aws-sdk-acm 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3403fb2e98c0e2ccedeadbb6e1b6328b6d3b6668
-  data.tar.gz: 39f80502395e1ee07dfe85c91c7397f813f7e837
+  metadata.gz: cc5f02c5bea0bcd493337e573f709b674e6bcbeb
+  data.tar.gz: 2fc1b0a307e8513b13535a76f37ee3b888830e1f
 SHA512:
-  metadata.gz: 2988cb5672c8b2e9c7c1e71c8d897269764b2d99d7d5e630d983d2fcb7c6c5c12c66a20b36c83683b5e2adc76d0146a0697e17e70ed35920bec7b9dea1cfe0bf
-  data.tar.gz: 2617620a1de7cfc331c2d8816b64e3bb4ba9d3c0b78050b3bc507dcec8728252ec860cf8fa59a56bd4244f782bac9fe3da6977bc8b63f068d89ccb0297e623c5
+  metadata.gz: efbbc1453f48ed54825d603a7ac571c50b481e8b9d7776b755dfc1562da7971e6358a51fbb053c27935ec3dc560692f7d4bcfb7ccb0e9518aa11871c66d821e5
+  data.tar.gz: f018ef8f70e878692c0a778db21f2eeb16565de82ea93fc9a18d76136ffefc22dff02f7c6cbf4cd3334ae96eddf425ac0703f75f1a791fb095cc7339766a4e5c

data/lib/aws-sdk-acm.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-acm/customizations'
 # @service
 module Aws::ACM
 
-  GEM_VERSION = '1.1.0'
+  GEM_VERSION = '1.2.0'
 
 end

data/lib/aws-sdk-acm/client.rb

@@ -218,11 +218,11 @@ module Aws::ACM
       req.send_request(options)
     end
 
-    # Deletes an ACM Certificate and its associated private key. If this
-    # action succeeds, the certificate no longer appears in the list of ACM
-    # Certificates that can be displayed by calling the ListCertificates
-    # action or be retrieved by calling the GetCertificate action. The
-    # certificate will not be available for use by other AWS services.
+    # Deletes a certificate and its associated private key. If this action
+    # succeeds, the certificate no longer appears in the list that can be
+    # displayed by calling the ListCertificates action or be retrieved by
+    # calling the GetCertificate action. The certificate will not be
+    # available for use by AWS services integrated with ACM.
     #
     # <note markdown="1"> You cannot delete an ACM Certificate that is being used by another AWS
     # service. To delete a certificate that is in use, the certificate
@@ -297,6 +297,10 @@ module Aws::ACM
     #   resp.certificate.domain_validation_options[0].validation_emails[0] #=> String
     #   resp.certificate.domain_validation_options[0].validation_domain #=> String
     #   resp.certificate.domain_validation_options[0].validation_status #=> String, one of "PENDING_VALIDATION", "SUCCESS", "FAILED"
+    #   resp.certificate.domain_validation_options[0].resource_record.name #=> String
+    #   resp.certificate.domain_validation_options[0].resource_record.type #=> String, one of "CNAME"
+    #   resp.certificate.domain_validation_options[0].resource_record.value #=> String
+    #   resp.certificate.domain_validation_options[0].validation_method #=> String, one of "EMAIL", "DNS"
     #   resp.certificate.serial #=> String
     #   resp.certificate.subject #=> String
     #   resp.certificate.issuer #=> String
@@ -308,11 +312,11 @@ module Aws::ACM
     #   resp.certificate.revocation_reason #=> String, one of "UNSPECIFIED", "KEY_COMPROMISE", "CA_COMPROMISE", "AFFILIATION_CHANGED", "SUPERCEDED", "CESSATION_OF_OPERATION", "CERTIFICATE_HOLD", "REMOVE_FROM_CRL", "PRIVILEGE_WITHDRAWN", "A_A_COMPROMISE"
     #   resp.certificate.not_before #=> Time
     #   resp.certificate.not_after #=> Time
-    #   resp.certificate.key_algorithm #=> String, one of "RSA_2048", "RSA_1024", "EC_prime256v1"
+    #   resp.certificate.key_algorithm #=> String, one of "RSA_2048", "RSA_1024", "RSA_4096", "EC_prime256v1", "EC_secp384r1", "EC_secp521r1"
     #   resp.certificate.signature_algorithm #=> String
     #   resp.certificate.in_use_by #=> Array
     #   resp.certificate.in_use_by[0] #=> String
-    #   resp.certificate.failure_reason #=> String, one of "NO_AVAILABLE_CONTACTS", "ADDITIONAL_VERIFICATION_REQUIRED", "DOMAIN_NOT_ALLOWED", "INVALID_PUBLIC_DOMAIN", "OTHER"
+    #   resp.certificate.failure_reason #=> String, one of "NO_AVAILABLE_CONTACTS", "ADDITIONAL_VERIFICATION_REQUIRED", "DOMAIN_NOT_ALLOWED", "INVALID_PUBLIC_DOMAIN", "CAA_ERROR", "OTHER"
     #   resp.certificate.type #=> String, one of "IMPORTED", "AMAZON_ISSUED"
     #   resp.certificate.renewal_summary.renewal_status #=> String, one of "PENDING_AUTO_RENEWAL", "PENDING_VALIDATION", "SUCCESS", "FAILED"
     #   resp.certificate.renewal_summary.domain_validation_options #=> Array
@@ -321,6 +325,15 @@ module Aws::ACM
     #   resp.certificate.renewal_summary.domain_validation_options[0].validation_emails[0] #=> String
     #   resp.certificate.renewal_summary.domain_validation_options[0].validation_domain #=> String
     #   resp.certificate.renewal_summary.domain_validation_options[0].validation_status #=> String, one of "PENDING_VALIDATION", "SUCCESS", "FAILED"
+    #   resp.certificate.renewal_summary.domain_validation_options[0].resource_record.name #=> String
+    #   resp.certificate.renewal_summary.domain_validation_options[0].resource_record.type #=> String, one of "CNAME"
+    #   resp.certificate.renewal_summary.domain_validation_options[0].resource_record.value #=> String
+    #   resp.certificate.renewal_summary.domain_validation_options[0].validation_method #=> String, one of "EMAIL", "DNS"
+    #   resp.certificate.key_usages #=> Array
+    #   resp.certificate.key_usages[0].name #=> String, one of "DIGITAL_SIGNATURE", "NON_REPUDIATION", "KEY_ENCIPHERMENT", "DATA_ENCIPHERMENT", "KEY_AGREEMENT", "CERTIFICATE_SIGNING", "CRL_SIGNING", "ENCIPHER_ONLY", "DECIPHER_ONLY", "ANY", "CUSTOM"
+    #   resp.certificate.extended_key_usages #=> Array
+    #   resp.certificate.extended_key_usages[0].name #=> String, one of "TLS_WEB_SERVER_AUTHENTICATION", "TLS_WEB_CLIENT_AUTHENTICATION", "CODE_SIGNING", "EMAIL_PROTECTION", "TIME_STAMPING", "OCSP_SIGNING", "IPSEC_END_SYSTEM", "IPSEC_TUNNEL", "IPSEC_USER", "ANY", "NONE", "CUSTOM"
+    #   resp.certificate.extended_key_usages[0].oid #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08/DescribeCertificate AWS API Documentation
     #
@@ -331,13 +344,12 @@ module Aws::ACM
       req.send_request(options)
     end
 
