com.pulumi.aws.acmpca.kotlin.CertificateAuthorityArgs.kt Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of pulumi-aws-kotlin Show documentation
Show all versions of pulumi-aws-kotlin Show documentation
Build cloud applications and infrastructure by combining the safety and reliability of infrastructure as code with the power of the Kotlin programming language.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.aws.acmpca.kotlin
import com.pulumi.aws.acmpca.CertificateAuthorityArgs.builder
import com.pulumi.aws.acmpca.kotlin.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
import com.pulumi.aws.acmpca.kotlin.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgsBuilder
import com.pulumi.aws.acmpca.kotlin.inputs.CertificateAuthorityRevocationConfigurationArgs
import com.pulumi.aws.acmpca.kotlin.inputs.CertificateAuthorityRevocationConfigurationArgsBuilder
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.Boolean
import kotlin.Int
import kotlin.Pair
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.Map
import kotlin.jvm.JvmName
/**
* Provides a resource to manage AWS Certificate Manager Private Certificate Authorities (ACM PCA Certificate Authorities).
* > **NOTE:** Creating this resource will leave the certificate authority in a `PENDING_CERTIFICATE` status, which means it cannot yet issue certificates. To complete this setup, you must fully sign the certificate authority CSR available in the `certificate_signing_request` attribute. The `aws.acmpca.CertificateAuthorityCertificate` resource can be used for this purpose.
* ## Example Usage
* ### Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* const example = new aws.acmpca.CertificateAuthority("example", {
* certificateAuthorityConfiguration: {
* keyAlgorithm: "RSA_4096",
* signingAlgorithm: "SHA512WITHRSA",
* subject: {
* commonName: "example.com",
* },
* },
* permanentDeletionTimeInDays: 7,
* });
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
* example = aws.acmpca.CertificateAuthority("example",
* certificate_authority_configuration={
* "key_algorithm": "RSA_4096",
* "signing_algorithm": "SHA512WITHRSA",
* "subject": {
* "common_name": "example.com",
* },
* },
* permanent_deletion_time_in_days=7)
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
* return await Deployment.RunAsync(() =>
* {
* var example = new Aws.Acmpca.CertificateAuthority("example", new()
* {
* CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
* {
* KeyAlgorithm = "RSA_4096",
* SigningAlgorithm = "SHA512WITHRSA",
* Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
* {
* CommonName = "example.com",
* },
* },
* PermanentDeletionTimeInDays = 7,
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{
* CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
* KeyAlgorithm: pulumi.String("RSA_4096"),
* SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
* Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
* CommonName: pulumi.String("example.com"),
* },
* },
* PermanentDeletionTimeInDays: pulumi.Int(7),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.acmpca.CertificateAuthority;
* import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
* import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
* import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new CertificateAuthority("example", CertificateAuthorityArgs.builder()
* .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
* .keyAlgorithm("RSA_4096")
* .signingAlgorithm("SHA512WITHRSA")
* .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
* .commonName("example.com")
* .build())
* .build())
* .permanentDeletionTimeInDays(7)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: aws:acmpca:CertificateAuthority
* properties:
* certificateAuthorityConfiguration:
* keyAlgorithm: RSA_4096
* signingAlgorithm: SHA512WITHRSA
* subject:
* commonName: example.com
* permanentDeletionTimeInDays: 7
* ```
*
* ### Short-lived certificate
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* const example = new aws.acmpca.CertificateAuthority("example", {
* usageMode: "SHORT_LIVED_CERTIFICATE",
* certificateAuthorityConfiguration: {
* keyAlgorithm: "RSA_4096",
* signingAlgorithm: "SHA512WITHRSA",
* subject: {
* commonName: "example.com",
* },
* },
* });
