AWS Certificate Manager Private Certificate Authority
User Guide (Version latest)


The following Java sample shows how to use the CreateCertificateAuthorityAuditReport function.

The function creates an audit report that lists every time a certificate is issued or revoked. The report is saved in the S3 bucket that you specify on input. You can generate a new report once every 30 minutes.

package com.amazonaws.samples; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import com.amazonaws.AmazonClientException; import com.amazonaws.auth.AWSStaticCredentialsProvider; import; import; import; import; import; import; import; import; import; import; public class CreateCertificateAuthorityAuditReport { public static void main(String[] args) throws Exception { // Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux. AWSCredentials credentials = null; try{ credentials = new ProfileCredentialsProvider("default").getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load your credentials from file.", e); } // Define the endpoint for your sample. String endpointProtocol = ""; String endpointRegion = "region"; EndpointConfiguration endpoint = new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion); // Create a client that you can use to make requests. AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Create a request object and set the certificate authority ARN. CreateCertificateAuthorityAuditReportRequest req = new CreateCertificateAuthorityAuditReportRequest(); req.setCertificateAuthorityArn("arn:aws:acm-pca:region:account:" + "certificate-authority/12345678-1234-1234-1234-123456789012"); // Specify the S3 bucket name for your report. req.setS3BucketName("your-bucket-name"); // Specify the audit response format. req.setAuditReportResponseFormat("JSON"); // Create a result object. CreateCertificateAuthorityAuditReportResult result = null; try { result = client.createCertificateAuthorityAuditReport(req); } catch(RequestInProgressException ex) { throw ex; } catch(RequestFailedException ex) { throw ex; } catch(ResourceNotFoundException ex) { throw ex; } catch(InvalidArnException ex) { throw ex; } catch(InvalidArgsException ex) { throw ex; } catch(InvalidStateException ex) { throw ex; } String ID = result.getAuditReportId(); String S3Key = result.getS3Key(); System.out.println(ID); System.out.println(S3Key); } }

Your output should be similar to the following.

58904752-7de3-4bdf-ba89-6953e48c3cc7 audit-report/16075838-061c-4f7a-b54b-49bbc111bcff/58904752-7de3-4bdf-ba89-6953e48c3cc7.json