-    # Retrieves an ACM Certificate and certificate chain for the certificate
-    # specified by an ARN. The chain is an ordered list of certificates that
-    # contains the ACM Certificate, intermediate certificates of subordinate
-    # CAs, and the root certificate in that order. The certificate and
-    # certificate chain are base64 encoded. If you want to decode the
-    # certificate chain to see the individual certificate fields, you can
-    # use OpenSSL.
+    # Retrieves a certificate specified by an ARN and its certificate chain
+    # . The chain is an ordered list of certificates that contains the end
+    # entity ertificate, intermediate certificates of subordinate CAs, and
+    # the root certificate in that order. The certificate and certificate
+    # chain are base64 encoded. If you want to decode the certificate to see
+    # the individual fields, you can use OpenSSL.
     #
     # @option params [required, String] :certificate_arn
     #   String that contains a certificate ARN in the following format:
@@ -376,8 +388,9 @@ module Aws::ACM
       req.send_request(options)
     end
 
-    # Imports an SSL/TLS certificate into AWS Certificate Manager (ACM) to
-    # use with [ACM's integrated AWS services][1].
+    # Imports a certificate into AWS Certificate Manager (ACM) to use with
+    # services that are integrated with ACM. For more information, see
+    # [Integrated Services][1].
     #
     # <note markdown="1"> ACM does not provide [managed renewal][2] for certificates that you
     # import.
@@ -386,31 +399,48 @@ module Aws::ACM
     #
     # For more information about importing certificates into ACM, including
     # the differences between certificates that you import and those that
-    # ACM provides, see [ Importing Certificates][3] in the *AWS Certificate
+    # ACM provides, see [Importing Certificates][3] in the *AWS Certificate
     # Manager User Guide*.
     #
-    # To import a certificate, you must provide the certificate and the
-    # matching private key. When the certificate is not self-signed, you
-    # must also provide a certificate chain. You can omit the certificate
-    # chain when importing a self-signed certificate.
+    # In general, you can import almost any valid certificate. However,
+    # services integrated with ACM allow only certificate types they support
+    # to be associated with their resources. The following guidelines are
+    # also important:
     #
-    # The certificate, private key, and certificate chain must be
-    # PEM-encoded. For more information about converting these items to PEM
-    # format, see [Importing Certificates Troubleshooting][4] in the *AWS
-    # Certificate Manager User Guide*.
+    # * You must enter the private key that matches the certificate you are
+    #   importing.
     #
-    # To import a new certificate, omit the `CertificateArn` field. Include
-    # this field only when you want to replace a previously imported
-    # certificate.
+    # * The private key must be unencrypted. You cannot import a private key
+    #   that is protected by a password or a passphrase.
     #
-    # When you import a certificate by using the CLI or one of the SDKs, you
-    # must specify the certificate, chain, and private key parameters as
-    # file names preceded by `file://`. For example, you can specify a
-    # certificate saved in the `C:\temp` folder as
-    # `C:\temp\certificate_to_import.pem`. If you are making an HTTP or
-    # HTTPS Query request, include these parameters as BLOBs.
+    # * If the certificate you are importing is not self-signed, you must
+    #   enter its certificate chain.
     #
-    # This operation returns the [Amazon Resource Name (ARN)][5] of the
+    # * If a certificate chain is included, the issuer must be the subject
+    #   of one of the certificates in the chain.
+    #
+    # * The certificate, private key, and certificate chain must be
+    #   PEM-encoded.
+    #
+    # * The current time must be between the `Not Before` and `Not After`
+    #   certificate fields.
+    #
+    # * The `Issuer` field must not be empty.
+    #
+    # * The OCSP authority URL must not exceed 1000 characters.
+    #
+    # * To import a new certificate, omit the `CertificateArn` field.
+    #   Include this field only when you want to replace a previously
+    #   imported certificate.
+    #
+    # * When you import a certificate by using the CLI or one of the SDKs,
+    #   you must specify the certificate, certificate chain, and private key
+    #   parameters as file names preceded by `file://`. For example, you can
+    #   specify a certificate saved in the `C:\temp` folder as
+    #   `C:\temp\certificate_to_import.pem`. If you are making an HTTP or
+    #   HTTPS Query request, include these parameters as BLOBs.
+    #
+    # This operation returns the [Amazon Resource Name (ARN)][4] of the
     # imported certificate.
     #
     #
@@ -418,8 +448,7 @@ module Aws::ACM
     # [1]: http://docs.aws.amazon.com/acm/latest/userguide/acm-services.html
     # [2]: http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
     # [3]: http://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html
-    # [4]: http://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html#import-certificate-troubleshooting
-    # [5]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
+    # [4]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
     #
     # @option params [String] :certificate_arn
     #   The [Amazon Resource Name (ARN)][1] of an imported certificate to
@@ -430,27 +459,13 @@ module Aws::ACM
     #   [1]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
     #
     # @option params [required, String, IO] :certificate
-    #   The certificate to import. It must meet the following requirements:
-    #
-    #   * Must be PEM-encoded.
-    #
-    #   * Must contain a 1024-bit or 2048-bit RSA public key.
-    #
-    #   * Must be valid at the time of import. You cannot import a certificate
-    #     before its validity period begins (the certificate's `NotBefore`
-    #     date) or after it expires (the certificate's `NotAfter` date).
+    #   The certificate to import.
     #
     # @option params [required, String, IO] :private_key
-    #   The private key that matches the public key in the certificate. It
-    #   must meet the following requirements:
-    #
-    #   * Must be PEM-encoded.
-    #
-    #   * Must be unencrypted. You cannot import a private key that is
-    #     protected by a password or passphrase.
+    #   The private key that matches the public key in the certificate.
     #
     # @option params [String, IO] :certificate_chain
-    #   The certificate chain. It must be PEM-encoded.
+    #   The PEM encoded certificate chain.
     #
     # @return [Types::ImportCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -478,13 +493,22 @@ module Aws::ACM
       req.send_request(options)
     end
 
