aws-sdk-acmpca 1.50.0 → 1.52.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -30,7 +30,7 @@ require 'aws-sdk-core/plugins/http_checksum.rb'
30
30
  require 'aws-sdk-core/plugins/checksum_algorithm.rb'
31
31
  require 'aws-sdk-core/plugins/defaults_mode.rb'
32
32
  require 'aws-sdk-core/plugins/recursion_detection.rb'
33
- require 'aws-sdk-core/plugins/signature_v4.rb'
33
+ require 'aws-sdk-core/plugins/sign.rb'
34
34
  require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
35
35
 
36
36
  Aws::Plugins::GlobalConfiguration.add_identifier(:acmpca)
@@ -79,8 +79,9 @@ module Aws::ACMPCA
79
79
  add_plugin(Aws::Plugins::ChecksumAlgorithm)
80
80
  add_plugin(Aws::Plugins::DefaultsMode)
81
81
  add_plugin(Aws::Plugins::RecursionDetection)
82
- add_plugin(Aws::Plugins::SignatureV4)
82
+ add_plugin(Aws::Plugins::Sign)
83
83
  add_plugin(Aws::Plugins::Protocols::JsonRpc)
84
+ add_plugin(Aws::ACMPCA::Plugins::Endpoints)
84
85
 
85
86
  # @overload initialize(options)
86
87
  # @param [Hash] options
@@ -297,6 +298,19 @@ module Aws::ACMPCA
297
298
  # ** Please note ** When response stubbing is enabled, no HTTP
298
299
  # requests are made, and retries are disabled.
299
300
  #
301
+ # @option options [Aws::TokenProvider] :token_provider
302
+ # A Bearer Token Provider. This can be an instance of any one of the
303
+ # following classes:
304
+ #
305
+ # * `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
306
+ # tokens.
307
+ #
308
+ # * `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
309
+ # access token generated from `aws login`.
310
+ #
311
+ # When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
312
+ # will be used to search for tokens configured for your profile in shared configuration files.
313
+ #
300
314
  # @option options [Boolean] :use_dualstack_endpoint
301
315
  # When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
302
316
  # will be used if available.
@@ -310,6 +324,9 @@ module Aws::ACMPCA
310
324
  # When `true`, request parameters are validated before
311
325
  # sending the request.
312
326
  #
327
+ # @option options [Aws::ACMPCA::EndpointProvider] :endpoint_provider
328
+ # The endpoint provider used to resolve endpoints. Any object that responds to `#resolve_endpoint(parameters)` where `parameters` is a Struct similar to `Aws::ACMPCA::EndpointParameters`
329
+ #
313
330
  # @option options [URI::HTTP,String] :http_proxy A proxy to send
314
331
  # requests through. Formatted like 'http://proxy.com:123'.
315
332
  #
@@ -376,20 +393,22 @@ module Aws::ACMPCA
376
393
  # CA. If successful, this action returns the Amazon Resource Name (ARN)
377
394
  # of the CA.
378
395
  #
379
- # ACM Private CA assets that are stored in Amazon S3 can be protected
380
- # with encryption. For more information, see [Encrypting Your CRLs][1].
381
- #
382
- # <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
383
- # bucket that you specify. If the IAM principal making the call does not
384
- # have permission to write to the bucket, then an exception is thrown.
385
- # For more information, see [Access policies for CRLs in Amazon S3][2].
396
+ # <note markdown="1"> Both Amazon Web Services Private CA and the IAM principal must have
397
+ # permission to write to the S3 bucket that you specify. If the IAM
398
+ # principal making the call does not have permission to write to the
399
+ # bucket, then an exception is thrown. For more information, see [Access
400
+ # policies for CRLs in Amazon S3][1].
386
401
  #
387
402
  # </note>
388
403
  #
404
+ # Amazon Web Services Private CA assets that are stored in Amazon S3 can
405
+ # be protected with encryption. For more information, see [Encrypting
406
+ # Your CRLs][2].
407
+ #
389
408
  #
390
409
  #
391
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption
392
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
410
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#s3-policies
411
+ # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption
393
412
  #
394
413
  # @option params [required, Types::CertificateAuthorityConfiguration] :certificate_authority_configuration
395
414
  # Name and bit size of the private key algorithm, the name of the
@@ -399,13 +418,35 @@ module Aws::ACMPCA
399
418
  # Contains information to enable Online Certificate Status Protocol
400
419
  # (OCSP) support, to enable a certificate revocation list (CRL), to
401
420
  # enable both, or to enable neither. The default is for both certificate
402
- # validation mechanisms to be disabled. For more information, see the
403
- # [OcspConfiguration][1] and [CrlConfiguration][2] types.
421
+ # validation mechanisms to be disabled.
422
+ #
423
+ # <note markdown="1"> The following requirements apply to revocation configurations.
424
+ #
425
+ # * A configuration disabling CRLs or OCSP must contain only the
426
+ # `Enabled=False` parameter, and will fail if other parameters such as
427
+ # `CustomCname` or `ExpirationInDays` are included.
428
+ #
429
+ # * In a CRL configuration, the `S3BucketName` parameter must conform to
430
+ # [Amazon S3 bucket naming rules][1].
431
+ #
432
+ # * A configuration containing a custom Canonical Name (CNAME) parameter
433
+ # for CRLs or OCSP must conform to [RFC2396][2] restrictions on the
434
+ # use of special characters in a CNAME.
435
+ #
436
+ # * In a CRL or OCSP configuration, the value of a CNAME parameter must
437
+ # not include a protocol prefix such as "http://" or "https://".
438
+ #
439
+ # </note>
440
+ #
441
+ # For more information, see the [OcspConfiguration][3] and
442
+ # [CrlConfiguration][4] types.
