acmpca

package
v6.32.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 19, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Certificate

type Certificate struct {
	pulumi.CustomResourceState

	// Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
	ApiPassthrough pulumi.StringPtrOutput `pulumi:"apiPassthrough"`
	// ARN of the certificate.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// PEM-encoded certificate value.
	Certificate pulumi.StringOutput `pulumi:"certificate"`
	// ARN of the certificate authority.
	CertificateAuthorityArn pulumi.StringOutput `pulumi:"certificateAuthorityArn"`
	// PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
	CertificateChain pulumi.StringOutput `pulumi:"certificateChain"`
	// Certificate Signing Request in PEM format.
	CertificateSigningRequest pulumi.StringOutput `pulumi:"certificateSigningRequest"`
	// Algorithm to use to sign certificate requests. Valid values: `SHA256WITHRSA`, `SHA256WITHECDSA`, `SHA384WITHRSA`, `SHA384WITHECDSA`, `SHA512WITHRSA`, `SHA512WITHECDSA`.
	SigningAlgorithm pulumi.StringOutput `pulumi:"signingAlgorithm"`
	// Template to use when issuing a certificate.
	// See [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html) for more information.
	TemplateArn pulumi.StringPtrOutput `pulumi:"templateArn"`
	// Configures end of the validity period for the certificate. See validity block below.
	Validity CertificateValidityOutput `pulumi:"validity"`
}

Provides a resource to issue a certificate using AWS Certificate Manager Private Certificate Authority (ACM PCA).

Certificates created using `acmpca.Certificate` are not eligible for automatic renewal, and must be replaced instead. To issue a renewable certificate using an ACM PCA, create a `acm.Certificate` with the parameter `certificateAuthorityArn`.

## Example Usage

### Basic

<!--Start PulumiCodeChooser --> ```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
"github.com/pulumi/pulumi-tls/sdk/v4/go/tls"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleCertificateAuthority, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{
			CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
				KeyAlgorithm:     pulumi.String("RSA_4096"),
				SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
				Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
					CommonName: pulumi.String("example.com"),
				},
			},
			PermanentDeletionTimeInDays: pulumi.Int(7),
		})
		if err != nil {
			return err
		}
		key, err := tls.NewPrivateKey(ctx, "key", &tls.PrivateKeyArgs{
			Algorithm: pulumi.String("RSA"),
		})
		if err != nil {
			return err
		}
		csr, err := tls.NewCertRequest(ctx, "csr", &tls.CertRequestArgs{
			PrivateKeyPem: key.PrivateKeyPem,
			Subject: &tls.CertRequestSubjectArgs{
				CommonName: pulumi.String("example"),
			},
		})
		if err != nil {
			return err
		}
		_, err = acmpca.NewCertificate(ctx, "example", &acmpca.CertificateArgs{
			CertificateAuthorityArn:   exampleCertificateAuthority.Arn,
			CertificateSigningRequest: csr.CertRequestPem,
			SigningAlgorithm:          pulumi.String("SHA256WITHRSA"),
			Validity: &acmpca.CertificateValidityArgs{
				Type:  pulumi.String("YEARS"),
				Value: pulumi.String("1"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

Using `pulumi import`, import ACM PCA Certificates using their ARN. For example:

```sh $ pulumi import aws:acmpca/certificate:Certificate cert arn:aws:acm-pca:eu-west-1:675225743824:certificate-authority/08319ede-83g9-1400-8f21-c7d12b2b6edb/certificate/a4e9c2aa4bcfab625g1b9136464cd3a ```

func GetCertificate

func GetCertificate(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CertificateState, opts ...pulumi.ResourceOption) (*Certificate, error)

GetCertificate gets an existing Certificate resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCertificate

func NewCertificate(ctx *pulumi.Context,
	name string, args *CertificateArgs, opts ...pulumi.ResourceOption) (*Certificate, error)

NewCertificate registers a new resource with the given unique name, arguments, and options.

func (*Certificate) ElementType

func (*Certificate) ElementType() reflect.Type

func (*Certificate) ToCertificateOutput

func (i *Certificate) ToCertificateOutput() CertificateOutput

func (*Certificate) ToCertificateOutputWithContext

func (i *Certificate) ToCertificateOutputWithContext(ctx context.Context) CertificateOutput

type CertificateArgs

type CertificateArgs struct {
	// Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
	ApiPassthrough pulumi.StringPtrInput
	// ARN of the certificate authority.
	CertificateAuthorityArn pulumi.StringInput
	// Certificate Signing Request in PEM format.
	CertificateSigningRequest pulumi.StringInput
	// Algorithm to use to sign certificate requests. Valid values: `SHA256WITHRSA`, `SHA256WITHECDSA`, `SHA384WITHRSA`, `SHA384WITHECDSA`, `SHA512WITHRSA`, `SHA512WITHECDSA`.
	SigningAlgorithm pulumi.StringInput
	// Template to use when issuing a certificate.
	// See [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html) for more information.
	TemplateArn pulumi.StringPtrInput
	// Configures end of the validity period for the certificate. See validity block below.
	Validity CertificateValidityInput
}

The set of arguments for constructing a Certificate resource.

func (CertificateArgs) ElementType

func (CertificateArgs) ElementType() reflect.Type

type CertificateArray

type CertificateArray []CertificateInput

func (CertificateArray) ElementType

func (CertificateArray) ElementType() reflect.Type

func (CertificateArray) ToCertificateArrayOutput

func (i CertificateArray) ToCertificateArrayOutput() CertificateArrayOutput

func (CertificateArray) ToCertificateArrayOutputWithContext

func (i CertificateArray) ToCertificateArrayOutputWithContext(ctx context.Context) CertificateArrayOutput

type CertificateArrayInput

type CertificateArrayInput interface {
	pulumi.Input

	ToCertificateArrayOutput() CertificateArrayOutput
	ToCertificateArrayOutputWithContext(context.Context) CertificateArrayOutput
}

CertificateArrayInput is an input type that accepts CertificateArray and CertificateArrayOutput values. You can construct a concrete instance of `CertificateArrayInput` via:

CertificateArray{ CertificateArgs{...} }

type CertificateArrayOutput

type CertificateArrayOutput struct{ *pulumi.OutputState }

func (CertificateArrayOutput) ElementType

func (CertificateArrayOutput) ElementType() reflect.Type

func (CertificateArrayOutput) Index

func (CertificateArrayOutput) ToCertificateArrayOutput

func (o CertificateArrayOutput) ToCertificateArrayOutput() CertificateArrayOutput

func (CertificateArrayOutput) ToCertificateArrayOutputWithContext

func (o CertificateArrayOutput) ToCertificateArrayOutputWithContext(ctx context.Context) CertificateArrayOutput

type CertificateAuthority

type CertificateAuthority struct {
	pulumi.CustomResourceState

	// ARN of the certificate authority.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
	Certificate pulumi.StringOutput `pulumi:"certificate"`
	// Nested argument containing algorithms and certificate subject information. Defined below.
	CertificateAuthorityConfiguration CertificateAuthorityCertificateAuthorityConfigurationOutput `pulumi:"certificateAuthorityConfiguration"`
	// Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
	CertificateChain pulumi.StringOutput `pulumi:"certificateChain"`
	// The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
	CertificateSigningRequest pulumi.StringOutput `pulumi:"certificateSigningRequest"`
	// Whether the certificate authority is enabled or disabled. Defaults to `true`. Can only be disabled if the CA is in an `ACTIVE` state.
	Enabled pulumi.BoolPtrOutput `pulumi:"enabled"`
	// Cryptographic key management compliance standard used for handling CA keys. Defaults to `FIPS_140_2_LEVEL_3_OR_HIGHER`. Valid values: `FIPS_140_2_LEVEL_3_OR_HIGHER` and `FIPS_140_2_LEVEL_2_OR_HIGHER`. Supported standard for each region can be found in the [Storage and security compliance of AWS Private CA private keys Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys).
	KeyStorageSecurityStandard pulumi.StringOutput `pulumi:"keyStorageSecurityStandard"`
	// Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
	NotAfter pulumi.StringOutput `pulumi:"notAfter"`
	// Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
	NotBefore pulumi.StringOutput `pulumi:"notBefore"`
	// Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
	PermanentDeletionTimeInDays pulumi.IntPtrOutput `pulumi:"permanentDeletionTimeInDays"`
	// Nested argument containing revocation configuration. Defined below.
	RevocationConfiguration CertificateAuthorityRevocationConfigurationPtrOutput `pulumi:"revocationConfiguration"`
	// Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
	Serial pulumi.StringOutput `pulumi:"serial"`
	// Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
	// Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	//
	// Deprecated: Please use `tags` instead.
	TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"`
	// Type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`.
	Type pulumi.StringPtrOutput `pulumi:"type"`
	// Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to `GENERAL_PURPOSE`. Valid values: `GENERAL_PURPOSE` and `SHORT_LIVED_CERTIFICATE`.
	UsageMode pulumi.StringOutput `pulumi:"usageMode"`
}

Provides a resource to manage AWS Certificate Manager Private Certificate Authorities (ACM PCA Certificate Authorities).

> **NOTE:** Creating this resource will leave the certificate authority in a `PENDING_CERTIFICATE` status, which means it cannot yet issue certificates. To complete this setup, you must fully sign the certificate authority CSR available in the `certificateSigningRequest` attribute. The `acmpca.CertificateAuthorityCertificate` resource can be used for this purpose.

## Example Usage

### Basic

<!--Start PulumiCodeChooser --> ```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{
			CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
				KeyAlgorithm:     pulumi.String("RSA_4096"),
				SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
				Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
					CommonName: pulumi.String("example.com"),
				},
			},
			PermanentDeletionTimeInDays: pulumi.Int(7),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

### Short-lived certificate

<!--Start PulumiCodeChooser --> ```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{
			UsageMode: pulumi.String("SHORT_LIVED_CERTIFICATE"),
			CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
				KeyAlgorithm:     pulumi.String("RSA_4096"),
				SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
				Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
					CommonName: pulumi.String("example.com"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

### Enable Certificate Revocation List

<!--Start PulumiCodeChooser --> ```go package main

import (

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := s3.NewBucketV2(ctx, "example", &s3.BucketV2Args{
			Bucket:       pulumi.String("example"),
			ForceDestroy: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		acmpcaBucketAccess := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
			Statements: iam.GetPolicyDocumentStatementArray{
				&iam.GetPolicyDocumentStatementArgs{
					Actions: pulumi.StringArray{
						pulumi.String("s3:GetBucketAcl"),
						pulumi.String("s3:GetBucketLocation"),
						pulumi.String("s3:PutObject"),
						pulumi.String("s3:PutObjectAcl"),
					},
					Resources: pulumi.StringArray{
						example.Arn,
						example.Arn.ApplyT(func(arn string) (string, error) {
							return fmt.Sprintf("%v/*", arn), nil
						}).(pulumi.StringOutput),
					},
					Principals: iam.GetPolicyDocumentStatementPrincipalArray{
						&iam.GetPolicyDocumentStatementPrincipalArgs{
							Identifiers: pulumi.StringArray{
								pulumi.String("acm-pca.amazonaws.com"),
							},
							Type: pulumi.String("Service"),
						},
					},
				},
			},
		}, nil)
		exampleBucketPolicy, err := s3.NewBucketPolicy(ctx, "example", &s3.BucketPolicyArgs{
			Bucket: example.ID(),
			Policy: acmpcaBucketAccess.ApplyT(func(acmpcaBucketAccess iam.GetPolicyDocumentResult) (*string, error) {
				return &acmpcaBucketAccess.Json, nil
			}).(pulumi.StringPtrOutput),
		})
		if err != nil {
			return err
		}
		_, err = acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{
			CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
				KeyAlgorithm:     pulumi.String("RSA_4096"),
				SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
				Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
					CommonName: pulumi.String("example.com"),
				},
			},
			RevocationConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationArgs{
				CrlConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs{
					CustomCname:      pulumi.String("crl.example.com"),
					Enabled:          pulumi.Bool(true),
					ExpirationInDays: pulumi.Int(7),
					S3BucketName:     example.ID(),
					S3ObjectAcl:      pulumi.String("BUCKET_OWNER_FULL_CONTROL"),
				},
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			exampleBucketPolicy,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

## Import

Using `pulumi import`, import `aws_acmpca_certificate_authority` using the certificate authority ARN. For example:

```sh $ pulumi import aws:acmpca/certificateAuthority:CertificateAuthority example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012 ```

func GetCertificateAuthority

func GetCertificateAuthority(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CertificateAuthorityState, opts ...pulumi.ResourceOption) (*CertificateAuthority, error)

GetCertificateAuthority gets an existing CertificateAuthority resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCertificateAuthority

func NewCertificateAuthority(ctx *pulumi.Context,
	name string, args *CertificateAuthorityArgs, opts ...pulumi.ResourceOption) (*CertificateAuthority, error)

NewCertificateAuthority registers a new resource with the given unique name, arguments, and options.

func (*CertificateAuthority) ElementType

func (*CertificateAuthority) ElementType() reflect.Type

func (*CertificateAuthority) ToCertificateAuthorityOutput

func (i *CertificateAuthority) ToCertificateAuthorityOutput() CertificateAuthorityOutput

func (*CertificateAuthority) ToCertificateAuthorityOutputWithContext

func (i *CertificateAuthority) ToCertificateAuthorityOutputWithContext(ctx context.Context) CertificateAuthorityOutput

type CertificateAuthorityArgs

type CertificateAuthorityArgs struct {
	// Nested argument containing algorithms and certificate subject information. Defined below.
	CertificateAuthorityConfiguration CertificateAuthorityCertificateAuthorityConfigurationInput
	// Whether the certificate authority is enabled or disabled. Defaults to `true`. Can only be disabled if the CA is in an `ACTIVE` state.
	Enabled pulumi.BoolPtrInput
	// Cryptographic key management compliance standard used for handling CA keys. Defaults to `FIPS_140_2_LEVEL_3_OR_HIGHER`. Valid values: `FIPS_140_2_LEVEL_3_OR_HIGHER` and `FIPS_140_2_LEVEL_2_OR_HIGHER`. Supported standard for each region can be found in the [Storage and security compliance of AWS Private CA private keys Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys).
	KeyStorageSecurityStandard pulumi.StringPtrInput
	// Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
	PermanentDeletionTimeInDays pulumi.IntPtrInput
	// Nested argument containing revocation configuration. Defined below.
	RevocationConfiguration CertificateAuthorityRevocationConfigurationPtrInput
	// Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
	// Type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`.
	Type pulumi.StringPtrInput
	// Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to `GENERAL_PURPOSE`. Valid values: `GENERAL_PURPOSE` and `SHORT_LIVED_CERTIFICATE`.
	UsageMode pulumi.StringPtrInput
}