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
* example = aws.acmpca.CertificateAuthority("example",
* usage_mode="SHORT_LIVED_CERTIFICATE",
* certificate_authority_configuration={
* "key_algorithm": "RSA_4096",
* "signing_algorithm": "SHA512WITHRSA",
* "subject": {
* "common_name": "example.com",
* },
* })
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
* return await Deployment.RunAsync(() =>
* {
* var example = new Aws.Acmpca.CertificateAuthority("example", new()
* {
* UsageMode = "SHORT_LIVED_CERTIFICATE",
* CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
* {
* KeyAlgorithm = "RSA_4096",
* SigningAlgorithm = "SHA512WITHRSA",
* Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
* {
* CommonName = "example.com",
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* _, err := acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{
* UsageMode: pulumi.String("SHORT_LIVED_CERTIFICATE"),
* CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
* KeyAlgorithm: pulumi.String("RSA_4096"),
* SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
* Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
* CommonName: pulumi.String("example.com"),
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.acmpca.CertificateAuthority;
* import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
* import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
* import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new CertificateAuthority("example", CertificateAuthorityArgs.builder()
* .usageMode("SHORT_LIVED_CERTIFICATE")
* .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
* .keyAlgorithm("RSA_4096")
* .signingAlgorithm("SHA512WITHRSA")
* .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
* .commonName("example.com")
* .build())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: aws:acmpca:CertificateAuthority
* properties:
* usageMode: SHORT_LIVED_CERTIFICATE
* certificateAuthorityConfiguration:
* keyAlgorithm: RSA_4096
* signingAlgorithm: SHA512WITHRSA
* subject:
* commonName: example.com
* ```
*
* ### Enable Certificate Revocation List
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as aws from "@pulumi/aws";
* const example = new aws.s3.BucketV2("example", {
* bucket: "example",
* forceDestroy: true,
* });
* const acmpcaBucketAccess = aws.iam.getPolicyDocumentOutput({
* statements: [{
* actions: [
* "s3:GetBucketAcl",
* "s3:GetBucketLocation",
* "s3:PutObject",
* "s3:PutObjectAcl",
* ],
* resources: [
* example.arn,
* pulumi.interpolate`${example.arn}/*`,
* ],
* principals: [{
* identifiers: ["acm-pca.amazonaws.com"],
* type: "Service",
* }],
* }],
* });
* const exampleBucketPolicy = new aws.s3.BucketPolicy("example", {
* bucket: example.id,
* policy: acmpcaBucketAccess.apply(acmpcaBucketAccess => acmpcaBucketAccess.json),
* });
* const exampleCertificateAuthority = new aws.acmpca.CertificateAuthority("example", {
* certificateAuthorityConfiguration: {
* keyAlgorithm: "RSA_4096",
* signingAlgorithm: "SHA512WITHRSA",
* subject: {
* commonName: "example.com",
* },
* },
* revocationConfiguration: {
* crlConfiguration: {
* customCname: "crl.example.com",
* enabled: true,
* expirationInDays: 7,
* s3BucketName: example.id,
* s3ObjectAcl: "BUCKET_OWNER_FULL_CONTROL",
* },
* },
* }, {
* dependsOn: [exampleBucketPolicy],
* });
* ```
* ```python
* import pulumi
* import pulumi_aws as aws
* example = aws.s3.BucketV2("example",
* bucket="example",
* force_destroy=True)
* acmpca_bucket_access = aws.iam.get_policy_document_output(statements=[{
* "actions": [
* "s3:GetBucketAcl",
* "s3:GetBucketLocation",
* "s3:PutObject",
* "s3:PutObjectAcl",
* ],
* "resources": [
* example.arn,
* example.arn.apply(lambda arn: f"{arn}/*"),
* ],
* "principals": [{
* "identifiers": ["acm-pca.amazonaws.com"],
* "type": "Service",
* }],
* }])
* example_bucket_policy = aws.s3.BucketPolicy("example",
* bucket=example.id,
* policy=acmpca_bucket_access.json)
* example_certificate_authority = aws.acmpca.CertificateAuthority("example",
* certificate_authority_configuration={
* "key_algorithm": "RSA_4096",
* "signing_algorithm": "SHA512WITHRSA",
* "subject": {
* "common_name": "example.com",
* },
* },
* revocation_configuration={
* "crl_configuration": {
* "custom_cname": "crl.example.com",
