aws-sdk-acm 1.88.0 → 1.90.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9bd001aa7d7a94fc363feb294df204432c5f79f9171cc5194fb7cb87b3ee5383
-  data.tar.gz: 5867f446ccf694b112a52158eb747493bea223532d4edd57c52d2d1272eca010
+  metadata.gz: 76352ac7bca4dd390617f36d76a6152527a367f0781020213ea8afae32b684b4
+  data.tar.gz: 3795279f33a873c743bd5f0acdda8000121258d578d14cf9e3b2c1ec0ba672e0
 SHA512:
-  metadata.gz: 505c61f679ad2bee5d68ab78aedfcc708e1736f7047c625a7200d86e90af8ea1b3a946ea268f7bfce650aa1a7e2e41b412e09f30b21f752f71faf04e76fe8796
-  data.tar.gz: acf5fb00b8661a89a30afeab55187d1e4874b0ee11260ca42ccb9b3f7f1c4fb3f36b92fd1b1455a2a8aedca9a58e5ee43990c87db06f3964c08146d9e7904a63
+  metadata.gz: 4e33a69010e17dae12cf2d2f5cd8e47a8bad1f22fdc07de2aa96f35433f9e40d6857a4a372337130882abd776aba344dd8c735a34dcc6fd5ea6c0ec1ef7e1cc9
+  data.tar.gz: a19e9c2758aa07abb452629fb7e4bc9ca1d5a6bf0f5ef7e80839b9fc4a50887ebbabbaff12dc3a212313eb4fc955f3d65e0ed4d778dc43a3afa80a5040955570

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.90.0 (2025-07-21)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.89.0 (2025-06-17)
+------------------
+
+* Feature - Adds support for Exportable Public Certificates
+
 1.88.0 (2025-06-02)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.88.0
+1.90.0

data/lib/aws-sdk-acm/client.rb

@@ -95,7 +95,7 @@ module Aws::ACM
     #     class name or an instance of a plugin class.
     #
     #   @option options [required, Aws::CredentialProvider] :credentials
-    #     Your AWS credentials. This can be an instance of any one of the
+    #     Your AWS credentials used for authentication. This can be an instance of any one of the
     #     following classes:
     #
     #     * `Aws::Credentials` - Used for configuring static, non-refreshing
@@ -128,18 +128,23 @@ module Aws::ACM
     #     locations will be searched for credentials:
     #
     #     * `Aws.config[:credentials]`
+    #
     #     * The `:access_key_id`, `:secret_access_key`, `:session_token`, and
     #       `:account_id` options.
-    #     * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY'],
-    #       ENV['AWS_SESSION_TOKEN'], and ENV['AWS_ACCOUNT_ID']
+    #
+    #     * `ENV['AWS_ACCESS_KEY_ID']`, `ENV['AWS_SECRET_ACCESS_KEY']`,
+    #       `ENV['AWS_SESSION_TOKEN']`, and `ENV['AWS_ACCOUNT_ID']`.
+    #
     #     * `~/.aws/credentials`
+    #
     #     * `~/.aws/config`
+    #
     #     * EC2/ECS IMDS instance profile - When used by default, the timeouts
     #       are very aggressive. Construct and pass an instance of
     #       `Aws::InstanceProfileCredentials` or `Aws::ECSCredentials` to
     #       enable retries and extended timeouts. Instance profile credential
-    #       fetching can be disabled by setting ENV['AWS_EC2_METADATA_DISABLED']
-    #       to true.
+    #       fetching can be disabled by setting `ENV['AWS_EC2_METADATA_DISABLED']`
+    #       to `true`.
     #
     #   @option options [required, String] :region
     #     The AWS region to connect to.  The configured `:region` is
@@ -167,6 +172,11 @@ module Aws::ACM
     #     When false, the request will raise a `RetryCapacityNotAvailableError` and will
     #     not retry instead of sleeping.
     #
+    #   @option options [Array<String>] :auth_scheme_preference
+    #     A list of preferred authentication schemes to use when making a request. Supported values are:
+    #     `sigv4`, `sigv4a`, `httpBearerAuth`, and `noAuth`. When set using `ENV['AWS_AUTH_SCHEME_PREFERENCE']` or in
+    #     shared config as `auth_scheme_preference`, the value should be a comma-separated list.
+    #
     #   @option options [Boolean] :client_side_monitoring (false)
     #     When `true`, client-side metrics will be collected for all API requests from
     #     this client.
@@ -253,8 +263,8 @@ module Aws::ACM
     #     4 times. Used in `standard` and `adaptive` retry modes.
     #
     #   @option options [String] :profile ("default")
-    #     Used when loading credentials from the shared credentials file
-    #     at HOME/.aws/credentials.  When not specified, 'default' is used.
+    #     Used when loading credentials from the shared credentials file at `HOME/.aws/credentials`.
+    #     When not specified, 'default' is used.
     #
     #   @option options [String] :request_checksum_calculation ("when_supported")
     #     Determines when a checksum will be calculated for request payloads. Values are:
@@ -374,7 +384,7 @@ module Aws::ACM
     #     `Aws::Telemetry::OTelProvider` for telemetry provider.
     #
     #   @option options [Aws::TokenProvider] :token_provider
-    #     A Bearer Token Provider. This can be an instance of any one of the
+    #     Your Bearer token used for authentication. This can be an instance of any one of the
     #     following classes:
     #
     #     * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
@@ -669,6 +679,7 @@ module Aws::ACM
     #   resp.certificate.certificate_authority_arn #=> String
     #   resp.certificate.renewal_eligibility #=> String, one of "ELIGIBLE", "INELIGIBLE"
     #   resp.certificate.options.certificate_transparency_logging_preference #=> String, one of "ENABLED", "DISABLED"
+    #   resp.certificate.options.export #=> String, one of "ENABLED", "DISABLED"
     #
     #
     # The following waiters are defined for this operation (see {Client#wait_until} for detailed usage):
@@ -685,18 +696,20 @@ module Aws::ACM
     end
 