The set of arguments for constructing a CertificateAuthority resource.

func (CertificateAuthorityArgs) ElementType

func (CertificateAuthorityArgs) ElementType() reflect.Type

type CertificateAuthorityArray

type CertificateAuthorityArray []CertificateAuthorityInput

func (CertificateAuthorityArray) ElementType

func (CertificateAuthorityArray) ElementType() reflect.Type

func (CertificateAuthorityArray) ToCertificateAuthorityArrayOutput

func (i CertificateAuthorityArray) ToCertificateAuthorityArrayOutput() CertificateAuthorityArrayOutput

func (CertificateAuthorityArray) ToCertificateAuthorityArrayOutputWithContext

func (i CertificateAuthorityArray) ToCertificateAuthorityArrayOutputWithContext(ctx context.Context) CertificateAuthorityArrayOutput

type CertificateAuthorityArrayInput

type CertificateAuthorityArrayInput interface {
	pulumi.Input

	ToCertificateAuthorityArrayOutput() CertificateAuthorityArrayOutput
	ToCertificateAuthorityArrayOutputWithContext(context.Context) CertificateAuthorityArrayOutput
}

CertificateAuthorityArrayInput is an input type that accepts CertificateAuthorityArray and CertificateAuthorityArrayOutput values. You can construct a concrete instance of `CertificateAuthorityArrayInput` via:

CertificateAuthorityArray{ CertificateAuthorityArgs{...} }

type CertificateAuthorityArrayOutput

type CertificateAuthorityArrayOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityArrayOutput) ElementType

func (CertificateAuthorityArrayOutput) Index

func (CertificateAuthorityArrayOutput) ToCertificateAuthorityArrayOutput

func (o CertificateAuthorityArrayOutput) ToCertificateAuthorityArrayOutput() CertificateAuthorityArrayOutput

func (CertificateAuthorityArrayOutput) ToCertificateAuthorityArrayOutputWithContext

func (o CertificateAuthorityArrayOutput) ToCertificateAuthorityArrayOutputWithContext(ctx context.Context) CertificateAuthorityArrayOutput

type CertificateAuthorityCertificate

type CertificateAuthorityCertificate struct {
	pulumi.CustomResourceState

	// PEM-encoded certificate for the Certificate Authority.
	Certificate pulumi.StringOutput `pulumi:"certificate"`
	// ARN of the Certificate Authority.
	CertificateAuthorityArn pulumi.StringOutput `pulumi:"certificateAuthorityArn"`
	// PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA. Required for subordinate Certificate Authorities. Not allowed for root Certificate Authorities.
	CertificateChain pulumi.StringPtrOutput `pulumi:"certificateChain"`
}

Associates a certificate with an AWS Certificate Manager Private Certificate Authority (ACM PCA Certificate Authority). An ACM PCA Certificate Authority is unable to issue certificates until it has a certificate associated with it. A root level ACM PCA Certificate Authority is able to self-sign its own root certificate.

## Example Usage

### Self-Signed Root Certificate Authority Certificate

<!--Start PulumiCodeChooser --> ```go package main

import (

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleCertificateAuthority, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{
			Type: pulumi.String("ROOT"),
			CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
				KeyAlgorithm:     pulumi.String("RSA_4096"),
				SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
				Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
					CommonName: pulumi.String("example.com"),
				},
			},
		})
		if err != nil {
			return err
		}
		current, err := aws.GetPartition(ctx, nil, nil)
		if err != nil {
			return err
		}
		exampleCertificate, err := acmpca.NewCertificate(ctx, "example", &acmpca.CertificateArgs{
			CertificateAuthorityArn:   exampleCertificateAuthority.Arn,
			CertificateSigningRequest: exampleCertificateAuthority.CertificateSigningRequest,
			SigningAlgorithm:          pulumi.String("SHA512WITHRSA"),
			TemplateArn:               pulumi.String(fmt.Sprintf("arn:%v:acm-pca:::template/RootCACertificate/V1", current.Partition)),
			Validity: &acmpca.CertificateValidityArgs{
				Type:  pulumi.String("YEARS"),
				Value: pulumi.String("1"),
			},
		})
		if err != nil {
			return err
		}
		_, err = acmpca.NewCertificateAuthorityCertificate(ctx, "example", &acmpca.CertificateAuthorityCertificateArgs{
			CertificateAuthorityArn: exampleCertificateAuthority.Arn,
			Certificate:             exampleCertificate.Certificate,
			CertificateChain:        exampleCertificate.CertificateChain,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

### Certificate for Subordinate Certificate Authority

Note that the certificate for the subordinate certificate authority must be issued by the root certificate authority using a signing request from the subordinate certificate authority.

<!--Start PulumiCodeChooser --> ```go package main

import (

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		subordinateCertificateAuthority, err := acmpca.NewCertificateAuthority(ctx, "subordinate", &acmpca.CertificateAuthorityArgs{
			Type: pulumi.String("SUBORDINATE"),
			CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
				KeyAlgorithm:     pulumi.String("RSA_2048"),
				SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
				Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
					CommonName: pulumi.String("sub.example.com"),
				},
			},
		})
		if err != nil {
			return err
		}
		root, err := acmpca.NewCertificateAuthority(ctx, "root", nil)
		if err != nil {
			return err
		}
		current, err := aws.GetPartition(ctx, nil, nil)
		if err != nil {
			return err
		}
		subordinateCertificate, err := acmpca.NewCertificate(ctx, "subordinate", &acmpca.CertificateArgs{
			CertificateAuthorityArn:   root.Arn,
			CertificateSigningRequest: subordinateCertificateAuthority.CertificateSigningRequest,
			SigningAlgorithm:          pulumi.String("SHA512WITHRSA"),
			TemplateArn:               pulumi.String(fmt.Sprintf("arn:%v:acm-pca:::template/SubordinateCACertificate_PathLen0/V1", current.Partition)),
			Validity: &acmpca.CertificateValidityArgs{
				Type:  pulumi.String("YEARS"),
				Value: pulumi.String("1"),
			},
		})
		if err != nil {
			return err
		}
		_, err = acmpca.NewCertificateAuthorityCertificate(ctx, "subordinate", &acmpca.CertificateAuthorityCertificateArgs{
			CertificateAuthorityArn: subordinateCertificateAuthority.Arn,
			Certificate:             subordinateCertificate.Certificate,
			CertificateChain:        subordinateCertificate.CertificateChain,
		})
		if err != nil {
			return err
		}
		_, err = acmpca.NewCertificateAuthorityCertificate(ctx, "root", nil)
		if err != nil {
			return err
		}
		_, err = acmpca.NewCertificate(ctx, "root", nil)
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

func GetCertificateAuthorityCertificate

func GetCertificateAuthorityCertificate(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CertificateAuthorityCertificateState, opts ...pulumi.ResourceOption) (*CertificateAuthorityCertificate, error)

GetCertificateAuthorityCertificate gets an existing CertificateAuthorityCertificate resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCertificateAuthorityCertificate

func NewCertificateAuthorityCertificate(ctx *pulumi.Context,
	name string, args *CertificateAuthorityCertificateArgs, opts ...pulumi.ResourceOption) (*CertificateAuthorityCertificate, error)

NewCertificateAuthorityCertificate registers a new resource with the given unique name, arguments, and options.

func (*CertificateAuthorityCertificate) ElementType

func (*CertificateAuthorityCertificate) ToCertificateAuthorityCertificateOutput

func (i *CertificateAuthorityCertificate) ToCertificateAuthorityCertificateOutput() CertificateAuthorityCertificateOutput

func (*CertificateAuthorityCertificate) ToCertificateAuthorityCertificateOutputWithContext

func (i *CertificateAuthorityCertificate) ToCertificateAuthorityCertificateOutputWithContext(ctx context.Context) CertificateAuthorityCertificateOutput

type CertificateAuthorityCertificateArgs

type CertificateAuthorityCertificateArgs struct {
	// PEM-encoded certificate for the Certificate Authority.
	Certificate pulumi.StringInput
	// ARN of the Certificate Authority.
	CertificateAuthorityArn pulumi.StringInput
	// PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA. Required for subordinate Certificate Authorities. Not allowed for root Certificate Authorities.
	CertificateChain pulumi.StringPtrInput
}

The set of arguments for constructing a CertificateAuthorityCertificate resource.

func (CertificateAuthorityCertificateArgs) ElementType

type CertificateAuthorityCertificateArray

type CertificateAuthorityCertificateArray []CertificateAuthorityCertificateInput

func (CertificateAuthorityCertificateArray) ElementType

func (CertificateAuthorityCertificateArray) ToCertificateAuthorityCertificateArrayOutput

func (i CertificateAuthorityCertificateArray) ToCertificateAuthorityCertificateArrayOutput() CertificateAuthorityCertificateArrayOutput

func (CertificateAuthorityCertificateArray) ToCertificateAuthorityCertificateArrayOutputWithContext

func (i CertificateAuthorityCertificateArray) ToCertificateAuthorityCertificateArrayOutputWithContext(ctx context.Context) CertificateAuthorityCertificateArrayOutput

type CertificateAuthorityCertificateArrayInput

type CertificateAuthorityCertificateArrayInput interface {
	pulumi.Input

	ToCertificateAuthorityCertificateArrayOutput() CertificateAuthorityCertificateArrayOutput
	ToCertificateAuthorityCertificateArrayOutputWithContext(context.Context) CertificateAuthorityCertificateArrayOutput
}

CertificateAuthorityCertificateArrayInput is an input type that accepts CertificateAuthorityCertificateArray and CertificateAuthorityCertificateArrayOutput values. You can construct a concrete instance of `CertificateAuthorityCertificateArrayInput` via:

CertificateAuthorityCertificateArray{ CertificateAuthorityCertificateArgs{...} }

type CertificateAuthorityCertificateArrayOutput

type CertificateAuthorityCertificateArrayOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityCertificateArrayOutput) ElementType

func (CertificateAuthorityCertificateArrayOutput) Index

func (CertificateAuthorityCertificateArrayOutput) ToCertificateAuthorityCertificateArrayOutput

func (o CertificateAuthorityCertificateArrayOutput) ToCertificateAuthorityCertificateArrayOutput() CertificateAuthorityCertificateArrayOutput

func (CertificateAuthorityCertificateArrayOutput) ToCertificateAuthorityCertificateArrayOutputWithContext

func (o CertificateAuthorityCertificateArrayOutput) ToCertificateAuthorityCertificateArrayOutputWithContext(ctx context.Context) CertificateAuthorityCertificateArrayOutput

type CertificateAuthorityCertificateAuthorityConfiguration

type CertificateAuthorityCertificateAuthorityConfiguration struct {
	// Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthorityConfiguration.html).
	KeyAlgorithm string `pulumi:"keyAlgorithm"`
	// Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthorityConfiguration.html).
	SigningAlgorithm string `pulumi:"signingAlgorithm"`
	// Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.
	Subject CertificateAuthorityCertificateAuthorityConfigurationSubject `pulumi:"subject"`
}

type CertificateAuthorityCertificateAuthorityConfigurationArgs

type CertificateAuthorityCertificateAuthorityConfigurationArgs struct {
	// Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthorityConfiguration.html).
	KeyAlgorithm pulumi.StringInput `pulumi:"keyAlgorithm"`
	// Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthorityConfiguration.html).
	SigningAlgorithm pulumi.StringInput `pulumi:"signingAlgorithm"`
	// Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.
	Subject CertificateAuthorityCertificateAuthorityConfigurationSubjectInput `pulumi:"subject"`
}

func (CertificateAuthorityCertificateAuthorityConfigurationArgs) ElementType

func (CertificateAuthorityCertificateAuthorityConfigurationArgs) ToCertificateAuthorityCertificateAuthorityConfigurationOutput

func (CertificateAuthorityCertificateAuthorityConfigurationArgs) ToCertificateAuthorityCertificateAuthorityConfigurationOutputWithContext

func (i CertificateAuthorityCertificateAuthorityConfigurationArgs) ToCertificateAuthorityCertificateAuthorityConfigurationOutputWithContext(ctx context.Context) CertificateAuthorityCertificateAuthorityConfigurationOutput

func (CertificateAuthorityCertificateAuthorityConfigurationArgs) ToCertificateAuthorityCertificateAuthorityConfigurationPtrOutput

func (CertificateAuthorityCertificateAuthorityConfigurationArgs) ToCertificateAuthorityCertificateAuthorityConfigurationPtrOutputWithContext

func (i CertificateAuthorityCertificateAuthorityConfigurationArgs) ToCertificateAuthorityCertificateAuthorityConfigurationPtrOutputWithContext(ctx context.Context) CertificateAuthorityCertificateAuthorityConfigurationPtrOutput

type CertificateAuthorityCertificateAuthorityConfigurationInput

type CertificateAuthorityCertificateAuthorityConfigurationInput interface {
	pulumi.Input

	ToCertificateAuthorityCertificateAuthorityConfigurationOutput() CertificateAuthorityCertificateAuthorityConfigurationOutput
	ToCertificateAuthorityCertificateAuthorityConfigurationOutputWithContext(context.Context) CertificateAuthorityCertificateAuthorityConfigurationOutput
}

CertificateAuthorityCertificateAuthorityConfigurationInput is an input type that accepts CertificateAuthorityCertificateAuthorityConfigurationArgs and CertificateAuthorityCertificateAuthorityConfigurationOutput values. You can construct a concrete instance of `CertificateAuthorityCertificateAuthorityConfigurationInput` via:

CertificateAuthorityCertificateAuthorityConfigurationArgs{...}

type CertificateAuthorityCertificateAuthorityConfigurationOutput

type CertificateAuthorityCertificateAuthorityConfigurationOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityCertificateAuthorityConfigurationOutput) ElementType

func (CertificateAuthorityCertificateAuthorityConfigurationOutput) KeyAlgorithm

Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthorityConfiguration.html).

func (CertificateAuthorityCertificateAuthorityConfigurationOutput) SigningAlgorithm

Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthorityConfiguration.html).

func (CertificateAuthorityCertificateAuthorityConfigurationOutput) Subject

Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.

func (CertificateAuthorityCertificateAuthorityConfigurationOutput) ToCertificateAuthorityCertificateAuthorityConfigurationOutput

func (CertificateAuthorityCertificateAuthorityConfigurationOutput) ToCertificateAuthorityCertificateAuthorityConfigurationOutputWithContext

func (o CertificateAuthorityCertificateAuthorityConfigurationOutput) ToCertificateAuthorityCertificateAuthorityConfigurationOutputWithContext(ctx context.Context) CertificateAuthorityCertificateAuthorityConfigurationOutput

func (CertificateAuthorityCertificateAuthorityConfigurationOutput) ToCertificateAuthorityCertificateAuthorityConfigurationPtrOutput

func (CertificateAuthorityCertificateAuthorityConfigurationOutput) ToCertificateAuthorityCertificateAuthorityConfigurationPtrOutputWithContext

func (o CertificateAuthorityCertificateAuthorityConfigurationOutput) ToCertificateAuthorityCertificateAuthorityConfigurationPtrOutputWithContext(ctx context.Context) CertificateAuthorityCertificateAuthorityConfigurationPtrOutput

type CertificateAuthorityCertificateAuthorityConfigurationPtrInput

type CertificateAuthorityCertificateAuthorityConfigurationPtrInput interface {
	pulumi.Input

	ToCertificateAuthorityCertificateAuthorityConfigurationPtrOutput() CertificateAuthorityCertificateAuthorityConfigurationPtrOutput
	ToCertificateAuthorityCertificateAuthorityConfigurationPtrOutputWithContext(context.Context) CertificateAuthorityCertificateAuthorityConfigurationPtrOutput
}

CertificateAuthorityCertificateAuthorityConfigurationPtrInput is an input type that accepts CertificateAuthorityCertificateAuthorityConfigurationArgs, CertificateAuthorityCertificateAuthorityConfigurationPtr and CertificateAuthorityCertificateAuthorityConfigurationPtrOutput values. You can construct a concrete instance of `CertificateAuthorityCertificateAuthorityConfigurationPtrInput` via:

        CertificateAuthorityCertificateAuthorityConfigurationArgs{...}

or:

        nil

type CertificateAuthorityCertificateAuthorityConfigurationPtrOutput

type CertificateAuthorityCertificateAuthorityConfigurationPtrOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityCertificateAuthorityConfigurationPtrOutput) Elem

func (CertificateAuthorityCertificateAuthorityConfigurationPtrOutput) ElementType

func (CertificateAuthorityCertificateAuthorityConfigurationPtrOutput) KeyAlgorithm

Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthorityConfiguration.html).

func (CertificateAuthorityCertificateAuthorityConfigurationPtrOutput) SigningAlgorithm

Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthorityConfiguration.html).

func (CertificateAuthorityCertificateAuthorityConfigurationPtrOutput) Subject

Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.

func (CertificateAuthorityCertificateAuthorityConfigurationPtrOutput) ToCertificateAuthorityCertificateAuthorityConfigurationPtrOutput

func (CertificateAuthorityCertificateAuthorityConfigurationPtrOutput) ToCertificateAuthorityCertificateAuthorityConfigurationPtrOutputWithContext

func (o CertificateAuthorityCertificateAuthorityConfigurationPtrOutput) ToCertificateAuthorityCertificateAuthorityConfigurationPtrOutputWithContext(ctx context.Context) CertificateAuthorityCertificateAuthorityConfigurationPtrOutput

type CertificateAuthorityCertificateAuthorityConfigurationSubject

type CertificateAuthorityCertificateAuthorityConfigurationSubject struct {
	// Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.
	CommonName *string `pulumi:"commonName"`
	// Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.
	Country *string `pulumi:"country"`
	// Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.
	DistinguishedNameQualifier *string `pulumi:"distinguishedNameQualifier"`
	// Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.
	GenerationQualifier *string `pulumi:"generationQualifier"`
	// First name. Must be less than or equal to 16 characters in length.
	GivenName *string `pulumi:"givenName"`
	// Concatenation that typically contains the first letter of the `givenName`, the first letter of the middle name if one exists, and the first letter of the `surname`. Must be less than or equal to 5 characters in length.
	Initials *string `pulumi:"initials"`
	// Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.
	Locality *string `pulumi:"locality"`
	// Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
	Organization *string `pulumi:"organization"`
	// Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
	OrganizationalUnit *string `pulumi:"organizationalUnit"`
	// Typically a shortened version of a longer `givenName`. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.
	Pseudonym *string `pulumi:"pseudonym"`
	// State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.
	State *string `pulumi:"state"`
	// Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.
	Surname *string `pulumi:"surname"`
	// Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.
	Title *string `pulumi:"title"`
}

type CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs

type CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs struct {
	// Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.
	CommonName pulumi.StringPtrInput `pulumi:"commonName"`
	// Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.
	Country pulumi.StringPtrInput `pulumi:"country"`
	// Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.
	DistinguishedNameQualifier pulumi.StringPtrInput `pulumi:"distinguishedNameQualifier"`
	// Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.
	GenerationQualifier pulumi.StringPtrInput `pulumi:"generationQualifier"`
	// First name. Must be less than or equal to 16 characters in length.
	GivenName pulumi.StringPtrInput `pulumi:"givenName"`
	// Concatenation that typically contains the first letter of the `givenName`, the first letter of the middle name if one exists, and the first letter of the `surname`. Must be less than or equal to 5 characters in length.
	Initials pulumi.StringPtrInput `pulumi:"initials"`
	// Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.
	Locality pulumi.StringPtrInput `pulumi:"locality"`
	// Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
	Organization pulumi.StringPtrInput `pulumi:"organization"`
	// Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.
	OrganizationalUnit pulumi.StringPtrInput `pulumi:"organizationalUnit"`
	// Typically a shortened version of a longer `givenName`. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.
	Pseudonym pulumi.StringPtrInput `pulumi:"pseudonym"`
	// State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.
	State pulumi.StringPtrInput `pulumi:"state"`
	// Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.
	Surname pulumi.StringPtrInput `pulumi:"surname"`
	// Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs) ElementType

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectOutput

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectOutputWithContext

func (i CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectOutputWithContext(ctx context.Context) CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutputWithContext

func (i CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutputWithContext(ctx context.Context) CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput

type CertificateAuthorityCertificateAuthorityConfigurationSubjectInput

type CertificateAuthorityCertificateAuthorityConfigurationSubjectInput interface {
	pulumi.Input

	ToCertificateAuthorityCertificateAuthorityConfigurationSubjectOutput() CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput
	ToCertificateAuthorityCertificateAuthorityConfigurationSubjectOutputWithContext(context.Context) CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput
}

CertificateAuthorityCertificateAuthorityConfigurationSubjectInput is an input type that accepts CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs and CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput values. You can construct a concrete instance of `CertificateAuthorityCertificateAuthorityConfigurationSubjectInput` via:

CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{...}

type CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput

type CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) CommonName

Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) Country

Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) DistinguishedNameQualifier

Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) ElementType

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) GenerationQualifier

Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) GivenName

First name. Must be less than or equal to 16 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) Initials

Concatenation that typically contains the first letter of the `givenName`, the first letter of the middle name if one exists, and the first letter of the `surname`. Must be less than or equal to 5 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) Locality

Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) Organization

Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) OrganizationalUnit

Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) Pseudonym

Typically a shortened version of a longer `givenName`. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) State

State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) Surname

Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) Title

Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectOutput

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectOutputWithContext

func (o CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectOutputWithContext(ctx context.Context) CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutputWithContext

func (o CertificateAuthorityCertificateAuthorityConfigurationSubjectOutput) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutputWithContext(ctx context.Context) CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput

type CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrInput

type CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrInput interface {
	pulumi.Input

	ToCertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput() CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput
	ToCertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutputWithContext(context.Context) CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput
}

CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrInput is an input type that accepts CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs, CertificateAuthorityCertificateAuthorityConfigurationSubjectPtr and CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput values. You can construct a concrete instance of `CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrInput` via:

        CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{...}

or:

        nil

type CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput

type CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) CommonName

Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) Country

Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) DistinguishedNameQualifier

Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) Elem

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) ElementType

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) GenerationQualifier

Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) GivenName

First name. Must be less than or equal to 16 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) Initials

Concatenation that typically contains the first letter of the `givenName`, the first letter of the middle name if one exists, and the first letter of the `surname`. Must be less than or equal to 5 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) Locality

Locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) Organization

Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) OrganizationalUnit

Subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) Pseudonym

Typically a shortened version of a longer `givenName`. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) State

State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) Surname

Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) Title

Title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput

func (CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutputWithContext

func (o CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput) ToCertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutputWithContext(ctx context.Context) CertificateAuthorityCertificateAuthorityConfigurationSubjectPtrOutput

type CertificateAuthorityCertificateInput

type CertificateAuthorityCertificateInput interface {
	pulumi.Input

	ToCertificateAuthorityCertificateOutput() CertificateAuthorityCertificateOutput
	ToCertificateAuthorityCertificateOutputWithContext(ctx context.Context) CertificateAuthorityCertificateOutput
}

type CertificateAuthorityCertificateMap

type CertificateAuthorityCertificateMap map[string]CertificateAuthorityCertificateInput

func (CertificateAuthorityCertificateMap) ElementType

func (CertificateAuthorityCertificateMap) ToCertificateAuthorityCertificateMapOutput

func (i CertificateAuthorityCertificateMap) ToCertificateAuthorityCertificateMapOutput() CertificateAuthorityCertificateMapOutput

func (CertificateAuthorityCertificateMap) ToCertificateAuthorityCertificateMapOutputWithContext

func (i CertificateAuthorityCertificateMap) ToCertificateAuthorityCertificateMapOutputWithContext(ctx context.Context) CertificateAuthorityCertificateMapOutput

type CertificateAuthorityCertificateMapInput

type CertificateAuthorityCertificateMapInput interface {
	pulumi.Input

	ToCertificateAuthorityCertificateMapOutput() CertificateAuthorityCertificateMapOutput
	ToCertificateAuthorityCertificateMapOutputWithContext(context.Context) CertificateAuthorityCertificateMapOutput
}

CertificateAuthorityCertificateMapInput is an input type that accepts CertificateAuthorityCertificateMap and CertificateAuthorityCertificateMapOutput values. You can construct a concrete instance of `CertificateAuthorityCertificateMapInput` via:

CertificateAuthorityCertificateMap{ "key": CertificateAuthorityCertificateArgs{...} }

type CertificateAuthorityCertificateMapOutput

type CertificateAuthorityCertificateMapOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityCertificateMapOutput) ElementType

func (CertificateAuthorityCertificateMapOutput) MapIndex

func (CertificateAuthorityCertificateMapOutput) ToCertificateAuthorityCertificateMapOutput

func (o CertificateAuthorityCertificateMapOutput) ToCertificateAuthorityCertificateMapOutput() CertificateAuthorityCertificateMapOutput

func (CertificateAuthorityCertificateMapOutput) ToCertificateAuthorityCertificateMapOutputWithContext

func (o CertificateAuthorityCertificateMapOutput) ToCertificateAuthorityCertificateMapOutputWithContext(ctx context.Context) CertificateAuthorityCertificateMapOutput

type CertificateAuthorityCertificateOutput

type CertificateAuthorityCertificateOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityCertificateOutput) Certificate

PEM-encoded certificate for the Certificate Authority.

func (CertificateAuthorityCertificateOutput) CertificateAuthorityArn

func (o CertificateAuthorityCertificateOutput) CertificateAuthorityArn() pulumi.StringOutput

ARN of the Certificate Authority.

func (CertificateAuthorityCertificateOutput) CertificateChain

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA. Required for subordinate Certificate Authorities. Not allowed for root Certificate Authorities.

func (CertificateAuthorityCertificateOutput) ElementType

func (CertificateAuthorityCertificateOutput) ToCertificateAuthorityCertificateOutput

func (o CertificateAuthorityCertificateOutput) ToCertificateAuthorityCertificateOutput() CertificateAuthorityCertificateOutput

func (CertificateAuthorityCertificateOutput) ToCertificateAuthorityCertificateOutputWithContext

func (o CertificateAuthorityCertificateOutput) ToCertificateAuthorityCertificateOutputWithContext(ctx context.Context) CertificateAuthorityCertificateOutput

type CertificateAuthorityCertificateState

type CertificateAuthorityCertificateState struct {
	// PEM-encoded certificate for the Certificate Authority.
	Certificate pulumi.StringPtrInput
	// ARN of the Certificate Authority.
	CertificateAuthorityArn pulumi.StringPtrInput
	// PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA. Required for subordinate Certificate Authorities. Not allowed for root Certificate Authorities.
	CertificateChain pulumi.StringPtrInput
}

func (CertificateAuthorityCertificateState) ElementType

type CertificateAuthorityInput

type CertificateAuthorityInput interface {
	pulumi.Input

	ToCertificateAuthorityOutput() CertificateAuthorityOutput
	ToCertificateAuthorityOutputWithContext(ctx context.Context) CertificateAuthorityOutput
}

type CertificateAuthorityMap

type CertificateAuthorityMap map[string]CertificateAuthorityInput

func (CertificateAuthorityMap) ElementType

func (CertificateAuthorityMap) ElementType() reflect.Type

func (CertificateAuthorityMap) ToCertificateAuthorityMapOutput

func (i CertificateAuthorityMap) ToCertificateAuthorityMapOutput() CertificateAuthorityMapOutput

func (CertificateAuthorityMap) ToCertificateAuthorityMapOutputWithContext

func (i CertificateAuthorityMap) ToCertificateAuthorityMapOutputWithContext(ctx context.Context) CertificateAuthorityMapOutput

type CertificateAuthorityMapInput

type CertificateAuthorityMapInput interface {
	pulumi.Input

	ToCertificateAuthorityMapOutput() CertificateAuthorityMapOutput
	ToCertificateAuthorityMapOutputWithContext(context.Context) CertificateAuthorityMapOutput
}