-    # Retrieves a list of ACM Certificates and the domain name for each. You
-    # can optionally filter the list to return only the certificates that
-    # match the specified status.
+    # Retrieves a list of certificate ARNs and domain names. You can request
+    # that only certificates that match a specific status be listed. You can
+    # also filter by specific attributes of the certificate.
     #
     # @option params [Array<String>] :certificate_statuses
-    #   The status or statuses on which to filter the list of ACM
-    #   Certificates.
+    #   Filter the certificate list by status value.
+    #
+    # @option params [Types::Filters] :includes
+    #   Filter the certificate list by one or more of the following values.
+    #   For more information, see the Filters structure.
+    #
+    #   * extendedKeyUsage
+    #
+    #   * keyUsage
+    #
+    #   * keyTypes
     #
     # @option params [String] :next_token
     #   Use this parameter only when paginating results and only in a
@@ -508,6 +532,11 @@ module Aws::ACM
     #
     #   resp = client.list_certificates({
     #     certificate_statuses: ["PENDING_VALIDATION"], # accepts PENDING_VALIDATION, ISSUED, INACTIVE, EXPIRED, VALIDATION_TIMED_OUT, REVOKED, FAILED
+    #     includes: {
+    #       extended_key_usage: ["TLS_WEB_SERVER_AUTHENTICATION"], # accepts TLS_WEB_SERVER_AUTHENTICATION, TLS_WEB_CLIENT_AUTHENTICATION, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, IPSEC_END_SYSTEM, IPSEC_TUNNEL, IPSEC_USER, ANY, NONE, CUSTOM
+    #       key_usage: ["DIGITAL_SIGNATURE"], # accepts DIGITAL_SIGNATURE, NON_REPUDIATION, KEY_ENCIPHERMENT, DATA_ENCIPHERMENT, KEY_AGREEMENT, CERTIFICATE_SIGNING, CRL_SIGNING, ENCIPHER_ONLY, DECIPHER_ONLY, ANY, CUSTOM
+    #       key_types: ["RSA_2048"], # accepts RSA_2048, RSA_1024, RSA_4096, EC_prime256v1, EC_secp384r1, EC_secp521r1
+    #     },
     #     next_token: "NextToken",
     #     max_items: 1,
     #   })
@@ -535,7 +564,7 @@ module Aws::ACM
     #
     # @option params [required, String] :certificate_arn
     #   String that contains the ARN of the ACM Certificate for which you want
-    #   to list the tags. This has the following form:
+    #   to list the tags. This must have the following form:
     #
     #   `arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012`
     #
@@ -649,21 +678,12 @@ module Aws::ACM
     #   the same domain. For example, *.example.com protects www.example.com,
     #   site.example.com, and images.example.com.
     #
-    #   The maximum length of a DNS name is 253 octets. The name is made up of
-    #   multiple labels separated by periods. No label can be longer than 63
-    #   octets. Consider the following examples:
-    #
-    #   `(63 octets).(63 octets).(63 octets).(61 octets)` is legal because the
-    #   total length is 253 octets (63+1+63+1+63+1+61) and no label exceeds 63
-    #   octets.
-    #
-    #   `(64 octets).(63 octets).(63 octets).(61 octets)` is not legal because
-    #   the total length exceeds 253 octets (64+1+63+1+63+1+61) and the first
-    #   label exceeds 63 octets.
+    #   The first domain name you enter cannot exceed 63 octets, including
+    #   periods. Each subsequent Subject Alternative Name (SAN), however, can
+    #   be up to 253 octets in length.
     #
-    #   `(63 octets).(63 octets).(63 octets).(62 octets)` is not legal because
-    #   the total length of the DNS name (63+1+63+1+63+1+62) exceeds 253
-    #   octets.
+    # @option params [String] :validation_method
+    #   The method you want to use to validate your domain.
     #
     # @option params [Array<String>] :subject_alternative_names
     #   Additional FQDNs to be included in the Subject Alternative Name
@@ -675,6 +695,22 @@ module Aws::ACM
     #   more than 10 names, you must request a limit increase. For more
     #   information, see [Limits][1].
     #
+    #   The maximum length of a SAN DNS name is 253 octets. The name is made
+    #   up of multiple labels separated by periods. No label can be longer
+    #   than 63 octets. Consider the following examples:
+    #
+    #   * `(63 octets).(63 octets).(63 octets).(61 octets)` is legal because
+    #     the total length is 253 octets (63+1+63+1+63+1+61) and no label
+    #     exceeds 63 octets.
+    #
+    #   * `(64 octets).(63 octets).(63 octets).(61 octets)` is not legal
+    #     because the total length exceeds 253 octets (64+1+63+1+63+1+61) and
+    #     the first label exceeds 63 octets.
+    #
+    #   * `(63 octets).(63 octets).(63 octets).(62 octets)` is not legal
+    #     because the total length of the DNS name (63+1+63+1+63+1+62) exceeds
+    #     253 octets.
+    #
     #
     #
     #   [1]: http://docs.aws.amazon.com/acm/latest/userguide/acm-limits.html
@@ -689,8 +725,8 @@ module Aws::ACM
     #   requesting multiple certificates.
     #
     # @option params [Array<Types::DomainValidationOption>] :domain_validation_options
-    #   The domain name that you want ACM to use to send you emails to
-    #   validate your ownership of the domain.
+    #   The domain name that you want ACM to use to send you emails so taht
+    #   your can validate domain ownership.
     #
     # @return [Types::RequestCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -700,6 +736,7 @@ module Aws::ACM
     #
     #   resp = client.request_certificate({
     #     domain_name: "DomainNameString", # required
+    #     validation_method: "EMAIL", # accepts EMAIL, DNS
     #     subject_alternative_names: ["DomainNameString"],
     #     idempotency_token: "IdempotencyToken",
     #     domain_validation_options: [
@@ -745,9 +782,7 @@ module Aws::ACM
     #   certificate ARN is generated and returned by the RequestCertificate
     #   action as soon as the request is made. By default, using this
     #   parameter causes email to be sent to all top-level domains you
-    #   specified in the certificate request.
-    #
-    #   The ARN must be of the form:
+    #   specified in the certificate request. The ARN must be of the form:
     #
     #   `arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012`
     #
@@ -807,7 +842,7 @@ module Aws::ACM
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-acm'
-      context[:gem_version] = '1.1.0'
+      context[:gem_version] = '1.2.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-acm/client_api.rb

