aws-sdk-acmpca 1.44.0 → 1.47.0

data/lib/aws-sdk-acmpca/types.rb

@@ -35,6 +35,12 @@ module Aws::ACMPCA
     #         initials: "String5",
     #         pseudonym: "String128",
     #         generation_qualifier: "String3",
+    #         custom_attributes: [
+    #           {
+    #             object_identifier: "CustomObjectIdentifier", # required
+    #             value: "String1To256", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] country
@@ -110,6 +116,22 @@ module Aws::ACMPCA
     #   Examples include Jr. for junior, Sr. for senior, and III for third.
     #   @return [String]
     #
+    # @!attribute [rw] custom_attributes
+    #   Contains a sequence of one or more X.500 relative distinguished
+    #   names (RDNs), each of which consists of an object identifier (OID)
+    #   and a value. For more information, see NIST’s definition of [Object
+    #   Identifier (OID)][1].
+    #
+    #   <note markdown="1"> Custom attributes cannot be used in combination with standard
+    #   attributes.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
+    #   @return [Array<Types::CustomAttribute>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ASN1Subject AWS API Documentation
     #
     class ASN1Subject < Struct.new(
@@ -126,7 +148,8 @@ module Aws::ACMPCA
       :given_name,
       :initials,
       :pseudonym,
-      :generation_qualifier)
+      :generation_qualifier,
+      :custom_attributes)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -136,7 +159,7 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://tools.ietf.org/html/rfc5280
+    # [1]: https://datatracker.ietf.org/doc/html/rfc5280
     #
     # @note When making an API call, you may pass AccessDescription
     #   data as a hash:
@@ -168,6 +191,12 @@ module Aws::ACMPCA
     #             initials: "String5",
     #             pseudonym: "String128",
     #             generation_qualifier: "String3",
+    #             custom_attributes: [
+    #               {
+    #                 object_identifier: "CustomObjectIdentifier", # required
+    #                 value: "String1To256", # required
+    #               },
+    #             ],
     #           },
     #           edi_party_name: {
     #             party_name: "String256", # required
@@ -236,8 +265,8 @@ module Aws::ACMPCA
     # variant must be selected, or else this parameter is ignored.
     #
     # If conflicting or duplicate certificate information is supplied from
-    # other sources, ACM Private CA applies [order of operation rules][1] to
-    # determine what information is used.
+    # other sources, Amazon Web Services Private CA applies [order of
+    # operation rules][1] to determine what information is used.
     #
     #
     #
@@ -301,6 +330,12 @@ module Aws::ACMPCA
     #                 initials: "String5",
     #                 pseudonym: "String128",
     #                 generation_qualifier: "String3",
+    #                 custom_attributes: [
+    #                   {
+    #                     object_identifier: "CustomObjectIdentifier", # required
+    #                     value: "String1To256", # required
+    #                   },
+    #                 ],
     #               },
     #               edi_party_name: {
     #                 party_name: "String256", # required
@@ -311,6 +346,13 @@ module Aws::ACMPCA
     #               registered_id: "CustomObjectIdentifier",
     #             },
     #           ],
+    #           custom_extensions: [
+    #             {
+    #               object_identifier: "CustomObjectIdentifier", # required
+    #               value: "Base64String1To4096", # required
+    #               critical: false,
+    #             },
+    #           ],
     #         },
     #         subject: {
     #           country: "CountryCodeString",
@@ -327,6 +369,12 @@ module Aws::ACMPCA
     #           initials: "String5",
     #           pseudonym: "String128",
     #           generation_qualifier: "String3",
+    #           custom_attributes: [
+    #             {
+    #               object_identifier: "CustomObjectIdentifier", # required
+    #               value: "String1To256", # required
+    #             },
+    #           ],
     #         },
     #       }
     #
@@ -361,10 +409,10 @@ module Aws::ACMPCA
     # [CreateCertificateAuthority][1] action to create your private CA. You
     # must then call the [GetCertificateAuthorityCertificate][2] action to
     # retrieve a private CA certificate signing request (CSR). Sign the CSR
-    # with your ACM Private CA-hosted or on-premises root or subordinate CA
-    # certificate. Call the [ImportCertificateAuthorityCertificate][3]
-    # action to import the signed certificate into AWS Certificate Manager
-    # (ACM).