CertificateAuthorityMapInput is an input type that accepts CertificateAuthorityMap and CertificateAuthorityMapOutput values. You can construct a concrete instance of `CertificateAuthorityMapInput` via:

CertificateAuthorityMap{ "key": CertificateAuthorityArgs{...} }

type CertificateAuthorityMapOutput

type CertificateAuthorityMapOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityMapOutput) ElementType

func (CertificateAuthorityMapOutput) MapIndex

func (CertificateAuthorityMapOutput) ToCertificateAuthorityMapOutput

func (o CertificateAuthorityMapOutput) ToCertificateAuthorityMapOutput() CertificateAuthorityMapOutput

func (CertificateAuthorityMapOutput) ToCertificateAuthorityMapOutputWithContext

func (o CertificateAuthorityMapOutput) ToCertificateAuthorityMapOutputWithContext(ctx context.Context) CertificateAuthorityMapOutput

type CertificateAuthorityOutput

type CertificateAuthorityOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityOutput) Arn

ARN of the certificate authority.

func (CertificateAuthorityOutput) Certificate

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

func (CertificateAuthorityOutput) CertificateAuthorityConfiguration

Nested argument containing algorithms and certificate subject information. Defined below.

func (CertificateAuthorityOutput) CertificateChain

func (o CertificateAuthorityOutput) CertificateChain() pulumi.StringOutput

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

func (CertificateAuthorityOutput) CertificateSigningRequest

func (o CertificateAuthorityOutput) CertificateSigningRequest() pulumi.StringOutput

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

func (CertificateAuthorityOutput) ElementType

func (CertificateAuthorityOutput) ElementType() reflect.Type

func (CertificateAuthorityOutput) Enabled

Whether the certificate authority is enabled or disabled. Defaults to `true`. Can only be disabled if the CA is in an `ACTIVE` state.

func (CertificateAuthorityOutput) KeyStorageSecurityStandard

func (o CertificateAuthorityOutput) KeyStorageSecurityStandard() pulumi.StringOutput

Cryptographic key management compliance standard used for handling CA keys. Defaults to `FIPS_140_2_LEVEL_3_OR_HIGHER`. Valid values: `FIPS_140_2_LEVEL_3_OR_HIGHER` and `FIPS_140_2_LEVEL_2_OR_HIGHER`. Supported standard for each region can be found in the [Storage and security compliance of AWS Private CA private keys Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys).

func (CertificateAuthorityOutput) NotAfter

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

func (CertificateAuthorityOutput) NotBefore

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

func (CertificateAuthorityOutput) PermanentDeletionTimeInDays

func (o CertificateAuthorityOutput) PermanentDeletionTimeInDays() pulumi.IntPtrOutput

Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.

func (CertificateAuthorityOutput) RevocationConfiguration

Nested argument containing revocation configuration. Defined below.

func (CertificateAuthorityOutput) Serial

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

func (CertificateAuthorityOutput) Tags

Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.

func (CertificateAuthorityOutput) TagsAll deprecated

Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.

Deprecated: Please use `tags` instead.

func (CertificateAuthorityOutput) ToCertificateAuthorityOutput

func (o CertificateAuthorityOutput) ToCertificateAuthorityOutput() CertificateAuthorityOutput

func (CertificateAuthorityOutput) ToCertificateAuthorityOutputWithContext

func (o CertificateAuthorityOutput) ToCertificateAuthorityOutputWithContext(ctx context.Context) CertificateAuthorityOutput

func (CertificateAuthorityOutput) Type

Type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`.

func (CertificateAuthorityOutput) UsageMode

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to `GENERAL_PURPOSE`. Valid values: `GENERAL_PURPOSE` and `SHORT_LIVED_CERTIFICATE`.

type CertificateAuthorityRevocationConfiguration

type CertificateAuthorityRevocationConfiguration struct {
	// Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.
	CrlConfiguration *CertificateAuthorityRevocationConfigurationCrlConfiguration `pulumi:"crlConfiguration"`
	// Nested argument containing configuration of
	// the custom OCSP responder endpoint. Defined below.
	OcspConfiguration *CertificateAuthorityRevocationConfigurationOcspConfiguration `pulumi:"ocspConfiguration"`
}

type CertificateAuthorityRevocationConfigurationArgs

type CertificateAuthorityRevocationConfigurationArgs struct {
	// Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.
	CrlConfiguration CertificateAuthorityRevocationConfigurationCrlConfigurationPtrInput `pulumi:"crlConfiguration"`
	// Nested argument containing configuration of
	// the custom OCSP responder endpoint. Defined below.
	OcspConfiguration CertificateAuthorityRevocationConfigurationOcspConfigurationPtrInput `pulumi:"ocspConfiguration"`
}

func (CertificateAuthorityRevocationConfigurationArgs) ElementType

func (CertificateAuthorityRevocationConfigurationArgs) ToCertificateAuthorityRevocationConfigurationOutput

func (i CertificateAuthorityRevocationConfigurationArgs) ToCertificateAuthorityRevocationConfigurationOutput() CertificateAuthorityRevocationConfigurationOutput

func (CertificateAuthorityRevocationConfigurationArgs) ToCertificateAuthorityRevocationConfigurationOutputWithContext

func (i CertificateAuthorityRevocationConfigurationArgs) ToCertificateAuthorityRevocationConfigurationOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationOutput

func (CertificateAuthorityRevocationConfigurationArgs) ToCertificateAuthorityRevocationConfigurationPtrOutput

func (i CertificateAuthorityRevocationConfigurationArgs) ToCertificateAuthorityRevocationConfigurationPtrOutput() CertificateAuthorityRevocationConfigurationPtrOutput

func (CertificateAuthorityRevocationConfigurationArgs) ToCertificateAuthorityRevocationConfigurationPtrOutputWithContext

func (i CertificateAuthorityRevocationConfigurationArgs) ToCertificateAuthorityRevocationConfigurationPtrOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationPtrOutput

type CertificateAuthorityRevocationConfigurationCrlConfiguration

type CertificateAuthorityRevocationConfigurationCrlConfiguration struct {
	// Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.
	CustomCname *string `pulumi:"customCname"`
	// Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to `false`.
	Enabled *bool `pulumi:"enabled"`
	// Number of days until a certificate expires. Must be between 1 and 5000.
	ExpirationInDays *int `pulumi:"expirationInDays"`
	// Name of the S3 bucket that contains the CRL. If you do not provide a value for the `customCname` argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.
	S3BucketName *string `pulumi:"s3BucketName"`
	// Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to `PUBLIC_READ`.
	S3ObjectAcl *string `pulumi:"s3ObjectAcl"`
}

type CertificateAuthorityRevocationConfigurationCrlConfigurationArgs

type CertificateAuthorityRevocationConfigurationCrlConfigurationArgs struct {
	// Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.
	CustomCname pulumi.StringPtrInput `pulumi:"customCname"`
	// Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to `false`.
	Enabled pulumi.BoolPtrInput `pulumi:"enabled"`
	// Number of days until a certificate expires. Must be between 1 and 5000.
	ExpirationInDays pulumi.IntPtrInput `pulumi:"expirationInDays"`
	// Name of the S3 bucket that contains the CRL. If you do not provide a value for the `customCname` argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.
	S3BucketName pulumi.StringPtrInput `pulumi:"s3BucketName"`
	// Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to `PUBLIC_READ`.
	S3ObjectAcl pulumi.StringPtrInput `pulumi:"s3ObjectAcl"`
}

func (CertificateAuthorityRevocationConfigurationCrlConfigurationArgs) ElementType

func (CertificateAuthorityRevocationConfigurationCrlConfigurationArgs) ToCertificateAuthorityRevocationConfigurationCrlConfigurationOutput

func (CertificateAuthorityRevocationConfigurationCrlConfigurationArgs) ToCertificateAuthorityRevocationConfigurationCrlConfigurationOutputWithContext

func (i CertificateAuthorityRevocationConfigurationCrlConfigurationArgs) ToCertificateAuthorityRevocationConfigurationCrlConfigurationOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationCrlConfigurationOutput

func (CertificateAuthorityRevocationConfigurationCrlConfigurationArgs) ToCertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput

func (CertificateAuthorityRevocationConfigurationCrlConfigurationArgs) ToCertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutputWithContext

func (i CertificateAuthorityRevocationConfigurationCrlConfigurationArgs) ToCertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput

type CertificateAuthorityRevocationConfigurationCrlConfigurationInput

type CertificateAuthorityRevocationConfigurationCrlConfigurationInput interface {
	pulumi.Input

	ToCertificateAuthorityRevocationConfigurationCrlConfigurationOutput() CertificateAuthorityRevocationConfigurationCrlConfigurationOutput
	ToCertificateAuthorityRevocationConfigurationCrlConfigurationOutputWithContext(context.Context) CertificateAuthorityRevocationConfigurationCrlConfigurationOutput
}

CertificateAuthorityRevocationConfigurationCrlConfigurationInput is an input type that accepts CertificateAuthorityRevocationConfigurationCrlConfigurationArgs and CertificateAuthorityRevocationConfigurationCrlConfigurationOutput values. You can construct a concrete instance of `CertificateAuthorityRevocationConfigurationCrlConfigurationInput` via:

CertificateAuthorityRevocationConfigurationCrlConfigurationArgs{...}

type CertificateAuthorityRevocationConfigurationCrlConfigurationOutput

type CertificateAuthorityRevocationConfigurationCrlConfigurationOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityRevocationConfigurationCrlConfigurationOutput) CustomCname

Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.

func (CertificateAuthorityRevocationConfigurationCrlConfigurationOutput) ElementType

func (CertificateAuthorityRevocationConfigurationCrlConfigurationOutput) Enabled

Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to `false`.

func (CertificateAuthorityRevocationConfigurationCrlConfigurationOutput) ExpirationInDays

Number of days until a certificate expires. Must be between 1 and 5000.

func (CertificateAuthorityRevocationConfigurationCrlConfigurationOutput) S3BucketName

Name of the S3 bucket that contains the CRL. If you do not provide a value for the `customCname` argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.

func (CertificateAuthorityRevocationConfigurationCrlConfigurationOutput) S3ObjectAcl

Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to `PUBLIC_READ`.

func (CertificateAuthorityRevocationConfigurationCrlConfigurationOutput) ToCertificateAuthorityRevocationConfigurationCrlConfigurationOutput

func (CertificateAuthorityRevocationConfigurationCrlConfigurationOutput) ToCertificateAuthorityRevocationConfigurationCrlConfigurationOutputWithContext

func (o CertificateAuthorityRevocationConfigurationCrlConfigurationOutput) ToCertificateAuthorityRevocationConfigurationCrlConfigurationOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationCrlConfigurationOutput

func (CertificateAuthorityRevocationConfigurationCrlConfigurationOutput) ToCertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput

func (CertificateAuthorityRevocationConfigurationCrlConfigurationOutput) ToCertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutputWithContext

func (o CertificateAuthorityRevocationConfigurationCrlConfigurationOutput) ToCertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput

type CertificateAuthorityRevocationConfigurationCrlConfigurationPtrInput

type CertificateAuthorityRevocationConfigurationCrlConfigurationPtrInput interface {
	pulumi.Input

	ToCertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput() CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput
	ToCertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutputWithContext(context.Context) CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput
}

CertificateAuthorityRevocationConfigurationCrlConfigurationPtrInput is an input type that accepts CertificateAuthorityRevocationConfigurationCrlConfigurationArgs, CertificateAuthorityRevocationConfigurationCrlConfigurationPtr and CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput values. You can construct a concrete instance of `CertificateAuthorityRevocationConfigurationCrlConfigurationPtrInput` via:

        CertificateAuthorityRevocationConfigurationCrlConfigurationArgs{...}

or:

        nil

type CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput

type CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput) CustomCname

Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.

func (CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput) Elem

func (CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput) ElementType

func (CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput) Enabled

Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to `false`.

func (CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput) ExpirationInDays

Number of days until a certificate expires. Must be between 1 and 5000.

func (CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput) S3BucketName

Name of the S3 bucket that contains the CRL. If you do not provide a value for the `customCname` argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be between 3 and 255 characters in length.

func (CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput) S3ObjectAcl

Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to `PUBLIC_READ`.

func (CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput) ToCertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput

func (CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput) ToCertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutputWithContext

func (o CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput) ToCertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationCrlConfigurationPtrOutput

type CertificateAuthorityRevocationConfigurationInput

type CertificateAuthorityRevocationConfigurationInput interface {
	pulumi.Input

	ToCertificateAuthorityRevocationConfigurationOutput() CertificateAuthorityRevocationConfigurationOutput
	ToCertificateAuthorityRevocationConfigurationOutputWithContext(context.Context) CertificateAuthorityRevocationConfigurationOutput
}

CertificateAuthorityRevocationConfigurationInput is an input type that accepts CertificateAuthorityRevocationConfigurationArgs and CertificateAuthorityRevocationConfigurationOutput values. You can construct a concrete instance of `CertificateAuthorityRevocationConfigurationInput` via:

