Package com.pulumi.aws.acmpca
Class CertificateAuthorityCertificate
- java.lang.Object
-
- com.pulumi.resources.Resource
-
- com.pulumi.resources.CustomResource
-
- com.pulumi.aws.acmpca.CertificateAuthorityCertificate
-
public class CertificateAuthorityCertificate extends com.pulumi.resources.CustomResourceAssociates a certificate with an AWS Certificate Manager Private Certificate Authority (ACM PCA Certificate Authority). An ACM PCA Certificate Authority is unable to issue certificates until it has a certificate associated with it. A root level ACM PCA Certificate Authority is able to self-sign its own root certificate. ## Example Usage ### Self-Signed Root Certificate Authority Certificate ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.acmpca.CertificateAuthority; import com.pulumi.aws.acmpca.CertificateAuthorityArgs; import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs; import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs; import com.pulumi.aws.AwsFunctions; import com.pulumi.aws.inputs.GetPartitionArgs; import com.pulumi.aws.acmpca.Certificate; import com.pulumi.aws.acmpca.CertificateArgs; import com.pulumi.aws.acmpca.inputs.CertificateValidityArgs; import com.pulumi.aws.acmpca.CertificateAuthorityCertificate; import com.pulumi.aws.acmpca.CertificateAuthorityCertificateArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var exampleCertificateAuthority = new CertificateAuthority("exampleCertificateAuthority", CertificateAuthorityArgs.builder() .type("ROOT") .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder() .keyAlgorithm("RSA_4096") .signingAlgorithm("SHA512WITHRSA") .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder() .commonName("example.com") .build()) .build()) .build()); final var current = AwsFunctions.getPartition(); var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder() .certificateAuthorityArn(exampleCertificateAuthority.arn()) .certificateSigningRequest(exampleCertificateAuthority.certificateSigningRequest()) .signingAlgorithm("SHA512WITHRSA") .templateArn(String.format("arn:%s:acm-pca:::template/RootCACertificate/V1", current.applyValue(getPartitionResult -> getPartitionResult.partition()))) .validity(CertificateValidityArgs.builder() .type("YEARS") .value(1) .build()) .build()); var exampleCertificateAuthorityCertificate = new CertificateAuthorityCertificate("exampleCertificateAuthorityCertificate", CertificateAuthorityCertificateArgs.builder() .certificateAuthorityArn(exampleCertificateAuthority.arn()) .certificate(exampleCertificate.certificate()) .certificateChain(exampleCertificate.certificateChain()) .build()); } } ``` ### Certificate for Subordinate Certificate Authority Note that the certificate for the subordinate certificate authority must be issued by the root certificate authority using a signing request from the subordinate certificate authority. ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.acmpca.CertificateAuthority; import com.pulumi.aws.acmpca.CertificateAuthorityArgs; import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs; import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs; import com.pulumi.aws.AwsFunctions; import com.pulumi.aws.inputs.GetPartitionArgs; import com.pulumi.aws.acmpca.Certificate; import com.pulumi.aws.acmpca.CertificateArgs; import com.pulumi.aws.acmpca.inputs.CertificateValidityArgs; import com.pulumi.aws.acmpca.CertificateAuthorityCertificate; import com.pulumi.aws.acmpca.CertificateAuthorityCertificateArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var subordinateCertificateAuthority = new CertificateAuthority("subordinateCertificateAuthority", CertificateAuthorityArgs.builder() .type("SUBORDINATE") .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder() .keyAlgorithm("RSA_2048") .signingAlgorithm("SHA512WITHRSA") .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder() .commonName("sub.example.com") .build()) .build()) .build()); var rootCertificateAuthority = new CertificateAuthority("rootCertificateAuthority"); final var current = AwsFunctions.getPartition(); var subordinateCertificate = new Certificate("subordinateCertificate", CertificateArgs.builder() .certificateAuthorityArn(rootCertificateAuthority.arn()) .certificateSigningRequest(subordinateCertificateAuthority.certificateSigningRequest()) .signingAlgorithm("SHA512WITHRSA") .templateArn(String.format("arn:%s:acm-pca:::template/SubordinateCACertificate_PathLen0/V1", current.applyValue(getPartitionResult -> getPartitionResult.partition()))) .validity(CertificateValidityArgs.builder() .type("YEARS") .value(1) .build()) .build()); var subordinateCertificateAuthorityCertificate = new CertificateAuthorityCertificate("subordinateCertificateAuthorityCertificate", CertificateAuthorityCertificateArgs.builder() .certificateAuthorityArn(subordinateCertificateAuthority.arn()) .certificate(subordinateCertificate.certificate()) .certificateChain(subordinateCertificate.certificateChain()) .build()); var rootCertificateAuthorityCertificate = new CertificateAuthorityCertificate("rootCertificateAuthorityCertificate"); var rootCertificate = new Certificate("rootCertificate"); } } ```
-
-
Constructor Summary
Constructors Constructor Description CertificateAuthorityCertificate(java.lang.String name)CertificateAuthorityCertificate(java.lang.String name, CertificateAuthorityCertificateArgs args)CertificateAuthorityCertificate(java.lang.String name, CertificateAuthorityCertificateArgs args, com.pulumi.resources.CustomResourceOptions options)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description com.pulumi.core.Output<java.lang.String>certificate()com.pulumi.core.Output<java.lang.String>certificateAuthorityArn()com.pulumi.core.Output<java.util.Optional<java.lang.String>>certificateChain()static CertificateAuthorityCertificateget(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, CertificateAuthorityCertificateState state, com.pulumi.resources.CustomResourceOptions options)Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
-
-
-
Constructor Detail
-
CertificateAuthorityCertificate
public CertificateAuthorityCertificate(java.lang.String name)
- Parameters:
name- The _unique_ name of the resulting resource.
-
CertificateAuthorityCertificate
public CertificateAuthorityCertificate(java.lang.String name, CertificateAuthorityCertificateArgs args)- Parameters:
name- The _unique_ name of the resulting resource.args- The arguments to use to populate this resource's properties.
-
CertificateAuthorityCertificate
public CertificateAuthorityCertificate(java.lang.String name, CertificateAuthorityCertificateArgs args, @Nullable com.pulumi.resources.CustomResourceOptions options)- Parameters:
name- The _unique_ name of the resulting resource.args- The arguments to use to populate this resource's properties.options- A bag of options that control this resource's behavior.
-
-
Method Detail
-
certificate
public com.pulumi.core.Output<java.lang.String> certificate()
- Returns:
- PEM-encoded certificate for the Certificate Authority.
-
certificateAuthorityArn
public com.pulumi.core.Output<java.lang.String> certificateAuthorityArn()
- Returns:
- ARN of the Certificate Authority.
-
certificateChain
public com.pulumi.core.Output<java.util.Optional<java.lang.String>> certificateChain()
- Returns:
- PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA. Required for subordinate Certificate Authorities. Not allowed for root Certificate Authorities.
-
get
public static CertificateAuthorityCertificate get(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, @Nullable CertificateAuthorityCertificateState state, @Nullable com.pulumi.resources.CustomResourceOptions options)
Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.- Parameters:
name- The _unique_ name of the resulting resource.id- The _unique_ provider ID of the resource to lookup.state-options- Optional settings to control the behavior of the CustomResource.
-
-