* "enabled": True,
* "expiration_in_days": 7,
* "s3_bucket_name": example.id,
* "s3_object_acl": "BUCKET_OWNER_FULL_CONTROL",
* },
* },
* opts = pulumi.ResourceOptions(depends_on=[example_bucket_policy]))
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Aws = Pulumi.Aws;
* return await Deployment.RunAsync(() =>
* {
* var example = new Aws.S3.BucketV2("example", new()
* {
* Bucket = "example",
* ForceDestroy = true,
* });
* var acmpcaBucketAccess = Aws.Iam.GetPolicyDocument.Invoke(new()
* {
* Statements = new[]
* {
* new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs
* {
* Actions = new[]
* {
* "s3:GetBucketAcl",
* "s3:GetBucketLocation",
* "s3:PutObject",
* "s3:PutObjectAcl",
* },
* Resources = new[]
* {
* example.Arn,
* $"{example.Arn}/*",
* },
* Principals = new[]
* {
* new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs
* {
* Identifiers = new[]
* {
* "acm-pca.amazonaws.com",
* },
* Type = "Service",
* },
* },
* },
* },
* });
* var exampleBucketPolicy = new Aws.S3.BucketPolicy("example", new()
* {
* Bucket = example.Id,
* Policy = acmpcaBucketAccess.Apply(getPolicyDocumentResult => getPolicyDocumentResult.Json),
* });
* var exampleCertificateAuthority = new Aws.Acmpca.CertificateAuthority("example", new()
* {
* CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs
* {
* KeyAlgorithm = "RSA_4096",
* SigningAlgorithm = "SHA512WITHRSA",
* Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs
* {
* CommonName = "example.com",
* },
* },
* RevocationConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationArgs
* {
* CrlConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs
* {
* CustomCname = "crl.example.com",
* Enabled = true,
* ExpirationInDays = 7,
* S3BucketName = example.Id,
* S3ObjectAcl = "BUCKET_OWNER_FULL_CONTROL",
* },
* },
* }, new CustomResourceOptions
* {
* DependsOn =
* {
* exampleBucketPolicy,
* },
* });
* });
* ```
* ```go
* package main
* import (
* "fmt"
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/acmpca"
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
* "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/s3"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* example, err := s3.NewBucketV2(ctx, "example", &s3.BucketV2Args{
* Bucket: pulumi.String("example"),
* ForceDestroy: pulumi.Bool(true),
* })
* if err != nil {
* return err
* }
* acmpcaBucketAccess := iam.GetPolicyDocumentOutput(ctx, iam.GetPolicyDocumentOutputArgs{
* Statements: iam.GetPolicyDocumentStatementArray{
* &iam.GetPolicyDocumentStatementArgs{
* Actions: pulumi.StringArray{
* pulumi.String("s3:GetBucketAcl"),
* pulumi.String("s3:GetBucketLocation"),
* pulumi.String("s3:PutObject"),
* pulumi.String("s3:PutObjectAcl"),
* },
* Resources: pulumi.StringArray{
* example.Arn,
* example.Arn.ApplyT(func(arn string) (string, error) {
* return fmt.Sprintf("%v/*", arn), nil
* }).(pulumi.StringOutput),
* },
* Principals: iam.GetPolicyDocumentStatementPrincipalArray{
* &iam.GetPolicyDocumentStatementPrincipalArgs{
* Identifiers: pulumi.StringArray{
* pulumi.String("acm-pca.amazonaws.com"),
* },
* Type: pulumi.String("Service"),
* },
* },
* },
* },
* }, nil)
* exampleBucketPolicy, err := s3.NewBucketPolicy(ctx, "example", &s3.BucketPolicyArgs{
* Bucket: example.ID(),
* Policy: pulumi.String(acmpcaBucketAccess.ApplyT(func(acmpcaBucketAccess iam.GetPolicyDocumentResult) (*string, error) {
* return &acmpcaBucketAccess.Json, nil
* }).(pulumi.StringPtrOutput)),
* })
* if err != nil {
* return err
* }
* _, err = acmpca.NewCertificateAuthority(ctx, "example", &acmpca.CertificateAuthorityArgs{
* CertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{
* KeyAlgorithm: pulumi.String("RSA_4096"),
* SigningAlgorithm: pulumi.String("SHA512WITHRSA"),
* Subject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{
* CommonName: pulumi.String("example.com"),
* },
* },
* RevocationConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationArgs{
* CrlConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs{
* CustomCname: pulumi.String("crl.example.com"),
* Enabled: pulumi.Bool(true),
* ExpirationInDays: pulumi.Int(7),
* S3BucketName: example.ID(),
* S3ObjectAcl: pulumi.String("BUCKET_OWNER_FULL_CONTROL"),
* },
* },
* }, pulumi.DependsOn([]pulumi.Resource{
