AWS Certificate Manager Private Certificate Authority
User Guide (Version latest)

Deleting a Certificate Authority

The following CloudTrail example shows the results of a call to the DeleteCertificateAuthority function. In this example, the certificate authority cannot be deleted because it has not been in the DISABLED state for more than thirty days.

{ eventVersion: "1.05", userIdentity: { type: "IAMUser", principalId: "account", arn: "arn:aws:iam::account:user/name", accountId: "account", accessKeyId: "Key_ID" }, eventTime: "2018-01-26T22:01:11Z", eventSource: "", eventName: "DeleteCertificateAuthority", awsRegion: "us-east-1", sourceIPAddress: "xx.xx.xx.xx", userAgent: "aws-cli/1.14.28 Python/2.7.9 Windows/8 botocore/1.8.32", errorCode: "InvalidStateException", errorMessage: "The certificate authority is not in a valid state for deletion.", requestParameters: { certificateAuthorityArn: "arn:aws:acm-pca:region:account:certificate-authority/09517d62-4f11-4bf8-a2c9-9e863792b675" }, responseElements: null, requestID: "dae3e14f-62f6-42f3-acf4-630c47a09ee4", eventID: "c40abfac-53f7-420a-9b55-c3f2f2139de8", eventType: "AwsApiCall", recipientAccountId: "account" }