateAuthority(this, jsii.String("CA"), &cfnCertificateAuthorityProps{ type: jsii.String("ROOT"), keyAlgorithm: jsii.String("RSA_2048"), signingAlgorithm: jsii.String("SHA256WITHRSA"), subject: &subjectProperty{ country: jsii.String("US"), organization: jsii.String("string"), organizationalUnit: jsii.String("string"), distinguishedNameQualifier: jsii.String("string"), state: jsii.String("string"), commonName: jsii.String("123"), serialNumber: jsii.String("string"), locality: jsii.String("string"), title: jsii.String("string"), surname: jsii.String("string"), givenName: jsii.String("string"), initials: jsii.String("DG"), pseudonym: jsii.String("string"), generationQualifier: jsii.String("DBG"), }, })
func NewCfnCertificateAuthority ¶
func NewCfnCertificateAuthority(scope awscdk.Construct, id *string, props *CfnCertificateAuthorityProps) CfnCertificateAuthority
Create a new `AWS::ACMPCA::CertificateAuthority`.
type CfnCertificateAuthorityActivation ¶
type CfnCertificateAuthorityActivation interface { awscdk.CfnResource awscdk.IInspectable // The complete Base64 PEM-encoded certificate chain, including the certificate authority certificate. AttrCompleteCertificateChain() *string // The Base64 PEM-encoded certificate authority certificate. Certificate() *string SetCertificate(val *string) // The Amazon Resource Name (ARN) of your private CA. CertificateAuthorityArn() *string SetCertificateAuthorityArn(val *string) // The Base64 PEM-encoded certificate chain that chains up to the root CA certificate that you used to sign your private CA certificate. CertificateChain() *string SetCertificateChain(val *string) // Options for this resource, such as condition, update policy etc. // Experimental. CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} // AWS resource type. // Experimental. CfnResourceType() *string // Returns: the stack trace of the point where this Resource was created from, sourced // from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most // node +internal+ entries filtered. // Experimental. CreationStack() *[]*string // The logical ID for this CloudFormation stack element. // // The logical ID of the element // is calculated from the path of the resource node in the construct tree. // // To override this value, use `overrideLogicalId(newLogicalId)`. // // Returns: the logical ID as a stringified token. This value will only get // resolved during synthesis. // Experimental. LogicalId() *string // The construct tree node associated with this construct. // Experimental. Node() awscdk.ConstructNode // Return a string that will be resolved to a CloudFormation `{ Ref }` for this element. // // If, by any chance, the intrinsic reference of a resource is not a string, you could // coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`. // Experimental. Ref() *string // The stack in which this element is defined. // // CfnElements must be defined within a stack scope (directly or indirectly). // Experimental. Stack() awscdk.Stack // Status of your private CA. Status() *string SetStatus(val *string) // Return properties modified after initiation. // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. // Experimental. UpdatedProperites() *map[string]interface{} // Syntactic sugar for `addOverride(path, undefined)`. // Experimental. AddDeletionOverride(path *string) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // // This can be used for resources across stacks (or nested stack) boundaries // and the dependency will automatically be transferred to the relevant scope. // Experimental. AddDependsOn(target awscdk.CfnResource) // Add a value to the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // // Experimental. AddMetadata(key *string, value interface{}) // Adds an override to the synthesized CloudFormation resource. // // To add a // property override, either use `addPropertyOverride` or prefix `path` with // "Properties." (i.e. `Properties.TopicName`). // // If the override is nested, separate each nested level using a dot (.) in the path parameter. // If there is an array as part of the nesting, specify the index in the path. // // To include a literal `.` in the property name, prefix with a `\`. In most // programming languages you will need to write this as `"\\."` because the // `\` itself will need to be escaped. // // For example, // “`typescript // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); // “` // would add the overrides // “`json // "Properties": { // "GlobalSecondaryIndexes": [ // { // "Projection": { // "NonKeyAttributes": [ "myattribute" ] // ... // } // ... // }, // { // "ProjectionType": "INCLUDE" // ... // }, // ] // ... // } // “` // // The `value` argument to `addOverride` will not be processed or translated // in any way. Pass raw JSON values in here with the correct capitalization // for CloudFormation. If you pass CDK classes or structs, they will be // rendered with lowercased key names, and CloudFormation will reject the // template. // Experimental. AddOverride(path *string, value interface{}) // Adds an override that deletes the value of a property from the resource definition. // Experimental. AddPropertyDeletionOverride(propertyPath *string) // Adds an override to a resource property. // // Syntactic sugar for `addOverride("Properties.<...>", value)`. // Experimental. AddPropertyOverride(propertyPath *string, value interface{}) // Sets the deletion policy of the resource based on the removal policy specified. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). // Experimental. ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) // Returns a token for an runtime attribute of this resource. // // Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility // in case there is no generated attribute. // Experimental. GetAtt(attributeName *string) awscdk.Reference // Retrieve a value value from the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // // Experimental. GetMetadata(key *string) interface{} // Examines the CloudFormation resource and discloses attributes. Inspect(inspector awscdk.TreeInspector) // Perform final modifications before synthesis. // // This method can be implemented by derived constructs in order to perform // final changes before synthesis. prepare() will be called after child // constructs have been prepared. // // This is an advanced framework feature. Only use this if you // understand the implications. // Experimental. OnPrepare() // Allows this construct to emit artifacts into the cloud assembly during synthesis. // // This method is usually implemented by framework-level constructs such as `Stack` and `Asset` // as they participate in synthesizing the cloud assembly. // Experimental. OnSynthesize(session constructs.ISynthesisSession) // Validate the current construct. // // This method can be implemented by derived constructs in order to perform // validation logic. It is called on all constructs before synthesis. // // Returns: An array of validation error messages, or an empty array if the construct is valid. // Experimental. OnValidate() *[]*string // Overrides the auto-generated logical ID with a specific ID. // Experimental. OverrideLogicalId(newLogicalId *string) // Perform final modifications before synthesis. // // This method can be implemented by derived constructs in order to perform // final changes before synthesis. prepare() will be called after child // constructs have been prepared. // // This is an advanced framework feature. Only use this if you // understand the implications. // Experimental. Prepare() RenderProperties(props *map[string]interface{}) *map[string]interface{} // Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template. // // Returns: `true` if the resource should be included or `false` is the resource // should be omitted. // Experimental. ShouldSynthesize() *bool // Allows this construct to emit artifacts into the cloud assembly during synthesis. // // This method is usually implemented by framework-level constructs such as `Stack` and `Asset` // as they participate in synthesizing the cloud assembly. // Experimental. Synthesize(session awscdk.ISynthesisSession) // Returns a string representation of this construct. // // Returns: a string representation of this resource. // Experimental. ToString() *string // Validate the current construct. // // This method can be implemented by derived constructs in order to perform // validation logic. It is called on all constructs before synthesis. // // Returns: An array of validation error messages, or an empty array if the construct is valid. // Experimental. Validate() *[]*string // Experimental. ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::ACMPCA::CertificateAuthorityActivation`.
The `AWS::ACMPCA::CertificateAuthorityActivation` resource creates and installs a CA certificate on a CA. If no status is specified, the `AWS::ACMPCA::CertificateAuthorityActivation` resource status defaults to ACTIVE. Once the CA has a CA certificate installed, you can use the resource to toggle the CA status field between `ACTIVE` and `DISABLED` .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnCertificateAuthorityActivation := awscdk.Aws_acmpca.NewCfnCertificateAuthorityActivation(this, jsii.String("MyCfnCertificateAuthorityActivation"), &cfnCertificateAuthorityActivationProps{ certificate: jsii.String("certificate"), certificateAuthorityArn: jsii.String("certificateAuthorityArn"), // the properties below are optional certificateChain: jsii.String("certificateChain"), status: jsii.String("status"), })
func NewCfnCertificateAuthorityActivation ¶
func NewCfnCertificateAuthorityActivation(scope awscdk.Construct, id *string, props *CfnCertificateAuthorityActivationProps) CfnCertificateAuthorityActivation
Create a new `AWS::ACMPCA::CertificateAuthorityActivation`.