404
443
  #
405
444
  #
406
445
  #
407
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html
408
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
446
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
447
+ # [2]: https://www.ietf.org/rfc/rfc2396.txt
448
+ # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html
449
+ # [4]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
409
450
  #
410
451
  # @option params [required, String] :certificate_authority_type
411
452
  # The type of the certificate authority.
@@ -415,10 +456,11 @@ module Aws::ACMPCA
415
456
  # **CreateCertificateAuthority** action. Idempotency tokens for
416
457
  # **CreateCertificateAuthority** time out after five minutes. Therefore,
417
458
  # if you call **CreateCertificateAuthority** multiple times with the
418
- # same idempotency token within five minutes, ACM Private CA recognizes
419
- # that you are requesting only certificate authority and will issue only
420
- # one. If you change the idempotency token for each call, PCA recognizes
421
- # that you are requesting multiple certificate authorities.
459
+ # same idempotency token within five minutes, Amazon Web Services
460
+ # Private CA recognizes that you are requesting only certificate
461
+ # authority and will issue only one. If you change the idempotency token
462
+ # for each call, Amazon Web Services Private CA recognizes that you are
463
+ # requesting multiple certificate authorities.
422
464
  #
423
465
  # @option params [String] :key_storage_security_standard
424
466
  # Specifies a cryptographic key management compliance standard used for
@@ -553,13 +595,13 @@ module Aws::ACMPCA
553
595
  # crl_configuration: {
554
596
  # enabled: false, # required
555
597
  # expiration_in_days: 1,
556
- # custom_cname: "String253",
557
- # s3_bucket_name: "String3To255",
598
+ # custom_cname: "CnameString",
599
+ # s3_bucket_name: "S3BucketName3To255",
558
600
  # s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
559
601
  # },
560
602
  # ocsp_configuration: {
561
603
  # enabled: false, # required
562
- # ocsp_custom_cname: "String253",
604
+ # ocsp_custom_cname: "CnameString",
563
605
  # },
564
606
  # },
565
607
  # certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE
@@ -592,16 +634,17 @@ module Aws::ACMPCA
592
634
  # on input. The [IssueCertificate][1] and [RevokeCertificate][2] actions
593
635
  # use the private key.
594
636
  #
595
- # <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
596
- # bucket that you specify. If the IAM principal making the call does not
597
- # have permission to write to the bucket, then an exception is thrown.
598
- # For more information, see [Access policies for CRLs in Amazon S3][3].
637
+ # <note markdown="1"> Both Amazon Web Services Private CA and the IAM principal must have
638
+ # permission to write to the S3 bucket that you specify. If the IAM
639
+ # principal making the call does not have permission to write to the
640
+ # bucket, then an exception is thrown. For more information, see [Access
641
+ # policies for CRLs in Amazon S3][3].
599
642
  #
600
643
  # </note>
601
644
  #
602
- # ACM Private CA assets that are stored in Amazon S3 can be protected
603
- # with encryption. For more information, see [Encrypting Your Audit
604
- # Reports][4].
645
+ # Amazon Web Services Private CA assets that are stored in Amazon S3 can
646
+ # be protected with encryption. For more information, see [Encrypting
647
+ # Your Audit Reports][4].
605
648
  #
606
649
  # <note markdown="1"> You can generate a maximum of one report every 30 minutes.
607
650
  #
@@ -609,10 +652,10 @@ module Aws::ACMPCA
609
652
  #
610
653
  #
611
654
  #
612
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html
613
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html
614
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
615
- # [4]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuditReport.html#audit-report-encryption
655
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html
656
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html
657
+ # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#s3-policies
658
+ # [4]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaAuditReport.html#audit-report-encryption
616
659
  #
617
660
  # @option params [required, String] :certificate_authority_arn
618
661
  # The Amazon Resource Name (ARN) of the CA to be audited. This is of the
@@ -677,14 +720,14 @@ module Aws::ACMPCA
677
720
  # accounts, then permissions cannot be used to enable automatic
678
721
  # renewals. Instead, the ACM certificate owner must set up a
679
722
  # resource-based policy to enable cross-account issuance and renewals.
680
- # For more information, see [Using a Resource Based Policy with ACM
681
- # Private CA][3].
723
+ # For more information, see [Using a Resource Based Policy with Amazon
724
+ # Web Services Private CA][3].
682
725
  #
683
726
  #
684
727
  #
685
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html
686
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html
687
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
728
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListPermissions.html
729
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePermission.html
730
+ # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html
688
731
  #
689
732
  # @option params [required, String] :certificate_authority_arn
690
733
  # The Amazon Resource Name (ARN) of the CA that grants the permissions.
@@ -696,7 +739,7 @@ module Aws::ACMPCA
696
739
  #
697
740
  #
698
741
  #
699
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
742
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
700
743
  #
701
744
  # @option params [required, String] :principal
702
745
  # The Amazon Web Services service or identity that receives the
@@ -749,8 +792,8 @@ module Aws::ACMPCA
749
792
  # Additionally, you can delete a CA if you are waiting for it to be
750
793
  # created (that is, the status of the CA is `CREATING`). You can also
751
794
  # delete it if the CA has been created but you haven't yet imported the
752
- # signed certificate into ACM Private CA (that is, the status of the CA
753
- # is `PENDING_CERTIFICATE`).
795
+ # signed certificate into Amazon Web Services Private CA (that is, the
796
+ # status of the CA is `PENDING_CERTIFICATE`).
