class Aws::ACMPCA::Types::CreateCertificateAuthorityRequest
@note When making an API call, you may pass CreateCertificateAuthorityRequest
data as a hash: { certificate_authority_configuration: { # required key_algorithm: "RSA_2048", # required, accepts RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1 signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA subject: { # required country: "CountryCodeString", organization: "String64", organizational_unit: "String64", distinguished_name_qualifier: "ASN1PrintableString64", state: "String128", common_name: "String64", serial_number: "ASN1PrintableString64", locality: "String128", title: "String64", surname: "String40", given_name: "String16", initials: "String5", pseudonym: "String128", generation_qualifier: "String3", }, csr_extensions: { key_usage: { digital_signature: false, non_repudiation: false, key_encipherment: false, data_encipherment: false, key_agreement: false, key_cert_sign: false, crl_sign: false, encipher_only: false, decipher_only: false, }, subject_information_access: [ { access_method: { # required custom_object_identifier: "CustomObjectIdentifier", access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY }, access_location: { # required other_name: { type_id: "CustomObjectIdentifier", # required value: "String256", # required }, rfc_822_name: "String256", dns_name: "String253", directory_name: { country: "CountryCodeString", organization: "String64", organizational_unit: "String64", distinguished_name_qualifier: "ASN1PrintableString64", state: "String128", common_name: "String64", serial_number: "ASN1PrintableString64", locality: "String128", title: "String64", surname: "String40", given_name: "String16", initials: "String5", pseudonym: "String128", generation_qualifier: "String3", }, edi_party_name: { party_name: "String256", # required name_assigner: "String256", }, uniform_resource_identifier: "String253", ip_address: "String39", registered_id: "CustomObjectIdentifier", }, }, ], }, }, revocation_configuration: { crl_configuration: { enabled: false, # required expiration_in_days: 1, custom_cname: "String253", s3_bucket_name: "String3To255", s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL }, ocsp_configuration: { enabled: false, # required ocsp_custom_cname: "String253", }, }, certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE idempotency_token: "IdempotencyToken", key_storage_security_standard: "FIPS_140_2_LEVEL_2_OR_HIGHER", # accepts FIPS_140_2_LEVEL_2_OR_HIGHER, FIPS_140_2_LEVEL_3_OR_HIGHER tags: [ { key: "TagKey", # required value: "TagValue", }, ], }
@!attribute [rw] certificate_authority_configuration
Name and bit size of the private key algorithm, the name of the signing algorithm, and X.500 certificate subject information. @return [Types::CertificateAuthorityConfiguration]
@!attribute [rw] revocation_configuration
Contains information to enable Online Certificate Status Protocol (OCSP) support, to enable a certificate revocation list (CRL), to enable both, or to enable neither. The default is for both certificate validation mechanisms to be disabled. For more information, see the [OcspConfiguration][1] and [CrlConfiguration][2] types. [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html @return [Types::RevocationConfiguration]
@!attribute [rw] certificate_authority_type
The type of the certificate authority. @return [String]
@!attribute [rw] idempotency_token
Custom string that can be used to distinguish between calls to the **CreateCertificateAuthority** action. Idempotency tokens for **CreateCertificateAuthority** time out after five minutes. Therefore, if you call **CreateCertificateAuthority** multiple times with the same idempotency token within five minutes, ACM Private CA recognizes that you are requesting only certificate authority and will issue only one. If you change the idempotency token for each call, PCA recognizes that you are requesting multiple certificate authorities. @return [String]
@!attribute [rw] key_storage_security_standard
Specifies a cryptographic key management compliance standard used for handling CA keys. Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER Note: `FIPS_140_2_LEVEL_3_OR_HIGHER` is not supported in Region ap-northeast-3. When creating a CA in the ap-northeast-3, you must provide `FIPS_140_2_LEVEL_2_OR_HIGHER` as the argument for `KeyStorageSecurityStandard`. Failure to do this results in an `InvalidArgsException` with the message, "A certificate authority cannot be created in this region with the specified security standard." @return [String]
@!attribute [rw] tags
Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see [Controlling Access Using IAM Tags][1]. [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html @return [Array<Types::Tag>]
@see docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityRequest AWS API Documentation
Constants
- SENSITIVE