@@ -33,7 +33,12 @@ module Aws::ACM
     DomainValidationList = Shapes::ListShape.new(name: 'DomainValidationList')
     DomainValidationOption = Shapes::StructureShape.new(name: 'DomainValidationOption')
     DomainValidationOptionList = Shapes::ListShape.new(name: 'DomainValidationOptionList')
+    ExtendedKeyUsage = Shapes::StructureShape.new(name: 'ExtendedKeyUsage')
+    ExtendedKeyUsageFilterList = Shapes::ListShape.new(name: 'ExtendedKeyUsageFilterList')
+    ExtendedKeyUsageList = Shapes::ListShape.new(name: 'ExtendedKeyUsageList')
+    ExtendedKeyUsageName = Shapes::StringShape.new(name: 'ExtendedKeyUsageName')
     FailureReason = Shapes::StringShape.new(name: 'FailureReason')
+    Filters = Shapes::StructureShape.new(name: 'Filters')
     GetCertificateRequest = Shapes::StructureShape.new(name: 'GetCertificateRequest')
     GetCertificateResponse = Shapes::StructureShape.new(name: 'GetCertificateResponse')
     IdempotencyToken = Shapes::StringShape.new(name: 'IdempotencyToken')
@@ -45,6 +50,11 @@ module Aws::ACM
     InvalidStateException = Shapes::StructureShape.new(name: 'InvalidStateException')
     InvalidTagException = Shapes::StructureShape.new(name: 'InvalidTagException')
     KeyAlgorithm = Shapes::StringShape.new(name: 'KeyAlgorithm')
+    KeyAlgorithmList = Shapes::ListShape.new(name: 'KeyAlgorithmList')
+    KeyUsage = Shapes::StructureShape.new(name: 'KeyUsage')
+    KeyUsageFilterList = Shapes::ListShape.new(name: 'KeyUsageFilterList')
+    KeyUsageList = Shapes::ListShape.new(name: 'KeyUsageList')
+    KeyUsageName = Shapes::StringShape.new(name: 'KeyUsageName')
     LimitExceededException = Shapes::StructureShape.new(name: 'LimitExceededException')
     ListCertificatesRequest = Shapes::StructureShape.new(name: 'ListCertificatesRequest')
     ListCertificatesResponse = Shapes::StructureShape.new(name: 'ListCertificatesResponse')
@@ -53,6 +63,7 @@ module Aws::ACM
     MaxItems = Shapes::IntegerShape.new(name: 'MaxItems')
     NextToken = Shapes::StringShape.new(name: 'NextToken')
     PrivateKeyBlob = Shapes::BlobShape.new(name: 'PrivateKeyBlob')
+    RecordType = Shapes::StringShape.new(name: 'RecordType')
     RemoveTagsFromCertificateRequest = Shapes::StructureShape.new(name: 'RemoveTagsFromCertificateRequest')
     RenewalStatus = Shapes::StringShape.new(name: 'RenewalStatus')
     RenewalSummary = Shapes::StructureShape.new(name: 'RenewalSummary')
@@ -62,6 +73,7 @@ module Aws::ACM
     ResendValidationEmailRequest = Shapes::StructureShape.new(name: 'ResendValidationEmailRequest')
     ResourceInUseException = Shapes::StructureShape.new(name: 'ResourceInUseException')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
+    ResourceRecord = Shapes::StructureShape.new(name: 'ResourceRecord')
     RevocationReason = Shapes::StringShape.new(name: 'RevocationReason')
     String = Shapes::StringShape.new(name: 'String')
     TStamp = Shapes::TimestampShape.new(name: 'TStamp')
@@ -71,6 +83,7 @@ module Aws::ACM
     TagValue = Shapes::StringShape.new(name: 'TagValue')
     TooManyTagsException = Shapes::StructureShape.new(name: 'TooManyTagsException')
     ValidationEmailList = Shapes::ListShape.new(name: 'ValidationEmailList')
+    ValidationMethod = Shapes::StringShape.new(name: 'ValidationMethod')
 
