AWS Certificate Manager Private Certificate Authority
User Guide (Version latest)

Creating a Certificate Authority

The following CloudTrail example shows the results of a call to the CreateCertificateAuthority function.

{ eventVersion: "1.05", userIdentity: { type: "IAMUser", principalId: "account", arn: "arn:aws:iam::account:user/name", accountId: "account", accessKeyId: "Key_ID" }, eventTime: "2018-01-26T21:22:33Z", eventSource: "acm-pca.amazonaws.com", eventName: "CreateCertificateAuthority", awsRegion: "us-east-1", sourceIPAddress: "xx.xx.xx.xx", userAgent: "aws-cli/1.14.28 Python/2.7.9 Windows/8 botocore/1.8.32", requestParameters: { certificateAuthorityConfiguration: { keyType: "RSA2048", signingAlgorithm: "SHA256WITHRSA", subject: { country: "US", organization: "Example Company", organizationalUnit: "Corp", state: "WA", commonName: "www.example.com", locality: "Seattle" } }, revocationConfiguration: { crlConfiguration: { enabled: true, expirationInDays: 3650, customCname: "your-custom-name", s3BucketName: "your-bucket-name" } }, certificateAuthorityType: "SUBORDINATE", idempotencyToken: "98256344" }, responseElements: { certificateAuthorityArn: "arn:aws:acm-pca:region:account:certificate-authority/ac5a7c2e-19c8-4258-b74e-351c2b791fe1" }, requestID: "332b0c69-8779-4625-bdef-2e95a4a18265", eventID: "cd27c874-ae6e-4585-9c1b-5abf5537ec39", eventType: "AwsApiCall", recipientAccountId: "account" }