     # Exports a private certificate issued by a private certificate
-    # authority (CA) for use anywhere. The exported file contains the
-    # certificate, the certificate chain, and the encrypted private 2048-bit
-    # RSA key associated with the public key that is embedded in the
-    # certificate. For security, you must assign a passphrase for the
+    # authority (CA) or public certificate for use anywhere. The exported
+    # file contains the certificate, the certificate chain, and the
+    # encrypted private key associated with the public key that is embedded
+    # in the certificate. For security, you must assign a passphrase for the
     # private key when exporting it.
     #
     # For information about exporting and formatting a certificate using the
-    # ACM console or CLI, see [Export a Private Certificate][1].
+    # ACM console or CLI, see [Export a private certificate][1] and [Export
+    # a public certificate][2].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-export-private.html
+    # [1]: https://docs.aws.amazon.com/acm/latest/userguide/export-private.html
+    # [2]: https://docs.aws.amazon.com/acm/latest/userguide/export-public-certificate
     #
     # @option params [required, String] :certificate_arn
     #   An Amazon Resource Name (ARN) of the issued certificate. This must be
@@ -983,6 +996,7 @@ module Aws::ACM
     #       extended_key_usage: ["TLS_WEB_SERVER_AUTHENTICATION"], # accepts TLS_WEB_SERVER_AUTHENTICATION, TLS_WEB_CLIENT_AUTHENTICATION, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, IPSEC_END_SYSTEM, IPSEC_TUNNEL, IPSEC_USER, ANY, NONE, CUSTOM
     #       key_usage: ["DIGITAL_SIGNATURE"], # accepts DIGITAL_SIGNATURE, NON_REPUDIATION, KEY_ENCIPHERMENT, DATA_ENCIPHERMENT, KEY_AGREEMENT, CERTIFICATE_SIGNING, CRL_SIGNING, ENCIPHER_ONLY, DECIPHER_ONLY, ANY, CUSTOM
     #       key_types: ["RSA_1024"], # accepts RSA_1024, RSA_2048, RSA_3072, RSA_4096, EC_prime256v1, EC_secp384r1, EC_secp521r1
+    #       export_option: "ENABLED", # accepts ENABLED, DISABLED
     #       managed_by: "CLOUDFRONT", # accepts CLOUDFRONT
     #     },
     #     next_token: "NextToken",
@@ -1007,6 +1021,7 @@ module Aws::ACM
     #   resp.certificate_summary_list[0].key_usages[0] #=> String, one of "DIGITAL_SIGNATURE", "NON_REPUDIATION", "KEY_ENCIPHERMENT", "DATA_ENCIPHERMENT", "KEY_AGREEMENT", "CERTIFICATE_SIGNING", "CRL_SIGNING", "ENCIPHER_ONLY", "DECIPHER_ONLY", "ANY", "CUSTOM"
     #   resp.certificate_summary_list[0].extended_key_usages #=> Array
     #   resp.certificate_summary_list[0].extended_key_usages[0] #=> String, one of "TLS_WEB_SERVER_AUTHENTICATION", "TLS_WEB_CLIENT_AUTHENTICATION", "CODE_SIGNING", "EMAIL_PROTECTION", "TIME_STAMPING", "OCSP_SIGNING", "IPSEC_END_SYSTEM", "IPSEC_TUNNEL", "IPSEC_USER", "ANY", "NONE", "CUSTOM"
+    #   resp.certificate_summary_list[0].export_option #=> String, one of "ENABLED", "DISABLED"
     #   resp.certificate_summary_list[0].in_use #=> Boolean
     #   resp.certificate_summary_list[0].exported #=> Boolean
     #   resp.certificate_summary_list[0].renewal_eligibility #=> String, one of "ELIGIBLE", "INELIGIBLE"
@@ -1158,17 +1173,16 @@ module Aws::ACM
       req.send_request(options)
     end
 