754
797
  #
755
798
  # When you successfully call [DeleteCertificateAuthority][3], the CA's
756
799
  # status changes to `DELETED`. However, the CA won't be permanently
@@ -764,11 +807,11 @@ module Aws::ACMPCA
764
807
  #
765
808
  #
766
809
  #
767
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
768
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
769
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html
770
- # [4]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html
771
- # [5]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RestoreCertificateAuthority.html
810
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
811
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
812
+ # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeleteCertificateAuthority.html
813
+ # [4]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DescribeCertificateAuthority.html
814
+ # [5]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_RestoreCertificateAuthority.html
772
815
  #
773
816
  # @option params [required, String] :certificate_authority_arn
774
817
  # The Amazon Resource Name (ARN) that was returned when you called
@@ -779,7 +822,7 @@ module Aws::ACMPCA
779
822
  #
780
823
  #
781
824
  #
782
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
825
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
783
826
  #
784
827
  # @option params [Integer] :permanent_deletion_time_in_days
785
828
  # The number of days to make a CA restorable after it has been deleted.
@@ -828,14 +871,14 @@ module Aws::ACMPCA
828
871
  # accounts, then permissions cannot be used to enable automatic
829
872
  # renewals. Instead, the ACM certificate owner must set up a
830
873
  # resource-based policy to enable cross-account issuance and renewals.
831
- # For more information, see [Using a Resource Based Policy with ACM
832
- # Private CA][3].
874
+ # For more information, see [Using a Resource Based Policy with Amazon
875
+ # Web Services Private CA][3].
833
876
  #
834
877
  #
835
878
  #
836
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html
837
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html
838
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
879
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreatePermission.html
880
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListPermissions.html
881
+ # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html
839
882
  #
840
883
  # @option params [required, String] :certificate_authority_arn
841
884
  # The Amazon Resource Number (ARN) of the private CA that issued the
@@ -848,7 +891,7 @@ module Aws::ACMPCA
848
891
  #
849
892
  #
850
893
  #
851
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
894
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
852
895
  #
853
896
  # @option params [required, String] :principal
854
897
  # The Amazon Web Services service or identity that will have its CA
@@ -897,7 +940,7 @@ module Aws::ACMPCA
897
940
  # customer account, to Amazon Web Services Organizations, or to an
898
941
  # Amazon Web Services Organizations unit. Policies are under the
899
942
  # control of a CA administrator. For more information, see [Using a
900
- # Resource Based Policy with ACM Private CA][3].
943
+ # Resource Based Policy with Amazon Web Services Private CA][3].
901
944
  #
902
945
  # * A policy permits a user of Certificate Manager (ACM) to issue ACM
903
946
  # certificates signed by a CA in another account.
@@ -905,8 +948,8 @@ module Aws::ACMPCA
905
948
  # * For ACM to manage automatic renewal of these certificates, the ACM
906
949
  # user must configure a Service Linked Role (SLR). The SLR allows the
907
950
  # ACM service to assume the identity of the user, subject to
908
- # confirmation against the ACM Private CA policy. For more
909
- # information, see [Using a Service Linked Role with ACM][4].
951
+ # confirmation against the Amazon Web Services Private CA policy. For
952
+ # more information, see [Using a Service Linked Role with ACM][4].
910
953
  #
911
954
  # * Updates made in Amazon Web Services Resource Manager (RAM) are
912
955
  # reflected in policies. For more information, see [Attach a Policy
@@ -914,11 +957,11 @@ module Aws::ACMPCA
914
957
  #
915
958
  #
916
959
  #
917
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html
918
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html
919
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
960
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetPolicy.html
961
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_PutPolicy.html
962
+ # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html
920
963
  # [4]: https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html
921
- # [5]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html
964
+ # [5]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-ram.html
922
965
  #
923
966
  # @option params [required, String] :resource_arn
924
967
  # The Amazon Resource Number (ARN) of the private CA that will have its
@@ -929,7 +972,7 @@ module Aws::ACMPCA
929
972
  #
930
973
  #
931
974
  #
932
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
975
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
933
976
  #
934
977
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
935
978
  #
@@ -953,12 +996,13 @@ module Aws::ACMPCA
953
996
  # its ARN (Amazon Resource Name). The output contains the status of your
954
997
  # CA. This can be any of the following:
955
998
  #
956
- # * `CREATING` - ACM Private CA is creating your private certificate
957
- # authority.
999
+ # * `CREATING` - Amazon Web Services Private CA is creating your private
1000
+ # certificate authority.
958
1001
  #
959
1002
  # * `PENDING_CERTIFICATE` - The certificate is pending. You must use
960
- # your ACM Private CA-hosted or on-premises root or subordinate CA to
961
- # sign your private CA CSR and then import it into PCA.
1003
+ # your Amazon Web Services Private CA-hosted or on-premises root or
1004
+ # subordinate CA to sign your private CA CSR and then import it into
1005
+ # Amazon Web Services Private CA.
