CfnCertificateAuthorityProps

class aws_cdk.aws_acmpca.CfnCertificateAuthorityProps(*, key_algorithm, signing_algorithm, subject, type, csr_extensions=None, key_storage_security_standard=None, revocation_configuration=None, tags=None)

Bases: object

Properties for defining a CfnCertificateAuthority.

Parameters
  • key_algorithm (str) – Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. When you create a subordinate CA, you must use a key algorithm supported by the parent CA.

  • signing_algorithm (str) – Name of the algorithm your private CA uses to sign certificate requests. This parameter should not be confused with the SigningAlgorithm parameter used to sign certificates when they are issued.

  • subject (Union[IResolvable, SubjectProperty, Dict[str, Any]]) – Structure that contains X.500 distinguished name information for your private CA.

  • type (str) – Type of your private CA.

  • csr_extensions (Union[IResolvable, CsrExtensionsProperty, Dict[str, Any], None]) – Specifies information to be added to the extension section of the certificate signing request (CSR).

  • key_storage_security_standard (Optional[str]) – Specifies a cryptographic key management compliance standard used for handling CA keys. Default: FIPS_140_2_LEVEL_3_OR_HIGHER Note: FIPS_140_2_LEVEL_3_OR_HIGHER is not supported in the following Regions: - ap-northeast-3 - ap-southeast-3 When creating a CA in these Regions, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER as the argument for KeyStorageSecurityStandard . Failure to do this results in an InvalidArgsException with the message, “A certificate authority cannot be created in this region with the specified security standard.”

  • revocation_configuration (Union[IResolvable, RevocationConfigurationProperty, Dict[str, Any], None]) – Information about the certificate revocation list (CRL) created and maintained by your private CA. Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked.

  • tags (Optional[Sequence[Union[CfnTag, Dict[str, Any]]]]) – Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .

ExampleMetadata

infused

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.html

Example:

cfn_certificate_authority = acmpca.CfnCertificateAuthority(self, "CA",
    type="ROOT",
    key_algorithm="RSA_2048",
    signing_algorithm="SHA256WITHRSA",
    subject=acmpca.CfnCertificateAuthority.SubjectProperty(
        country="US",
        organization="string",
        organizational_unit="string",
        distinguished_name_qualifier="string",
        state="string",
        common_name="123",
        serial_number="string",
        locality="string",
        title="string",
        surname="string",
        given_name="string",
        initials="DG",
        pseudonym="string",
        generation_qualifier="DBG"
    )
)

Attributes

csr_extensions

Specifies information to be added to the extension section of the certificate signing request (CSR).

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.html#cfn-acmpca-certificateauthority-csrextensions

Return type

Union[IResolvable, CsrExtensionsProperty, None]

key_algorithm

Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.

When you create a subordinate CA, you must use a key algorithm supported by the parent CA.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.html#cfn-acmpca-certificateauthority-keyalgorithm

Return type

str

key_storage_security_standard

Specifies a cryptographic key management compliance standard used for handling CA keys.

Default: FIPS_140_2_LEVEL_3_OR_HIGHER

Note: FIPS_140_2_LEVEL_3_OR_HIGHER is not supported in the following Regions:

  • ap-northeast-3

  • ap-southeast-3

When creating a CA in these Regions, you must provide FIPS_140_2_LEVEL_2_OR_HIGHER as the argument for KeyStorageSecurityStandard . Failure to do this results in an InvalidArgsException with the message, “A certificate authority cannot be created in this region with the specified security standard.”

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.html#cfn-acmpca-certificateauthority-keystoragesecuritystandard

Return type

Optional[str]

revocation_configuration

Information about the certificate revocation list (CRL) created and maintained by your private CA.

Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions. Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.html#cfn-acmpca-certificateauthority-revocationconfiguration

Return type

Union[IResolvable, RevocationConfigurationProperty, None]

signing_algorithm

Name of the algorithm your private CA uses to sign certificate requests.

This parameter should not be confused with the SigningAlgorithm parameter used to sign certificates when they are issued.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.html#cfn-acmpca-certificateauthority-signingalgorithm

Return type

str

subject

Structure that contains X.500 distinguished name information for your private CA.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.html#cfn-acmpca-certificateauthority-subject

Return type

Union[IResolvable, SubjectProperty]

tags

Key-value pairs that will be attached to the new private CA.

You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.html#cfn-acmpca-certificateauthority-tags

Return type

Optional[List[CfnTag]]

type

Type of your private CA.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-certificateauthority.html#cfn-acmpca-certificateauthority-type

Return type

str