type CfnCertificateAuthorityActivationProps ¶
type CfnCertificateAuthorityActivationProps struct { // The Base64 PEM-encoded certificate authority certificate. Certificate *string `field:"required" json:"certificate" yaml:"certificate"` // The Amazon Resource Name (ARN) of your private CA. CertificateAuthorityArn *string `field:"required" json:"certificateAuthorityArn" yaml:"certificateAuthorityArn"` // The Base64 PEM-encoded certificate chain that chains up to the root CA certificate that you used to sign your private CA certificate. CertificateChain *string `field:"optional" json:"certificateChain" yaml:"certificateChain"` // Status of your private CA. Status *string `field:"optional" json:"status" yaml:"status"` }
Properties for defining a `CfnCertificateAuthorityActivation`.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnCertificateAuthorityActivationProps := &cfnCertificateAuthorityActivationProps{ certificate: jsii.String("certificate"), certificateAuthorityArn: jsii.String("certificateAuthorityArn"), // the properties below are optional certificateChain: jsii.String("certificateChain"), status: jsii.String("status"), }
type CfnCertificateAuthorityProps ¶
type CfnCertificateAuthorityProps struct { // Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. // // When you create a subordinate CA, you must use a key algorithm supported by the parent CA. KeyAlgorithm *string `field:"required" json:"keyAlgorithm" yaml:"keyAlgorithm"` // Name of the algorithm your private CA uses to sign certificate requests. // // This parameter should not be confused with the `SigningAlgorithm` parameter used to sign certificates when they are issued. SigningAlgorithm *string `field:"required" json:"signingAlgorithm" yaml:"signingAlgorithm"` // Structure that contains X.500 distinguished name information for your private CA. Subject interface{} `field:"required" json:"subject" yaml:"subject"` // Type of your private CA. Type *string `field:"required" json:"type" yaml:"type"` // Specifies information to be added to the extension section of the certificate signing request (CSR). CsrExtensions interface{} `field:"optional" json:"csrExtensions" yaml:"csrExtensions"` // Specifies a cryptographic key management compliance standard used for handling CA keys. // // Default: FIPS_140_2_LEVEL_3_OR_HIGHER // // *Note:* `FIPS_140_2_LEVEL_3_OR_HIGHER` is not supported in the following Regions: // // - ap-northeast-3 // - ap-southeast-3 // // When creating a CA in these Regions, you must provide `FIPS_140_2_LEVEL_2_OR_HIGHER` as the argument for `KeyStorageSecurityStandard` . Failure to do this results in an `InvalidArgsException` with the message, "A certificate authority cannot be created in this region with the specified security standard." KeyStorageSecurityStandard *string `field:"optional" json:"keyStorageSecurityStandard" yaml:"keyStorageSecurityStandard"` // Information about the certificate revocation list (CRL) created and maintained by your private CA. // // Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked. RevocationConfiguration interface{} `field:"optional" json:"revocationConfiguration" yaml:"revocationConfiguration"` // Key-value pairs that will be attached to the new private CA. // // You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see [Controlling Access Using IAM Tags](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html) . Tags *[]*awscdk.CfnTag `field:"optional" json:"tags" yaml:"tags"` }
Properties for defining a `CfnCertificateAuthority`.
Example:
cfnCertificateAuthority := acmpca.NewCfnCertificateAuthority(this, jsii.String("CA"), &cfnCertificateAuthorityProps{ type: jsii.String("ROOT"), keyAlgorithm: jsii.String("RSA_2048"), signingAlgorithm: jsii.String("SHA256WITHRSA"), subject: &subjectProperty{ country: jsii.String("US"), organization: jsii.String("string"), organizationalUnit: jsii.String("string"), distinguishedNameQualifier: jsii.String("string"), state: jsii.String("string"), commonName: jsii.String("123"), serialNumber: jsii.String("string"), locality: jsii.String("string"), title: jsii.String("string"), surname: jsii.String("string"), givenName: jsii.String("string"), initials: jsii.String("DG"), pseudonym: jsii.String("string"), generationQualifier: jsii.String("DBG"), }, })
type CfnCertificateAuthority_AccessDescriptionProperty ¶
type CfnCertificateAuthority_AccessDescriptionProperty struct { // The location of `AccessDescription` information. AccessLocation interface{} `field:"required" json:"accessLocation" yaml:"accessLocation"` // The type and format of `AccessDescription` information. AccessMethod interface{} `field:"required" json:"accessMethod" yaml:"accessMethod"` }
Provides access information used by the `authorityInfoAccess` and `subjectInfoAccess` extensions described in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" accessDescriptionProperty := &accessDescriptionProperty{ accessLocation: &generalNameProperty{ directoryName: &subjectProperty{ commonName: jsii.String("commonName"), country: jsii.String("country"), customAttributes: []interface{}{ &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }, }, distinguishedNameQualifier: jsii.String("distinguishedNameQualifier"), generationQualifier: jsii.String("generationQualifier"), givenName: jsii.String("givenName"), initials: jsii.String("initials"), locality: jsii.String("locality"), organization: jsii.String("organization"), organizationalUnit: jsii.String("organizationalUnit"), pseudonym: jsii.String("pseudonym"), serialNumber: jsii.String("serialNumber"), state: jsii.String("state"), surname: jsii.String("surname"), title: jsii.String("title"), }, dnsName: jsii.String("dnsName"), ediPartyName: &ediPartyNameProperty{ nameAssigner: jsii.String("nameAssigner"), partyName: jsii.String("partyName"), }, ipAddress: jsii.String("ipAddress"), otherName: &otherNameProperty{ typeId: jsii.String("typeId"), value: jsii.String("value"), }, registeredId: jsii.String("registeredId"), rfc822Name: jsii.String("rfc822Name"), uniformResourceIdentifier: jsii.String("uniformResourceIdentifier"), }, accessMethod: &accessMethodProperty{ accessMethodType: jsii.String("accessMethodType"), customObjectIdentifier: jsii.String("customObjectIdentifier"), }, }
type CfnCertificateAuthority_AccessMethodProperty ¶
type CfnCertificateAuthority_AccessMethodProperty struct { // Specifies the `AccessMethod` . AccessMethodType *string `field:"optional" json:"accessMethodType" yaml:"accessMethodType"` // An object identifier (OID) specifying the `AccessMethod` . // // The OID must satisfy the regular expression shown below. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) . CustomObjectIdentifier *string `field:"optional" json:"customObjectIdentifier" yaml:"customObjectIdentifier"` }
Describes the type and format of extension access.
Only one of `CustomObjectIdentifier` or `AccessMethodType` may be provided. Providing both results in `InvalidArgsException` .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" accessMethodProperty := &accessMethodProperty{ accessMethodType: jsii.String("accessMethodType"), customObjectIdentifier: jsii.String("customObjectIdentifier"), }
type CfnCertificateAuthority_CrlConfigurationProperty ¶
type CfnCertificateAuthority_CrlConfigurationProperty struct { // Name inserted into the certificate *CRL Distribution Points* extension that enables the use of an alias for the CRL distribution point. // // Use this value if you don't want the name of your S3 bucket to be public. CustomCname *string `field:"optional" json:"customCname" yaml:"customCname"` // Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. // // You can use this value to enable certificate revocation for a new CA when you call the `CreateCertificateAuthority` operation or for an existing CA when you call the `UpdateCertificateAuthority` operation. Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"` // Validity period of the CRL in days. ExpirationInDays *float64 `field:"optional" json:"expirationInDays" yaml:"expirationInDays"` // Name of the S3 bucket that contains the CRL. // // If you do not provide a value for the *CustomCname* argument, the name of your S3 bucket is placed into the *CRL Distribution Points* extension of the issued certificate. You can change the name of your bucket by calling the [UpdateCertificateAuthority](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html) operation. You must specify a [bucket policy](https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies) that allows ACM Private CA to write the CRL to your bucket. S3BucketName *string `field:"optional" json:"s3BucketName" yaml:"s3BucketName"` // Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. // // If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access. // // If no value is specified, the default is PUBLIC_READ. // // > This default can cause CA creation to fail in some circumstances. If you have enabled the Block Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as `BUCKET_OWNER_FULL_CONTROL` , and not doing so results in an error. If you have disabled BPA in S3, then you can specify either `BUCKET_OWNER_FULL_CONTROL` or `PUBLIC_READ` as the value. // // For more information, see [Blocking public access to the S3 bucket](https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-bpa) . S3ObjectAcl *string `field:"optional" json:"s3ObjectAcl" yaml:"s3ObjectAcl"` }
Contains configuration information for a certificate revocation list (CRL).
Your private certificate authority (CA) creates base CRLs. Delta CRLs are not supported. You can enable CRLs for your new or an existing private CA by setting the *Enabled* parameter to `true` . Your private CA writes CRLs to an S3 bucket that you specify in the *S3BucketName* parameter. You can hide the name of your bucket by specifying a value for the *CustomCname* parameter. Your private CA copies the CNAME or the S3 bucket name to the *CRL Distribution Points* extension of each certificate it issues. Your S3 bucket policy must give write permission to ACM Private CA.
ACM Private CA assets that are stored in Amazon S3 can be protected with encryption. For more information, see [Encrypting Your CRLs](https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption) .
Your private CA uses the value in the *ExpirationInDays* parameter to calculate the *nextUpdate* field in the CRL. The CRL is refreshed prior to a certificate's expiration date or when a certificate is revoked. When a certificate is revoked, it appears in the CRL until the certificate expires, and then in one additional CRL after expiration, and it always appears in the audit report.
A CRL is typically updated approximately 30 minutes after a certificate is revoked. If for any reason a CRL update fails, ACM Private CA makes further attempts every 15 minutes.
CRLs contain the following fields:
- *Version* : The current version number defined in RFC 5280 is V2. The integer value is 0x1. - *Signature Algorithm* : The name of the algorithm used to sign the CRL. - *Issuer* : The X.500 distinguished name of your private CA that issued the CRL. - *Last Update* : The issue date and time of this CRL. - *Next Update* : The day and time by which the next CRL will be issued. - *Revoked Certificates* : List of revoked certificates. Each list item contains the following information.
- *Serial Number* : The serial number, in hexadecimal format, of the revoked certificate. - *Revocation Date* : Date and time the certificate was revoked. - *CRL Entry Extensions* : Optional extensions for the CRL entry.