962
1006
  #
963
1007
  # * `ACTIVE` - Your private CA is active.
964
1008
  #
@@ -984,7 +1028,7 @@ module Aws::ACMPCA
984
1028
  #
985
1029
  #
986
1030
  #
987
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1031
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
988
1032
  #
989
1033
  # @return [Types::DescribeCertificateAuthorityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
990
1034
  #
@@ -1093,9 +1137,9 @@ module Aws::ACMPCA
1093
1137
  #
1094
1138
  #
1095
1139
  #
1096
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
1097
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html
1098
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html
1140
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
1141
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html
1142
+ # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html
1099
1143
  #
1100
1144
  # @option params [required, String] :certificate_authority_arn
1101
1145
  # The Amazon Resource Name (ARN) of the private CA. This must be of the
@@ -1110,7 +1154,7 @@ module Aws::ACMPCA
1110
1154
  #
1111
1155
  #
1112
1156
  #
1113
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
1157
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
1114
1158
  #
1115
1159
  # @return [Types::DescribeCertificateAuthorityAuditReportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1116
1160
  #
@@ -1159,8 +1203,8 @@ module Aws::ACMPCA
1159
1203
  #
1160
1204
  #
1161
1205
  #
1162
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html
1163
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
1206
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html
1207
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
1164
1208
  #
1165
1209
  # @option params [required, String] :certificate_authority_arn
1166
1210
  # The Amazon Resource Name (ARN) that was returned when you called
@@ -1171,7 +1215,7 @@ module Aws::ACMPCA
1171
1215
  #
1172
1216
  #
1173
1217
  #
1174
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1218
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1175
1219
  #
1176
1220
  # @option params [required, String] :certificate_arn
1177
1221
  # The ARN of the issued certificate. The ARN contains the certificate
@@ -1251,16 +1295,16 @@ module Aws::ACMPCA
1251
1295
 
1252
1296
  # Retrieves the certificate signing request (CSR) for your private
1253
1297
  # certificate authority (CA). The CSR is created when you call the
1254
- # [CreateCertificateAuthority][1] action. Sign the CSR with your ACM
1255
- # Private CA-hosted or on-premises root or subordinate CA. Then import
1256
- # the signed certificate back into ACM Private CA by calling the
1257
- # [ImportCertificateAuthorityCertificate][2] action. The CSR is returned
1258
- # as a base64 PEM-encoded string.
1298
+ # [CreateCertificateAuthority][1] action. Sign the CSR with your Amazon
1299
+ # Web Services Private CA-hosted or on-premises root or subordinate CA.
1300
+ # Then import the signed certificate back into Amazon Web Services
1301
+ # Private CA by calling the [ImportCertificateAuthorityCertificate][2]
1302
+ # action. The CSR is returned as a base64 PEM-encoded string.
1259
1303
  #
1260
1304
  #
1261
1305
  #
1262
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1263
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
1306
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1307
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
1264
1308
  #
1265
1309
  # @option params [required, String] :certificate_authority_arn
1266
1310
  # The Amazon Resource Name (ARN) that was returned when you called the
@@ -1271,7 +1315,7 @@ module Aws::ACMPCA
1271
1315
  #
1272
1316
  #
1273
1317
  #
1274
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1318
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1275
1319
  #
1276
1320
  # @return [Types::GetCertificateAuthorityCsrResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1277
1321
  #
@@ -1314,7 +1358,7 @@ module Aws::ACMPCA
1314
1358
  # customer account, to Amazon Web Services Organizations, or to an
1315
1359
  # Amazon Web Services Organizations unit. Policies are under the
1316
1360
  # control of a CA administrator. For more information, see [Using a
1317
- # Resource Based Policy with ACM Private CA][3].
1361
+ # Resource Based Policy with Amazon Web Services Private CA][3].
1318
1362
  #
1319
1363
  # * A policy permits a user of Certificate Manager (ACM) to issue ACM
1320
1364
  # certificates signed by a CA in another account.
@@ -1322,8 +1366,8 @@ module Aws::ACMPCA
1322
1366
  # * For ACM to manage automatic renewal of these certificates, the ACM
1323
1367
  # user must configure a Service Linked Role (SLR). The SLR allows the
1324
1368
  # ACM service to assume the identity of the user, subject to
1325
- # confirmation against the ACM Private CA policy. For more
1326
- # information, see [Using a Service Linked Role with ACM][4].
1369
+ # confirmation against the Amazon Web Services Private CA policy. For
1370
+ # more information, see [Using a Service Linked Role with ACM][4].
1327
1371
  #
1328
1372
  # * Updates made in Amazon Web Services Resource Manager (RAM) are
1329
1373
  # reflected in policies. For more information, see [Attach a Policy
@@ -1331,11 +1375,11 @@ module Aws::ACMPCA
1331
1375
  #
1332
1376
  #
1333
1377
  #
1334
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html
1335
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html
1336
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
1378
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_PutPolicy.html
1379
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePolicy.html
1380
+ # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html
1337
1381
  # [4]: https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html
1338
- # [5]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html
1382
+ # [5]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-ram.html
1339
1383
  #
1340
1384
  # @option params [required, String] :resource_arn
1341
1385
  # The Amazon Resource Number (ARN) of the private CA that will have its
@@ -1365,14 +1409,14 @@ module Aws::ACMPCA
1365
1409
  req.send_request(options)
1366
1410
  end
1367
1411
 
1368
- # Imports a signed private CA certificate into ACM Private CA. This
1369
- # action is used when you are using a chain of trust whose root is
1370
- # located outside ACM Private CA. Before you can call this action, the
1371
- # following preparations must in place:
1412
+ # Imports a signed private CA certificate into Amazon Web Services
1413
+ # Private CA. This action is used when you are using a chain of trust
1414
+ # whose root is located outside Amazon Web Services Private CA. Before
1415
+ # you can call this action, the following preparations must in place:
1372
1416
  #
1373
- # 1. In ACM Private CA, call the [CreateCertificateAuthority][1] action
1374
- # to create the private CA that you plan to back with the imported
1375
- # certificate.
1417
+ # 1. In Amazon Web Services Private CA, call the
1418
+ # [CreateCertificateAuthority][1] action to create the private CA
1419
+ # that you plan to back with the imported certificate.
1376
1420
  #
1377
1421
  # 2. Call the [GetCertificateAuthorityCsr][2] action to generate a
1378
1422
  # certificate signing request (CSR).
@@ -1383,13 +1427,14 @@ module Aws::ACMPCA
1383
1427
  # 4. Create a certificate chain and copy the signed certificate and the
1384
1428
  # certificate chain to your working directory.
1385
1429
  #
1386
- # ACM Private CA supports three scenarios for installing a CA
1387
- # certificate:
1430
+ # Amazon Web Services Private CA supports three scenarios for installing
1431
+ # a CA certificate:
1388
1432
  #
1389
- # * Installing a certificate for a root CA hosted by ACM Private CA.
