aws-sdk-acmpca 1.50.0 → 1.52.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +10 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-acmpca/client.rb +271 -192
  5. data/lib/aws-sdk-acmpca/client_api.rb +5 -4
  6. data/lib/aws-sdk-acmpca/endpoint_parameters.rb +69 -0
  7. data/lib/aws-sdk-acmpca/endpoint_provider.rb +115 -0
  8. data/lib/aws-sdk-acmpca/endpoints.rb +337 -0
  9. data/lib/aws-sdk-acmpca/plugins/endpoints.rb +114 -0
  10. data/lib/aws-sdk-acmpca/types.rb +202 -1159
  11. data/lib/aws-sdk-acmpca.rb +5 -1
  12. metadata +8 -4
data/lib/aws-sdk-acmpca/types.rb CHANGED
@@ -17,32 +17,6 @@ module Aws::ACMPCA
17
17
  # name (DN). A DN is a sequence of relative distinguished names (RDNs).
18
18
  # The RDNs are separated by commas in the certificate.
19
19
  #
20
- # @note When making an API call, you may pass ASN1Subject
21
- # data as a hash:
22
- #
23
- # {
24
- # country: "CountryCodeString",
25
- # organization: "String64",
26
- # organizational_unit: "String64",
27
- # distinguished_name_qualifier: "ASN1PrintableString64",
28
- # state: "String128",
29
- # common_name: "String64",
30
- # serial_number: "ASN1PrintableString64",
31
- # locality: "String128",
32
- # title: "String64",
33
- # surname: "String40",
34
- # given_name: "String16",
35
- # initials: "String5",
36
- # pseudonym: "String128",
37
- # generation_qualifier: "String3",
38
- # custom_attributes: [
39
- # {
40
- # object_identifier: "CustomObjectIdentifier", # required
41
- # value: "String1To256", # required
42
- # },
43
- # ],
44
- # }
45
- #
46
20
  # @!attribute [rw] country
47
21
  # Two-digit code that specifies the country in which the certificate
48
22
  # subject located.
@@ -161,53 +135,6 @@ module Aws::ACMPCA
161
135
  #
162
136
  # [1]: https://datatracker.ietf.org/doc/html/rfc5280
163
137
  #
164
- # @note When making an API call, you may pass AccessDescription
165
- # data as a hash:
166
- #
167
- # {
168
- # access_method: { # required
169
- # custom_object_identifier: "CustomObjectIdentifier",
170
- # access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
171
- # },
172
- # access_location: { # required
173
- # other_name: {
174
- # type_id: "CustomObjectIdentifier", # required
175
- # value: "String256", # required
176
- # },
177
- # rfc_822_name: "String256",
178
- # dns_name: "String253",
179
- # directory_name: {
180
- # country: "CountryCodeString",
181
- # organization: "String64",
182
- # organizational_unit: "String64",
183
- # distinguished_name_qualifier: "ASN1PrintableString64",
184
- # state: "String128",
185
- # common_name: "String64",
186
- # serial_number: "ASN1PrintableString64",
187
- # locality: "String128",
188
- # title: "String64",
189
- # surname: "String40",
190
- # given_name: "String16",
191
- # initials: "String5",
192
- # pseudonym: "String128",
193
- # generation_qualifier: "String3",
194
- # custom_attributes: [
195
- # {
196
- # object_identifier: "CustomObjectIdentifier", # required
197
- # value: "String1To256", # required
198
- # },
199
- # ],
200
- # },
201
- # edi_party_name: {
202
- # party_name: "String256", # required
203
- # name_assigner: "String256",
204
- # },
205
- # uniform_resource_identifier: "String253",
206
- # ip_address: "String39",
207
- # registered_id: "CustomObjectIdentifier",
208
- # },
209
- # }
210
- #
211
138
  # @!attribute [rw] access_method
212
139
  # The type and format of `AccessDescription` information.
213
140
  # @return [Types::AccessMethod]
@@ -229,14 +156,6 @@ module Aws::ACMPCA
229
156
  # `CustomObjectIdentifier` or `AccessMethodType` may be provided.
230
157
  # Providing both results in `InvalidArgsException`.
231
158
  #
232
- # @note When making an API call, you may pass AccessMethod
233
- # data as a hash:
234
- #
235
- # {
236
- # custom_object_identifier: "CustomObjectIdentifier",
237
- # access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
238
- # }
239
- #
240
159
  # @!attribute [rw] custom_object_identifier
241
160
  # An object identifier (OID) specifying the `AccessMethod`. The OID
242
161
  # must satisfy the regular expression shown below. For more
@@ -265,118 +184,12 @@ module Aws::ACMPCA
265
184
  # variant must be selected, or else this parameter is ignored.
266
185
  #
267
186
  # If conflicting or duplicate certificate information is supplied from
268
- # other sources, ACM Private CA applies [order of operation rules][1] to
269
- # determine what information is used.