- *X509v3 CRL Reason Code* : Reason the certificate was revoked. - *CRL Extensions* : Optional extensions for the CRL.
- *X509v3 Authority Key Identifier* : Identifies the public key associated with the private key used to sign the certificate. - *X509v3 CRL Number:* : Decimal sequence number for the CRL. - *Signature Algorithm* : Algorithm used by your private CA to sign the CRL. - *Signature Value* : Signature computed over the CRL.
Certificate revocation lists created by ACM Private CA are DER-encoded. You can use the following OpenSSL command to list a CRL.
`openssl crl -inform DER -text -in *crl_path* -noout`
For more information, see [Planning a certificate revocation list (CRL)](https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html) in the *AWS Certificate Manager Private Certificate Authority (PCA) User Guide*
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" crlConfigurationProperty := &crlConfigurationProperty{ customCname: jsii.String("customCname"), enabled: jsii.Boolean(false), expirationInDays: jsii.Number(123), s3BucketName: jsii.String("s3BucketName"), s3ObjectAcl: jsii.String("s3ObjectAcl"), }
type CfnCertificateAuthority_CsrExtensionsProperty ¶
type CfnCertificateAuthority_CsrExtensionsProperty struct { // Indicates the purpose of the certificate and of the key contained in the certificate. KeyUsage interface{} `field:"optional" json:"keyUsage" yaml:"keyUsage"` // For CA certificates, provides a path to additional information pertaining to the CA, such as revocation and policy. // // For more information, see [Subject Information Access](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.2) in RFC 5280. SubjectInformationAccess interface{} `field:"optional" json:"subjectInformationAccess" yaml:"subjectInformationAccess"` }
Describes the certificate extensions to be added to the certificate signing request (CSR).
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" csrExtensionsProperty := &csrExtensionsProperty{ keyUsage: &keyUsageProperty{ crlSign: jsii.Boolean(false), dataEncipherment: jsii.Boolean(false), decipherOnly: jsii.Boolean(false), digitalSignature: jsii.Boolean(false), encipherOnly: jsii.Boolean(false), keyAgreement: jsii.Boolean(false), keyCertSign: jsii.Boolean(false), keyEncipherment: jsii.Boolean(false), nonRepudiation: jsii.Boolean(false), }, subjectInformationAccess: []interface{}{ &accessDescriptionProperty{ accessLocation: &generalNameProperty{ directoryName: &subjectProperty{ commonName: jsii.String("commonName"), country: jsii.String("country"), customAttributes: []interface{}{ &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }, }, distinguishedNameQualifier: jsii.String("distinguishedNameQualifier"), generationQualifier: jsii.String("generationQualifier"), givenName: jsii.String("givenName"), initials: jsii.String("initials"), locality: jsii.String("locality"), organization: jsii.String("organization"), organizationalUnit: jsii.String("organizationalUnit"), pseudonym: jsii.String("pseudonym"), serialNumber: jsii.String("serialNumber"), state: jsii.String("state"), surname: jsii.String("surname"), title: jsii.String("title"), }, dnsName: jsii.String("dnsName"), ediPartyName: &ediPartyNameProperty{ nameAssigner: jsii.String("nameAssigner"), partyName: jsii.String("partyName"), }, ipAddress: jsii.String("ipAddress"), otherName: &otherNameProperty{ typeId: jsii.String("typeId"), value: jsii.String("value"), }, registeredId: jsii.String("registeredId"), rfc822Name: jsii.String("rfc822Name"), uniformResourceIdentifier: jsii.String("uniformResourceIdentifier"), }, accessMethod: &accessMethodProperty{ accessMethodType: jsii.String("accessMethodType"), customObjectIdentifier: jsii.String("customObjectIdentifier"), }, }, }, }
type CfnCertificateAuthority_CustomAttributeProperty ¶
type CfnCertificateAuthority_CustomAttributeProperty struct { // Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN). ObjectIdentifier *string `field:"required" json:"objectIdentifier" yaml:"objectIdentifier"` // Specifies the attribute value of relative distinguished name (RDN). Value *string `field:"required" json:"value" yaml:"value"` }
Defines the X.500 relative distinguished name (RDN).
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" customAttributeProperty := &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }
type CfnCertificateAuthority_EdiPartyNameProperty ¶
type CfnCertificateAuthority_EdiPartyNameProperty struct { // Specifies the name assigner. NameAssigner *string `field:"required" json:"nameAssigner" yaml:"nameAssigner"` // Specifies the party name. PartyName *string `field:"required" json:"partyName" yaml:"partyName"` }
Describes an Electronic Data Interchange (EDI) entity as described in as defined in [Subject Alternative Name](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) in RFC 5280.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" ediPartyNameProperty := &ediPartyNameProperty{ nameAssigner: jsii.String("nameAssigner"), partyName: jsii.String("partyName"), }
type CfnCertificateAuthority_GeneralNameProperty ¶
type CfnCertificateAuthority_GeneralNameProperty struct { // Contains information about the certificate subject. // // The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity. DirectoryName interface{} `field:"optional" json:"directoryName" yaml:"directoryName"` // Represents `GeneralName` as a DNS name. DnsName *string `field:"optional" json:"dnsName" yaml:"dnsName"` // Represents `GeneralName` as an `EdiPartyName` object. EdiPartyName interface{} `field:"optional" json:"ediPartyName" yaml:"ediPartyName"` // Represents `GeneralName` as an IPv4 or IPv6 address. IpAddress *string `field:"optional" json:"ipAddress" yaml:"ipAddress"` // Represents `GeneralName` using an `OtherName` object. OtherName interface{} `field:"optional" json:"otherName" yaml:"otherName"` // Represents `GeneralName` as an object identifier (OID). RegisteredId *string `field:"optional" json:"registeredId" yaml:"registeredId"` // Represents `GeneralName` as an [RFC 822](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc822) email address. Rfc822Name *string `field:"optional" json:"rfc822Name" yaml:"rfc822Name"` // Represents `GeneralName` as a URI. UniformResourceIdentifier *string `field:"optional" json:"uniformResourceIdentifier" yaml:"uniformResourceIdentifier"` }
Describes an ASN.1 X.400 `GeneralName` as defined in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) . Only one of the following naming options should be provided. Providing more than one option results in an `InvalidArgsException` error.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" generalNameProperty := &generalNameProperty{ directoryName: &subjectProperty{ commonName: jsii.String("commonName"), country: jsii.String("country"), customAttributes: []interface{}{ &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }, }, distinguishedNameQualifier: jsii.String("distinguishedNameQualifier"), generationQualifier: jsii.String("generationQualifier"), givenName: jsii.String("givenName"), initials: jsii.String("initials"), locality: jsii.String("locality"), organization: jsii.String("organization"), organizationalUnit: jsii.String("organizationalUnit"), pseudonym: jsii.String("pseudonym"), serialNumber: jsii.String("serialNumber"), state: jsii.String("state"), surname: jsii.String("surname"), title: jsii.String("title"), }, dnsName: jsii.String("dnsName"), ediPartyName: &ediPartyNameProperty{ nameAssigner: jsii.String("nameAssigner"), partyName: jsii.String("partyName"), }, ipAddress: jsii.String("ipAddress"), otherName: &otherNameProperty{ typeId: jsii.String("typeId"), value: jsii.String("value"), }, registeredId: jsii.String("registeredId"), rfc822Name: jsii.String("rfc822Name"), uniformResourceIdentifier: jsii.String("uniformResourceIdentifier"), }
type CfnCertificateAuthority_KeyUsageProperty ¶
type CfnCertificateAuthority_KeyUsageProperty struct { // Key can be used to sign CRLs. CrlSign interface{} `field:"optional" json:"crlSign" yaml:"crlSign"` // Key can be used to decipher data. DataEncipherment interface{} `field:"optional" json:"dataEncipherment" yaml:"dataEncipherment"` // Key can be used only to decipher data. DecipherOnly interface{} `field:"optional" json:"decipherOnly" yaml:"decipherOnly"` // Key can be used for digital signing. DigitalSignature interface{} `field:"optional" json:"digitalSignature" yaml:"digitalSignature"` // Key can be used only to encipher data. EncipherOnly interface{} `field:"optional" json:"encipherOnly" yaml:"encipherOnly"` // Key can be used in a key-agreement protocol. KeyAgreement interface{} `field:"optional" json:"keyAgreement" yaml:"keyAgreement"` // Key can be used to sign certificates. KeyCertSign interface{} `field:"optional" json:"keyCertSign" yaml:"keyCertSign"` // Key can be used to encipher data. KeyEncipherment interface{} `field:"optional" json:"keyEncipherment" yaml:"keyEncipherment"` // Key can be used for non-repudiation. NonRepudiation interface{} `field:"optional" json:"nonRepudiation" yaml:"nonRepudiation"` }
Defines one or more purposes for which the key contained in the certificate can be used.