1433
+ # * Installing a certificate for a root CA hosted by Amazon Web Services
1434
+ # Private CA.
1390
1435
  #
1391
1436
  # * Installing a subordinate CA certificate whose parent authority is
1392
- # hosted by ACM Private CA.
1437
+ # hosted by Amazon Web Services Private CA.
1393
1438
  #
1394
1439
  # * Installing a subordinate CA certificate whose parent authority is
1395
1440
  # externally hosted.
@@ -1417,8 +1462,8 @@ module Aws::ACMPCA
1417
1462
  #
1418
1463
  # *Enforcement of Critical Constraints*
1419
1464
  #
1420
- # ACM Private CA allows the following extensions to be marked critical
1421
- # in the imported CA certificate or chain.
1465
+ # Amazon Web Services Private CA allows the following extensions to be
1466
+ # marked critical in the imported CA certificate or chain.
1422
1467
  #
1423
1468
  # * Basic constraints (*must* be marked critical)
1424
1469
  #
@@ -1444,8 +1489,8 @@ module Aws::ACMPCA
1444
1489
  #
1445
1490
  # * Inhibit anyPolicy
1446
1491
  #
1447
- # ACM Private CA rejects the following extensions when they are marked
1448
- # critical in an imported CA certificate or chain.
1492
+ # Amazon Web Services Private CA rejects the following extensions when
1493
+ # they are marked critical in an imported CA certificate or chain.
1449
1494
  #
1450
1495
  # * Name constraints
1451
1496
  #
@@ -1461,8 +1506,8 @@ module Aws::ACMPCA
1461
1506
  #
1462
1507
  #
1463
1508
  #
1464
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1465
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCsr.html
1509
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1510
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificateAuthorityCsr.html
1466
1511
  #
1467
1512
  # @option params [required, String] :certificate_authority_arn
1468
1513
  # The Amazon Resource Name (ARN) that was returned when you called
@@ -1473,7 +1518,7 @@ module Aws::ACMPCA
1473
1518
  #
1474
1519
  #
1475
1520
  #
1476
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1521
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1477
1522
  #
1478
1523
  # @option params [required, String, StringIO, File] :certificate
1479
1524
  # The PEM-encoded certificate for a private CA. This may be a
@@ -1483,8 +1528,9 @@ module Aws::ACMPCA
1483
1528
  # @option params [String, StringIO, File] :certificate_chain
1484
1529
  # A PEM-encoded file that contains all of your certificates, other than
1485
1530
  # the certificate you're importing, chaining up to your root CA. Your
1486
- # ACM Private CA-hosted or on-premises root certificate is the last in
1487
- # the chain, and each certificate in the chain signs the one preceding.
1531
+ # Amazon Web Services Private CA-hosted or on-premises root certificate
1532
+ # is the last in the chain, and each certificate in the chain signs the
1533
+ # one preceding.
1488
1534
  #
1489
1535
  # This parameter must be supplied when you import a subordinate CA. When
1490
1536
  # you import a root CA, there is no chain.
@@ -1515,14 +1561,14 @@ module Aws::ACMPCA
1515
1561
  # specifying the ARN.
1516
1562
  #
1517
1563
  # <note markdown="1"> You cannot use the ACM **ListCertificateAuthorities** action to
1518
- # retrieve the ARNs of the certificates that you issue by using ACM
1519
- # Private CA.
1564
+ # retrieve the ARNs of the certificates that you issue by using Amazon
1565
+ # Web Services Private CA.
1520
1566
  #
1521
1567
  # </note>
1522
1568
  #
1523
1569
  #
1524
1570
  #
1525
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html
1571
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificate.html
1526
1572
  #
1527
1573
  # @option params [Types::ApiPassthrough] :api_passthrough
1528
1574
  # Specifies X.509 certificate information to be included in the issued
@@ -1532,13 +1578,13 @@ module Aws::ACMPCA
1532
1578
  # Certificate Templates][1].
1533
1579
  #
1534
1580
  # If conflicting or duplicate certificate information is supplied during
1535
- # certificate issuance, ACM Private CA applies [order of operation
1536
- # rules][2] to determine what information is used.
1581
+ # certificate issuance, Amazon Web Services Private CA applies [order of
1582
+ # operation rules][2] to determine what information is used.
1537
1583
  #
1538
1584
  #
1539
1585
  #
1540
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
1541
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
1586
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html
1587
+ # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations
1542
1588
  #
1543
1589
  # @option params [required, String] :certificate_authority_arn
1544
1590
  # The Amazon Resource Name (ARN) that was returned when you called
@@ -1549,7 +1595,7 @@ module Aws::ACMPCA
1549
1595
  #
1550
1596
  #
1551
1597
  #
1552
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1598
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1553
1599
  #
1554
1600
  # @option params [required, String, StringIO, File] :csr
1555
1601
  # The certificate signing request (CSR) for the certificate you want to
@@ -1585,8 +1631,8 @@ module Aws::ACMPCA
1585
1631
  #
1586
1632
  # @option params [String] :template_arn
1587
1633
  # Specifies a custom configuration template to use when issuing a
1588
- # certificate. If this parameter is not provided, ACM Private CA
1589
- # defaults to the `EndEntityCertificate/V1` template. For CA
1634
+ # certificate. If this parameter is not provided, Amazon Web Services
1635
+ # Private CA defaults to the `EndEntityCertificate/V1` template. For CA
1590
1636
  # certificates, you should choose the shortest path length that meets
1591
1637
  # your needs. The path length is indicated by the PathLen*N* portion of
1592
1638
  # the ARN, where *N* is the [CA depth][1].
@@ -1594,13 +1640,13 @@ module Aws::ACMPCA
1594
1640
  # Note: The CA depth configured on a subordinate CA certificate must not
1595
1641
  # exceed the limit set by its parents in the CA hierarchy.
1596
1642
  #
1597
- # For a list of `TemplateArn` values supported by ACM Private CA, see
1598
- # [Understanding Certificate Templates][2].
