1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package acmpca 4 5import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/aws-sdk-go-v2/service/acmpca/types" 10 "github.com/aws/smithy-go/middleware" 11 smithyhttp "github.com/aws/smithy-go/transport/http" 12) 13 14// Creates a root or subordinate private certificate authority (CA). You must 15// specify the CA configuration, the certificate revocation list (CRL) 16// configuration, the CA type, and an optional idempotency token to avoid 17// accidental creation of multiple CAs. The CA configuration specifies the name of 18// the algorithm and key size to be used to create the CA private key, the type of 19// signing algorithm that the CA uses, and X.500 subject information. The CRL 20// configuration specifies the CRL expiration period in days (the validity period 21// of the CRL), the Amazon S3 bucket that will contain the CRL, and a CNAME alias 22// for the S3 bucket that is included in certificates issued by the CA. If 23// successful, this action returns the Amazon Resource Name (ARN) of the CA. ACM 24// Private CAA assets that are stored in Amazon S3 can be protected with 25// encryption. For more information, see Encrypting Your CRLs 26// (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption). 27// Both PCA and the IAM principal must have permission to write to the S3 bucket 28// that you specify. If the IAM principal making the call does not have permission 29// to write to the bucket, then an exception is thrown. For more information, see 30// Configure Access to ACM Private CA 31// (https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html). 32func (c *Client) CreateCertificateAuthority(ctx context.Context, params *CreateCertificateAuthorityInput, optFns ...func(*Options)) (*CreateCertificateAuthorityOutput, error) { 33 if params == nil { 34 params = &CreateCertificateAuthorityInput{} 35 } 36 37 result, metadata, err := c.invokeOperation(ctx, "CreateCertificateAuthority", params, optFns, addOperationCreateCertificateAuthorityMiddlewares) 38 if err != nil { 39 return nil, err 40 } 41 42 out := result.(*CreateCertificateAuthorityOutput) 43 out.ResultMetadata = metadata 44 return out, nil 45} 46 47type CreateCertificateAuthorityInput struct { 48 49 // Name and bit size of the private key algorithm, the name of the signing 50 // algorithm, and X.500 certificate subject information. 51 // 52 // This member is required. 53 CertificateAuthorityConfiguration *types.CertificateAuthorityConfiguration 54 55 // The type of the certificate authority. 56 // 57 // This member is required. 58 CertificateAuthorityType types.CertificateAuthorityType 59 60 // Alphanumeric string that can be used to distinguish between calls to 61 // CreateCertificateAuthority. For a given token, ACM Private CA creates exactly 62 // one CA. If you issue a subsequent call using the same token, ACM Private CA 63 // returns the ARN of the existing CA and takes no further action. If you change 64 // the idempotency token across multiple calls, ACM Private CA creates a unique CA 65 // for each unique token. 66 IdempotencyToken *string 67 68 // Contains a Boolean value that you can use to enable a certification revocation 69 // list (CRL) for the CA, the name of the S3 bucket to which ACM Private CA will 70 // write the CRL, and an optional CNAME alias that you can use to hide the name of 71 // your bucket in the CRL Distribution Points extension of your CA certificate. For 72 // more information, see the CrlConfiguration 73 // (https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html) 74 // structure. 75 RevocationConfiguration *types.RevocationConfiguration 76 77 // Key-value pairs that will be attached to the new private CA. You can associate 78 // up to 50 tags with a private CA. For information using tags with IAM to manage 79 // permissions, see Controlling Access Using IAM Tags 80 // (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html). 81 Tags []types.Tag 82} 83 84type CreateCertificateAuthorityOutput struct { 85 86 // If successful, the Amazon Resource Name (ARN) of the certificate authority (CA). 87 // This is of the form: 88 // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 89 // . 90 CertificateAuthorityArn *string 91 92 // Metadata pertaining to the operation's result. 93 ResultMetadata middleware.Metadata 94} 95 96func addOperationCreateCertificateAuthorityMiddlewares(stack *middleware.Stack, options Options) (err error) { 97 err = stack.Serialize.Add(&awsAwsjson11_serializeOpCreateCertificateAuthority{}, middleware.After) 98 if err != nil { 99 return err 100 } 101 err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpCreateCertificateAuthority{}, middleware.After) 102 if err != nil { 103 return err 104 } 105 if err = addSetLoggerMiddleware(stack, options); err != nil { 106 return err 107 } 108 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 109 return err 110 } 111 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 112 return err 113 } 114 if err = addResolveEndpointMiddleware(stack, options); err != nil { 115 return err 116 } 117 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 118 return err 119 } 120 if err = addRetryMiddlewares(stack, options); err != nil { 121 return err 122 } 123 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 124 return err 125 } 126 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 127 return err 128 } 129 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 130 return err 131 } 132 if err = addClientUserAgent(stack); err != nil { 133 return err 134 } 135 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 136 return err 137 } 138 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 139 return err 140 } 141 if err = addOpCreateCertificateAuthorityValidationMiddleware(stack); err != nil { 142 return err 143 } 144 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateCertificateAuthority(options.Region), middleware.Before); err != nil { 145 return err 146 } 147 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 148 return err 149 } 150 if err = addResponseErrorMiddleware(stack); err != nil { 151 return err 152 } 153 if err = addRequestResponseLogging(stack, options); err != nil { 154 return err 155 } 156 return nil 157} 158 159func newServiceMetadataMiddleware_opCreateCertificateAuthority(region string) *awsmiddleware.RegisterServiceMetadata { 160 return &awsmiddleware.RegisterServiceMetadata{ 161 Region: region, 162 ServiceID: ServiceID, 163 SigningName: "acm-pca", 164 OperationName: "CreateCertificateAuthority", 165 } 166} 167