Default value for each option is false.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" keyUsageProperty := &keyUsageProperty{ crlSign: jsii.Boolean(false), dataEncipherment: jsii.Boolean(false), decipherOnly: jsii.Boolean(false), digitalSignature: jsii.Boolean(false), encipherOnly: jsii.Boolean(false), keyAgreement: jsii.Boolean(false), keyCertSign: jsii.Boolean(false), keyEncipherment: jsii.Boolean(false), nonRepudiation: jsii.Boolean(false), }
type CfnCertificateAuthority_OcspConfigurationProperty ¶
type CfnCertificateAuthority_OcspConfigurationProperty struct { // Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status. Enabled interface{} `field:"optional" json:"enabled" yaml:"enabled"` // By default, ACM Private CA injects an Amazon domain into certificates being validated by the Online Certificate Status Protocol (OCSP). // // A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain. // // Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://". OcspCustomCname *string `field:"optional" json:"ocspCustomCname" yaml:"ocspCustomCname"` }
Contains information to enable and configure Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" ocspConfigurationProperty := &ocspConfigurationProperty{ enabled: jsii.Boolean(false), ocspCustomCname: jsii.String("ocspCustomCname"), }
type CfnCertificateAuthority_OtherNameProperty ¶
type CfnCertificateAuthority_OtherNameProperty struct { // Specifies an OID. TypeId *string `field:"required" json:"typeId" yaml:"typeId"` // Specifies an OID value. Value *string `field:"required" json:"value" yaml:"value"` }
Defines a custom ASN.1 X.400 `GeneralName` using an object identifier (OID) and value. The OID must satisfy the regular expression shown below. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" otherNameProperty := &otherNameProperty{ typeId: jsii.String("typeId"), value: jsii.String("value"), }
type CfnCertificateAuthority_RevocationConfigurationProperty ¶
type CfnCertificateAuthority_RevocationConfigurationProperty struct { // Configuration of the certificate revocation list (CRL), if any, maintained by your private CA. CrlConfiguration interface{} `field:"optional" json:"crlConfiguration" yaml:"crlConfiguration"` // Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA. OcspConfiguration interface{} `field:"optional" json:"ocspConfiguration" yaml:"ocspConfiguration"` }
Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.
Your private certificate authority (CA) can configure Online Certificate Status Protocol (OCSP) support and/or maintain a certificate revocation list (CRL). OCSP returns validation information about certificates as requested by clients, and a CRL contains an updated list of certificates revoked by your CA. For more information, see [RevokeCertificate](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html) .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" revocationConfigurationProperty := &revocationConfigurationProperty{ crlConfiguration: &crlConfigurationProperty{ customCname: jsii.String("customCname"), enabled: jsii.Boolean(false), expirationInDays: jsii.Number(123), s3BucketName: jsii.String("s3BucketName"), s3ObjectAcl: jsii.String("s3ObjectAcl"), }, ocspConfiguration: &ocspConfigurationProperty{ enabled: jsii.Boolean(false), ocspCustomCname: jsii.String("ocspCustomCname"), }, }
type CfnCertificateAuthority_SubjectProperty ¶
type CfnCertificateAuthority_SubjectProperty struct { // Fully qualified domain name (FQDN) associated with the certificate subject. CommonName *string `field:"optional" json:"commonName" yaml:"commonName"` // Two-digit code that specifies the country in which the certificate subject located. Country *string `field:"optional" json:"country" yaml:"country"` // Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) . // // > Custom attributes cannot be used in combination with standard attributes. CustomAttributes interface{} `field:"optional" json:"customAttributes" yaml:"customAttributes"` // Disambiguating information for the certificate subject. DistinguishedNameQualifier *string `field:"optional" json:"distinguishedNameQualifier" yaml:"distinguishedNameQualifier"` // Typically a qualifier appended to the name of an individual. // // Examples include Jr. for junior, Sr. for senior, and III for third. GenerationQualifier *string `field:"optional" json:"generationQualifier" yaml:"generationQualifier"` // First name. GivenName *string `field:"optional" json:"givenName" yaml:"givenName"` // Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the SurName. Initials *string `field:"optional" json:"initials" yaml:"initials"` // The locality (such as a city or town) in which the certificate subject is located. Locality *string `field:"optional" json:"locality" yaml:"locality"` // Legal name of the organization with which the certificate subject is affiliated. Organization *string `field:"optional" json:"organization" yaml:"organization"` // A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. OrganizationalUnit *string `field:"optional" json:"organizationalUnit" yaml:"organizationalUnit"` // Typically a shortened version of a longer GivenName. // // For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Pseudonym *string `field:"optional" json:"pseudonym" yaml:"pseudonym"` // The certificate serial number. SerialNumber *string `field:"optional" json:"serialNumber" yaml:"serialNumber"` // State in which the subject of the certificate is located. State *string `field:"optional" json:"state" yaml:"state"` // Family name. Surname *string `field:"optional" json:"surname" yaml:"surname"` // A personal title such as Mr. Title *string `field:"optional" json:"title" yaml:"title"` }
ASN1 subject for the certificate authority.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" subjectProperty := &subjectProperty{ commonName: jsii.String("commonName"), country: jsii.String("country"), customAttributes: []interface{}{ &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }, }, distinguishedNameQualifier: jsii.String("distinguishedNameQualifier"), generationQualifier: jsii.String("generationQualifier"), givenName: jsii.String("givenName"), initials: jsii.String("initials"), locality: jsii.String("locality"), organization: jsii.String("organization"), organizationalUnit: jsii.String("organizationalUnit"), pseudonym: jsii.String("pseudonym"), serialNumber: jsii.String("serialNumber"), state: jsii.String("state"), surname: jsii.String("surname"), title: jsii.String("title"), }
type CfnCertificateProps ¶
type CfnCertificateProps struct { // The Amazon Resource Name (ARN) for the private CA issues the certificate. CertificateAuthorityArn *string `field:"required" json:"certificateAuthorityArn" yaml:"certificateAuthorityArn"` // The certificate signing request (CSR) for the certificate. CertificateSigningRequest *string `field:"required" json:"certificateSigningRequest" yaml:"certificateSigningRequest"` // The name of the algorithm that will be used to sign the certificate to be issued. // // This parameter should not be confused with the `SigningAlgorithm` parameter used to sign a CSR in the `CreateCertificateAuthority` action. // // > The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. SigningAlgorithm *string `field:"required" json:"signingAlgorithm" yaml:"signingAlgorithm"` // The period of time during which the certificate will be valid. Validity interface{} `field:"required" json:"validity" yaml:"validity"` // Specifies X.509 certificate information to be included in the issued certificate. An `APIPassthrough` or `APICSRPassthrough` template variant must be selected, or else this parameter is ignored. ApiPassthrough interface{} `field:"optional" json:"apiPassthrough" yaml:"apiPassthrough"` // Specifies a custom configuration template to use when issuing a certificate. // // If this parameter is not provided, ACM Private CA defaults to the `EndEntityCertificate/V1` template. For more information about ACM Private CA templates, see [Using Templates](https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html) . TemplateArn *string `field:"optional" json:"templateArn" yaml:"templateArn"` // Information describing the start of the validity period of the certificate. // // This parameter sets the “Not Before" date for the certificate. // // By default, when issuing a certificate, ACM Private CA sets the "Not Before" date to the issuance time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The `ValidityNotBefore` parameter can be used to customize the “Not Before” value. // // Unlike the `Validity` parameter, the `ValidityNotBefore` parameter is optional. // // The `ValidityNotBefore` value is expressed as an explicit date and time, using the `Validity` type value `ABSOLUTE` . ValidityNotBefore interface{} `field:"optional" json:"validityNotBefore" yaml:"validityNotBefore"` }
Properties for defining a `CfnCertificate`.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnCertificateProps := &cfnCertificateProps{ certificateAuthorityArn: jsii.String("certificateAuthorityArn"), certificateSigningRequest: jsii.String("certificateSigningRequest"), signingAlgorithm: jsii.String("signingAlgorithm"), validity: &validityProperty{ type: jsii.String("type"), value: jsii.Number(123), }, // the properties below are optional apiPassthrough: &apiPassthroughProperty{ extensions: &extensionsProperty{ certificatePolicies: []interface{}{ &policyInformationProperty{ certPolicyId: jsii.String("certPolicyId"), // the properties below are optional policyQualifiers: []interface{}{ &policyQualifierInfoProperty{ policyQualifierId: jsii.String("policyQualifierId"), qualifier: &qualifierProperty{ cpsUri: jsii.String("cpsUri"), }, }, }, }, }, customExtensions: []interface{}{ &customExtensionProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), // the properties below are optional critical: jsii.Boolean(false), }, }, extendedKeyUsage: []interface{}{ &extendedKeyUsageProperty{ extendedKeyUsageObjectIdentifier: jsii.String("extendedKeyUsageObjectIdentifier"), extendedKeyUsageType: jsii.String("extendedKeyUsageType"), }, }, keyUsage: &keyUsageProperty{ crlSign: jsii.Boolean(false), dataEncipherment: jsii.Boolean(false), decipherOnly: jsii.Boolean(false), digitalSignature: jsii.Boolean(false), encipherOnly: jsii.Boolean(false), keyAgreement: jsii.Boolean(false), keyCertSign: jsii.Boolean(false), keyEncipherment: jsii.Boolean(false), nonRepudiation: jsii.Boolean(false), }, subjectAlternativeNames: []interface{}{ &generalNameProperty{ directoryName: &subjectProperty{ commonName: jsii.String("commonName"), country: jsii.String("country"), customAttributes: []interface{}{ &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }, }, distinguishedNameQualifier: jsii.String("distinguishedNameQualifier"), generationQualifier: jsii.String("generationQualifier"), givenName: jsii.String("givenName"), initials: jsii.String("initials"), locality: jsii.String("locality"), organization: jsii.String("organization"), organizationalUnit: jsii.String("organizationalUnit"), pseudonym: jsii.String("pseudonym"), serialNumber: jsii.String("serialNumber"), state: jsii.String("state"), surname: jsii.String("surname"), title: jsii.String("title"), }, dnsName: jsii.String("dnsName"), ediPartyName: &ediPartyNameProperty{ nameAssigner: jsii.String("nameAssigner"), partyName: jsii.String("partyName"), }, ipAddress: jsii.String("ipAddress"), otherName: &otherNameProperty{ typeId: jsii.String("typeId"), value: jsii.String("value"), }, registeredId: jsii.String("registeredId"), rfc822Name: jsii.String("rfc822Name"), uniformResourceIdentifier: jsii.String("uniformResourceIdentifier"), }, }, }, subject: &subjectProperty{ commonName: jsii.String("commonName"), country: jsii.String("country"), customAttributes: []interface{}{ &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }, }, distinguishedNameQualifier: jsii.String("distinguishedNameQualifier"), generationQualifier: jsii.String("generationQualifier"), givenName: jsii.String("givenName"), initials: jsii.String("initials"), locality: jsii.String("locality"), organization: jsii.String("organization"), organizationalUnit: jsii.String("organizationalUnit"), pseudonym: jsii.String("pseudonym"), serialNumber: jsii.String("serialNumber"), state: jsii.String("state"), surname: jsii.String("surname"), title: jsii.String("title"), }, }, templateArn: jsii.String("templateArn"), validityNotBefore: &validityProperty{ type: jsii.String("type"), value: jsii.Number(123), }, }
type CfnCertificate_ApiPassthroughProperty ¶
type CfnCertificate_ApiPassthroughProperty struct { // Specifies X.509 extension information for a certificate. Extensions interface{} `field:"optional" json:"extensions" yaml:"extensions"` // Contains information about the certificate subject. // // The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. Subject interface{} `field:"optional" json:"subject" yaml:"subject"` }
Contains X.509 certificate information to be placed in an issued certificate. An `APIPassthrough` or `APICSRPassthrough` template variant must be selected, or else this parameter is ignored.
