Class: AWSCDK::ACMPCA::CfnCertificateAuthorityProps

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
acmpca/cfn_certificate_authority_props.rb

Overview

Properties for defining a CfnCertificateAuthority.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(key_algorithm:, signing_algorithm:, subject:, type:, csr_extensions: nil, key_storage_security_standard: nil, revocation_configuration: nil, tags: nil, usage_mode: nil) ⇒ CfnCertificateAuthorityProps

Returns a new instance of CfnCertificateAuthorityProps.

Parameters:

  • key_algorithm (String)

    Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.

  • signing_algorithm (String)

    Name of the algorithm your private CA uses to sign certificate requests.

  • subject (AWSCDK::IResolvable, AWSCDK::ACMPCA::CfnCertificateAuthority::SubjectProperty)

    Structure that contains X.500 distinguished name information for your private CA.

  • type (String)

    Type of your private CA.

  • csr_extensions (AWSCDK::IResolvable, AWSCDK::ACMPCA::CfnCertificateAuthority::CsrExtensionsProperty, nil) (defaults to: nil)

    Specifies information to be added to the extension section of the certificate signing request (CSR).

  • key_storage_security_standard (String, nil) (defaults to: nil)

    Specifies a cryptographic key management compliance standard for handling and protecting CA keys.

  • revocation_configuration (AWSCDK::IResolvable, AWSCDK::ACMPCA::CfnCertificateAuthority::RevocationConfigurationProperty, nil) (defaults to: nil)

    Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.

  • tags (Array<AWSCDK::CfnTag>, nil) (defaults to: nil)

    Key-value pairs that will be attached to the new private CA.

  • usage_mode (String, nil) (defaults to: nil)

    Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# File 'acmpca/cfn_certificate_authority_props.rb', line 18

def initialize(key_algorithm:, signing_algorithm:, subject:, type:, csr_extensions: nil, key_storage_security_standard: nil, revocation_configuration: nil, tags: nil, usage_mode: nil)
  @key_algorithm = key_algorithm
  Jsii::Type.check_type(@key_algorithm, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "keyAlgorithm")
  @signing_algorithm = signing_algorithm
  Jsii::Type.check_type(@signing_algorithm, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "signingAlgorithm")
  @subject = subject.is_a?(Hash) ? ::AWSCDK::ACMPCA::CfnCertificateAuthority::SubjectProperty.new(**subject.transform_keys(&:to_sym)) : subject
  Jsii::Type.check_type(@subject, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19hY21wY2EuQ2ZuQ2VydGlmaWNhdGVBdXRob3JpdHkuU3ViamVjdFByb3BlcnR5In1dfX0=")), "subject")
  @type = type
  Jsii::Type.check_type(@type, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "type")
  @csr_extensions = csr_extensions.is_a?(Hash) ? ::AWSCDK::ACMPCA::CfnCertificateAuthority::CsrExtensionsProperty.new(**csr_extensions.transform_keys(&:to_sym)) : csr_extensions
  Jsii::Type.check_type(@csr_extensions, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19hY21wY2EuQ2ZuQ2VydGlmaWNhdGVBdXRob3JpdHkuQ3NyRXh0ZW5zaW9uc1Byb3BlcnR5In1dfX0=")), "csrExtensions") unless @csr_extensions.nil?
  @key_storage_security_standard = key_storage_security_standard
  Jsii::Type.check_type(@key_storage_security_standard, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "keyStorageSecurityStandard") unless @key_storage_security_standard.nil?
  @revocation_configuration = revocation_configuration.is_a?(Hash) ? ::AWSCDK::ACMPCA::CfnCertificateAuthority::RevocationConfigurationProperty.new(**revocation_configuration.transform_keys(&:to_sym)) : revocation_configuration
  Jsii::Type.check_type(@revocation_configuration, JSON.parse(Base64.strict_decode64("eyJ1bmlvbiI6eyJ0eXBlcyI6W3siZnFuIjoiYXdzLWNkay1saWIuSVJlc29sdmFibGUifSx7ImZxbiI6ImF3cy1jZGstbGliLmF3c19hY21wY2EuQ2ZuQ2VydGlmaWNhdGVBdXRob3JpdHkuUmV2b2NhdGlvbkNvbmZpZ3VyYXRpb25Qcm9wZXJ0eSJ9XX19")), "revocationConfiguration") unless @revocation_configuration.nil?
  @tags = tags.is_a?(Array) ? tags.map { |jsii_v0| jsii_v0.is_a?(Hash) ? ::AWSCDK::CfnTag.new(**jsii_v0.transform_keys(&:to_sym)) : jsii_v0 } : tags
  Jsii::Type.check_type(@tags, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7ImZxbiI6ImF3cy1jZGstbGliLkNmblRhZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "tags") unless @tags.nil?
  @usage_mode = usage_mode
  Jsii::Type.check_type(@usage_mode, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "usageMode") unless @usage_mode.nil?
end

Instance Attribute Details

#csr_extensionsAWSCDK::IResolvable, ... (readonly)

Specifies information to be added to the extension section of the certificate signing request (CSR).