CertificateAuthorityRevocationConfigurationArgs{...}

type CertificateAuthorityRevocationConfigurationOcspConfiguration

type CertificateAuthorityRevocationConfigurationOcspConfiguration struct {
	// Boolean value that specifies whether a custom OCSP responder is enabled.
	Enabled bool `pulumi:"enabled"`
	// CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".
	OcspCustomCname *string `pulumi:"ocspCustomCname"`
}

type CertificateAuthorityRevocationConfigurationOcspConfigurationArgs

type CertificateAuthorityRevocationConfigurationOcspConfigurationArgs struct {
	// Boolean value that specifies whether a custom OCSP responder is enabled.
	Enabled pulumi.BoolInput `pulumi:"enabled"`
	// CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".
	OcspCustomCname pulumi.StringPtrInput `pulumi:"ocspCustomCname"`
}

func (CertificateAuthorityRevocationConfigurationOcspConfigurationArgs) ElementType

func (CertificateAuthorityRevocationConfigurationOcspConfigurationArgs) ToCertificateAuthorityRevocationConfigurationOcspConfigurationOutput

func (CertificateAuthorityRevocationConfigurationOcspConfigurationArgs) ToCertificateAuthorityRevocationConfigurationOcspConfigurationOutputWithContext

func (i CertificateAuthorityRevocationConfigurationOcspConfigurationArgs) ToCertificateAuthorityRevocationConfigurationOcspConfigurationOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationOcspConfigurationOutput

func (CertificateAuthorityRevocationConfigurationOcspConfigurationArgs) ToCertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput

func (CertificateAuthorityRevocationConfigurationOcspConfigurationArgs) ToCertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutputWithContext

func (i CertificateAuthorityRevocationConfigurationOcspConfigurationArgs) ToCertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput

type CertificateAuthorityRevocationConfigurationOcspConfigurationInput

type CertificateAuthorityRevocationConfigurationOcspConfigurationInput interface {
	pulumi.Input

	ToCertificateAuthorityRevocationConfigurationOcspConfigurationOutput() CertificateAuthorityRevocationConfigurationOcspConfigurationOutput
	ToCertificateAuthorityRevocationConfigurationOcspConfigurationOutputWithContext(context.Context) CertificateAuthorityRevocationConfigurationOcspConfigurationOutput
}

CertificateAuthorityRevocationConfigurationOcspConfigurationInput is an input type that accepts CertificateAuthorityRevocationConfigurationOcspConfigurationArgs and CertificateAuthorityRevocationConfigurationOcspConfigurationOutput values. You can construct a concrete instance of `CertificateAuthorityRevocationConfigurationOcspConfigurationInput` via:

CertificateAuthorityRevocationConfigurationOcspConfigurationArgs{...}

type CertificateAuthorityRevocationConfigurationOcspConfigurationOutput

type CertificateAuthorityRevocationConfigurationOcspConfigurationOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityRevocationConfigurationOcspConfigurationOutput) ElementType

func (CertificateAuthorityRevocationConfigurationOcspConfigurationOutput) Enabled

Boolean value that specifies whether a custom OCSP responder is enabled.

func (CertificateAuthorityRevocationConfigurationOcspConfigurationOutput) OcspCustomCname

CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".

func (CertificateAuthorityRevocationConfigurationOcspConfigurationOutput) ToCertificateAuthorityRevocationConfigurationOcspConfigurationOutput

func (CertificateAuthorityRevocationConfigurationOcspConfigurationOutput) ToCertificateAuthorityRevocationConfigurationOcspConfigurationOutputWithContext

func (o CertificateAuthorityRevocationConfigurationOcspConfigurationOutput) ToCertificateAuthorityRevocationConfigurationOcspConfigurationOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationOcspConfigurationOutput

func (CertificateAuthorityRevocationConfigurationOcspConfigurationOutput) ToCertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput

func (CertificateAuthorityRevocationConfigurationOcspConfigurationOutput) ToCertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutputWithContext

func (o CertificateAuthorityRevocationConfigurationOcspConfigurationOutput) ToCertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput

type CertificateAuthorityRevocationConfigurationOcspConfigurationPtrInput

type CertificateAuthorityRevocationConfigurationOcspConfigurationPtrInput interface {
	pulumi.Input

	ToCertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput() CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput
	ToCertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutputWithContext(context.Context) CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput
}

CertificateAuthorityRevocationConfigurationOcspConfigurationPtrInput is an input type that accepts CertificateAuthorityRevocationConfigurationOcspConfigurationArgs, CertificateAuthorityRevocationConfigurationOcspConfigurationPtr and CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput values. You can construct a concrete instance of `CertificateAuthorityRevocationConfigurationOcspConfigurationPtrInput` via:

        CertificateAuthorityRevocationConfigurationOcspConfigurationArgs{...}

or:

        nil

type CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput

type CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput) Elem

func (CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput) ElementType

func (CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput) Enabled

Boolean value that specifies whether a custom OCSP responder is enabled.

func (CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput) OcspCustomCname

CNAME specifying a customized OCSP domain. Note: The value of the CNAME must not include a protocol prefix such as "http://" or "https://".

func (CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput) ToCertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput

func (CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput) ToCertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutputWithContext

func (o CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput) ToCertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationOcspConfigurationPtrOutput

type CertificateAuthorityRevocationConfigurationOutput

type CertificateAuthorityRevocationConfigurationOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityRevocationConfigurationOutput) CrlConfiguration

Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.

func (CertificateAuthorityRevocationConfigurationOutput) ElementType

func (CertificateAuthorityRevocationConfigurationOutput) OcspConfiguration

Nested argument containing configuration of the custom OCSP responder endpoint. Defined below.

func (CertificateAuthorityRevocationConfigurationOutput) ToCertificateAuthorityRevocationConfigurationOutput

func (o CertificateAuthorityRevocationConfigurationOutput) ToCertificateAuthorityRevocationConfigurationOutput() CertificateAuthorityRevocationConfigurationOutput

func (CertificateAuthorityRevocationConfigurationOutput) ToCertificateAuthorityRevocationConfigurationOutputWithContext

func (o CertificateAuthorityRevocationConfigurationOutput) ToCertificateAuthorityRevocationConfigurationOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationOutput

func (CertificateAuthorityRevocationConfigurationOutput) ToCertificateAuthorityRevocationConfigurationPtrOutput

func (o CertificateAuthorityRevocationConfigurationOutput) ToCertificateAuthorityRevocationConfigurationPtrOutput() CertificateAuthorityRevocationConfigurationPtrOutput

func (CertificateAuthorityRevocationConfigurationOutput) ToCertificateAuthorityRevocationConfigurationPtrOutputWithContext

func (o CertificateAuthorityRevocationConfigurationOutput) ToCertificateAuthorityRevocationConfigurationPtrOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationPtrOutput

type CertificateAuthorityRevocationConfigurationPtrInput

type CertificateAuthorityRevocationConfigurationPtrInput interface {
	pulumi.Input

	ToCertificateAuthorityRevocationConfigurationPtrOutput() CertificateAuthorityRevocationConfigurationPtrOutput
	ToCertificateAuthorityRevocationConfigurationPtrOutputWithContext(context.Context) CertificateAuthorityRevocationConfigurationPtrOutput
}

CertificateAuthorityRevocationConfigurationPtrInput is an input type that accepts CertificateAuthorityRevocationConfigurationArgs, CertificateAuthorityRevocationConfigurationPtr and CertificateAuthorityRevocationConfigurationPtrOutput values. You can construct a concrete instance of `CertificateAuthorityRevocationConfigurationPtrInput` via:

        CertificateAuthorityRevocationConfigurationArgs{...}

or:

        nil

type CertificateAuthorityRevocationConfigurationPtrOutput

type CertificateAuthorityRevocationConfigurationPtrOutput struct{ *pulumi.OutputState }

func (CertificateAuthorityRevocationConfigurationPtrOutput) CrlConfiguration

Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.

func (CertificateAuthorityRevocationConfigurationPtrOutput) Elem

func (CertificateAuthorityRevocationConfigurationPtrOutput) ElementType

func (CertificateAuthorityRevocationConfigurationPtrOutput) OcspConfiguration

Nested argument containing configuration of the custom OCSP responder endpoint. Defined below.

func (CertificateAuthorityRevocationConfigurationPtrOutput) ToCertificateAuthorityRevocationConfigurationPtrOutput

func (CertificateAuthorityRevocationConfigurationPtrOutput) ToCertificateAuthorityRevocationConfigurationPtrOutputWithContext

func (o CertificateAuthorityRevocationConfigurationPtrOutput) ToCertificateAuthorityRevocationConfigurationPtrOutputWithContext(ctx context.Context) CertificateAuthorityRevocationConfigurationPtrOutput

type CertificateAuthorityState

type CertificateAuthorityState struct {
	// ARN of the certificate authority.
	Arn pulumi.StringPtrInput
	// Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
	Certificate pulumi.StringPtrInput
	// Nested argument containing algorithms and certificate subject information. Defined below.
	CertificateAuthorityConfiguration CertificateAuthorityCertificateAuthorityConfigurationPtrInput
	// Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
	CertificateChain pulumi.StringPtrInput
	// The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
	CertificateSigningRequest pulumi.StringPtrInput
	// Whether the certificate authority is enabled or disabled. Defaults to `true`. Can only be disabled if the CA is in an `ACTIVE` state.
	Enabled pulumi.BoolPtrInput
	// Cryptographic key management compliance standard used for handling CA keys. Defaults to `FIPS_140_2_LEVEL_3_OR_HIGHER`. Valid values: `FIPS_140_2_LEVEL_3_OR_HIGHER` and `FIPS_140_2_LEVEL_2_OR_HIGHER`. Supported standard for each region can be found in the [Storage and security compliance of AWS Private CA private keys Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys).
	KeyStorageSecurityStandard pulumi.StringPtrInput
	// Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
	NotAfter pulumi.StringPtrInput
	// Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
	NotBefore pulumi.StringPtrInput
	// Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
	PermanentDeletionTimeInDays pulumi.IntPtrInput
	// Nested argument containing revocation configuration. Defined below.
	RevocationConfiguration CertificateAuthorityRevocationConfigurationPtrInput
	// Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
	Serial pulumi.StringPtrInput
	// Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
	Tags pulumi.StringMapInput
	// Map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
	//
	// Deprecated: Please use `tags` instead.
	TagsAll pulumi.StringMapInput
	// Type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`.
	Type pulumi.StringPtrInput
	// Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to `GENERAL_PURPOSE`. Valid values: `GENERAL_PURPOSE` and `SHORT_LIVED_CERTIFICATE`.
	UsageMode pulumi.StringPtrInput
}

func (CertificateAuthorityState) ElementType

func (CertificateAuthorityState) ElementType() reflect.Type

type CertificateInput

type CertificateInput interface {
	pulumi.Input

	ToCertificateOutput() CertificateOutput
	ToCertificateOutputWithContext(ctx context.Context) CertificateOutput
}

type CertificateMap

type CertificateMap map[string]CertificateInput

func (CertificateMap) ElementType

func (CertificateMap) ElementType() reflect.Type

func (CertificateMap) ToCertificateMapOutput

func (i CertificateMap) ToCertificateMapOutput() CertificateMapOutput

func (CertificateMap) ToCertificateMapOutputWithContext

func (i CertificateMap) ToCertificateMapOutputWithContext(ctx context.Context) CertificateMapOutput

type CertificateMapInput

type CertificateMapInput interface {
	pulumi.Input

	ToCertificateMapOutput() CertificateMapOutput
	ToCertificateMapOutputWithContext(context.Context) CertificateMapOutput
}

CertificateMapInput is an input type that accepts CertificateMap and CertificateMapOutput values. You can construct a concrete instance of `CertificateMapInput` via:

CertificateMap{ "key": CertificateArgs{...} }

type CertificateMapOutput

type CertificateMapOutput struct{ *pulumi.OutputState }

func (CertificateMapOutput) ElementType

func (CertificateMapOutput) ElementType() reflect.Type

func (CertificateMapOutput) MapIndex

func (CertificateMapOutput) ToCertificateMapOutput

func (o CertificateMapOutput) ToCertificateMapOutput() CertificateMapOutput

func (CertificateMapOutput) ToCertificateMapOutputWithContext

func (o CertificateMapOutput) ToCertificateMapOutputWithContext(ctx context.Context) CertificateMapOutput

type CertificateOutput

type CertificateOutput struct{ *pulumi.OutputState }

func (CertificateOutput) ApiPassthrough

func (o CertificateOutput) ApiPassthrough() pulumi.StringPtrOutput

Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates

func (CertificateOutput) Arn

ARN of the certificate.

func (CertificateOutput) Certificate

func (o CertificateOutput) Certificate() pulumi.StringOutput

PEM-encoded certificate value.

func (CertificateOutput) CertificateAuthorityArn

func (o CertificateOutput) CertificateAuthorityArn() pulumi.StringOutput

ARN of the certificate authority.

func (CertificateOutput) CertificateChain

func (o CertificateOutput) CertificateChain() pulumi.StringOutput

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

func (CertificateOutput) CertificateSigningRequest

func (o CertificateOutput) CertificateSigningRequest() pulumi.StringOutput

Certificate Signing Request in PEM format.

func (CertificateOutput) ElementType

func (CertificateOutput) ElementType() reflect.Type

func (CertificateOutput) SigningAlgorithm

func (o CertificateOutput) SigningAlgorithm() pulumi.StringOutput

Algorithm to use to sign certificate requests. Valid values: `SHA256WITHRSA`, `SHA256WITHECDSA`, `SHA384WITHRSA`, `SHA384WITHECDSA`, `SHA512WITHRSA`, `SHA512WITHECDSA`.

func (CertificateOutput) TemplateArn

func (o CertificateOutput) TemplateArn() pulumi.StringPtrOutput

Template to use when issuing a certificate. See [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html) for more information.

func (CertificateOutput) ToCertificateOutput

func (o CertificateOutput) ToCertificateOutput() CertificateOutput

func (CertificateOutput) ToCertificateOutputWithContext

func (o CertificateOutput) ToCertificateOutputWithContext(ctx context.Context) CertificateOutput

func (CertificateOutput) Validity

Configures end of the validity period for the certificate. See validity block below.

