aws-sdk-acmpca 1.24.0 → 1.29.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -11,7 +13,9 @@ module Aws::ACMPCA
11
13
 
12
14
  include Seahorse::Model
13
15
 
16
+ ASN1PrintableString64 = Shapes::StringShape.new(name: 'ASN1PrintableString64')
14
17
  ASN1Subject = Shapes::StructureShape.new(name: 'ASN1Subject')
18
+ AWSPolicy = Shapes::StringShape.new(name: 'AWSPolicy')
15
19
  AccountId = Shapes::StringShape.new(name: 'AccountId')
16
20
  ActionList = Shapes::ListShape.new(name: 'ActionList')
17
21
  ActionType = Shapes::StringShape.new(name: 'ActionType')
@@ -42,11 +46,11 @@ module Aws::ACMPCA
42
46
  CsrBody = Shapes::StringShape.new(name: 'CsrBody')
43
47
  DeleteCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DeleteCertificateAuthorityRequest')
44
48
  DeletePermissionRequest = Shapes::StructureShape.new(name: 'DeletePermissionRequest')
49
+ DeletePolicyRequest = Shapes::StructureShape.new(name: 'DeletePolicyRequest')
45
50
  DescribeCertificateAuthorityAuditReportRequest = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityAuditReportRequest')
46
51
  DescribeCertificateAuthorityAuditReportResponse = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityAuditReportResponse')
47
52
  DescribeCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityRequest')
48
53
  DescribeCertificateAuthorityResponse = Shapes::StructureShape.new(name: 'DescribeCertificateAuthorityResponse')
49
- DistinguishedNameQualifierString = Shapes::StringShape.new(name: 'DistinguishedNameQualifierString')
50
54
  FailureReason = Shapes::StringShape.new(name: 'FailureReason')
51
55
  GetCertificateAuthorityCertificateRequest = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCertificateRequest')
52
56
  GetCertificateAuthorityCertificateResponse = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCertificateResponse')
@@ -54,6 +58,8 @@ module Aws::ACMPCA
54
58
  GetCertificateAuthorityCsrResponse = Shapes::StructureShape.new(name: 'GetCertificateAuthorityCsrResponse')
55
59
  GetCertificateRequest = Shapes::StructureShape.new(name: 'GetCertificateRequest')
56
60
  GetCertificateResponse = Shapes::StructureShape.new(name: 'GetCertificateResponse')
61
+ GetPolicyRequest = Shapes::StructureShape.new(name: 'GetPolicyRequest')
62
+ GetPolicyResponse = Shapes::StructureShape.new(name: 'GetPolicyResponse')
57
63
  IdempotencyToken = Shapes::StringShape.new(name: 'IdempotencyToken')
58
64
  ImportCertificateAuthorityCertificateRequest = Shapes::StructureShape.new(name: 'ImportCertificateAuthorityCertificateRequest')
59
65
  Integer1To5000 = Shapes::IntegerShape.new(name: 'Integer1To5000')
@@ -74,6 +80,7 @@ module Aws::ACMPCA
74
80
  ListPermissionsResponse = Shapes::StructureShape.new(name: 'ListPermissionsResponse')
75
81
  ListTagsRequest = Shapes::StructureShape.new(name: 'ListTagsRequest')
76
82
  ListTagsResponse = Shapes::StructureShape.new(name: 'ListTagsResponse')
83
+ LockoutPreventedException = Shapes::StructureShape.new(name: 'LockoutPreventedException')
77
84
  MalformedCSRException = Shapes::StructureShape.new(name: 'MalformedCSRException')
78
85
  MalformedCertificateException = Shapes::StructureShape.new(name: 'MalformedCertificateException')
79
86
  MaxResults = Shapes::IntegerShape.new(name: 'MaxResults')
@@ -84,14 +91,18 @@ module Aws::ACMPCA
84
91
  PermissionList = Shapes::ListShape.new(name: 'PermissionList')
85
92
  PositiveLong = Shapes::IntegerShape.new(name: 'PositiveLong')
86
93
  Principal = Shapes::StringShape.new(name: 'Principal')
94
+ PutPolicyRequest = Shapes::StructureShape.new(name: 'PutPolicyRequest')
87
95
  RequestAlreadyProcessedException = Shapes::StructureShape.new(name: 'RequestAlreadyProcessedException')
88
96
  RequestFailedException = Shapes::StructureShape.new(name: 'RequestFailedException')
89
97
  RequestInProgressException = Shapes::StructureShape.new(name: 'RequestInProgressException')
90
98
  ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
99
+ ResourceOwner = Shapes::StringShape.new(name: 'ResourceOwner')
91
100
  RestoreCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'RestoreCertificateAuthorityRequest')
92
101
  RevocationConfiguration = Shapes::StructureShape.new(name: 'RevocationConfiguration')
93
102
  RevocationReason = Shapes::StringShape.new(name: 'RevocationReason')
94
103
  RevokeCertificateRequest = Shapes::StructureShape.new(name: 'RevokeCertificateRequest')
104
+ S3BucketName = Shapes::StringShape.new(name: 'S3BucketName')
105
+ S3Key = Shapes::StringShape.new(name: 'S3Key')
95
106
  SigningAlgorithm = Shapes::StringShape.new(name: 'SigningAlgorithm')
96
107
  String = Shapes::StringShape.new(name: 'String')
97
108
  String128 = Shapes::StringShape.new(name: 'String128')
@@ -117,10 +128,10 @@ module Aws::ACMPCA
117
128
  ASN1Subject.add_member(:country, Shapes::ShapeRef.new(shape: CountryCodeString, location_name: "Country"))
118
129
  ASN1Subject.add_member(:organization, Shapes::ShapeRef.new(shape: String64, location_name: "Organization"))
119
130
  ASN1Subject.add_member(:organizational_unit, Shapes::ShapeRef.new(shape: String64, location_name: "OrganizationalUnit"))
120
- ASN1Subject.add_member(:distinguished_name_qualifier, Shapes::ShapeRef.new(shape: DistinguishedNameQualifierString, location_name: "DistinguishedNameQualifier"))
131
+ ASN1Subject.add_member(:distinguished_name_qualifier, Shapes::ShapeRef.new(shape: ASN1PrintableString64, location_name: "DistinguishedNameQualifier"))
121
132
  ASN1Subject.add_member(:state, Shapes::ShapeRef.new(shape: String128, location_name: "State"))
122
133
  ASN1Subject.add_member(:common_name, Shapes::ShapeRef.new(shape: String64, location_name: "CommonName"))
123
- ASN1Subject.add_member(:serial_number, Shapes::ShapeRef.new(shape: String64, location_name: "SerialNumber"))
134
+ ASN1Subject.add_member(:serial_number, Shapes::ShapeRef.new(shape: ASN1PrintableString64, location_name: "SerialNumber"))
124
135
  ASN1Subject.add_member(:locality, Shapes::ShapeRef.new(shape: String128, location_name: "Locality"))
125
136
  ASN1Subject.add_member(:title, Shapes::ShapeRef.new(shape: String64, location_name: "Title"))
126
137
  ASN1Subject.add_member(:surname, Shapes::ShapeRef.new(shape: String40, location_name: "Surname"))
@@ -135,6 +146,7 @@ module Aws::ACMPCA
135
146
  CertificateAuthorities.member = Shapes::ShapeRef.new(shape: CertificateAuthority)
136
147
 
137
148
  CertificateAuthority.add_member(:arn, Shapes::ShapeRef.new(shape: Arn, location_name: "Arn"))
149
+ CertificateAuthority.add_member(:owner_account, Shapes::ShapeRef.new(shape: AccountId, location_name: "OwnerAccount"))
138
150
  CertificateAuthority.add_member(:created_at, Shapes::ShapeRef.new(shape: TStamp, location_name: "CreatedAt"))
139
151
  CertificateAuthority.add_member(:last_state_change_at, Shapes::ShapeRef.new(shape: TStamp, location_name: "LastStateChangeAt"))
140
152
  CertificateAuthority.add_member(:type, Shapes::ShapeRef.new(shape: CertificateAuthorityType, location_name: "Type"))
@@ -160,12 +172,12 @@ module Aws::ACMPCA
160
172
  ConcurrentModificationException.struct_class = Types::ConcurrentModificationException
161
173
 
162
174
  CreateCertificateAuthorityAuditReportRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
163
- CreateCertificateAuthorityAuditReportRequest.add_member(:s3_bucket_name, Shapes::ShapeRef.new(shape: String, required: true, location_name: "S3BucketName"))
175
+ CreateCertificateAuthorityAuditReportRequest.add_member(:s3_bucket_name, Shapes::ShapeRef.new(shape: S3BucketName, required: true, location_name: "S3BucketName"))
164
176
  CreateCertificateAuthorityAuditReportRequest.add_member(:audit_report_response_format, Shapes::ShapeRef.new(shape: AuditReportResponseFormat, required: true, location_name: "AuditReportResponseFormat"))
165
177
  CreateCertificateAuthorityAuditReportRequest.struct_class = Types::CreateCertificateAuthorityAuditReportRequest
166
178
 