-    # Renews an eligible ACM certificate. At this time, only exported
-    # private certificates can be renewed with this operation. In order to
-    # renew your Amazon Web Services Private CA certificates with ACM, you
-    # must first [grant the ACM service principal permission to do so][1].
-    # For more information, see [Testing Managed Renewal][2] in the ACM User
-    # Guide.
+    # Renews an [eligible ACM certificate][1]. In order to renew your Amazon
+    # Web Services Private CA certificates with ACM, you must first [grant
+    # the ACM service principal permission to do so][2]. For more
+    # information, see [Testing Managed Renewal][3] in the ACM User Guide.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaPermissions.html
-    # [2]: https://docs.aws.amazon.com/acm/latest/userguide/manual-renewal.html
+    # [1]: https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaPermissions.html
+    # [3]: https://docs.aws.amazon.com/acm/latest/userguide/manual-renewal.html
     #
     # @option params [required, String] :certificate_arn
     #   String that contains the ARN of the ACM certificate to be renewed.
@@ -1210,8 +1224,7 @@ module Aws::ACM
     # required. If you are requesting a public certificate, each domain name
     # that you specify must be validated to verify that you own or control
     # the domain. You can use [DNS validation][1] or [email validation][2].
-    # We recommend that you use DNS validation. ACM issues public
-    # certificates after receiving approval from the domain owner.
+    # We recommend that you use DNS validation.
     #
     # <note markdown="1"> ACM behavior differs from the [RFC 6125][3] specification of the
     # certificate validation process. ACM first checks for a Subject
@@ -1301,16 +1314,24 @@ module Aws::ACM
     #   you can validate domain ownership.
     #
     # @option params [Types::CertificateOptions] :options
-    #   Currently, you can use this parameter to specify whether to add the
-    #   certificate to a certificate transparency log. Certificate
-    #   transparency makes it possible to detect SSL/TLS certificates that
-    #   have been mistakenly or maliciously issued. Certificates that have not
-    #   been logged typically produce an error message in a browser. For more
-    #   information, see [Opting Out of Certificate Transparency Logging][1].
+    #   You can use this parameter to specify whether to add the certificate
+    #   to a certificate transparency log and export your certificate.
+    #
+    #   Certificate transparency makes it possible to detect SSL/TLS
+    #   certificates that have been mistakenly or maliciously issued.
+    #   Certificates that have not been logged typically produce an error
+    #   message in a browser. For more information, see [Opting Out of
+    #   Certificate Transparency Logging][1].
+    #
+    #   You can export public ACM certificates to use with Amazon Web Services
+    #   services as well as outside the Amazon Web Services Cloud. For more
+    #   information, see [Certificate Manager exportable public
+    #   certificate][2].
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html#best-practices-transparency
+    #   [2]: https://docs.aws.amazon.com/acm/latest/userguide/acm-exportable-certificates.html
     #
     # @option params [String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) of the private certificate authority
@@ -1389,6 +1410,7 @@ module Aws::ACM
     #     ],
     #     options: {
     #       certificate_transparency_logging_preference: "ENABLED", # accepts ENABLED, DISABLED
+    #       export: "ENABLED", # accepts ENABLED, DISABLED
     #     },
     #     certificate_authority_arn: "PcaArn",
     #     tags: [
@@ -1483,14 +1505,52 @@ module Aws::ACM
       req.send_request(options)
     end
 
-    # Updates a certificate. Currently, you can use this function to specify
-    # whether to opt in to or out of recording your certificate in a
-    # certificate transparency log. For more information, see [ Opting Out
-    # of Certificate Transparency Logging][1].
+    # Revokes a public ACM certificate. You can only revoke certificates
+    # that have been previously exported.
+    #
+    # @option params [required, String] :certificate_arn
+    #   The Amazon Resource Name (ARN) of the public or private certificate
+    #   that will be revoked. The ARN must have the following form:
+    #
+    #   `arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012`
+    #
+    # @option params [required, String] :revocation_reason
+    #   Specifies why you revoked the certificate.
+    #
+    # @return [Types::RevokeCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::RevokeCertificateResponse#certificate_arn #certificate_arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.revoke_certificate({
+    #     certificate_arn: "Arn", # required
+    #     revocation_reason: "UNSPECIFIED", # required, accepts UNSPECIFIED, KEY_COMPROMISE, CA_COMPROMISE, AFFILIATION_CHANGED, SUPERCEDED, SUPERSEDED, CESSATION_OF_OPERATION, CERTIFICATE_HOLD, REMOVE_FROM_CRL, PRIVILEGE_WITHDRAWN, A_A_COMPROMISE
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.certificate_arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08/RevokeCertificate AWS API Documentation
+    #
+    # @overload revoke_certificate(params = {})
+    # @param [Hash] params ({})
+    def revoke_certificate(params = {}, options = {})
+      req = build_request(:revoke_certificate, params)
+      req.send_request(options)
+    end
+
+    # Updates a certificate. You can use this function to specify whether to
+    # opt in to or out of recording your certificate in a certificate
+    # transparency log and exporting. For more information, see [ Opting Out
+    # of Certificate Transparency Logging][1] and [Certificate Manager
+    # Exportable Managed Certificates][2].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html#best-practices-transparency
+    # [2]: https://docs.aws.amazon.com/acm/latest/userguide/acm-exportable-certificates.html
     #
     # @option params [required, String] :certificate_arn
     #   ARN of the requested certificate to update. This must be of the form:
@@ -1500,11 +1560,11 @@ module Aws::ACM
     #
     # @option params [required, Types::CertificateOptions] :options
     #   Use to update the options for your certificate. Currently, you can
-    #   specify whether to add your certificate to a transparency log.
-    #   Certificate transparency makes it possible to detect SSL/TLS
-    #   certificates that have been mistakenly or maliciously issued.
-    #   Certificates that have not been logged typically produce an error
-    #   message in a browser.
+    #   specify whether to add your certificate to a transparency log or
+    #   export your certificate. Certificate transparency makes it possible to
+    #   detect SSL/TLS certificates that have been mistakenly or maliciously
+    #   issued. Certificates that have not been logged typically produce an
+    #   error message in a browser.
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -1514,6 +1574,7 @@ module Aws::ACM
     #     certificate_arn: "Arn", # required
     #     options: { # required
     #       certificate_transparency_logging_preference: "ENABLED", # accepts ENABLED, DISABLED
+    #       export: "ENABLED", # accepts ENABLED, DISABLED
     #     },
     #   })
     #
@@ -1544,7 +1605,7 @@ module Aws::ACM
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-acm'
-      context[:gem_version] = '1.88.0'
+      context[:gem_version] = '1.90.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-acm/client_api.rb

