AWS::ACMPCA::Certificate KeyUsage - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::ACMPCA::Certificate KeyUsage

Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "CRLSign" : Boolean, "DataEncipherment" : Boolean, "DecipherOnly" : Boolean, "DigitalSignature" : Boolean, "EncipherOnly" : Boolean, "KeyAgreement" : Boolean, "KeyCertSign" : Boolean, "KeyEncipherment" : Boolean, "NonRepudiation" : Boolean }

YAML

CRLSign: Boolean DataEncipherment: Boolean DecipherOnly: Boolean DigitalSignature: Boolean EncipherOnly: Boolean KeyAgreement: Boolean KeyCertSign: Boolean KeyEncipherment: Boolean NonRepudiation: Boolean

Properties

CRLSign

Key can be used to sign CRLs.

Required: No

Type: Boolean

Update requires: Replacement

DataEncipherment

Key can be used to decipher data.

Required: No

Type: Boolean

Update requires: Replacement

DecipherOnly

Key can be used only to decipher data.

Required: No

Type: Boolean

Update requires: Replacement

DigitalSignature

Key can be used for digital signing.

Required: No

Type: Boolean

Update requires: Replacement

EncipherOnly

Key can be used only to encipher data.

Required: No

Type: Boolean

Update requires: Replacement

KeyAgreement

Key can be used in a key-agreement protocol.

Required: No

Type: Boolean

Update requires: Replacement

KeyCertSign

Key can be used to sign certificates.

Required: No

Type: Boolean

Update requires: Replacement

KeyEncipherment

Key can be used to encipher data.

Required: No

Type: Boolean

Update requires: Replacement

NonRepudiation

Key can be used for non-repudiation.

Required: No

Type: Boolean

Update requires: Replacement