270
- #
271
- #
272
- #
273
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
274
- #
275
- # @note When making an API call, you may pass ApiPassthrough
276
- # data as a hash:
277
- #
278
- # {
279
- # extensions: {
280
- # certificate_policies: [
281
- # {
282
- # cert_policy_id: "CustomObjectIdentifier", # required
283
- # policy_qualifiers: [
284
- # {
285
- # policy_qualifier_id: "CPS", # required, accepts CPS
286
- # qualifier: { # required
287
- # cps_uri: "String256", # required
288
- # },
289
- # },
290
- # ],
291
- # },
292
- # ],
293
- # extended_key_usage: [
294
- # {
295
- # extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
296
- # extended_key_usage_object_identifier: "CustomObjectIdentifier",
297
- # },
298
- # ],
299
- # key_usage: {
300
- # digital_signature: false,
301
- # non_repudiation: false,
302
- # key_encipherment: false,
303
- # data_encipherment: false,
304
- # key_agreement: false,
305
- # key_cert_sign: false,
306
- # crl_sign: false,
307
- # encipher_only: false,
308
- # decipher_only: false,
309
- # },
310
- # subject_alternative_names: [
311
- # {
312
- # other_name: {
313
- # type_id: "CustomObjectIdentifier", # required
314
- # value: "String256", # required
315
- # },
316
- # rfc_822_name: "String256",
317
- # dns_name: "String253",
318
- # directory_name: {
319
- # country: "CountryCodeString",
320
- # organization: "String64",
321
- # organizational_unit: "String64",
322
- # distinguished_name_qualifier: "ASN1PrintableString64",
323
- # state: "String128",
324
- # common_name: "String64",
325
- # serial_number: "ASN1PrintableString64",
326
- # locality: "String128",
327
- # title: "String64",
328
- # surname: "String40",
329
- # given_name: "String16",
330
- # initials: "String5",
331
- # pseudonym: "String128",
332
- # generation_qualifier: "String3",
333
- # custom_attributes: [
334
- # {
335
- # object_identifier: "CustomObjectIdentifier", # required
336
- # value: "String1To256", # required
337
- # },
338
- # ],
339
- # },
340
- # edi_party_name: {
341
- # party_name: "String256", # required
342
- # name_assigner: "String256",
343
- # },
344
- # uniform_resource_identifier: "String253",
345
- # ip_address: "String39",
346
- # registered_id: "CustomObjectIdentifier",
347
- # },
348
- # ],
349
- # custom_extensions: [
350
- # {
351
- # object_identifier: "CustomObjectIdentifier", # required
352
- # value: "Base64String1To4096", # required
353
- # critical: false,
354
- # },
355
- # ],
356
- # },
357
- # subject: {
358
- # country: "CountryCodeString",
359
- # organization: "String64",
360
- # organizational_unit: "String64",
361
- # distinguished_name_qualifier: "ASN1PrintableString64",
362
- # state: "String128",
363
- # common_name: "String64",
364
- # serial_number: "ASN1PrintableString64",
365
- # locality: "String128",
366
- # title: "String64",
367
- # surname: "String40",
368
- # given_name: "String16",
369
- # initials: "String5",
370
- # pseudonym: "String128",
371
- # generation_qualifier: "String3",
372
- # custom_attributes: [
373
- # {
374
- # object_identifier: "CustomObjectIdentifier", # required
375
- # value: "String1To256", # required
376
- # },
377
- # ],
378
- # },
379
- # }
187
+ # other sources, Amazon Web Services Private CA applies [order of
188
+ # operation rules][1] to determine what information is used.
189
+ #
190
+ #
191
+ #
192
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations
380
193
  #
381
194
  # @!attribute [rw] extensions
382
195
  # Specifies X.509 extension information for a certificate.
@@ -409,16 +222,16 @@ module Aws::ACMPCA
409
222
  # [CreateCertificateAuthority][1] action to create your private CA. You
410
223
  # must then call the [GetCertificateAuthorityCertificate][2] action to
411
224
  # retrieve a private CA certificate signing request (CSR). Sign the CSR
412
- # with your ACM Private CA-hosted or on-premises root or subordinate CA
413
- # certificate. Call the [ImportCertificateAuthorityCertificate][3]
414
- # action to import the signed certificate into Certificate Manager
415
- # (ACM).
225
+ # with your Amazon Web Services Private CA-hosted or on-premises root or
226
+ # subordinate CA certificate. Call the
227
+ # [ImportCertificateAuthorityCertificate][3] action to import the signed
228
+ # certificate into Certificate Manager (ACM).