+    # with your Amazon Web Services Private CA-hosted or on-premises root or
+    # subordinate CA certificate. Call the
+    # [ImportCertificateAuthorityCertificate][3] action to import the signed
+    # certificate into Certificate Manager (ACM).
     #
     #
     #
@@ -378,7 +426,8 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] owner_account
-    #   The AWS account ID that owns the certificate authority.
+    #   The Amazon Web Services account ID that owns the certificate
+    #   authority.
     #   @return [String]
     #
     # @!attribute [rw] created_at
@@ -439,7 +488,7 @@ module Aws::ACMPCA
     #
     #   Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER
     #
-    #   Note: AWS Region ap-northeast-3 supports only
+    #   Note: Amazon Web Services Region ap-northeast-3 supports only
     #   FIPS\_140\_2\_LEVEL\_2\_OR\_HIGHER. You must explicitly specify this
     #   parameter and value when creating a CA in that Region. Specifying a
     #   different value (or no value) results in an `InvalidArgsException`
@@ -501,6 +550,12 @@ module Aws::ACMPCA
     #           initials: "String5",
     #           pseudonym: "String128",
     #           generation_qualifier: "String3",
+    #           custom_attributes: [
+    #             {
+    #               object_identifier: "CustomObjectIdentifier", # required
+    #               value: "String1To256", # required
+    #             },
+    #           ],
     #         },
     #         csr_extensions: {
     #           key_usage: {
@@ -542,6 +597,12 @@ module Aws::ACMPCA
     #                   initials: "String5",
     #                   pseudonym: "String128",
     #                   generation_qualifier: "String3",
+    #                   custom_attributes: [
+    #                     {
+    #                       object_identifier: "CustomObjectIdentifier", # required
+    #                       value: "String1To256", # required
+    #                     },
+    #                   ],
     #                 },
     #                 edi_party_name: {
     #                   party_name: "String256", # required
@@ -695,6 +756,12 @@ module Aws::ACMPCA
     #             initials: "String5",
     #             pseudonym: "String128",
     #             generation_qualifier: "String3",
+    #             custom_attributes: [
+    #               {
+    #                 object_identifier: "CustomObjectIdentifier", # required
+    #                 value: "String1To256", # required
+    #               },
+    #             ],
     #           },
     #           csr_extensions: {
     #             key_usage: {
@@ -736,6 +803,12 @@ module Aws::ACMPCA
     #                     initials: "String5",
     #                     pseudonym: "String128",
     #                     generation_qualifier: "String3",
+    #                     custom_attributes: [
+    #                       {
+    #                         object_identifier: "CustomObjectIdentifier", # required
+    #                         value: "String1To256", # required
+    #                       },
+    #                     ],
     #                   },
     #                   edi_party_name: {
     #                     party_name: "String256", # required
@@ -801,11 +874,11 @@ module Aws::ACMPCA
     #   **CreateCertificateAuthority** action. Idempotency tokens for
     #   **CreateCertificateAuthority** time out after five minutes.
     #   Therefore, if you call **CreateCertificateAuthority** multiple times
-    #   with the same idempotency token within five minutes, ACM Private CA
-    #   recognizes that you are requesting only certificate authority and
-    #   will issue only one. If you change the idempotency token for each
-    #   call, PCA recognizes that you are requesting multiple certificate
-    #   authorities.
+    #   with the same idempotency token within five minutes, Amazon Web
+    #   Services Private CA recognizes that you are requesting only
+    #   certificate authority and will issue only one. If you change the
+    #   idempotency token for each call, PCA recognizes that you are
+    #   requesting multiple certificate authorities.
     #   @return [String]
     #
     # @!attribute [rw] key_storage_security_standard
@@ -888,8 +961,9 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] principal
-    #   The AWS service or identity that receives the permission. At this
-    #   time, the only valid principal is `acm.amazonaws.com`.
+    #   The Amazon Web Services service or identity that receives the
+    #   permission. At this time, the only valid principal is
+    #   `acm.amazonaws.com`.
