certificates
Creates, updates, deletes or gets a certificate resource or lists certificates in a region
Overview
| Name | certificates |
| Type | Resource |
| Description | The ``AWS::ACMPCA::Certificate`` resource is used to issue a certificate using your private certificate authority. For more information, see the [IssueCertificate](https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html) action. |
| Id | awscc.acmpca.certificates |
Fields
| Name | Datatype | Description |
|---|---|---|
api_passthrough | object | Specifies X.509 certificate information to be included in the issued certificate. An ``APIPassthrough`` or ``APICSRPassthrough`` template variant must be selected, or else this parameter is ignored. |
certificate_authority_arn | string | The Amazon Resource Name (ARN) for the private CA issues the certificate. |
certificate_signing_request | string | The certificate signing request (CSR) for the certificate. |
signing_algorithm | string | The name of the algorithm that will be used to sign the certificate to be issued. <br />This parameter should not be confused with the ``SigningAlgorithm`` parameter used to sign a CSR in the ``CreateCertificateAuthority`` action.<br />The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. |
validity | object | The period of time during which the certificate will be valid. |
certificate | string | |
region | string | AWS region. |
For more information, see AWS::ACMPCA::Certificate.
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | CertificateAuthorityArn, CertificateSigningRequest, SigningAlgorithm, Validity, region |
delete_resource | DELETE | data__Identifier, region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all properties from an individual certificate.
SELECT
region,
api_passthrough,
certificate_authority_arn,
certificate_signing_request,
signing_algorithm,
template_arn,
validity,
validity_not_before,
certificate,
arn
FROM awscc.acmpca.certificates
WHERE region = 'us-east-1' AND data__Identifier = '<Arn>|<CertificateAuthorityArn>';
INSERT example
Use the following StackQL query and manifest file to create a new certificate resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO awscc.acmpca.certificates (
CertificateAuthorityArn,
CertificateSigningRequest,
SigningAlgorithm,
Validity,
region
)
SELECT
'{{ CertificateAuthorityArn }}',
'{{ CertificateSigningRequest }}',
'{{ SigningAlgorithm }}',
'{{ Validity }}',
'{{ region }}';
/*+ create */
INSERT INTO awscc.acmpca.certificates (
ApiPassthrough,
CertificateAuthorityArn,
CertificateSigningRequest,
SigningAlgorithm,
TemplateArn,
Validity,
ValidityNotBefore,
region
)
SELECT
'{{ ApiPassthrough }}',
'{{ CertificateAuthorityArn }}',
'{{ CertificateSigningRequest }}',
'{{ SigningAlgorithm }}',
'{{ TemplateArn }}',
'{{ Validity }}',
'{{ ValidityNotBefore }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: certificate
props:
- name: ApiPassthrough
value:
Extensions:
CertificatePolicies:
- CertPolicyId: '{{ CertPolicyId }}'
PolicyQualifiers:
- PolicyQualifierId: '{{ PolicyQualifierId }}'
Qualifier:
CpsUri: '{{ CpsUri }}'
ExtendedKeyUsage:
- ExtendedKeyUsageType: '{{ ExtendedKeyUsageType }}'
ExtendedKeyUsageObjectIdentifier: null
KeyUsage:
DigitalSignature: '{{ DigitalSignature }}'
NonRepudiation: '{{ NonRepudiation }}'
KeyEncipherment: '{{ KeyEncipherment }}'
DataEncipherment: '{{ DataEncipherment }}'
KeyAgreement: '{{ KeyAgreement }}'
KeyCertSign: '{{ KeyCertSign }}'
CRLSign: '{{ CRLSign }}'
EncipherOnly: '{{ EncipherOnly }}'
DecipherOnly: '{{ DecipherOnly }}'
SubjectAlternativeNames:
- OtherName:
TypeId: null
Value: '{{ Value }}'
Rfc822Name: '{{ Rfc822Name }}'
DnsName: '{{ DnsName }}'
DirectoryName:
Country: '{{ Country }}'
Organization: '{{ Organization }}'
OrganizationalUnit: '{{ OrganizationalUnit }}'
DistinguishedNameQualifier: '{{ DistinguishedNameQualifier }}'
State: '{{ State }}'
CommonName: '{{ CommonName }}'
SerialNumber: '{{ SerialNumber }}'
Locality: '{{ Locality }}'
Title: '{{ Title }}'
Surname: '{{ Surname }}'
GivenName: '{{ GivenName }}'
Initials: '{{ Initials }}'
Pseudonym: '{{ Pseudonym }}'
GenerationQualifier: '{{ GenerationQualifier }}'
CustomAttributes:
- ObjectIdentifier: null
Value: '{{ Value }}'
EdiPartyName:
PartyName: '{{ PartyName }}'
NameAssigner: '{{ NameAssigner }}'
UniformResourceIdentifier: '{{ UniformResourceIdentifier }}'
IpAddress: '{{ IpAddress }}'
RegisteredId: null
CustomExtensions:
- Critical: '{{ Critical }}'
ObjectIdentifier: null
Value: '{{ Value }}'
Subject: null
- name: CertificateAuthorityArn
value: '{{ CertificateAuthorityArn }}'
- name: CertificateSigningRequest
value: '{{ CertificateSigningRequest }}'
- name: SigningAlgorithm
value: '{{ SigningAlgorithm }}'
- name: TemplateArn
value: null
- name: Validity
value:
Value: null
Type: '{{ Type }}'
- name: ValidityNotBefore
value: null
DELETE example
/*+ delete */
DELETE FROM awscc.acmpca.certificates
WHERE data__Identifier = '<Arn|CertificateAuthorityArn>'
AND region = 'us-east-1';
Permissions
To operate on the certificates resource, the following permissions are required:
Create
acm-pca:IssueCertificate,
acm-pca:GetCertificate
Read
acm-pca:GetCertificate
Delete
acm-pca:GetCertificate