1643
+ # For a list of `TemplateArn` values supported by Amazon Web Services
1644
+ # Private CA, see [Understanding Certificate Templates][2].
1599
1645
  #
1600
1646
  #
1601
1647
  #
1602
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaTerms.html#terms-cadepth
1603
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
1648
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaTerms.html#terms-cadepth
1649
+ # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html
1604
1650
  #
1605
1651
  # @option params [required, Types::Validity] :validity
1606
1652
  # Information describing the end of the validity period of the
@@ -1630,10 +1676,10 @@ module Aws::ACMPCA
1630
1676
  # certificate. This parameter sets the “Not Before" date for the
1631
1677
  # certificate.
1632
1678
  #
1633
- # By default, when issuing a certificate, ACM Private CA sets the "Not
1634
- # Before" date to the issuance time minus 60 minutes. This compensates
1635
- # for clock inconsistencies across computer systems. The
1636
- # `ValidityNotBefore` parameter can be used to customize the “Not
1679
+ # By default, when issuing a certificate, Amazon Web Services Private CA
1680
+ # sets the "Not Before" date to the issuance time minus 60 minutes.
1681
+ # This compensates for clock inconsistencies across computer systems.
1682
+ # The `ValidityNotBefore` parameter can be used to customize the “Not
1637
1683
  # Before” value.
1638
1684
  #
1639
1685
  # Unlike the `Validity` parameter, the `ValidityNotBefore` parameter is
@@ -1654,10 +1700,10 @@ module Aws::ACMPCA
1654
1700
  # the **IssueCertificate** action. Idempotency tokens for
1655
1701
  # **IssueCertificate** time out after one minute. Therefore, if you call
1656
1702
  # **IssueCertificate** multiple times with the same idempotency token
1657
- # within one minute, ACM Private CA recognizes that you are requesting
1658
- # only one certificate and will issue only one. If you change the
1659
- # idempotency token for each call, PCA recognizes that you are
1660
- # requesting multiple certificates.
1703
+ # within one minute, Amazon Web Services Private CA recognizes that you
1704
+ # are requesting only one certificate and will issue only one. If you
1705
+ # change the idempotency token for each call, Amazon Web Services
1706
+ # Private CA recognizes that you are requesting multiple certificates.
1661
1707
  #
1662
1708
  # @return [Types::IssueCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1663
1709
  #
@@ -1801,7 +1847,7 @@ module Aws::ACMPCA
1801
1847
  #
1802
1848
  #
1803
1849
  #
1804
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1850
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1805
1851
  #
1806
1852
  # @option params [String] :next_token
1807
1853
  # Use this parameter when paginating results in a subsequent request
@@ -1949,14 +1995,14 @@ module Aws::ACMPCA
1949
1995
  # accounts, then permissions cannot be used to enable automatic
1950
1996
  # renewals. Instead, the ACM certificate owner must set up a
1951
1997
  # resource-based policy to enable cross-account issuance and renewals.
1952
- # For more information, see [Using a Resource Based Policy with ACM
1953
- # Private CA][3].
1998
+ # For more information, see [Using a Resource Based Policy with Amazon
1999
+ # Web Services Private CA][3].
1954
2000
  #
1955
2001
  #
1956
2002
  #
1957
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html
1958
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html
1959
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
2003
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreatePermission.html
2004
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePermission.html
2005
+ # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html
1960
2006
  #
1961
2007
  # @option params [required, String] :certificate_authority_arn
1962
2008
  # The Amazon Resource Number (ARN) of the private CA to inspect. You can
@@ -1968,7 +2014,7 @@ module Aws::ACMPCA
1968
2014
  #
1969
2015
  #
1970
2016
  #
1971
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
2017
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
1972
2018
  #
1973
2019
  # @option params [String] :next_token
1974
2020
  # When paginating results, use this parameter in a subsequent request
@@ -2027,8 +2073,8 @@ module Aws::ACMPCA
2027
2073
  #
2028
2074
  #
2029
2075
  #
2030
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html
2031
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html
2076
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_TagCertificateAuthority.html
2077
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UntagCertificateAuthority.html
2032
2078
  #
2033
2079
  # @option params [required, String] :certificate_authority_arn
2034
2080
  # The Amazon Resource Name (ARN) that was returned when you called the
@@ -2039,7 +2085,7 @@ module Aws::ACMPCA
2039
2085
  #
2040
2086
  #
2041
2087
  #
2042
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
2088
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
2043
2089
  #
2044
2090
  # @option params [String] :next_token
2045
2091
  # Use this parameter when paginating results in a subsequent request
@@ -2099,7 +2145,7 @@ module Aws::ACMPCA
2099
2145
  # customer account, to Amazon Web Services Organizations, or to an
2100
2146
  # Amazon Web Services Organizations unit. Policies are under the
2101
2147
  # control of a CA administrator. For more information, see [Using a
2102
- # Resource Based Policy with ACM Private CA][4].
2148
+ # Resource Based Policy with Amazon Web Services Private CA][4].
2103
2149
  #
2104
2150
  # * A policy permits a user of Certificate Manager (ACM) to issue ACM
2105
2151
  # certificates signed by a CA in another account.
@@ -2107,8 +2153,8 @@ module Aws::ACMPCA
2107
2153
  # * For ACM to manage automatic renewal of these certificates, the ACM
2108
2154
  # user must configure a Service Linked Role (SLR). The SLR allows the
2109
2155
  # ACM service to assume the identity of the user, subject to
2110
- # confirmation against the ACM Private CA policy. For more
2111
- # information, see [Using a Service Linked Role with ACM][5].