If conflicting or duplicate certificate information is supplied from other sources, ACM Private CA applies [order of operation rules](https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations) to determine what information is used.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" apiPassthroughProperty := &apiPassthroughProperty{ extensions: &extensionsProperty{ certificatePolicies: []interface{}{ &policyInformationProperty{ certPolicyId: jsii.String("certPolicyId"), // the properties below are optional policyQualifiers: []interface{}{ &policyQualifierInfoProperty{ policyQualifierId: jsii.String("policyQualifierId"), qualifier: &qualifierProperty{ cpsUri: jsii.String("cpsUri"), }, }, }, }, }, customExtensions: []interface{}{ &customExtensionProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), // the properties below are optional critical: jsii.Boolean(false), }, }, extendedKeyUsage: []interface{}{ &extendedKeyUsageProperty{ extendedKeyUsageObjectIdentifier: jsii.String("extendedKeyUsageObjectIdentifier"), extendedKeyUsageType: jsii.String("extendedKeyUsageType"), }, }, keyUsage: &keyUsageProperty{ crlSign: jsii.Boolean(false), dataEncipherment: jsii.Boolean(false), decipherOnly: jsii.Boolean(false), digitalSignature: jsii.Boolean(false), encipherOnly: jsii.Boolean(false), keyAgreement: jsii.Boolean(false), keyCertSign: jsii.Boolean(false), keyEncipherment: jsii.Boolean(false), nonRepudiation: jsii.Boolean(false), }, subjectAlternativeNames: []interface{}{ &generalNameProperty{ directoryName: &subjectProperty{ commonName: jsii.String("commonName"), country: jsii.String("country"), customAttributes: []interface{}{ &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }, }, distinguishedNameQualifier: jsii.String("distinguishedNameQualifier"), generationQualifier: jsii.String("generationQualifier"), givenName: jsii.String("givenName"), initials: jsii.String("initials"), locality: jsii.String("locality"), organization: jsii.String("organization"), organizationalUnit: jsii.String("organizationalUnit"), pseudonym: jsii.String("pseudonym"), serialNumber: jsii.String("serialNumber"), state: jsii.String("state"), surname: jsii.String("surname"), title: jsii.String("title"), }, dnsName: jsii.String("dnsName"), ediPartyName: &ediPartyNameProperty{ nameAssigner: jsii.String("nameAssigner"), partyName: jsii.String("partyName"), }, ipAddress: jsii.String("ipAddress"), otherName: &otherNameProperty{ typeId: jsii.String("typeId"), value: jsii.String("value"), }, registeredId: jsii.String("registeredId"), rfc822Name: jsii.String("rfc822Name"), uniformResourceIdentifier: jsii.String("uniformResourceIdentifier"), }, }, }, subject: &subjectProperty{ commonName: jsii.String("commonName"), country: jsii.String("country"), customAttributes: []interface{}{ &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }, }, distinguishedNameQualifier: jsii.String("distinguishedNameQualifier"), generationQualifier: jsii.String("generationQualifier"), givenName: jsii.String("givenName"), initials: jsii.String("initials"), locality: jsii.String("locality"), organization: jsii.String("organization"), organizationalUnit: jsii.String("organizationalUnit"), pseudonym: jsii.String("pseudonym"), serialNumber: jsii.String("serialNumber"), state: jsii.String("state"), surname: jsii.String("surname"), title: jsii.String("title"), }, }
type CfnCertificate_CustomAttributeProperty ¶
type CfnCertificate_CustomAttributeProperty struct { // Specifies the object identifier (OID) of the attribute type of the relative distinguished name (RDN). ObjectIdentifier *string `field:"required" json:"objectIdentifier" yaml:"objectIdentifier"` // Specifies the attribute value of relative distinguished name (RDN). Value *string `field:"required" json:"value" yaml:"value"` }
Defines the X.500 relative distinguished name (RDN).
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" customAttributeProperty := &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }
type CfnCertificate_CustomExtensionProperty ¶
type CfnCertificate_CustomExtensionProperty struct { // Specifies the object identifier (OID) of the X.509 extension. For more information, see the [Global OID reference database.](https://docs.aws.amazon.com/https://oidref.com/2.5.29). ObjectIdentifier *string `field:"required" json:"objectIdentifier" yaml:"objectIdentifier"` // Specifies the base64-encoded value of the X.509 extension. Value *string `field:"required" json:"value" yaml:"value"` // Specifies the critical flag of the X.509 extension. Critical interface{} `field:"optional" json:"critical" yaml:"critical"` }
Specifies the X.509 extension information for a certificate.