     #   @return [String]
     #
     # @!attribute [rw] source_account
@@ -897,8 +971,9 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] actions
-    #   The actions that the specified AWS service principal can use. These
-    #   include `IssueCertificate`, `GetCertificate`, and `ListPermissions`.
+    #   The actions that the specified Amazon Web Services service principal
+    #   can use. These include `IssueCertificate`, `GetCertificate`, and
+    #   `ListPermissions`.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermissionRequest AWS API Documentation
@@ -921,21 +996,22 @@ module Aws::ACMPCA
     # specifying a value for the **CustomCname** parameter. Your private CA
     # copies the CNAME or the S3 bucket name to the **CRL Distribution
     # Points** extension of each certificate it issues. Your S3 bucket
-    # policy must give write permission to ACM Private CA.
+    # policy must give write permission to Amazon Web Services Private CA.
     #
-    # ACM Private CA assets that are stored in Amazon S3 can be protected
-    # with encryption. For more information, see [Encrypting Your CRLs][1].
+    # Amazon Web Services Private CA assets that are stored in Amazon S3 can
+    # be protected with encryption. For more information, see [Encrypting
+    # Your CRLs][1].
     #
     # Your private CA uses the value in the **ExpirationInDays** parameter
     # to calculate the **nextUpdate** field in the CRL. The CRL is refreshed
-    # at 1/2 the age of next update or when a certificate is revoked. When a
-    # certificate is revoked, it is recorded in the next CRL that is
-    # generated and in the next audit report. Only time valid certificates
-    # are listed in the CRL. Expired certificates are not included.
+    # prior to a certificate's expiration date or when a certificate is
+    # revoked. When a certificate is revoked, it appears in the CRL until
+    # the certificate expires, and then in one additional CRL after
+    # expiration, and it always appears in the audit report.
     #
     # A CRL is typically updated approximately 30 minutes after a
-    # certificate is revoked. If for any reason a CRL update fails, ACM
-    # Private CA makes further attempts every 15 minutes.
+    # certificate is revoked. If for any reason a CRL update fails, Amazon
+    # Web Services Private CA makes further attempts every 15 minutes.
     #
     # CRLs contain the following fields:
     #
@@ -979,14 +1055,15 @@ module Aws::ACMPCA
     #
     # * **Signature Value**\: Signature computed over the CRL.
     #
-    # Certificate revocation lists created by ACM Private CA are
-    # DER-encoded. You can use the following OpenSSL command to list a CRL.
+    # Certificate revocation lists created by Amazon Web Services Private CA
+    # are DER-encoded. You can use the following OpenSSL command to list a
+    # CRL.
     #
     # `openssl crl -inform DER -text -in crl_path -noout`
     #
     # For more information, see [Planning a certificate revocation list
-    # (CRL)][2] in the *AWS Certificate Manager Private Certificate
-    # Authority (PCA) User Guide*
+    # (CRL)][2] in the *Amazon Web Services Private Certificate Authority
+    # User Guide*
     #
     #
     #
@@ -1034,8 +1111,8 @@ module Aws::ACMPCA
     #   is placed into the **CRL Distribution Points** extension of the
     #   issued certificate. You can change the name of your bucket by
     #   calling the [UpdateCertificateAuthority][1] operation. You must
-    #   specify a [bucket policy][2] that allows ACM Private CA to write the
-    #   CRL to your bucket.
+    #   specify a [bucket policy][2] that allows Amazon Web Services Private
+    #   CA to write the CRL to your bucket.
     #
     #
     #
@@ -1127,6 +1204,12 @@ module Aws::ACMPCA
     #                 initials: "String5",
     #                 pseudonym: "String128",
     #                 generation_qualifier: "String3",
+    #                 custom_attributes: [
+    #                   {
+    #                     object_identifier: "CustomObjectIdentifier", # required
+    #                     value: "String1To256", # required
+    #                   },
+    #                 ],
     #               },
     #               edi_party_name: {
     #                 party_name: "String256", # required
@@ -1152,7 +1235,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://tools.ietf.org/html/rfc5280#section-4.2.2.2
+    #   [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.2
     #   @return [Array<Types::AccessDescription>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CsrExtensions AWS API Documentation
@@ -1164,6 +1247,79 @@ module Aws::ACMPCA
       include Aws::Structure
     end
 
+    # Defines the X.500 relative distinguished name (RDN).
