{ "typeName" : "AWS::ACMPCA::Certificate", "description" : "A certificate issued via a private certificate authority", "sourceUrl" : "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_ACMPCA.html", "definitions" : { "ApiPassthrough" : { "description" : "Structure that specifies fields to be overridden in a certificate at the time of issuance. These requires an API Passthrough template be used or they will be ignored.", "type" : "object", "additionalProperties" : false, "properties" : { "Extensions" : { "$ref" : "#/definitions/Extensions" }, "Subject" : { "$ref" : "#/definitions/Subject" } } }, "Arn" : { "type" : "string" }, "CertificatePolicyList" : { "type" : "array", "items" : { "$ref" : "#/definitions/PolicyInformation" } }, "ExtendedKeyUsage" : { "description" : "Structure that contains X.509 ExtendedKeyUsage information.", "type" : "object", "additionalProperties" : false, "properties" : { "ExtendedKeyUsageType" : { "type" : "string" }, "ExtendedKeyUsageObjectIdentifier" : { "$ref" : "#/definitions/CustomObjectIdentifier" } } }, "ExtendedKeyUsageList" : { "type" : "array", "items" : { "$ref" : "#/definitions/ExtendedKeyUsage" } }, "Extensions" : { "description" : "Structure that contains X.500 extensions for a Certificate.", "type" : "object", "additionalProperties" : false, "properties" : { "CertificatePolicies" : { "$ref" : "#/definitions/CertificatePolicyList" }, "ExtendedKeyUsage" : { "$ref" : "#/definitions/ExtendedKeyUsageList" }, "KeyUsage" : { "$ref" : "#/definitions/KeyUsage" }, "SubjectAlternativeNames" : { "$ref" : "#/definitions/GeneralNameList" }, "CustomExtensions" : { "$ref" : "#/definitions/CustomExtensionList" } } }, "CustomExtensionList" : { "description" : "Array of X.509 extensions for a certificate.", "type" : "array", "items" : { "$ref" : "#/definitions/CustomExtension" } }, "CustomExtension" : { "description" : "Structure that contains X.509 extension information for a certificate.", "type" : "object", "additionalProperties" : false, "properties" : { "Critical" : { "type" : "boolean" }, "ObjectIdentifier" : { "$ref" : "#/definitions/CustomObjectIdentifier" }, "Value" : { "type" : "string" } }, "required" : [ "ObjectIdentifier", "Value" ] }, "GeneralNameList" : { "type" : "array", "items" : { "$ref" : "#/definitions/GeneralName" } }, "GeneralName" : { "description" : "Structure that contains X.509 GeneralName information. Assign one and ONLY one field.", "type" : "object", "additionalProperties" : false, "properties" : { "OtherName" : { "$ref" : "#/definitions/OtherName" }, "Rfc822Name" : { "$ref" : "#/definitions/Rfc822Name" }, "DnsName" : { "$ref" : "#/definitions/DnsName" }, "DirectoryName" : { "$ref" : "#/definitions/Subject" }, "EdiPartyName" : { "$ref" : "#/definitions/EdiPartyName" }, "UniformResourceIdentifier" : { "$ref" : "#/definitions/UniformResourceIdentifier" }, "IpAddress" : { "$ref" : "#/definitions/IpAddress" }, "RegisteredId" : { "$ref" : "#/definitions/CustomObjectIdentifier" } } }, "KeyUsage" : { "description" : "Structure that contains X.509 KeyUsage information.", "type" : "object", "additionalProperties" : false, "properties" : { "DigitalSignature" : { "type" : "boolean", "default" : false }, "NonRepudiation" : { "type" : "boolean", "default" : false }, "KeyEncipherment" : { "type" : "boolean", "default" : false }, "DataEncipherment" : { "type" : "boolean", "default" : false }, "KeyAgreement" : { "type" : "boolean", "default" : false }, "KeyCertSign" : { "type" : "boolean", "default" : false }, "CRLSign" : { "type" : "boolean", "default" : false }, "EncipherOnly" : { "type" : "boolean", "default" : false }, "DecipherOnly" : { "type" : "boolean", "default" : false } } }, "PolicyInformation" : { "description" : "Structure that contains X.509 Policy information.", "type" : "object", "additionalProperties" : false, "properties" : { "CertPolicyId" : { "$ref" : "#/definitions/CustomObjectIdentifier" }, "PolicyQualifiers" : { "$ref" : "#/definitions/PolicyQualifierInfoList" } }, "required" : [ "CertPolicyId" ] }, "PolicyQualifierInfo" : { "description" : "Structure that contains X.509 Policy qualifier information.", "type" : "object", "additionalProperties" : false, "properties" : { "PolicyQualifierId" : { "type" : "string" }, "Qualifier" : { "$ref" : "#/definitions/Qualifier" } }, "required" : [ "PolicyQualifierId", "Qualifier" ] }, "PolicyQualifierInfoList" : { "type" : "array", "items" : { "$ref" : "#/definitions/PolicyQualifierInfo" } }, "Qualifier" : { "description" : "Structure that contains a X.509 policy qualifier.", "type" : "object", "additionalProperties" : false, "properties" : { "CpsUri" : { "type" : "string" } }, "required" : [ "CpsUri" ] }, "Subject" : { "description" : "Structure that contains X.500 distinguished name