2156
+ # confirmation against the Amazon Web Services Private CA policy. For
2157
+ # more information, see [Using a Service Linked Role with ACM][5].
2112
2158
  #
2113
2159
  # * Updates made in Amazon Web Services Resource Manager (RAM) are
2114
2160
  # reflected in policies. For more information, see [Attach a Policy
@@ -2116,10 +2162,10 @@ module Aws::ACMPCA
2116
2162
  #
2117
2163
  #
2118
2164
  #
2119
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html
2120
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html
2121
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html
2122
- # [4]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
2165
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-ram.html
2166
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetPolicy.html
2167
+ # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePolicy.html
2168
+ # [4]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html
2123
2169
  # [5]: https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html
2124
2170
  #
2125
2171
  # @option params [required, String] :resource_arn
@@ -2131,7 +2177,7 @@ module Aws::ACMPCA
2131
2177
  #
2132
2178
  #
2133
2179
  #
2134
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
2180
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
2135
2181
  #
2136
2182
  # @option params [required, String] :policy
2137
2183
  # The path and file name of a JSON-formatted IAM policy to attach to the
@@ -2183,11 +2229,11 @@ module Aws::ACMPCA
2183
2229
  #
2184
2230
  #
2185
2231
  #
2186
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html
2187
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html
2188
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
2189
- # [4]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
2190
- # [5]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
2232
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeleteCertificateAuthority.html
2233
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DescribeCertificateAuthority.html
2234
+ # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
2235
+ # [4]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
2236
+ # [5]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
2191
2237
  #
2192
2238
  # @option params [required, String] :certificate_authority_arn
2193
2239
  # The Amazon Resource Name (ARN) that was returned when you called the
@@ -2198,7 +2244,7 @@ module Aws::ACMPCA
2198
2244
  #
2199
2245
  #
2200
2246
  #
2201
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
2247
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
2202
2248
  #
2203
2249
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2204
2250
  #
@@ -2217,26 +2263,29 @@ module Aws::ACMPCA
2217
2263
  req.send_request(options)
2218
2264
  end
2219
2265
 
2220
- # Revokes a certificate that was issued inside ACM Private CA. If you
2221
- # enable a certificate revocation list (CRL) when you create or update
2222
- # your private CA, information about the revoked certificates will be
2223
- # included in the CRL. ACM Private CA writes the CRL to an S3 bucket
2224
- # that you specify. A CRL is typically updated approximately 30 minutes
2225
- # after a certificate is revoked. If for any reason the CRL update
2226
- # fails, ACM Private CA attempts makes further attempts every 15
2227
- # minutes. With Amazon CloudWatch, you can create alarms for the metrics
2228
- # `CRLGenerated` and `MisconfiguredCRLBucket`. For more information, see
2229
- # [Supported CloudWatch Metrics][1].
2230
- #
2231
- # <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
2232
- # bucket that you specify. If the IAM principal making the call does not
2233
- # have permission to write to the bucket, then an exception is thrown.
2234
- # For more information, see [Access policies for CRLs in Amazon S3][2].
2266
+ # Revokes a certificate that was issued inside Amazon Web Services
2267
+ # Private CA. If you enable a certificate revocation list (CRL) when you
2268
+ # create or update your private CA, information about the revoked
2269
+ # certificates will be included in the CRL. Amazon Web Services Private
2270
+ # CA writes the CRL to an S3 bucket that you specify. A CRL is typically
2271
+ # updated approximately 30 minutes after a certificate is revoked. If
2272
+ # for any reason the CRL update fails, Amazon Web Services Private CA
2273
+ # attempts makes further attempts every 15 minutes. With Amazon
2274
+ # CloudWatch, you can create alarms for the metrics `CRLGenerated` and
2275
+ # `MisconfiguredCRLBucket`. For more information, see [Supported
2276
+ # CloudWatch Metrics][1].
2277
+ #
2278
+ # <note markdown="1"> Both Amazon Web Services Private CA and the IAM principal must have
2279
+ # permission to write to the S3 bucket that you specify. If the IAM
2280
+ # principal making the call does not have permission to write to the
2281
+ # bucket, then an exception is thrown. For more information, see [Access
2282
+ # policies for CRLs in Amazon S3][2].
2235
2283
  #
2236
2284
  # </note>
2237
2285
  #
2238
- # ACM Private CA also writes revocation information to the audit report.
2239
- # For more information, see [CreateCertificateAuthorityAuditReport][3].
2286
+ # Amazon Web Services Private CA also writes revocation information to
2287
+ # the audit report. For more information, see
2288
+ # [CreateCertificateAuthorityAuditReport][3].
2240
2289
  #
2241
2290
  # <note markdown="1"> You cannot revoke a root CA self-signed certificate.
2242
2291
  #
@@ -2244,9 +2293,9 @@ module Aws::ACMPCA
2244
2293
  #
2245
2294
  #
2246
2295
  #
2247
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCloudWatch.html
2248
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
2249
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
2296
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCloudWatch.html
2297
+ # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#s3-policies
2298
+ # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
2250
2299
  #
2251
2300
  # @option params [required, String] :certificate_authority_arn
2252
2301
  # Amazon Resource Name (ARN) of the private CA that issued the
@@ -2272,7 +2321,7 @@ module Aws::ACMPCA
2272
2321
  #
2273
2322
  #
2274
2323
  #
2275
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html
2324
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificate.html
2276
2325
  # [2]: https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html
2277
2326
  #
2278
2327
  # @option params [required, String] :revocation_reason
@@ -2308,10 +2357,19 @@ module Aws::ACMPCA
2308
2357
  # the [UntagCertificateAuthority][1] action. Call the [ListTags][2]
2309
2358
  # action to see what tags are associated with your CA.
2310
2359
  #
2360
+ # <note markdown="1"> To attach tags to a private CA during the creation procedure, a CA
2361
+ # administrator must first associate an inline IAM policy with the
2362
+ # `CreateCertificateAuthority` action and explicitly allow tagging. For
2363
+ # more information, see [Attaching tags to a CA at the time of
2364
+ # creation][3].