167
179
  CreateCertificateAuthorityAuditReportResponse.add_member(:audit_report_id, Shapes::ShapeRef.new(shape: AuditReportId, location_name: "AuditReportId"))
168
- CreateCertificateAuthorityAuditReportResponse.add_member(:s3_key, Shapes::ShapeRef.new(shape: String, location_name: "S3Key"))
180
+ CreateCertificateAuthorityAuditReportResponse.add_member(:s3_key, Shapes::ShapeRef.new(shape: S3Key, location_name: "S3Key"))
169
181
  CreateCertificateAuthorityAuditReportResponse.struct_class = Types::CreateCertificateAuthorityAuditReportResponse
170
182
 
171
183
  CreateCertificateAuthorityRequest.add_member(:certificate_authority_configuration, Shapes::ShapeRef.new(shape: CertificateAuthorityConfiguration, required: true, location_name: "CertificateAuthorityConfiguration"))
@@ -199,13 +211,16 @@ module Aws::ACMPCA
199
211
  DeletePermissionRequest.add_member(:source_account, Shapes::ShapeRef.new(shape: AccountId, location_name: "SourceAccount"))
200
212
  DeletePermissionRequest.struct_class = Types::DeletePermissionRequest
201
213
 
214
+ DeletePolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "ResourceArn"))
215
+ DeletePolicyRequest.struct_class = Types::DeletePolicyRequest
216
+
202
217
  DescribeCertificateAuthorityAuditReportRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
203
218
  DescribeCertificateAuthorityAuditReportRequest.add_member(:audit_report_id, Shapes::ShapeRef.new(shape: AuditReportId, required: true, location_name: "AuditReportId"))
204
219
  DescribeCertificateAuthorityAuditReportRequest.struct_class = Types::DescribeCertificateAuthorityAuditReportRequest
205
220
 
206
221
  DescribeCertificateAuthorityAuditReportResponse.add_member(:audit_report_status, Shapes::ShapeRef.new(shape: AuditReportStatus, location_name: "AuditReportStatus"))
207
- DescribeCertificateAuthorityAuditReportResponse.add_member(:s3_bucket_name, Shapes::ShapeRef.new(shape: String, location_name: "S3BucketName"))
208
- DescribeCertificateAuthorityAuditReportResponse.add_member(:s3_key, Shapes::ShapeRef.new(shape: String, location_name: "S3Key"))
222
+ DescribeCertificateAuthorityAuditReportResponse.add_member(:s3_bucket_name, Shapes::ShapeRef.new(shape: S3BucketName, location_name: "S3BucketName"))
223
+ DescribeCertificateAuthorityAuditReportResponse.add_member(:s3_key, Shapes::ShapeRef.new(shape: S3Key, location_name: "S3Key"))
209
224
  DescribeCertificateAuthorityAuditReportResponse.add_member(:created_at, Shapes::ShapeRef.new(shape: TStamp, location_name: "CreatedAt"))
210
225
  DescribeCertificateAuthorityAuditReportResponse.struct_class = Types::DescribeCertificateAuthorityAuditReportResponse
211
226
 
@@ -236,6 +251,12 @@ module Aws::ACMPCA
236
251
  GetCertificateResponse.add_member(:certificate_chain, Shapes::ShapeRef.new(shape: CertificateChain, location_name: "CertificateChain"))
237
252
  GetCertificateResponse.struct_class = Types::GetCertificateResponse
238
253
 
254
+ GetPolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "ResourceArn"))
255
+ GetPolicyRequest.struct_class = Types::GetPolicyRequest
256
+
257
+ GetPolicyResponse.add_member(:policy, Shapes::ShapeRef.new(shape: AWSPolicy, location_name: "Policy"))
258
+ GetPolicyResponse.struct_class = Types::GetPolicyResponse
259
+
239
260
  ImportCertificateAuthorityCertificateRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
240
261
  ImportCertificateAuthorityCertificateRequest.add_member(:certificate, Shapes::ShapeRef.new(shape: CertificateBodyBlob, required: true, location_name: "Certificate"))
241
262
  ImportCertificateAuthorityCertificateRequest.add_member(:certificate_chain, Shapes::ShapeRef.new(shape: CertificateChainBlob, location_name: "CertificateChain"))
@@ -278,6 +299,7 @@ module Aws::ACMPCA
278
299
 
279
300
  ListCertificateAuthoritiesRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
280
301
  ListCertificateAuthoritiesRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: MaxResults, location_name: "MaxResults"))
302
+ ListCertificateAuthoritiesRequest.add_member(:resource_owner, Shapes::ShapeRef.new(shape: ResourceOwner, location_name: "ResourceOwner"))
281
303
  ListCertificateAuthoritiesRequest.struct_class = Types::ListCertificateAuthoritiesRequest
282
304
 
283
305
  ListCertificateAuthoritiesResponse.add_member(:certificate_authorities, Shapes::ShapeRef.new(shape: CertificateAuthorities, location_name: "CertificateAuthorities"))
@@ -302,6 +324,9 @@ module Aws::ACMPCA
302
324
  ListTagsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
303
325
  ListTagsResponse.struct_class = Types::ListTagsResponse
304
326
 
327
+ LockoutPreventedException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
328
+ LockoutPreventedException.struct_class = Types::LockoutPreventedException
329
+
305
330
  MalformedCSRException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
306
331
  MalformedCSRException.struct_class = Types::MalformedCSRException
307
332
 
@@ -310,10 +335,10 @@ module Aws::ACMPCA
310
335
 
311
336
  Permission.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, location_name: "CertificateAuthorityArn"))
312
337
  Permission.add_member(:created_at, Shapes::ShapeRef.new(shape: TStamp, location_name: "CreatedAt"))
313
- Permission.add_member(:principal, Shapes::ShapeRef.new(shape: String, location_name: "Principal"))
314
- Permission.add_member(:source_account, Shapes::ShapeRef.new(shape: String, location_name: "SourceAccount"))
338
+ Permission.add_member(:principal, Shapes::ShapeRef.new(shape: Principal, location_name: "Principal"))
339
+ Permission.add_member(:source_account, Shapes::ShapeRef.new(shape: AccountId, location_name: "SourceAccount"))
315
340
  Permission.add_member(:actions, Shapes::ShapeRef.new(shape: ActionList, location_name: "Actions"))
316
- Permission.add_member(:policy, Shapes::ShapeRef.new(shape: String, location_name: "Policy"))
341
+ Permission.add_member(:policy, Shapes::ShapeRef.new(shape: AWSPolicy, location_name: "Policy"))
317
342
  Permission.struct_class = Types::Permission
318
343
 
319
344
  PermissionAlreadyExistsException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
@@ -321,6 +346,10 @@ module Aws::ACMPCA
321
346
 
322
347
  PermissionList.member = Shapes::ShapeRef.new(shape: Permission)
323
348
 
349
+ PutPolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "ResourceArn"))
350
+ PutPolicyRequest.add_member(:policy, Shapes::ShapeRef.new(shape: AWSPolicy, required: true, location_name: "Policy"))
351
+ PutPolicyRequest.struct_class = Types::PutPolicyRequest
352
+
324
353
  RequestAlreadyProcessedException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "message"))
325
354
  RequestAlreadyProcessedException.struct_class = Types::RequestAlreadyProcessedException
326
355
 
@@ -453,6 +482,20 @@ module Aws::ACMPCA
453
482
  o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
454
483
  end)
455
484
 
485
+ api.add_operation(:delete_policy, Seahorse::Model::Operation.new.tap do |o|
486
+ o.name = "DeletePolicy"
487
+ o.http_method = "POST"
488
+ o.http_request_uri = "/"
489
+ o.input = Shapes::ShapeRef.new(shape: DeletePolicyRequest)
490
+ o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
491
+ o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
492
+ o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
493
+ o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
494
+ o.errors << Shapes::ShapeRef.new(shape: LockoutPreventedException)
495
+ o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
496
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
497
+ end)
498
+
456
499
  api.add_operation(:describe_certificate_authority, Seahorse::Model::Operation.new.tap do |o|
457
500
  o.name = "DescribeCertificateAuthority"
458
501
  o.http_method = "POST"
@@ -511,6 +554,18 @@ module Aws::ACMPCA
511
554
  o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
512
555
  end)
513
556
 
557
+ api.add_operation(:get_policy, Seahorse::Model::Operation.new.tap do |o|
558
+ o.name = "GetPolicy"
559
+ o.http_method = "POST"
560
+ o.http_request_uri = "/"
561
+ o.input = Shapes::ShapeRef.new(shape: GetPolicyRequest)
562
+ o.output = Shapes::ShapeRef.new(shape: GetPolicyResponse)
563
+ o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
564
+ o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
565
+ o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
566
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
567
+ end)
568
+
514
569
  api.add_operation(:import_certificate_authority_certificate, Seahorse::Model::Operation.new.tap do |o|
515
570
  o.name = "ImportCertificateAuthorityCertificate"
516
571
  o.http_method = "POST"
@@ -593,6 +648,21 @@ module Aws::ACMPCA
593
648
  )
594
649
  end)
595
650
 
651
+ api.add_operation(:put_policy, Seahorse::Model::Operation.new.tap do |o|
652
+ o.name = "PutPolicy"
653
+ o.http_method = "POST"
654
+ o.http_request_uri = "/"
655
+ o.input = Shapes::ShapeRef.new(shape: PutPolicyRequest)
656
+ o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
657
+ o.errors << Shapes::ShapeRef.new(shape: ConcurrentModificationException)
658
+ o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
659
+ o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
660
+ o.errors << Shapes::ShapeRef.new(shape: InvalidPolicyException)
661
+ o.errors << Shapes::ShapeRef.new(shape: LockoutPreventedException)
662
+ o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
663
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
664
+ end)
665
+
596
666
  api.add_operation(:restore_certificate_authority, Seahorse::Model::Operation.new.tap do |o|
597
667
  o.name = "RestoreCertificateAuthority"
598
668
  o.http_method = "POST"
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -35,6 +37,7 @@ module Aws::ACMPCA
35
37
  # * {InvalidStateException}
36
38
  # * {InvalidTagException}
37
39
  # * {LimitExceededException}
40
+ # * {LockoutPreventedException}
38
41
  # * {MalformedCSRException}
39
42
  # * {MalformedCertificateException}
40
43
  # * {PermissionAlreadyExistsException}
@@ -200,6 +203,21 @@ module Aws::ACMPCA
200
203
  end
201
204
  end
202
205
 
206
+ class LockoutPreventedException < ServiceError
207
+
208
+ # @param [Seahorse::Client::RequestContext] context
209
+ # @param [String] message
210
+ # @param [Aws::ACMPCA::Types::LockoutPreventedException] data
211
+ def initialize(context, message, data = Aws::EmptyStructure.new)
212
+ super(context, message, data)
213
+ end
214
+
215
+ # @return [String]
216
+ def message
217
+ @message || @data[:message]
218
+ end
219
+ end
220
+
203
221
  class MalformedCSRException < ServiceError
204
222
 
205
223
  # @param [Seahorse::Client::RequestContext] context
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -26,10 +28,10 @@ module Aws::ACMPCA
26
28
  # country: "CountryCodeString",
27
29
  # organization: "String64",
28
30
  # organizational_unit: "String64",
29
- # distinguished_name_qualifier: "DistinguishedNameQualifierString",
31
+ # distinguished_name_qualifier: "ASN1PrintableString64",
30
32
  # state: "String128",
31
33
  # common_name: "String64",
32
- # serial_number: "String64",
34
+ # serial_number: "ASN1PrintableString64",
33
35
  # locality: "String128",
34
36
  # title: "String64",
35
37
  # surname: "String40",
@@ -125,6 +127,7 @@ module Aws::ACMPCA
125
127
  :initials,
126
128
  :pseudonym,
127
129
  :generation_qualifier)
130
+ SENSITIVE = []
128
131
  include Aws::Structure
129
132
  end
130
133
 
@@ -132,19 +135,30 @@ module Aws::ACMPCA
132
135
  # Your private CA can issue and revoke X.509 digital certificates.
133
136
  # Digital certificates verify that the entity named in the certificate
134
137
  # **Subject** field owns or controls the public key contained in the
135
- # **Subject Public Key Info** field. Call the CreateCertificateAuthority
136
- # action to create your private CA. You must then call the
137
- # GetCertificateAuthorityCertificate action to retrieve a private CA
138
- # certificate signing request (CSR). Sign the CSR with your ACM Private
139
- # CA-hosted or on-premises root or subordinate CA certificate. Call the
140
- # ImportCertificateAuthorityCertificate action to import the signed
141
- # certificate into AWS Certificate Manager (ACM).
138
+ # **Subject Public Key Info** field. Call the
139
+ # [CreateCertificateAuthority][1] action to create your private CA. You
140
+ # must then call the [GetCertificateAuthorityCertificate][2] action to
141
+ # retrieve a private CA certificate signing request (CSR). Sign the CSR
142
+ # with your ACM Private CA-hosted or on-premises root or subordinate CA
143
+ # certificate. Call the [ImportCertificateAuthorityCertificate][3]
144
+ # action to import the signed certificate into AWS Certificate Manager
145
+ # (ACM).
146
+ #
147
+ #
148
+ #
149
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
150
+ # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCertificate.html
151
+ # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
142
152
  #
143
153
  # @!attribute [rw] arn
144
154
  # Amazon Resource Name (ARN) for your private certificate authority
145
155
  # (CA). The format is ` 12345678-1234-1234-1234-123456789012 `.
146
156
  # @return [String]
147
157
  #
158
+ # @!attribute [rw] owner_account
159
+ # The AWS account ID that owns the certificate authority.
160
+ # @return [String]
161
+ #
148
162
  # @!attribute [rw] created_at
149
163
  # Date and time at which your private CA was created.
150
164
  # @return [Time]
@@ -189,13 +203,18 @@ module Aws::ACMPCA
189
203
  # @!attribute [rw] restorable_until
190
204
  # The period during which a deleted CA can be restored. For more
191
205
  # information, see the `PermanentDeletionTimeInDays` parameter of the
192
- # DeleteCertificateAuthorityRequest action.
206
+ # [DeleteCertificateAuthorityRequest][1] action.
207
+ #
208
+ #
209
+ #
210
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html
193
211
  # @return [Time]
194
212
  #
195
213
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CertificateAuthority AWS API Documentation
196
214
  #
197
215
  class CertificateAuthority < Struct.new(
198
216
  :arn,
217
+ :owner_account,
199
218
  :created_at,
200
219
  :last_state_change_at,
201
220
  :type,
@@ -207,6 +226,7 @@ module Aws::ACMPCA
207
226
  :certificate_authority_configuration,
208
227
  :revocation_configuration,
209
228
  :restorable_until)
229
+ SENSITIVE = []
210
230
  include Aws::Structure
211
231
  end
212
232
 
@@ -216,7 +236,11 @@ module Aws::ACMPCA
216
236
  # issues a certificate. It also includes the signature algorithm that it
217
237
  # uses when issuing certificates, and its X.500 distinguished name. You
218
238
  # must specify this information when you call the
219
- # CreateCertificateAuthority action.
239
+ # [CreateCertificateAuthority][1] action.
240
+ #
241
+ #
242
+ #
243
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
220
244
  #
221
245
  # @note When making an API call, you may pass CertificateAuthorityConfiguration
222
246
  # data as a hash:
@@ -228,10 +252,10 @@ module Aws::ACMPCA
228
252
  # country: "CountryCodeString",
229
253
  # organization: "String64",
230
254
  # organizational_unit: "String64",
231
- # distinguished_name_qualifier: "DistinguishedNameQualifierString",
255
+ # distinguished_name_qualifier: "ASN1PrintableString64",
232
256
  # state: "String128",
233
257
  # common_name: "String64",
234
- # serial_number: "String64",
258
+ # serial_number: "ASN1PrintableString64",
235
259
  # locality: "String128",
236
260
  # title: "String64",
237
261
  # surname: "String40",
@@ -252,6 +276,9 @@ module Aws::ACMPCA
252
276
  # @!attribute [rw] signing_algorithm
253
277
  # Name of the algorithm your private CA uses to sign certificate
254
278
  # requests.
279
+ #
280
+ # This parameter should not be confused with the `SigningAlgorithm`
281
+ # parameter used to sign certificates when they are issued.
255
282
  # @return [String]
256
283
  #
257
284
  # @!attribute [rw] subject
@@ -265,6 +292,7 @@ module Aws::ACMPCA
265
292
  :key_algorithm,
266
293
  :signing_algorithm,
267
294
  :subject)
295
+ SENSITIVE = []
268
296
  include Aws::Structure
269
297
  end
270
298
 
@@ -278,6 +306,7 @@ module Aws::ACMPCA
278
306
  #
279
307
  class CertificateMismatchException < Struct.new(
280
308
  :message)
309
+ SENSITIVE = []
281
310
  include Aws::Structure
282
311
  end
283
312
 
@@ -290,6 +319,7 @@ module Aws::ACMPCA
290
319
  #
291
320
  class ConcurrentModificationException < Struct.new(
292
321
  :message)
322
+ SENSITIVE = []
293
323
  include Aws::Structure
294
324
  end
295
325
 
@@ -298,7 +328,7 @@ module Aws::ACMPCA
298
328
  #
299
329
  # {
300
330
  # certificate_authority_arn: "Arn", # required
301
- # s3_bucket_name: "String", # required
331
+ # s3_bucket_name: "S3BucketName", # required
302
332
  # audit_report_response_format: "JSON", # required, accepts JSON, CSV
303
333
  # }
304
334
  #
@@ -325,6 +355,7 @@ module Aws::ACMPCA
325
355
  :certificate_authority_arn,
326
356
  :s3_bucket_name,
327
357
  :audit_report_response_format)
358
+ SENSITIVE = []
328
359
  include Aws::Structure
329
360
  end
330
361
 
@@ -342,6 +373,7 @@ module Aws::ACMPCA
342
373
  class CreateCertificateAuthorityAuditReportResponse < Struct.new(
343
374
  :audit_report_id,
344
375
  :s3_key)
376
+ SENSITIVE = []
345
377
  include Aws::Structure
346
378
  end
347
379
 
@@ -356,10 +388,10 @@ module Aws::ACMPCA
356
388
  # country: "CountryCodeString",
357
389
  # organization: "String64",
358
390
  # organizational_unit: "String64",
359
- # distinguished_name_qualifier: "DistinguishedNameQualifierString",
391
+ # distinguished_name_qualifier: "ASN1PrintableString64",
360
392
  # state: "String128",
361
393
  # common_name: "String64",
362
- # serial_number: "String64",
394
+ # serial_number: "ASN1PrintableString64",
363
395
  # locality: "String128",
364
396
  # title: "String64",
365
397
  # surname: "String40",
@@ -398,7 +430,11 @@ module Aws::ACMPCA
398
430
  # ACM Private CA will write the CRL, and an optional CNAME alias that
399
431
  # you can use to hide the name of your bucket in the **CRL
400
432
  # Distribution Points** extension of your CA certificate. For more
401
- # information, see the CrlConfiguration structure.
433
+ # information, see the [CrlConfiguration][1] structure.
434
+ #
435
+ #
436
+ #
437
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
402
438
  # @return [Types::RevocationConfiguration]
403
439
  #
404
440
  # @!attribute [rw] certificate_authority_type
@@ -407,22 +443,19 @@ module Aws::ACMPCA
407
443
  #
408
444
  # @!attribute [rw] idempotency_token
409
445
  # Alphanumeric string that can be used to distinguish between calls to
410
- # **CreateCertificateAuthority**. Idempotency tokens time out after
411
- # five minutes. Therefore, if you call **CreateCertificateAuthority**
412
- # multiple times with the same idempotency token within a five minute
413
- # period, ACM Private CA recognizes that you are requesting only one
414
- # certificate. As a result, ACM Private CA issues only one. If you
415
- # change the idempotency token for each call, however, ACM Private CA
416
- # recognizes that you are requesting multiple certificates.
446
+ # **CreateCertificateAuthority**. For a given token, ACM Private CA
447
+ # creates exactly one CA. If you issue a subsequent call using the
448
+ # same token, ACM Private CA returns the ARN of the existing CA and
449
+ # takes no further action. If you change the idempotency token across
450
+ # multiple calls, ACM Private CA creates a unique CA for each unique
451
+ # token.
417
452
  # @return [String]
418
453
  #
419
454
  # @!attribute [rw] tags
420
455
  # Key-value pairs that will be attached to the new private CA. You can
421
456
  # associate up to 50 tags with a private CA. For information using
422
- # tags with
423
- #
424
- # IAM to manage permissions, see [Controlling Access Using IAM
425
- # Tags][1].
457
+ # tags with IAM to manage permissions, see [Controlling Access Using
458
+ # IAM Tags][1].
426
459
  #
427
460
  #
428
461
  #
@@ -437,6 +470,7 @@ module Aws::ACMPCA
437
470
  :certificate_authority_type,
438
471
  :idempotency_token,
439
472
  :tags)
473
+ SENSITIVE = []
440
474
  include Aws::Structure
441
475
  end
442
476
 
@@ -452,6 +486,7 @@ module Aws::ACMPCA
452
486
  #
453
487
  class CreateCertificateAuthorityResponse < Struct.new(
454
488
  :certificate_authority_arn)
489
+ SENSITIVE = []
455
490
  include Aws::Structure
456
491
  end
457
492
 
@@ -468,11 +503,15 @@ module Aws::ACMPCA
468
503
  # @!attribute [rw] certificate_authority_arn
469
504
  # The Amazon Resource Name (ARN) of the CA that grants the
470
505
  # permissions. You can find the ARN by calling the
471
- # ListCertificateAuthorities action. This must have the following
506
+ # [ListCertificateAuthorities][1] action. This must have the following
472
507
  # form:
473
508
  #
474
509
  # `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
475
510
  # `.
511
+ #
512
+ #
513
+ #
514
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
476
515
  # @return [String]
477
516
  #
478
517
  # @!attribute [rw] principal
@@ -496,6 +535,7 @@ module Aws::ACMPCA
496
535
  :principal,
497
536
  :source_account,
498
537
  :actions)
538
+ SENSITIVE = []
499
539
  include Aws::Structure
500
540
  end
501
541
 
@@ -510,6 +550,9 @@ module Aws::ACMPCA
510
550
  # Points** extension of each certificate it issues. Your S3 bucket
511
551
  # policy must give write permission to ACM Private CA.
512
552
  #
553
+ # ACM Private CAA assets that are stored in Amazon S3 can be protected
554
+ # with encryption. For more information, see [Encrypting Your CRLs][1].
555
+ #
513
556
  # Your private CA uses the value in the **ExpirationInDays** parameter
514
557
  # to calculate the **nextUpdate** field in the CRL. The CRL is refreshed
515
558
  # at 1/2 the age of next update or when a certificate is revoked. When a
@@ -564,6 +607,10 @@ module Aws::ACMPCA
564
607
  #
565
608
  # `openssl crl -inform DER -text -in crl_path -noout`
566
609
  #
610
+ #
611
+ #
612
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption
613
+ #
567
614
  # @note When making an API call, you may pass CrlConfiguration
568
615
  # data as a hash:
569
616
  #
@@ -577,9 +624,14 @@ module Aws::ACMPCA
577
624
  # @!attribute [rw] enabled
578
625
  # Boolean value that specifies whether certificate revocation lists
579
626
  # (CRLs) are enabled. You can use this value to enable certificate
580
- # revocation for a new CA when you call the CreateCertificateAuthority
581
- # action or for an existing CA when you call the
582
- # UpdateCertificateAuthority action.
627
+ # revocation for a new CA when you call the
628
+ # [CreateCertificateAuthority][1] action or for an existing CA when
629
+ # you call the [UpdateCertificateAuthority][2] action.
630
+ #
631
+ #
632
+ #
633
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
634
+ # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
583
635
  # @return [Boolean]
584
636
  #
585
637
  # @!attribute [rw] expiration_in_days
@@ -598,9 +650,13 @@ module Aws::ACMPCA
598
650
  # value for the **CustomCname** argument, the name of your S3 bucket
599
651
  # is placed into the **CRL Distribution Points** extension of the
600
652
  # issued certificate. You can change the name of your bucket by
601
- # calling the UpdateCertificateAuthority action. You must specify a
602
- # bucket policy that allows ACM Private CA to write the CRL to your
653
+ # calling the [UpdateCertificateAuthority][1] action. You must specify
654
+ # a bucket policy that allows ACM Private CA to write the CRL to your
603
655
  # bucket.
656
+ #
657
+ #
658
+ #
659
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
604
660
  # @return [String]
605
661
  #
606
662
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CrlConfiguration AWS API Documentation
@@ -610,6 +666,7 @@ module Aws::ACMPCA
610
666
  :expiration_in_days,
611
667
  :custom_cname,
612
668
  :s3_bucket_name)
669
+ SENSITIVE = []
613
670
  include Aws::Structure
614
671
  end
615
672
 
@@ -623,10 +680,14 @@ module Aws::ACMPCA
623
680
  #
624
681
  # @!attribute [rw] certificate_authority_arn
625
682
  # The Amazon Resource Name (ARN) that was returned when you called
626
- # CreateCertificateAuthority. This must have the following form:
683
+ # [CreateCertificateAuthority][1]. This must have the following form:
627
684
  #
628
685
  # `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
629
686
  # `.
687
+ #
688
+ #
689
+ #
690
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
630
691
  # @return [String]
631
692
  #
632
693
  # @!attribute [rw] permanent_deletion_time_in_days
@@ -640,6 +701,7 @@ module Aws::ACMPCA
640
701
  class DeleteCertificateAuthorityRequest < Struct.new(
641
702
  :certificate_authority_arn,
642
703
  :permanent_deletion_time_in_days)
704
+ SENSITIVE = []
643
705
  include Aws::Structure
644
706
  end
645
707
 
@@ -655,11 +717,15 @@ module Aws::ACMPCA
655
717
  # @!attribute [rw] certificate_authority_arn
656
718
  # The Amazon Resource Number (ARN) of the private CA that issued the
657
719
  # permissions. You can find the CA's ARN by calling the
658
- # ListCertificateAuthorities action. This must have the following
720
+ # [ListCertificateAuthorities][1] action. This must have the following
659
721
  # form:
660
722
  #
661
723
  # `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
662
724
  # `.
725
+ #
726
+ #
727
+ #
728
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
663
729
  # @return [String]
664
730
  #
665
731
  # @!attribute [rw] principal
@@ -678,6 +744,34 @@ module Aws::ACMPCA
678
744
  :certificate_authority_arn,
679
745
  :principal,
680
746
  :source_account)
747
+ SENSITIVE = []
748
+ include Aws::Structure
749
+ end
750
+
751
+ # @note When making an API call, you may pass DeletePolicyRequest
752
+ # data as a hash:
753
+ #
754
+ # {
755
+ # resource_arn: "Arn", # required
756
+ # }
757
+ #
758
+ # @!attribute [rw] resource_arn
759
+ # The Amazon Resource Number (ARN) of the private CA that will have
760
+ # its policy deleted. You can find the CA's ARN by calling the
761
+ # [ListCertificateAuthorities][1] action. The ARN value must have the
762
+ # form
763
+ # `arn:aws:acm-pca:region:account:certificate-authority/01234567-89ab-cdef-0123-0123456789ab`.
764
+ #
765
+ #
766
+ #
767
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
768
+ # @return [String]
769
+ #
770
+ # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicyRequest AWS API Documentation
771
+ #
772
+ class DeletePolicyRequest < Struct.new(
773
+ :resource_arn)
774
+ SENSITIVE = []
681
775
  include Aws::Structure
682
776
  end
683
777
 
@@ -699,7 +793,11 @@ module Aws::ACMPCA
699
793
  #
700
794
  # @!attribute [rw] audit_report_id
701
795
  # The report ID returned by calling the
702
- # CreateCertificateAuthorityAuditReport action.
796
+ # [CreateCertificateAuthorityAuditReport][1] action.
797
+ #
798
+ #
799
+ #
800
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
703
801
  # @return [String]
704
802
  #
705
803
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReportRequest AWS API Documentation
@@ -707,6 +805,7 @@ module Aws::ACMPCA
707
805
  class DescribeCertificateAuthorityAuditReportRequest < Struct.new(
708
806
  :certificate_authority_arn,
709
807
  :audit_report_id)
808
+ SENSITIVE = []
710
809
  include Aws::Structure
711
810
  end
712
811
 
@@ -735,6 +834,7 @@ module Aws::ACMPCA
735
834
  :s3_bucket_name,
736
835
  :s3_key,
737
836
  :created_at)
837
+ SENSITIVE = []
738
838
  include Aws::Structure
739
839
  end
740
840
 
@@ -747,28 +847,38 @@ module Aws::ACMPCA
747
847
  #
748
848
  # @!attribute [rw] certificate_authority_arn
749
849
  # The Amazon Resource Name (ARN) that was returned when you called
750
- # CreateCertificateAuthority. This must be of the form:
850
+ # [CreateCertificateAuthority][1]. This must be of the form:
751
851
  #
752
852
  # `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
753
853
  # `.
854
+ #
855
+ #
856
+ #
857
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
754
858
  # @return [String]
755
859
  #
756
860
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityRequest AWS API Documentation
757
861
  #
758
862
  class DescribeCertificateAuthorityRequest < Struct.new(
759
863
  :certificate_authority_arn)
864
+ SENSITIVE = []
760
865
  include Aws::Structure
761
866
  end
762
867
 
763
868
  # @!attribute [rw] certificate_authority
764
- # A CertificateAuthority structure that contains information about
765
- # your private CA.
869
+ # A [CertificateAuthority][1] structure that contains information
870
+ # about your private CA.
871
+ #
872
+ #
873
+ #
874
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthority.html
766
875
  # @return [Types::CertificateAuthority]
767
876
  #
768
877
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityResponse AWS API Documentation
769
878
  #
770
879
  class DescribeCertificateAuthorityResponse < Struct.new(
771
880
  :certificate_authority)
881
+ SENSITIVE = []
772
882
  include Aws::Structure
773
883
  end
774
884
 
@@ -791,6 +901,7 @@ module Aws::ACMPCA
791
901
  #
792
902
  class GetCertificateAuthorityCertificateRequest < Struct.new(
793
903
  :certificate_authority_arn)
904
+ SENSITIVE = []
794
905
  include Aws::Structure
795
906
  end
796
907
 
@@ -811,6 +922,7 @@ module Aws::ACMPCA
811
922
  class GetCertificateAuthorityCertificateResponse < Struct.new(
812
923
  :certificate,
813
924
  :certificate_chain)
925
+ SENSITIVE = []
814
926
  include Aws::Structure
815
927
  end
816
928
 
@@ -823,16 +935,21 @@ module Aws::ACMPCA
823
935
  #
824
936
  # @!attribute [rw] certificate_authority_arn
825
937
  # The Amazon Resource Name (ARN) that was returned when you called the
826
- # CreateCertificateAuthority action. This must be of the form:
938
+ # [CreateCertificateAuthority][1] action. This must be of the form:
827
939
  #
828
940
  # `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
829
941
  # `
942
+ #
943
+ #
944
+ #
945
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
830
946
  # @return [String]
831
947
  #
832
948
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsrRequest AWS API Documentation
833
949
  #
834
950
  class GetCertificateAuthorityCsrRequest < Struct.new(
835
951
  :certificate_authority_arn)
952
+ SENSITIVE = []
836
953
  include Aws::Structure
837
954
  end
838
955
 
@@ -845,6 +962,7 @@ module Aws::ACMPCA
845
962
  #
846
963
  class GetCertificateAuthorityCsrResponse < Struct.new(
847
964
  :csr)
965
+ SENSITIVE = []
848
966
  include Aws::Structure
849
967
  end
850
968
 
@@ -858,10 +976,14 @@ module Aws::ACMPCA
858
976
  #
859
977
  # @!attribute [rw] certificate_authority_arn
860
978
  # The Amazon Resource Name (ARN) that was returned when you called
861
- # CreateCertificateAuthority. This must be of the form:
979
+ # [CreateCertificateAuthority][1]. This must be of the form:
862
980
  #
863
981
  # `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
864
982
  # `.
983
+ #
984
+ #
985
+ #
986
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
865
987
  # @return [String]
866
988
  #
867
989
  # @!attribute [rw] certificate_arn
@@ -877,6 +999,7 @@ module Aws::ACMPCA
877
999
  class GetCertificateRequest < Struct.new(
878
1000
  :certificate_authority_arn,
879
1001
  :certificate_arn)
1002
+ SENSITIVE = []
880
1003
  include Aws::Structure
881
1004
  end
882
1005
 
@@ -896,6 +1019,40 @@ module Aws::ACMPCA
896
1019
  class GetCertificateResponse < Struct.new(
897
1020
  :certificate,
898
1021
  :certificate_chain)
1022
+ SENSITIVE = []
1023
+ include Aws::Structure
1024
+ end
1025
+
1026
+ # @note When making an API call, you may pass GetPolicyRequest
1027
+ # data as a hash:
1028
+ #
1029
+ # {
1030
+ # resource_arn: "Arn", # required
1031
+ # }
1032
+ #
1033
+ # @!attribute [rw] resource_arn
1034
+ # The Amazon Resource Number (ARN) of the private CA that will have
1035
+ # its policy retrieved. You can find the CA's ARN by calling the
1036
+ # ListCertificateAuthorities action.
1037
+ # @return [String]
1038
+ #
1039
+ # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicyRequest AWS API Documentation
1040
+ #
1041
+ class GetPolicyRequest < Struct.new(
1042
+ :resource_arn)
1043
+ SENSITIVE = []
1044
+ include Aws::Structure
1045
+ end
1046
+
1047
+ # @!attribute [rw] policy
1048
+ # The policy attached to the private CA as a JSON document.
1049
+ # @return [String]
1050
+ #
1051
+ # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicyResponse AWS API Documentation
1052
+ #
1053
+ class GetPolicyResponse < Struct.new(
1054
+ :policy)
1055
+ SENSITIVE = []
899
1056
  include Aws::Structure
900
1057
  end
901
1058
 
@@ -910,10 +1067,14 @@ module Aws::ACMPCA
910
1067
  #
911
1068
  # @!attribute [rw] certificate_authority_arn
912
1069
  # The Amazon Resource Name (ARN) that was returned when you called
913
- # CreateCertificateAuthority. This must be of the form:
1070
+ # [CreateCertificateAuthority][1]. This must be of the form:
914
1071
  #
915
1072
  # `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
916
1073
  # `
1074
+ #
1075
+ #
1076
+ #
1077
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
917
1078
  # @return [String]
918
1079
  #
919
1080
  # @!attribute [rw] certificate
@@ -939,6 +1100,7 @@ module Aws::ACMPCA
939
1100
  :certificate_authority_arn,
940
1101
  :certificate,
941
1102
  :certificate_chain)
1103
+ SENSITIVE = []
942
1104
  include Aws::Structure
943
1105
  end
944
1106
 
@@ -951,6 +1113,7 @@ module Aws::ACMPCA
951
1113
  #
952
1114
  class InvalidArgsException < Struct.new(
953
1115
  :message)
1116
+ SENSITIVE = []
954
1117
  include Aws::Structure
955
1118
  end
956
1119
 
@@ -964,11 +1127,17 @@ module Aws::ACMPCA
964
1127
  #
965
1128
  class InvalidArnException < Struct.new(
966
1129
  :message)
1130
+ SENSITIVE = []
967
1131
  include Aws::Structure
968
1132
  end
969
1133
 
970
1134
  # The token specified in the `NextToken` argument is not valid. Use the
971
- # token returned from your previous call to ListCertificateAuthorities.
1135
+ # token returned from your previous call to
1136
+ # [ListCertificateAuthorities][1].
1137
+ #
1138
+ #
1139
+ #
1140
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
972
1141
  #
973
1142
  # @!attribute [rw] message
974
1143
  # @return [String]
@@ -977,12 +1146,17 @@ module Aws::ACMPCA
977
1146
  #
978
1147
  class InvalidNextTokenException < Struct.new(
979
1148
  :message)
1149
+ SENSITIVE = []
980
1150
  include Aws::Structure
981
1151
  end
982
1152
 
983
- # The S3 bucket policy is not valid. The policy must give ACM Private CA
984
- # rights to read from and write to the bucket and find the bucket
985
- # location.
1153
+ # The resource policy is invalid or is missing a required statement. For
1154
+ # general information about IAM policy and statement structure, see
1155
+ # [Overview of JSON Policies][1].
1156
+ #
1157
+ #
1158
+ #
1159
+ # [1]: https://docs.aws.amazon.com/https:/docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json
986
1160
  #
987
1161
  # @!attribute [rw] message
988
1162
  # @return [String]
@@ -991,6 +1165,7 @@ module Aws::ACMPCA
991
1165
  #
992
1166
  class InvalidPolicyException < Struct.new(
993
1167
  :message)
1168
+ SENSITIVE = []
994
1169
  include Aws::Structure
995
1170
  end
996
1171
 
@@ -1003,11 +1178,11 @@ module Aws::ACMPCA
1003
1178
  #
1004
1179
  class InvalidRequestException < Struct.new(
1005
1180
  :message)
1181
+ SENSITIVE = []
1006
1182
  include Aws::Structure
1007
1183
  end
1008
1184
 
1009
- # The private CA is in a state during which a report or certificate
1010
- # cannot be generated.
1185
+ # The state of the private CA does not allow this action to occur.
1011
1186
  #
1012
1187
  # @!attribute [rw] message
1013
1188
  # @return [String]
@@ -1016,6 +1191,7 @@ module Aws::ACMPCA
1016
1191
  #
1017
1192
  class InvalidStateException < Struct.new(
1018
1193
  :message)
1194
+ SENSITIVE = []
1019
1195
  include Aws::Structure
1020
1196
  end
1021
1197
 
@@ -1029,6 +1205,7 @@ module Aws::ACMPCA
1029
1205
  #
1030
1206
  class InvalidTagException < Struct.new(
1031
1207
  :message)
1208
+ SENSITIVE = []
1032
1209
  include Aws::Structure
1033
1210
  end
1034
1211
 
@@ -1049,10 +1226,14 @@ module Aws::ACMPCA
1049
1226
  #
1050
1227
  # @!attribute [rw] certificate_authority_arn
1051
1228
  # The Amazon Resource Name (ARN) that was returned when you called
1052
- # CreateCertificateAuthority. This must be of the form:
1229
+ # [CreateCertificateAuthority][1]. This must be of the form:
1053
1230
  #
1054
1231
  # `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
1055
1232
  # `
1233
+ #
1234
+ #
1235
+ #
1236
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1056
1237
  # @return [String]
1057
1238
  #
1058
1239
  # @!attribute [rw] csr
@@ -1070,23 +1251,55 @@ module Aws::ACMPCA
1070
1251
  # `openssl req -new -config openssl_rsa.cnf -extensions usr_cert
1071
1252
  # -newkey rsa:2048 -days -365 -keyout private/test_cert_priv_key.pem
1072
1253
  # -out csr/test_cert_.csr`
1254
+ #
1255
+ # Note: A CSR must provide either a *subject name* or a *subject
1256
+ # alternative name* or the request will be rejected.
1073
1257
  # @return [String]
1074
1258
  #
1075
1259
  # @!attribute [rw] signing_algorithm
1076
1260
  # The name of the algorithm that will be used to sign the certificate
1077
1261
  # to be issued.
1262
+ #
1263
+ # This parameter should not be confused with the `SigningAlgorithm`
1264
+ # parameter used to sign a CSR.
1078
1265
  # @return [String]
1079
1266
  #
1080
1267
  # @!attribute [rw] template_arn
1081
1268
  # Specifies a custom configuration template to use when issuing a
1082
1269
  # certificate. If this parameter is not provided, ACM Private CA
1083
- # defaults to the `EndEntityCertificate/V1` template.
1270
+ # defaults to the `EndEntityCertificate/V1` template. For CA
1271
+ # certificates, you should choose the shortest path length that meets
1272
+ # your needs. The path length is indicated by the PathLen*N* portion
1273
+ # of the ARN, where *N* is the [CA depth][1].
1274
+ #
1275
+ # Note: The CA depth configured on a subordinate CA certificate must
1276
+ # not exceed the limit set by its parents in the CA hierarchy.
1084
1277
  #
1085
1278
  # The following service-owned `TemplateArn` values are supported by
1086
1279
  # ACM Private CA:
1087
1280
  #
1281
+ # * arn:aws:acm-pca:::template/CodeSigningCertificate/V1
1282
+ #
1283
+ # * arn:aws:acm-pca:::template/CodeSigningCertificate\_CSRPassthrough/V1
1284
+ #
1088
1285
  # * arn:aws:acm-pca:::template/EndEntityCertificate/V1
1089
1286
  #
1287
+ # * arn:aws:acm-pca:::template/EndEntityCertificate\_CSRPassthrough/V1
1288
+ #
1289
+ # * arn:aws:acm-pca:::template/EndEntityClientAuthCertificate/V1
1290
+ #
1291
+ # * arn:aws:acm-pca:::template/EndEntityClientAuthCertificate\_CSRPassthrough/V1
1292
+ #
1293
+ # * arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1
1294
+ #
1295
+ # * arn:aws:acm-pca:::template/EndEntityServerAuthCertificate\_CSRPassthrough/V1
1296
+ #
1297
+ # * arn:aws:acm-pca:::template/OCSPSigningCertificate/V1
1298
+ #
1299
+ # * arn:aws:acm-pca:::template/OCSPSigningCertificate\_CSRPassthrough/V1
1300
+ #
1301
+ # * arn:aws:acm-pca:::template/RootCACertificate/V1
1302
+ #
1090
1303
  # * arn:aws:acm-pca:::template/SubordinateCACertificate\_PathLen0/V1
1091
1304
  #
1092
1305
  # * arn:aws:acm-pca:::template/SubordinateCACertificate\_PathLen1/V1
@@ -1095,17 +1308,24 @@ module Aws::ACMPCA
1095
1308
  #
1096
1309
  # * arn:aws:acm-pca:::template/SubordinateCACertificate\_PathLen3/V1
1097
1310
  #
1098
- # * arn:aws:acm-pca:::template/RootCACertificate/V1
1099
- #
1100
- # For more information, see [Using Templates][1].
1311
+ # For more information, see [Using Templates][2].
1101
1312
  #
1102
1313
  #
1103
1314
  #
1104
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
1315
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaTerms.html#terms-cadepth
1316
+ # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
1105
1317
  # @return [String]
1106
1318
  #
1107
1319
  # @!attribute [rw] validity
1108
- # The type of the validity period.
1320
+ # Information describing the validity period of the certificate.
1321
+ #
1322
+ # When issuing a certificate, ACM Private CA sets the "Not Before"
1323
+ # date in the validity field to date and time minus 60 minutes. This
1324
+ # is intended to compensate for time inconsistencies across systems of
1325
+ # 60 minutes or less.
1326
+ #
1327
+ # The validity period configured on a certificate must not exceed the
1328
+ # limit set by its parents in the CA hierarchy.
1109
1329
  # @return [Types::Validity]
1110
1330
  #
1111
1331
  # @!attribute [rw] idempotency_token
@@ -1127,6 +1347,7 @@ module Aws::ACMPCA
1127
1347
  :template_arn,
1128
1348
  :validity,
1129
1349
  :idempotency_token)
1350
+ SENSITIVE = []
1130
1351
  include Aws::Structure
1131
1352
  end
1132
1353
 
@@ -1142,11 +1363,12 @@ module Aws::ACMPCA
1142
1363
  #
1143
1364
  class IssueCertificateResponse < Struct.new(
1144
1365
  :certificate_arn)
1366
+ SENSITIVE = []
1145
1367
  include Aws::Structure
1146
1368
  end
1147
1369
 
1148
- # An ACM Private CA limit has been exceeded. See the exception message
1149
- # returned to determine the limit that was exceeded.
1370
+ # An ACM Private CA quota has been exceeded. See the exception message
1371
+ # returned to determine the quota that was exceeded.
1150
1372
  #
1151
1373
  # @!attribute [rw] message
1152
1374
  # @return [String]
@@ -1155,6 +1377,7 @@ module Aws::ACMPCA
1155
1377
  #
1156
1378
  class LimitExceededException < Struct.new(
1157
1379
  :message)
1380
+ SENSITIVE = []
1158
1381
  include Aws::Structure
1159
1382
  end
1160
1383
 
@@ -1164,6 +1387,7 @@ module Aws::ACMPCA
1164
1387
  # {
1165
1388
  # next_token: "NextToken",
1166
1389
  # max_results: 1,
1390
+ # resource_owner: "SELF", # accepts SELF, OTHER_ACCOUNTS
1167
1391
  # }
1168
1392
  #
1169
1393
  # @!attribute [rw] next_token
@@ -1181,11 +1405,18 @@ module Aws::ACMPCA
1181
1405
  # value in a subsequent request to retrieve additional items.
1182
1406
  # @return [Integer]
1183
1407
  #
1408
+ # @!attribute [rw] resource_owner
1409
+ # Use this parameter to filter the returned set of certificate
1410
+ # authorities based on their owner. The default is SELF.
1411
+ # @return [String]
1412
+ #
1184
1413
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthoritiesRequest AWS API Documentation
1185
1414
  #
1186
1415
  class ListCertificateAuthoritiesRequest < Struct.new(
1187
1416
  :next_token,
1188
- :max_results)
1417
+ :max_results,
1418
+ :resource_owner)
1419
+ SENSITIVE = []
1189
1420
  include Aws::Structure
1190
1421
  end
1191
1422
 
@@ -1204,6 +1435,7 @@ module Aws::ACMPCA
1204
1435
  class ListCertificateAuthoritiesResponse < Struct.new(
1205
1436
  :certificate_authorities,
1206
1437
  :next_token)
1438
+ SENSITIVE = []
1207
1439
  include Aws::Structure
1208
1440
  end
1209
1441
 
@@ -1218,11 +1450,15 @@ module Aws::ACMPCA
1218
1450
  #
1219
1451
  # @!attribute [rw] certificate_authority_arn
1220
1452
  # The Amazon Resource Number (ARN) of the private CA to inspect. You
1221
- # can find the ARN by calling the ListCertificateAuthorities action.
1222
- # This must be of the form:
1453
+ # can find the ARN by calling the [ListCertificateAuthorities][1]
1454
+ # action. This must be of the form:
1223
1455
  # `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012`
1224
1456
  # You can get a private CA's ARN by running the
1225
- # ListCertificateAuthorities action.
1457
+ # [ListCertificateAuthorities][1] action.
1458
+ #
1459
+ #
1460
+ #
1461
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
1226
1462
  # @return [String]
1227
1463
  #
1228
1464
  # @!attribute [rw] next_token
@@ -1245,6 +1481,7 @@ module Aws::ACMPCA
1245
1481
  :certificate_authority_arn,
1246
1482
  :next_token,
1247
1483
  :max_results)
1484
+ SENSITIVE = []
1248
1485
  include Aws::Structure
1249
1486
  end
1250
1487
 
@@ -1264,6 +1501,7 @@ module Aws::ACMPCA
1264
1501
  class ListPermissionsResponse < Struct.new(
1265
1502
  :permissions,
1266
1503
  :next_token)
1504
+ SENSITIVE = []
1267
1505
  include Aws::Structure
1268
1506
  end
1269
1507
 
@@ -1278,10 +1516,14 @@ module Aws::ACMPCA
1278
1516
  #
1279
1517
  # @!attribute [rw] certificate_authority_arn
1280
1518
  # The Amazon Resource Name (ARN) that was returned when you called the
1281
- # CreateCertificateAuthority action. This must be of the form:
1519
+ # [CreateCertificateAuthority][1] action. This must be of the form:
1282
1520
  #
1283
1521
  # `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
1284
1522
  # `
1523
+ #
1524
+ #
1525
+ #
1526
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1285
1527
  # @return [String]
1286
1528
  #
1287
1529
  # @!attribute [rw] next_token
@@ -1304,6 +1546,7 @@ module Aws::ACMPCA
1304
1546
  :certificate_authority_arn,
1305
1547
  :next_token,
1306
1548
  :max_results)
1549
+ SENSITIVE = []
1307
1550
  include Aws::Structure
1308
1551
  end
1309
1552
 
@@ -1321,6 +1564,23 @@ module Aws::ACMPCA
1321
1564
  class ListTagsResponse < Struct.new(
1322
1565
  :tags,
1323
1566
  :next_token)
1567
+ SENSITIVE = []
1568
+ include Aws::Structure
1569
+ end
1570
+
1571
+ # The current action was prevented because it would lock the caller out
1572
+ # from performing subsequent actions. Verify that the specified
1573
+ # parameters would not result in the caller being denied access to the
1574
+ # resource.
1575
+ #
1576
+ # @!attribute [rw] message
1577
+ # @return [String]
1578
+ #
1579
+ # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/LockoutPreventedException AWS API Documentation
1580
+ #
1581
+ class LockoutPreventedException < Struct.new(
1582
+ :message)
1583
+ SENSITIVE = []
1324
1584
  include Aws::Structure
1325
1585
  end
1326
1586
 
@@ -1333,6 +1593,7 @@ module Aws::ACMPCA
1333
1593
  #
1334
1594
  class MalformedCSRException < Struct.new(
1335
1595
  :message)
1596
+ SENSITIVE = []
1336
1597
  include Aws::Structure
1337
1598
  end
1338
1599
 
@@ -1345,6 +1606,7 @@ module Aws::ACMPCA
1345
1606
  #
1346
1607
  class MalformedCertificateException < Struct.new(
1347
1608
  :message)
1609
+ SENSITIVE = []
1348
1610
  include Aws::Structure
1349
1611
  end
1350
1612
 
@@ -1353,8 +1615,14 @@ module Aws::ACMPCA
1353
1615
  # certificates, you must give the ACM service principal all available
1354
1616
  # permissions (`IssueCertificate`, `GetCertificate`, and
1355
1617
  # `ListPermissions`). Permissions can be assigned with the
1356
- # CreatePermission action, removed with the DeletePermission action, and
1357
- # listed with the ListPermissions action.
1618
+ # [CreatePermission][1] action, removed with the [DeletePermission][2]
1619
+ # action, and listed with the [ListPermissions][3] action.
1620
+ #
1621
+ #
1622
+ #
1623
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html
1624
+ # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html
1625
+ # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html
1358
1626
  #
1359
1627
  # @!attribute [rw] certificate_authority_arn
1360
1628
  # The Amazon Resource Number (ARN) of the private CA from which the
@@ -1392,6 +1660,7 @@ module Aws::ACMPCA
1392
1660
  :source_account,
1393
1661
  :actions,
1394
1662
  :policy)
1663
+ SENSITIVE = []
1395
1664
  include Aws::Structure
1396
1665
  end
1397
1666
 
@@ -1404,6 +1673,49 @@ module Aws::ACMPCA
1404
1673
  #
1405
1674
  class PermissionAlreadyExistsException < Struct.new(
1406
1675
  :message)
1676
+ SENSITIVE = []
1677
+ include Aws::Structure
1678
+ end
1679
+
1680
+ # @note When making an API call, you may pass PutPolicyRequest
1681
+ # data as a hash:
1682
+ #
1683
+ # {
1684
+ # resource_arn: "Arn", # required
1685
+ # policy: "AWSPolicy", # required
1686
+ # }
1687
+ #
1688
+ # @!attribute [rw] resource_arn
1689
+ # The Amazon Resource Number (ARN) of the private CA to associate with
1690
+ # the policy. The ARN of the CA can be found by calling the
1691
+ # [ListCertificateAuthorities][1] action.
1692
+ #
1693
+ #
1694
+ #
1695
+ #
1696
+ #
1697
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
1698
+ # @return [String]
1699
+ #
1700
+ # @!attribute [rw] policy
1701
+ # The path and filename of a JSON-formatted IAM policy to attach to
1702
+ # the specified private CA resource. If this policy does not contain
1703
+ # all required statements or if it includes any statement that is not
1704
+ # allowed, the `PutPolicy` action returns an `InvalidPolicyException`.
1705
+ # For information about IAM policy and statement structure, see
1706
+ # [Overview of JSON Policies][1].
1707
+ #
1708
+ #
1709
+ #
1710
+ # [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html#access_policies-json
1711
+ # @return [String]
1712
+ #
1713
+ # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PutPolicyRequest AWS API Documentation
1714
+ #
1715
+ class PutPolicyRequest < Struct.new(
1716
+ :resource_arn,
1717
+ :policy)
1718
+ SENSITIVE = []
1407
1719
  include Aws::Structure
1408
1720
  end
1409
1721
 
@@ -1416,6 +1728,7 @@ module Aws::ACMPCA
1416
1728
  #
1417
1729
  class RequestAlreadyProcessedException < Struct.new(
1418
1730
  :message)
1731
+ SENSITIVE = []
1419
1732
  include Aws::Structure
1420
1733
  end
1421
1734
 
@@ -1428,6 +1741,7 @@ module Aws::ACMPCA
1428
1741
  #
1429
1742
  class RequestFailedException < Struct.new(
1430
1743
  :message)
1744
+ SENSITIVE = []
1431
1745
  include Aws::Structure
1432
1746
  end
1433
1747
 
@@ -1440,11 +1754,12 @@ module Aws::ACMPCA
1440
1754
  #
1441
1755
  class RequestInProgressException < Struct.new(
1442
1756
  :message)
1757
+ SENSITIVE = []
1443
1758
  include Aws::Structure
1444
1759
  end
1445
1760
 
1446
- # A resource such as a private CA, S3 bucket, certificate, or audit
1447
- # report cannot be found.
1761
+ # A resource such as a private CA, S3 bucket, certificate, audit report,
1762
+ # or policy cannot be found.
1448
1763
  #
1449
1764
  # @!attribute [rw] message
1450
1765
  # @return [String]
@@ -1453,6 +1768,7 @@ module Aws::ACMPCA
1453
1768
  #
1454
1769
  class ResourceNotFoundException < Struct.new(
1455
1770
  :message)
1771
+ SENSITIVE = []
1456
1772
  include Aws::Structure
1457
1773
  end
1458
1774
 
@@ -1465,25 +1781,36 @@ module Aws::ACMPCA
1465
1781
  #
1466
1782
  # @!attribute [rw] certificate_authority_arn
1467
1783
  # The Amazon Resource Name (ARN) that was returned when you called the
1468
- # CreateCertificateAuthority action. This must be of the form:
1784
+ # [CreateCertificateAuthority][1] action. This must be of the form:
1469
1785
  #
1470
1786
  # `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
1471
1787
  # `
1788
+ #
1789
+ #
1790
+ #
1791
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1472
1792
  # @return [String]
1473
1793
  #
1474
1794
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthorityRequest AWS API Documentation
1475
1795
  #
1476
1796
  class RestoreCertificateAuthorityRequest < Struct.new(
1477
1797
  :certificate_authority_arn)
1798
+ SENSITIVE = []
1478
1799
  include Aws::Structure
1479
1800
  end
1480
1801
 
1481
1802
  # Certificate revocation information used by the
1482
- # CreateCertificateAuthority and UpdateCertificateAuthority actions.
1483
- # Your private certificate authority (CA) can create and maintain a
1484
- # certificate revocation list (CRL). A CRL contains information about
1485
- # certificates revoked by your CA. For more information, see
1486
- # RevokeCertificate.
1803
+ # [CreateCertificateAuthority][1] and [UpdateCertificateAuthority][2]
1804
+ # actions. Your private certificate authority (CA) can create and
1805
+ # maintain a certificate revocation list (CRL). A CRL contains
1806
+ # information about certificates revoked by your CA. For more
1807
+ # information, see [RevokeCertificate][3].
1808
+ #
1809
+ #
1810
+ #
1811
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1812
+ # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
1813
+ # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html
1487
1814
  #
1488
1815
  # @note When making an API call, you may pass RevocationConfiguration
1489
1816
  # data as a hash:
@@ -1506,6 +1833,7 @@ module Aws::ACMPCA
1506
1833
  #
1507
1834
  class RevocationConfiguration < Struct.new(
1508
1835
  :crl_configuration)
1836
+ SENSITIVE = []
1509
1837
  include Aws::Structure
1510
1838
  end
1511
1839
 
@@ -1529,7 +1857,7 @@ module Aws::ACMPCA
1529
1857
  # @!attribute [rw] certificate_serial
1530
1858
  # Serial number of the certificate to be revoked. This must be in
1531
1859
  # hexadecimal format. You can retrieve the serial number by calling
1532
- # GetCertificate with the Amazon Resource Name (ARN) of the
1860
+ # [GetCertificate][1] with the Amazon Resource Name (ARN) of the
1533
1861
  # certificate you want and the ARN of your private CA. The
1534
1862
  # **GetCertificate** action retrieves the certificate in the PEM
1535
1863
  # format. You can use the following OpenSSL command to list the
@@ -1538,12 +1866,13 @@ module Aws::ACMPCA
1538
1866
  # `openssl x509 -in file_path -text -noout`
1539
1867
  #
1540
1868
  # You can also copy the serial number from the console or use the
1541
- # [DescribeCertificate][1] action in the *AWS Certificate Manager API
1869
+ # [DescribeCertificate][2] action in the *AWS Certificate Manager API
1542
1870
  # Reference*.
1543
1871
  #
1544
1872
  #
1545
1873
  #
1546
- # [1]: https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html
1874
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html
1875
+ # [2]: https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html
1547
1876
  # @return [String]
1548
1877
  #
1549
1878
  # @!attribute [rw] revocation_reason
@@ -1556,14 +1885,20 @@ module Aws::ACMPCA
1556
1885
  :certificate_authority_arn,
1557
1886
  :certificate_serial,
1558
1887
  :revocation_reason)
1888
+ SENSITIVE = []
1559
1889
  include Aws::Structure
1560
1890
  end
1561
1891
 
1562
1892
  # Tags are labels that you can use to identify and organize your private
1563
1893
  # CAs. Each tag consists of a key and an optional value. You can
1564
1894
  # associate up to 50 tags with a private CA. To add one or more tags to
1565
- # a private CA, call the TagCertificateAuthority action. To remove a
1566
- # tag, call the UntagCertificateAuthority action.
1895
+ # a private CA, call the [TagCertificateAuthority][1] action. To remove
1896
+ # a tag, call the [UntagCertificateAuthority][2] action.
1897
+ #
1898
+ #
1899
+ #
1900
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html
1901
+ # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html
1567
1902
  #
1568
1903
  # @note When making an API call, you may pass Tag
1569
1904
  # data as a hash:
@@ -1586,6 +1921,7 @@ module Aws::ACMPCA
1586
1921
  class Tag < Struct.new(
1587
1922
  :key,
1588
1923
  :value)
1924
+ SENSITIVE = []
1589
1925
  include Aws::Structure
1590
1926
  end
1591
1927
 
@@ -1604,10 +1940,14 @@ module Aws::ACMPCA
1604
1940
  #
1605
1941
  # @!attribute [rw] certificate_authority_arn
1606
1942
  # The Amazon Resource Name (ARN) that was returned when you called
1607
- # CreateCertificateAuthority. This must be of the form:
1943
+ # [CreateCertificateAuthority][1]. This must be of the form:
1608
1944
  #
1609
1945
  # `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
1610
1946
  # `
1947
+ #
1948
+ #
1949
+ #
1950
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1611
1951
  # @return [String]
1612
1952
  #
1613
1953
  # @!attribute [rw] tags
@@ -1619,6 +1959,7 @@ module Aws::ACMPCA
1619
1959
  class TagCertificateAuthorityRequest < Struct.new(
1620
1960
  :certificate_authority_arn,
1621
1961
  :tags)
1962
+ SENSITIVE = []
1622
1963
  include Aws::Structure
1623
1964
  end
1624
1965
 
@@ -1632,6 +1973,7 @@ module Aws::ACMPCA
1632
1973
  #
1633
1974
  class TooManyTagsException < Struct.new(
1634
1975
  :message)
1976
+ SENSITIVE = []
1635
1977
  include Aws::Structure
1636
1978
  end
1637
1979
 
@@ -1650,10 +1992,14 @@ module Aws::ACMPCA
1650
1992
  #
1651
1993
  # @!attribute [rw] certificate_authority_arn
1652
1994
  # The Amazon Resource Name (ARN) that was returned when you called
1653
- # CreateCertificateAuthority. This must be of the form:
1995
+ # [CreateCertificateAuthority][1]. This must be of the form:
1654
1996
  #
1655
1997
  # `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
1656
1998
  # `
1999
+ #
2000
+ #
2001
+ #
2002
+ # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1657
2003
  # @return [String]
1658
2004
  #
1659
2005
  # @!attribute [rw] tags
@@ -1665,6 +2011,7 @@ module Aws::ACMPCA
1665
2011
  class UntagCertificateAuthorityRequest < Struct.new(
1666
2012
  :certificate_authority_arn,
1667
2013
  :tags)
2014
+ SENSITIVE = []
1668
2015
  include Aws::Structure
1669
2016
  end
1670
2017
 
@@ -1706,13 +2053,23 @@ module Aws::ACMPCA
1706
2053
  :certificate_authority_arn,
1707
2054
  :revocation_configuration,
1708
2055
  :status)
2056
+ SENSITIVE = []
1709
2057
  include Aws::Structure
1710
2058
  end
1711
2059
 
1712
- # Length of time for which the certificate issued by your private
1713
- # certificate authority (CA), or by the private CA itself, is valid in
1714
- # days, months, or years. You can issue a certificate by calling the
1715
- # IssueCertificate action.
2060
+ # Validity specifies the period of time during which a certificate is
2061
+ # valid. Validity can be expressed as an explicit date and time when the
2062
+ # certificate expires, or as a span of time after issuance, stated in
2063
+ # days, months, or years. For more information, see [Validity][1] in RFC
2064
+ # 5280.
2065
+ #
2066
+ # You can issue a certificate by calling the [IssueCertificate][2]
2067
+ # action.
2068
+ #
2069
+ #
2070
+ #
2071
+ # [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
2072
+ # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html
1716
2073
  #
1717
2074
  # @note When making an API call, you may pass Validity
1718
2075
  # data as a hash:
@@ -1723,12 +2080,42 @@ module Aws::ACMPCA
1723
2080
  # }
1724
2081
  #
1725
2082
  # @!attribute [rw] value
1726
- # Time period.
2083
+ # A long integer interpreted according to the value of `Type`, below.
1727
2084
  # @return [Integer]
1728
2085
  #
1729
2086
  # @!attribute [rw] type
1730
- # Specifies whether the `Value` parameter represents days, months, or
1731
- # years.
2087
+ # Determines how *ACM Private CA* interprets the `Value` parameter, an
2088
+ # integer. Supported validity types include those listed below. Type
2089
+ # definitions with values include a sample input value and the
2090
+ # resulting output.
2091
+ #
2092
+ # `END_DATE`\: The specific date and time when the certificate will
2093
+ # expire, expressed using UTCTime (YYMMDDHHMMSS) or GeneralizedTime
2094
+ # (YYYYMMDDHHMMSS) format. When UTCTime is used, if the year field
2095
+ # (YY) is greater than or equal to 50, the year is interpreted as
2096
+ # 19YY. If the year field is less than 50, the year is interpreted as
2097
+ # 20YY.
2098
+ #
2099
+ # * Sample input value: 491231235959 (UTCTime format)
2100
+ #
2101
+ # * Output expiration date/time: 12/31/2049 23:59:59
2102
+ #
2103
+ # `ABSOLUTE`\: The specific date and time when the certificate will
2104
+ # expire, expressed in seconds since the Unix Epoch.
2105
+ #
2106
+ # * Sample input value: 2524608000
2107
+ #
2108
+ # * Output expiration date/time: 01/01/2050 00:00:00
2109
+ #
2110
+ # `DAYS`, `MONTHS`, `YEARS`\: The relative time from the moment of
2111
+ # issuance until the certificate will expire, expressed in days,
2112
+ # months, or years.
2113
+ #
2114
+ # Example if `DAYS`, issued on 10/12/2020 at 12:34:54 UTC:
2115
+ #
2116
+ # * Sample input value: 90
2117
+ #
2118
+ # * Output expiration date: 01/10/2020 12:34:54 UTC
1732
2119
  # @return [String]
1733
2120
  #
1734
2121
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Validity AWS API Documentation
@@ -1736,6 +2123,7 @@ module Aws::ACMPCA
1736
2123
  class Validity < Struct.new(
1737
2124
  :value,
1738
2125
  :type)
2126
+ SENSITIVE = []
1739
2127
  include Aws::Structure
1740
2128
  end
1741
2129