+    #
+    # @note When making an API call, you may pass CustomAttribute
+    #   data as a hash:
+    #
+    #       {
+    #         object_identifier: "CustomObjectIdentifier", # required
+    #         value: "String1To256", # required
+    #       }
+    #
+    # @!attribute [rw] object_identifier
+    #   Specifies the object identifier (OID) of the attribute type of the
+    #   relative distinguished name (RDN).
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   Specifies the attribute value of relative distinguished name (RDN).
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CustomAttribute AWS API Documentation
+    #
+    class CustomAttribute < Struct.new(
+      :object_identifier,
+      :value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Specifies the X.509 extension information for a certificate.
+    #
+    # Extensions present in `CustomExtensions` follow the `ApiPassthrough`
+    # [template rules][1].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
+    #
+    # @note When making an API call, you may pass CustomExtension
+    #   data as a hash:
+    #
+    #       {
+    #         object_identifier: "CustomObjectIdentifier", # required
+    #         value: "Base64String1To4096", # required
+    #         critical: false,
+    #       }
+    #
+    # @!attribute [rw] object_identifier
+    #   Specifies the object identifier (OID) of the X.509 extension. For
+    #   more information, see the [Global OID reference database.][1]
+    #
+    #
+    #
+    #   [1]: https://oidref.com/2.5.29
+    #   @return [String]
+    #
+    # @!attribute [rw] value
+    #   Specifies the base64-encoded value of the X.509 extension.
+    #   @return [String]
+    #
+    # @!attribute [rw] critical
+    #   Specifies the critical flag of the X.509 extension.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CustomExtension AWS API Documentation
+    #
+    class CustomExtension < Struct.new(
+      :object_identifier,
+      :value,
+      :critical)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteCertificateAuthorityRequest
     #   data as a hash:
     #
@@ -1223,13 +1379,13 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] principal
-    #   The AWS service or identity that will have its CA permissions
-    #   revoked. At this time, the only valid service principal is
-    #   `acm.amazonaws.com`
+    #   The Amazon Web Services service or identity that will have its CA
+    #   permissions revoked. At this time, the only valid service principal
+    #   is `acm.amazonaws.com`
     #   @return [String]
     #
     # @!attribute [rw] source_account
-    #   The AWS account that calls this action.
+    #   The Amazon Web Services account that calls this action.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermissionRequest AWS API Documentation
@@ -1381,7 +1537,7 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://tools.ietf.org/html/rfc5280
+    # [1]: https://datatracker.ietf.org/doc/html/rfc5280
     #
     # @note When making an API call, you may pass EdiPartyName
     #   data as a hash:
@@ -1426,7 +1582,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://tools.ietf.org/html/rfc5280#section-4.2.1.12