416
229
  #
417
230
  #
418
231
  #
419
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
420
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCertificate.html
421
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
232
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
233
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificateAuthorityCertificate.html
234
+ # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
422
235
  #
423
236
  # @!attribute [rw] arn
424
237
  # Amazon Resource Name (ARN) for your private certificate authority
@@ -479,7 +292,7 @@ module Aws::ACMPCA
479
292
  #
480
293
  #
481
294
  #
482
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html
295
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html
483
296
  # @return [Time]
484
297
  #
485
298
  # @!attribute [rw] key_storage_security_standard
@@ -537,95 +350,7 @@ module Aws::ACMPCA
537
350
  #
538
351
  #
539
352
  #
540
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
541
- #
542
- # @note When making an API call, you may pass CertificateAuthorityConfiguration
543
- # data as a hash:
544
- #
545
- # {
546
- # key_algorithm: "RSA_2048", # required, accepts RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1
547
- # signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
548
- # subject: { # required
549
- # country: "CountryCodeString",
550
- # organization: "String64",
551
- # organizational_unit: "String64",
552
- # distinguished_name_qualifier: "ASN1PrintableString64",
553
- # state: "String128",
554
- # common_name: "String64",
555
- # serial_number: "ASN1PrintableString64",
556
- # locality: "String128",
557
- # title: "String64",
558
- # surname: "String40",
559
- # given_name: "String16",
560
- # initials: "String5",
561
- # pseudonym: "String128",
562
- # generation_qualifier: "String3",
563
- # custom_attributes: [
564
- # {
565
- # object_identifier: "CustomObjectIdentifier", # required
566
- # value: "String1To256", # required
567
- # },
568
- # ],
569
- # },
570
- # csr_extensions: {
571
- # key_usage: {
572
- # digital_signature: false,
573
- # non_repudiation: false,
574
- # key_encipherment: false,
575
- # data_encipherment: false,
576
- # key_agreement: false,
577
- # key_cert_sign: false,
578
- # crl_sign: false,
579
- # encipher_only: false,
580
- # decipher_only: false,
581
- # },
582
- # subject_information_access: [
583
- # {
584
- # access_method: { # required
585
- # custom_object_identifier: "CustomObjectIdentifier",
586
- # access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
587
- # },
588
- # access_location: { # required
589
- # other_name: {
590
- # type_id: "CustomObjectIdentifier", # required
591
- # value: "String256", # required
592
- # },
593
- # rfc_822_name: "String256",
594
- # dns_name: "String253",
595
- # directory_name: {
596
- # country: "CountryCodeString",
597
- # organization: "String64",
598
- # organizational_unit: "String64",
599
- # distinguished_name_qualifier: "ASN1PrintableString64",
600
- # state: "String128",
601
- # common_name: "String64",
602
- # serial_number: "ASN1PrintableString64",
603
- # locality: "String128",
604
- # title: "String64",
605
- # surname: "String40",
606
- # given_name: "String16",
607
- # initials: "String5",
608
- # pseudonym: "String128",
609
- # generation_qualifier: "String3",
610
- # custom_attributes: [
611
- # {
612
- # object_identifier: "CustomObjectIdentifier", # required
613
- # value: "String1To256", # required
614
- # },
615
- # ],
616
- # },
617
- # edi_party_name: {
618
- # party_name: "String256", # required
619
- # name_assigner: "String256",
620
- # },
621
- # uniform_resource_identifier: "String253",
622
- # ip_address: "String39",
623
- # registered_id: "CustomObjectIdentifier",
624
- # },
625
- # },
626
- # ],
627
- # },
628
- # }
353
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
629
354
  #
630
355
  # @!attribute [rw] key_algorithm
631
356
  # Type of the public key algorithm and size, in bits, of the key pair
@@ -690,15 +415,6 @@ module Aws::ACMPCA
690
415
  include Aws::Structure
691
416
  end
692
417
 
693
- # @note When making an API call, you may pass CreateCertificateAuthorityAuditReportRequest
694
- # data as a hash:
695
- #
696
- # {
697
- # certificate_authority_arn: "Arn", # required
698
- # s3_bucket_name: "S3BucketName", # required
699
- # audit_report_response_format: "JSON", # required, accepts JSON, CSV
700
- # }
701
- #
702
418
  # @!attribute [rw] certificate_authority_arn
703
419
  # The Amazon Resource Name (ARN) of the CA to be audited. This is of
704
420
  # the form:
@@ -744,119 +460,6 @@ module Aws::ACMPCA
744
460
  include Aws::Structure
745
461
  end
746
462
 
747
- # @note When making an API call, you may pass CreateCertificateAuthorityRequest
748
- # data as a hash:
749
- #
750
- # {
751
- # certificate_authority_configuration: { # required
752
- # key_algorithm: "RSA_2048", # required, accepts RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1
753
- # signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
754
- # subject: { # required
755
- # country: "CountryCodeString",
756
- # organization: "String64",
757
- # organizational_unit: "String64",
758
- # distinguished_name_qualifier: "ASN1PrintableString64",
759
- # state: "String128",
760
- # common_name: "String64",
761
- # serial_number: "ASN1PrintableString64",
762
- # locality: "String128",
763
- # title: "String64",
764
- # surname: "String40",
765
- # given_name: "String16",
766
- # initials: "String5",
767
- # pseudonym: "String128",
768
- # generation_qualifier: "String3",
769
