Class: Aws::ACMPCA::Types::CreateCertificateAuthorityRequest
- Inherits:
-
Struct
- Object
- Struct
- Aws::ACMPCA::Types::CreateCertificateAuthorityRequest
- Defined in:
- gems/aws-sdk-acmpca/lib/aws-sdk-acmpca/types.rb
Overview
When making an API call, you may pass CreateCertificateAuthorityRequest data as a hash:
{
certificate_authority_configuration: { # required
key_algorithm: "RSA_2048", # required, accepts RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1
signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
subject: { # required
country: "CountryCodeString",
organization: "String64",
organizational_unit: "String64",
distinguished_name_qualifier: "ASN1PrintableString64",
state: "String128",
common_name: "String64",
serial_number: "ASN1PrintableString64",
locality: "String128",
title: "String64",
surname: "String40",
given_name: "String16",
initials: "String5",
pseudonym: "String128",
generation_qualifier: "String3",
custom_attributes: [
{
object_identifier: "CustomObjectIdentifier", # required
value: "String1To256", # required
},
],
},
csr_extensions: {
key_usage: {
digital_signature: false,
non_repudiation: false,
key_encipherment: false,
data_encipherment: false,
key_agreement: false,
key_cert_sign: false,
crl_sign: false,
encipher_only: false,
decipher_only: false,
},
subject_information_access: [
{
access_method: { # required
custom_object_identifier: "CustomObjectIdentifier",
access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
},
access_location: { # required
other_name: {
type_id: "CustomObjectIdentifier", # required
value: "String256", # required
},
rfc_822_name: "String256",
dns_name: "String253",
directory_name: {
country: "CountryCodeString",
organization: "String64",
organizational_unit: "String64",
distinguished_name_qualifier: "ASN1PrintableString64",
state: "String128",
common_name: "String64",
serial_number: "ASN1PrintableString64",
locality: "String128",
title: "String64",
surname: "String40",
given_name: "String16",
initials: "String5",
pseudonym: "String128",
generation_qualifier: "String3",
custom_attributes: [
{
object_identifier: "CustomObjectIdentifier", # required
value: "String1To256", # required
},
],
},
edi_party_name: {
party_name: "String256", # required
name_assigner: "String256",
},
uniform_resource_identifier: "String253",
ip_address: "String39",
registered_id: "CustomObjectIdentifier",
},
},
],
},
},
revocation_configuration: {
crl_configuration: {
enabled: false, # required
expiration_in_days: 1,
custom_cname: "String253",
s3_bucket_name: "String3To255",
s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
},
ocsp_configuration: {
enabled: false, # required
ocsp_custom_cname: "String253",
},
},
certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE
idempotency_token: "IdempotencyToken",
key_storage_security_standard: "FIPS_140_2_LEVEL_2_OR_HIGHER", # accepts FIPS_140_2_LEVEL_2_OR_HIGHER, FIPS_140_2_LEVEL_3_OR_HIGHER
tags: [
{
key: "TagKey", # required
value: "TagValue",
},
],
}
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#certificate_authority_configuration ⇒ Types::CertificateAuthorityConfiguration
Name and bit size of the private key algorithm, the name of the signing algorithm, and X.500 certificate subject information.
-
#certificate_authority_type ⇒ String
The type of the certificate authority.
-
#idempotency_token ⇒ String
Custom string that can be used to distinguish between calls to the CreateCertificateAuthority action.
-
#key_storage_security_standard ⇒ String
Specifies a cryptographic key management compliance standard used for handling CA keys.
-
#revocation_configuration ⇒ Types::RevocationConfiguration
Contains information to enable Online Certificate Status Protocol (OCSP) support, to enable a certificate revocation list (CRL), to enable both, or to enable neither.
-
#tags ⇒ Array<Types::Tag>
Key-value pairs that will be attached to the new private CA.
Instance Attribute Details
#certificate_authority_configuration ⇒ Types::CertificateAuthorityConfiguration
Name and bit size of the private key algorithm, the name of the signing algorithm, and X.500 certificate subject information.