@@ -23,6 +23,7 @@ module Aws::ACM
     CertificateChain = Shapes::StringShape.new(name: 'CertificateChain')
     CertificateChainBlob = Shapes::BlobShape.new(name: 'CertificateChainBlob')
     CertificateDetail = Shapes::StructureShape.new(name: 'CertificateDetail')
+    CertificateExport = Shapes::StringShape.new(name: 'CertificateExport')
     CertificateManagedBy = Shapes::StringShape.new(name: 'CertificateManagedBy')
     CertificateOptions = Shapes::StructureShape.new(name: 'CertificateOptions')
     CertificateStatus = Shapes::StringShape.new(name: 'CertificateStatus')
@@ -101,6 +102,8 @@ module Aws::ACM
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
     ResourceRecord = Shapes::StructureShape.new(name: 'ResourceRecord')
     RevocationReason = Shapes::StringShape.new(name: 'RevocationReason')
+    RevokeCertificateRequest = Shapes::StructureShape.new(name: 'RevokeCertificateRequest')
+    RevokeCertificateResponse = Shapes::StructureShape.new(name: 'RevokeCertificateResponse')
     ServiceErrorMessage = Shapes::StringShape.new(name: 'ServiceErrorMessage')
     SortBy = Shapes::StringShape.new(name: 'SortBy')
     SortOrder = Shapes::StringShape.new(name: 'SortOrder')
@@ -156,6 +159,7 @@ module Aws::ACM
     CertificateDetail.struct_class = Types::CertificateDetail
 
     CertificateOptions.add_member(:certificate_transparency_logging_preference, Shapes::ShapeRef.new(shape: CertificateTransparencyLoggingPreference, location_name: "CertificateTransparencyLoggingPreference"))
+    CertificateOptions.add_member(:export, Shapes::ShapeRef.new(shape: CertificateExport, location_name: "Export"))
     CertificateOptions.struct_class = Types::CertificateOptions
 
     CertificateStatuses.member = Shapes::ShapeRef.new(shape: CertificateStatus)
@@ -169,6 +173,7 @@ module Aws::ACM
     CertificateSummary.add_member(:key_algorithm, Shapes::ShapeRef.new(shape: KeyAlgorithm, location_name: "KeyAlgorithm"))
     CertificateSummary.add_member(:key_usages, Shapes::ShapeRef.new(shape: KeyUsageNames, location_name: "KeyUsages"))
     CertificateSummary.add_member(:extended_key_usages, Shapes::ShapeRef.new(shape: ExtendedKeyUsageNames, location_name: "ExtendedKeyUsages"))
+    CertificateSummary.add_member(:export_option, Shapes::ShapeRef.new(shape: CertificateExport, location_name: "ExportOption"))
     CertificateSummary.add_member(:in_use, Shapes::ShapeRef.new(shape: NullableBoolean, location_name: "InUse"))
     CertificateSummary.add_member(:exported, Shapes::ShapeRef.new(shape: NullableBoolean, location_name: "Exported"))
     CertificateSummary.add_member(:renewal_eligibility, Shapes::ShapeRef.new(shape: RenewalEligibility, location_name: "RenewalEligibility"))
@@ -239,6 +244,7 @@ module Aws::ACM
     Filters.add_member(:extended_key_usage, Shapes::ShapeRef.new(shape: ExtendedKeyUsageFilterList, location_name: "extendedKeyUsage"))
     Filters.add_member(:key_usage, Shapes::ShapeRef.new(shape: KeyUsageFilterList, location_name: "keyUsage"))
     Filters.add_member(:key_types, Shapes::ShapeRef.new(shape: KeyAlgorithmList, location_name: "keyTypes"))
+    Filters.add_member(:export_option, Shapes::ShapeRef.new(shape: CertificateExport, location_name: "exportOption"))
     Filters.add_member(:managed_by, Shapes::ShapeRef.new(shape: CertificateManagedBy, location_name: "managedBy"))
     Filters.struct_class = Types::Filters
 