- # custom_attributes: [
770
- # {
771
- # object_identifier: "CustomObjectIdentifier", # required
772
- # value: "String1To256", # required
773
- # },
774
- # ],
775
- # },
776
- # csr_extensions: {
777
- # key_usage: {
778
- # digital_signature: false,
779
- # non_repudiation: false,
780
- # key_encipherment: false,
781
- # data_encipherment: false,
782
- # key_agreement: false,
783
- # key_cert_sign: false,
784
- # crl_sign: false,
785
- # encipher_only: false,
786
- # decipher_only: false,
787
- # },
788
- # subject_information_access: [
789
- # {
790
- # access_method: { # required
791
- # custom_object_identifier: "CustomObjectIdentifier",
792
- # access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
793
- # },
794
- # access_location: { # required
795
- # other_name: {
796
- # type_id: "CustomObjectIdentifier", # required
797
- # value: "String256", # required
798
- # },
799
- # rfc_822_name: "String256",
800
- # dns_name: "String253",
801
- # directory_name: {
802
- # country: "CountryCodeString",
803
- # organization: "String64",
804
- # organizational_unit: "String64",
805
- # distinguished_name_qualifier: "ASN1PrintableString64",
806
- # state: "String128",
807
- # common_name: "String64",
808
- # serial_number: "ASN1PrintableString64",
809
- # locality: "String128",
810
- # title: "String64",
811
- # surname: "String40",
812
- # given_name: "String16",
813
- # initials: "String5",
814
- # pseudonym: "String128",
815
- # generation_qualifier: "String3",
816
- # custom_attributes: [
817
- # {
818
- # object_identifier: "CustomObjectIdentifier", # required
819
- # value: "String1To256", # required
820
- # },
821
- # ],
822
- # },
823
- # edi_party_name: {
824
- # party_name: "String256", # required
825
- # name_assigner: "String256",
826
- # },
827
- # uniform_resource_identifier: "String253",
828
- # ip_address: "String39",
829
- # registered_id: "CustomObjectIdentifier",
830
- # },
831
- # },
832
- # ],
833
- # },
834
- # },
835
- # revocation_configuration: {
836
- # crl_configuration: {
837
- # enabled: false, # required
838
- # expiration_in_days: 1,
839
- # custom_cname: "String253",
840
- # s3_bucket_name: "String3To255",
841
- # s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
842
- # },
843
- # ocsp_configuration: {
844
- # enabled: false, # required
845
- # ocsp_custom_cname: "String253",
846
- # },
847
- # },
848
- # certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE
849
- # idempotency_token: "IdempotencyToken",
850
- # key_storage_security_standard: "FIPS_140_2_LEVEL_2_OR_HIGHER", # accepts FIPS_140_2_LEVEL_2_OR_HIGHER, FIPS_140_2_LEVEL_3_OR_HIGHER
851
- # tags: [
852
- # {
853
- # key: "TagKey", # required
854
- # value: "TagValue",
855
- # },
856
- # ],
857
- # usage_mode: "GENERAL_PURPOSE", # accepts GENERAL_PURPOSE, SHORT_LIVED_CERTIFICATE
858
- # }
859
- #
860
463
  # @!attribute [rw] certificate_authority_configuration
861
464
  # Name and bit size of the private key algorithm, the name of the
862
465
  # signing algorithm, and X.500 certificate subject information.
@@ -866,14 +469,36 @@ module Aws::ACMPCA
866
469
  # Contains information to enable Online Certificate Status Protocol
867
470
  # (OCSP) support, to enable a certificate revocation list (CRL), to
868
471
  # enable both, or to enable neither. The default is for both
869
- # certificate validation mechanisms to be disabled. For more
870
- # information, see the [OcspConfiguration][1] and
871
- # [CrlConfiguration][2] types.
472
+ # certificate validation mechanisms to be disabled.
473
+ #
474
+ # <note markdown="1"> The following requirements apply to revocation configurations.
475
+ #
476
+ # * A configuration disabling CRLs or OCSP must contain only the
477
+ # `Enabled=False` parameter, and will fail if other parameters such
478
+ # as `CustomCname` or `ExpirationInDays` are included.
872
479
  #
480
+ # * In a CRL configuration, the `S3BucketName` parameter must conform
481
+ # to [Amazon S3 bucket naming rules][1].
873
482
  #
483
+ # * A configuration containing a custom Canonical Name (CNAME)
484
+ # parameter for CRLs or OCSP must conform to [RFC2396][2]
485
+ # restrictions on the use of special characters in a CNAME.
874
486
  #
875
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html
876
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
487
+ # * In a CRL or OCSP configuration, the value of a CNAME parameter
488
+ # must not include a protocol prefix such as "http://" or
489
+ # "https://".
490
+ #
491
+ # </note>
492
+ #
493
+ # For more information, see the [OcspConfiguration][3] and
494
+ # [CrlConfiguration][4] types.
495
+ #
496
+ #
497
+ #
498
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
499
+ # [2]: https://www.ietf.org/rfc/rfc2396.txt
500
+ # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html
501
+ # [4]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
877
502
  # @return [Types::RevocationConfiguration]
878
503
  #
879
504
  # @!attribute [rw] certificate_authority_type
@@ -885,11 +510,11 @@ module Aws::ACMPCA
885
510
  # **CreateCertificateAuthority** action. Idempotency tokens for
886
511
  # **CreateCertificateAuthority** time out after five minutes.
887
512
  # Therefore, if you call **CreateCertificateAuthority** multiple times
888
- # with the same idempotency token within five minutes, ACM Private CA
889
- # recognizes that you are requesting only certificate authority and
890
- # will issue only one. If you change the idempotency token for each
891
- # call, PCA recognizes that you are requesting multiple certificate
892
- # authorities.
