Class CertificateAuthorityCertificate


  • public class CertificateAuthorityCertificate
    extends com.pulumi.resources.CustomResource
    Associates a certificate with an AWS Certificate Manager Private Certificate Authority (ACM PCA Certificate Authority). An ACM PCA Certificate Authority is unable to issue certificates until it has a certificate associated with it. A root level ACM PCA Certificate Authority is able to self-sign its own root certificate. ## Example Usage ### Self-Signed Root Certificate Authority Certificate ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.acmpca.CertificateAuthority; import com.pulumi.aws.acmpca.CertificateAuthorityArgs; import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs; import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs; import com.pulumi.aws.AwsFunctions; import com.pulumi.aws.inputs.GetPartitionArgs; import com.pulumi.aws.acmpca.Certificate; import com.pulumi.aws.acmpca.CertificateArgs; import com.pulumi.aws.acmpca.inputs.CertificateValidityArgs; import com.pulumi.aws.acmpca.CertificateAuthorityCertificate; import com.pulumi.aws.acmpca.CertificateAuthorityCertificateArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var exampleCertificateAuthority = new CertificateAuthority("exampleCertificateAuthority", CertificateAuthorityArgs.builder() .type("ROOT") .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder() .keyAlgorithm("RSA_4096") .signingAlgorithm("SHA512WITHRSA") .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder() .commonName("example.com") .build()) .build()) .build()); final var current = AwsFunctions.getPartition(); var exampleCertificate = new Certificate("exampleCertificate", CertificateArgs.builder() .certificateAuthorityArn(exampleCertificateAuthority.arn()) .certificateSigningRequest(exampleCertificateAuthority.certificateSigningRequest()) .signingAlgorithm("SHA512WITHRSA") .templateArn(String.format("arn:%s:acm-pca:::template/RootCACertificate/V1", current.applyValue(getPartitionResult -> getPartitionResult.partition()))) .validity(CertificateValidityArgs.builder() .type("YEARS") .value(1) .build()) .build()); var exampleCertificateAuthorityCertificate = new CertificateAuthorityCertificate("exampleCertificateAuthorityCertificate", CertificateAuthorityCertificateArgs.builder() .certificateAuthorityArn(exampleCertificateAuthority.arn()) .certificate(exampleCertificate.certificate()) .certificateChain(exampleCertificate.certificateChain()) .build()); } } ``` ### Certificate for Subordinate Certificate Authority Note that the certificate for the subordinate certificate authority must be issued by the root certificate authority using a signing request from the subordinate certificate authority. ```java package generated_program; import com.pulumi.Context; import com.pulumi.Pulumi; import com.pulumi.core.Output; import com.pulumi.aws.acmpca.CertificateAuthority; import com.pulumi.aws.acmpca.CertificateAuthorityArgs; import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs; import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs; import com.pulumi.aws.AwsFunctions; import com.pulumi.aws.inputs.GetPartitionArgs; import com.pulumi.aws.acmpca.Certificate; import com.pulumi.aws.acmpca.CertificateArgs; import com.pulumi.aws.acmpca.inputs.CertificateValidityArgs; import com.pulumi.aws.acmpca.CertificateAuthorityCertificate; import com.pulumi.aws.acmpca.CertificateAuthorityCertificateArgs; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.io.File; import java.nio.file.Files; import java.nio.file.Paths; public class App { public static void main(String[] args) { Pulumi.run(App::stack); } public static void stack(Context ctx) { var subordinateCertificateAuthority = new CertificateAuthority("subordinateCertificateAuthority", CertificateAuthorityArgs.builder() .type("SUBORDINATE") .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder() .keyAlgorithm("RSA_2048") .signingAlgorithm("SHA512WITHRSA") .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder() .commonName("sub.example.com") .build()) .build()) .build()); var rootCertificateAuthority = new CertificateAuthority("rootCertificateAuthority"); final var current = AwsFunctions.getPartition(); var subordinateCertificate = new Certificate("subordinateCertificate", CertificateArgs.builder() .certificateAuthorityArn(rootCertificateAuthority.arn()) .certificateSigningRequest(subordinateCertificateAuthority.certificateSigningRequest()) .signingAlgorithm("SHA512WITHRSA") .templateArn(String.format("arn:%s:acm-pca:::template/SubordinateCACertificate_PathLen0/V1", current.applyValue(getPartitionResult -> getPartitionResult.partition()))) .validity(CertificateValidityArgs.builder() .type("YEARS") .value(1) .build()) .build()); var subordinateCertificateAuthorityCertificate = new CertificateAuthorityCertificate("subordinateCertificateAuthorityCertificate", CertificateAuthorityCertificateArgs.builder() .certificateAuthorityArn(subordinateCertificateAuthority.arn()) .certificate(subordinateCertificate.certificate()) .certificateChain(subordinateCertificate.certificateChain()) .build()); var rootCertificateAuthorityCertificate = new CertificateAuthorityCertificate("rootCertificateAuthorityCertificate"); var rootCertificate = new Certificate("rootCertificate"); } } ```
    • Nested Class Summary