type CertificateState

type CertificateState struct {
	// Specifies X.509 certificate information to be included in the issued certificate. To use with API Passthrough templates
	ApiPassthrough pulumi.StringPtrInput
	// ARN of the certificate.
	Arn pulumi.StringPtrInput
	// PEM-encoded certificate value.
	Certificate pulumi.StringPtrInput
	// ARN of the certificate authority.
	CertificateAuthorityArn pulumi.StringPtrInput
	// PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
	CertificateChain pulumi.StringPtrInput
	// Certificate Signing Request in PEM format.
	CertificateSigningRequest pulumi.StringPtrInput
	// Algorithm to use to sign certificate requests. Valid values: `SHA256WITHRSA`, `SHA256WITHECDSA`, `SHA384WITHRSA`, `SHA384WITHECDSA`, `SHA512WITHRSA`, `SHA512WITHECDSA`.
	SigningAlgorithm pulumi.StringPtrInput
	// Template to use when issuing a certificate.
	// See [ACM PCA Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html) for more information.
	TemplateArn pulumi.StringPtrInput
	// Configures end of the validity period for the certificate. See validity block below.
	Validity CertificateValidityPtrInput
}

func (CertificateState) ElementType

func (CertificateState) ElementType() reflect.Type

type CertificateValidity

type CertificateValidity struct {
	// Determines how `value` is interpreted. Valid values: `DAYS`, `MONTHS`, `YEARS`, `ABSOLUTE`, `END_DATE`.
	Type string `pulumi:"type"`
	// If `type` is `DAYS`, `MONTHS`, or `YEARS`, the relative time until the certificate expires. If `type` is `ABSOLUTE`, the date in seconds since the Unix epoch. If `type` is `END_DATE`, the  date in RFC 3339 format.
	Value string `pulumi:"value"`
}

type CertificateValidityArgs

type CertificateValidityArgs struct {
	// Determines how `value` is interpreted. Valid values: `DAYS`, `MONTHS`, `YEARS`, `ABSOLUTE`, `END_DATE`.
	Type pulumi.StringInput `pulumi:"type"`
	// If `type` is `DAYS`, `MONTHS`, or `YEARS`, the relative time until the certificate expires. If `type` is `ABSOLUTE`, the date in seconds since the Unix epoch. If `type` is `END_DATE`, the  date in RFC 3339 format.
	Value pulumi.StringInput `pulumi:"value"`
}

func (CertificateValidityArgs) ElementType

func (CertificateValidityArgs) ElementType() reflect.Type

func (CertificateValidityArgs) ToCertificateValidityOutput

func (i CertificateValidityArgs) ToCertificateValidityOutput() CertificateValidityOutput

func (CertificateValidityArgs) ToCertificateValidityOutputWithContext

func (i CertificateValidityArgs) ToCertificateValidityOutputWithContext(ctx context.Context) CertificateValidityOutput

func (CertificateValidityArgs) ToCertificateValidityPtrOutput

func (i CertificateValidityArgs) ToCertificateValidityPtrOutput() CertificateValidityPtrOutput

func (CertificateValidityArgs) ToCertificateValidityPtrOutputWithContext

func (i CertificateValidityArgs) ToCertificateValidityPtrOutputWithContext(ctx context.Context) CertificateValidityPtrOutput

type CertificateValidityInput

type CertificateValidityInput interface {
	pulumi.Input

	ToCertificateValidityOutput() CertificateValidityOutput
	ToCertificateValidityOutputWithContext(context.Context) CertificateValidityOutput
}

CertificateValidityInput is an input type that accepts CertificateValidityArgs and CertificateValidityOutput values. You can construct a concrete instance of `CertificateValidityInput` via:

CertificateValidityArgs{...}

type CertificateValidityOutput

type CertificateValidityOutput struct{ *pulumi.OutputState }

func (CertificateValidityOutput) ElementType

func (CertificateValidityOutput) ElementType() reflect.Type

func (CertificateValidityOutput) ToCertificateValidityOutput

func (o CertificateValidityOutput) ToCertificateValidityOutput() CertificateValidityOutput

func (CertificateValidityOutput) ToCertificateValidityOutputWithContext

func (o CertificateValidityOutput) ToCertificateValidityOutputWithContext(ctx context.Context) CertificateValidityOutput

func (CertificateValidityOutput) ToCertificateValidityPtrOutput

func (o CertificateValidityOutput) ToCertificateValidityPtrOutput() CertificateValidityPtrOutput

func (CertificateValidityOutput) ToCertificateValidityPtrOutputWithContext

func (o CertificateValidityOutput) ToCertificateValidityPtrOutputWithContext(ctx context.Context) CertificateValidityPtrOutput

func (CertificateValidityOutput) Type

Determines how `value` is interpreted. Valid values: `DAYS`, `MONTHS`, `YEARS`, `ABSOLUTE`, `END_DATE`.

func (CertificateValidityOutput) Value

If `type` is `DAYS`, `MONTHS`, or `YEARS`, the relative time until the certificate expires. If `type` is `ABSOLUTE`, the date in seconds since the Unix epoch. If `type` is `END_DATE`, the date in RFC 3339 format.

type CertificateValidityPtrInput

type CertificateValidityPtrInput interface {
	pulumi.Input

	ToCertificateValidityPtrOutput() CertificateValidityPtrOutput
	ToCertificateValidityPtrOutputWithContext(context.Context) CertificateValidityPtrOutput
}

CertificateValidityPtrInput is an input type that accepts CertificateValidityArgs, CertificateValidityPtr and CertificateValidityPtrOutput values. You can construct a concrete instance of `CertificateValidityPtrInput` via:

        CertificateValidityArgs{...}

or:

        nil

type CertificateValidityPtrOutput

type CertificateValidityPtrOutput struct{ *pulumi.OutputState }

func (CertificateValidityPtrOutput) Elem

func (CertificateValidityPtrOutput) ElementType

func (CertificateValidityPtrOutput) ToCertificateValidityPtrOutput

func (o CertificateValidityPtrOutput) ToCertificateValidityPtrOutput() CertificateValidityPtrOutput

func (CertificateValidityPtrOutput) ToCertificateValidityPtrOutputWithContext

func (o CertificateValidityPtrOutput) ToCertificateValidityPtrOutputWithContext(ctx context.Context) CertificateValidityPtrOutput

func (CertificateValidityPtrOutput) Type

Determines how `value` is interpreted. Valid values: `DAYS`, `MONTHS`, `YEARS`, `ABSOLUTE`, `END_DATE`.

func (CertificateValidityPtrOutput) Value

If `type` is `DAYS`, `MONTHS`, or `YEARS`, the relative time until the certificate expires. If `type` is `ABSOLUTE`, the date in seconds since the Unix epoch. If `type` is `END_DATE`, the date in RFC 3339 format.

type GetCertificateAuthorityRevocationConfiguration

type GetCertificateAuthorityRevocationConfiguration struct {
	// Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority.
	CrlConfigurations  []GetCertificateAuthorityRevocationConfigurationCrlConfiguration  `pulumi:"crlConfigurations"`
	OcspConfigurations []GetCertificateAuthorityRevocationConfigurationOcspConfiguration `pulumi:"ocspConfigurations"`
}

type GetCertificateAuthorityRevocationConfigurationArgs

type GetCertificateAuthorityRevocationConfigurationArgs struct {
	// Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority.
	CrlConfigurations  GetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayInput  `pulumi:"crlConfigurations"`
	OcspConfigurations GetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayInput `pulumi:"ocspConfigurations"`
}

func (GetCertificateAuthorityRevocationConfigurationArgs) ElementType

func (GetCertificateAuthorityRevocationConfigurationArgs) ToGetCertificateAuthorityRevocationConfigurationOutput

func (i GetCertificateAuthorityRevocationConfigurationArgs) ToGetCertificateAuthorityRevocationConfigurationOutput() GetCertificateAuthorityRevocationConfigurationOutput

func (GetCertificateAuthorityRevocationConfigurationArgs) ToGetCertificateAuthorityRevocationConfigurationOutputWithContext

func (i GetCertificateAuthorityRevocationConfigurationArgs) ToGetCertificateAuthorityRevocationConfigurationOutputWithContext(ctx context.Context) GetCertificateAuthorityRevocationConfigurationOutput

type GetCertificateAuthorityRevocationConfigurationArray

type GetCertificateAuthorityRevocationConfigurationArray []GetCertificateAuthorityRevocationConfigurationInput

func (GetCertificateAuthorityRevocationConfigurationArray) ElementType

func (GetCertificateAuthorityRevocationConfigurationArray) ToGetCertificateAuthorityRevocationConfigurationArrayOutput

func (i GetCertificateAuthorityRevocationConfigurationArray) ToGetCertificateAuthorityRevocationConfigurationArrayOutput() GetCertificateAuthorityRevocationConfigurationArrayOutput

func (GetCertificateAuthorityRevocationConfigurationArray) ToGetCertificateAuthorityRevocationConfigurationArrayOutputWithContext

func (i GetCertificateAuthorityRevocationConfigurationArray) ToGetCertificateAuthorityRevocationConfigurationArrayOutputWithContext(ctx context.Context) GetCertificateAuthorityRevocationConfigurationArrayOutput

type GetCertificateAuthorityRevocationConfigurationArrayInput

type GetCertificateAuthorityRevocationConfigurationArrayInput interface {
	pulumi.Input

	ToGetCertificateAuthorityRevocationConfigurationArrayOutput() GetCertificateAuthorityRevocationConfigurationArrayOutput
	ToGetCertificateAuthorityRevocationConfigurationArrayOutputWithContext(context.Context) GetCertificateAuthorityRevocationConfigurationArrayOutput
}

GetCertificateAuthorityRevocationConfigurationArrayInput is an input type that accepts GetCertificateAuthorityRevocationConfigurationArray and GetCertificateAuthorityRevocationConfigurationArrayOutput values. You can construct a concrete instance of `GetCertificateAuthorityRevocationConfigurationArrayInput` via:

GetCertificateAuthorityRevocationConfigurationArray{ GetCertificateAuthorityRevocationConfigurationArgs{...} }

type GetCertificateAuthorityRevocationConfigurationArrayOutput

type GetCertificateAuthorityRevocationConfigurationArrayOutput struct{ *pulumi.OutputState }

func (GetCertificateAuthorityRevocationConfigurationArrayOutput) ElementType

func (GetCertificateAuthorityRevocationConfigurationArrayOutput) Index

func (GetCertificateAuthorityRevocationConfigurationArrayOutput) ToGetCertificateAuthorityRevocationConfigurationArrayOutput

func (GetCertificateAuthorityRevocationConfigurationArrayOutput) ToGetCertificateAuthorityRevocationConfigurationArrayOutputWithContext

func (o GetCertificateAuthorityRevocationConfigurationArrayOutput) ToGetCertificateAuthorityRevocationConfigurationArrayOutputWithContext(ctx context.Context) GetCertificateAuthorityRevocationConfigurationArrayOutput

type GetCertificateAuthorityRevocationConfigurationCrlConfiguration

type GetCertificateAuthorityRevocationConfigurationCrlConfiguration struct {
	CustomCname      string `pulumi:"customCname"`
	Enabled          bool   `pulumi:"enabled"`
	ExpirationInDays int    `pulumi:"expirationInDays"`
	S3BucketName     string `pulumi:"s3BucketName"`
	S3ObjectAcl      string `pulumi:"s3ObjectAcl"`
}

type GetCertificateAuthorityRevocationConfigurationCrlConfigurationArgs

type GetCertificateAuthorityRevocationConfigurationCrlConfigurationArgs struct {
	CustomCname      pulumi.StringInput `pulumi:"customCname"`
	Enabled          pulumi.BoolInput   `pulumi:"enabled"`
	ExpirationInDays pulumi.IntInput    `pulumi:"expirationInDays"`
	S3BucketName     pulumi.StringInput `pulumi:"s3BucketName"`
	S3ObjectAcl      pulumi.StringInput `pulumi:"s3ObjectAcl"`
}

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationArgs) ElementType

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationArgs) ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationArgs) ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationOutputWithContext

func (i GetCertificateAuthorityRevocationConfigurationCrlConfigurationArgs) ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationOutputWithContext(ctx context.Context) GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput

type GetCertificateAuthorityRevocationConfigurationCrlConfigurationArray

type GetCertificateAuthorityRevocationConfigurationCrlConfigurationArray []GetCertificateAuthorityRevocationConfigurationCrlConfigurationInput

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationArray) ElementType

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationArray) ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutput

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationArray) ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutputWithContext

func (i GetCertificateAuthorityRevocationConfigurationCrlConfigurationArray) ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutputWithContext(ctx context.Context) GetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutput

type GetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayInput

type GetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayInput interface {
	pulumi.Input

	ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutput() GetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutput
	ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutputWithContext(context.Context) GetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutput
}

GetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayInput is an input type that accepts GetCertificateAuthorityRevocationConfigurationCrlConfigurationArray and GetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutput values. You can construct a concrete instance of `GetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayInput` via:

GetCertificateAuthorityRevocationConfigurationCrlConfigurationArray{ GetCertificateAuthorityRevocationConfigurationCrlConfigurationArgs{...} }

type GetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutput

type GetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutput struct{ *pulumi.OutputState }

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutput) ElementType

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutput) ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutput

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutput) ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationArrayOutputWithContext

type GetCertificateAuthorityRevocationConfigurationCrlConfigurationInput

type GetCertificateAuthorityRevocationConfigurationCrlConfigurationInput interface {
	pulumi.Input

	ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput() GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput
	ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationOutputWithContext(context.Context) GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput
}

GetCertificateAuthorityRevocationConfigurationCrlConfigurationInput is an input type that accepts GetCertificateAuthorityRevocationConfigurationCrlConfigurationArgs and GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput values. You can construct a concrete instance of `GetCertificateAuthorityRevocationConfigurationCrlConfigurationInput` via:

GetCertificateAuthorityRevocationConfigurationCrlConfigurationArgs{...}

type GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput

type GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput struct{ *pulumi.OutputState }

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput) CustomCname

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput) ElementType

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput) Enabled

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput) ExpirationInDays

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput) S3BucketName

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput) S3ObjectAcl

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput) ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput

func (GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput) ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationOutputWithContext

func (o GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput) ToGetCertificateAuthorityRevocationConfigurationCrlConfigurationOutputWithContext(ctx context.Context) GetCertificateAuthorityRevocationConfigurationCrlConfigurationOutput

type GetCertificateAuthorityRevocationConfigurationInput

type GetCertificateAuthorityRevocationConfigurationInput interface {
	pulumi.Input