@@ -369,6 +375,13 @@ module Aws::ACM
     ResourceRecord.add_member(:value, Shapes::ShapeRef.new(shape: String, required: true, location_name: "Value"))
     ResourceRecord.struct_class = Types::ResourceRecord
 
+    RevokeCertificateRequest.add_member(:certificate_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateArn"))
+    RevokeCertificateRequest.add_member(:revocation_reason, Shapes::ShapeRef.new(shape: RevocationReason, required: true, location_name: "RevocationReason"))
+    RevokeCertificateRequest.struct_class = Types::RevokeCertificateRequest
+
+    RevokeCertificateResponse.add_member(:certificate_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "CertificateArn"))
+    RevokeCertificateResponse.struct_class = Types::RevokeCertificateResponse
+
     Tag.add_member(:key, Shapes::ShapeRef.new(shape: TagKey, required: true, location_name: "Key"))
     Tag.add_member(:value, Shapes::ShapeRef.new(shape: TagValue, location_name: "Value"))
     Tag.struct_class = Types::Tag
@@ -421,11 +434,11 @@ module Aws::ACM
         o.http_request_uri = "/"
         o.input = Shapes::ShapeRef.new(shape: AddTagsToCertificateRequest)
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
-        o.errors << Shapes::ShapeRef.new(shape: TagPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: TagPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyTagsException)
-        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidTagException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
@@ -437,8 +450,8 @@ module Aws::ACM
         o.input = Shapes::ShapeRef.new(shape: DeleteCertificateRequest)
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
         o.errors << Shapes::ShapeRef.new(shape: ResourceInUseException)
-        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
         o.errors << Shapes::ShapeRef.new(shape: ConflictException)
         o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
@@ -492,8 +505,8 @@ module Aws::ACM
         o.http_request_uri = "/"
         o.input = Shapes::ShapeRef.new(shape: ImportCertificateRequest)
         o.output = Shapes::ShapeRef.new(shape: ImportCertificateResponse)
-        o.errors << Shapes::ShapeRef.new(shape: TagPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: TagPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyTagsException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidTagException)
@@ -545,10 +558,10 @@ module Aws::ACM
         o.http_request_uri = "/"
         o.input = Shapes::ShapeRef.new(shape: RemoveTagsFromCertificateRequest)
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
-        o.errors << Shapes::ShapeRef.new(shape: TagPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
-        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: TagPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidTagException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
@@ -570,8 +583,8 @@ module Aws::ACM
         o.http_request_uri = "/"
         o.input = Shapes::ShapeRef.new(shape: RequestCertificateRequest)
         o.output = Shapes::ShapeRef.new(shape: RequestCertificateResponse)
-        o.errors << Shapes::ShapeRef.new(shape: TagPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: TagPolicyException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyTagsException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidTagException)
@@ -591,6 +604,20 @@ module Aws::ACM
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
       end)
 
+      api.add_operation(:revoke_certificate, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "RevokeCertificate"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: RevokeCertificateRequest)
+        o.output = Shapes::ShapeRef.new(shape: RevokeCertificateResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceInUseException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: ThrottlingException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+        o.errors << Shapes::ShapeRef.new(shape: AccessDeniedException)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+      end)
+
       api.add_operation(:update_certificate_options, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdateCertificateOptions"
         o.http_method = "POST"