513
+ # with the same idempotency token within five minutes, Amazon Web
514
+ # Services Private CA recognizes that you are requesting only
515
+ # certificate authority and will issue only one. If you change the
516
+ # idempotency token for each call, Amazon Web Services Private CA
517
+ # recognizes that you are requesting multiple certificate authorities.
893
518
  # @return [String]
894
519
  #
895
520
  # @!attribute [rw] key_storage_security_standard
@@ -963,16 +588,6 @@ module Aws::ACMPCA
963
588
  include Aws::Structure
964
589
  end
965
590
 
966
- # @note When making an API call, you may pass CreatePermissionRequest
967
- # data as a hash:
968
- #
969
- # {
970
- # certificate_authority_arn: "Arn", # required
971
- # principal: "Principal", # required
972
- # source_account: "AccountId",
973
- # actions: ["IssueCertificate"], # required, accepts IssueCertificate, GetCertificate, ListPermissions
974
- # }
975
- #
976
591
  # @!attribute [rw] certificate_authority_arn
977
592
  # The Amazon Resource Name (ARN) of the CA that grants the
978
593
  # permissions. You can find the ARN by calling the
@@ -984,7 +599,7 @@ module Aws::ACMPCA
984
599
  #
985
600
  #
986
601
  #
987
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
602
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
988
603
  # @return [String]
989
604
  #
990
605
  # @!attribute [rw] principal
@@ -1023,10 +638,11 @@ module Aws::ACMPCA
1023
638
  # specifying a value for the **CustomCname** parameter. Your private CA
1024
639
  # copies the CNAME or the S3 bucket name to the **CRL Distribution
1025
640
  # Points** extension of each certificate it issues. Your S3 bucket
1026
- # policy must give write permission to ACM Private CA.
641
+ # policy must give write permission to Amazon Web Services Private CA.
1027
642
  #
1028
- # ACM Private CA assets that are stored in Amazon S3 can be protected
1029
- # with encryption. For more information, see [Encrypting Your CRLs][1].
643
+ # Amazon Web Services Private CA assets that are stored in Amazon S3 can
644
+ # be protected with encryption. For more information, see [Encrypting
645
+ # Your CRLs][1].
1030
646
  #
1031
647
  # Your private CA uses the value in the **ExpirationInDays** parameter
1032
648
  # to calculate the **nextUpdate** field in the CRL. The CRL is refreshed
@@ -1036,8 +652,8 @@ module Aws::ACMPCA
1036
652
  # expiration, and it always appears in the audit report.
1037
653
  #
1038
654
  # A CRL is typically updated approximately 30 minutes after a
1039
- # certificate is revoked. If for any reason a CRL update fails, ACM
1040
- # Private CA makes further attempts every 15 minutes.
655
+ # certificate is revoked. If for any reason a CRL update fails, Amazon
656
+ # Web Services Private CA makes further attempts every 15 minutes.
1041
657
  #
1042
658
  # CRLs contain the following fields:
1043
659
  #
@@ -1081,29 +697,20 @@ module Aws::ACMPCA
1081
697
  #
1082
698
  # * **Signature Value**\: Signature computed over the CRL.
1083
699
  #
1084
- # Certificate revocation lists created by ACM Private CA are
1085
- # DER-encoded. You can use the following OpenSSL command to list a CRL.
700
+ # Certificate revocation lists created by Amazon Web Services Private CA
701
+ # are DER-encoded. You can use the following OpenSSL command to list a
702
+ # CRL.
1086
703
  #
1087
704
  # `openssl crl -inform DER -text -in crl_path -noout`
1088
705
  #
1089
706
  # For more information, see [Planning a certificate revocation list
1090
- # (CRL)][2] in the *Private Certificate Authority (PCA) User Guide*
1091
- #
1092
- #
707
+ # (CRL)][2] in the *Amazon Web Services Private Certificate Authority
708
+ # User Guide*
1093
709
  #
1094
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption
1095
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html
1096
710
  #
1097
- # @note When making an API call, you may pass CrlConfiguration
1098
- # data as a hash:
1099
711
  #
1100
- # {
1101
- # enabled: false, # required
1102
- # expiration_in_days: 1,
1103
- # custom_cname: "String253",
1104
- # s3_bucket_name: "String3To255",
1105
- # s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
1106
- # }
712
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption
713
+ # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html
1107
714
  #
1108
715
  # @!attribute [rw] enabled
1109
716
  # Boolean value that specifies whether certificate revocation lists
@@ -1114,8 +721,8 @@ module Aws::ACMPCA
1114
721
  #
1115
722
  #
1116
723
  #
1117
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1118
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
724
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
725
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
1119
726
  # @return [Boolean]
1120
727
  #
1121
728
  # @!attribute [rw] expiration_in_days
@@ -1127,6 +734,17 @@ module Aws::ACMPCA
1127
734
  # extension that enables the use of an alias for the CRL distribution
1128
735
  # point. Use this value if you don't want the name of your S3 bucket
1129
736
  # to be public.
737
+ #
738
+ # <note markdown="1"> The content of a Canonical Name (CNAME) record must conform to
739
+ # [RFC2396][1] restrictions on the use of special characters in URIs.