+    #   [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.12
     #   @return [String]
     #
     # @!attribute [rw] extended_key_usage_object_identifier
@@ -1502,6 +1658,12 @@ module Aws::ACMPCA
     #               initials: "String5",
     #               pseudonym: "String128",
     #               generation_qualifier: "String3",
+    #               custom_attributes: [
+    #                 {
+    #                   object_identifier: "CustomObjectIdentifier", # required
+    #                   value: "String1To256", # required
+    #                 },
+    #               ],
     #             },
     #             edi_party_name: {
     #               party_name: "String256", # required
@@ -1512,6 +1674,13 @@ module Aws::ACMPCA
     #             registered_id: "CustomObjectIdentifier",
     #           },
     #         ],
+    #         custom_extensions: [
+    #           {
+    #             object_identifier: "CustomObjectIdentifier", # required
+    #             value: "Base64String1To4096", # required
+    #             critical: false,
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] certificate_policies
@@ -1548,13 +1717,31 @@ module Aws::ACMPCA
     #   the certificate.
     #   @return [Array<Types::GeneralName>]
     #
+    # @!attribute [rw] custom_extensions
+    #   Contains a sequence of one or more X.509 extensions, each of which
+    #   consists of an object identifier (OID), a base64-encoded value, and
+    #   the critical flag. For more information, see the [Global OID
+    #   reference database.][1]
+    #
+    #   <note markdown="1"> The OID value of a [CustomExtension][2] must not match the OID of a
+    #   predefined extension.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://oidref.com/2.5.29
+    #   [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CustomExtension.html
+    #   @return [Array<Types::CustomExtension>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Extensions AWS API Documentation
     #
     class Extensions < Struct.new(
       :certificate_policies,
       :extended_key_usage,
       :key_usage,
-      :subject_alternative_names)
+      :subject_alternative_names,
+      :custom_extensions)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1565,7 +1752,7 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://tools.ietf.org/html/rfc5280
+    # [1]: https://datatracker.ietf.org/doc/html/rfc5280
     #
     # @note When making an API call, you may pass GeneralName
     #   data as a hash:
@@ -1592,6 +1779,12 @@ module Aws::ACMPCA
     #           initials: "String5",
     #           pseudonym: "String128",
     #           generation_qualifier: "String3",
+    #           custom_attributes: [
+    #             {
+    #               object_identifier: "CustomObjectIdentifier", # required
+    #               value: "String1To256", # required
+    #             },
+    #           ],
     #         },
     #         edi_party_name: {
     #           party_name: "String256", # required
@@ -1611,7 +1804,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://tools.ietf.org/html/rfc822
+    #   [1]: https://datatracker.ietf.org/doc/html/rfc822
     #   @return [String]
     #
     # @!attribute [rw] dns_name
@@ -1861,9 +2054,9 @@ module Aws::ACMPCA
     # @!attribute [rw] certificate_chain
     #   A PEM-encoded file that contains all of your certificates, other
     #   than the certificate you're importing, chaining up to your root CA.
-    #   Your ACM Private CA-hosted or on-premises root certificate is the
-    #   last in the chain, and each certificate in the chain signs the one
-    #   preceding.
+    #   Your Amazon Web Services Private CA-hosted or on-premises root
+    #   certificate is the last in the chain, and each certificate in the
+    #   chain signs the one preceding.
     #
     #   This parameter must be supplied when you import a subordinate CA.
     #   When you import a root CA, there is no chain.
@@ -2043,6 +2236,12 @@ module Aws::ACMPCA
     #                   initials: "String5",
     #                   pseudonym: "String128",
     #                   generation_qualifier: "String3",
+    #                   custom_attributes: [
+    #                     {
+    #                       object_identifier: "CustomObjectIdentifier", # required
+    #                       value: "String1To256", # required
+    #                     },
+    #                   ],
     #                 },
     #                 edi_party_name: {
     #                   party_name: "String256", # required
@@ -2053,6 +2252,13 @@ module Aws::ACMPCA
     #                 registered_id: "CustomObjectIdentifier",
     #               },
     #             ],
+    #             custom_extensions: [
+    #               {
+    #                 object_identifier: "CustomObjectIdentifier", # required
+    #                 value: "Base64String1To4096", # required
+    #                 critical: false,
+    #               },
+    #             ],
     #           },
     #           subject: {
     #             country: "CountryCodeString",
@@ -2069,6 +2275,12 @@ module Aws::ACMPCA
     #             initials: "String5",
     #             pseudonym: "String128",
     #             generation_qualifier: "String3",
+    #             custom_attributes: [
+    #               {
+    #                 object_identifier: "CustomObjectIdentifier", # required
+    #                 value: "String1To256", # required
+    #               },
+    #             ],
     #           },
     #         },
     #         certificate_authority_arn: "Arn", # required
@@ -2094,8 +2306,8 @@ module Aws::ACMPCA
     #   Certificate Templates][1].
     #
     #   If conflicting or duplicate certificate information is supplied
-    #   during certificate issuance, ACM Private CA applies [order of
-    #   operation rules][2] to determine what information is used.
+    #   during certificate issuance, Amazon Web Services Private CA applies
+    #   [order of operation rules][2] to determine what information is used.