* exampleBucketPolicy,
* }))
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.aws.s3.BucketV2;
* import com.pulumi.aws.s3.BucketV2Args;
* import com.pulumi.aws.iam.IamFunctions;
* import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
* import com.pulumi.aws.s3.BucketPolicy;
* import com.pulumi.aws.s3.BucketPolicyArgs;
* import com.pulumi.aws.acmpca.CertificateAuthority;
* import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
* import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
* import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
* import com.pulumi.aws.acmpca.inputs.CertificateAuthorityRevocationConfigurationArgs;
* import com.pulumi.aws.acmpca.inputs.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs;
* import com.pulumi.resources.CustomResourceOptions;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var example = new BucketV2("example", BucketV2Args.builder()
* .bucket("example")
* .forceDestroy(true)
* .build());
* final var acmpcaBucketAccess = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
* .statements(GetPolicyDocumentStatementArgs.builder()
* .actions(
* "s3:GetBucketAcl",
* "s3:GetBucketLocation",
* "s3:PutObject",
* "s3:PutObjectAcl")
* .resources(
* example.arn(),
* example.arn().applyValue(arn -> String.format("%s/*", arn)))
* .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
* .identifiers("acm-pca.amazonaws.com")
* .type("Service")
* .build())
* .build())
* .build());
* var exampleBucketPolicy = new BucketPolicy("exampleBucketPolicy", BucketPolicyArgs.builder()
* .bucket(example.id())
* .policy(acmpcaBucketAccess.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult).applyValue(acmpcaBucketAccess -> acmpcaBucketAccess.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json())))
* .build());
* var exampleCertificateAuthority = new CertificateAuthority("exampleCertificateAuthority", CertificateAuthorityArgs.builder()
* .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
* .keyAlgorithm("RSA_4096")
* .signingAlgorithm("SHA512WITHRSA")
* .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
* .commonName("example.com")
* .build())
* .build())
* .revocationConfiguration(CertificateAuthorityRevocationConfigurationArgs.builder()
* .crlConfiguration(CertificateAuthorityRevocationConfigurationCrlConfigurationArgs.builder()
* .customCname("crl.example.com")
* .enabled(true)
* .expirationInDays(7)
* .s3BucketName(example.id())
* .s3ObjectAcl("BUCKET_OWNER_FULL_CONTROL")
* .build())
* .build())
* .build(), CustomResourceOptions.builder()
* .dependsOn(exampleBucketPolicy)
* .build());
* }
* }
* ```
* ```yaml
* resources:
* example:
* type: aws:s3:BucketV2
* properties:
* bucket: example
* forceDestroy: true
* exampleBucketPolicy:
* type: aws:s3:BucketPolicy
* name: example
* properties:
* bucket: ${example.id}
* policy: ${acmpcaBucketAccess.json}
* exampleCertificateAuthority:
* type: aws:acmpca:CertificateAuthority
* name: example
* properties:
* certificateAuthorityConfiguration:
* keyAlgorithm: RSA_4096
* signingAlgorithm: SHA512WITHRSA
* subject:
* commonName: example.com
* revocationConfiguration:
* crlConfiguration:
* customCname: crl.example.com
* enabled: true
* expirationInDays: 7
* s3BucketName: ${example.id}
* s3ObjectAcl: BUCKET_OWNER_FULL_CONTROL
* options:
* dependson:
* - ${exampleBucketPolicy}
* variables:
* acmpcaBucketAccess:
* fn::invoke:
* Function: aws:iam:getPolicyDocument
* Arguments:
* statements:
* - actions:
* - s3:GetBucketAcl
* - s3:GetBucketLocation
* - s3:PutObject
* - s3:PutObjectAcl
* resources:
* - ${example.arn}
* - ${example.arn}/*
* principals:
* - identifiers:
* - acm-pca.amazonaws.com
* type: Service
* ```
*
* ## Import
* Using `pulumi import`, import `aws_acmpca_certificate_authority` using the certificate authority ARN. For example:
* ```sh
* $ pulumi import aws:acmpca/certificateAuthority:CertificateAuthority example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012
* ```
* @property certificateAuthorityConfiguration Nested argument containing algorithms and certificate subject information. Defined below.
* @property enabled Whether the certificate authority is enabled or disabled. Defaults to `true`. Can only be disabled if the CA is in an `ACTIVE` state.
