1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package acmpca 4 5import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/aws-sdk-go-v2/service/acmpca/types" 10 "github.com/aws/smithy-go/middleware" 11 smithyhttp "github.com/aws/smithy-go/transport/http" 12) 13 14// Creates a root or subordinate private certificate authority (CA). You must 15// specify the CA configuration, an optional configuration for Online Certificate 16// Status Protocol (OCSP) and/or a certificate revocation list (CRL), the CA type, 17// and an optional idempotency token to avoid accidental creation of multiple CAs. 18// The CA configuration specifies the name of the algorithm and key size to be used 19// to create the CA private key, the type of signing algorithm that the CA uses, 20// and X.500 subject information. The OCSP configuration can optionally specify a 21// custom URL for the OCSP responder. The CRL configuration specifies the CRL 22// expiration period in days (the validity period of the CRL), the Amazon S3 bucket 23// that will contain the CRL, and a CNAME alias for the S3 bucket that is included 24// in certificates issued by the CA. If successful, this action returns the Amazon 25// Resource Name (ARN) of the CA. ACM Private CA assets that are stored in Amazon 26// S3 can be protected with encryption. For more information, see Encrypting Your 27// CRLs 28// (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption). 29// Both PCA and the IAM principal must have permission to write to the S3 bucket 30// that you specify. If the IAM principal making the call does not have permission 31// to write to the bucket, then an exception is thrown. For more information, see 32// Configure Access to ACM Private CA 33// (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 34func (c *Client) CreateCertificateAuthority(ctx context.Context, params *CreateCertificateAuthorityInput, optFns ...func(*Options)) (*CreateCertificateAuthorityOutput, error) { 35 if params == nil { 36 params = &CreateCertificateAuthorityInput{} 37 } 38 39 result, metadata, err := c.invokeOperation(ctx, "CreateCertificateAuthority", params, optFns, c.addOperationCreateCertificateAuthorityMiddlewares) 40 if err != nil { 41 return nil, err 42 } 43 44 out := result.(*CreateCertificateAuthorityOutput) 45 out.ResultMetadata = metadata 46 return out, nil 47} 48 49type CreateCertificateAuthorityInput struct { 50 51 // Name and bit size of the private key algorithm, the name of the signing 52 // algorithm, and X.500 certificate subject information. 53 // 54 // This member is required. 55 CertificateAuthorityConfiguration *types.CertificateAuthorityConfiguration 56 57 // The type of the certificate authority. 58 // 59 // This member is required. 60 CertificateAuthorityType types.CertificateAuthorityType 61 62 // Custom string that can be used to distinguish between calls to the 63 // CreateCertificateAuthority action. Idempotency tokens for 64 // CreateCertificateAuthority time out after five minutes. Therefore, if you call 65 // CreateCertificateAuthority multiple times with the same idempotency token within 66 // five minutes, ACM Private CA recognizes that you are requesting only certificate 67 // authority and will issue only one. If you change the idempotency token for each 68 // call, PCA recognizes that you are requesting multiple certificate authorities. 69 IdempotencyToken *string 70 71 // Specifies a cryptographic key management compliance standard used for handling 72 // CA keys. Default: FIPS_140_2_LEVEL_3_OR_HIGHER Note: 73 // FIPS_140_2_LEVEL_3_OR_HIGHER is not supported in Region ap-northeast-3. When 74 // creating a CA in the ap-northeast-3, you must provide 75 // FIPS_140_2_LEVEL_2_OR_HIGHER as the argument for KeyStorageSecurityStandard. 76 // Failure to do this results in an InvalidArgsException with the message, "A 77 // certificate authority cannot be created in this region with the specified 78 // security standard." 79 KeyStorageSecurityStandard types.KeyStorageSecurityStandard 80 81 // Contains information to enable Online Certificate Status Protocol (OCSP) 82 // support, to enable a certificate revocation list (CRL), to enable both, or to 83 // enable neither. The default is for both certificate validation mechanisms to be 84 // disabled. For more information, see the OcspConfiguration 85 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html) 86 // and CrlConfiguration 87 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html) 88 // types. 89 RevocationConfiguration *types.RevocationConfiguration 90 91 // Key-value pairs that will be attached to the new private CA. You can associate 92 // up to 50 tags with a private CA. For information using tags with IAM to manage 93 // permissions, see Controlling Access Using IAM Tags 94 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html). 95 Tags []types.Tag 96 97 noSmithyDocumentSerde 98} 99 100type CreateCertificateAuthorityOutput struct { 101 102 // If successful, the Amazon Resource Name (ARN) of the certificate authority (CA). 103 // This is of the form: 104 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 105 // . 106 CertificateAuthorityArn *string 107 108 // Metadata pertaining to the operation's result. 109 ResultMetadata middleware.Metadata 110 111 noSmithyDocumentSerde 112} 113 114func (c *Client) addOperationCreateCertificateAuthorityMiddlewares(stack *middleware.Stack, options Options) (err error) { 115 err = stack.Serialize.Add(&awsAwsjson11_serializeOpCreateCertificateAuthority{}, middleware.After) 116 if err != nil { 117 return err 118 } 119 err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpCreateCertificateAuthority{}, middleware.After) 120 if err != nil { 121 return err 122 } 123 if err = addSetLoggerMiddleware(stack, options); err != nil { 124 return err 125 } 126 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 127 return err 128 } 129 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 130 return err 131 } 132 if err = addResolveEndpointMiddleware(stack, options); err != nil { 133 return err 134 } 135 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 136 return err 137 } 138 if err = addRetryMiddlewares(stack, options); err != nil { 139 return err 140 } 141 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 142 return err 143 } 144 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 145 return err 146 } 147 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 148 return err 149 } 150 if err = addClientUserAgent(stack); err != nil { 151 return err 152 } 153 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 154 return err 155 } 156 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 157 return err 158 } 159 if err = addOpCreateCertificateAuthorityValidationMiddleware(stack); err != nil { 160 return err 161 } 162 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateCertificateAuthority(options.Region), middleware.Before); err != nil { 163 return err 164 } 165 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 166 return err 167 } 168 if err = addResponseErrorMiddleware(stack); err != nil { 169 return err 170 } 171 if err = addRequestResponseLogging(stack, options); err != nil { 172 return err 173 } 174 return nil 175} 176 177func newServiceMetadataMiddleware_opCreateCertificateAuthority(region string) *awsmiddleware.RegisterServiceMetadata { 178 return &awsmiddleware.RegisterServiceMetadata{ 179 Region: region, 180 ServiceID: ServiceID, 181 SigningName: "acm-pca", 182 OperationName: "CreateCertificateAuthority", 183 } 184} 185