paws.security.identity (version 0.1.0)

acmpca: AWS Certificate Manager Private Certificate Authority

Description

You can use the ACM PCA API to create a private certificate authority (CA). You must first call the CreateCertificateAuthority operation. If successful, the operation returns an Amazon Resource Name (ARN) for your private CA. Use this ARN as input to the GetCertificateAuthorityCsr operation to retrieve the certificate signing request (CSR) for your private CA certificate. Sign the CSR using the root or an intermediate CA in your on-premises PKI hierarchy, and call the ImportCertificateAuthorityCertificate to import your signed private CA certificate into ACM PCA.

Use your private CA to issue and revoke certificates. These are private certificates that identify and secure client computers, servers, applications, services, devices, and users over SSLS/TLS connections within your organization. Call the IssueCertificate operation to issue a certificate. Call the RevokeCertificate operation to revoke a certificate.

Certificates issued by your private CA can be trusted only within your organization, not publicly.

Your private CA can optionally create a certificate revocation list (CRL) to track the certificates you revoke. To create a CRL, you must specify a RevocationConfiguration object when you call the CreateCertificateAuthority operation. ACM PCA writes the CRL to an S3 bucket that you specify. You must specify a bucket policy that grants ACM PCA write permission.

You can also call the CreateCertificateAuthorityAuditReport to create an optional audit report, which enumerates all of the issued, valid, expired, and revoked certificates from the CA.

Each ACM PCA API operation has a throttling limit which determines the number of times the operation can be called per second. For more information, see API Rate Limits in ACM PCA in the ACM PCA user guide.

Usage

acmpca()

Arguments

Operations

create_certificate_authority Creates a private subordinate certificate authority (CA)
create_certificate_authority_audit_report Creates an audit report that lists every time that your CA private key is used
create_permission Assigns permissions from a private CA to a designated AWS service
delete_certificate_authority Deletes a private certificate authority (CA)
delete_permission Revokes permissions that a private CA assigned to a designated AWS service
describe_certificate_authority Lists information about your private certificate authority (CA)
describe_certificate_authority_audit_report Lists information about a specific audit report created by calling the CreateCertificateAuthorityAuditReport operation
get_certificate Retrieves a certificate from your private CA
get_certificate_authority_certificate Retrieves the certificate and certificate chain for your private certificate authority (CA)
get_certificate_authority_csr Retrieves the certificate signing request (CSR) for your private certificate authority (CA)
import_certificate_authority_certificate Imports your signed private CA certificate into ACM PCA
issue_certificate Uses your private certificate authority (CA) to issue a client certificate
list_certificate_authorities Lists the private certificate authorities that you created by using the CreateCertificateAuthority operation
list_permissions Lists all the permissions, if any, that have been assigned by a private CA
list_tags Lists the tags, if any, that are associated with your private CA
restore_certificate_authority Restores a certificate authority (CA) that is in the DELETED state
revoke_certificate Revokes a certificate that you issued by calling the IssueCertificate operation
tag_certificate_authority Adds one or more tags to your private CA
untag_certificate_authority Remove one or more tags from your private CA

Examples

Run this code
# NOT RUN {
svc <- acmpca()
svc$create_certificate_authority(
  Foo = 123
)
# }
# NOT RUN {
# }

Run the code above in your browser using DataCamp Workspace