Class: AWSCDK::ACMPCA::CfnCertificateAuthorityProps
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::ACMPCA::CfnCertificateAuthorityProps
- Defined in:
- acmpca/cfn_certificate_authority_props.rb
Overview
Properties for defining a CfnCertificateAuthority.
Instance Attribute Summary collapse
-
#csr_extensions ⇒ AWSCDK::IResolvable, ...
readonly
Specifies information to be added to the extension section of the certificate signing request (CSR).
-
#key_algorithm ⇒ String
readonly
Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
-
#key_storage_security_standard ⇒ String?
readonly
Specifies a cryptographic key management compliance standard for handling and protecting CA keys.
-
#revocation_configuration ⇒ AWSCDK::IResolvable, ...
readonly
Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.
-
#signing_algorithm ⇒ String
readonly
Name of the algorithm your private CA uses to sign certificate requests.
-
#subject ⇒ AWSCDK::IResolvable, AWSCDK::ACMPCA::CfnCertificateAuthority::SubjectProperty
readonly
Structure that contains X.500 distinguished name information for your private CA.
-
#tags ⇒ Array<AWSCDK::CfnTag>?
readonly
Key-value pairs that will be attached to the new private CA.
-
#type ⇒ String
readonly
Type of your private CA.
-
#usage_mode ⇒ String?
readonly
Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(key_algorithm:, signing_algorithm:, subject:, type:, csr_extensions: nil, key_storage_security_standard: nil, revocation_configuration: nil, tags: nil, usage_mode: nil) ⇒ CfnCertificateAuthorityProps
constructor
A new instance of CfnCertificateAuthorityProps.
- #to_jsii ⇒ Object
Constructor Details
#initialize(key_algorithm:, signing_algorithm:, subject:, type:, csr_extensions: nil, key_storage_security_standard: nil, revocation_configuration: nil, tags: nil, usage_mode: nil) ⇒ CfnCertificateAuthorityProps
Returns a new instance of CfnCertificateAuthorityProps.
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
# File 'acmpca/cfn_certificate_authority_props.rb', line 18 def initialize(key_algorithm:, signing_algorithm:, subject:, type:, csr_extensions: nil, key_storage_security_standard: nil, revocation_configuration: nil, tags: nil, usage_mode: nil) @key_algorithm = key_algorithm Jsii::Type.check_type(@key_algorithm, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "keyAlgorithm") @signing_algorithm = signing_algorithm Jsii::Type.check_type(@signing_algorithm, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "signingAlgorithm") @subject = subject.is_a?(Hash) ? ::AWSCDK::ACMPCA::CfnCertificateAuthority::SubjectProperty.new(**subject.transform_keys(&:to_sym)) : subject Jsii::Type.check_type(@subject, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19hY21wY2EuQ2ZuQ2VydGlmaWNhdGVBdXRob3JpdHkuU3ViamVjdFByb3BlcnR5In1dfX0=")), "subject") @type = type Jsii::Type.check_type(@type, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "type") @csr_extensions = csr_extensions.is_a?(Hash) ? ::AWSCDK::ACMPCA::CfnCertificateAuthority::CsrExtensionsProperty.new(**csr_extensions.transform_keys(&:to_sym)) : csr_extensions Jsii::Type.check_type(@csr_extensions, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19hY21wY2EuQ2ZuQ2VydGlmaWNhdGVBdXRob3JpdHkuQ3NyRXh0ZW5zaW9uc1Byb3BlcnR5In1dfX0=")), "csrExtensions") unless @csr_extensions.nil? @key_storage_security_standard = key_storage_security_standard Jsii::Type.check_type(@key_storage_security_standard, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "keyStorageSecurityStandard") unless @key_storage_security_standard.nil? @revocation_configuration = revocation_configuration.is_a?(Hash) ? ::AWSCDK::ACMPCA::CfnCertificateAuthority::RevocationConfigurationProperty.new(**revocation_configuration.transform_keys(&:to_sym)) : revocation_configuration Jsii::Type.check_type(@revocation_configuration, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19hY21wY2EuQ2ZuQ2VydGlmaWNhdGVBdXRob3JpdHkuUmV2b2NhdGlvbkNvbmZpZ3VyYXRpb25Qcm9wZXJ0eSJ9XX19")), "revocationConfiguration") unless @revocation_configuration.nil? @tags = .is_a?(Array) ? .map { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::CfnTag.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } : Jsii::Type.check_type(@tags, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLkNmblRhZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "tags") unless @tags.nil? @usage_mode = usage_mode Jsii::Type.check_type(@usage_mode, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "usageMode") unless @usage_mode.nil? end |
Instance Attribute Details
#csr_extensions ⇒ AWSCDK::IResolvable, ... (readonly)
Specifies information to be added to the extension section of the certificate signing request (CSR).
