{ "typeName" : "AWS::ACMPCA::CertificateAuthority", "description" : "Private certificate authority.", "sourceUrl" : "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_ACMPCA.html", "definitions" : { "Arn" : { "type" : "string" }, "Tag" : { "type" : "object", "additionalProperties" : false, "properties" : { "Key" : { "type" : "string" }, "Value" : { "type" : "string" } } }, "Subject" : { "description" : "Structure that contains X.500 distinguished name information for your CA.", "type" : "object", "additionalProperties" : false, "properties" : { "Country" : { "type" : "string" }, "Organization" : { "type" : "string" }, "OrganizationalUnit" : { "type" : "string" }, "DistinguishedNameQualifier" : { "type" : "string" }, "State" : { "type" : "string" }, "CommonName" : { "type" : "string" }, "SerialNumber" : { "type" : "string" }, "Locality" : { "type" : "string" }, "Title" : { "type" : "string" }, "Surname" : { "type" : "string" }, "GivenName" : { "type" : "string" }, "Initials" : { "type" : "string" }, "Pseudonym" : { "type" : "string" }, "GenerationQualifier" : { "type" : "string" }, "CustomAttributes" : { "$ref" : "#/definitions/CustomAttributeList" } } }, "CustomAttributeList" : { "description" : "Array of X.500 attribute type and value. CustomAttributes cannot be used along with pre-defined attributes.", "type" : "array", "items" : { "$ref" : "#/definitions/CustomAttribute" } }, "CustomAttribute" : { "description" : "Structure that contains X.500 attribute type and value.", "type" : "object", "additionalProperties" : false, "properties" : { "ObjectIdentifier" : { "$ref" : "#/definitions/CustomObjectIdentifier" }, "Value" : { "type" : "string" } }, "required" : [ "ObjectIdentifier", "Value" ] }, "CrlConfiguration" : { "description" : "Your certificate authority can create and maintain a certificate revocation list (CRL). A CRL contains information about certificates that have been revoked.", "type" : "object", "additionalProperties" : false, "properties" : { "Enabled" : { "type" : "boolean" }, "ExpirationInDays" : { "type" : "integer" }, "CustomCname" : { "type" : "string" }, "S3BucketName" : { "type" : "string" }, "S3ObjectAcl" : { "type" : "string" } } }, "OcspConfiguration" : { "description" : "Helps to configure online certificate status protocol (OCSP) responder for your certificate authority", "type" : "object", "additionalProperties" : false, "properties" : { "Enabled" : { "type" : "boolean" }, "OcspCustomCname" : { "type" : "string" } } }, "RevocationConfiguration" : { "description" : "Certificate Authority revocation information.", "type" : "object", "additionalProperties" : false, "properties" : { "CrlConfiguration" : { "$ref" : "#/definitions/CrlConfiguration" }, "OcspConfiguration" : { "$ref" : "#/definitions/OcspConfiguration" } } }, "KeyUsage" : { "description" : "Structure that contains X.509 KeyUsage information.", "type" : "object", "additionalProperties" : false, "properties" : { "DigitalSignature" : { "type" : "boolean", "default" : false }, "NonRepudiation" : { "type" : "boolean", "default" : false }, "KeyEncipherment" : { "type" : "boolean", "default" : false }, "DataEncipherment" : { "type" : "boolean", "default" : false }, "KeyAgreement" : { "type" : "boolean", "default" : false }, "KeyCertSign" : { "type" : "boolean", "default" : false }, "CRLSign" : { "type" : "boolean", "default" : false }, "EncipherOnly" : { "type" : "boolean", "default" : false }, "DecipherOnly" : { "type" : "boolean", "default" : false } } }, "CustomObjectIdentifier" : { "description" : "String that contains X.509 ObjectIdentifier information.", "type" : "string" }, "AccessMethodType" : { "description" : "Pre-defined enum string for X.509 AccessMethod ObjectIdentifiers.", "type" : "string" }, "AccessMethod" : { "description" : "Structure that contains X.509 AccessMethod information. Assign one and ONLY one field.", "type" : "object", "additionalProperties" : false, "properties" : { "CustomObjectIdentifier" : { "$ref" : "#/definitions/CustomObjectIdentifier" }, "AccessMethodType" : { "$ref" : "#/definitions/AccessMethodType" } } }, "OtherName" : { "description" : "Structure that contains X.509 OtherName information.", "type" : "object", "additionalProperties" : false, "properties" : { "TypeId" : { "$ref" : "#/definitions/CustomObjectIdentifier" }, "Value" : { "type" : "string" } }, "required" : [ "TypeId", "Value" ] }, "Rfc822Name" : { "description" : "String that contains X.509 Rfc822Name information.", "type" : "string" }, "DnsName" : { "description" : "String that contains X.509 DnsName information.", "type" : "string" }, "EdiPartyName" : { "description" : "Structure that contains X.509 EdiPartyName