2365
+ #
2366
+ # </note>
2367
+ #
2311
2368
  #
2312
2369
  #
2313
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html
2314
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html
2370
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UntagCertificateAuthority.html
2371
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListTags.html
2372
+ # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/auth-InlinePolicies.html#policy-tag-ca
2315
2373
  #
2316
2374
  # @option params [required, String] :certificate_authority_arn
2317
2375
  # The Amazon Resource Name (ARN) that was returned when you called
@@ -2322,7 +2380,7 @@ module Aws::ACMPCA
2322
2380
  #
2323
2381
  #
2324
2382
  #
2325
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
2383
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
2326
2384
  #
2327
2385
  # @option params [required, Array<Types::Tag>] :tags
2328
2386
  # List of tags to be associated with the CA.
@@ -2360,8 +2418,8 @@ module Aws::ACMPCA
2360
2418
  #
2361
2419
  #
2362
2420
  #
2363
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html
2364
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html
2421
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_TagCertificateAuthority.html
2422
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListTags.html
2365
2423
  #
2366
2424
  # @option params [required, String] :certificate_authority_arn
2367
2425
  # The Amazon Resource Name (ARN) that was returned when you called
@@ -2372,7 +2430,7 @@ module Aws::ACMPCA
2372
2430
  #
2373
2431
  #
2374
2432
  #
2375
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
2433
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
2376
2434
  #
2377
2435
  # @option params [required, Array<Types::Tag>] :tags
2378
2436
  # List of tags to be removed from the CA.
@@ -2406,16 +2464,17 @@ module Aws::ACMPCA
2406
2464
  # `ACTIVE` state or make a CA that is in the `DISABLED` state active
2407
2465
  # again.
2408
2466
  #
2409
- # <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
2410
- # bucket that you specify. If the IAM principal making the call does not
2411
- # have permission to write to the bucket, then an exception is thrown.
2412
- # For more information, see [Access policies for CRLs in Amazon S3][1].
2467
+ # <note markdown="1"> Both Amazon Web Services Private CA and the IAM principal must have
2468
+ # permission to write to the S3 bucket that you specify. If the IAM
2469
+ # principal making the call does not have permission to write to the
2470
+ # bucket, then an exception is thrown. For more information, see [Access
2471
+ # policies for CRLs in Amazon S3][1].
2413
2472
  #
2414
2473
  # </note>
2415
2474
  #
2416
2475
  #
2417
2476
  #
2418
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
2477
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#s3-policies
2419
2478
  #
2420
2479
  # @option params [required, String] :certificate_authority_arn
2421
2480
  # Amazon Resource Name (ARN) of the private CA that issued the
@@ -2431,10 +2490,30 @@ module Aws::ACMPCA
2431
2490
  # existing capibilites remain unchanged. For more information, see the
2432
2491
  # [OcspConfiguration][1] and [CrlConfiguration][2] types.
2433
2492
  #
2493
+ # <note markdown="1"> The following requirements apply to revocation configurations.
2494
+ #
2495
+ # * A configuration disabling CRLs or OCSP must contain only the
2496
+ # `Enabled=False` parameter, and will fail if other parameters such as
2497
+ # `CustomCname` or `ExpirationInDays` are included.
2498
+ #
2499
+ # * In a CRL configuration, the `S3BucketName` parameter must conform to
2500
+ # [Amazon S3 bucket naming rules][3].
2501
+ #
2502
+ # * A configuration containing a custom Canonical Name (CNAME) parameter
2503
+ # for CRLs or OCSP must conform to [RFC2396][4] restrictions on the
2504
+ # use of special characters in a CNAME.
2505
+ #
2506
+ # * In a CRL or OCSP configuration, the value of a CNAME parameter must
2507
+ # not include a protocol prefix such as "http://" or "https://".
2508
+ #
2509
+ # </note>
2510
+ #
2434
2511
  #
2435
2512
  #
2436
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html
2437
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
2513
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html
2514
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
2515
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
2516
+ # [4]: https://www.ietf.org/rfc/rfc2396.txt
2438
2517
  #
2439
2518
  # @option params [String] :status
2440
2519
  # Status of your private CA.
@@ -2449,13 +2528,13 @@ module Aws::ACMPCA
2449
2528
  # crl_configuration: {
2450
2529
  # enabled: false, # required
2451
2530
  # expiration_in_days: 1,
2452
- # custom_cname: "String253",
2453
- # s3_bucket_name: "String3To255",
2531
+ # custom_cname: "CnameString",
2532
+ # s3_bucket_name: "S3BucketName3To255",
2454
2533
  # s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
2455
2534
  # },
2456
2535
  # ocsp_configuration: {
2457
2536
  # enabled: false, # required
2458
- # ocsp_custom_cname: "String253",
2537
+ # ocsp_custom_cname: "CnameString",
2459
2538
  # },
2460
2539
  # },
2461
2540
  # status: "CREATING", # accepts CREATING, PENDING_CERTIFICATE, ACTIVE, DELETED, DISABLED, EXPIRED, FAILED
@@ -2483,7 +2562,7 @@ module Aws::ACMPCA
2483
2562
  params: params,
2484
2563
  config: config)
2485
2564
  context[:gem_name] = 'aws-sdk-acmpca'
2486
- context[:gem_version] = '1.50.0'
2565
+ context[:gem_version] = '1.52.0'
2487
2566
  Seahorse::Client::Request.new(handlers, context)
2488
2567
  end
2489
2568