     AddTagsToCertificateRequest.add_member(:certificate_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateArn"))
     AddTagsToCertificateRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, required: true, location_name: "Tags"))
@@ -97,6 +110,8 @@ module Aws::ACM
     CertificateDetail.add_member(:failure_reason, Shapes::ShapeRef.new(shape: FailureReason, location_name: "FailureReason"))
     CertificateDetail.add_member(:type, Shapes::ShapeRef.new(shape: CertificateType, location_name: "Type"))
     CertificateDetail.add_member(:renewal_summary, Shapes::ShapeRef.new(shape: RenewalSummary, location_name: "RenewalSummary"))
+    CertificateDetail.add_member(:key_usages, Shapes::ShapeRef.new(shape: KeyUsageList, location_name: "KeyUsages"))
+    CertificateDetail.add_member(:extended_key_usages, Shapes::ShapeRef.new(shape: ExtendedKeyUsageList, location_name: "ExtendedKeyUsages"))
     CertificateDetail.struct_class = Types::CertificateDetail
 
     CertificateStatuses.member = Shapes::ShapeRef.new(shape: CertificateStatus)
@@ -122,6 +137,8 @@ module Aws::ACM
     DomainValidation.add_member(:validation_emails, Shapes::ShapeRef.new(shape: ValidationEmailList, location_name: "ValidationEmails"))
     DomainValidation.add_member(:validation_domain, Shapes::ShapeRef.new(shape: DomainNameString, location_name: "ValidationDomain"))
     DomainValidation.add_member(:validation_status, Shapes::ShapeRef.new(shape: DomainStatus, location_name: "ValidationStatus"))
+    DomainValidation.add_member(:resource_record, Shapes::ShapeRef.new(shape: ResourceRecord, location_name: "ResourceRecord"))
+    DomainValidation.add_member(:validation_method, Shapes::ShapeRef.new(shape: ValidationMethod, location_name: "ValidationMethod"))
     DomainValidation.struct_class = Types::DomainValidation
 
     DomainValidationList.member = Shapes::ShapeRef.new(shape: DomainValidation)
@@ -132,6 +149,19 @@ module Aws::ACM
 
     DomainValidationOptionList.member = Shapes::ShapeRef.new(shape: DomainValidationOption)
 
+    ExtendedKeyUsage.add_member(:name, Shapes::ShapeRef.new(shape: ExtendedKeyUsageName, location_name: "Name"))
+    ExtendedKeyUsage.add_member(:oid, Shapes::ShapeRef.new(shape: String, location_name: "OID"))
+    ExtendedKeyUsage.struct_class = Types::ExtendedKeyUsage
+
+    ExtendedKeyUsageFilterList.member = Shapes::ShapeRef.new(shape: ExtendedKeyUsageName)
+
+    ExtendedKeyUsageList.member = Shapes::ShapeRef.new(shape: ExtendedKeyUsage)
+
+    Filters.add_member(:extended_key_usage, Shapes::ShapeRef.new(shape: ExtendedKeyUsageFilterList, location_name: "extendedKeyUsage"))
+    Filters.add_member(:key_usage, Shapes::ShapeRef.new(shape: KeyUsageFilterList, location_name: "keyUsage"))
+    Filters.add_member(:key_types, Shapes::ShapeRef.new(shape: KeyAlgorithmList, location_name: "keyTypes"))
+    Filters.struct_class = Types::Filters
+
     GetCertificateRequest.add_member(:certificate_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateArn"))
     GetCertificateRequest.struct_class = Types::GetCertificateRequest
 
@@ -150,7 +180,17 @@ module Aws::ACM
 
     InUseList.member = Shapes::ShapeRef.new(shape: String)
 
+    KeyAlgorithmList.member = Shapes::ShapeRef.new(shape: KeyAlgorithm)
+
+    KeyUsage.add_member(:name, Shapes::ShapeRef.new(shape: KeyUsageName, location_name: "Name"))
+    KeyUsage.struct_class = Types::KeyUsage
+
+    KeyUsageFilterList.member = Shapes::ShapeRef.new(shape: KeyUsageName)
+
+    KeyUsageList.member = Shapes::ShapeRef.new(shape: KeyUsage)
+
     ListCertificatesRequest.add_member(:certificate_statuses, Shapes::ShapeRef.new(shape: CertificateStatuses, location_name: "CertificateStatuses"))
+    ListCertificatesRequest.add_member(:includes, Shapes::ShapeRef.new(shape: Filters, location_name: "Includes"))
     ListCertificatesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
     ListCertificatesRequest.add_member(:max_items, Shapes::ShapeRef.new(shape: MaxItems, location_name: "MaxItems"))
     ListCertificatesRequest.struct_class = Types::ListCertificatesRequest
@@ -174,6 +214,7 @@ module Aws::ACM
     RenewalSummary.struct_class = Types::RenewalSummary
 