information.", "type" : "object", "additionalProperties" : false, "properties" : { "Country" : { "type" : "string" }, "Organization" : { "type" : "string" }, "OrganizationalUnit" : { "type" : "string" }, "DistinguishedNameQualifier" : { "type" : "string" }, "State" : { "type" : "string" }, "CommonName" : { "type" : "string" }, "SerialNumber" : { "type" : "string" }, "Locality" : { "type" : "string" }, "Title" : { "type" : "string" }, "Surname" : { "type" : "string" }, "GivenName" : { "type" : "string" }, "Initials" : { "type" : "string" }, "Pseudonym" : { "type" : "string" }, "GenerationQualifier" : { "type" : "string" }, "CustomAttributes" : { "$ref" : "#/definitions/CustomAttributeList" } } }, "CustomAttributeList" : { "description" : "Array of X.500 attribute type and value. CustomAttributes cannot be used along with pre-defined attributes.", "type" : "array", "items" : { "$ref" : "#/definitions/CustomAttribute" } }, "CustomAttribute" : { "description" : "Structure that contains X.500 attribute type and value.", "type" : "object", "additionalProperties" : false, "properties" : { "ObjectIdentifier" : { "$ref" : "#/definitions/CustomObjectIdentifier" }, "Value" : { "type" : "string" } }, "required" : [ "ObjectIdentifier", "Value" ] }, "Validity" : { "description" : "Validity for a certificate.", "type" : "object", "additionalProperties" : false, "properties" : { "Value" : { "type" : "number" }, "Type" : { "type" : "string" } }, "required" : [ "Value", "Type" ] }, "CustomObjectIdentifier" : { "description" : "String that contains X.509 ObjectIdentifier information.", "type" : "string" }, "OtherName" : { "description" : "Structure that contains X.509 OtherName information.", "type" : "object", "additionalProperties" : false, "properties" : { "TypeId" : { "$ref" : "#/definitions/CustomObjectIdentifier" }, "Value" : { "type" : "string" } }, "required" : [ "TypeId", "Value" ] }, "Rfc822Name" : { "description" : "String that contains X.509 Rfc822Name information.", "type" : "string" }, "DnsName" : { "description" : "String that contains X.509 DnsName information.", "type" : "string" }, "EdiPartyName" : { "description" : "Structure that contains X.509 EdiPartyName information.", "type" : "object", "additionalProperties" : false, "properties" : { "PartyName" : { "type" : "string" }, "NameAssigner" : { "type" : "string" } }, "required" : [ "PartyName", "NameAssigner" ] }, "UniformResourceIdentifier" : { "description" : "String that contains X.509 UniformResourceIdentifier information.", "type" : "string" }, "IpAddress" : { "description" : "String that contains X.509 IpAddress information.", "type" : "string" } }, "properties" : { "ApiPassthrough" : { "description" : "These are fields to be overridden in a certificate at the time of issuance. These requires an API_Passthrough template be used or they will be ignored.", "$ref" : "#/definitions/ApiPassthrough" }, "CertificateAuthorityArn" : { "description" : "The Amazon Resource Name (ARN) for the private CA to issue the certificate.", "$ref" : "#/definitions/Arn" }, "CertificateSigningRequest" : { "description" : "The certificate signing request (CSR) for the Certificate.", "type" : "string", "minLength" : 1 }, "SigningAlgorithm" : { "description" : "The name of the algorithm that will be used to sign the Certificate.", "type" : "string" }, "TemplateArn" : { "description" : "Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided, ACM Private CA defaults to the EndEntityCertificate/V1 template.", "$ref" : "#/definitions/Arn" }, "Validity" : { "description" : "The time before which the Certificate will be valid.", "$ref" : "#/definitions/Validity" }, "ValidityNotBefore" : { "description" : "The time after which the Certificate will be valid.", "$ref" : "#/definitions/Validity" }, "Certificate" : { "description" : "The issued certificate in base 64 PEM-encoded format.", "type" : "string" }, "Arn" : { "description" : "The ARN of the issued certificate.", "$ref" : "#/definitions/Arn" } }, "additionalProperties" : false, "required" : [ "CertificateAuthorityArn", "CertificateSigningRequest", "SigningAlgorithm", "Validity" ], "readOnlyProperties" : [ "/properties/Arn", "/properties/Certificate" ], "createOnlyProperties" : [ "/properties/ApiPassthrough", "/properties/CertificateAuthorityArn", "/properties/CertificateSigningRequest", "/properties/SigningAlgorithm", "/properties/TemplateArn", "/properties/Validity", "/properties/ValidityNotBefore" ], "writeOnlyProperties" : [ "/properties/ApiPassthrough", "/properties/CertificateSigningRequest" ], "primaryIdentifier" : [ "/properties/Arn", "/properties/CertificateAuthorityArn" ], "handlers" : { "create" : { "permissions" : [ "acm-pca:IssueCertificate", "acm-pca:GetCertificate" ] }, "read" : { "permissions" : [ "acm-pca:GetCertificate" ] }, "delete" : { "permissions" : [ "acm-pca:GetCertificate" ] }, "update" : { "permissions" : [ ] } } }