     #
     #
     #
@@ -2128,7 +2340,7 @@ module Aws::ACMPCA
     #   contains your X509 version 3 extensions.
     #
     #   `openssl req -new -config openssl_rsa.cnf -extensions usr_cert
-    #   -newkey rsa:2048 -days -365 -keyout private/test_cert_priv_key.pem
+    #   -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem
     #   -out csr/test_cert_.csr`
     #
     #   Note: A CSR must provide either a *subject name* or a *subject
@@ -2142,21 +2354,26 @@ module Aws::ACMPCA
     #   This parameter should not be confused with the `SigningAlgorithm`
     #   parameter used to sign a CSR in the `CreateCertificateAuthority`
     #   action.
+    #
+    #   <note markdown="1"> The specified signing algorithm family (RSA or ECDSA) much match the
+    #   algorithm family of the CA's secret key.
+    #
+    #    </note>
     #   @return [String]
     #
     # @!attribute [rw] template_arn
     #   Specifies a custom configuration template to use when issuing a
-    #   certificate. If this parameter is not provided, ACM Private CA
-    #   defaults to the `EndEntityCertificate/V1` template. For CA
-    #   certificates, you should choose the shortest path length that meets
-    #   your needs. The path length is indicated by the PathLen*N* portion
-    #   of the ARN, where *N* is the [CA depth][1].
+    #   certificate. If this parameter is not provided, Amazon Web Services
+    #   Private CA defaults to the `EndEntityCertificate/V1` template. For
+    #   CA certificates, you should choose the shortest path length that
+    #   meets your needs. The path length is indicated by the PathLen*N*
+    #   portion of the ARN, where *N* is the [CA depth][1].
     #
     #   Note: The CA depth configured on a subordinate CA certificate must
     #   not exceed the limit set by its parents in the CA hierarchy.
     #
-    #   For a list of `TemplateArn` values supported by ACM Private CA, see
-    #   [Understanding Certificate Templates][2].
+    #   For a list of `TemplateArn` values supported by Amazon Web Services
+    #   Private CA, see [Understanding Certificate Templates][2].
     #
     #
     #
@@ -2185,7 +2402,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
+    #   [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
     #   @return [Types::Validity]
     #
     # @!attribute [rw] validity_not_before
@@ -2193,11 +2410,11 @@ module Aws::ACMPCA
     #   certificate. This parameter sets the “Not Before" date for the
     #   certificate.
     #
-    #   By default, when issuing a certificate, ACM Private CA sets the
-    #   "Not Before" date to the issuance time minus 60 minutes. This
-    #   compensates for clock inconsistencies across computer systems. The
-    #   `ValidityNotBefore` parameter can be used to customize the “Not
-    #   Before” value.
+    #   By default, when issuing a certificate, Amazon Web Services Private
+    #   CA sets the "Not Before" date to the issuance time minus 60
+    #   minutes. This compensates for clock inconsistencies across computer
+    #   systems. The `ValidityNotBefore` parameter can be used to customize
+    #   the “Not Before” value.
     #
     #   Unlike the `Validity` parameter, the `ValidityNotBefore` parameter
     #   is optional.
@@ -2210,7 +2427,7 @@ module Aws::ACMPCA
     #
     #
     #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_Validity.html
-    #   [2]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
+    #   [2]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
     #   @return [Types::Validity]
     #
     # @!attribute [rw] idempotency_token
@@ -2218,10 +2435,10 @@ module Aws::ACMPCA
     #   the **IssueCertificate** action. Idempotency tokens for
     #   **IssueCertificate** time out after one minute. Therefore, if you
     #   call **IssueCertificate** multiple times with the same idempotency
-    #   token within one minute, ACM Private CA recognizes that you are
-    #   requesting only one certificate and will issue only one. If you
-    #   change the idempotency token for each call, PCA recognizes that you
-    #   are requesting multiple certificates.
+    #   token within one minute, Amazon Web Services Private CA recognizes
+    #   that you are requesting only one certificate and will issue only
+    #   one. If you change the idempotency token for each call, PCA
+    #   recognizes that you are requesting multiple certificates.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificateRequest AWS API Documentation
@@ -2325,8 +2542,8 @@ module Aws::ACMPCA
       include Aws::Structure
     end
 
-    # An ACM Private CA quota has been exceeded. See the exception message
-    # returned to determine the quota that was exceeded.
