This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::ACMPCA::Certificate Subject Contains information about the certificate subject. The `Subject` field in the certificate identifies the entity that owns or controls the public key in the certificate. The entity can be a user, computer, device, or service. The `Subject `must contain an X.500 distinguished name (DN). A DN is a sequence of relative distinguished names (RDNs). The RDNs are separated by commas in the certificate. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[CommonName](#cfn-acmpca-certificate-subject-commonname)" : {{String}}, "[Country](#cfn-acmpca-certificate-subject-country)" : {{String}}, "[CustomAttributes](#cfn-acmpca-certificate-subject-customattributes)" : {{[ CustomAttribute, ... ]}}, "[DistinguishedNameQualifier](#cfn-acmpca-certificate-subject-distinguishednamequalifier)" : {{String}}, "[GenerationQualifier](#cfn-acmpca-certificate-subject-generationqualifier)" : {{String}}, "[GivenName](#cfn-acmpca-certificate-subject-givenname)" : {{String}}, "[Initials](#cfn-acmpca-certificate-subject-initials)" : {{String}}, "[Locality](#cfn-acmpca-certificate-subject-locality)" : {{String}}, "[Organization](#cfn-acmpca-certificate-subject-organization)" : {{String}}, "[OrganizationalUnit](#cfn-acmpca-certificate-subject-organizationalunit)" : {{String}}, "[Pseudonym](#cfn-acmpca-certificate-subject-pseudonym)" : {{String}}, "[SerialNumber](#cfn-acmpca-certificate-subject-serialnumber)" : {{String}}, "[State](#cfn-acmpca-certificate-subject-state)" : {{String}}, "[Surname](#cfn-acmpca-certificate-subject-surname)" : {{String}}, "[Title](#cfn-acmpca-certificate-subject-title)" : {{String}} } ``` ### YAML ``` [CommonName](#cfn-acmpca-certificate-subject-commonname): {{String}} [Country](#cfn-acmpca-certificate-subject-country): {{String}} [CustomAttributes](#cfn-acmpca-certificate-subject-customattributes): {{ - CustomAttribute}} [DistinguishedNameQualifier](#cfn-acmpca-certificate-subject-distinguishednamequalifier): {{String}} [GenerationQualifier](#cfn-acmpca-certificate-subject-generationqualifier): {{String}} [GivenName](#cfn-acmpca-certificate-subject-givenname): {{String}} [Initials](#cfn-acmpca-certificate-subject-initials): {{String}} [Locality](#cfn-acmpca-certificate-subject-locality): {{String}} [Organization](#cfn-acmpca-certificate-subject-organization): {{String}} [OrganizationalUnit](#cfn-acmpca-certificate-subject-organizationalunit): {{String}} [Pseudonym](#cfn-acmpca-certificate-subject-pseudonym): {{String}} [SerialNumber](#cfn-acmpca-certificate-subject-serialnumber): {{String}} [State](#cfn-acmpca-certificate-subject-state): {{String}} [Surname](#cfn-acmpca-certificate-subject-surname): {{String}} [Title](#cfn-acmpca-certificate-subject-title): {{String}} ``` ## Properties `CommonName` For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit. Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `64` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Country` Two-digit code that specifies the country in which the certificate subject located. *Required*: No *Type*: String *Pattern*: `[A-Za-z]{2}` *Minimum*: `2` *Maximum*: `2` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `CustomAttributes` Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of [Object Identifier (OID)](https://csrc.nist.gov/glossary/term/Object_Identifier). Custom attributes cannot be used in combination with standard attributes. *Required*: No *Type*: Array of [CustomAttribute](aws-properties-acmpca-certificate-customattribute.md) *Minimum*: `1` *Maximum*: `150` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `DistinguishedNameQualifier` Disambiguating information for the certificate subject. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9'()+-.?:/= ]*` *Minimum*: `0` *Maximum*: `64` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `GenerationQualifier` Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `3` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `GivenName` First name. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `16` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Initials` Concatenation that typically contains the first letter of the **GivenName**, the first letter of the middle name if one exists, and the first letter of the **Surname**. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `5` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Locality` The locality (such as a city or town) in which the certificate subject is located. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Organization` Legal name of the organization with which the certificate subject is affiliated. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `64` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `OrganizationalUnit` A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `64` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Pseudonym` Typically a shortened version of a longer **GivenName**. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `SerialNumber` The certificate serial number. *Required*: No *Type*: String *Pattern*: `[a-zA-Z0-9'()+-.?:/= ]*` *Minimum*: `0` *Maximum*: `64` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `State` State in which the subject of the certificate is located. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Surname` Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `40` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Title` A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject. *Required*: No *Type*: String *Minimum*: `0` *Maximum*: `64` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)