740
+ # Additionally, the value of the CNAME must not include a protocol
741
+ # prefix such as "http://" or "https://".
742
+ #
743
+ # </note>
744
+ #
745
+ #
746
+ #
747
+ # [1]: https://www.ietf.org/rfc/rfc2396.txt
1130
748
  # @return [String]
1131
749
  #
1132
750
  # @!attribute [rw] s3_bucket_name
@@ -1135,13 +753,19 @@ module Aws::ACMPCA
1135
753
  # is placed into the **CRL Distribution Points** extension of the
1136
754
  # issued certificate. You can change the name of your bucket by
1137
755
  # calling the [UpdateCertificateAuthority][1] operation. You must
1138
- # specify a [bucket policy][2] that allows ACM Private CA to write the
1139
- # CRL to your bucket.
756
+ # specify a [bucket policy][2] that allows Amazon Web Services Private
757
+ # CA to write the CRL to your bucket.
1140
758
  #
759
+ # <note markdown="1"> The `S3BucketName` parameter must conform to the [S3 bucket naming
760
+ # rules][3].
1141
761
  #
762
+ # </note>
1142
763
  #
1143
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
1144
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies
764
+ #
765
+ #
766
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
767
+ # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-policies
768
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
1145
769
  # @return [String]
1146
770
  #
1147
771
  # @!attribute [rw] s3_object_acl
@@ -1167,7 +791,7 @@ module Aws::ACMPCA
1167
791
  #
1168
792
  #
1169
793
  #
1170
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-bpa
794
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-bpa
1171
795
  # @return [String]
1172
796
  #
1173
797
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CrlConfiguration AWS API Documentation
@@ -1185,68 +809,6 @@ module Aws::ACMPCA
1185
809
  # Describes the certificate extensions to be added to the certificate
1186
810
  # signing request (CSR).
1187
811
  #
1188
- # @note When making an API call, you may pass CsrExtensions
1189
- # data as a hash:
1190
- #
1191
- # {
1192
- # key_usage: {
1193
- # digital_signature: false,
1194
- # non_repudiation: false,
1195
- # key_encipherment: false,
1196
- # data_encipherment: false,
1197
- # key_agreement: false,
1198
- # key_cert_sign: false,
1199
- # crl_sign: false,
1200
- # encipher_only: false,
1201
- # decipher_only: false,
1202
- # },
1203
- # subject_information_access: [
1204
- # {
1205
- # access_method: { # required
1206
- # custom_object_identifier: "CustomObjectIdentifier",
1207
- # access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
1208
- # },
1209
- # access_location: { # required
1210
- # other_name: {
1211
- # type_id: "CustomObjectIdentifier", # required
1212
- # value: "String256", # required
1213
- # },
1214
- # rfc_822_name: "String256",
1215
- # dns_name: "String253",
1216
- # directory_name: {
1217
- # country: "CountryCodeString",
1218
- # organization: "String64",
1219
- # organizational_unit: "String64",
1220
- # distinguished_name_qualifier: "ASN1PrintableString64",
1221
- # state: "String128",
1222
- # common_name: "String64",
1223
- # serial_number: "ASN1PrintableString64",
1224
- # locality: "String128",
1225
- # title: "String64",
1226
- # surname: "String40",
1227
- # given_name: "String16",
1228
- # initials: "String5",
1229
- # pseudonym: "String128",
1230
- # generation_qualifier: "String3",
1231
- # custom_attributes: [
1232
- # {
1233
- # object_identifier: "CustomObjectIdentifier", # required
1234
- # value: "String1To256", # required
1235
- # },
1236
- # ],
1237
- # },
1238
- # edi_party_name: {
1239
- # party_name: "String256", # required
1240
- # name_assigner: "String256",
1241
- # },
1242
- # uniform_resource_identifier: "String253",
1243
- # ip_address: "String39",
1244
- # registered_id: "CustomObjectIdentifier",
1245
- # },
1246
- # },
1247
- # ],
1248
- # }
1249
- #
1250
812
  # @!attribute [rw] key_usage
1251
813
  # Indicates the purpose of the certificate and of the key contained in
1252
814
  # the certificate.
@@ -1273,14 +835,6 @@ module Aws::ACMPCA
1273
835
 
1274
836
  # Defines the X.500 relative distinguished name (RDN).
1275
837
  #
1276
- # @note When making an API call, you may pass CustomAttribute
1277
- # data as a hash:
