Skip to content

Data Source: awsAcmpcaCertificateAuthority

Get information on a AWS Certificate Manager Private Certificate Authority (ACM PCA Certificate Authority).

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.dataAwsAcmpcaCertificateAuthority.DataAwsAcmpcaCertificateAuthority(
  this,
  "example",
  {
    arn: "arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012",
  }
);

Argument Reference

The following arguments are supported:

  • arn - (Required) ARN of the certificate authority.

Attribute Reference

In addition to all arguments above, the following attributes are exported:

  • id - ARN of the certificate authority.
  • certificate - Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.
  • certificateChain - Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.
  • certificateSigningRequest - The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
  • usageMode - Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly.
  • notAfter - Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
  • notBefore - Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.
  • revocationConfiguration - Nested attribute containing revocation configuration.
  • revocationConfiguration0CrlConfiguration - Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority.
    • revocationConfiguration0CrlConfiguration0CustomCname - Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.
    • revocationConfiguration0CrlConfiguration0Enabled - Boolean value that specifies whether certificate revocation lists (CRLs) are enabled.
    • revocationConfiguration0CrlConfiguration0ExpirationInDays - Number of days until a certificate expires.
    • revocationConfiguration0CrlConfiguration0S3BucketName - Name of the S3 bucket that contains the CRL.
    • revocationConfiguration0CrlConfiguration0S3ObjectAcl - Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.
    • revocationConfiguration0OcspConfiguration0Enabled - Boolean value that specifies whether a custom OCSP responder is enabled.
    • revocationConfiguration0OcspConfiguration0OcspCustomCname - A CNAME specifying a customized OCSP domain.
  • serial - Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.
  • status - Status of the certificate authority.
  • tags - Key-value map of user-defined tags that are attached to the certificate authority.
  • type - Type of the certificate authority.