This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::ACMPCA::CertificateAuthority KeyUsage Defines one or more purposes for which the key contained in the certificate can be used. Default value for each option is false. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[CRLSign](#cfn-acmpca-certificateauthority-keyusage-crlsign)" : Boolean, "[DataEncipherment](#cfn-acmpca-certificateauthority-keyusage-dataencipherment)" : Boolean, "[DecipherOnly](#cfn-acmpca-certificateauthority-keyusage-decipheronly)" : Boolean, "[DigitalSignature](#cfn-acmpca-certificateauthority-keyusage-digitalsignature)" : Boolean, "[EncipherOnly](#cfn-acmpca-certificateauthority-keyusage-encipheronly)" : Boolean, "[KeyAgreement](#cfn-acmpca-certificateauthority-keyusage-keyagreement)" : Boolean, "[KeyCertSign](#cfn-acmpca-certificateauthority-keyusage-keycertsign)" : Boolean, "[KeyEncipherment](#cfn-acmpca-certificateauthority-keyusage-keyencipherment)" : Boolean, "[NonRepudiation](#cfn-acmpca-certificateauthority-keyusage-nonrepudiation)" : Boolean } ``` ### YAML ``` [CRLSign](#cfn-acmpca-certificateauthority-keyusage-crlsign): Boolean [DataEncipherment](#cfn-acmpca-certificateauthority-keyusage-dataencipherment): Boolean [DecipherOnly](#cfn-acmpca-certificateauthority-keyusage-decipheronly): Boolean [DigitalSignature](#cfn-acmpca-certificateauthority-keyusage-digitalsignature): Boolean [EncipherOnly](#cfn-acmpca-certificateauthority-keyusage-encipheronly): Boolean [KeyAgreement](#cfn-acmpca-certificateauthority-keyusage-keyagreement): Boolean [KeyCertSign](#cfn-acmpca-certificateauthority-keyusage-keycertsign): Boolean [KeyEncipherment](#cfn-acmpca-certificateauthority-keyusage-keyencipherment): Boolean [NonRepudiation](#cfn-acmpca-certificateauthority-keyusage-nonrepudiation): Boolean ``` ## Properties `CRLSign` Key can be used to sign CRLs. *Required*: No *Type*: Boolean *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `DataEncipherment` Key can be used to decipher data. *Required*: No *Type*: Boolean *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `DecipherOnly` Key can be used only to decipher data. *Required*: No *Type*: Boolean *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `DigitalSignature` Key can be used for digital signing. *Required*: No *Type*: Boolean *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `EncipherOnly` Key can be used only to encipher data. *Required*: No *Type*: Boolean *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `KeyAgreement` Key can be used in a key-agreement protocol. *Required*: No *Type*: Boolean *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `KeyCertSign` Key can be used to sign certificates. *Required*: No *Type*: Boolean *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `KeyEncipherment` Key can be used to encipher data. *Required*: No *Type*: Boolean *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `NonRepudiation` Key can be used for non-repudiation. *Required*: No *Type*: Boolean *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)