      • Nested classes/interfaces inherited from class com.pulumi.resources.CustomResource

        com.pulumi.resources.CustomResource.CustomResourceInternal
      • Nested classes/interfaces inherited from class com.pulumi.resources.Resource

        com.pulumi.resources.Resource.LazyField<T extends java.lang.Object>, com.pulumi.resources.Resource.LazyFields, com.pulumi.resources.Resource.ResourceInternal
    • Field Summary

      • Fields inherited from class com.pulumi.resources.Resource

        childResources, remote
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      com.pulumi.core.Output<java.lang.String> certificate()  
      com.pulumi.core.Output<java.lang.String> certificateAuthorityArn()  
      com.pulumi.core.Output<java.util.Optional<java.lang.String>> certificateChain()  
      static CertificateAuthorityCertificate get​(java.lang.String name, com.pulumi.core.Output<java.lang.String> id, CertificateAuthorityCertificateState state, com.pulumi.resources.CustomResourceOptions options)
      Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
      • Methods inherited from class com.pulumi.resources.CustomResource

        getId, id, idFuture
      • Methods inherited from class com.pulumi.resources.Resource

        getChildResources, getResourceName, getResourceType, getUrn, pulumiChildResources, pulumiResourceName, pulumiResourceType, urn
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • CertificateAuthorityCertificate

        public CertificateAuthorityCertificate​(java.lang.String name)
        Parameters:
        name - The _unique_ name of the resulting resource.
      • CertificateAuthorityCertificate

        public CertificateAuthorityCertificate​(java.lang.String name,
                                               CertificateAuthorityCertificateArgs args)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.
      • CertificateAuthorityCertificate

        public CertificateAuthorityCertificate​(java.lang.String name,
                                               CertificateAuthorityCertificateArgs args,
                                               @Nullable
                                               com.pulumi.resources.CustomResourceOptions options)
        Parameters:
        name - The _unique_ name of the resulting resource.
        args - The arguments to use to populate this resource's properties.
        options - A bag of options that control this resource's behavior.
    • Method Detail

      • certificate

        public com.pulumi.core.Output<java.lang.String> certificate()
        Returns:
        PEM-encoded certificate for the Certificate Authority.
      • certificateAuthorityArn

        public com.pulumi.core.Output<java.lang.String> certificateAuthorityArn()
        Returns:
        ARN of the Certificate Authority.
      • certificateChain

        public com.pulumi.core.Output<java.util.Optional<java.lang.String>> certificateChain()
        Returns:
        PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA. Required for subordinate Certificate Authorities. Not allowed for root Certificate Authorities.
      • get

        public static CertificateAuthorityCertificate get​(java.lang.String name,
                                                          com.pulumi.core.Output<java.lang.String> id,
                                                          @Nullable
                                                          CertificateAuthorityCertificateState state,
                                                          @Nullable
                                                          com.pulumi.resources.CustomResourceOptions options)
        Get an existing Host resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
        Parameters:
        name - The _unique_ name of the resulting resource.
        id - The _unique_ provider ID of the resource to lookup.
        state -
        options - Optional settings to control the behavior of the CustomResource.