+    # An Amazon Web Services Private CA quota has been exceeded. See the
+    # exception message returned to determine the quota that was exceeded.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -2588,17 +2805,17 @@ module Aws::ACMPCA
     #   @return [Boolean]
     #
     # @!attribute [rw] ocsp_custom_cname
-    #   By default, ACM Private CA injects an AWS domain into certificates
-    #   being validated by the Online Certificate Status Protocol (OCSP). A
-    #   customer can alternatively use this object to define a CNAME
-    #   specifying a customized OCSP domain.
+    #   By default, Amazon Web Services Private CA injects an Amazon Web
+    #   Services domain into certificates being validated by the Online
+    #   Certificate Status Protocol (OCSP). A customer can alternatively use
+    #   this object to define a CNAME specifying a customized OCSP domain.
     #
     #   Note: The value of the CNAME must not include a protocol prefix such
     #   as "http://" or "https://".
     #
     #   For more information, see [Customizing Online Certificate Status
-    #   Protocol (OCSP) ][1] in the *AWS Certificate Manager Private
-    #   Certificate Authority (PCA) User Guide*.
+    #   Protocol (OCSP) ][1] in the *Amazon Web Services Private Certificate
+    #   Authority User Guide*.
     #
     #
     #
@@ -2649,12 +2866,13 @@ module Aws::ACMPCA
     end
 
     # Permissions designate which private CA actions can be performed by an
-    # AWS service or entity. In order for ACM to automatically renew private
-    # certificates, you must give the ACM service principal all available
-    # permissions (`IssueCertificate`, `GetCertificate`, and
-    # `ListPermissions`). Permissions can be assigned with the
-    # [CreatePermission][1] action, removed with the [DeletePermission][2]
-    # action, and listed with the [ListPermissions][3] action.
+    # Amazon Web Services service or entity. In order for ACM to
+    # automatically renew private certificates, you must give the ACM
+    # service principal all available permissions (`IssueCertificate`,
+    # `GetCertificate`, and `ListPermissions`). Permissions can be assigned
+    # with the [CreatePermission][1] action, removed with the
+    # [DeletePermission][2] action, and listed with the [ListPermissions][3]
+    # action.
     #
     #
     #
@@ -2672,8 +2890,8 @@ module Aws::ACMPCA
     #   @return [Time]
     #
     # @!attribute [rw] principal
-    #   The AWS service or entity that holds the permission. At this time,
-    #   the only valid principal is `acm.amazonaws.com`.
+    #   The Amazon Web Services service or entity that holds the permission.
+    #   At this time, the only valid principal is `acm.amazonaws.com`.
     #   @return [String]
     #
     # @!attribute [rw] source_account
@@ -2681,8 +2899,8 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] actions
-    #   The private CA actions that can be performed by the designated AWS
-    #   service.
+    #   The private CA actions that can be performed by the designated
+    #   Amazon Web Services service.
     #   @return [Array<String>]
     #
     # @!attribute [rw] policy
@@ -2743,8 +2961,9 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] policy_qualifiers
-    #   Modifies the given `CertPolicyId` with a qualifier. ACM Private CA
-    #   supports the certification practice statement (CPS) qualifier.
+    #   Modifies the given `CertPolicyId` with a qualifier. Amazon Web
+    #   Services Private CA supports the certification practice statement
+    #   (CPS) qualifier.
     #   @return [Array<Types::PolicyQualifierInfo>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PolicyInformation AWS API Documentation
@@ -2757,8 +2976,8 @@ module Aws::ACMPCA
     end
 
     # Modifies the `CertPolicyId` of a `PolicyInformation` object with a
-    # qualifier. ACM Private CA supports the certification practice
-    # statement (CPS) qualifier.
+    # qualifier. Amazon Web Services Private CA supports the certification
+    # practice statement (CPS) qualifier.
     #
     # @note When making an API call, you may pass PolicyQualifierInfo
     #   data as a hash:
@@ -2775,8 +2994,8 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] qualifier
-    #   Defines the qualifier type. ACM Private CA supports the use of a URI
-    #   for a CPS qualifier in this field.