information.", "type" : "object", "additionalProperties" : false, "properties" : { "PartyName" : { "type" : "string" }, "NameAssigner" : { "type" : "string" } }, "required" : [ "PartyName", "NameAssigner" ] }, "UniformResourceIdentifier" : { "description" : "String that contains X.509 UniformResourceIdentifier information.", "type" : "string" }, "IpAddress" : { "description" : "String that contains X.509 IpAddress information.", "type" : "string" }, "GeneralName" : { "description" : "Structure that contains X.509 GeneralName information. Assign one and ONLY one field.", "type" : "object", "additionalProperties" : false, "properties" : { "OtherName" : { "$ref" : "#/definitions/OtherName" }, "Rfc822Name" : { "$ref" : "#/definitions/Rfc822Name" }, "DnsName" : { "$ref" : "#/definitions/DnsName" }, "DirectoryName" : { "$ref" : "#/definitions/Subject" }, "EdiPartyName" : { "$ref" : "#/definitions/EdiPartyName" }, "UniformResourceIdentifier" : { "$ref" : "#/definitions/UniformResourceIdentifier" }, "IpAddress" : { "$ref" : "#/definitions/IpAddress" }, "RegisteredId" : { "$ref" : "#/definitions/CustomObjectIdentifier" } } }, "AccessDescription" : { "description" : "Structure that contains X.509 AccessDescription information.", "type" : "object", "additionalProperties" : false, "properties" : { "AccessMethod" : { "$ref" : "#/definitions/AccessMethod" }, "AccessLocation" : { "$ref" : "#/definitions/GeneralName" } }, "required" : [ "AccessMethod", "AccessLocation" ] }, "SubjectInformationAccess" : { "description" : "Array of X.509 AccessDescription.", "type" : "array", "items" : { "$ref" : "#/definitions/AccessDescription" } }, "CsrExtensions" : { "description" : "Structure that contains CSR pass though extensions information.", "type" : "object", "additionalProperties" : false, "properties" : { "KeyUsage" : { "$ref" : "#/definitions/KeyUsage" }, "SubjectInformationAccess" : { "$ref" : "#/definitions/SubjectInformationAccess" } } } }, "properties" : { "Arn" : { "description" : "The Amazon Resource Name (ARN) of the certificate authority.", "$ref" : "#/definitions/Arn" }, "Type" : { "description" : "The type of the certificate authority.", "type" : "string" }, "KeyAlgorithm" : { "description" : "Public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate.", "type" : "string" }, "SigningAlgorithm" : { "description" : "Algorithm your CA uses to sign certificate requests.", "type" : "string" }, "Subject" : { "description" : "Structure that contains X.500 distinguished name information for your CA.", "$ref" : "#/definitions/Subject" }, "RevocationConfiguration" : { "description" : "Certificate revocation information used by the CreateCertificateAuthority and UpdateCertificateAuthority actions.", "$ref" : "#/definitions/RevocationConfiguration" }, "Tags" : { "type" : "array", "items" : { "$ref" : "#/definitions/Tag" } }, "CertificateSigningRequest" : { "description" : "The base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.", "type" : "string" }, "CsrExtensions" : { "description" : "Structure that contains CSR pass through extension information used by the CreateCertificateAuthority action.", "$ref" : "#/definitions/CsrExtensions" }, "KeyStorageSecurityStandard" : { "description" : "KeyStorageSecurityStadard defines a cryptographic key management compliance standard used for handling CA keys.", "type" : "string" }, "UsageMode" : { "description" : "Usage mode of the ceritificate authority.", "type" : "string" } }, "additionalProperties" : false, "required" : [ "Type", "KeyAlgorithm", "SigningAlgorithm", "Subject" ], "readOnlyProperties" : [ "/properties/Arn", "/properties/CertificateSigningRequest" ], "writeOnlyProperties" : [ "/properties/Subject" ], "createOnlyProperties" : [ "/properties/Type", "/properties/KeyAlgorithm", "/properties/SigningAlgorithm", "/properties/Subject", "/properties/CsrExtensions", "/properties/KeyStorageSecurityStandard", "/properties/UsageMode" ], "primaryIdentifier" : [ "/properties/Arn" ], "handlers" : { "create" : { "permissions" : [ "acm-pca:CreateCertificateAuthority", "acm-pca:DescribeCertificateAuthority", "acm-pca:GetCertificateAuthorityCsr" ] }, "read" : { "permissions" : [ "acm-pca:DescribeCertificateAuthority", "acm-pca:GetCertificateAuthorityCsr", "acm-pca:ListTags" ] }, "update" : { "permissions" : [ "acm-pca:ListTags", "acm-pca:TagCertificateAuthority", "acm-pca:UntagCertificateAuthority", "acm-pca:UpdateCertificateAuthority" ] }, "delete" : { "permissions" : [ "acm-pca:DeleteCertificateAuthority" ] }, "list" : { "permissions" : [ "acm-pca:DescribeCertificateAuthority", "acm-pca:GetCertificateAuthorityCsr", "acm-pca:ListCertificateAuthorities", "acm-pca:ListTags" ] } } }