:doc:`ACMPCA <../../acm-pca>` / Client / create_certificate_authority_audit_report

*****************************************
create_certificate_authority_audit_report
*****************************************



.. py:method:: ACMPCA.Client.create_certificate_authority_audit_report(**kwargs)

  

  Creates an audit report that lists every time that your CA private key is used to issue a certificate. The `IssueCertificate <https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html>`__ and `RevokeCertificate <https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html>`__ actions use the private key.

   

  To save the audit report to your designated Amazon S3 bucket, you must create a bucket policy that grants Amazon Web Services Private CA permission to access and write to it. For an example policy, see `Prepare an Amazon S3 bucket for audit reports <https://docs.aws.amazon.com/privateca/latest/userguide/PcaAuditReport.html#s3-access>`__.

   

  Amazon Web Services Private CA assets that are stored in Amazon S3 can be protected with encryption. For more information, see `Encrypting Your Audit Reports <https://docs.aws.amazon.com/privateca/latest/userguide/PcaAuditReport.html#audit-report-encryption>`__.

   

  .. note::

    

    You can generate a maximum of one report every 30 minutes.

    

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityAuditReport>`_  


  **Request Syntax**
  ::

    response = client.create_certificate_authority_audit_report(
        CertificateAuthorityArn='string',
        S3BucketName='string',
        AuditReportResponseFormat='JSON'|'CSV'
    )
    
  :type CertificateAuthorityArn: string
  :param CertificateAuthorityArn: **[REQUIRED]** 

    The Amazon Resource Name (ARN) of the CA to be audited. This is of the form:

     

    ``arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 ``.

    

  
  :type S3BucketName: string
  :param S3BucketName: **[REQUIRED]** 

    The name of the S3 bucket that will contain the audit report.

    

  
  :type AuditReportResponseFormat: string
  :param AuditReportResponseFormat: **[REQUIRED]** 

    The format in which to create the report. This can be either **JSON** or **CSV**.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'AuditReportId': 'string',
          'S3Key': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **AuditReportId** *(string) --* 

        An alphanumeric string that contains a report identifier.

        
      

      - **S3Key** *(string) --* 

        The **key** that uniquely identifies the report file in your S3 bucket.

        
  
  **Exceptions**
  
  *   :py:class:`ACMPCA.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`ACMPCA.Client.exceptions.InvalidArgsException`

  
  *   :py:class:`ACMPCA.Client.exceptions.InvalidArnException`

  
  *   :py:class:`ACMPCA.Client.exceptions.InvalidStateException`

  
  *   :py:class:`ACMPCA.Client.exceptions.RequestFailedException`

  
  *   :py:class:`ACMPCA.Client.exceptions.RequestInProgressException`

  