aws-sdk-acmpca 1.27.0 → 1.32.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-acmpca.rb +3 -2
- data/lib/aws-sdk-acmpca/client.rb +361 -102
- data/lib/aws-sdk-acmpca/client_api.rb +103 -0
- data/lib/aws-sdk-acmpca/types.rb +1104 -85
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dc98acc54b80d947d407c145b5f09f400dad5a8b943019e3b8c9bcd008f2b2c7
|
|
4
|
+
data.tar.gz: 5625afa10f80568e15a65cec8fce964cebe02a72ffeb314d9ec95374a073d012
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 774424f9c13f043e133ee64be2b4d302d7797645b9d51075aea543f1c215deab51c914473d9f93b6a4d52942974a108c1e69f0946a65e66a1d3c635cab1d7d11
|
|
7
|
+
data.tar.gz: ea1de9d25fd213799a2a277027d62ca35f445a79cc4e2c23553dd182f16c9e8a93f086ffe040dcdd28449c283a5113e3d37fed4b474475d3acac8f4f42272af0
|
data/lib/aws-sdk-acmpca.rb
CHANGED
|
@@ -7,6 +7,7 @@
|
|
|
7
7
|
#
|
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
|
9
9
|
|
|
10
|
+
|
|
10
11
|
require 'aws-sdk-core'
|
|
11
12
|
require 'aws-sigv4'
|
|
12
13
|
|
|
@@ -45,9 +46,9 @@ require_relative 'aws-sdk-acmpca/customizations'
|
|
|
45
46
|
#
|
|
46
47
|
# See {Errors} for more information.
|
|
47
48
|
#
|
|
48
|
-
#
|
|
49
|
+
# @!group service
|
|
49
50
|
module Aws::ACMPCA
|
|
50
51
|
|
|
51
|
-
GEM_VERSION = '1.
|
|
52
|
+
GEM_VERSION = '1.32.0'
|
|
52
53
|
|
|
53
54
|
end
|
|
@@ -85,13 +85,28 @@ module Aws::ACMPCA
|
|
|
85
85
|
# * `Aws::Credentials` - Used for configuring static, non-refreshing
|
|
86
86
|
# credentials.
|
|
87
87
|
#
|
|
88
|
+
# * `Aws::SharedCredentials` - Used for loading static credentials from a
|
|
89
|
+
# shared file, such as `~/.aws/config`.
|
|
90
|
+
#
|
|
91
|
+
# * `Aws::AssumeRoleCredentials` - Used when you need to assume a role.
|
|
92
|
+
#
|
|
93
|
+
# * `Aws::AssumeRoleWebIdentityCredentials` - Used when you need to
|
|
94
|
+
# assume a role after providing credentials via the web.
|
|
95
|
+
#
|
|
96
|
+
# * `Aws::SSOCredentials` - Used for loading credentials from AWS SSO using an
|
|
97
|
+
# access token generated from `aws login`.
|
|
98
|
+
#
|
|
99
|
+
# * `Aws::ProcessCredentials` - Used for loading credentials from a
|
|
100
|
+
# process that outputs to stdout.
|
|
101
|
+
#
|
|
88
102
|
# * `Aws::InstanceProfileCredentials` - Used for loading credentials
|
|
89
103
|
# from an EC2 IMDS on an EC2 instance.
|
|
90
104
|
#
|
|
91
|
-
# * `Aws::
|
|
92
|
-
#
|
|
105
|
+
# * `Aws::ECSCredentials` - Used for loading credentials from
|
|
106
|
+
# instances running in ECS.
|
|
93
107
|
#
|
|
94
|
-
# * `Aws::
|
|
108
|
+
# * `Aws::CognitoIdentityCredentials` - Used for loading credentials
|
|
109
|
+
# from the Cognito Identity service.
|
|
95
110
|
#
|
|
96
111
|
# When `:credentials` are not configured directly, the following
|
|
97
112
|
# locations will be searched for credentials:
|
|
@@ -101,10 +116,10 @@ module Aws::ACMPCA
|
|
|
101
116
|
# * ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
|
|
102
117
|
# * `~/.aws/credentials`
|
|
103
118
|
# * `~/.aws/config`
|
|
104
|
-
# * EC2 IMDS instance profile - When used by default, the timeouts
|
|
105
|
-
# very aggressive. Construct and pass an instance of
|
|
106
|
-
# `Aws::InstanceProfileCredentails`
|
|
107
|
-
# timeouts.
|
|
119
|
+
# * EC2/ECS IMDS instance profile - When used by default, the timeouts
|
|
120
|
+
# are very aggressive. Construct and pass an instance of
|
|
121
|
+
# `Aws::InstanceProfileCredentails` or `Aws::ECSCredentials` to
|
|
122
|
+
# enable retries and extended timeouts.
|
|
108
123
|
#
|
|
109
124
|
# @option options [required, String] :region
|
|
110
125
|
# The AWS region to connect to. The configured `:region` is
|
|
@@ -370,12 +385,14 @@ module Aws::ACMPCA
|
|
|
370
385
|
# The type of the certificate authority.
|
|
371
386
|
#
|
|
372
387
|
# @option params [String] :idempotency_token
|
|
373
|
-
#
|
|
374
|
-
# **CreateCertificateAuthority
|
|
375
|
-
#
|
|
376
|
-
#
|
|
377
|
-
#
|
|
378
|
-
#
|
|
388
|
+
# Custom string that can be used to distinguish between calls to the
|
|
389
|
+
# **CreateCertificateAuthority** action. Idempotency tokens for
|
|
390
|
+
# **CreateCertificateAuthority** time out after five minutes. Therefore,
|
|
391
|
+
# if you call **CreateCertificateAuthority** multiple times with the
|
|
392
|
+
# same idempotency token within five minutes, ACM Private CA recognizes
|
|
393
|
+
# that you are requesting only certificate authority and will issue only
|
|
394
|
+
# one. If you change the idempotency token for each call, PCA recognizes
|
|
395
|
+
# that you are requesting multiple certificate authorities.
|
|
379
396
|
#
|
|
380
397
|
# @option params [Array<Types::Tag>] :tags
|
|
381
398
|
# Key-value pairs that will be attached to the new private CA. You can
|
|
@@ -413,6 +430,58 @@ module Aws::ACMPCA
|
|
|
413
430
|
# pseudonym: "String128",
|
|
414
431
|
# generation_qualifier: "String3",
|
|
415
432
|
# },
|
|
433
|
+
# csr_extensions: {
|
|
434
|
+
# key_usage: {
|
|
435
|
+
# digital_signature: false,
|
|
436
|
+
# non_repudiation: false,
|
|
437
|
+
# key_encipherment: false,
|
|
438
|
+
# data_encipherment: false,
|
|
439
|
+
# key_agreement: false,
|
|
440
|
+
# key_cert_sign: false,
|
|
441
|
+
# crl_sign: false,
|
|
442
|
+
# encipher_only: false,
|
|
443
|
+
# decipher_only: false,
|
|
444
|
+
# },
|
|
445
|
+
# subject_information_access: [
|
|
446
|
+
# {
|
|
447
|
+
# access_method: { # required
|
|
448
|
+
# custom_object_identifier: "CustomObjectIdentifier",
|
|
449
|
+
# access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
|
|
450
|
+
# },
|
|
451
|
+
# access_location: { # required
|
|
452
|
+
# other_name: {
|
|
453
|
+
# type_id: "CustomObjectIdentifier", # required
|
|
454
|
+
# value: "String256", # required
|
|
455
|
+
# },
|
|
456
|
+
# rfc_822_name: "String256",
|
|
457
|
+
# dns_name: "String253",
|
|
458
|
+
# directory_name: {
|
|
459
|
+
# country: "CountryCodeString",
|
|
460
|
+
# organization: "String64",
|
|
461
|
+
# organizational_unit: "String64",
|
|
462
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
|
463
|
+
# state: "String128",
|
|
464
|
+
# common_name: "String64",
|
|
465
|
+
# serial_number: "ASN1PrintableString64",
|
|
466
|
+
# locality: "String128",
|
|
467
|
+
# title: "String64",
|
|
468
|
+
# surname: "String40",
|
|
469
|
+
# given_name: "String16",
|
|
470
|
+
# initials: "String5",
|
|
471
|
+
# pseudonym: "String128",
|
|
472
|
+
# generation_qualifier: "String3",
|
|
473
|
+
# },
|
|
474
|
+
# edi_party_name: {
|
|
475
|
+
# party_name: "String256", # required
|
|
476
|
+
# name_assigner: "String256",
|
|
477
|
+
# },
|
|
478
|
+
# uniform_resource_identifier: "String253",
|
|
479
|
+
# ip_address: "String39",
|
|
480
|
+
# registered_id: "CustomObjectIdentifier",
|
|
481
|
+
# },
|
|
482
|
+
# },
|
|
483
|
+
# ],
|
|
484
|
+
# },
|
|
416
485
|
# },
|
|
417
486
|
# revocation_configuration: {
|
|
418
487
|
# crl_configuration: {
|
|
@@ -532,12 +601,13 @@ module Aws::ACMPCA
|
|
|
532
601
|
# renewals. Instead, the ACM certificate owner must set up a
|
|
533
602
|
# resource-based policy to enable cross-account issuance and renewals.
|
|
534
603
|
# For more information, see [Using a Resource Based Policy with ACM
|
|
535
|
-
# Private CA]
|
|
604
|
+
# Private CA][3].
|
|
536
605
|
#
|
|
537
606
|
#
|
|
538
607
|
#
|
|
539
608
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html
|
|
540
609
|
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html
|
|
610
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
|
|
541
611
|
#
|
|
542
612
|
# @option params [required, String] :certificate_authority_arn
|
|
543
613
|
# The Amazon Resource Name (ARN) of the CA that grants the permissions.
|
|
@@ -680,12 +750,13 @@ module Aws::ACMPCA
|
|
|
680
750
|
# renewals. Instead, the ACM certificate owner must set up a
|
|
681
751
|
# resource-based policy to enable cross-account issuance and renewals.
|
|
682
752
|
# For more information, see [Using a Resource Based Policy with ACM
|
|
683
|
-
# Private CA]
|
|
753
|
+
# Private CA][3].
|
|
684
754
|
#
|
|
685
755
|
#
|
|
686
756
|
#
|
|
687
757
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html
|
|
688
758
|
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html
|
|
759
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
|
|
689
760
|
#
|
|
690
761
|
# @option params [required, String] :certificate_authority_arn
|
|
691
762
|
# The Amazon Resource Number (ARN) of the private CA that issued the
|
|
@@ -745,8 +816,7 @@ module Aws::ACMPCA
|
|
|
745
816
|
# * A policy grants access on a private CA to an AWS customer account,
|
|
746
817
|
# to AWS Organizations, or to an AWS Organizations unit. Policies are
|
|
747
818
|
# under the control of a CA administrator. For more information, see
|
|
748
|
-
# [Using a Resource Based Policy with ACM Private
|
|
749
|
-
# CA](acm-pca/latest/userguide/pca-rbp.html).
|
|
819
|
+
# [Using a Resource Based Policy with ACM Private CA][3].
|
|
750
820
|
#
|
|
751
821
|
# * A policy permits a user of AWS Certificate Manager (ACM) to issue
|
|
752
822
|
# ACM certificates signed by a CA in another account.
|
|
@@ -755,18 +825,19 @@ module Aws::ACMPCA
|
|
|
755
825
|
# user must configure a Service Linked Role (SLR). The SLR allows the
|
|
756
826
|
# ACM service to assume the identity of the user, subject to
|
|
757
827
|
# confirmation against the ACM Private CA policy. For more
|
|
758
|
-
# information, see [Using a Service Linked Role with ACM][
|
|
828
|
+
# information, see [Using a Service Linked Role with ACM][4].
|
|
759
829
|
#
|
|
760
830
|
# * Updates made in AWS Resource Manager (RAM) are reflected in
|
|
761
|
-
# policies. For more information, see [
|
|
762
|
-
#
|
|
763
|
-
# CA](acm-pca/latest/userguide/pca-ram.html).
|
|
831
|
+
# policies. For more information, see [Attach a Policy for
|
|
832
|
+
# Cross-Account Access][5].
|
|
764
833
|
#
|
|
765
834
|
#
|
|
766
835
|
#
|
|
767
836
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html
|
|
768
837
|
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html
|
|
769
|
-
# [3]: https://docs.aws.amazon.com/acm/latest/userguide/
|
|
838
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
|
|
839
|
+
# [4]: https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html
|
|
840
|
+
# [5]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html
|
|
770
841
|
#
|
|
771
842
|
# @option params [required, String] :resource_arn
|
|
772
843
|
# The Amazon Resource Number (ARN) of the private CA that will have its
|
|
@@ -815,7 +886,7 @@ module Aws::ACMPCA
|
|
|
815
886
|
# * `EXPIRED` - Your private CA certificate has expired.
|
|
816
887
|
#
|
|
817
888
|
# * `FAILED` - Your private CA has failed. Your CA can fail because of
|
|
818
|
-
# problems such a network outage or
|
|
889
|
+
# problems such a network outage or back-end AWS failure or other
|
|
819
890
|
# errors. A failed CA can never return to the pending state. You must
|
|
820
891
|
# create a new CA.
|
|
821
892
|
#
|
|
@@ -872,6 +943,41 @@ module Aws::ACMPCA
|
|
|
872
943
|
# resp.certificate_authority.certificate_authority_configuration.subject.initials #=> String
|
|
873
944
|
# resp.certificate_authority.certificate_authority_configuration.subject.pseudonym #=> String
|
|
874
945
|
# resp.certificate_authority.certificate_authority_configuration.subject.generation_qualifier #=> String
|
|
946
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.digital_signature #=> Boolean
|
|
947
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.non_repudiation #=> Boolean
|
|
948
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.key_encipherment #=> Boolean
|
|
949
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.data_encipherment #=> Boolean
|
|
950
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.key_agreement #=> Boolean
|
|
951
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.key_cert_sign #=> Boolean
|
|
952
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.crl_sign #=> Boolean
|
|
953
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.encipher_only #=> Boolean
|
|
954
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.decipher_only #=> Boolean
|
|
955
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access #=> Array
|
|
956
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_method.custom_object_identifier #=> String
|
|
957
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_method.access_method_type #=> String, one of "CA_REPOSITORY", "RESOURCE_PKI_MANIFEST", "RESOURCE_PKI_NOTIFY"
|
|
958
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.other_name.type_id #=> String
|
|
959
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.other_name.value #=> String
|
|
960
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.rfc_822_name #=> String
|
|
961
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.dns_name #=> String
|
|
962
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.country #=> String
|
|
963
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.organization #=> String
|
|
964
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.organizational_unit #=> String
|
|
965
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.distinguished_name_qualifier #=> String
|
|
966
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.state #=> String
|
|
967
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.common_name #=> String
|
|
968
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.serial_number #=> String
|
|
969
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.locality #=> String
|
|
970
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.title #=> String
|
|
971
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.surname #=> String
|
|
972
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.given_name #=> String
|
|
973
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.initials #=> String
|
|
974
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.pseudonym #=> String
|
|
975
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.generation_qualifier #=> String
|
|
976
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.party_name #=> String
|
|
977
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.name_assigner #=> String
|
|
978
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.uniform_resource_identifier #=> String
|
|
979
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.ip_address #=> String
|
|
980
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.registered_id #=> String
|
|
875
981
|
# resp.certificate_authority.revocation_configuration.crl_configuration.enabled #=> Boolean
|
|
876
982
|
# resp.certificate_authority.revocation_configuration.crl_configuration.expiration_in_days #=> Integer
|
|
877
983
|
# resp.certificate_authority.revocation_configuration.crl_configuration.custom_cname #=> String
|
|
@@ -1108,16 +1214,14 @@ module Aws::ACMPCA
|
|
|
1108
1214
|
# action returns a `ResourceNotFoundException`.
|
|
1109
1215
|
#
|
|
1110
1216
|
# The policy can be attached or updated with [PutPolicy][1] and removed
|
|
1111
|
-
# with
|
|
1112
|
-
# [DeletePolicy](acm-pca/latest/APIReference/API_DeletePolicy.html).
|
|
1217
|
+
# with [DeletePolicy][2].
|
|
1113
1218
|
#
|
|
1114
1219
|
# **About Policies**
|
|
1115
1220
|
#
|
|
1116
1221
|
# * A policy grants access on a private CA to an AWS customer account,
|
|
1117
1222
|
# to AWS Organizations, or to an AWS Organizations unit. Policies are
|
|
1118
1223
|
# under the control of a CA administrator. For more information, see
|
|
1119
|
-
# [Using a Resource Based Policy with ACM Private
|
|
1120
|
-
# CA](acm-pca/latest/userguide/pca-rbp.html).
|
|
1224
|
+
# [Using a Resource Based Policy with ACM Private CA][3].
|
|
1121
1225
|
#
|
|
1122
1226
|
# * A policy permits a user of AWS Certificate Manager (ACM) to issue
|
|
1123
1227
|
# ACM certificates signed by a CA in another account.
|
|
@@ -1126,17 +1230,19 @@ module Aws::ACMPCA
|
|
|
1126
1230
|
# user must configure a Service Linked Role (SLR). The SLR allows the
|
|
1127
1231
|
# ACM service to assume the identity of the user, subject to
|
|
1128
1232
|
# confirmation against the ACM Private CA policy. For more
|
|
1129
|
-
# information, see [Using a Service Linked Role with ACM][
|
|
1233
|
+
# information, see [Using a Service Linked Role with ACM][4].
|
|
1130
1234
|
#
|
|
1131
1235
|
# * Updates made in AWS Resource Manager (RAM) are reflected in
|
|
1132
|
-
# policies. For more information, see [
|
|
1133
|
-
#
|
|
1134
|
-
# CA](acm-pca/latest/userguide/pca-ram.html).
|
|
1236
|
+
# policies. For more information, see [Attach a Policy for
|
|
1237
|
+
# Cross-Account Access][5].
|
|
1135
1238
|
#
|
|
1136
1239
|
#
|
|
1137
1240
|
#
|
|
1138
1241
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html
|
|
1139
|
-
# [2]: https://docs.aws.amazon.com/acm/latest/
|
|
1242
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html
|
|
1243
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
|
|
1244
|
+
# [4]: https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html
|
|
1245
|
+
# [5]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html
|
|
1140
1246
|
#
|
|
1141
1247
|
# @option params [required, String] :resource_arn
|
|
1142
1248
|
# The Amazon Resource Number (ARN) of the private CA that will have its
|
|
@@ -1172,8 +1278,8 @@ module Aws::ACMPCA
|
|
|
1172
1278
|
# following preparations must in place:
|
|
1173
1279
|
#
|
|
1174
1280
|
# 1. In ACM Private CA, call the [CreateCertificateAuthority][1] action
|
|
1175
|
-
# to create the private CA that
|
|
1176
|
-
#
|
|
1281
|
+
# to create the private CA that you plan to back with the imported
|
|
1282
|
+
# certificate.
|
|
1177
1283
|
#
|
|
1178
1284
|
# 2. Call the [GetCertificateAuthorityCsr][2] action to generate a
|
|
1179
1285
|
# certificate signing request (CSR).
|
|
@@ -1184,22 +1290,31 @@ module Aws::ACMPCA
|
|
|
1184
1290
|
# 4. Create a certificate chain and copy the signed certificate and the
|
|
1185
1291
|
# certificate chain to your working directory.
|
|
1186
1292
|
#
|
|
1187
|
-
#
|
|
1293
|
+
# ACM Private CA supports three scenarios for installing a CA
|
|
1294
|
+
# certificate:
|
|
1295
|
+
#
|
|
1296
|
+
# * Installing a certificate for a root CA hosted by ACM Private CA.
|
|
1297
|
+
#
|
|
1298
|
+
# * Installing a subordinate CA certificate whose parent authority is
|
|
1299
|
+
# hosted by ACM Private CA.
|
|
1300
|
+
#
|
|
1301
|
+
# * Installing a subordinate CA certificate whose parent authority is
|
|
1302
|
+
# externally hosted.
|
|
1188
1303
|
#
|
|
1189
|
-
#
|
|
1190
|
-
#
|
|
1304
|
+
# The following additional requirements apply when you import a CA
|
|
1305
|
+
# certificate.
|
|
1191
1306
|
#
|
|
1192
|
-
# *
|
|
1193
|
-
#
|
|
1307
|
+
# * Only a self-signed certificate can be imported as a root CA.
|
|
1308
|
+
#
|
|
1309
|
+
# * A self-signed certificate cannot be imported as a subordinate CA.
|
|
1194
1310
|
#
|
|
1195
1311
|
# * Your certificate chain must not include the private CA certificate
|
|
1196
1312
|
# that you are importing.
|
|
1197
1313
|
#
|
|
1198
|
-
# * Your
|
|
1199
|
-
#
|
|
1200
|
-
#
|
|
1201
|
-
#
|
|
1202
|
-
# and so on until your chain is built.
|
|
1314
|
+
# * Your root CA must be the last certificate in your chain. The
|
|
1315
|
+
# subordinate certificate, if any, that your root CA signed must be
|
|
1316
|
+
# next to last. The subordinate certificate signed by the preceding
|
|
1317
|
+
# subordinate CA must come next, and so on until your chain is built.
|
|
1203
1318
|
#
|
|
1204
1319
|
# * The chain must be PEM-encoded.
|
|
1205
1320
|
#
|
|
@@ -1316,6 +1431,21 @@ module Aws::ACMPCA
|
|
|
1316
1431
|
#
|
|
1317
1432
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html
|
|
1318
1433
|
#
|
|
1434
|
+
# @option params [Types::ApiPassthrough] :api_passthrough
|
|
1435
|
+
# Specifies X.509 certificate information to be included in the issued
|
|
1436
|
+
# certificate. An `APIPassthrough` or `APICSRPassthrough` template
|
|
1437
|
+
# variant must be selected, or else this parameter is ignored. For more
|
|
1438
|
+
# information about using these templates, see [Understanding
|
|
1439
|
+
# Certificate Templates][1].
|
|
1440
|
+
#
|
|
1441
|
+
# If conflicting or duplicate certificate information is supplied during
|
|
1442
|
+
# certificate issuance, ACM Private CA applies [order of operation
|
|
1443
|
+
# rules](xxxxx) to determine what information is used.
|
|
1444
|
+
#
|
|
1445
|
+
#
|
|
1446
|
+
#
|
|
1447
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
|
|
1448
|
+
#
|
|
1319
1449
|
# @option params [required, String] :certificate_authority_arn
|
|
1320
1450
|
# The Amazon Resource Name (ARN) that was returned when you called
|
|
1321
1451
|
# [CreateCertificateAuthority][1]. This must be of the form:
|
|
@@ -1329,15 +1459,15 @@ module Aws::ACMPCA
|
|
|
1329
1459
|
#
|
|
1330
1460
|
# @option params [required, String, StringIO, File] :csr
|
|
1331
1461
|
# The certificate signing request (CSR) for the certificate you want to
|
|
1332
|
-
# issue.
|
|
1333
|
-
# a 2048 bit RSA private key.
|
|
1462
|
+
# issue. As an example, you can use the following OpenSSL command to
|
|
1463
|
+
# create the CSR and a 2048 bit RSA private key.
|
|
1334
1464
|
#
|
|
1335
1465
|
# `openssl req -new -newkey rsa:2048 -days 365 -keyout
|
|
1336
1466
|
# private/test_cert_priv_key.pem -out csr/test_cert_.csr`
|
|
1337
1467
|
#
|
|
1338
|
-
# If you have a configuration file, you can use the following
|
|
1339
|
-
# command. The `usr_cert` block in the configuration file
|
|
1340
|
-
# X509 version 3 extensions.
|
|
1468
|
+
# If you have a configuration file, you can then use the following
|
|
1469
|
+
# OpenSSL command. The `usr_cert` block in the configuration file
|
|
1470
|
+
# contains your X509 version 3 extensions.
|
|
1341
1471
|
#
|
|
1342
1472
|
# `openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey
|
|
1343
1473
|
# rsa:2048 -days -365 -keyout private/test_cert_priv_key.pem -out
|
|
@@ -1351,7 +1481,8 @@ module Aws::ACMPCA
|
|
|
1351
1481
|
# be issued.
|
|
1352
1482
|
#
|
|
1353
1483
|
# This parameter should not be confused with the `SigningAlgorithm`
|
|
1354
|
-
# parameter used to sign a CSR
|
|
1484
|
+
# parameter used to sign a CSR in the `CreateCertificateAuthority`
|
|
1485
|
+
# action.
|
|
1355
1486
|
#
|
|
1356
1487
|
# @option params [String] :template_arn
|
|
1357
1488
|
# Specifies a custom configuration template to use when issuing a
|
|
@@ -1364,65 +1495,70 @@ module Aws::ACMPCA
|
|
|
1364
1495
|
# Note: The CA depth configured on a subordinate CA certificate must not
|
|
1365
1496
|
# exceed the limit set by its parents in the CA hierarchy.
|
|
1366
1497
|
#
|
|
1367
|
-
#
|
|
1368
|
-
#
|
|
1369
|
-
#
|
|
1370
|
-
# * arn:aws:acm-pca:::template/CodeSigningCertificate/V1
|
|
1371
|
-
#
|
|
1372
|
-
# * arn:aws:acm-pca:::template/CodeSigningCertificate\_CSRPassthrough/V1
|
|
1373
|
-
#
|
|
1374
|
-
# * arn:aws:acm-pca:::template/EndEntityCertificate/V1
|
|
1375
|
-
#
|
|
1376
|
-
# * arn:aws:acm-pca:::template/EndEntityCertificate\_CSRPassthrough/V1
|
|
1377
|
-
#
|
|
1378
|
-
# * arn:aws:acm-pca:::template/EndEntityClientAuthCertificate/V1
|
|
1498
|
+
# For a list of `TemplateArn` values supported by ACM Private CA, see
|
|
1499
|
+
# [Understanding Certificate Templates][2].
|
|
1379
1500
|
#
|
|
1380
|
-
# * arn:aws:acm-pca:::template/EndEntityClientAuthCertificate\_CSRPassthrough/V1
|
|
1381
1501
|
#
|
|
1382
|
-
# * arn:aws:acm-pca:::template/EndEntityServerAuthCertificate/V1
|
|
1383
1502
|
#
|
|
1384
|
-
#
|
|
1503
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaTerms.html#terms-cadepth
|
|
1504
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
|
|
1385
1505
|
#
|
|
1386
|
-
#
|
|
1506
|
+
# @option params [required, Types::Validity] :validity
|
|
1507
|
+
# Information describing the end of the validity period of the
|
|
1508
|
+
# certificate. This parameter sets the “Not After” date for the
|
|
1509
|
+
# certificate.
|
|
1387
1510
|
#
|
|
1388
|
-
#
|
|
1511
|
+
# Certificate validity is the period of time during which a certificate
|
|
1512
|
+
# is valid. Validity can be expressed as an explicit date and time when
|
|
1513
|
+
# the certificate expires, or as a span of time after issuance, stated
|
|
1514
|
+
# in days, months, or years. For more information, see [Validity][1] in
|
|
1515
|
+
# RFC 5280.
|
|
1389
1516
|
#
|
|
1390
|
-
#
|
|
1517
|
+
# This value is unaffected when `ValidityNotBefore` is also specified.
|
|
1518
|
+
# For example, if `Validity` is set to 20 days in the future, the
|
|
1519
|
+
# certificate will expire 20 days from issuance time regardless of the
|
|
1520
|
+
# `ValidityNotBefore` value.
|
|
1391
1521
|
#
|
|
1392
|
-
#
|
|
1522
|
+
# The end of the validity period configured on a certificate must not
|
|
1523
|
+
# exceed the limit set on its parents in the CA hierarchy.
|
|
1393
1524
|
#
|
|
1394
|
-
# * arn:aws:acm-pca:::template/SubordinateCACertificate\_PathLen1/V1
|
|
1395
1525
|
#
|
|
1396
|
-
# * arn:aws:acm-pca:::template/SubordinateCACertificate\_PathLen2/V1
|
|
1397
1526
|
#
|
|
1398
|
-
#
|
|
1527
|
+
# [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
|
|
1399
1528
|
#
|
|
1400
|
-
#
|
|
1529
|
+
# @option params [Types::Validity] :validity_not_before
|
|
1530
|
+
# Information describing the start of the validity period of the
|
|
1531
|
+
# certificate. This parameter sets the “Not Before" date for the
|
|
1532
|
+
# certificate.
|
|
1401
1533
|
#
|
|
1534
|
+
# By default, when issuing a certificate, ACM Private CA sets the "Not
|
|
1535
|
+
# Before" date to the issuance time minus 60 minutes. This compensates
|
|
1536
|
+
# for clock inconsistencies across computer systems. The
|
|
1537
|
+
# `ValidityNotBefore` parameter can be used to customize the “Not
|
|
1538
|
+
# Before” value.
|
|
1402
1539
|
#
|
|
1540
|
+
# Unlike the `Validity` parameter, the `ValidityNotBefore` parameter is
|
|
1541
|
+
# optional.
|
|
1403
1542
|
#
|
|
1404
|
-
#
|
|
1405
|
-
#
|
|
1543
|
+
# The `ValidityNotBefore` value is expressed as an explicit date and
|
|
1544
|
+
# time, using the `Validity` type value `ABSOLUTE`. For more
|
|
1545
|
+
# information, see [Validity][1] in this API reference and [Validity][2]
|
|
1546
|
+
# in RFC 5280.
|
|
1406
1547
|
#
|
|
1407
|
-
# @option params [required, Types::Validity] :validity
|
|
1408
|
-
# Information describing the validity period of the certificate.
|
|
1409
1548
|
#
|
|
1410
|
-
# When issuing a certificate, ACM Private CA sets the "Not Before"
|
|
1411
|
-
# date in the validity field to date and time minus 60 minutes. This is
|
|
1412
|
-
# intended to compensate for time inconsistencies across systems of 60
|
|
1413
|
-
# minutes or less.
|
|
1414
1549
|
#
|
|
1415
|
-
#
|
|
1416
|
-
#
|
|
1550
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_Validity.html
|
|
1551
|
+
# [2]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
|
|
1417
1552
|
#
|
|
1418
1553
|
# @option params [String] :idempotency_token
|
|
1419
|
-
#
|
|
1420
|
-
# **IssueCertificate** action. Idempotency tokens
|
|
1421
|
-
#
|
|
1422
|
-
# the same idempotency token
|
|
1423
|
-
#
|
|
1424
|
-
#
|
|
1425
|
-
#
|
|
1554
|
+
# Alphanumeric string that can be used to distinguish between calls to
|
|
1555
|
+
# the **IssueCertificate** action. Idempotency tokens for
|
|
1556
|
+
# **IssueCertificate** time out after one minute. Therefore, if you call
|
|
1557
|
+
# **IssueCertificate** multiple times with the same idempotency token
|
|
1558
|
+
# within one minute, ACM Private CA recognizes that you are requesting
|
|
1559
|
+
# only one certificate and will issue only one. If you change the
|
|
1560
|
+
# idempotency token for each call, PCA recognizes that you are
|
|
1561
|
+
# requesting multiple certificates.
|
|
1426
1562
|
#
|
|
1427
1563
|
# @return [Types::IssueCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
|
1428
1564
|
#
|
|
@@ -1431,6 +1567,89 @@ module Aws::ACMPCA
|
|
|
1431
1567
|
# @example Request syntax with placeholder values
|
|
1432
1568
|
#
|
|
1433
1569
|
# resp = client.issue_certificate({
|
|
1570
|
+
# api_passthrough: {
|
|
1571
|
+
# extensions: {
|
|
1572
|
+
# certificate_policies: [
|
|
1573
|
+
# {
|
|
1574
|
+
# cert_policy_id: "CustomObjectIdentifier", # required
|
|
1575
|
+
# policy_qualifiers: [
|
|
1576
|
+
# {
|
|
1577
|
+
# policy_qualifier_id: "CPS", # required, accepts CPS
|
|
1578
|
+
# qualifier: { # required
|
|
1579
|
+
# cps_uri: "String256", # required
|
|
1580
|
+
# },
|
|
1581
|
+
# },
|
|
1582
|
+
# ],
|
|
1583
|
+
# },
|
|
1584
|
+
# ],
|
|
1585
|
+
# extended_key_usage: [
|
|
1586
|
+
# {
|
|
1587
|
+
# extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
|
|
1588
|
+
# extended_key_usage_object_identifier: "CustomObjectIdentifier",
|
|
1589
|
+
# },
|
|
1590
|
+
# ],
|
|
1591
|
+
# key_usage: {
|
|
1592
|
+
# digital_signature: false,
|
|
1593
|
+
# non_repudiation: false,
|
|
1594
|
+
# key_encipherment: false,
|
|
1595
|
+
# data_encipherment: false,
|
|
1596
|
+
# key_agreement: false,
|
|
1597
|
+
# key_cert_sign: false,
|
|
1598
|
+
# crl_sign: false,
|
|
1599
|
+
# encipher_only: false,
|
|
1600
|
+
# decipher_only: false,
|
|
1601
|
+
# },
|
|
1602
|
+
# subject_alternative_names: [
|
|
1603
|
+
# {
|
|
1604
|
+
# other_name: {
|
|
1605
|
+
# type_id: "CustomObjectIdentifier", # required
|
|
1606
|
+
# value: "String256", # required
|
|
1607
|
+
# },
|
|
1608
|
+
# rfc_822_name: "String256",
|
|
1609
|
+
# dns_name: "String253",
|
|
1610
|
+
# directory_name: {
|
|
1611
|
+
# country: "CountryCodeString",
|
|
1612
|
+
# organization: "String64",
|
|
1613
|
+
# organizational_unit: "String64",
|
|
1614
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
|
1615
|
+
# state: "String128",
|
|
1616
|
+
# common_name: "String64",
|
|
1617
|
+
# serial_number: "ASN1PrintableString64",
|
|
1618
|
+
# locality: "String128",
|
|
1619
|
+
# title: "String64",
|
|
1620
|
+
# surname: "String40",
|
|
1621
|
+
# given_name: "String16",
|
|
1622
|
+
# initials: "String5",
|
|
1623
|
+
# pseudonym: "String128",
|
|
1624
|
+
# generation_qualifier: "String3",
|
|
1625
|
+
# },
|
|
1626
|
+
# edi_party_name: {
|
|
1627
|
+
# party_name: "String256", # required
|
|
1628
|
+
# name_assigner: "String256",
|
|
1629
|
+
# },
|
|
1630
|
+
# uniform_resource_identifier: "String253",
|
|
1631
|
+
# ip_address: "String39",
|
|
1632
|
+
# registered_id: "CustomObjectIdentifier",
|
|
1633
|
+
# },
|
|
1634
|
+
# ],
|
|
1635
|
+
# },
|
|
1636
|
+
# subject: {
|
|
1637
|
+
# country: "CountryCodeString",
|
|
1638
|
+
# organization: "String64",
|
|
1639
|
+
# organizational_unit: "String64",
|
|
1640
|
+
# distinguished_name_qualifier: "ASN1PrintableString64",
|
|
1641
|
+
# state: "String128",
|
|
1642
|
+
# common_name: "String64",
|
|
1643
|
+
# serial_number: "ASN1PrintableString64",
|
|
1644
|
+
# locality: "String128",
|
|
1645
|
+
# title: "String64",
|
|
1646
|
+
# surname: "String40",
|
|
1647
|
+
# given_name: "String16",
|
|
1648
|
+
# initials: "String5",
|
|
1649
|
+
# pseudonym: "String128",
|
|
1650
|
+
# generation_qualifier: "String3",
|
|
1651
|
+
# },
|
|
1652
|
+
# },
|
|
1434
1653
|
# certificate_authority_arn: "Arn", # required
|
|
1435
1654
|
# csr: "data", # required
|
|
1436
1655
|
# signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
|
|
@@ -1439,6 +1658,10 @@ module Aws::ACMPCA
|
|
|
1439
1658
|
# value: 1, # required
|
|
1440
1659
|
# type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
|
|
1441
1660
|
# },
|
|
1661
|
+
# validity_not_before: {
|
|
1662
|
+
# value: 1, # required
|
|
1663
|
+
# type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
|
|
1664
|
+
# },
|
|
1442
1665
|
# idempotency_token: "IdempotencyToken",
|
|
1443
1666
|
# })
|
|
1444
1667
|
#
|
|
@@ -1523,6 +1746,41 @@ module Aws::ACMPCA
|
|
|
1523
1746
|
# resp.certificate_authorities[0].certificate_authority_configuration.subject.initials #=> String
|
|
1524
1747
|
# resp.certificate_authorities[0].certificate_authority_configuration.subject.pseudonym #=> String
|
|
1525
1748
|
# resp.certificate_authorities[0].certificate_authority_configuration.subject.generation_qualifier #=> String
|
|
1749
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.digital_signature #=> Boolean
|
|
1750
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.non_repudiation #=> Boolean
|
|
1751
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.key_encipherment #=> Boolean
|
|
1752
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.data_encipherment #=> Boolean
|
|
1753
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.key_agreement #=> Boolean
|
|
1754
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.key_cert_sign #=> Boolean
|
|
1755
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.crl_sign #=> Boolean
|
|
1756
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.encipher_only #=> Boolean
|
|
1757
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.decipher_only #=> Boolean
|
|
1758
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access #=> Array
|
|
1759
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_method.custom_object_identifier #=> String
|
|
1760
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_method.access_method_type #=> String, one of "CA_REPOSITORY", "RESOURCE_PKI_MANIFEST", "RESOURCE_PKI_NOTIFY"
|
|
1761
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.other_name.type_id #=> String
|
|
1762
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.other_name.value #=> String
|
|
1763
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.rfc_822_name #=> String
|
|
1764
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.dns_name #=> String
|
|
1765
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.country #=> String
|
|
1766
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.organization #=> String
|
|
1767
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.organizational_unit #=> String
|
|
1768
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.distinguished_name_qualifier #=> String
|
|
1769
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.state #=> String
|
|
1770
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.common_name #=> String
|
|
1771
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.serial_number #=> String
|
|
1772
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.locality #=> String
|
|
1773
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.title #=> String
|
|
1774
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.surname #=> String
|
|
1775
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.given_name #=> String
|
|
1776
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.initials #=> String
|
|
1777
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.pseudonym #=> String
|
|
1778
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.generation_qualifier #=> String
|
|
1779
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.party_name #=> String
|
|
1780
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.name_assigner #=> String
|
|
1781
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.uniform_resource_identifier #=> String
|
|
1782
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.ip_address #=> String
|
|
1783
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.registered_id #=> String
|
|
1526
1784
|
# resp.certificate_authorities[0].revocation_configuration.crl_configuration.enabled #=> Boolean
|
|
1527
1785
|
# resp.certificate_authorities[0].revocation_configuration.crl_configuration.expiration_in_days #=> Integer
|
|
1528
1786
|
# resp.certificate_authorities[0].revocation_configuration.crl_configuration.custom_cname #=> String
|
|
@@ -1563,12 +1821,13 @@ module Aws::ACMPCA
|
|
|
1563
1821
|
# renewals. Instead, the ACM certificate owner must set up a
|
|
1564
1822
|
# resource-based policy to enable cross-account issuance and renewals.
|
|
1565
1823
|
# For more information, see [Using a Resource Based Policy with ACM
|
|
1566
|
-
# Private CA]
|
|
1824
|
+
# Private CA][3].
|
|
1567
1825
|
#
|
|
1568
1826
|
#
|
|
1569
1827
|
#
|
|
1570
1828
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html
|
|
1571
1829
|
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html
|
|
1830
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
|
|
1572
1831
|
#
|
|
1573
1832
|
# @option params [required, String] :certificate_authority_arn
|
|
1574
1833
|
# The Amazon Resource Number (ARN) of the private CA to inspect. You can
|
|
@@ -1698,8 +1957,9 @@ module Aws::ACMPCA
|
|
|
1698
1957
|
|
|
1699
1958
|
# Attaches a resource-based policy to a private CA.
|
|
1700
1959
|
#
|
|
1701
|
-
# A policy can also be applied by
|
|
1702
|
-
# Resource Access Manager (RAM).
|
|
1960
|
+
# A policy can also be applied by sharing a private CA through AWS
|
|
1961
|
+
# Resource Access Manager (RAM). For more information, see [Attach a
|
|
1962
|
+
# Policy for Cross-Account Access][1].
|
|
1703
1963
|
#
|
|
1704
1964
|
# The policy can be displayed with [GetPolicy][2] and removed with
|
|
1705
1965
|
# [DeletePolicy][3].
|
|
@@ -1709,8 +1969,7 @@ module Aws::ACMPCA
|
|
|
1709
1969
|
# * A policy grants access on a private CA to an AWS customer account,
|
|
1710
1970
|
# to AWS Organizations, or to an AWS Organizations unit. Policies are
|
|
1711
1971
|
# under the control of a CA administrator. For more information, see
|
|
1712
|
-
# [Using a Resource Based Policy with ACM Private
|
|
1713
|
-
# CA](acm-pca/latest/userguide/pca-rbp.html).
|
|
1972
|
+
# [Using a Resource Based Policy with ACM Private CA][4].
|
|
1714
1973
|
#
|
|
1715
1974
|
# * A policy permits a user of AWS Certificate Manager (ACM) to issue
|
|
1716
1975
|
# ACM certificates signed by a CA in another account.
|
|
@@ -1719,19 +1978,19 @@ module Aws::ACMPCA
|
|
|
1719
1978
|
# user must configure a Service Linked Role (SLR). The SLR allows the
|
|
1720
1979
|
# ACM service to assume the identity of the user, subject to
|
|
1721
1980
|
# confirmation against the ACM Private CA policy. For more
|
|
1722
|
-
# information, see [Using a Service Linked Role with ACM][
|
|
1981
|
+
# information, see [Using a Service Linked Role with ACM][5].
|
|
1723
1982
|
#
|
|
1724
1983
|
# * Updates made in AWS Resource Manager (RAM) are reflected in
|
|
1725
|
-
# policies. For more information, see [
|
|
1726
|
-
#
|
|
1727
|
-
# CA](acm-pca/latest/userguide/pca-ram.html).
|
|
1984
|
+
# policies. For more information, see [Attach a Policy for
|
|
1985
|
+
# Cross-Account Access][1].
|
|
1728
1986
|
#
|
|
1729
1987
|
#
|
|
1730
1988
|
#
|
|
1731
1989
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html
|
|
1732
1990
|
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html
|
|
1733
1991
|
# [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html
|
|
1734
|
-
# [4]: https://docs.aws.amazon.com/acm/latest/userguide/
|
|
1992
|
+
# [4]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
|
|
1993
|
+
# [5]: https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html
|
|
1735
1994
|
#
|
|
1736
1995
|
# @option params [required, String] :resource_arn
|
|
1737
1996
|
# The Amazon Resource Number (ARN) of the private CA to associate with
|
|
@@ -1745,7 +2004,7 @@ module Aws::ACMPCA
|
|
|
1745
2004
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
|
|
1746
2005
|
#
|
|
1747
2006
|
# @option params [required, String] :policy
|
|
1748
|
-
# The path and
|
|
2007
|
+
# The path and file name of a JSON-formatted IAM policy to attach to the
|
|
1749
2008
|
# specified private CA resource. If this policy does not contain all
|
|
1750
2009
|
# required statements or if it includes any statement that is not
|
|
1751
2010
|
# allowed, the `PutPolicy` action returns an `InvalidPolicyException`.
|
|
@@ -2080,7 +2339,7 @@ module Aws::ACMPCA
|
|
|
2080
2339
|
params: params,
|
|
2081
2340
|
config: config)
|
|
2082
2341
|
context[:gem_name] = 'aws-sdk-acmpca'
|
|
2083
|
-
context[:gem_version] = '1.
|
|
2342
|
+
context[:gem_version] = '1.32.0'
|
|
2084
2343
|
Seahorse::Client::Request.new(handlers, context)
|
|
2085
2344
|
end
|
|
2086
2345
|
|