     RequestCertificateRequest.add_member(:domain_name, Shapes::ShapeRef.new(shape: DomainNameString, required: true, location_name: "DomainName"))
+    RequestCertificateRequest.add_member(:validation_method, Shapes::ShapeRef.new(shape: ValidationMethod, location_name: "ValidationMethod"))
     RequestCertificateRequest.add_member(:subject_alternative_names, Shapes::ShapeRef.new(shape: DomainList, location_name: "SubjectAlternativeNames"))
     RequestCertificateRequest.add_member(:idempotency_token, Shapes::ShapeRef.new(shape: IdempotencyToken, location_name: "IdempotencyToken"))
     RequestCertificateRequest.add_member(:domain_validation_options, Shapes::ShapeRef.new(shape: DomainValidationOptionList, location_name: "DomainValidationOptions"))
@@ -187,6 +228,11 @@ module Aws::ACM
     ResendValidationEmailRequest.add_member(:validation_domain, Shapes::ShapeRef.new(shape: DomainNameString, required: true, location_name: "ValidationDomain"))
     ResendValidationEmailRequest.struct_class = Types::ResendValidationEmailRequest
 
+    ResourceRecord.add_member(:name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "Name"))
+    ResourceRecord.add_member(:type, Shapes::ShapeRef.new(shape: RecordType, required: true, location_name: "Type"))
+    ResourceRecord.add_member(:value, Shapes::ShapeRef.new(shape: String, required: true, location_name: "Value"))
+    ResourceRecord.struct_class = Types::ResourceRecord
+
     Tag.add_member(:key, Shapes::ShapeRef.new(shape: TagKey, required: true, location_name: "Key"))
     Tag.add_member(:value, Shapes::ShapeRef.new(shape: TagValue, location_name: "Value"))
     Tag.struct_class = Types::Tag

data/lib/aws-sdk-acm/types.rb

@@ -132,8 +132,7 @@ module Aws::ACM
     #   @return [Time]
     #
     # @!attribute [rw] key_algorithm
-    #   The algorithm that was used to generate the key pair (the public and
-    #   private key).
+    #   The algorithm that was used to generate the public-private key pair.
     #   @return [String]
     #
     # @!attribute [rw] signature_algorithm
@@ -181,6 +180,19 @@ module Aws::ACM
     #   [1]: http://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
     #   @return [Types::RenewalSummary]
     #
+    # @!attribute [rw] key_usages
+    #   A list of Key Usage X.509 v3 extension objects. Each object is a
+    #   string value that identifies the purpose of the public key contained
+    #   in the certificate. Possible extension values include
+    #   DIGITAL\_SIGNATURE, KEY\_ENCHIPHERMENT, NON\_REPUDIATION, and more.
+    #   @return [Array<Types::KeyUsage>]
+    #
+    # @!attribute [rw] extended_key_usages
+    #   Contains a list of Extended Key Usage X.509 v3 extension objects.
+    #   Each object specifies a purpose for which the certificate public key
+    #   can be used and consists of a name and an object identifier (OID).
+    #   @return [Array<Types::ExtendedKeyUsage>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08/CertificateDetail AWS API Documentation
     #
     class CertificateDetail < Struct.new(
@@ -204,7 +216,9 @@ module Aws::ACM
       :in_use_by,
       :failure_reason,
       :type,
-      :renewal_summary)
+      :renewal_summary,
+      :key_usages,
+      :extended_key_usages)
       include Aws::Structure
     end
 
@@ -322,7 +336,28 @@ module Aws::ACM
     #   @return [String]
     #
     # @!attribute [rw] validation_status
-    #   The validation status of the domain name.
+    #   The validation status of the domain name. This can be one of the
+    #   following values:
+    #
+    #   * `PENDING_VALIDATION`
+    #
+    #   * ``SUCCESS
+    #
+    #   * ``FAILED
+    #   @return [String]
+    #
+    # @!attribute [rw] resource_record
+    #   Contains the CNAME record that you add to your DNS database for
+    #   domain validation. For more information, see [Use DNS to Validate
+    #   Domain Ownership][1].
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html
+    #   @return [Types::ResourceRecord]
+    #
+    # @!attribute [rw] validation_method
+    #   Specifies the domain validation method.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08/DomainValidation AWS API Documentation
@@ -331,12 +366,14 @@ module Aws::ACM
       :domain_name,
       :validation_emails,
       :validation_domain,
-      :validation_status)
+      :validation_status,
+      :resource_record,
+      :validation_method)
       include Aws::Structure
     end
 
     # Contains information about the domain names that you want ACM to use
-    # to send you emails to validate your ownership of the domain.
+    # to send you emails that enable you to validate domain ownership.
     #
     # @note When making an API call, you may pass DomainValidationOption
     #   data as a hash:
@@ -378,6 +415,80 @@ module Aws::ACM
       include Aws::Structure
     end
 