Extensions present in `CustomExtensions` follow the `ApiPassthrough` [template rules](https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations) .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" customExtensionProperty := &customExtensionProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), // the properties below are optional critical: jsii.Boolean(false), }
type CfnCertificate_EdiPartyNameProperty ¶
type CfnCertificate_EdiPartyNameProperty struct { // Specifies the name assigner. NameAssigner *string `field:"required" json:"nameAssigner" yaml:"nameAssigner"` // Specifies the party name. PartyName *string `field:"required" json:"partyName" yaml:"partyName"` }
Describes an Electronic Data Interchange (EDI) entity as described in as defined in [Subject Alternative Name](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) in RFC 5280.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" ediPartyNameProperty := &ediPartyNameProperty{ nameAssigner: jsii.String("nameAssigner"), partyName: jsii.String("partyName"), }
type CfnCertificate_ExtendedKeyUsageProperty ¶
type CfnCertificate_ExtendedKeyUsageProperty struct { // Specifies a custom `ExtendedKeyUsage` with an object identifier (OID). ExtendedKeyUsageObjectIdentifier *string `field:"optional" json:"extendedKeyUsageObjectIdentifier" yaml:"extendedKeyUsageObjectIdentifier"` // Specifies a standard `ExtendedKeyUsage` as defined as in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12) . ExtendedKeyUsageType *string `field:"optional" json:"extendedKeyUsageType" yaml:"extendedKeyUsageType"` }
Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the `KeyUsage` extension.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" extendedKeyUsageProperty := &extendedKeyUsageProperty{ extendedKeyUsageObjectIdentifier: jsii.String("extendedKeyUsageObjectIdentifier"), extendedKeyUsageType: jsii.String("extendedKeyUsageType"), }
type CfnCertificate_ExtensionsProperty ¶
type CfnCertificate_ExtensionsProperty struct { // Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. // // For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) . // // In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate. CertificatePolicies interface{} `field:"optional" json:"certificatePolicies" yaml:"certificatePolicies"` // Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the [Global OID reference database.](https://docs.aws.amazon.com/https://oidref.com/2.5.29). // // > The OID value of a [CustomExtension](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CustomExtension.html) must not match the OID of a predefined extension. CustomExtensions interface{} `field:"optional" json:"customExtensions" yaml:"customExtensions"` // Specifies additional purposes for which the certified public key may be used other than basic purposes indicated in the `KeyUsage` extension. ExtendedKeyUsage interface{} `field:"optional" json:"extendedKeyUsage" yaml:"extendedKeyUsage"` // Defines one or more purposes for which the key contained in the certificate can be used. // // Default value for each option is false. KeyUsage interface{} `field:"optional" json:"keyUsage" yaml:"keyUsage"` // The subject alternative name extension allows identities to be bound to the subject of the certificate. // // These identities may be included in addition to or in place of the identity in the subject field of the certificate. SubjectAlternativeNames interface{} `field:"optional" json:"subjectAlternativeNames" yaml:"subjectAlternativeNames"` }
Contains X.509 extension information for a certificate.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" extensionsProperty := &extensionsProperty{ certificatePolicies: []interface{}{ &policyInformationProperty{ certPolicyId: jsii.String("certPolicyId"), // the properties below are optional policyQualifiers: []interface{}{ &policyQualifierInfoProperty{ policyQualifierId: jsii.String("policyQualifierId"), qualifier: &qualifierProperty{ cpsUri: jsii.String("cpsUri"), }, }, }, }, }, customExtensions: []interface{}{ &customExtensionProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), // the properties below are optional critical: jsii.Boolean(false), }, }, extendedKeyUsage: []interface{}{ &extendedKeyUsageProperty{ extendedKeyUsageObjectIdentifier: jsii.String("extendedKeyUsageObjectIdentifier"), extendedKeyUsageType: jsii.String("extendedKeyUsageType"), }, }, keyUsage: &keyUsageProperty{ crlSign: jsii.Boolean(false), dataEncipherment: jsii.Boolean(false), decipherOnly: jsii.Boolean(false), digitalSignature: jsii.Boolean(false), encipherOnly: jsii.Boolean(false), keyAgreement: jsii.Boolean(false), keyCertSign: jsii.Boolean(false), keyEncipherment: jsii.Boolean(false), nonRepudiation: jsii.Boolean(false), }, subjectAlternativeNames: []interface{}{ &generalNameProperty{ directoryName: &subjectProperty{ commonName: jsii.String("commonName"), country: jsii.String("country"), customAttributes: []interface{}{ &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }, }, distinguishedNameQualifier: jsii.String("distinguishedNameQualifier"), generationQualifier: jsii.String("generationQualifier"), givenName: jsii.String("givenName"), initials: jsii.String("initials"), locality: jsii.String("locality"), organization: jsii.String("organization"), organizationalUnit: jsii.String("organizationalUnit"), pseudonym: jsii.String("pseudonym"), serialNumber: jsii.String("serialNumber"), state: jsii.String("state"), surname: jsii.String("surname"), title: jsii.String("title"), }, dnsName: jsii.String("dnsName"), ediPartyName: &ediPartyNameProperty{ nameAssigner: jsii.String("nameAssigner"), partyName: jsii.String("partyName"), }, ipAddress: jsii.String("ipAddress"), otherName: &otherNameProperty{ typeId: jsii.String("typeId"), value: jsii.String("value"), }, registeredId: jsii.String("registeredId"), rfc822Name: jsii.String("rfc822Name"), uniformResourceIdentifier: jsii.String("uniformResourceIdentifier"), }, }, }
type CfnCertificate_GeneralNameProperty ¶
type CfnCertificate_GeneralNameProperty struct { // Contains information about the certificate subject. // // The certificate can be one issued by your private certificate authority (CA) or it can be your private CA certificate. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. The DN must be unique for each entity, but your private CA can issue more than one certificate with the same DN to the same entity. DirectoryName interface{} `field:"optional" json:"directoryName" yaml:"directoryName"` // Represents `GeneralName` as a DNS name. DnsName *string `field:"optional" json:"dnsName" yaml:"dnsName"` // Represents `GeneralName` as an `EdiPartyName` object. EdiPartyName interface{} `field:"optional" json:"ediPartyName" yaml:"ediPartyName"` // Represents `GeneralName` as an IPv4 or IPv6 address. IpAddress *string `field:"optional" json:"ipAddress" yaml:"ipAddress"` // Represents `GeneralName` using an `OtherName` object. OtherName interface{} `field:"optional" json:"otherName" yaml:"otherName"` // Represents `GeneralName` as an object identifier (OID). RegisteredId *string `field:"optional" json:"registeredId" yaml:"registeredId"` // Represents `GeneralName` as an [RFC 822](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc822) email address. Rfc822Name *string `field:"optional" json:"rfc822Name" yaml:"rfc822Name"` // Represents `GeneralName` as a URI. UniformResourceIdentifier *string `field:"optional" json:"uniformResourceIdentifier" yaml:"uniformResourceIdentifier"` }
Describes an ASN.1 X.400 `GeneralName` as defined in [RFC 5280](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280) . Only one of the following naming options should be provided. Providing more than one option results in an `InvalidArgsException` error.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" generalNameProperty := &generalNameProperty{ directoryName: &subjectProperty{ commonName: jsii.String("commonName"), country: jsii.String("country"), customAttributes: []interface{}{ &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }, }, distinguishedNameQualifier: jsii.String("distinguishedNameQualifier"), generationQualifier: jsii.String("generationQualifier"), givenName: jsii.String("givenName"), initials: jsii.String("initials"), locality: jsii.String("locality"), organization: jsii.String("organization"), organizationalUnit: jsii.String("organizationalUnit"), pseudonym: jsii.String("pseudonym"), serialNumber: jsii.String("serialNumber"), state: jsii.String("state"), surname: jsii.String("surname"), title: jsii.String("title"), }, dnsName: jsii.String("dnsName"), ediPartyName: &ediPartyNameProperty{ nameAssigner: jsii.String("nameAssigner"), partyName: jsii.String("partyName"), }, ipAddress: jsii.String("ipAddress"), otherName: &otherNameProperty{ typeId: jsii.String("typeId"), value: jsii.String("value"), }, registeredId: jsii.String("registeredId"), rfc822Name: jsii.String("rfc822Name"), uniformResourceIdentifier: jsii.String("uniformResourceIdentifier"), }
type CfnCertificate_KeyUsageProperty ¶
type CfnCertificate_KeyUsageProperty struct { // Key can be used to sign CRLs. CrlSign interface{} `field:"optional" json:"crlSign" yaml:"crlSign"` // Key can be used to decipher data. DataEncipherment interface{} `field:"optional" json:"dataEncipherment" yaml:"dataEncipherment"` // Key can be used only to decipher data. DecipherOnly interface{} `field:"optional" json:"decipherOnly" yaml:"decipherOnly"` // Key can be used for digital signing. DigitalSignature interface{} `field:"optional" json:"digitalSignature" yaml:"digitalSignature"` // Key can be used only to encipher data. EncipherOnly interface{} `field:"optional" json:"encipherOnly" yaml:"encipherOnly"` // Key can be used in a key-agreement protocol. KeyAgreement interface{} `field:"optional" json:"keyAgreement" yaml:"keyAgreement"` // Key can be used to sign certificates. KeyCertSign interface{} `field:"optional" json:"keyCertSign" yaml:"keyCertSign"` // Key can be used to encipher data. KeyEncipherment interface{} `field:"optional" json:"keyEncipherment" yaml:"keyEncipherment"` // Key can be used for non-repudiation. NonRepudiation interface{} `field:"optional" json:"nonRepudiation" yaml:"nonRepudiation"` }
Defines one or more purposes for which the key contained in the certificate can be used.
Default value for each option is false.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" keyUsageProperty := &keyUsageProperty{ crlSign: jsii.Boolean(false), dataEncipherment: jsii.Boolean(false), decipherOnly: jsii.Boolean(false), digitalSignature: jsii.Boolean(false), encipherOnly: jsii.Boolean(false), keyAgreement: jsii.Boolean(false), keyCertSign: jsii.Boolean(false), keyEncipherment: jsii.Boolean(false), nonRepudiation: jsii.Boolean(false), }
type CfnCertificate_OtherNameProperty ¶
type CfnCertificate_OtherNameProperty struct { // Specifies an OID. TypeId *string `field:"required" json:"typeId" yaml:"typeId"` // Specifies an OID value. Value *string `field:"required" json:"value" yaml:"value"` }
Defines a custom ASN.1 X.400 `GeneralName` using an object identifier (OID) and value. The OID must satisfy the regular expression shown below. For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) .