* @property keyStorageSecurityStandard Cryptographic key management compliance standard used for handling CA keys. Defaults to `FIPS_140_2_LEVEL_3_OR_HIGHER`. Valid values: `FIPS_140_2_LEVEL_3_OR_HIGHER` and `FIPS_140_2_LEVEL_2_OR_HIGHER`. Supported standard for each region can be found in the [Storage and security compliance of AWS Private CA private keys Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys).
* @property permanentDeletionTimeInDays Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
* @property revocationConfiguration Nested argument containing revocation configuration. Defined below.
* @property tags Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
* @property type Type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`.
* @property usageMode Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to `GENERAL_PURPOSE`. Valid values: `GENERAL_PURPOSE` and `SHORT_LIVED_CERTIFICATE`.
* */*/*/*/*/*/
*/
public data class CertificateAuthorityArgs(
public val certificateAuthorityConfiguration: Output? = null,
public val enabled: Output? = null,
public val keyStorageSecurityStandard: Output? = null,
public val permanentDeletionTimeInDays: Output? = null,
public val revocationConfiguration: Output? =
null,
public val tags: Output>? = null,
public val type: Output? = null,
public val usageMode: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.aws.acmpca.CertificateAuthorityArgs =
com.pulumi.aws.acmpca.CertificateAuthorityArgs.builder()
.certificateAuthorityConfiguration(
certificateAuthorityConfiguration?.applyValue({ args0 ->
args0.let({ args0 -> args0.toJava() })
}),
)
.enabled(enabled?.applyValue({ args0 -> args0 }))
.keyStorageSecurityStandard(keyStorageSecurityStandard?.applyValue({ args0 -> args0 }))
.permanentDeletionTimeInDays(permanentDeletionTimeInDays?.applyValue({ args0 -> args0 }))
.revocationConfiguration(
revocationConfiguration?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
)
.tags(tags?.applyValue({ args0 -> args0.map({ args0 -> args0.key.to(args0.value) }).toMap() }))
.type(type?.applyValue({ args0 -> args0 }))
.usageMode(usageMode?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [CertificateAuthorityArgs].
*/
@PulumiTagMarker
public class CertificateAuthorityArgsBuilder internal constructor() {
private var certificateAuthorityConfiguration:
Output? = null
private var enabled: Output? = null
private var keyStorageSecurityStandard: Output? = null
private var permanentDeletionTimeInDays: Output? = null
private var revocationConfiguration: Output? =
null
private var tags: Output>? = null
private var type: Output? = null
private var usageMode: Output? = null
/**
* @param value Nested argument containing algorithms and certificate subject information. Defined below.
*/
@JvmName("dfyplgsgqawessfk")
public suspend fun certificateAuthorityConfiguration(`value`: Output) {
this.certificateAuthorityConfiguration = value
}
/**
* @param value Whether the certificate authority is enabled or disabled. Defaults to `true`. Can only be disabled if the CA is in an `ACTIVE` state.
*/
@JvmName("listhtscfvcfxyxh")
public suspend fun enabled(`value`: Output) {
this.enabled = value
}
/**
* @param value Cryptographic key management compliance standard used for handling CA keys. Defaults to `FIPS_140_2_LEVEL_3_OR_HIGHER`. Valid values: `FIPS_140_2_LEVEL_3_OR_HIGHER` and `FIPS_140_2_LEVEL_2_OR_HIGHER`. Supported standard for each region can be found in the [Storage and security compliance of AWS Private CA private keys Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys).
*/
@JvmName("bhicntjsuyjndtqh")
public suspend fun keyStorageSecurityStandard(`value`: Output) {
this.keyStorageSecurityStandard = value
}
/**
* @param value Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
*/
@JvmName("mwrjfclxajmpqiog")
public suspend fun permanentDeletionTimeInDays(`value`: Output) {
this.permanentDeletionTimeInDays = value
}
/**
* @param value Nested argument containing revocation configuration. Defined below.
*/
@JvmName("ugmwpujxnoisgiri")
public suspend fun revocationConfiguration(`value`: Output) {
this.revocationConfiguration = value
}
/**
* @param value Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
@JvmName("xbwgkupiniptstxb")
public suspend fun tags(`value`: Output>) {
this.tags = value
}
/**
* @param value Type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`.