	ToGetCertificateAuthorityRevocationConfigurationOutput() GetCertificateAuthorityRevocationConfigurationOutput
	ToGetCertificateAuthorityRevocationConfigurationOutputWithContext(context.Context) GetCertificateAuthorityRevocationConfigurationOutput
}

GetCertificateAuthorityRevocationConfigurationInput is an input type that accepts GetCertificateAuthorityRevocationConfigurationArgs and GetCertificateAuthorityRevocationConfigurationOutput values. You can construct a concrete instance of `GetCertificateAuthorityRevocationConfigurationInput` via:

GetCertificateAuthorityRevocationConfigurationArgs{...}

type GetCertificateAuthorityRevocationConfigurationOcspConfiguration

type GetCertificateAuthorityRevocationConfigurationOcspConfiguration struct {
	Enabled         bool   `pulumi:"enabled"`
	OcspCustomCname string `pulumi:"ocspCustomCname"`
}

type GetCertificateAuthorityRevocationConfigurationOcspConfigurationArgs

type GetCertificateAuthorityRevocationConfigurationOcspConfigurationArgs struct {
	Enabled         pulumi.BoolInput   `pulumi:"enabled"`
	OcspCustomCname pulumi.StringInput `pulumi:"ocspCustomCname"`
}

func (GetCertificateAuthorityRevocationConfigurationOcspConfigurationArgs) ElementType

func (GetCertificateAuthorityRevocationConfigurationOcspConfigurationArgs) ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput

func (GetCertificateAuthorityRevocationConfigurationOcspConfigurationArgs) ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationOutputWithContext

func (i GetCertificateAuthorityRevocationConfigurationOcspConfigurationArgs) ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationOutputWithContext(ctx context.Context) GetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput

type GetCertificateAuthorityRevocationConfigurationOcspConfigurationArray

type GetCertificateAuthorityRevocationConfigurationOcspConfigurationArray []GetCertificateAuthorityRevocationConfigurationOcspConfigurationInput

func (GetCertificateAuthorityRevocationConfigurationOcspConfigurationArray) ElementType

func (GetCertificateAuthorityRevocationConfigurationOcspConfigurationArray) ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutput

func (GetCertificateAuthorityRevocationConfigurationOcspConfigurationArray) ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutputWithContext

func (i GetCertificateAuthorityRevocationConfigurationOcspConfigurationArray) ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutputWithContext(ctx context.Context) GetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutput

type GetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayInput

type GetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayInput interface {
	pulumi.Input

	ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutput() GetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutput
	ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutputWithContext(context.Context) GetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutput
}

GetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayInput is an input type that accepts GetCertificateAuthorityRevocationConfigurationOcspConfigurationArray and GetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutput values. You can construct a concrete instance of `GetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayInput` via:

GetCertificateAuthorityRevocationConfigurationOcspConfigurationArray{ GetCertificateAuthorityRevocationConfigurationOcspConfigurationArgs{...} }

type GetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutput

type GetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutput struct{ *pulumi.OutputState }

func (GetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutput) ElementType

func (GetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutput) ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutput

func (GetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutput) ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationArrayOutputWithContext

type GetCertificateAuthorityRevocationConfigurationOcspConfigurationInput

type GetCertificateAuthorityRevocationConfigurationOcspConfigurationInput interface {
	pulumi.Input

	ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput() GetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput
	ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationOutputWithContext(context.Context) GetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput
}

GetCertificateAuthorityRevocationConfigurationOcspConfigurationInput is an input type that accepts GetCertificateAuthorityRevocationConfigurationOcspConfigurationArgs and GetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput values. You can construct a concrete instance of `GetCertificateAuthorityRevocationConfigurationOcspConfigurationInput` via:

GetCertificateAuthorityRevocationConfigurationOcspConfigurationArgs{...}

type GetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput

type GetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput struct{ *pulumi.OutputState }

func (GetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput) ElementType

func (GetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput) Enabled

func (GetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput) OcspCustomCname

func (GetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput) ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput

func (GetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput) ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationOutputWithContext

func (o GetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput) ToGetCertificateAuthorityRevocationConfigurationOcspConfigurationOutputWithContext(ctx context.Context) GetCertificateAuthorityRevocationConfigurationOcspConfigurationOutput

type GetCertificateAuthorityRevocationConfigurationOutput

type GetCertificateAuthorityRevocationConfigurationOutput struct{ *pulumi.OutputState }

func (GetCertificateAuthorityRevocationConfigurationOutput) CrlConfigurations

Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority.

func (GetCertificateAuthorityRevocationConfigurationOutput) ElementType

func (GetCertificateAuthorityRevocationConfigurationOutput) ToGetCertificateAuthorityRevocationConfigurationOutput

func (GetCertificateAuthorityRevocationConfigurationOutput) ToGetCertificateAuthorityRevocationConfigurationOutputWithContext

func (o GetCertificateAuthorityRevocationConfigurationOutput) ToGetCertificateAuthorityRevocationConfigurationOutputWithContext(ctx context.Context) GetCertificateAuthorityRevocationConfigurationOutput

type LookupCertificateArgs

type LookupCertificateArgs struct {
	// ARN of the certificate issued by the private certificate authority.
	Arn string `pulumi:"arn"`
	// ARN of the certificate authority.
	CertificateAuthorityArn string `pulumi:"certificateAuthorityArn"`
}

A collection of arguments for invoking getCertificate.

type LookupCertificateAuthorityArgs

type LookupCertificateAuthorityArgs struct {
	// ARN of the certificate authority.
	Arn string `pulumi:"arn"`
	// Key-value map of user-defined tags that are attached to the certificate authority.
	Tags map[string]string `pulumi:"tags"`
}

A collection of arguments for invoking getCertificateAuthority.

type LookupCertificateAuthorityOutputArgs

type LookupCertificateAuthorityOutputArgs struct {
	// ARN of the certificate authority.
	Arn pulumi.StringInput `pulumi:"arn"`
	// Key-value map of user-defined tags that are attached to the certificate authority.
	Tags pulumi.StringMapInput `pulumi:"tags"`
}

A collection of arguments for invoking getCertificateAuthority.

func (LookupCertificateAuthorityOutputArgs) ElementType

type LookupCertificateAuthorityResult

type LookupCertificateAuthorityResult struct {
	Arn string `pulumi:"arn"`
	// Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
	Certificate string `pulumi:"certificate"`
	// Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
	CertificateChain string `pulumi:"certificateChain"`
	// The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
	CertificateSigningRequest string `pulumi:"certificateSigningRequest"`
	// The provider-assigned unique ID for this managed resource.
	Id                         string `pulumi:"id"`
	KeyStorageSecurityStandard string `pulumi:"keyStorageSecurityStandard"`
	// Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
	NotAfter string `pulumi:"notAfter"`
	// Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
	NotBefore string `pulumi:"notBefore"`
	// Nested attribute containing revocation configuration.
	RevocationConfigurations []GetCertificateAuthorityRevocationConfiguration `pulumi:"revocationConfigurations"`
	// Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
	Serial string `pulumi:"serial"`
	// Status of the certificate authority.
	Status string `pulumi:"status"`
	// Key-value map of user-defined tags that are attached to the certificate authority.
	Tags map[string]string `pulumi:"tags"`
	// Type of the certificate authority.
	Type string `pulumi:"type"`
	// Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
	UsageMode string `pulumi:"usageMode"`
}

A collection of values returned by getCertificateAuthority.

func LookupCertificateAuthority

func LookupCertificateAuthority(ctx *pulumi.Context, args *LookupCertificateAuthorityArgs, opts ...pulumi.InvokeOption) (*LookupCertificateAuthorityResult, error)

Get information on a AWS Certificate Manager Private Certificate Authority (ACM PCA Certificate Authority).

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := acmpca.LookupCertificateAuthority(ctx, &acmpca.LookupCertificateAuthorityArgs{
			Arn: "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

type LookupCertificateAuthorityResultOutput

type LookupCertificateAuthorityResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getCertificateAuthority.

func (LookupCertificateAuthorityResultOutput) Arn

func (LookupCertificateAuthorityResultOutput) Certificate

Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.

func (LookupCertificateAuthorityResultOutput) CertificateChain

Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.

func (LookupCertificateAuthorityResultOutput) CertificateSigningRequest

func (o LookupCertificateAuthorityResultOutput) CertificateSigningRequest() pulumi.StringOutput

The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.

func (LookupCertificateAuthorityResultOutput) ElementType

func (LookupCertificateAuthorityResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (LookupCertificateAuthorityResultOutput) KeyStorageSecurityStandard

func (o LookupCertificateAuthorityResultOutput) KeyStorageSecurityStandard() pulumi.StringOutput

func (LookupCertificateAuthorityResultOutput) NotAfter

Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

func (LookupCertificateAuthorityResultOutput) NotBefore

Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.

func (LookupCertificateAuthorityResultOutput) RevocationConfigurations

Nested attribute containing revocation configuration.

func (LookupCertificateAuthorityResultOutput) Serial

Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.

func (LookupCertificateAuthorityResultOutput) Status

Status of the certificate authority.

func (LookupCertificateAuthorityResultOutput) Tags

Key-value map of user-defined tags that are attached to the certificate authority.

func (LookupCertificateAuthorityResultOutput) ToLookupCertificateAuthorityResultOutput

func (o LookupCertificateAuthorityResultOutput) ToLookupCertificateAuthorityResultOutput() LookupCertificateAuthorityResultOutput

func (LookupCertificateAuthorityResultOutput) ToLookupCertificateAuthorityResultOutputWithContext

func (o LookupCertificateAuthorityResultOutput) ToLookupCertificateAuthorityResultOutputWithContext(ctx context.Context) LookupCertificateAuthorityResultOutput

func (LookupCertificateAuthorityResultOutput) Type

Type of the certificate authority.

func (LookupCertificateAuthorityResultOutput) UsageMode

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.

type LookupCertificateOutputArgs

type LookupCertificateOutputArgs struct {
	// ARN of the certificate issued by the private certificate authority.
	Arn pulumi.StringInput `pulumi:"arn"`
	// ARN of the certificate authority.
	CertificateAuthorityArn pulumi.StringInput `pulumi:"certificateAuthorityArn"`
}

A collection of arguments for invoking getCertificate.

func (LookupCertificateOutputArgs) ElementType

type LookupCertificateResult

type LookupCertificateResult struct {
	Arn string `pulumi:"arn"`
	// PEM-encoded certificate value.
	Certificate             string `pulumi:"certificate"`
	CertificateAuthorityArn string `pulumi:"certificateAuthorityArn"`
	// PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.
	CertificateChain string `pulumi:"certificateChain"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
}

A collection of values returned by getCertificate.

func LookupCertificate

func LookupCertificate(ctx *pulumi.Context, args *LookupCertificateArgs, opts ...pulumi.InvokeOption) (*LookupCertificateResult, error)

Get information on a Certificate issued by a AWS Certificate Manager Private Certificate Authority.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := acmpca.LookupCertificate(ctx, &acmpca.LookupCertificateArgs{
			Arn:                     "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/1234b4a0d73e2056789bdbe77d5b1a23",
			CertificateAuthorityArn: "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

type LookupCertificateResultOutput

type LookupCertificateResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getCertificate.

func (LookupCertificateResultOutput) Arn

func (LookupCertificateResultOutput) Certificate

PEM-encoded certificate value.

func (LookupCertificateResultOutput) CertificateAuthorityArn

func (o LookupCertificateResultOutput) CertificateAuthorityArn() pulumi.StringOutput

func (LookupCertificateResultOutput) CertificateChain

func (o LookupCertificateResultOutput) CertificateChain() pulumi.StringOutput

PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.

func (LookupCertificateResultOutput) ElementType

func (LookupCertificateResultOutput) Id

The provider-assigned unique ID for this managed resource.

func (LookupCertificateResultOutput) ToLookupCertificateResultOutput

func (o LookupCertificateResultOutput) ToLookupCertificateResultOutput() LookupCertificateResultOutput

func (LookupCertificateResultOutput) ToLookupCertificateResultOutputWithContext

func (o LookupCertificateResultOutput) ToLookupCertificateResultOutputWithContext(ctx context.Context) LookupCertificateResultOutput

type Permission

type Permission struct {
	pulumi.CustomResourceState

	// Actions that the specified AWS service principal can use. These include `IssueCertificate`, `GetCertificate`, and `ListPermissions`. Note that in order for ACM to automatically rotate certificates issued by a PCA, it must be granted permission on all 3 actions, as per the example above.
	Actions pulumi.StringArrayOutput `pulumi:"actions"`
	// ARN of the CA that grants the permissions.
	CertificateAuthorityArn pulumi.StringOutput `pulumi:"certificateAuthorityArn"`
	// IAM policy that is associated with the permission.
	Policy pulumi.StringOutput `pulumi:"policy"`
	// AWS service or identity that receives the permission. At this time, the only valid principal is `acm.amazonaws.com`.
	Principal pulumi.StringOutput `pulumi:"principal"`
	// ID of the calling account
	SourceAccount pulumi.StringOutput `pulumi:"sourceAccount"`
}

Provides a resource to manage an AWS Certificate Manager Private Certificate Authorities Permission. Currently, this is only required in order to allow the ACM service to automatically renew certificates issued by a PCA.