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" otherNameProperty := &otherNameProperty{ typeId: jsii.String("typeId"), value: jsii.String("value"), }
type CfnCertificate_PolicyInformationProperty ¶
type CfnCertificate_PolicyInformationProperty struct { // Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. // // For more information, see NIST's definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) . CertPolicyId *string `field:"required" json:"certPolicyId" yaml:"certPolicyId"` // Modifies the given `CertPolicyId` with a qualifier. // // ACM Private CA supports the certification practice statement (CPS) qualifier. PolicyQualifiers interface{} `field:"optional" json:"policyQualifiers" yaml:"policyQualifiers"` }
Defines the X.509 `CertificatePolicies` extension.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" policyInformationProperty := &policyInformationProperty{ certPolicyId: jsii.String("certPolicyId"), // the properties below are optional policyQualifiers: []interface{}{ &policyQualifierInfoProperty{ policyQualifierId: jsii.String("policyQualifierId"), qualifier: &qualifierProperty{ cpsUri: jsii.String("cpsUri"), }, }, }, }
type CfnCertificate_PolicyQualifierInfoProperty ¶
type CfnCertificate_PolicyQualifierInfoProperty struct { // Identifies the qualifier modifying a `CertPolicyId` . PolicyQualifierId *string `field:"required" json:"policyQualifierId" yaml:"policyQualifierId"` // Defines the qualifier type. // // ACM Private CA supports the use of a URI for a CPS qualifier in this field. Qualifier interface{} `field:"required" json:"qualifier" yaml:"qualifier"` }
Modifies the `CertPolicyId` of a `PolicyInformation` object with a qualifier.
ACM Private CA supports the certification practice statement (CPS) qualifier.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" policyQualifierInfoProperty := &policyQualifierInfoProperty{ policyQualifierId: jsii.String("policyQualifierId"), qualifier: &qualifierProperty{ cpsUri: jsii.String("cpsUri"), }, }
type CfnCertificate_QualifierProperty ¶
type CfnCertificate_QualifierProperty struct { // Contains a pointer to a certification practice statement (CPS) published by the CA. CpsUri *string `field:"required" json:"cpsUri" yaml:"cpsUri"` }
Defines a `PolicyInformation` qualifier.
ACM Private CA supports the [certification practice statement (CPS) qualifier](https://docs.aws.amazon.com/https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4) defined in RFC 5280.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" qualifierProperty := &qualifierProperty{ cpsUri: jsii.String("cpsUri"), }
type CfnCertificate_SubjectProperty ¶
type CfnCertificate_SubjectProperty struct { // For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. // // Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject. CommonName *string `field:"optional" json:"commonName" yaml:"commonName"` // Two-digit code that specifies the country in which the certificate subject located. Country *string `field:"optional" json:"country" yaml:"country"` // Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of [Object Identifier (OID)](https://docs.aws.amazon.com/https://csrc.nist.gov/glossary/term/Object_Identifier) . // // > Custom attributes cannot be used in combination with standard attributes. CustomAttributes interface{} `field:"optional" json:"customAttributes" yaml:"customAttributes"` // Disambiguating information for the certificate subject. DistinguishedNameQualifier *string `field:"optional" json:"distinguishedNameQualifier" yaml:"distinguishedNameQualifier"` // Typically a qualifier appended to the name of an individual. // // Examples include Jr. for junior, Sr. for senior, and III for third. GenerationQualifier *string `field:"optional" json:"generationQualifier" yaml:"generationQualifier"` // First name. GivenName *string `field:"optional" json:"givenName" yaml:"givenName"` // Concatenation that typically contains the first letter of the *GivenName* , the first letter of the middle name if one exists, and the first letter of the *Surname* . Initials *string `field:"optional" json:"initials" yaml:"initials"` // The locality (such as a city or town) in which the certificate subject is located. Locality *string `field:"optional" json:"locality" yaml:"locality"` // Legal name of the organization with which the certificate subject is affiliated. Organization *string `field:"optional" json:"organization" yaml:"organization"` // A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. OrganizationalUnit *string `field:"optional" json:"organizationalUnit" yaml:"organizationalUnit"` // Typically a shortened version of a longer *GivenName* . // // For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Pseudonym *string `field:"optional" json:"pseudonym" yaml:"pseudonym"` // The certificate serial number. SerialNumber *string `field:"optional" json:"serialNumber" yaml:"serialNumber"` // State in which the subject of the certificate is located. State *string `field:"optional" json:"state" yaml:"state"` // Family name. // // In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Surname *string `field:"optional" json:"surname" yaml:"surname"` // A title such as Mr. // // or Ms., which is pre-pended to the name to refer formally to the certificate subject. Title *string `field:"optional" json:"title" yaml:"title"` }
Contains information about the certificate subject.
The `Subject` field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The `Subject` must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" subjectProperty := &subjectProperty{ commonName: jsii.String("commonName"), country: jsii.String("country"), customAttributes: []interface{}{ &customAttributeProperty{ objectIdentifier: jsii.String("objectIdentifier"), value: jsii.String("value"), }, }, distinguishedNameQualifier: jsii.String("distinguishedNameQualifier"), generationQualifier: jsii.String("generationQualifier"), givenName: jsii.String("givenName"), initials: jsii.String("initials"), locality: jsii.String("locality"), organization: jsii.String("organization"), organizationalUnit: jsii.String("organizationalUnit"), pseudonym: jsii.String("pseudonym"), serialNumber: jsii.String("serialNumber"), state: jsii.String("state"), surname: jsii.String("surname"), title: jsii.String("title"), }
type CfnCertificate_ValidityProperty ¶
type CfnCertificate_ValidityProperty struct { // Specifies whether the `Value` parameter represents days, months, or years. Type *string `field:"required" json:"type" yaml:"type"` // A long integer interpreted according to the value of `Type` , below. Value *float64 `field:"required" json:"value" yaml:"value"` }
Length of time for which the certificate issued by your private certificate authority (CA), or by the private CA itself, is valid in days, months, or years.
You can issue a certificate by calling the `IssueCertificate` operation.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" validityProperty := &validityProperty{ type: jsii.String("type"), value: jsii.Number(123), }
type CfnPermission ¶
type CfnPermission interface { awscdk.CfnResource awscdk.IInspectable // The private CA actions that can be performed by the designated AWS service. // // Supported actions are `IssueCertificate` , `GetCertificate` , and `ListPermissions` . Actions() *[]*string SetActions(val *[]*string) // The Amazon Resource Number (ARN) of the private CA from which the permission was issued. CertificateAuthorityArn() *string SetCertificateAuthorityArn(val *string) // Options for this resource, such as condition, update policy etc. // Experimental. CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} // AWS resource type. // Experimental. CfnResourceType() *string // Returns: the stack trace of the point where this Resource was created from, sourced // from the +metadata+ entry typed +aws:cdk:logicalId+, and with the bottom-most // node +internal+ entries filtered. // Experimental. CreationStack() *[]*string // The logical ID for this CloudFormation stack element. // // The logical ID of the element // is calculated from the path of the resource node in the construct tree. // // To override this value, use `overrideLogicalId(newLogicalId)`. // // Returns: the logical ID as a stringified token. This value will only get // resolved during synthesis. // Experimental. LogicalId() *string // The construct tree node associated with this construct. // Experimental. Node() awscdk.ConstructNode // The AWS service or entity that holds the permission. // // At this time, the only valid principal is `acm.amazonaws.com` . Principal() *string SetPrincipal(val *string) // Return a string that will be resolved to a CloudFormation `{ Ref }` for this element. // // If, by any chance, the intrinsic reference of a resource is not a string, you could // coerce it to an IResolvable through `Lazy.any({ produce: resource.ref })`. // Experimental. Ref() *string // The ID of the account that assigned the permission. SourceAccount() *string SetSourceAccount(val *string) // The stack in which this element is defined. // // CfnElements must be defined within a stack scope (directly or indirectly). // Experimental. Stack() awscdk.Stack // Return properties modified after initiation. // // Resources that expose mutable properties should override this function to // collect and return the properties object for this resource. // Experimental. UpdatedProperites() *map[string]interface{} // Syntactic sugar for `addOverride(path, undefined)`. // Experimental. AddDeletionOverride(path *string) // Indicates that this resource depends on another resource and cannot be provisioned unless the other resource has been successfully provisioned. // // This can be used for resources across stacks (or nested stack) boundaries // and the dependency will automatically be transferred to the relevant scope. // Experimental. AddDependsOn(target awscdk.CfnResource) // Add a value to the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // // Experimental. AddMetadata(key *string, value interface{}) // Adds an override to the synthesized CloudFormation resource. // // To add a // property override, either use `addPropertyOverride` or prefix `path` with // "Properties." (i.e. `Properties.TopicName`). // // If the override is nested, separate each nested level using a dot (.) in the path parameter. // If there is an array as part of the nesting, specify the index in the path. // // To include a literal `.` in the property name, prefix with a `\`. In most // programming languages you will need to write this as `"\\."