67 68 69 |
# File 'acmpca/cfn_certificate_authority_props.rb', line 67 def csr_extensions @csr_extensions end |
#key_algorithm ⇒ String (readonly)
Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.
When you create a subordinate CA, you must use a key algorithm supported by the parent CA.
45 46 47 |
# File 'acmpca/cfn_certificate_authority_props.rb', line 45 def key_algorithm @key_algorithm end |
#key_storage_security_standard ⇒ String? (readonly)
Specifies a cryptographic key management compliance standard for handling and protecting CA keys.
Default: FIPS_140_2_LEVEL_3_OR_HIGHER
Some AWS Regions don't support the default value. When you create a CA in these Regions, you must use
CCPC_LEVEL_1_OR_HIGHERfor theKeyStorageSecurityStandardparameter. If you don't, the operation returns anInvalidArgsExceptionwith this message: "A certificate authority cannot be created in this region with the specified security standard."For information about security standard support in different AWS Regions, see Storage and security compliance of AWS Private CA private keys .
78 79 80 |
# File 'acmpca/cfn_certificate_authority_props.rb', line 78 def key_storage_security_standard @key_storage_security_standard end |
#revocation_configuration ⇒ AWSCDK::IResolvable, ... (readonly)
Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.
83 84 85 |
# File 'acmpca/cfn_certificate_authority_props.rb', line 83 def revocation_configuration @revocation_configuration end |
#signing_algorithm ⇒ String (readonly)
Name of the algorithm your private CA uses to sign certificate requests.
This parameter should not be confused with the SigningAlgorithm parameter used to sign certificates when they are issued.
52 53 54 |
# File 'acmpca/cfn_certificate_authority_props.rb', line 52 def signing_algorithm @signing_algorithm end |
#subject ⇒ AWSCDK::IResolvable, AWSCDK::ACMPCA::CfnCertificateAuthority::SubjectProperty (readonly)
Structure that contains X.500 distinguished name information for your private CA.
57 58 59 |
# File 'acmpca/cfn_certificate_authority_props.rb', line 57 def subject @subject end |
#tags ⇒ Array<AWSCDK::CfnTag>? (readonly)
Key-value pairs that will be attached to the new private CA.
You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .
90 91 92 |
# File 'acmpca/cfn_certificate_authority_props.rb', line 90 def @tags end |
#type ⇒ String (readonly)
Type of your private CA.
62 63 64 |
# File 'acmpca/cfn_certificate_authority_props.rb', line 62 def type @type end |
#usage_mode ⇒ String? (readonly)
Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
Short-lived certificate validity is limited to seven days.
The default value is GENERAL_PURPOSE.
99 100 101 |
# File 'acmpca/cfn_certificate_authority_props.rb', line 99 def usage_mode @usage_mode end |
Class Method Details
.jsii_properties ⇒ Object
101 102 103 104 105 106 107 108 109 110 111 112 113 |
# File 'acmpca/cfn_certificate_authority_props.rb', line 101 def self.jsii_properties { :key_algorithm => "keyAlgorithm", :signing_algorithm => "signingAlgorithm", :subject => "subject", :type => "type", :csr_extensions => "csrExtensions", :key_storage_security_standard => "keyStorageSecurityStandard", :revocation_configuration => "revocationConfiguration", :tags => "tags", :usage_mode => "usageMode", } end |
Instance Method Details
#to_jsii ⇒ Object
115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
# File 'acmpca/cfn_certificate_authority_props.rb', line 115 def to_jsii result = {} result.merge!({ "keyAlgorithm" => @key_algorithm, "signingAlgorithm" => @signing_algorithm, "subject" => @subject, "type" => @type, "csrExtensions" => @csr_extensions, "keyStorageSecurityStandard" => @key_storage_security_standard, "revocationConfiguration" => @revocation_configuration, "tags" => @tags, "usageMode" => @usage_mode, }) result.compact end |