## Example Usage

<!--Start PulumiCodeChooser --> ```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		exampleCertificateAuthority, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{
			CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
				KeyAlgorithm:     pulumi.String("RSA_4096"),
				SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
				Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
					CommonName: pulumi.String("example.com"),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = acmpca.NewPermission(ctx, "example", &acmpca.PermissionArgs{
			CertificateAuthorityArn: exampleCertificateAuthority.Arn,
			Actions: pulumi.StringArray{
				pulumi.String("IssueCertificate"),
				pulumi.String("GetCertificate"),
				pulumi.String("ListPermissions"),
			},
			Principal: pulumi.String("acm.amazonaws.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` <!--End PulumiCodeChooser -->

func GetPermission

func GetPermission(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PermissionState, opts ...pulumi.ResourceOption) (*Permission, error)

GetPermission gets an existing Permission resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPermission

func NewPermission(ctx *pulumi.Context,
	name string, args *PermissionArgs, opts ...pulumi.ResourceOption) (*Permission, error)

NewPermission registers a new resource with the given unique name, arguments, and options.

func (*Permission) ElementType

func (*Permission) ElementType() reflect.Type

func (*Permission) ToPermissionOutput

func (i *Permission) ToPermissionOutput() PermissionOutput

func (*Permission) ToPermissionOutputWithContext

func (i *Permission) ToPermissionOutputWithContext(ctx context.Context) PermissionOutput

type PermissionArgs

type PermissionArgs struct {
	// Actions that the specified AWS service principal can use. These include `IssueCertificate`, `GetCertificate`, and `ListPermissions`. Note that in order for ACM to automatically rotate certificates issued by a PCA, it must be granted permission on all 3 actions, as per the example above.
	Actions pulumi.StringArrayInput
	// ARN of the CA that grants the permissions.
	CertificateAuthorityArn pulumi.StringInput
	// AWS service or identity that receives the permission. At this time, the only valid principal is `acm.amazonaws.com`.
	Principal pulumi.StringInput
	// ID of the calling account
	SourceAccount pulumi.StringPtrInput
}

The set of arguments for constructing a Permission resource.

func (PermissionArgs) ElementType

func (PermissionArgs) ElementType() reflect.Type

type PermissionArray

type PermissionArray []PermissionInput

func (PermissionArray) ElementType

func (PermissionArray) ElementType() reflect.Type

func (PermissionArray) ToPermissionArrayOutput

func (i PermissionArray) ToPermissionArrayOutput() PermissionArrayOutput

func (PermissionArray) ToPermissionArrayOutputWithContext

func (i PermissionArray) ToPermissionArrayOutputWithContext(ctx context.Context) PermissionArrayOutput

type PermissionArrayInput

type PermissionArrayInput interface {
	pulumi.Input

	ToPermissionArrayOutput() PermissionArrayOutput
	ToPermissionArrayOutputWithContext(context.Context) PermissionArrayOutput
}

PermissionArrayInput is an input type that accepts PermissionArray and PermissionArrayOutput values. You can construct a concrete instance of `PermissionArrayInput` via:

PermissionArray{ PermissionArgs{...} }

type PermissionArrayOutput

type PermissionArrayOutput struct{ *pulumi.OutputState }

func (PermissionArrayOutput) ElementType

func (PermissionArrayOutput) ElementType() reflect.Type

func (PermissionArrayOutput) Index

func (PermissionArrayOutput) ToPermissionArrayOutput

func (o PermissionArrayOutput) ToPermissionArrayOutput() PermissionArrayOutput

func (PermissionArrayOutput) ToPermissionArrayOutputWithContext

func (o PermissionArrayOutput) ToPermissionArrayOutputWithContext(ctx context.Context) PermissionArrayOutput

type PermissionInput

type PermissionInput interface {
	pulumi.Input

	ToPermissionOutput() PermissionOutput
	ToPermissionOutputWithContext(ctx context.Context) PermissionOutput
}

type PermissionMap

type PermissionMap map[string]PermissionInput

func (PermissionMap) ElementType

func (PermissionMap) ElementType() reflect.Type

func (PermissionMap) ToPermissionMapOutput

func (i PermissionMap) ToPermissionMapOutput() PermissionMapOutput

func (PermissionMap) ToPermissionMapOutputWithContext

func (i PermissionMap) ToPermissionMapOutputWithContext(ctx context.Context) PermissionMapOutput

type PermissionMapInput

type PermissionMapInput interface {
	pulumi.Input

	ToPermissionMapOutput() PermissionMapOutput
	ToPermissionMapOutputWithContext(context.Context) PermissionMapOutput
}

PermissionMapInput is an input type that accepts PermissionMap and PermissionMapOutput values. You can construct a concrete instance of `PermissionMapInput` via:

PermissionMap{ "key": PermissionArgs{...} }

type PermissionMapOutput

type PermissionMapOutput struct{ *pulumi.OutputState }

func (PermissionMapOutput) ElementType

func (PermissionMapOutput) ElementType() reflect.Type

func (PermissionMapOutput) MapIndex

func (PermissionMapOutput) ToPermissionMapOutput

func (o PermissionMapOutput) ToPermissionMapOutput() PermissionMapOutput

func (PermissionMapOutput) ToPermissionMapOutputWithContext

func (o PermissionMapOutput) ToPermissionMapOutputWithContext(ctx context.Context) PermissionMapOutput

type PermissionOutput

type PermissionOutput struct{ *pulumi.OutputState }

func (PermissionOutput) Actions

Actions that the specified AWS service principal can use. These include `IssueCertificate`, `GetCertificate`, and `ListPermissions`. Note that in order for ACM to automatically rotate certificates issued by a PCA, it must be granted permission on all 3 actions, as per the example above.

func (PermissionOutput) CertificateAuthorityArn

func (o PermissionOutput) CertificateAuthorityArn() pulumi.StringOutput

ARN of the CA that grants the permissions.

func (PermissionOutput) ElementType

func (PermissionOutput) ElementType() reflect.Type

func (PermissionOutput) Policy

IAM policy that is associated with the permission.

func (PermissionOutput) Principal

func (o PermissionOutput) Principal() pulumi.StringOutput

AWS service or identity that receives the permission. At this time, the only valid principal is `acm.amazonaws.com`.

func (PermissionOutput) SourceAccount

func (o PermissionOutput) SourceAccount() pulumi.StringOutput

ID of the calling account

func (PermissionOutput) ToPermissionOutput

func (o PermissionOutput) ToPermissionOutput() PermissionOutput

func (PermissionOutput) ToPermissionOutputWithContext

func (o PermissionOutput) ToPermissionOutputWithContext(ctx context.Context) PermissionOutput

type PermissionState

type PermissionState struct {
	// Actions that the specified AWS service principal can use. These include `IssueCertificate`, `GetCertificate`, and `ListPermissions`. Note that in order for ACM to automatically rotate certificates issued by a PCA, it must be granted permission on all 3 actions, as per the example above.
	Actions pulumi.StringArrayInput
	// ARN of the CA that grants the permissions.
	CertificateAuthorityArn pulumi.StringPtrInput
	// IAM policy that is associated with the permission.
	Policy pulumi.StringPtrInput
	// AWS service or identity that receives the permission. At this time, the only valid principal is `acm.amazonaws.com`.
	Principal pulumi.StringPtrInput
	// ID of the calling account
	SourceAccount pulumi.StringPtrInput
}

func (PermissionState) ElementType

func (PermissionState) ElementType() reflect.Type

type Policy

type Policy struct {
	pulumi.CustomResourceState

	// JSON-formatted IAM policy to attach to the specified private CA resource.
	Policy pulumi.StringOutput `pulumi:"policy"`
	// ARN of the private CA to associate with the policy.
	ResourceArn pulumi.StringOutput `pulumi:"resourceArn"`
}

Attaches a resource based policy to a private CA.

## Example Usage

### Basic

<!--Start PulumiCodeChooser --> ```go package main

import (

"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{ Statements: []iam.GetPolicyDocumentStatement{ { Sid: pulumi.StringRef("1"), Effect: pulumi.StringRef("Allow"), Principals: []iam.GetPolicyDocumentStatementPrincipal{ { Type: "AWS", Identifiers: interface{}{ current.AccountId, }, }, }, Actions: []string{ "acm-pca:DescribeCertificateAuthority", "acm-pca:GetCertificate", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:ListPermissions", "acm-pca:ListTags", }, Resources: interface{}{ exampleAwsAcmpcaCertificateAuthority.Arn, }, }, { Sid: pulumi.StringRef("2"), Effect: pulumi.StringRef(allow), Principals: []iam.GetPolicyDocumentStatementPrincipal{ { Type: "AWS", Identifiers: interface{}{ current.AccountId, }, }, }, Actions: []string{ "acm-pca:IssueCertificate", }, Resources: interface{}{ exampleAwsAcmpcaCertificateAuthority.Arn, }, Conditions: []iam.GetPolicyDocumentStatementCondition{ { Test: "StringEquals", Variable: "acm-pca:TemplateArn", Values: []string{ "arn:aws:acm-pca:::template/EndEntityCertificate/V1", }, }, }, }, }, }, nil); if err != nil { return err } _, err = acmpca.NewPolicy(ctx, "example", &acmpca.PolicyArgs{ ResourceArn: pulumi.Any(exampleAwsAcmpcaCertificateAuthority.Arn), Policy: pulumi.String(example.Json), }) if err != nil { return err } return nil }) } ``` <!--End PulumiCodeChooser -->

## Import

Using `pulumi import`, import `aws_acmpca_policy` using the `resource_arn` value. For example:

```sh $ pulumi import aws:acmpca/policy:Policy example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012 ```

func GetPolicy

func GetPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyState, opts ...pulumi.ResourceOption) (*Policy, error)

GetPolicy gets an existing Policy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicy

func NewPolicy(ctx *pulumi.Context,
	name string, args *PolicyArgs, opts ...pulumi.ResourceOption) (*Policy, error)

NewPolicy registers a new resource with the given unique name, arguments, and options.

func (*Policy) ElementType

func (*Policy) ElementType() reflect.Type

func (*Policy) ToPolicyOutput

func (i *Policy) ToPolicyOutput() PolicyOutput

func (*Policy) ToPolicyOutputWithContext

func (i *Policy) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

type PolicyArgs

type PolicyArgs struct {
	// JSON-formatted IAM policy to attach to the specified private CA resource.
	Policy pulumi.StringInput
	// ARN of the private CA to associate with the policy.
	ResourceArn pulumi.StringInput
}

The set of arguments for constructing a Policy resource.

func (PolicyArgs) ElementType

func (PolicyArgs) ElementType() reflect.Type

type PolicyArray

type PolicyArray []PolicyInput

func (PolicyArray) ElementType

func (PolicyArray) ElementType() reflect.Type

func (PolicyArray) ToPolicyArrayOutput

func (i PolicyArray) ToPolicyArrayOutput() PolicyArrayOutput

func (PolicyArray) ToPolicyArrayOutputWithContext

func (i PolicyArray) ToPolicyArrayOutputWithContext(ctx context.Context) PolicyArrayOutput

type PolicyArrayInput

type PolicyArrayInput interface {
	pulumi.Input

	ToPolicyArrayOutput() PolicyArrayOutput
	ToPolicyArrayOutputWithContext(context.Context) PolicyArrayOutput
}

PolicyArrayInput is an input type that accepts PolicyArray and PolicyArrayOutput values. You can construct a concrete instance of `PolicyArrayInput` via:

PolicyArray{ PolicyArgs{...} }

type PolicyArrayOutput

type PolicyArrayOutput struct{ *pulumi.OutputState }

func (PolicyArrayOutput) ElementType

func (PolicyArrayOutput) ElementType() reflect.Type

func (PolicyArrayOutput) Index

func (PolicyArrayOutput) ToPolicyArrayOutput

func (o PolicyArrayOutput) ToPolicyArrayOutput() PolicyArrayOutput

func (PolicyArrayOutput) ToPolicyArrayOutputWithContext

func (o PolicyArrayOutput) ToPolicyArrayOutputWithContext(ctx context.Context) PolicyArrayOutput

type PolicyInput

type PolicyInput interface {
	pulumi.Input

	ToPolicyOutput() PolicyOutput
	ToPolicyOutputWithContext(ctx context.Context) PolicyOutput
}

type PolicyMap

type PolicyMap map[string]PolicyInput

func (PolicyMap) ElementType

func (PolicyMap) ElementType() reflect.Type

func (PolicyMap) ToPolicyMapOutput

func (i PolicyMap) ToPolicyMapOutput() PolicyMapOutput

func (PolicyMap) ToPolicyMapOutputWithContext

func (i PolicyMap) ToPolicyMapOutputWithContext(ctx context.Context) PolicyMapOutput

type PolicyMapInput

type PolicyMapInput interface {
	pulumi.Input

	ToPolicyMapOutput() PolicyMapOutput
	ToPolicyMapOutputWithContext(context.Context) PolicyMapOutput
}

PolicyMapInput is an input type that accepts PolicyMap and PolicyMapOutput values. You can construct a concrete instance of `PolicyMapInput` via:

PolicyMap{ "key": PolicyArgs{...} }

type PolicyMapOutput

type PolicyMapOutput struct{ *pulumi.OutputState }

func (PolicyMapOutput) ElementType

func (PolicyMapOutput) ElementType() reflect.Type

func (PolicyMapOutput) MapIndex

func (PolicyMapOutput) ToPolicyMapOutput

func (o PolicyMapOutput) ToPolicyMapOutput() PolicyMapOutput

func (PolicyMapOutput) ToPolicyMapOutputWithContext

func (o PolicyMapOutput) ToPolicyMapOutputWithContext(ctx context.Context) PolicyMapOutput

type PolicyOutput

type PolicyOutput struct{ *pulumi.OutputState }

func (PolicyOutput) ElementType

func (PolicyOutput) ElementType() reflect.Type

func (PolicyOutput) Policy

func (o PolicyOutput) Policy() pulumi.StringOutput

JSON-formatted IAM policy to attach to the specified private CA resource.

func (PolicyOutput) ResourceArn

func (o PolicyOutput) ResourceArn() pulumi.StringOutput

ARN of the private CA to associate with the policy.

func (PolicyOutput) ToPolicyOutput

func (o PolicyOutput) ToPolicyOutput() PolicyOutput

func (PolicyOutput) ToPolicyOutputWithContext

func (o PolicyOutput) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

type PolicyState

type PolicyState struct {
	// JSON-formatted IAM policy to attach to the specified private CA resource.
	Policy pulumi.StringPtrInput
	// ARN of the private CA to associate with the policy.
	ResourceArn pulumi.StringPtrInput
}

func (PolicyState) ElementType

func (PolicyState) ElementType() reflect.Type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL