aws-sdk-acmpca 1.44.0 → 1.47.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-acmpca/client.rb +222 -153
- data/lib/aws-sdk-acmpca/client_api.rb +21 -0
- data/lib/aws-sdk-acmpca/types.rb +331 -112
- data/lib/aws-sdk-acmpca.rb +1 -1
- metadata +4 -4
@@ -27,7 +27,9 @@ require 'aws-sdk-core/plugins/client_metrics_plugin.rb'
|
|
27
27
|
require 'aws-sdk-core/plugins/client_metrics_send_plugin.rb'
|
28
28
|
require 'aws-sdk-core/plugins/transfer_encoding.rb'
|
29
29
|
require 'aws-sdk-core/plugins/http_checksum.rb'
|
30
|
+
require 'aws-sdk-core/plugins/checksum_algorithm.rb'
|
30
31
|
require 'aws-sdk-core/plugins/defaults_mode.rb'
|
32
|
+
require 'aws-sdk-core/plugins/recursion_detection.rb'
|
31
33
|
require 'aws-sdk-core/plugins/signature_v4.rb'
|
32
34
|
require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
|
33
35
|
|
@@ -74,7 +76,9 @@ module Aws::ACMPCA
|
|
74
76
|
add_plugin(Aws::Plugins::ClientMetricsSendPlugin)
|
75
77
|
add_plugin(Aws::Plugins::TransferEncoding)
|
76
78
|
add_plugin(Aws::Plugins::HttpChecksum)
|
79
|
+
add_plugin(Aws::Plugins::ChecksumAlgorithm)
|
77
80
|
add_plugin(Aws::Plugins::DefaultsMode)
|
81
|
+
add_plugin(Aws::Plugins::RecursionDetection)
|
78
82
|
add_plugin(Aws::Plugins::SignatureV4)
|
79
83
|
add_plugin(Aws::Plugins::Protocols::JsonRpc)
|
80
84
|
|
@@ -372,20 +376,21 @@ module Aws::ACMPCA
|
|
372
376
|
# CA. If successful, this action returns the Amazon Resource Name (ARN)
|
373
377
|
# of the CA.
|
374
378
|
#
|
375
|
-
#
|
376
|
-
# with encryption. For more information, see [Encrypting
|
379
|
+
# Amazon Web Services Private CA assets that are stored in Amazon S3 can
|
380
|
+
# be protected with encryption. For more information, see [Encrypting
|
381
|
+
# Your CRLs][1].
|
377
382
|
#
|
378
383
|
# <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
|
379
384
|
# bucket that you specify. If the IAM principal making the call does not
|
380
385
|
# have permission to write to the bucket, then an exception is thrown.
|
381
|
-
# For more information, see [
|
386
|
+
# For more information, see [Access policies for CRLs in Amazon S3][2].
|
382
387
|
#
|
383
388
|
# </note>
|
384
389
|
#
|
385
390
|
#
|
386
391
|
#
|
387
392
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption
|
388
|
-
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/
|
393
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
|
389
394
|
#
|
390
395
|
# @option params [required, Types::CertificateAuthorityConfiguration] :certificate_authority_configuration
|
391
396
|
# Name and bit size of the private key algorithm, the name of the
|
@@ -411,10 +416,11 @@ module Aws::ACMPCA
|
|
411
416
|
# **CreateCertificateAuthority** action. Idempotency tokens for
|
412
417
|
# **CreateCertificateAuthority** time out after five minutes. Therefore,
|
413
418
|
# if you call **CreateCertificateAuthority** multiple times with the
|
414
|
-
# same idempotency token within five minutes,
|
415
|
-
# that you are requesting only certificate
|
416
|
-
# one. If you change the idempotency token
|
417
|
-
# that you are requesting multiple
|
419
|
+
# same idempotency token within five minutes, Amazon Web Services
|
420
|
+
# Private CA recognizes that you are requesting only certificate
|
421
|
+
# authority and will issue only one. If you change the idempotency token
|
422
|
+
# for each call, PCA recognizes that you are requesting multiple
|
423
|
+
# certificate authorities.
|
418
424
|
#
|
419
425
|
# @option params [String] :key_storage_security_standard
|
420
426
|
# Specifies a cryptographic key management compliance standard used for
|
@@ -465,6 +471,12 @@ module Aws::ACMPCA
|
|
465
471
|
# initials: "String5",
|
466
472
|
# pseudonym: "String128",
|
467
473
|
# generation_qualifier: "String3",
|
474
|
+
# custom_attributes: [
|
475
|
+
# {
|
476
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
477
|
+
# value: "String1To256", # required
|
478
|
+
# },
|
479
|
+
# ],
|
468
480
|
# },
|
469
481
|
# csr_extensions: {
|
470
482
|
# key_usage: {
|
@@ -506,6 +518,12 @@ module Aws::ACMPCA
|
|
506
518
|
# initials: "String5",
|
507
519
|
# pseudonym: "String128",
|
508
520
|
# generation_qualifier: "String3",
|
521
|
+
# custom_attributes: [
|
522
|
+
# {
|
523
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
524
|
+
# value: "String1To256", # required
|
525
|
+
# },
|
526
|
+
# ],
|
509
527
|
# },
|
510
528
|
# edi_party_name: {
|
511
529
|
# party_name: "String256", # required
|
@@ -564,19 +582,23 @@ module Aws::ACMPCA
|
|
564
582
|
# <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
|
565
583
|
# bucket that you specify. If the IAM principal making the call does not
|
566
584
|
# have permission to write to the bucket, then an exception is thrown.
|
567
|
-
# For more information, see [
|
585
|
+
# For more information, see [Access policies for CRLs in Amazon S3][3].
|
568
586
|
#
|
569
587
|
# </note>
|
570
588
|
#
|
571
|
-
#
|
572
|
-
# with encryption. For more information, see [Encrypting
|
573
|
-
# Reports][4].
|
589
|
+
# Amazon Web Services Private CA assets that are stored in Amazon S3 can
|
590
|
+
# be protected with encryption. For more information, see [Encrypting
|
591
|
+
# Your Audit Reports][4].
|
592
|
+
#
|
593
|
+
# <note markdown="1"> You can generate a maximum of one report every 30 minutes.
|
594
|
+
#
|
595
|
+
# </note>
|
574
596
|
#
|
575
597
|
#
|
576
598
|
#
|
577
599
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html
|
578
600
|
# [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html
|
579
|
-
# [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/
|
601
|
+
# [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
|
580
602
|
# [4]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuditReport.html#audit-report-encryption
|
581
603
|
#
|
582
604
|
# @option params [required, String] :certificate_authority_arn
|
@@ -620,10 +642,10 @@ module Aws::ACMPCA
|
|
620
642
|
req.send_request(options)
|
621
643
|
end
|
622
644
|
|
623
|
-
# Grants one or more permissions on a private CA to the
|
645
|
+
# Grants one or more permissions on a private CA to the Certificate
|
624
646
|
# Manager (ACM) service principal (`acm.amazonaws.com`). These
|
625
647
|
# permissions allow ACM to issue and renew ACM certificates that reside
|
626
|
-
# in the same
|
648
|
+
# in the same Amazon Web Services account as the CA.
|
627
649
|
#
|
628
650
|
# You can list current permissions with the [ListPermissions][1] action
|
629
651
|
# and revoke them with the [DeletePermission][2] action.
|
@@ -642,8 +664,8 @@ module Aws::ACMPCA
|
|
642
664
|
# accounts, then permissions cannot be used to enable automatic
|
643
665
|
# renewals. Instead, the ACM certificate owner must set up a
|
644
666
|
# resource-based policy to enable cross-account issuance and renewals.
|
645
|
-
# For more information, see [Using a Resource Based Policy with
|
646
|
-
# Private CA][3].
|
667
|
+
# For more information, see [Using a Resource Based Policy with Amazon
|
668
|
+
# Web Services Private CA][3].
|
647
669
|
#
|
648
670
|
#
|
649
671
|
#
|
@@ -664,15 +686,17 @@ module Aws::ACMPCA
|
|
664
686
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
|
665
687
|
#
|
666
688
|
# @option params [required, String] :principal
|
667
|
-
# The
|
668
|
-
# time, the only valid principal is
|
689
|
+
# The Amazon Web Services service or identity that receives the
|
690
|
+
# permission. At this time, the only valid principal is
|
691
|
+
# `acm.amazonaws.com`.
|
669
692
|
#
|
670
693
|
# @option params [String] :source_account
|
671
694
|
# The ID of the calling account.
|
672
695
|
#
|
673
696
|
# @option params [required, Array<String>] :actions
|
674
|
-
# The actions that the specified
|
675
|
-
# include `IssueCertificate`, `GetCertificate`, and
|
697
|
+
# The actions that the specified Amazon Web Services service principal
|
698
|
+
# can use. These include `IssueCertificate`, `GetCertificate`, and
|
699
|
+
# `ListPermissions`.
|
676
700
|
#
|
677
701
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
678
702
|
#
|
@@ -712,8 +736,8 @@ module Aws::ACMPCA
|
|
712
736
|
# Additionally, you can delete a CA if you are waiting for it to be
|
713
737
|
# created (that is, the status of the CA is `CREATING`). You can also
|
714
738
|
# delete it if the CA has been created but you haven't yet imported the
|
715
|
-
# signed certificate into
|
716
|
-
# is `PENDING_CERTIFICATE`).
|
739
|
+
# signed certificate into Amazon Web Services Private CA (that is, the
|
740
|
+
# status of the CA is `PENDING_CERTIFICATE`).
|
717
741
|
#
|
718
742
|
# When you successfully call [DeleteCertificateAuthority][3], the CA's
|
719
743
|
# status changes to `DELETED`. However, the CA won't be permanently
|
@@ -766,13 +790,13 @@ module Aws::ACMPCA
|
|
766
790
|
req.send_request(options)
|
767
791
|
end
|
768
792
|
|
769
|
-
# Revokes permissions on a private CA granted to the
|
770
|
-
#
|
793
|
+
# Revokes permissions on a private CA granted to the Certificate Manager
|
794
|
+
# (ACM) service principal (acm.amazonaws.com).
|
771
795
|
#
|
772
796
|
# These permissions allow ACM to issue and renew ACM certificates that
|
773
|
-
# reside in the same
|
774
|
-
# permissions, ACM will no longer renew the affected
|
775
|
-
# automatically.
|
797
|
+
# reside in the same Amazon Web Services account as the CA. If you
|
798
|
+
# revoke these permissions, ACM will no longer renew the affected
|
799
|
+
# certificates automatically.
|
776
800
|
#
|
777
801
|
# Permissions can be granted with the [CreatePermission][1] action and
|
778
802
|
# listed with the [ListPermissions][2] action.
|
@@ -791,8 +815,8 @@ module Aws::ACMPCA
|
|
791
815
|
# accounts, then permissions cannot be used to enable automatic
|
792
816
|
# renewals. Instead, the ACM certificate owner must set up a
|
793
817
|
# resource-based policy to enable cross-account issuance and renewals.
|
794
|
-
# For more information, see [Using a Resource Based Policy with
|
795
|
-
# Private CA][3].
|
818
|
+
# For more information, see [Using a Resource Based Policy with Amazon
|
819
|
+
# Web Services Private CA][3].
|
796
820
|
#
|
797
821
|
#
|
798
822
|
#
|
@@ -814,11 +838,12 @@ module Aws::ACMPCA
|
|
814
838
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
|
815
839
|
#
|
816
840
|
# @option params [required, String] :principal
|
817
|
-
# The
|
818
|
-
# At this time, the only valid service principal is
|
841
|
+
# The Amazon Web Services service or identity that will have its CA
|
842
|
+
# permissions revoked. At this time, the only valid service principal is
|
843
|
+
# `acm.amazonaws.com`
|
819
844
|
#
|
820
845
|
# @option params [String] :source_account
|
821
|
-
# The
|
846
|
+
# The Amazon Web Services account that calls this action.
|
822
847
|
#
|
823
848
|
# @return [Struct] Returns an empty {Seahorse::Client::Response response}.
|
824
849
|
#
|
@@ -843,35 +868,36 @@ module Aws::ACMPCA
|
|
843
868
|
# will remove any access that the policy has granted. If there is no
|
844
869
|
# policy attached to the private CA, this action will return successful.
|
845
870
|
#
|
846
|
-
# If you delete a policy that was applied through
|
847
|
-
# Manager (RAM), the CA will be removed from all shares
|
848
|
-
# included.
|
871
|
+
# If you delete a policy that was applied through Amazon Web Services
|
872
|
+
# Resource Access Manager (RAM), the CA will be removed from all shares
|
873
|
+
# in which it was included.
|
849
874
|
#
|
850
|
-
# The
|
851
|
-
#
|
875
|
+
# The Certificate Manager Service Linked Role that the policy supports
|
876
|
+
# is not affected when you delete the policy.
|
852
877
|
#
|
853
878
|
# The current policy can be shown with [GetPolicy][1] and updated with
|
854
879
|
# [PutPolicy][2].
|
855
880
|
#
|
856
881
|
# **About Policies**
|
857
882
|
#
|
858
|
-
# * A policy grants access on a private CA to an
|
859
|
-
# to
|
860
|
-
#
|
861
|
-
#
|
883
|
+
# * A policy grants access on a private CA to an Amazon Web Services
|
884
|
+
# customer account, to Amazon Web Services Organizations, or to an
|
885
|
+
# Amazon Web Services Organizations unit. Policies are under the
|
886
|
+
# control of a CA administrator. For more information, see [Using a
|
887
|
+
# Resource Based Policy with Amazon Web Services Private CA][3].
|
862
888
|
#
|
863
|
-
# * A policy permits a user of
|
864
|
-
#
|
889
|
+
# * A policy permits a user of Certificate Manager (ACM) to issue ACM
|
890
|
+
# certificates signed by a CA in another account.
|
865
891
|
#
|
866
892
|
# * For ACM to manage automatic renewal of these certificates, the ACM
|
867
893
|
# user must configure a Service Linked Role (SLR). The SLR allows the
|
868
894
|
# ACM service to assume the identity of the user, subject to
|
869
|
-
# confirmation against the
|
870
|
-
# information, see [Using a Service Linked Role with ACM][4].
|
895
|
+
# confirmation against the Amazon Web Services Private CA policy. For
|
896
|
+
# more information, see [Using a Service Linked Role with ACM][4].
|
871
897
|
#
|
872
|
-
# * Updates made in
|
873
|
-
# policies. For more information, see [Attach a Policy
|
874
|
-
# Cross-Account Access][5].
|
898
|
+
# * Updates made in Amazon Web Services Resource Manager (RAM) are
|
899
|
+
# reflected in policies. For more information, see [Attach a Policy
|
900
|
+
# for Cross-Account Access][5].
|
875
901
|
#
|
876
902
|
#
|
877
903
|
#
|
@@ -914,12 +940,13 @@ module Aws::ACMPCA
|
|
914
940
|
# its ARN (Amazon Resource Name). The output contains the status of your
|
915
941
|
# CA. This can be any of the following:
|
916
942
|
#
|
917
|
-
# * `CREATING` -
|
918
|
-
# authority.
|
943
|
+
# * `CREATING` - Amazon Web Services Private CA is creating your private
|
944
|
+
# certificate authority.
|
919
945
|
#
|
920
946
|
# * `PENDING_CERTIFICATE` - The certificate is pending. You must use
|
921
|
-
# your
|
922
|
-
# sign your private CA CSR and then import it into
|
947
|
+
# your Amazon Web Services Private CA-hosted or on-premises root or
|
948
|
+
# subordinate CA to sign your private CA CSR and then import it into
|
949
|
+
# PCA.
|
923
950
|
#
|
924
951
|
# * `ACTIVE` - Your private CA is active.
|
925
952
|
#
|
@@ -928,9 +955,9 @@ module Aws::ACMPCA
|
|
928
955
|
# * `EXPIRED` - Your private CA certificate has expired.
|
929
956
|
#
|
930
957
|
# * `FAILED` - Your private CA has failed. Your CA can fail because of
|
931
|
-
# problems such a network outage or back-end
|
932
|
-
# errors. A failed CA can never return to the pending
|
933
|
-
# create a new CA.
|
958
|
+
# problems such a network outage or back-end Amazon Web Services
|
959
|
+
# failure or other errors. A failed CA can never return to the pending
|
960
|
+
# state. You must create a new CA.
|
934
961
|
#
|
935
962
|
# * `DELETED` - Your private CA is within the restoration period, after
|
936
963
|
# which it is permanently deleted. The length of time remaining in the
|
@@ -985,6 +1012,9 @@ module Aws::ACMPCA
|
|
985
1012
|
# resp.certificate_authority.certificate_authority_configuration.subject.initials #=> String
|
986
1013
|
# resp.certificate_authority.certificate_authority_configuration.subject.pseudonym #=> String
|
987
1014
|
# resp.certificate_authority.certificate_authority_configuration.subject.generation_qualifier #=> String
|
1015
|
+
# resp.certificate_authority.certificate_authority_configuration.subject.custom_attributes #=> Array
|
1016
|
+
# resp.certificate_authority.certificate_authority_configuration.subject.custom_attributes[0].object_identifier #=> String
|
1017
|
+
# resp.certificate_authority.certificate_authority_configuration.subject.custom_attributes[0].value #=> String
|
988
1018
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.digital_signature #=> Boolean
|
989
1019
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.non_repudiation #=> Boolean
|
990
1020
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.key_usage.key_encipherment #=> Boolean
|
@@ -1015,6 +1045,9 @@ module Aws::ACMPCA
|
|
1015
1045
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.initials #=> String
|
1016
1046
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.pseudonym #=> String
|
1017
1047
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.generation_qualifier #=> String
|
1048
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes #=> Array
|
1049
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes[0].object_identifier #=> String
|
1050
|
+
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes[0].value #=> String
|
1018
1051
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.party_name #=> String
|
1019
1052
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.name_assigner #=> String
|
1020
1053
|
# resp.certificate_authority.certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.uniform_resource_identifier #=> String
|
@@ -1205,11 +1238,11 @@ module Aws::ACMPCA
|
|
1205
1238
|
|
1206
1239
|
# Retrieves the certificate signing request (CSR) for your private
|
1207
1240
|
# certificate authority (CA). The CSR is created when you call the
|
1208
|
-
# [CreateCertificateAuthority][1] action. Sign the CSR with your
|
1209
|
-
# Private CA-hosted or on-premises root or subordinate CA.
|
1210
|
-
# the signed certificate back into
|
1211
|
-
# [ImportCertificateAuthorityCertificate][2]
|
1212
|
-
# as a base64 PEM-encoded string.
|
1241
|
+
# [CreateCertificateAuthority][1] action. Sign the CSR with your Amazon
|
1242
|
+
# Web Services Private CA-hosted or on-premises root or subordinate CA.
|
1243
|
+
# Then import the signed certificate back into Amazon Web Services
|
1244
|
+
# Private CA by calling the [ImportCertificateAuthorityCertificate][2]
|
1245
|
+
# action. The CSR is returned as a base64 PEM-encoded string.
|
1213
1246
|
#
|
1214
1247
|
#
|
1215
1248
|
#
|
@@ -1264,23 +1297,24 @@ module Aws::ACMPCA
|
|
1264
1297
|
#
|
1265
1298
|
# **About Policies**
|
1266
1299
|
#
|
1267
|
-
# * A policy grants access on a private CA to an
|
1268
|
-
# to
|
1269
|
-
#
|
1270
|
-
#
|
1300
|
+
# * A policy grants access on a private CA to an Amazon Web Services
|
1301
|
+
# customer account, to Amazon Web Services Organizations, or to an
|
1302
|
+
# Amazon Web Services Organizations unit. Policies are under the
|
1303
|
+
# control of a CA administrator. For more information, see [Using a
|
1304
|
+
# Resource Based Policy with Amazon Web Services Private CA][3].
|
1271
1305
|
#
|
1272
|
-
# * A policy permits a user of
|
1273
|
-
#
|
1306
|
+
# * A policy permits a user of Certificate Manager (ACM) to issue ACM
|
1307
|
+
# certificates signed by a CA in another account.
|
1274
1308
|
#
|
1275
1309
|
# * For ACM to manage automatic renewal of these certificates, the ACM
|
1276
1310
|
# user must configure a Service Linked Role (SLR). The SLR allows the
|
1277
1311
|
# ACM service to assume the identity of the user, subject to
|
1278
|
-
# confirmation against the
|
1279
|
-
# information, see [Using a Service Linked Role with ACM][4].
|
1312
|
+
# confirmation against the Amazon Web Services Private CA policy. For
|
1313
|
+
# more information, see [Using a Service Linked Role with ACM][4].
|
1280
1314
|
#
|
1281
|
-
# * Updates made in
|
1282
|
-
# policies. For more information, see [Attach a Policy
|
1283
|
-
# Cross-Account Access][5].
|
1315
|
+
# * Updates made in Amazon Web Services Resource Manager (RAM) are
|
1316
|
+
# reflected in policies. For more information, see [Attach a Policy
|
1317
|
+
# for Cross-Account Access][5].
|
1284
1318
|
#
|
1285
1319
|
#
|
1286
1320
|
#
|
@@ -1318,14 +1352,14 @@ module Aws::ACMPCA
|
|
1318
1352
|
req.send_request(options)
|
1319
1353
|
end
|
1320
1354
|
|
1321
|
-
# Imports a signed private CA certificate into
|
1322
|
-
# action is used when you are using a chain of trust
|
1323
|
-
# located outside
|
1324
|
-
# following preparations must in place:
|
1355
|
+
# Imports a signed private CA certificate into Amazon Web Services
|
1356
|
+
# Private CA. This action is used when you are using a chain of trust
|
1357
|
+
# whose root is located outside Amazon Web Services Private CA. Before
|
1358
|
+
# you can call this action, the following preparations must in place:
|
1325
1359
|
#
|
1326
|
-
# 1. In
|
1327
|
-
# to create the private CA
|
1328
|
-
# certificate.
|
1360
|
+
# 1. In Amazon Web Services Private CA, call the
|
1361
|
+
# [CreateCertificateAuthority][1] action to create the private CA
|
1362
|
+
# that you plan to back with the imported certificate.
|
1329
1363
|
#
|
1330
1364
|
# 2. Call the [GetCertificateAuthorityCsr][2] action to generate a
|
1331
1365
|
# certificate signing request (CSR).
|
@@ -1336,13 +1370,14 @@ module Aws::ACMPCA
|
|
1336
1370
|
# 4. Create a certificate chain and copy the signed certificate and the
|
1337
1371
|
# certificate chain to your working directory.
|
1338
1372
|
#
|
1339
|
-
#
|
1340
|
-
# certificate:
|
1373
|
+
# Amazon Web Services Private CA supports three scenarios for installing
|
1374
|
+
# a CA certificate:
|
1341
1375
|
#
|
1342
|
-
# * Installing a certificate for a root CA hosted by
|
1376
|
+
# * Installing a certificate for a root CA hosted by Amazon Web Services
|
1377
|
+
# Private CA.
|
1343
1378
|
#
|
1344
1379
|
# * Installing a subordinate CA certificate whose parent authority is
|
1345
|
-
# hosted by
|
1380
|
+
# hosted by Amazon Web Services Private CA.
|
1346
1381
|
#
|
1347
1382
|
# * Installing a subordinate CA certificate whose parent authority is
|
1348
1383
|
# externally hosted.
|
@@ -1370,8 +1405,8 @@ module Aws::ACMPCA
|
|
1370
1405
|
#
|
1371
1406
|
# *Enforcement of Critical Constraints*
|
1372
1407
|
#
|
1373
|
-
#
|
1374
|
-
# in the imported CA certificate or chain.
|
1408
|
+
# Amazon Web Services Private CA allows the following extensions to be
|
1409
|
+
# marked critical in the imported CA certificate or chain.
|
1375
1410
|
#
|
1376
1411
|
# * Basic constraints (*must* be marked critical)
|
1377
1412
|
#
|
@@ -1397,8 +1432,8 @@ module Aws::ACMPCA
|
|
1397
1432
|
#
|
1398
1433
|
# * Inhibit anyPolicy
|
1399
1434
|
#
|
1400
|
-
#
|
1401
|
-
# critical in an imported CA certificate or chain.
|
1435
|
+
# Amazon Web Services Private CA rejects the following extensions when
|
1436
|
+
# they are marked critical in an imported CA certificate or chain.
|
1402
1437
|
#
|
1403
1438
|
# * Name constraints
|
1404
1439
|
#
|
@@ -1436,8 +1471,9 @@ module Aws::ACMPCA
|
|
1436
1471
|
# @option params [String, StringIO, File] :certificate_chain
|
1437
1472
|
# A PEM-encoded file that contains all of your certificates, other than
|
1438
1473
|
# the certificate you're importing, chaining up to your root CA. Your
|
1439
|
-
#
|
1440
|
-
# the chain, and each certificate in the chain signs the
|
1474
|
+
# Amazon Web Services Private CA-hosted or on-premises root certificate
|
1475
|
+
# is the last in the chain, and each certificate in the chain signs the
|
1476
|
+
# one preceding.
|
1441
1477
|
#
|
1442
1478
|
# This parameter must be supplied when you import a subordinate CA. When
|
1443
1479
|
# you import a root CA, there is no chain.
|
@@ -1468,8 +1504,8 @@ module Aws::ACMPCA
|
|
1468
1504
|
# specifying the ARN.
|
1469
1505
|
#
|
1470
1506
|
# <note markdown="1"> You cannot use the ACM **ListCertificateAuthorities** action to
|
1471
|
-
# retrieve the ARNs of the certificates that you issue by using
|
1472
|
-
# Private CA.
|
1507
|
+
# retrieve the ARNs of the certificates that you issue by using Amazon
|
1508
|
+
# Web Services Private CA.
|
1473
1509
|
#
|
1474
1510
|
# </note>
|
1475
1511
|
#
|
@@ -1485,8 +1521,8 @@ module Aws::ACMPCA
|
|
1485
1521
|
# Certificate Templates][1].
|
1486
1522
|
#
|
1487
1523
|
# If conflicting or duplicate certificate information is supplied during
|
1488
|
-
# certificate issuance,
|
1489
|
-
# rules][2] to determine what information is used.
|
1524
|
+
# certificate issuance, Amazon Web Services Private CA applies [order of
|
1525
|
+
# operation rules][2] to determine what information is used.
|
1490
1526
|
#
|
1491
1527
|
#
|
1492
1528
|
#
|
@@ -1517,7 +1553,7 @@ module Aws::ACMPCA
|
|
1517
1553
|
# contains your X509 version 3 extensions.
|
1518
1554
|
#
|
1519
1555
|
# `openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey
|
1520
|
-
# rsa:2048 -days
|
1556
|
+
# rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out
|
1521
1557
|
# csr/test_cert_.csr`
|
1522
1558
|
#
|
1523
1559
|
# Note: A CSR must provide either a *subject name* or a *subject
|
@@ -1531,10 +1567,15 @@ module Aws::ACMPCA
|
|
1531
1567
|
# parameter used to sign a CSR in the `CreateCertificateAuthority`
|
1532
1568
|
# action.
|
1533
1569
|
#
|
1570
|
+
# <note markdown="1"> The specified signing algorithm family (RSA or ECDSA) much match the
|
1571
|
+
# algorithm family of the CA's secret key.
|
1572
|
+
#
|
1573
|
+
# </note>
|
1574
|
+
#
|
1534
1575
|
# @option params [String] :template_arn
|
1535
1576
|
# Specifies a custom configuration template to use when issuing a
|
1536
|
-
# certificate. If this parameter is not provided,
|
1537
|
-
# defaults to the `EndEntityCertificate/V1` template. For CA
|
1577
|
+
# certificate. If this parameter is not provided, Amazon Web Services
|
1578
|
+
# Private CA defaults to the `EndEntityCertificate/V1` template. For CA
|
1538
1579
|
# certificates, you should choose the shortest path length that meets
|
1539
1580
|
# your needs. The path length is indicated by the PathLen*N* portion of
|
1540
1581
|
# the ARN, where *N* is the [CA depth][1].
|
@@ -1542,8 +1583,8 @@ module Aws::ACMPCA
|
|
1542
1583
|
# Note: The CA depth configured on a subordinate CA certificate must not
|
1543
1584
|
# exceed the limit set by its parents in the CA hierarchy.
|
1544
1585
|
#
|
1545
|
-
# For a list of `TemplateArn` values supported by
|
1546
|
-
# [Understanding Certificate Templates][2].
|
1586
|
+
# For a list of `TemplateArn` values supported by Amazon Web Services
|
1587
|
+
# Private CA, see [Understanding Certificate Templates][2].
|
1547
1588
|
#
|
1548
1589
|
#
|
1549
1590
|
#
|
@@ -1571,17 +1612,17 @@ module Aws::ACMPCA
|
|
1571
1612
|
#
|
1572
1613
|
#
|
1573
1614
|
#
|
1574
|
-
# [1]: https://
|
1615
|
+
# [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
|
1575
1616
|
#
|
1576
1617
|
# @option params [Types::Validity] :validity_not_before
|
1577
1618
|
# Information describing the start of the validity period of the
|
1578
1619
|
# certificate. This parameter sets the “Not Before" date for the
|
1579
1620
|
# certificate.
|
1580
1621
|
#
|
1581
|
-
# By default, when issuing a certificate,
|
1582
|
-
# Before" date to the issuance time minus 60 minutes.
|
1583
|
-
# for clock inconsistencies across computer systems.
|
1584
|
-
# `ValidityNotBefore` parameter can be used to customize the “Not
|
1622
|
+
# By default, when issuing a certificate, Amazon Web Services Private CA
|
1623
|
+
# sets the "Not Before" date to the issuance time minus 60 minutes.
|
1624
|
+
# This compensates for clock inconsistencies across computer systems.
|
1625
|
+
# The `ValidityNotBefore` parameter can be used to customize the “Not
|
1585
1626
|
# Before” value.
|
1586
1627
|
#
|
1587
1628
|
# Unlike the `Validity` parameter, the `ValidityNotBefore` parameter is
|
@@ -1595,17 +1636,17 @@ module Aws::ACMPCA
|
|
1595
1636
|
#
|
1596
1637
|
#
|
1597
1638
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_Validity.html
|
1598
|
-
# [2]: https://
|
1639
|
+
# [2]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
|
1599
1640
|
#
|
1600
1641
|
# @option params [String] :idempotency_token
|
1601
1642
|
# Alphanumeric string that can be used to distinguish between calls to
|
1602
1643
|
# the **IssueCertificate** action. Idempotency tokens for
|
1603
1644
|
# **IssueCertificate** time out after one minute. Therefore, if you call
|
1604
1645
|
# **IssueCertificate** multiple times with the same idempotency token
|
1605
|
-
# within one minute,
|
1606
|
-
# only one certificate and will issue only one. If you
|
1607
|
-
# idempotency token for each call, PCA recognizes that you
|
1608
|
-
# requesting multiple certificates.
|
1646
|
+
# within one minute, Amazon Web Services Private CA recognizes that you
|
1647
|
+
# are requesting only one certificate and will issue only one. If you
|
1648
|
+
# change the idempotency token for each call, PCA recognizes that you
|
1649
|
+
# are requesting multiple certificates.
|
1609
1650
|
#
|
1610
1651
|
# @return [Types::IssueCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
|
1611
1652
|
#
|
@@ -1669,6 +1710,12 @@ module Aws::ACMPCA
|
|
1669
1710
|
# initials: "String5",
|
1670
1711
|
# pseudonym: "String128",
|
1671
1712
|
# generation_qualifier: "String3",
|
1713
|
+
# custom_attributes: [
|
1714
|
+
# {
|
1715
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
1716
|
+
# value: "String1To256", # required
|
1717
|
+
# },
|
1718
|
+
# ],
|
1672
1719
|
# },
|
1673
1720
|
# edi_party_name: {
|
1674
1721
|
# party_name: "String256", # required
|
@@ -1679,6 +1726,13 @@ module Aws::ACMPCA
|
|
1679
1726
|
# registered_id: "CustomObjectIdentifier",
|
1680
1727
|
# },
|
1681
1728
|
# ],
|
1729
|
+
# custom_extensions: [
|
1730
|
+
# {
|
1731
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
1732
|
+
# value: "Base64String1To4096", # required
|
1733
|
+
# critical: false,
|
1734
|
+
# },
|
1735
|
+
# ],
|
1682
1736
|
# },
|
1683
1737
|
# subject: {
|
1684
1738
|
# country: "CountryCodeString",
|
@@ -1695,6 +1749,12 @@ module Aws::ACMPCA
|
|
1695
1749
|
# initials: "String5",
|
1696
1750
|
# pseudonym: "String128",
|
1697
1751
|
# generation_qualifier: "String3",
|
1752
|
+
# custom_attributes: [
|
1753
|
+
# {
|
1754
|
+
# object_identifier: "CustomObjectIdentifier", # required
|
1755
|
+
# value: "String1To256", # required
|
1756
|
+
# },
|
1757
|
+
# ],
|
1698
1758
|
# },
|
1699
1759
|
# },
|
1700
1760
|
# certificate_authority_arn: "Arn", # required
|
@@ -1793,6 +1853,9 @@ module Aws::ACMPCA
|
|
1793
1853
|
# resp.certificate_authorities[0].certificate_authority_configuration.subject.initials #=> String
|
1794
1854
|
# resp.certificate_authorities[0].certificate_authority_configuration.subject.pseudonym #=> String
|
1795
1855
|
# resp.certificate_authorities[0].certificate_authority_configuration.subject.generation_qualifier #=> String
|
1856
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.subject.custom_attributes #=> Array
|
1857
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.subject.custom_attributes[0].object_identifier #=> String
|
1858
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.subject.custom_attributes[0].value #=> String
|
1796
1859
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.digital_signature #=> Boolean
|
1797
1860
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.non_repudiation #=> Boolean
|
1798
1861
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.key_usage.key_encipherment #=> Boolean
|
@@ -1823,6 +1886,9 @@ module Aws::ACMPCA
|
|
1823
1886
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.initials #=> String
|
1824
1887
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.pseudonym #=> String
|
1825
1888
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.generation_qualifier #=> String
|
1889
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes #=> Array
|
1890
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes[0].object_identifier #=> String
|
1891
|
+
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.directory_name.custom_attributes[0].value #=> String
|
1826
1892
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.party_name #=> String
|
1827
1893
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.edi_party_name.name_assigner #=> String
|
1828
1894
|
# resp.certificate_authorities[0].certificate_authority_configuration.csr_extensions.subject_information_access[0].access_location.uniform_resource_identifier #=> String
|
@@ -1848,11 +1914,11 @@ module Aws::ACMPCA
|
|
1848
1914
|
req.send_request(options)
|
1849
1915
|
end
|
1850
1916
|
|
1851
|
-
# List all permissions on a private CA, if any, granted to the
|
1917
|
+
# List all permissions on a private CA, if any, granted to the
|
1852
1918
|
# Certificate Manager (ACM) service principal (acm.amazonaws.com).
|
1853
1919
|
#
|
1854
1920
|
# These permissions allow ACM to issue and renew ACM certificates that
|
1855
|
-
# reside in the same
|
1921
|
+
# reside in the same Amazon Web Services account as the CA.
|
1856
1922
|
#
|
1857
1923
|
# Permissions can be granted with the [CreatePermission][1] action and
|
1858
1924
|
# revoked with the [DeletePermission][2] action.
|
@@ -1871,8 +1937,8 @@ module Aws::ACMPCA
|
|
1871
1937
|
# accounts, then permissions cannot be used to enable automatic
|
1872
1938
|
# renewals. Instead, the ACM certificate owner must set up a
|
1873
1939
|
# resource-based policy to enable cross-account issuance and renewals.
|
1874
|
-
# For more information, see [Using a Resource Based Policy with
|
1875
|
-
# Private CA][3].
|
1940
|
+
# For more information, see [Using a Resource Based Policy with Amazon
|
1941
|
+
# Web Services Private CA][3].
|
1876
1942
|
#
|
1877
1943
|
#
|
1878
1944
|
#
|
@@ -2008,32 +2074,33 @@ module Aws::ACMPCA
|
|
2008
2074
|
|
2009
2075
|
# Attaches a resource-based policy to a private CA.
|
2010
2076
|
#
|
2011
|
-
# A policy can also be applied by sharing a private CA through
|
2012
|
-
# Resource Access Manager (RAM). For more information, see
|
2013
|
-
# Policy for Cross-Account Access][1].
|
2077
|
+
# A policy can also be applied by sharing a private CA through Amazon
|
2078
|
+
# Web Services Resource Access Manager (RAM). For more information, see
|
2079
|
+
# [Attach a Policy for Cross-Account Access][1].
|
2014
2080
|
#
|
2015
2081
|
# The policy can be displayed with [GetPolicy][2] and removed with
|
2016
2082
|
# [DeletePolicy][3].
|
2017
2083
|
#
|
2018
2084
|
# **About Policies**
|
2019
2085
|
#
|
2020
|
-
# * A policy grants access on a private CA to an
|
2021
|
-
# to
|
2022
|
-
#
|
2023
|
-
#
|
2086
|
+
# * A policy grants access on a private CA to an Amazon Web Services
|
2087
|
+
# customer account, to Amazon Web Services Organizations, or to an
|
2088
|
+
# Amazon Web Services Organizations unit. Policies are under the
|
2089
|
+
# control of a CA administrator. For more information, see [Using a
|
2090
|
+
# Resource Based Policy with Amazon Web Services Private CA][4].
|
2024
2091
|
#
|
2025
|
-
# * A policy permits a user of
|
2026
|
-
#
|
2092
|
+
# * A policy permits a user of Certificate Manager (ACM) to issue ACM
|
2093
|
+
# certificates signed by a CA in another account.
|
2027
2094
|
#
|
2028
2095
|
# * For ACM to manage automatic renewal of these certificates, the ACM
|
2029
2096
|
# user must configure a Service Linked Role (SLR). The SLR allows the
|
2030
2097
|
# ACM service to assume the identity of the user, subject to
|
2031
|
-
# confirmation against the
|
2032
|
-
# information, see [Using a Service Linked Role with ACM][5].
|
2098
|
+
# confirmation against the Amazon Web Services Private CA policy. For
|
2099
|
+
# more information, see [Using a Service Linked Role with ACM][5].
|
2033
2100
|
#
|
2034
|
-
# * Updates made in
|
2035
|
-
# policies. For more information, see [Attach a Policy
|
2036
|
-
# Cross-Account Access][1].
|
2101
|
+
# * Updates made in Amazon Web Services Resource Manager (RAM) are
|
2102
|
+
# reflected in policies. For more information, see [Attach a Policy
|
2103
|
+
# for Cross-Account Access][1].
|
2037
2104
|
#
|
2038
2105
|
#
|
2039
2106
|
#
|
@@ -2138,26 +2205,28 @@ module Aws::ACMPCA
|
|
2138
2205
|
req.send_request(options)
|
2139
2206
|
end
|
2140
2207
|
|
2141
|
-
# Revokes a certificate that was issued inside
|
2142
|
-
# enable a certificate revocation list (CRL) when you
|
2143
|
-
# your private CA, information about the revoked
|
2144
|
-
# included in the CRL.
|
2145
|
-
# that you specify. A CRL is typically
|
2146
|
-
# after a certificate is revoked. If
|
2147
|
-
#
|
2148
|
-
#
|
2149
|
-
#
|
2150
|
-
#
|
2208
|
+
# Revokes a certificate that was issued inside Amazon Web Services
|
2209
|
+
# Private CA. If you enable a certificate revocation list (CRL) when you
|
2210
|
+
# create or update your private CA, information about the revoked
|
2211
|
+
# certificates will be included in the CRL. Amazon Web Services Private
|
2212
|
+
# CA writes the CRL to an S3 bucket that you specify. A CRL is typically
|
2213
|
+
# updated approximately 30 minutes after a certificate is revoked. If
|
2214
|
+
# for any reason the CRL update fails, Amazon Web Services Private CA
|
2215
|
+
# attempts makes further attempts every 15 minutes. With Amazon
|
2216
|
+
# CloudWatch, you can create alarms for the metrics `CRLGenerated` and
|
2217
|
+
# `MisconfiguredCRLBucket`. For more information, see [Supported
|
2218
|
+
# CloudWatch Metrics][1].
|
2151
2219
|
#
|
2152
2220
|
# <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
|
2153
2221
|
# bucket that you specify. If the IAM principal making the call does not
|
2154
2222
|
# have permission to write to the bucket, then an exception is thrown.
|
2155
|
-
# For more information, see [
|
2223
|
+
# For more information, see [Access policies for CRLs in Amazon S3][2].
|
2156
2224
|
#
|
2157
2225
|
# </note>
|
2158
2226
|
#
|
2159
|
-
#
|
2160
|
-
# For more information, see
|
2227
|
+
# Amazon Web Services Private CA also writes revocation information to
|
2228
|
+
# the audit report. For more information, see
|
2229
|
+
# [CreateCertificateAuthorityAuditReport][3].
|
2161
2230
|
#
|
2162
2231
|
# <note markdown="1"> You cannot revoke a root CA self-signed certificate.
|
2163
2232
|
#
|
@@ -2166,7 +2235,7 @@ module Aws::ACMPCA
|
|
2166
2235
|
#
|
2167
2236
|
#
|
2168
2237
|
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCloudWatch.html
|
2169
|
-
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/
|
2238
|
+
# [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
|
2170
2239
|
# [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
|
2171
2240
|
#
|
2172
2241
|
# @option params [required, String] :certificate_authority_arn
|
@@ -2188,7 +2257,7 @@ module Aws::ACMPCA
|
|
2188
2257
|
# `openssl x509 -in file_path -text -noout`
|
2189
2258
|
#
|
2190
2259
|
# You can also copy the serial number from the console or use the
|
2191
|
-
# [DescribeCertificate][2] action in the *
|
2260
|
+
# [DescribeCertificate][2] action in the *Certificate Manager API
|
2192
2261
|
# Reference*.
|
2193
2262
|
#
|
2194
2263
|
#
|
@@ -2219,15 +2288,15 @@ module Aws::ACMPCA
|
|
2219
2288
|
end
|
2220
2289
|
|
2221
2290
|
# Adds one or more tags to your private CA. Tags are labels that you can
|
2222
|
-
# use to identify and organize your
|
2223
|
-
# a key and an optional value. You specify the private
|
2224
|
-
# its Amazon Resource Name (ARN). You specify the tag by
|
2225
|
-
# key-value pair. You can apply a tag to just one private CA if
|
2226
|
-
# to identify a specific characteristic of that CA, or you can
|
2227
|
-
# same tag to multiple private CAs if you want to filter for a
|
2228
|
-
# relationship among those CAs. To remove one or more tags, use
|
2229
|
-
# [UntagCertificateAuthority][1] action. Call the [ListTags][2]
|
2230
|
-
# to see what tags are associated with your CA.
|
2291
|
+
# use to identify and organize your Amazon Web Services resources. Each
|
2292
|
+
# tag consists of a key and an optional value. You specify the private
|
2293
|
+
# CA on input by its Amazon Resource Name (ARN). You specify the tag by
|
2294
|
+
# using a key-value pair. You can apply a tag to just one private CA if
|
2295
|
+
# you want to identify a specific characteristic of that CA, or you can
|
2296
|
+
# apply the same tag to multiple private CAs if you want to filter for a
|
2297
|
+
# common relationship among those CAs. To remove one or more tags, use
|
2298
|
+
# the [UntagCertificateAuthority][1] action. Call the [ListTags][2]
|
2299
|
+
# action to see what tags are associated with your CA.
|
2231
2300
|
#
|
2232
2301
|
#
|
2233
2302
|
#
|
@@ -2330,13 +2399,13 @@ module Aws::ACMPCA
|
|
2330
2399
|
# <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
|
2331
2400
|
# bucket that you specify. If the IAM principal making the call does not
|
2332
2401
|
# have permission to write to the bucket, then an exception is thrown.
|
2333
|
-
# For more information, see [
|
2402
|
+
# For more information, see [Access policies for CRLs in Amazon S3][1].
|
2334
2403
|
#
|
2335
2404
|
# </note>
|
2336
2405
|
#
|
2337
2406
|
#
|
2338
2407
|
#
|
2339
|
-
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/
|
2408
|
+
# [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
|
2340
2409
|
#
|
2341
2410
|
# @option params [required, String] :certificate_authority_arn
|
2342
2411
|
# Amazon Resource Name (ARN) of the private CA that issued the
|
@@ -2404,7 +2473,7 @@ module Aws::ACMPCA
|
|
2404
2473
|
params: params,
|
2405
2474
|
config: config)
|
2406
2475
|
context[:gem_name] = 'aws-sdk-acmpca'
|
2407
|
-
context[:gem_version] = '1.
|
2476
|
+
context[:gem_version] = '1.47.0'
|
2408
2477
|
Seahorse::Client::Request.new(handlers, context)
|
2409
2478
|
end
|
2410
2479
|
|