` because the // `\` itself will need to be escaped. // // For example, // “`typescript // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.0.Projection.NonKeyAttributes', ['myattribute']); // cfnResource.addOverride('Properties.GlobalSecondaryIndexes.1.ProjectionType', 'INCLUDE'); // “` // would add the overrides // “`json // "Properties": { // "GlobalSecondaryIndexes": [ // { // "Projection": { // "NonKeyAttributes": [ "myattribute" ] // ... // } // ... // }, // { // "ProjectionType": "INCLUDE" // ... // }, // ] // ... // } // “` // // The `value` argument to `addOverride` will not be processed or translated // in any way. Pass raw JSON values in here with the correct capitalization // for CloudFormation. If you pass CDK classes or structs, they will be // rendered with lowercased key names, and CloudFormation will reject the // template. // Experimental. AddOverride(path *string, value interface{}) // Adds an override that deletes the value of a property from the resource definition. // Experimental. AddPropertyDeletionOverride(propertyPath *string) // Adds an override to a resource property. // // Syntactic sugar for `addOverride("Properties.<...>", value)`. // Experimental. AddPropertyOverride(propertyPath *string, value interface{}) // Sets the deletion policy of the resource based on the removal policy specified. // // The Removal Policy controls what happens to this resource when it stops // being managed by CloudFormation, either because you've removed it from the // CDK application or because you've made a change that requires the resource // to be replaced. // // The resource can be deleted (`RemovalPolicy.DESTROY`), or left in your AWS // account for data recovery and cleanup later (`RemovalPolicy.RETAIN`). // Experimental. ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) // Returns a token for an runtime attribute of this resource. // // Ideally, use generated attribute accessors (e.g. `resource.arn`), but this can be used for future compatibility // in case there is no generated attribute. // Experimental. GetAtt(attributeName *string) awscdk.Reference // Retrieve a value value from the CloudFormation Resource Metadata. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/metadata-section-structure.html // // Note that this is a different set of metadata from CDK node metadata; this // metadata ends up in the stack template under the resource, whereas CDK // node metadata ends up in the Cloud Assembly. // // Experimental. GetMetadata(key *string) interface{} // Examines the CloudFormation resource and discloses attributes. Inspect(inspector awscdk.TreeInspector) // Perform final modifications before synthesis. // // This method can be implemented by derived constructs in order to perform // final changes before synthesis. prepare() will be called after child // constructs have been prepared. // // This is an advanced framework feature. Only use this if you // understand the implications. // Experimental. OnPrepare() // Allows this construct to emit artifacts into the cloud assembly during synthesis. // // This method is usually implemented by framework-level constructs such as `Stack` and `Asset` // as they participate in synthesizing the cloud assembly. // Experimental. OnSynthesize(session constructs.ISynthesisSession) // Validate the current construct. // // This method can be implemented by derived constructs in order to perform // validation logic. It is called on all constructs before synthesis. // // Returns: An array of validation error messages, or an empty array if the construct is valid. // Experimental. OnValidate() *[]*string // Overrides the auto-generated logical ID with a specific ID. // Experimental. OverrideLogicalId(newLogicalId *string) // Perform final modifications before synthesis. // // This method can be implemented by derived constructs in order to perform // final changes before synthesis. prepare() will be called after child // constructs have been prepared. // // This is an advanced framework feature. Only use this if you // understand the implications. // Experimental. Prepare() RenderProperties(props *map[string]interface{}) *map[string]interface{} // Can be overridden by subclasses to determine if this resource will be rendered into the cloudformation template. // // Returns: `true` if the resource should be included or `false` is the resource // should be omitted. // Experimental. ShouldSynthesize() *bool // Allows this construct to emit artifacts into the cloud assembly during synthesis. // // This method is usually implemented by framework-level constructs such as `Stack` and `Asset` // as they participate in synthesizing the cloud assembly. // Experimental. Synthesize(session awscdk.ISynthesisSession) // Returns a string representation of this construct. // // Returns: a string representation of this resource. // Experimental. ToString() *string // Validate the current construct. // // This method can be implemented by derived constructs in order to perform // validation logic. It is called on all constructs before synthesis. // // Returns: An array of validation error messages, or an empty array if the construct is valid. // Experimental. Validate() *[]*string // Experimental. ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::ACMPCA::Permission`.
Grants permissions to the AWS Certificate Manager (ACM) service principal ( `acm.amazonaws.com` ) to perform [IssueCertificate](https://docs.aws.amazon.com/latest/APIReference/API_IssueCertificate.html) , [GetCertificate](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html) , and [ListPermissions](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html) actions on a CA. These actions are needed for the ACM principal to renew private PKI certificates requested through ACM and residing in the same AWS account as the CA.
**About permissions** - If the private CA and the certificates it issues reside in the same account, you can use `AWS::ACMPCA::Permission` to grant permissions for ACM to carry out automatic certificate renewals. - For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve, and list permissions. - If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable cross-account issuance and renewals. For more information, see [Using a Resource Based Policy with ACM Private CA](https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html) .
> To update an `AWS::ACMPCA::Permission` resource, you must first delete the existing permission resource from the CloudFormation stack and then create a new permission resource with updated properties.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnPermission := awscdk.Aws_acmpca.NewCfnPermission(this, jsii.String("MyCfnPermission"), &cfnPermissionProps{ actions: []*string{ jsii.String("actions"), }, certificateAuthorityArn: jsii.String("certificateAuthorityArn"), principal: jsii.String("principal"), // the properties below are optional sourceAccount: jsii.String("sourceAccount"), })
func NewCfnPermission ¶
func NewCfnPermission(scope awscdk.Construct, id *string, props *CfnPermissionProps) CfnPermission
Create a new `AWS::ACMPCA::Permission`.
type CfnPermissionProps ¶
type CfnPermissionProps struct { // The private CA actions that can be performed by the designated AWS service. // // Supported actions are `IssueCertificate` , `GetCertificate` , and `ListPermissions` . Actions *[]*string `field:"required" json:"actions" yaml:"actions"` // The Amazon Resource Number (ARN) of the private CA from which the permission was issued. CertificateAuthorityArn *string `field:"required" json:"certificateAuthorityArn" yaml:"certificateAuthorityArn"` // The AWS service or entity that holds the permission. // // At this time, the only valid principal is `acm.amazonaws.com` . Principal *string `field:"required" json:"principal" yaml:"principal"` // The ID of the account that assigned the permission. SourceAccount *string `field:"optional" json:"sourceAccount" yaml:"sourceAccount"` }
Properties for defining a `CfnPermission`.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import "github.com/aws/aws-cdk-go/awscdk" cfnPermissionProps := &cfnPermissionProps{ actions: []*string{ jsii.String("actions"), }, certificateAuthorityArn: jsii.String("certificateAuthorityArn"), principal: jsii.String("principal"), // the properties below are optional sourceAccount: jsii.String("sourceAccount"), }
type ICertificateAuthority ¶
type ICertificateAuthority interface { awscdk.IResource // The Amazon Resource Name of the Certificate. // Experimental. CertificateAuthorityArn() *string }
Interface which all CertificateAuthority based class must implement. Experimental.
func CertificateAuthority_FromCertificateAuthorityArn ¶
func CertificateAuthority_FromCertificateAuthorityArn(scope constructs.Construct, id *string, certificateAuthorityArn *string) ICertificateAuthority
Import an existing Certificate given an ARN. Experimental.
Source Files ¶
- awsacmpca.go
- awsacmpca_CertificateAuthority.go
- awsacmpca_CfnCertificate.go
- awsacmpca_CfnCertificateAuthority.go
- awsacmpca_CfnCertificateAuthorityActivation.go
- awsacmpca_CfnCertificateAuthorityActivationProps.go
- awsacmpca_CfnCertificateAuthorityProps.go
- awsacmpca_CfnCertificateAuthority_AccessDescriptionProperty.go
- awsacmpca_CfnCertificateAuthority_AccessMethodProperty.go
- awsacmpca_CfnCertificateAuthority_CrlConfigurationProperty.go
- awsacmpca_CfnCertificateAuthority_CsrExtensionsProperty.go
- awsacmpca_CfnCertificateAuthority_CustomAttributeProperty.go
- awsacmpca_CfnCertificateAuthority_EdiPartyNameProperty.go
- awsacmpca_CfnCertificateAuthority_GeneralNameProperty.go
- awsacmpca_CfnCertificateAuthority_KeyUsageProperty.go
- awsacmpca_CfnCertificateAuthority_OcspConfigurationProperty.go
- awsacmpca_CfnCertificateAuthority_OtherNameProperty.go
- awsacmpca_CfnCertificateAuthority_RevocationConfigurationProperty.go
- awsacmpca_CfnCertificateAuthority_SubjectProperty.go
- awsacmpca_CfnCertificateProps.go
- awsacmpca_CfnCertificate_ApiPassthroughProperty.go
- awsacmpca_CfnCertificate_CustomAttributeProperty.go
- awsacmpca_CfnCertificate_CustomExtensionProperty.go
- awsacmpca_CfnCertificate_EdiPartyNameProperty.go
- awsacmpca_CfnCertificate_ExtendedKeyUsageProperty.go
- awsacmpca_CfnCertificate_ExtensionsProperty.go
- awsacmpca_CfnCertificate_GeneralNameProperty.go
- awsacmpca_CfnCertificate_KeyUsageProperty.go
- awsacmpca_CfnCertificate_OtherNameProperty.go
- awsacmpca_CfnCertificate_PolicyInformationProperty.go
- awsacmpca_CfnCertificate_PolicyQualifierInfoProperty.go
- awsacmpca_CfnCertificate_QualifierProperty.go
- awsacmpca_CfnCertificate_SubjectProperty.go
- awsacmpca_CfnCertificate_ValidityProperty.go
- awsacmpca_CfnPermission.go
- awsacmpca_CfnPermissionProps.go
- awsacmpca_ICertificateAuthority.go