data/lib/aws-sdk-acm/types.rb

@@ -272,28 +272,42 @@ module Aws::ACM
       include Aws::Structure
     end
 
-    # Structure that contains options for your certificate. Currently, you
-    # can use this only to specify whether to opt in to or out of
-    # certificate transparency logging. Some browsers require that public
-    # certificates issued for your domain be recorded in a log. Certificates
-    # that are not logged typically generate a browser error. Transparency
-    # makes it possible for you to detect SSL/TLS certificates that have
-    # been mistakenly or maliciously issued for your domain. For general
-    # information, see [Certificate Transparency Logging][1].
+    # Structure that contains options for your certificate. You can use this
+    # structure to specify whether to opt in to or out of certificate
+    # transparency logging and export your certificate.
+    #
+    # Some browsers require that public certificates issued for your domain
+    # be recorded in a log. Certificates that are not logged typically
+    # generate a browser error. Transparency makes it possible for you to
+    # detect SSL/TLS certificates that have been mistakenly or maliciously
+    # issued for your domain. For general information, see [Certificate
+    # Transparency Logging][1].
+    #
+    # You can export public ACM certificates to use with Amazon Web Services
+    # services as well as outside Amazon Web Services Cloud. For more
+    # information, see [Certificate Manager exportable public
+    # certificate][2].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency
+    # [2]: https://docs.aws.amazon.com/acm/latest/userguide/acm-exportable-certificates.html
     #
     # @!attribute [rw] certificate_transparency_logging_preference
     #   You can opt out of certificate transparency logging by specifying
     #   the `DISABLED` option. Opt in by specifying `ENABLED`.
     #   @return [String]
     #
+    # @!attribute [rw] export
+    #   You can opt in to allow the export of your certificates by
+    #   specifying `ENABLED`.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08/CertificateOptions AWS API Documentation
     #
     class CertificateOptions < Struct.new(
-      :certificate_transparency_logging_preference)
+      :certificate_transparency_logging_preference,
+      :export)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -404,6 +418,10 @@ module Aws::ACM
     #   can be used and consists of a name and an object identifier (OID).
     #   @return [Array<String>]
     #
+    # @!attribute [rw] export_option
+    #   Indicates if export is enabled for the certificate.
+    #   @return [String]
+    #
     # @!attribute [rw] in_use
     #   Indicates whether the certificate is currently in use by any Amazon
     #   Web Services resources.
@@ -464,6 +482,7 @@ module Aws::ACM
       :key_algorithm,
       :key_usages,
       :extended_key_usages,
+      :export_option,
       :in_use,
       :exported,
       :renewal_eligibility,
@@ -582,11 +601,13 @@ module Aws::ACM
     #   domain validation. For more information, see [Use DNS to Validate
     #   Domain Ownership][1].
     #
-    #   Note: The CNAME information that you need does not include the name
-    #   of your domain. If you include your domain name in the DNS database
+    #   <note markdown="1"> The CNAME information that you need does not include the name of
+    #   your domain. If you include your domain name in the DNS database
     #   CNAME record, validation fails. For example, if the name is
-    #   "\_a79865eb4cd1a6ab990a45779b4e0b96.yourdomain.com", only
-    #   "\_a79865eb4cd1a6ab990a45779b4e0b96" must be used.
+    #   `_a79865eb4cd1a6ab990a45779b4e0b96.yourdomain.com`, only
+    #   `_a79865eb4cd1a6ab990a45779b4e0b96` must be used.
+    #
+    #    </note>
     #
     #
     #
@@ -595,9 +616,9 @@ module Aws::ACM
     #
     # @!attribute [rw] http_redirect
     #   Contains information for HTTP-based domain validation of
-    #   certificates requested through CloudFront and issued by ACM. This
-    #   field exists only when the certificate type is `AMAZON_ISSUED` and
-    #   the validation method is `HTTP`.
+    #   certificates requested through Amazon CloudFront and issued by ACM.
+    #   This field exists only when the certificate type is `AMAZON_ISSUED`
+    #   and the validation method is `HTTP`.
     #   @return [Types::HttpRedirect]
     #
     # @!attribute [rw] validation_method
@@ -794,6 +815,11 @@ module Aws::ACM
     #   certificates.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] export_option
+    #   Specify `ENABLED` or `DISABLED` to identify certificates that can be
+    #   exported.
+    #   @return [String]
+    #
     # @!attribute [rw] managed_by
     #   Identifies the Amazon Web Services service that manages the
     #   certificate issued by ACM.
@@ -805,6 +831,7 @@ module Aws::ACM
       :extended_key_usage,
       :key_usage,
       :key_types,
+      :export_option,
       :managed_by)
       SENSITIVE = []
       include Aws::Structure
@@ -865,9 +892,9 @@ module Aws::ACM
     end
 
     # Contains information for HTTP-based domain validation of certificates
-    # requested through CloudFront and issued by ACM. This field exists only
-    # when the certificate type is `AMAZON_ISSUED` and the validation method
-    # is `HTTP`.
+    # requested through Amazon CloudFront and issued by ACM. This field
+    # exists only when the certificate type is `AMAZON_ISSUED` and the
+    # validation method is `HTTP`.
     #
     # @!attribute [rw] redirect_from
     #   The URL including the domain to be validated. The certificate
@@ -944,7 +971,7 @@ module Aws::ACM
       include Aws::Structure
     end
 
-    # One or more of of request parameters specified is not valid.
+    # One or more of request parameters specified is not valid.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1349,17 +1376,24 @@ module Aws::ACM
     #   @return [Array<Types::DomainValidationOption>]
     #
     # @!attribute [rw] options
-    #   Currently, you can use this parameter to specify whether to add the
-    #   certificate to a certificate transparency log. Certificate
-    #   transparency makes it possible to detect SSL/TLS certificates that
-    #   have been mistakenly or maliciously issued. Certificates that have
-    #   not been logged typically produce an error message in a browser. For
-    #   more information, see [Opting Out of Certificate Transparency
-    #   Logging][1].
+    #   You can use this parameter to specify whether to add the certificate
+    #   to a certificate transparency log and export your certificate.
+    #
+    #   Certificate transparency makes it possible to detect SSL/TLS
+    #   certificates that have been mistakenly or maliciously issued.
+    #   Certificates that have not been logged typically produce an error
+    #   message in a browser. For more information, see [Opting Out of
+    #   Certificate Transparency Logging][1].
+    #
+    #   You can export public ACM certificates to use with Amazon Web
+    #   Services services as well as outside the Amazon Web Services Cloud.
+    #   For more information, see [Certificate Manager exportable public
+    #   certificate][2].
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html#best-practices-transparency
+    #   [2]: https://docs.aws.amazon.com/acm/latest/userguide/acm-exportable-certificates.html
     #   @return [Types::CertificateOptions]
     #
     # @!attribute [rw] certificate_authority_arn
@@ -1573,6 +1607,39 @@ module Aws::ACM
       include Aws::Structure
     end
 
