AWS::ACMPCA::Certificate Subject - AWS CloudFormation

AWS::ACMPCA::Certificate Subject

Contains information about the certificate subject. The Subject field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The Subject must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "CommonName" : String, "Country" : String, "CustomAttributes" : [ CustomAttribute, ... ], "DistinguishedNameQualifier" : String, "GenerationQualifier" : String, "GivenName" : String, "Initials" : String, "Locality" : String, "Organization" : String, "OrganizationalUnit" : String, "Pseudonym" : String, "SerialNumber" : String, "State" : String, "Surname" : String, "Title" : String }

YAML

CommonName: String Country: String CustomAttributes: - CustomAttribute DistinguishedNameQualifier: String GenerationQualifier: String GivenName: String Initials: String Locality: String Organization: String OrganizationalUnit: String Pseudonym: String SerialNumber: String State: String Surname: String Title: String

Properties

CommonName

For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit.

Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.

Required: No

Type: String

Minimum: 0

Maximum: 64

Update requires: Replacement

Country

Two-digit code that specifies the country in which the certificate subject located.

Required: No

Type: String

Pattern: [A-Za-z]{2}

Minimum: 2

Maximum: 2

Update requires: Replacement

CustomAttributes

Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID).

Note

Custom attributes cannot be used in combination with standard attributes.

Required: No

Type: Array of CustomAttribute

Minimum: 1

Maximum: 150

Update requires: Replacement

DistinguishedNameQualifier

Disambiguating information for the certificate subject.

Required: No

Type: String

Pattern: [a-zA-Z0-9'()+-.?:/= ]*

Minimum: 0

Maximum: 64

Update requires: Replacement

GenerationQualifier

Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.

Required: No

Type: String

Minimum: 0

Maximum: 3

Update requires: Replacement

GivenName

First name.

Required: No

Type: String

Minimum: 0

Maximum: 16

Update requires: Replacement

Initials

Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.

Required: No

Type: String

Minimum: 0

Maximum: 5

Update requires: Replacement

Locality

The locality (such as a city or town) in which the certificate subject is located.

Required: No

Type: String

Minimum: 0

Maximum: 128

Update requires: Replacement

Organization

Legal name of the organization with which the certificate subject is affiliated.

Required: No

Type: String

Minimum: 0

Maximum: 64

Update requires: Replacement

OrganizationalUnit

A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.

Required: No

Type: String

Minimum: 0

Maximum: 64

Update requires: Replacement

Pseudonym

Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.

Required: No

Type: String

Minimum: 0

Maximum: 128

Update requires: Replacement

SerialNumber

The certificate serial number.

Required: No

Type: String

Pattern: [a-zA-Z0-9'()+-.?:/= ]*

Minimum: 0

Maximum: 64

Update requires: Replacement

State

State in which the subject of the certificate is located.

Required: No

Type: String

Minimum: 0

Maximum: 128

Update requires: Replacement

Surname

Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.

Required: No

Type: String

Minimum: 0

Maximum: 40

Update requires: Replacement

Title

A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.

Required: No

Type: String

Minimum: 0

Maximum: 64

Update requires: Replacement