67
68
69
# File 'acmpca/cfn_certificate_authority_props.rb', line 67

def csr_extensions
  @csr_extensions
end

#key_algorithmString (readonly)

Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.

When you create a subordinate CA, you must use a key algorithm supported by the parent CA.



45
46
47
# File 'acmpca/cfn_certificate_authority_props.rb', line 45

def key_algorithm
  @key_algorithm
end

#key_storage_security_standardString? (readonly)

Specifies a cryptographic key management compliance standard for handling and protecting CA keys.

Default: FIPS_140_2_LEVEL_3_OR_HIGHER

Some AWS Regions don't support the default value. When you create a CA in these Regions, you must use CCPC_LEVEL_1_OR_HIGHER for the KeyStorageSecurityStandard parameter. If you don't, the operation returns an InvalidArgsException with this message: "A certificate authority cannot be created in this region with the specified security standard."

For information about security standard support in different AWS Regions, see Storage and security compliance of AWS Private CA private keys .



78
79
80
# File 'acmpca/cfn_certificate_authority_props.rb', line 78

def key_storage_security_standard
  @key_storage_security_standard
end

#revocation_configurationAWSCDK::IResolvable, ... (readonly)

Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.



83
84
85
# File 'acmpca/cfn_certificate_authority_props.rb', line 83

def revocation_configuration
  @revocation_configuration
end

#signing_algorithmString (readonly)

Name of the algorithm your private CA uses to sign certificate requests.

This parameter should not be confused with the SigningAlgorithm parameter used to sign certificates when they are issued.



52
53
54
# File 'acmpca/cfn_certificate_authority_props.rb', line 52

def signing_algorithm
  @signing_algorithm
end

#subjectAWSCDK::IResolvable, AWSCDK::ACMPCA::CfnCertificateAuthority::SubjectProperty (readonly)

Structure that contains X.500 distinguished name information for your private CA.



57
58
59
# File 'acmpca/cfn_certificate_authority_props.rb', line 57

def subject
  @subject
end

#tagsArray<AWSCDK::CfnTag>? (readonly)

Key-value pairs that will be attached to the new private CA.

You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags .



90
91
92
# File 'acmpca/cfn_certificate_authority_props.rb', line 90

def tags
  @tags
end

#typeString (readonly)

Type of your private CA.



62
63
64
# File 'acmpca/cfn_certificate_authority_props.rb', line 62

def type
  @type
end

#usage_modeString? (readonly)

Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.

Short-lived certificate validity is limited to seven days.

The default value is GENERAL_PURPOSE.



99
100
101
# File 'acmpca/cfn_certificate_authority_props.rb', line 99

def usage_mode
  @usage_mode
end

Class Method Details

.jsii_propertiesObject



101
102
103
104
105
106
107
108
109
110
111
112
113
# File 'acmpca/cfn_certificate_authority_props.rb', line 101

def self.jsii_properties
  {
    :key_algorithm => "keyAlgorithm",
    :signing_algorithm => "signingAlgorithm",
    :subject => "subject",
    :type => "type",
    :csr_extensions => "csrExtensions",
    :key_storage_security_standard => "keyStorageSecurityStandard",
    :revocation_configuration => "revocationConfiguration",
    :tags => "tags",
    :usage_mode => "usageMode",
  }
end

Instance Method Details

#to_jsiiObject



115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# File 'acmpca/cfn_certificate_authority_props.rb', line 115

def to_jsii
  result = {}
  result.merge!({
    "keyAlgorithm" => @key_algorithm,
    "signingAlgorithm" => @signing_algorithm,
    "subject" => @subject,
    "type" => @type,
    "csrExtensions" => @csr_extensions,
    "keyStorageSecurityStandard" => @key_storage_security_standard,
    "revocationConfiguration" => @revocation_configuration,
    "tags" => @tags,
    "usageMode" => @usage_mode,
  })
  result.compact
end