+    # The Extended Key Usage X.509 v3 extension defines one or more purposes
+    # for which the public key can be used. This is in addition to or in
+    # place of the basic purposes specified by the Key Usage extension.
+    #
+    # @!attribute [rw] name
+    #   The name of an Extended Key Usage value.
+    #   @return [String]
+    #
+    # @!attribute [rw] oid
+    #   An object identifier (OID) for the extension value. OIDs are strings
+    #   of numbers separated by periods. The following OIDs are defined in
+    #   RFC 3280 and RFC 5280.
+    #
+    #   * `1.3.6.1.5.5.7.3.1 (TLS_WEB_SERVER_AUTHENTICATION)`
+    #
+    #   * `1.3.6.1.5.5.7.3.2 (TLS_WEB_CLIENT_AUTHENTICATION)`
+    #
+    #   * `1.3.6.1.5.5.7.3.3 (CODE_SIGNING)`
+    #
+    #   * `1.3.6.1.5.5.7.3.4 (EMAIL_PROTECTION)`
+    #
+    #   * `1.3.6.1.5.5.7.3.8 (TIME_STAMPING)`
+    #
+    #   * `1.3.6.1.5.5.7.3.9 (OCSP_SIGNING)`
+    #
+    #   * `1.3.6.1.5.5.7.3.5 (IPSEC_END_SYSTEM)`
+    #
+    #   * `1.3.6.1.5.5.7.3.6 (IPSEC_TUNNEL)`
+    #
+    #   * `1.3.6.1.5.5.7.3.7 (IPSEC_USER)`
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08/ExtendedKeyUsage AWS API Documentation
+    #
+    class ExtendedKeyUsage < Struct.new(
+      :name,
+      :oid)
+      include Aws::Structure
+    end
+
+    # This structure can be used in the ListCertificates action to filter
+    # the output of the certificate list.
+    #
+    # @note When making an API call, you may pass Filters
+    #   data as a hash:
+    #
+    #       {
+    #         extended_key_usage: ["TLS_WEB_SERVER_AUTHENTICATION"], # accepts TLS_WEB_SERVER_AUTHENTICATION, TLS_WEB_CLIENT_AUTHENTICATION, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, IPSEC_END_SYSTEM, IPSEC_TUNNEL, IPSEC_USER, ANY, NONE, CUSTOM
+    #         key_usage: ["DIGITAL_SIGNATURE"], # accepts DIGITAL_SIGNATURE, NON_REPUDIATION, KEY_ENCIPHERMENT, DATA_ENCIPHERMENT, KEY_AGREEMENT, CERTIFICATE_SIGNING, CRL_SIGNING, ENCIPHER_ONLY, DECIPHER_ONLY, ANY, CUSTOM
+    #         key_types: ["RSA_2048"], # accepts RSA_2048, RSA_1024, RSA_4096, EC_prime256v1, EC_secp384r1, EC_secp521r1
+    #       }
+    #
+    # @!attribute [rw] extended_key_usage
+    #   Specify one or more ExtendedKeyUsage extension values.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] key_usage
+    #   Specify one or more KeyUsage extension values.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] key_types
+    #   Specify one or more algorithms that can be used to generate key
+    #   pairs.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08/Filters AWS API Documentation
+    #
+    class Filters < Struct.new(
+      :extended_key_usage,
+      :key_usage,
+      :key_types)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetCertificateRequest
     #   data as a hash:
     #
@@ -443,30 +554,15 @@ module Aws::ACM
     #   @return [String]
     #
     # @!attribute [rw] certificate
-    #   The certificate to import. It must meet the following requirements:
-    #
-    #   * Must be PEM-encoded.
-    #
-    #   * Must contain a 1024-bit or 2048-bit RSA public key.
-    #
-    #   * Must be valid at the time of import. You cannot import a
-    #     certificate before its validity period begins (the certificate's
-    #     `NotBefore` date) or after it expires (the certificate's
-    #     `NotAfter` date).
+    #   The certificate to import.
     #   @return [String]
     #
     # @!attribute [rw] private_key
-    #   The private key that matches the public key in the certificate. It
-    #   must meet the following requirements:
-    #
-    #   * Must be PEM-encoded.
-    #
-    #   * Must be unencrypted. You cannot import a private key that is
-    #     protected by a password or passphrase.
+    #   The private key that matches the public key in the certificate.
     #   @return [String]
     #
     # @!attribute [rw] certificate_chain
-    #   The certificate chain. It must be PEM-encoded.
+    #   The PEM encoded certificate chain.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08/ImportCertificateRequest AWS API Documentation
@@ -494,20 +590,49 @@ module Aws::ACM
       include Aws::Structure
     end
 