+    # @!attribute [rw] certificate_arn
+    #   The Amazon Resource Name (ARN) of the public or private certificate
+    #   that will be revoked. The ARN must have the following form:
+    #
+    #   `arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012`
+    #   @return [String]
+    #
+    # @!attribute [rw] revocation_reason
+    #   Specifies why you revoked the certificate.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08/RevokeCertificateRequest AWS API Documentation
+    #
+    class RevokeCertificateRequest < Struct.new(
+      :certificate_arn,
+      :revocation_reason)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] certificate_arn
+    #   The Amazon Resource Name (ARN) of the public or private certificate
+    #   that was revoked.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08/RevokeCertificateResponse AWS API Documentation
+    #
+    class RevokeCertificateResponse < Struct.new(
+      :certificate_arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A key-value pair that identifies or specifies metadata about an ACM
     # resource.
     #
@@ -1644,11 +1711,11 @@ module Aws::ACM
     #
     # @!attribute [rw] options
     #   Use to update the options for your certificate. Currently, you can
-    #   specify whether to add your certificate to a transparency log.
-    #   Certificate transparency makes it possible to detect SSL/TLS
-    #   certificates that have been mistakenly or maliciously issued.
-    #   Certificates that have not been logged typically produce an error
-    #   message in a browser.
+    #   specify whether to add your certificate to a transparency log or
+    #   export your certificate. Certificate transparency makes it possible
+    #   to detect SSL/TLS certificates that have been mistakenly or
+    #   maliciously issued. Certificates that have not been logged typically
+    #   produce an error message in a browser.
     #   @return [Types::CertificateOptions]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-2015-12-08/UpdateCertificateOptionsRequest AWS API Documentation

data/lib/aws-sdk-acm.rb

@@ -55,7 +55,7 @@ module Aws::ACM
   autoload :EndpointProvider, 'aws-sdk-acm/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-acm/endpoints'
 
-  GEM_VERSION = '1.88.0'
+  GEM_VERSION = '1.90.0'
 
 end
 

data/sig/client.rbs

@@ -18,6 +18,7 @@ module Aws
                       ?account_id: String,
                       ?active_endpoint_cache: bool,
                       ?adaptive_retry_wait_to_fill: bool,
+                      ?auth_scheme_preference: Array[String],
                       ?client_side_monitoring: bool,
                       ?client_side_monitoring_client_id: String,
                       ?client_side_monitoring_host: String,
@@ -169,6 +170,7 @@ module Aws
                                  extended_key_usage: Array[("TLS_WEB_SERVER_AUTHENTICATION" | "TLS_WEB_CLIENT_AUTHENTICATION" | "CODE_SIGNING" | "EMAIL_PROTECTION" | "TIME_STAMPING" | "OCSP_SIGNING" | "IPSEC_END_SYSTEM" | "IPSEC_TUNNEL" | "IPSEC_USER" | "ANY" | "NONE" | "CUSTOM")]?,
                                  key_usage: Array[("DIGITAL_SIGNATURE" | "NON_REPUDIATION" | "KEY_ENCIPHERMENT" | "DATA_ENCIPHERMENT" | "KEY_AGREEMENT" | "CERTIFICATE_SIGNING" | "CRL_SIGNING" | "ENCIPHER_ONLY" | "DECIPHER_ONLY" | "ANY" | "CUSTOM")]?,
                                  key_types: Array[("RSA_1024" | "RSA_2048" | "RSA_3072" | "RSA_4096" | "EC_prime256v1" | "EC_secp384r1" | "EC_secp521r1")]?,
+                                 export_option: ("ENABLED" | "DISABLED")?,
                                  managed_by: ("CLOUDFRONT")?
                                },
                                ?next_token: ::String,
@@ -232,7 +234,8 @@ module Aws
                                    },
                                  ],
                                  ?options: {
-                                   certificate_transparency_logging_preference: ("ENABLED" | "DISABLED")?
+                                   certificate_transparency_logging_preference: ("ENABLED" | "DISABLED")?,
+                                   export: ("ENABLED" | "DISABLED")?
                                  },
                                  ?certificate_authority_arn: ::String,
                                  ?tags: Array[
@@ -254,11 +257,23 @@ module Aws
                                    ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
                                  | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
 
+      interface _RevokeCertificateResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::RevokeCertificateResponse]
+        def certificate_arn: () -> ::String
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/ACM/Client.html#revoke_certificate-instance_method
+      def revoke_certificate: (
+                                certificate_arn: ::String,
+                                revocation_reason: ("UNSPECIFIED" | "KEY_COMPROMISE" | "CA_COMPROMISE" | "AFFILIATION_CHANGED" | "SUPERCEDED" | "SUPERSEDED" | "CESSATION_OF_OPERATION" | "CERTIFICATE_HOLD" | "REMOVE_FROM_CRL" | "PRIVILEGE_WITHDRAWN" | "A_A_COMPROMISE")
+                              ) -> _RevokeCertificateResponseSuccess
+                            | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _RevokeCertificateResponseSuccess
+
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/ACM/Client.html#update_certificate_options-instance_method
       def update_certificate_options: (
                                         certificate_arn: ::String,
                                         options: {
-                                          certificate_transparency_logging_preference: ("ENABLED" | "DISABLED")?
+                                          certificate_transparency_logging_preference: ("ENABLED" | "DISABLED")?,
+                                          export: ("ENABLED" | "DISABLED")?
                                         }
                                       ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
                                     | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]

