AWS Fundamentals Logo
AWS Fundamentals
AWS::ACMPCA::CertificateAuthority

ACMPCA CertificateAuthority

Private certificate authority.

Properties

9 configurable properties. 4 required. Click a row to see details.

Filter:
PropertyTypeFlags
KeyAlgorithm
string
RequiredCreate-only
SigningAlgorithm
string
RequiredCreate-only
Subject
Subject
RequiredCreate-onlyWrite-only
Type
string
RequiredCreate-only
CsrExtensions
CsrExtensions
Create-onlyWrite-only
KeyStorageSecurityStandard
string
Create-onlyWrite-only
RevocationConfiguration
RevocationConfiguration
Write-only
Tags
Array<Tag>
UsageMode
string
Create-only

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

AttributeTypeDescription
ArnstringThe Amazon Resource Name (ARN) of the certificate authority.
CertificateSigningRequeststringThe base64 PEM-encoded certificate signing request (CSR) for your certificate authority certificate.

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::ACMPCA::CertificateAuthority

Resources:
  MyResource:
    Type: AWS::ACMPCA::CertificateAuthority
    Properties:
      Type: "value"
      KeyAlgorithm: "value"
      SigningAlgorithm: "value"
      Subject: "value"
      Tags:
        - Key: Environment
          Value: Production

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

acm-pca:CreateCertificateAuthorityacm-pca:DescribeCertificateAuthorityacm-pca:GetCertificateAuthorityCsracm-pca:TagCertificateAuthority

read

acm-pca:DescribeCertificateAuthorityacm-pca:GetCertificateAuthorityCsracm-pca:ListTags

update

acm-pca:TagCertificateAuthorityacm-pca:UntagCertificateAuthorityacm-pca:UpdateCertificateAuthority

delete

acm-pca:DeleteCertificateAuthorityacm-pca:DescribeCertificateAuthority

list

acm-pca:DescribeCertificateAuthorityacm-pca:GetCertificateAuthorityCsracm-pca:ListCertificateAuthoritiesacm-pca:ListTags

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceACMPCA
Properties11
Required4
TaggingSupported
Primary IDArn

Supported Operations

CreateReadUpdateDeleteList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

TypeKeyAlgorithmSigningAlgorithmSubjectCsrExtensionsKeyStorageSecurityStandardUsageMode

Related Resources

External Links