ACM-PCA
CreateCertificateAuthority
enum_AccessMethodType := [ "CA_REPOSITORY", "RESOURCE_PKI_MANIFEST", "RESOURCE_PKI_NOTIFY" ]
enum_CertificateAuthorityType := [ "ROOT", "SUBORDINATE" ]
enum_CertificateAuthorityUsageMode := [ "GENERAL_PURPOSE", "SHORT_LIVED_CERTIFICATE" ]
enum_KeyAlgorithm := [ "RSA_2048", "RSA_4096", "EC_prime256v1", "EC_secp384r1" ]
enum_KeyStorageSecurityStandard := [ "FIPS_140_2_LEVEL_2_OR_HIGHER", "FIPS_140_2_LEVEL_3_OR_HIGHER" ]
enum_S3ObjectAcl := [ "PUBLIC_READ", "BUCKET_OWNER_FULL_CONTROL" ]
enum_SigningAlgorithm := [ "SHA256WITHECDSA", "SHA384WITHECDSA", "SHA512WITHECDSA", "SHA256WITHRSA", "SHA384WITHRSA", "SHA512WITHRSA" ]
valid {
input.Body.CertificateAuthorityConfiguration.KeyAlgorithm == enum_KeyAlgorithm[_]
input.Body.CertificateAuthorityConfiguration.SigningAlgorithm == enum_SigningAlgorithm[_]
input.Body.CertificateAuthorityConfiguration.Subject.Country == STRING
input.Body.CertificateAuthorityConfiguration.Subject.Organization == STRING
input.Body.CertificateAuthorityConfiguration.Subject.OrganizationalUnit == STRING
input.Body.CertificateAuthorityConfiguration.Subject.DistinguishedNameQualifier == STRING
input.Body.CertificateAuthorityConfiguration.Subject.State == STRING
input.Body.CertificateAuthorityConfiguration.Subject.CommonName == STRING
input.Body.CertificateAuthorityConfiguration.Subject.SerialNumber == STRING
input.Body.CertificateAuthorityConfiguration.Subject.Locality == STRING
input.Body.CertificateAuthorityConfiguration.Subject.Title == STRING
input.Body.CertificateAuthorityConfiguration.Subject.Surname == STRING
input.Body.CertificateAuthorityConfiguration.Subject.GivenName == STRING
input.Body.CertificateAuthorityConfiguration.Subject.Initials == STRING
input.Body.CertificateAuthorityConfiguration.Subject.Pseudonym == STRING
input.Body.CertificateAuthorityConfiguration.Subject.GenerationQualifier == STRING
input.Body.CertificateAuthorityConfiguration.Subject.CustomAttributes[_].ObjectIdentifier == STRING
input.Body.CertificateAuthorityConfiguration.Subject.CustomAttributes[_].Value == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.KeyUsage.DigitalSignature == BOOLEAN
input.Body.CertificateAuthorityConfiguration.CsrExtensions.KeyUsage.NonRepudiation == BOOLEAN
input.Body.CertificateAuthorityConfiguration.CsrExtensions.KeyUsage.KeyEncipherment == BOOLEAN
input.Body.CertificateAuthorityConfiguration.CsrExtensions.KeyUsage.DataEncipherment == BOOLEAN
input.Body.CertificateAuthorityConfiguration.CsrExtensions.KeyUsage.KeyAgreement == BOOLEAN
input.Body.CertificateAuthorityConfiguration.CsrExtensions.KeyUsage.KeyCertSign == BOOLEAN
input.Body.CertificateAuthorityConfiguration.CsrExtensions.KeyUsage.CRLSign == BOOLEAN
input.Body.CertificateAuthorityConfiguration.CsrExtensions.KeyUsage.EncipherOnly == BOOLEAN
input.Body.CertificateAuthorityConfiguration.CsrExtensions.KeyUsage.DecipherOnly == BOOLEAN
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessMethod.CustomObjectIdentifier == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessMethod.AccessMethodType == enum_AccessMethodType[_]
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.OtherName.TypeId == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.OtherName.Value == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.Rfc822Name == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DnsName == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.Country == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.Organization == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.OrganizationalUnit == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.DistinguishedNameQualifier == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.State == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.CommonName == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.SerialNumber == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.Locality == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.Title == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.Surname == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.GivenName == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.Initials == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.Pseudonym == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.GenerationQualifier == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.CustomAttributes[_].ObjectIdentifier == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.DirectoryName.CustomAttributes[_].Value == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.EdiPartyName.PartyName == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.EdiPartyName.NameAssigner == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.UniformResourceIdentifier == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.IpAddress == STRING
input.Body.CertificateAuthorityConfiguration.CsrExtensions.SubjectInformationAccess[_].AccessLocation.RegisteredId == STRING
input.Body.RevocationConfiguration.CrlConfiguration.Enabled == BOOLEAN
input.Body.RevocationConfiguration.CrlConfiguration.ExpirationInDays == INTEGER