*/
@JvmName("gvxspalnbqhrxotp")
public suspend fun type(`value`: Output) {
this.type = value
}
/**
* @param value Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to `GENERAL_PURPOSE`. Valid values: `GENERAL_PURPOSE` and `SHORT_LIVED_CERTIFICATE`.
*/
@JvmName("ehfhcqvugyvhrvih")
public suspend fun usageMode(`value`: Output) {
this.usageMode = value
}
/**
* @param value Nested argument containing algorithms and certificate subject information. Defined below.
*/
@JvmName("uckerpwpjbrrtbqf")
public suspend fun certificateAuthorityConfiguration(`value`: CertificateAuthorityCertificateAuthorityConfigurationArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.certificateAuthorityConfiguration = mapped
}
/**
* @param argument Nested argument containing algorithms and certificate subject information. Defined below.
*/
@JvmName("xlclqhqlnwwsrsfx")
public suspend fun certificateAuthorityConfiguration(argument: suspend CertificateAuthorityCertificateAuthorityConfigurationArgsBuilder.() -> Unit) {
val toBeMapped =
CertificateAuthorityCertificateAuthorityConfigurationArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.certificateAuthorityConfiguration = mapped
}
/**
* @param value Whether the certificate authority is enabled or disabled. Defaults to `true`. Can only be disabled if the CA is in an `ACTIVE` state.
*/
@JvmName("nbnkwgriohjcxrtm")
public suspend fun enabled(`value`: Boolean?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.enabled = mapped
}
/**
* @param value Cryptographic key management compliance standard used for handling CA keys. Defaults to `FIPS_140_2_LEVEL_3_OR_HIGHER`. Valid values: `FIPS_140_2_LEVEL_3_OR_HIGHER` and `FIPS_140_2_LEVEL_2_OR_HIGHER`. Supported standard for each region can be found in the [Storage and security compliance of AWS Private CA private keys Documentation](https://docs.aws.amazon.com/privateca/latest/userguide/data-protection.html#private-keys).
*/
@JvmName("vaeivbevjjkxdsxn")
public suspend fun keyStorageSecurityStandard(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.keyStorageSecurityStandard = mapped
}
/**
* @param value Number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.
*/
@JvmName("pjacbuofapqbyakb")
public suspend fun permanentDeletionTimeInDays(`value`: Int?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.permanentDeletionTimeInDays = mapped
}
/**
* @param value Nested argument containing revocation configuration. Defined below.
*/
@JvmName("nwrraypnsvkqciax")
public suspend fun revocationConfiguration(`value`: CertificateAuthorityRevocationConfigurationArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.revocationConfiguration = mapped
}
/**
* @param argument Nested argument containing revocation configuration. Defined below.
*/
@JvmName("wbucxeutlqmmunwp")
public suspend fun revocationConfiguration(argument: suspend CertificateAuthorityRevocationConfigurationArgsBuilder.() -> Unit) {
val toBeMapped = CertificateAuthorityRevocationConfigurationArgsBuilder().applySuspend {
argument()
}.build()
val mapped = of(toBeMapped)
this.revocationConfiguration = mapped
}
/**
* @param value Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
@JvmName("fjuuwmjhauacriqe")
public suspend fun tags(`value`: Map?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.tags = mapped
}
/**
* @param values Key-value map of user-defined tags that are attached to the certificate authority. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*/
@JvmName("vfwmpktkhouwaaxn")
public fun tags(vararg values: Pair) {
val toBeMapped = values.toMap()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.tags = mapped
}
/**
* @param value Type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`.
*/
@JvmName("nbxeryqifornftvy")
public suspend fun type(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.type = mapped
}
/**
* @param value Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. Defaults to `GENERAL_PURPOSE`. Valid values: `GENERAL_PURPOSE` and `SHORT_LIVED_CERTIFICATE`.
*/
@JvmName("ahyrgdphjcxnorvc")
public suspend fun usageMode(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.usageMode = mapped
}
internal fun build(): CertificateAuthorityArgs = CertificateAuthorityArgs(
certificateAuthorityConfiguration = certificateAuthorityConfiguration,
enabled = enabled,
keyStorageSecurityStandard = keyStorageSecurityStandard,
permanentDeletionTimeInDays = permanentDeletionTimeInDays,
revocationConfiguration = revocationConfiguration,
tags = tags,
type = type,
usageMode = usageMode,
)
}
© 2015 - 2024 Weber Informatics LLC | Privacy Policy