918 919 920 921 922 923 924 925 926 927 |
# File 'gems/aws-sdk-acmpca/lib/aws-sdk-acmpca/types.rb', line 918 class CreateCertificateAuthorityRequest < Struct.new( :certificate_authority_configuration, :revocation_configuration, :certificate_authority_type, :idempotency_token, :key_storage_security_standard, :tags) SENSITIVE = [] include Aws::Structure end |
#certificate_authority_type ⇒ String
The type of the certificate authority.
918 919 920 921 922 923 924 925 926 927 |
# File 'gems/aws-sdk-acmpca/lib/aws-sdk-acmpca/types.rb', line 918 class CreateCertificateAuthorityRequest < Struct.new( :certificate_authority_configuration, :revocation_configuration, :certificate_authority_type, :idempotency_token, :key_storage_security_standard, :tags) SENSITIVE = [] include Aws::Structure end |
#idempotency_token ⇒ String
Custom string that can be used to distinguish between calls to the CreateCertificateAuthority action. Idempotency tokens for CreateCertificateAuthority time out after five minutes. Therefore, if you call CreateCertificateAuthority multiple times with the same idempotency token within five minutes, ACM Private CA recognizes that you are requesting only certificate authority and will issue only one. If you change the idempotency token for each call, PCA recognizes that you are requesting multiple certificate authorities.
918 919 920 921 922 923 924 925 926 927 |
# File 'gems/aws-sdk-acmpca/lib/aws-sdk-acmpca/types.rb', line 918 class CreateCertificateAuthorityRequest < Struct.new( :certificate_authority_configuration, :revocation_configuration, :certificate_authority_type, :idempotency_token, :key_storage_security_standard, :tags) SENSITIVE = [] include Aws::Structure end |
#key_storage_security_standard ⇒ String
Specifies a cryptographic key management compliance standard used for handling CA keys.
Default: FIPS_140_2_LEVEL_3_OR_HIGHER
Note: FIPS_140_2_LEVEL_3_OR_HIGHER
is not supported in the
following Regions:
ap-northeast-3
ap-southeast-3
When creating a CA in these Regions, you must provide
FIPS_140_2_LEVEL_2_OR_HIGHER
as the argument for
KeyStorageSecurityStandard
. Failure to do this results in an
InvalidArgsException
with the message, "A certificate authority
cannot be created in this region with the specified security
standard."
918 919 920 921 922 923 924 925 926 927 |
# File 'gems/aws-sdk-acmpca/lib/aws-sdk-acmpca/types.rb', line 918 class CreateCertificateAuthorityRequest < Struct.new( :certificate_authority_configuration, :revocation_configuration, :certificate_authority_type, :idempotency_token, :key_storage_security_standard, :tags) SENSITIVE = [] include Aws::Structure end |
#revocation_configuration ⇒ Types::RevocationConfiguration
Contains information to enable Online Certificate Status Protocol (OCSP) support, to enable a certificate revocation list (CRL), to enable both, or to enable neither. The default is for both certificate validation mechanisms to be disabled. For more information, see the OcspConfiguration and CrlConfiguration types.
918 919 920 921 922 923 924 925 926 927 |
# File 'gems/aws-sdk-acmpca/lib/aws-sdk-acmpca/types.rb', line 918 class CreateCertificateAuthorityRequest < Struct.new( :certificate_authority_configuration, :revocation_configuration, :certificate_authority_type, :idempotency_token, :key_storage_security_standard, :tags) SENSITIVE = [] include Aws::Structure end |
#tags ⇒ Array<Types::Tag>
Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags.
918 919 920 921 922 923 924 925 926 927 |
# File 'gems/aws-sdk-acmpca/lib/aws-sdk-acmpca/types.rb', line 918 class CreateCertificateAuthorityRequest < Struct.new( :certificate_authority_configuration, :revocation_configuration, :certificate_authority_type, :idempotency_token, :key_storage_security_standard, :tags) SENSITIVE = [] include Aws::Structure end |