input.Body.RevocationConfiguration.CrlConfiguration.CustomCname == STRING
input.Body.RevocationConfiguration.CrlConfiguration.S3BucketName == STRING
input.Body.RevocationConfiguration.CrlConfiguration.S3ObjectAcl == enum_S3ObjectAcl[_]
input.Body.RevocationConfiguration.CrlConfiguration.CrlDistributionPointExtensionConfiguration.OmitExtension == BOOLEAN
input.Body.RevocationConfiguration.OcspConfiguration.Enabled == BOOLEAN
input.Body.RevocationConfiguration.OcspConfiguration.OcspCustomCname == STRING
input.Body.CertificateAuthorityType == enum_CertificateAuthorityType[_]
input.Body.IdempotencyToken == STRING
input.Body.KeyStorageSecurityStandard == enum_KeyStorageSecurityStandard[_]
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.Body.UsageMode == enum_CertificateAuthorityUsageMode[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateCertificateAuthorityAuditReport
enum_AuditReportResponseFormat := [ "JSON", "CSV" ]
valid {
input.Body.CertificateAuthorityArn == STRING
input.Body.S3BucketName == STRING
input.Body.AuditReportResponseFormat == enum_AuditReportResponseFormat[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreatePermission
enum_ActionType := [ "IssueCertificate", "GetCertificate", "ListPermissions" ]
valid {
input.Body.CertificateAuthorityArn == STRING
input.Body.Principal == STRING
input.Body.SourceAccount == STRING
input.Body.Actions[_] == enum_ActionType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteCertificateAuthority
valid {
input.Body.CertificateAuthorityArn == STRING
input.Body.PermanentDeletionTimeInDays == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeletePermission
valid {
input.Body.CertificateAuthorityArn == STRING
input.Body.Principal == STRING
input.Body.SourceAccount == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeletePolicy
valid {
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeCertificateAuthority
valid {
input.Body.CertificateAuthorityArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeCertificateAuthorityAuditReport
valid {
input.Body.CertificateAuthorityArn == STRING
input.Body.AuditReportId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetCertificate
valid {
input.Body.CertificateAuthorityArn == STRING
input.Body.CertificateArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetCertificateAuthorityCertificate
valid {
input.Body.CertificateAuthorityArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetCertificateAuthorityCsr
valid {
input.Body.CertificateAuthorityArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetPolicy
valid {
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ImportCertificateAuthorityCertificate
valid {
input.Body.CertificateAuthorityArn == STRING
input.Body.Certificate == BLOB
input.Body.CertificateChain == BLOB
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
IssueCertificate
enum_ExtendedKeyUsageType := [ "SERVER_AUTH", "CLIENT_AUTH", "CODE_SIGNING", "EMAIL_PROTECTION", "TIME_STAMPING", "OCSP_SIGNING", "SMART_CARD_LOGIN", "DOCUMENT_SIGNING", "CERTIFICATE_TRANSPARENCY" ]
enum_PolicyQualifierId := [ "CPS" ]
enum_SigningAlgorithm := [ "SHA256WITHECDSA", "SHA384WITHECDSA", "SHA512WITHECDSA", "SHA256WITHRSA", "SHA384WITHRSA", "SHA512WITHRSA" ]
enum_ValidityPeriodType := [ "END_DATE", "ABSOLUTE", "DAYS", "MONTHS", "YEARS" ]
valid {
input.Body.ApiPassthrough.Extensions.CertificatePolicies[_].CertPolicyId == STRING
input.Body.ApiPassthrough.Extensions.CertificatePolicies[_].PolicyQualifiers[_].PolicyQualifierId == enum_PolicyQualifierId[_]
input.Body.ApiPassthrough.Extensions.CertificatePolicies[_].PolicyQualifiers[_].Qualifier.CpsUri == STRING
input.Body.ApiPassthrough.Extensions.ExtendedKeyUsage[_].ExtendedKeyUsageType == enum_ExtendedKeyUsageType[_]
input.Body.ApiPassthrough.Extensions.ExtendedKeyUsage[_].ExtendedKeyUsageObjectIdentifier == STRING
input.Body.ApiPassthrough.Extensions.KeyUsage.DigitalSignature == BOOLEAN
input.Body.ApiPassthrough.Extensions.KeyUsage.NonRepudiation == BOOLEAN
input.Body.ApiPassthrough.Extensions.KeyUsage.KeyEncipherment == BOOLEAN
input.Body.ApiPassthrough.Extensions.KeyUsage.DataEncipherment == BOOLEAN
input.Body.ApiPassthrough.Extensions.KeyUsage.KeyAgreement == BOOLEAN
input.Body.ApiPassthrough.Extensions.KeyUsage.KeyCertSign == BOOLEAN
input.Body.ApiPassthrough.Extensions.KeyUsage.CRLSign == BOOLEAN
input.Body.ApiPassthrough.Extensions.KeyUsage.EncipherOnly == BOOLEAN
input.Body.ApiPassthrough.Extensions.KeyUsage.DecipherOnly == BOOLEAN
