CertificateAuthority
The CertificateAuthority resource lets you create and manage AWS ACMPCA CertificateAuthoritys for issuing and managing digital certificates.
Minimal Example
Section titled “Minimal Example”Create a basic certificate authority with required properties and a common optional property for revocation configuration.
import AWS from "alchemy/aws/control";
const basicCertificateAuthority = await AWS.ACMPCA.CertificateAuthority("basicCA", {  Type: "SUBORDINATE",  SigningAlgorithm: "SHA256WITHRSA",  KeyAlgorithm: "RSA_2048",  Subject: {    Country: "US",    Organization: "My Organization",    OrganizationalUnit: "IT",    CommonName: "myca.example.com"  },  RevocationConfiguration: {    CrlConfiguration: {      Enabled: true,      ExpirationInDays: 7,      S3BucketName: "my-certificate-revocation-list",      CustomCname: "crl.myca.example.com"    }  },  Tags: [{ Key: "Environment", Value: "Production" }]});Advanced Configuration
Section titled “Advanced Configuration”Configure a certificate authority with additional options such as CSR extensions and key storage security standards.
const advancedCertificateAuthority = await AWS.ACMPCA.CertificateAuthority("advancedCA", {  Type: "ROOT",  SigningAlgorithm: "SHA256WITHRSA",  KeyAlgorithm: "RSA_4096",  Subject: {    Country: "US",    Organization: "Advanced Organization",    OrganizationalUnit: "Security",    CommonName: "advancedca.example.com"  },  CsrExtensions: {    KeyUsage: ["DIGITAL_SIGNATURE", "KEY_ENCIPHERMENT"],    ExtendedKeyUsage: ["SERVER_AUTH", "CLIENT_AUTH"]  },  KeyStorageSecurityStandard: "FIPS_140_2_LEVEL_3",  Tags: [{ Key: "Project", Value: "SecureApp" }]});Adoption of Existing Certificate Authority
Section titled “Adoption of Existing Certificate Authority”If you need to adopt an existing certificate authority instead of creating a new one, use the adopt property.
const existingCertificateAuthority = await AWS.ACMPCA.CertificateAuthority("existingCA", {  Type: "SUBORDINATE",  SigningAlgorithm: "SHA256WITHRSA",  KeyAlgorithm: "RSA_2048",  Subject: {    Country: "US",    Organization: "Existing Organization",    OrganizationalUnit: "Compliance",    CommonName: "existingca.example.com"  },  adopt: true // Adopt existing resource});Example with Usage Mode
Section titled “Example with Usage Mode”Create a certificate authority with a specific usage mode, which defines how the certificates can be used.
const usageModeCertificateAuthority = await AWS.ACMPCA.CertificateAuthority("usageModeCA", {  Type: "ROOT",  SigningAlgorithm: "SHA256WITHRSA",  KeyAlgorithm: "RSA_2048",  Subject: {    Country: "US",    Organization: "Usage Mode Org",    OrganizationalUnit: "Development",    CommonName: "usagemodeca.example.com"  },  UsageMode: "DEFAULT", // Specify usage mode  Tags: [{ Key: "Department", Value: "R&D" }]});