+    # The Key Usage X.509 v3 extension defines the purpose of the public key
+    # contained in the certificate.
+    #
+    # @!attribute [rw] name
+    #   A string value that contains a Key Usage extension name.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08/KeyUsage AWS API Documentation
+    #
+    class KeyUsage < Struct.new(
+      :name)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListCertificatesRequest
     #   data as a hash:
     #
     #       {
     #         certificate_statuses: ["PENDING_VALIDATION"], # accepts PENDING_VALIDATION, ISSUED, INACTIVE, EXPIRED, VALIDATION_TIMED_OUT, REVOKED, FAILED
+    #         includes: {
+    #           extended_key_usage: ["TLS_WEB_SERVER_AUTHENTICATION"], # accepts TLS_WEB_SERVER_AUTHENTICATION, TLS_WEB_CLIENT_AUTHENTICATION, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, IPSEC_END_SYSTEM, IPSEC_TUNNEL, IPSEC_USER, ANY, NONE, CUSTOM
+    #           key_usage: ["DIGITAL_SIGNATURE"], # accepts DIGITAL_SIGNATURE, NON_REPUDIATION, KEY_ENCIPHERMENT, DATA_ENCIPHERMENT, KEY_AGREEMENT, CERTIFICATE_SIGNING, CRL_SIGNING, ENCIPHER_ONLY, DECIPHER_ONLY, ANY, CUSTOM
+    #           key_types: ["RSA_2048"], # accepts RSA_2048, RSA_1024, RSA_4096, EC_prime256v1, EC_secp384r1, EC_secp521r1
+    #         },
     #         next_token: "NextToken",
     #         max_items: 1,
     #       }
     #
     # @!attribute [rw] certificate_statuses
-    #   The status or statuses on which to filter the list of ACM
-    #   Certificates.
+    #   Filter the certificate list by status value.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] includes
+    #   Filter the certificate list by one or more of the following values.
+    #   For more information, see the Filters structure.
+    #
+    #   * extendedKeyUsage
+    #
+    #   * keyUsage
+    #
+    #   * keyTypes
+    #   @return [Types::Filters]
+    #
     # @!attribute [rw] next_token
     #   Use this parameter only when paginating results and only in a
     #   subsequent request after you receive a response with truncated
@@ -527,6 +652,7 @@ module Aws::ACM
     #
     class ListCertificatesRequest < Struct.new(
       :certificate_statuses,
+      :includes,
       :next_token,
       :max_items)
       include Aws::Structure
@@ -559,7 +685,7 @@ module Aws::ACM
     #
     # @!attribute [rw] certificate_arn
     #   String that contains the ARN of the ACM Certificate for which you
-    #   want to list the tags. This has the following form:
+    #   want to list the tags. This must have the following form:
     #
     #   `arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012`
     #
@@ -669,6 +795,7 @@ module Aws::ACM
     #
     #       {
     #         domain_name: "DomainNameString", # required
+    #         validation_method: "EMAIL", # accepts EMAIL, DNS
     #         subject_alternative_names: ["DomainNameString"],
     #         idempotency_token: "IdempotencyToken",
     #         domain_validation_options: [
@@ -686,21 +813,13 @@ module Aws::ACM
     #   sites in the same domain. For example, *.example.com protects
     #   www.example.com, site.example.com, and images.example.com.
     #
-    #   The maximum length of a DNS name is 253 octets. The name is made up
-    #   of multiple labels separated by periods. No label can be longer than
-    #   63 octets. Consider the following examples:
-    #
-    #   `(63 octets).(63 octets).(63 octets).(61 octets)` is legal because
-    #   the total length is 253 octets (63+1+63+1+63+1+61) and no label
-    #   exceeds 63 octets.
-    #
-    #   `(64 octets).(63 octets).(63 octets).(61 octets)` is not legal
-    #   because the total length exceeds 253 octets (64+1+63+1+63+1+61) and
-    #   the first label exceeds 63 octets.
+    #   The first domain name you enter cannot exceed 63 octets, including
+    #   periods. Each subsequent Subject Alternative Name (SAN), however,
+    #   can be up to 253 octets in length.
+    #   @return [String]
     #
-    #   `(63 octets).(63 octets).(63 octets).(62 octets)` is not legal
-    #   because the total length of the DNS name (63+1+63+1+63+1+62) exceeds
-    #   253 octets.
+    # @!attribute [rw] validation_method
+    #   The method you want to use to validate your domain.
     #   @return [String]
     #
     # @!attribute [rw] subject_alternative_names
@@ -713,6 +832,22 @@ module Aws::ACM
     #   If you need more than 10 names, you must request a limit increase.
     #   For more information, see [Limits][1].
     #
+    #   The maximum length of a SAN DNS name is 253 octets. The name is made
+    #   up of multiple labels separated by periods. No label can be longer
+    #   than 63 octets. Consider the following examples:
+    #
+    #   * `(63 octets).(63 octets).(63 octets).(61 octets)` is legal because
+    #     the total length is 253 octets (63+1+63+1+63+1+61) and no label
+    #     exceeds 63 octets.
+    #
+    #   * `(64 octets).(63 octets).(63 octets).(61 octets)` is not legal
+    #     because the total length exceeds 253 octets (64+1+63+1+63+1+61)
+    #     and the first label exceeds 63 octets.
+    #
+    #   * `(63 octets).(63 octets).(63 octets).(62 octets)` is not legal
+    #     because the total length of the DNS name (63+1+63+1+63+1+62)
+    #     exceeds 253 octets.
+    #
     #
     #
     #   [1]: http://docs.aws.amazon.com/acm/latest/userguide/acm-limits.html
@@ -729,14 +864,15 @@ module Aws::ACM
     #   @return [String]
     #
     # @!attribute [rw] domain_validation_options
-    #   The domain name that you want ACM to use to send you emails to
-    #   validate your ownership of the domain.
+    #   The domain name that you want ACM to use to send you emails so taht
+    #   your can validate domain ownership.
     #   @return [Array<Types::DomainValidationOption>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08/RequestCertificateRequest AWS API Documentation
     #
     class RequestCertificateRequest < Struct.new(
       :domain_name,
+      :validation_method,
       :subject_alternative_names,
       :idempotency_token,
       :domain_validation_options)
@@ -771,9 +907,7 @@ module Aws::ACM
     #   certificate ARN is generated and returned by the RequestCertificate
     #   action as soon as the request is made. By default, using this
     #   parameter causes email to be sent to all top-level domains you
-    #   specified in the certificate request.
-    #
-    #   The ARN must be of the form:
+    #   specified in the certificate request. The ARN must be of the form:
     #
     #   `arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012`
     #   @return [String]
@@ -813,6 +947,33 @@ module Aws::ACM
       include Aws::Structure
     end
 
+    # Contains a DNS record value that you can use to can use to validate
+    # ownership or control of a domain. This is used by the
+    # DescribeCertificate action.
+    #
+    # @!attribute [rw] name
+    #   The name of the DNS record to create in your domain. This is
+    #   supplied by ACM.
+    #   @return [String]
+    #
+    # @!attribute [rw] type
+    #   The type of DNS record. Currently this can be `CNAME`.
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   The value of the CNAME record to add to your DNS database. This is
+    #   supplied by ACM.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08/ResourceRecord AWS API Documentation
+    #
+    class ResourceRecord < Struct.new(
+      :name,
+      :type,
+      :value)
+      include Aws::Structure
+    end
+
     # A key-value pair that identifies or specifies metadata about an ACM
     # resource.
     #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-acm
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-11-01 00:00:00.000000000 Z
+date: 2017-11-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core