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].OtherName.TypeId == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].OtherName.Value == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].Rfc822Name == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DnsName == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.Country == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.Organization == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.OrganizationalUnit == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.DistinguishedNameQualifier == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.State == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.CommonName == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.SerialNumber == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.Locality == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.Title == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.Surname == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.GivenName == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.Initials == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.Pseudonym == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.GenerationQualifier == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.CustomAttributes[_].ObjectIdentifier == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].DirectoryName.CustomAttributes[_].Value == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].EdiPartyName.PartyName == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].EdiPartyName.NameAssigner == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].UniformResourceIdentifier == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].IpAddress == STRING
input.Body.ApiPassthrough.Extensions.SubjectAlternativeNames[_].RegisteredId == STRING
input.Body.ApiPassthrough.Extensions.CustomExtensions[_].ObjectIdentifier == STRING
input.Body.ApiPassthrough.Extensions.CustomExtensions[_].Value == STRING
input.Body.ApiPassthrough.Extensions.CustomExtensions[_].Critical == BOOLEAN
input.Body.ApiPassthrough.Subject.Country == STRING
input.Body.ApiPassthrough.Subject.Organization == STRING
input.Body.ApiPassthrough.Subject.OrganizationalUnit == STRING
input.Body.ApiPassthrough.Subject.DistinguishedNameQualifier == STRING
input.Body.ApiPassthrough.Subject.State == STRING
input.Body.ApiPassthrough.Subject.CommonName == STRING
input.Body.ApiPassthrough.Subject.SerialNumber == STRING
input.Body.ApiPassthrough.Subject.Locality == STRING
input.Body.ApiPassthrough.Subject.Title == STRING
input.Body.ApiPassthrough.Subject.Surname == STRING
input.Body.ApiPassthrough.Subject.GivenName == STRING
input.Body.ApiPassthrough.Subject.Initials == STRING
input.Body.ApiPassthrough.Subject.Pseudonym == STRING
input.Body.ApiPassthrough.Subject.GenerationQualifier == STRING
input.Body.ApiPassthrough.Subject.CustomAttributes[_].ObjectIdentifier == STRING
input.Body.ApiPassthrough.Subject.CustomAttributes[_].Value == STRING
input.Body.CertificateAuthorityArn == STRING
input.Body.Csr == BLOB
input.Body.SigningAlgorithm == enum_SigningAlgorithm[_]
input.Body.TemplateArn == STRING
input.Body.Validity.Value == LONG
input.Body.Validity.Type == enum_ValidityPeriodType[_]
input.Body.ValidityNotBefore.Value == LONG
input.Body.ValidityNotBefore.Type == enum_ValidityPeriodType[_]
input.Body.IdempotencyToken == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListCertificateAuthorities
enum_ResourceOwner := [ "SELF", "OTHER_ACCOUNTS" ]
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.Body.ResourceOwner == enum_ResourceOwner[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListPermissions
valid {
input.Body.CertificateAuthorityArn == STRING
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTags
valid {
input.Body.CertificateAuthorityArn == STRING
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
PutPolicy
valid {
input.Body.ResourceArn == STRING
input.Body.Policy == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RestoreCertificateAuthority
valid {
input.Body.CertificateAuthorityArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
RevokeCertificate
enum_RevocationReason := [ "UNSPECIFIED", "KEY_COMPROMISE", "CERTIFICATE_AUTHORITY_COMPROMISE", "AFFILIATION_CHANGED", "SUPERSEDED", "CESSATION_OF_OPERATION", "PRIVILEGE_WITHDRAWN", "A_A_COMPROMISE" ]
valid {
input.Body.CertificateAuthorityArn == STRING
input.Body.CertificateSerial == STRING
input.Body.RevocationReason == enum_RevocationReason[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagCertificateAuthority
valid {
input.Body.CertificateAuthorityArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagCertificateAuthority
valid {
input.Body.CertificateAuthorityArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateCertificateAuthority
enum_CertificateAuthorityStatus := [ "CREATING", "PENDING_CERTIFICATE", "ACTIVE", "DELETED", "DISABLED", "EXPIRED", "FAILED" ]
enum_S3ObjectAcl := [ "PUBLIC_READ", "BUCKET_OWNER_FULL_CONTROL" ]
valid {
input.Body.CertificateAuthorityArn == STRING
input.Body.RevocationConfiguration.CrlConfiguration.Enabled == BOOLEAN
input.Body.RevocationConfiguration.CrlConfiguration.ExpirationInDays == INTEGER
input.Body.RevocationConfiguration.CrlConfiguration.CustomCname == STRING
input.Body.RevocationConfiguration.CrlConfiguration.S3BucketName == STRING
input.Body.RevocationConfiguration.CrlConfiguration.S3ObjectAcl == enum_S3ObjectAcl[_]
input.Body.RevocationConfiguration.CrlConfiguration.CrlDistributionPointExtensionConfiguration.OmitExtension == BOOLEAN
input.Body.RevocationConfiguration.OcspConfiguration.Enabled == BOOLEAN
input.Body.RevocationConfiguration.OcspConfiguration.OcspCustomCname == STRING
input.Body.Status == enum_CertificateAuthorityStatus[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 8 days ago