data/sig/resource.rbs

@@ -18,6 +18,7 @@ module Aws
                         ?account_id: String,
                         ?active_endpoint_cache: bool,
                         ?adaptive_retry_wait_to_fill: bool,
+                        ?auth_scheme_preference: Array[String],
                         ?client_side_monitoring: bool,
                         ?client_side_monitoring_client_id: String,
                         ?client_side_monitoring_host: String,

data/sig/types.rbs

@@ -52,6 +52,7 @@ module Aws::ACM
 
     class CertificateOptions
       attr_accessor certificate_transparency_logging_preference: ("ENABLED" | "DISABLED")
+      attr_accessor export: ("ENABLED" | "DISABLED")
       SENSITIVE: []
     end
 
@@ -65,6 +66,7 @@ module Aws::ACM
       attr_accessor key_algorithm: ("RSA_1024" | "RSA_2048" | "RSA_3072" | "RSA_4096" | "EC_prime256v1" | "EC_secp384r1" | "EC_secp521r1")
       attr_accessor key_usages: ::Array[("DIGITAL_SIGNATURE" | "NON_REPUDIATION" | "KEY_ENCIPHERMENT" | "DATA_ENCIPHERMENT" | "KEY_AGREEMENT" | "CERTIFICATE_SIGNING" | "CRL_SIGNING" | "ENCIPHER_ONLY" | "DECIPHER_ONLY" | "ANY" | "CUSTOM")]
       attr_accessor extended_key_usages: ::Array[("TLS_WEB_SERVER_AUTHENTICATION" | "TLS_WEB_CLIENT_AUTHENTICATION" | "CODE_SIGNING" | "EMAIL_PROTECTION" | "TIME_STAMPING" | "OCSP_SIGNING" | "IPSEC_END_SYSTEM" | "IPSEC_TUNNEL" | "IPSEC_USER" | "ANY" | "NONE" | "CUSTOM")]
+      attr_accessor export_option: ("ENABLED" | "DISABLED")
       attr_accessor in_use: bool
       attr_accessor exported: bool
       attr_accessor renewal_eligibility: ("ELIGIBLE" | "INELIGIBLE")
@@ -143,6 +145,7 @@ module Aws::ACM
       attr_accessor extended_key_usage: ::Array[("TLS_WEB_SERVER_AUTHENTICATION" | "TLS_WEB_CLIENT_AUTHENTICATION" | "CODE_SIGNING" | "EMAIL_PROTECTION" | "TIME_STAMPING" | "OCSP_SIGNING" | "IPSEC_END_SYSTEM" | "IPSEC_TUNNEL" | "IPSEC_USER" | "ANY" | "NONE" | "CUSTOM")]
       attr_accessor key_usage: ::Array[("DIGITAL_SIGNATURE" | "NON_REPUDIATION" | "KEY_ENCIPHERMENT" | "DATA_ENCIPHERMENT" | "KEY_AGREEMENT" | "CERTIFICATE_SIGNING" | "CRL_SIGNING" | "ENCIPHER_ONLY" | "DECIPHER_ONLY" | "ANY" | "CUSTOM")]
       attr_accessor key_types: ::Array[("RSA_1024" | "RSA_2048" | "RSA_3072" | "RSA_4096" | "EC_prime256v1" | "EC_secp384r1" | "EC_secp521r1")]
+      attr_accessor export_option: ("ENABLED" | "DISABLED")
       attr_accessor managed_by: ("CLOUDFRONT")
       SENSITIVE: []
     end
@@ -322,6 +325,17 @@ module Aws::ACM
       SENSITIVE: []
     end
 
+    class RevokeCertificateRequest
+      attr_accessor certificate_arn: ::String
+      attr_accessor revocation_reason: ("UNSPECIFIED" | "KEY_COMPROMISE" | "CA_COMPROMISE" | "AFFILIATION_CHANGED" | "SUPERCEDED" | "SUPERSEDED" | "CESSATION_OF_OPERATION" | "CERTIFICATE_HOLD" | "REMOVE_FROM_CRL" | "PRIVILEGE_WITHDRAWN" | "A_A_COMPROMISE")
+      SENSITIVE: []
+    end
+
+    class RevokeCertificateResponse
+      attr_accessor certificate_arn: ::String
+      SENSITIVE: []
+    end
+
     class Tag
       attr_accessor key: ::String
       attr_accessor value: ::String

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-acm
 version: !ruby/object:Gem::Version
-  version: 1.88.0
+  version: 1.90.0
 platform: ruby
 authors:
 - Amazon Web Services
@@ -18,7 +18,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.225.0
+        version: 3.227.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -28,7 +28,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.225.0
+        version: 3.227.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement