CreateCertificateAuthorityAuditReport
The following Java sample shows how to use the CreateCertificateAuthorityAuditReport operation.
The operation creates an audit report that lists every time a certificate is issued or revoked. The report is saved in the Amazon S3 bucket that you specify on input. You can generate a new report once every 30 minutes.
Note
Audit report generation is not supported for certificate authorities that have issued
more than 100 million certificates. If you call this operation for such a CA, the service
returns a LimitExceededException.
package com.amazonaws.samples; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import com.amazonaws.AmazonClientException; import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.services.acmpca.AWSACMPCA; import com.amazonaws.services.acmpca.AWSACMPCAClientBuilder; import com.amazonaws.services.acmpca.model.CreateCertificateAuthorityAuditReportRequest; import com.amazonaws.services.acmpca.model.CreateCertificateAuthorityAuditReportResult; import com.amazonaws.services.acmpca.model.RequestInProgressException; import com.amazonaws.services.acmpca.model.RequestFailedException; import com.amazonaws.services.acmpca.model.InvalidArgsException; import com.amazonaws.services.acmpca.model.InvalidArnException; import com.amazonaws.services.acmpca.model.ResourceNotFoundException; import com.amazonaws.services.acmpca.model.InvalidStateException; import com.amazonaws.services.acmpca.model.LimitExceededException; public class CreateCertificateAuthorityAuditReport { public static void main(String[] args) throws Exception { // Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux. AWSCredentials credentials = null; try { credentials = new ProfileCredentialsProvider("default").getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load your credentials from file.", e); } // Define the endpoint for your sample. String endpointRegion = "region"; // Substitute your region here, e.g. "us-west-2" String endpointProtocol = "https://acm-pca." + endpointRegion + ".amazonaws.com/"; EndpointConfiguration endpoint = new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion); // Create a client that you can use to make requests. AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Create a request object and set the certificate authority ARN. CreateCertificateAuthorityAuditReportRequest req = new CreateCertificateAuthorityAuditReportRequest(); // Set the certificate authority ARN. req.setCertificateAuthorityArn("arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566"); // Specify the S3 bucket name for your report. req.setS3BucketName("your-bucket-name"); // Specify the audit response format. req.setAuditReportResponseFormat("JSON"); // Create a result object. CreateCertificateAuthorityAuditReportResult result = null; try { result = client.createCertificateAuthorityAuditReport(req); } catch (RequestInProgressException ex) { throw ex; } catch (RequestFailedException ex) { throw ex; } catch (ResourceNotFoundException ex) { throw ex; } catch (InvalidArnException ex) { throw ex; } catch (InvalidArgsException ex) { throw ex; } catch (InvalidStateException ex) { throw ex; } catch (LimitExceededException ex) { throw ex; } String ID = result.getAuditReportId(); String S3Key = result.getS3Key(); System.out.println(ID); System.out.println(S3Key); } }
Your output should be similar to the following:
58904752-7de3-4bdf-ba89-6953e48c3cc7audit-report/16075838-061c-4f7a-b54b-49bbc111bcff/58904752-7de3-4bdf-ba89-6953e48c3cc7.json