+    #   Defines the qualifier type. Amazon Web Services Private CA supports
+    #   the use of a URI for a CPS qualifier in this field.
     #   @return [Types::Qualifier]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PolicyQualifierInfo AWS API Documentation
@@ -2830,13 +3049,13 @@ module Aws::ACMPCA
       include Aws::Structure
     end
 
-    # Defines a `PolicyInformation` qualifier. ACM Private CA supports the
-    # [certification practice statement (CPS) qualifier][1] defined in RFC
-    # 5280.
+    # Defines a `PolicyInformation` qualifier. Amazon Web Services Private
+    # CA supports the [certification practice statement (CPS) qualifier][1]
+    # defined in RFC 5280.
     #
     #
     #
-    # [1]: https://tools.ietf.org/html/rfc5280#section-4.2.1.4
+    # [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
     #
     # @note When making an API call, you may pass Qualifier
     #   data as a hash:
@@ -2946,8 +3165,8 @@ module Aws::ACMPCA
     # about certificates as requested by clients, and a CRL contains an
     # updated list of certificates revoked by your CA. For more information,
     # see [RevokeCertificate][3] and [Setting up a certificate revocation
-    # method][4] in the *AWS Certificate Manager Private Certificate
-    # Authority (PCA) User Guide*.
+    # method][4] in the *Amazon Web Services Private Certificate Authority
+    # User Guide*.
     #
     #
     #
@@ -2977,8 +3196,8 @@ module Aws::ACMPCA
     #   Configuration of the certificate revocation list (CRL), if any,
     #   maintained by your private CA. A CRL is typically updated
     #   approximately 30 minutes after a certificate is revoked. If for any
-    #   reason a CRL update fails, ACM Private CA makes further attempts
-    #   every 15 minutes.
+    #   reason a CRL update fails, Amazon Web Services Private CA makes
+    #   further attempts every 15 minutes.
     #   @return [Types::CrlConfiguration]
     #
     # @!attribute [rw] ocsp_configuration
@@ -3026,7 +3245,7 @@ module Aws::ACMPCA
     #   `openssl x509 -in file_path -text -noout`
     #
     #   You can also copy the serial number from the console or use the
-    #   [DescribeCertificate][2] action in the *AWS Certificate Manager API
+    #   [DescribeCertificate][2] action in the *Certificate Manager API
     #   Reference*.
     #
     #
@@ -3238,16 +3457,16 @@ module Aws::ACMPCA
     # after issuance, stated in days, months, or years. For more
     # information, see [Validity][1] in RFC 5280.
     #
-    # ACM Private CA API consumes the `Validity` data type differently in
-    # two distinct parameters of the `IssueCertificate` action. The required
-    # parameter `IssueCertificate`\:`Validity` specifies the end of a
-    # certificate's validity period. The optional parameter
-    # `IssueCertificate`\:`ValidityNotBefore` specifies a customized
-    # starting time for the validity period.
+    # Amazon Web Services Private CA API consumes the `Validity` data type
+    # differently in two distinct parameters of the `IssueCertificate`
+    # action. The required parameter `IssueCertificate`\:`Validity`
+    # specifies the end of a certificate's validity period. The optional
+    # parameter `IssueCertificate`\:`ValidityNotBefore` specifies a
+    # customized starting time for the validity period.
     #
     #
     #
-    # [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
+    # [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5
     #
     # @note When making an API call, you may pass Validity
     #   data as a hash:
@@ -3262,10 +3481,10 @@ module Aws::ACMPCA
     #   @return [Integer]
     #
     # @!attribute [rw] type
-    #   Determines how *ACM Private CA* interprets the `Value` parameter, an
-    #   integer. Supported validity types include those listed below. Type
-    #   definitions with values include a sample input value and the
-    #   resulting output.
+    #   Determines how *Amazon Web Services Private CA* interprets the
+    #   `Value` parameter, an integer. Supported validity types include
+    #   those listed below. Type definitions with values include a sample
+    #   input value and the resulting output.
     #
     #   `END_DATE`\: The specific date and time when the certificate will
     #   expire, expressed using UTCTime (YYMMDDHHMMSS) or GeneralizedTime