class Aws::ACMPCA::Types::CreateCertificateAuthorityRequest

@note When making an API call, you may pass CreateCertificateAuthorityRequest

data as a hash:

    {
      certificate_authority_configuration: { # required
        key_algorithm: "RSA_2048", # required, accepts RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1
        signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
        subject: { # required
          country: "CountryCodeString",
          organization: "String64",
          organizational_unit: "String64",
          distinguished_name_qualifier: "ASN1PrintableString64",
          state: "String128",
          common_name: "String64",
          serial_number: "ASN1PrintableString64",
          locality: "String128",
          title: "String64",
          surname: "String40",
          given_name: "String16",
          initials: "String5",
          pseudonym: "String128",
          generation_qualifier: "String3",
        },
        csr_extensions: {
          key_usage: {
            digital_signature: false,
            non_repudiation: false,
            key_encipherment: false,
            data_encipherment: false,
            key_agreement: false,
            key_cert_sign: false,
            crl_sign: false,
            encipher_only: false,
            decipher_only: false,
          },
          subject_information_access: [
            {
              access_method: { # required
                custom_object_identifier: "CustomObjectIdentifier",
                access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
              },
              access_location: { # required
                other_name: {
                  type_id: "CustomObjectIdentifier", # required
                  value: "String256", # required
                },
                rfc_822_name: "String256",
                dns_name: "String253",
                directory_name: {
                  country: "CountryCodeString",
                  organization: "String64",
                  organizational_unit: "String64",
                  distinguished_name_qualifier: "ASN1PrintableString64",
                  state: "String128",
                  common_name: "String64",
                  serial_number: "ASN1PrintableString64",
                  locality: "String128",
                  title: "String64",
                  surname: "String40",
                  given_name: "String16",
                  initials: "String5",
                  pseudonym: "String128",
                  generation_qualifier: "String3",
                },
                edi_party_name: {
                  party_name: "String256", # required
                  name_assigner: "String256",
                },
                uniform_resource_identifier: "String253",
                ip_address: "String39",
                registered_id: "CustomObjectIdentifier",
              },
            },
          ],
        },
      },
      revocation_configuration: {
        crl_configuration: {
          enabled: false, # required
          expiration_in_days: 1,
          custom_cname: "String253",
          s3_bucket_name: "String3To255",
          s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
        },
        ocsp_configuration: {
          enabled: false, # required
          ocsp_custom_cname: "String253",
        },
      },
      certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE
      idempotency_token: "IdempotencyToken",
      key_storage_security_standard: "FIPS_140_2_LEVEL_2_OR_HIGHER", # accepts FIPS_140_2_LEVEL_2_OR_HIGHER, FIPS_140_2_LEVEL_3_OR_HIGHER
      tags: [
        {
          key: "TagKey", # required
          value: "TagValue",
        },
      ],
    }

@!attribute [rw] certificate_authority_configuration

Name and bit size of the private key algorithm, the name of the
signing algorithm, and X.500 certificate subject information.
@return [Types::CertificateAuthorityConfiguration]

@!attribute [rw] revocation_configuration

Contains information to enable Online Certificate Status Protocol
(OCSP) support, to enable a certificate revocation list (CRL), to
enable both, or to enable neither. The default is for both
certificate validation mechanisms to be disabled. For more
information, see the [OcspConfiguration][1] and
[CrlConfiguration][2] types.

[1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html
[2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
@return [Types::RevocationConfiguration]

@!attribute [rw] certificate_authority_type

The type of the certificate authority.
@return [String]

@!attribute [rw] idempotency_token

Custom string that can be used to distinguish between calls to the
**CreateCertificateAuthority** action. Idempotency tokens for
**CreateCertificateAuthority** time out after five minutes.
Therefore, if you call **CreateCertificateAuthority** multiple times
with the same idempotency token within five minutes, ACM Private CA
recognizes that you are requesting only certificate authority and
will issue only one. If you change the idempotency token for each
call, PCA recognizes that you are requesting multiple certificate
authorities.
@return [String]

@!attribute [rw] key_storage_security_standard

Specifies a cryptographic key management compliance standard used
for handling CA keys.

Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER

Note: `FIPS_140_2_LEVEL_3_OR_HIGHER` is not supported in Region
ap-northeast-3. When creating a CA in the ap-northeast-3, you must
provide `FIPS_140_2_LEVEL_2_OR_HIGHER` as the argument for
`KeyStorageSecurityStandard`. Failure to do this results in an
`InvalidArgsException` with the message, "A certificate authority
cannot be created in this region with the specified security
standard."
@return [String]

@!attribute [rw] tags

Key-value pairs that will be attached to the new private CA. You can
associate up to 50 tags with a private CA. For information using
tags with IAM to manage permissions, see [Controlling Access Using
IAM Tags][1].

[1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html
@return [Array<Types::Tag>]

@see docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityRequest AWS API Documentation

Constants

SENSITIVE