1278
- #
1279
- # {
1280
- # object_identifier: "CustomObjectIdentifier", # required
1281
- # value: "String1To256", # required
1282
- # }
1283
- #
1284
838
  # @!attribute [rw] object_identifier
1285
839
  # Specifies the object identifier (OID) of the attribute type of the
1286
840
  # relative distinguished name (RDN).
@@ -1306,16 +860,7 @@ module Aws::ACMPCA
1306
860
  #
1307
861
  #
1308
862
  #
1309
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
1310
- #
1311
- # @note When making an API call, you may pass CustomExtension
1312
- # data as a hash:
1313
- #
1314
- # {
1315
- # object_identifier: "CustomObjectIdentifier", # required
1316
- # value: "Base64String1To4096", # required
1317
- # critical: false,
1318
- # }
863
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations
1319
864
  #
1320
865
  # @!attribute [rw] object_identifier
1321
866
  # Specifies the object identifier (OID) of the X.509 extension. For
@@ -1344,14 +889,6 @@ module Aws::ACMPCA
1344
889
  include Aws::Structure
1345
890
  end
1346
891
 
1347
- # @note When making an API call, you may pass DeleteCertificateAuthorityRequest
1348
- # data as a hash:
1349
- #
1350
- # {
1351
- # certificate_authority_arn: "Arn", # required
1352
- # permanent_deletion_time_in_days: 1,
1353
- # }
1354
- #
1355
892
  # @!attribute [rw] certificate_authority_arn
1356
893
  # The Amazon Resource Name (ARN) that was returned when you called
1357
894
  # [CreateCertificateAuthority][1]. This must have the following form:
@@ -1361,7 +898,7 @@ module Aws::ACMPCA
1361
898
  #
1362
899
  #
1363
900
  #
1364
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
901
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1365
902
  # @return [String]
1366
903
  #
1367
904
  # @!attribute [rw] permanent_deletion_time_in_days
@@ -1379,15 +916,6 @@ module Aws::ACMPCA
1379
916
  include Aws::Structure
1380
917
  end
1381
918
 
1382
- # @note When making an API call, you may pass DeletePermissionRequest
1383
- # data as a hash:
1384
- #
1385
- # {
1386
- # certificate_authority_arn: "Arn", # required
1387
- # principal: "Principal", # required
1388
- # source_account: "AccountId",
1389
- # }
1390
- #
1391
919
  # @!attribute [rw] certificate_authority_arn
1392
920
  # The Amazon Resource Number (ARN) of the private CA that issued the
1393
921
  # permissions. You can find the CA's ARN by calling the
@@ -1399,7 +927,7 @@ module Aws::ACMPCA
1399
927
  #
1400
928
  #
1401
929
  #
1402
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
930
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
1403
931
  # @return [String]
1404
932
  #
1405
933
  # @!attribute [rw] principal
@@ -1422,13 +950,6 @@ module Aws::ACMPCA
1422
950
  include Aws::Structure
1423
951
  end
1424
952
 
1425
- # @note When making an API call, you may pass DeletePolicyRequest
1426
- # data as a hash:
1427
- #
1428
- # {
1429
- # resource_arn: "Arn", # required
1430
- # }
1431
- #
1432
953
  # @!attribute [rw] resource_arn
1433
954
  # The Amazon Resource Number (ARN) of the private CA that will have
1434
955
  # its policy deleted. You can find the CA's ARN by calling the
@@ -1438,7 +959,7 @@ module Aws::ACMPCA
1438
959
  #
1439
960
  #
1440
961
  #
1441
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
962
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
1442
963
  # @return [String]
1443
964
  #
1444
965
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicyRequest AWS API Documentation
@@ -1449,14 +970,6 @@ module Aws::ACMPCA
1449
970
  include Aws::Structure
1450
971
  end
1451
972
 
1452
- # @note When making an API call, you may pass DescribeCertificateAuthorityAuditReportRequest
1453
- # data as a hash:
1454
- #
1455
- # {
1456
- # certificate_authority_arn: "Arn", # required
1457
- # audit_report_id: "AuditReportId", # required
1458
- # }
1459
- #
1460
973
  # @!attribute [rw] certificate_authority_arn
1461
974
  # The Amazon Resource Name (ARN) of the private CA. This must be of
1462
975
  # the form:
@@ -1471,7 +984,7 @@ module Aws::ACMPCA
1471
984
  #
1472
985
  #
1473
986
  #
1474
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
987
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
1475
988
  # @return [String]
1476
989
  #
1477
990
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReportRequest AWS API Documentation
@@ -1512,13 +1025,6 @@ module Aws::ACMPCA
1512
1025
  include Aws::Structure
1513
1026
  end
1514
1027
 
1515
- # @note When making an API call, you may pass DescribeCertificateAuthorityRequest
1516
- # data as a hash:
1517
- #
1518
- # {
1519
- # certificate_authority_arn: "Arn", # required
1520
- # }
1521
- #
1522
1028
  # @!attribute [rw] certificate_authority_arn
1523
1029
  # The Amazon Resource Name (ARN) that was returned when you called
1524
1030
  # [CreateCertificateAuthority][1]. This must be of the form:
@@ -1528,7 +1034,7 @@ module Aws::ACMPCA
1528
1034
  #
1529
1035
  #
1530
1036
  #
1531
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1037
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1532
1038
  # @return [String]
1533
1039
  #
1534
1040
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityRequest AWS API Documentation
@@ -1545,7 +1051,7 @@ module Aws::ACMPCA
1545
1051
  #
1546
1052
  #
1547
1053
  #
1548
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthority.html
1054
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthority.html
1549
1055
  # @return [Types::CertificateAuthority]
1550
1056
  #
1551
1057
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityResponse AWS API Documentation
@@ -1563,14 +1069,6 @@ module Aws::ACMPCA
1563
1069
  #
1564
1070
  # [1]: https://datatracker.ietf.org/doc/html/rfc5280
1565
1071
  #
1566
- # @note When making an API call, you may pass EdiPartyName
1567
- # data as a hash:
1568
- #
1569
- # {
1570
- # party_name: "String256", # required
1571
- # name_assigner: "String256",
1572
- # }
1573
- #
1574
1072
  # @!attribute [rw] party_name
1575
1073
  # Specifies the party name.
1576
1074
  # @return [String]
@@ -1592,14 +1090,6 @@ module Aws::ACMPCA
1592
1090
  # be used other than basic purposes indicated in the `KeyUsage`
1593
1091
  # extension.
1594
1092
  #
1595
- # @note When making an API call, you may pass ExtendedKeyUsage
1596
- # data as a hash:
1597
- #
1598
- # {
1599
- # extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
1600
- # extended_key_usage_object_identifier: "CustomObjectIdentifier",
1601
- # }
1602
- #
1603
1093
  # @!attribute [rw] extended_key_usage_type
1604
1094
  # Specifies a standard `ExtendedKeyUsage` as defined as in [RFC
1605
1095
  # 5280][1].
@@ -1625,88 +1115,6 @@ module Aws::ACMPCA
1625
1115
 
1626
1116
  # Contains X.509 extension information for a certificate.
1627
1117
  #
1628
- # @note When making an API call, you may pass Extensions
1629
- # data as a hash:
1630
- #
1631
- # {
1632
- # certificate_policies: [
1633
- # {
1634
- # cert_policy_id: "CustomObjectIdentifier", # required
1635
- # policy_qualifiers: [
1636
- # {
1637
- # policy_qualifier_id: "CPS", # required, accepts CPS
1638
- # qualifier: { # required
1639
- # cps_uri: "String256", # required
1640
- # },
1641
- # },
1642
- # ],
1643
- # },
1644
- # ],
1645
- # extended_key_usage: [
1646
- # {
1647
- # extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
1648
- # extended_key_usage_object_identifier: "CustomObjectIdentifier",
1649
- # },
1650
- # ],
1651
- # key_usage: {
1652
- # digital_signature: false,
1653
- # non_repudiation: false,
1654
- # key_encipherment: false,
1655
- # data_encipherment: false,
1656
- # key_agreement: false,
1657
- # key_cert_sign: false,
1658
- # crl_sign: false,
1659
- # encipher_only: false,
1660
- # decipher_only: false,
1661
- # },
1662
- # subject_alternative_names: [
1663
- # {
1664
- # other_name: {
1665
- # type_id: "CustomObjectIdentifier", # required
1666
- # value: "String256", # required
1667
- # },
1668
- # rfc_822_name: "String256",
1669
- # dns_name: "String253",
1670
- # directory_name: {
1671
- # country: "CountryCodeString",
1672
- # organization: "String64",
1673
- # organizational_unit: "String64",
1674
- # distinguished_name_qualifier: "ASN1PrintableString64",
1675
- # state: "String128",
1676
- # common_name: "String64",
1677
- # serial_number: "ASN1PrintableString64",
1678
- # locality: "String128",
1679
- # title: "String64",
1680
- # surname: "String40",
1681
- # given_name: "String16",
1682
- # initials: "String5",
1683
- # pseudonym: "String128",
1684
- # generation_qualifier: "String3",
1685
- # custom_attributes: [
1686
- # {
1687
- # object_identifier: "CustomObjectIdentifier", # required
1688
- # value: "String1To256", # required
1689
- # },
1690
- # ],
1691
- # },
1692
- # edi_party_name: {
1693
- # party_name: "String256", # required
1694
- # name_assigner: "String256",
1695
- # },
1696
- # uniform_resource_identifier: "String253",
1697
- # ip_address: "String39",
1698
- # registered_id: "CustomObjectIdentifier",
1699
- # },
1700
- # ],
1701
- # custom_extensions: [
1702
- # {
1703
- # object_identifier: "CustomObjectIdentifier", # required
1704
- # value: "Base64String1To4096", # required
1705
- # critical: false,
1706
- # },
1707
- # ],
1708
- # }
1709
- #
1710
1118
  # @!attribute [rw] certificate_policies
1711
1119
  # Contains a sequence of one or more policy information terms, each of
1712
1120
  # which consists of an object identifier (OID) and optional
@@ -1772,47 +1180,6 @@ module Aws::ACMPCA
1772
1180
  #
1773
1181
  # [1]: https://datatracker.ietf.org/doc/html/rfc5280
1774
1182
  #
1775
- # @note When making an API call, you may pass GeneralName
1776
- # data as a hash:
1777
- #
1778
- # {
1779
- # other_name: {
1780
- # type_id: "CustomObjectIdentifier", # required
1781
- # value: "String256", # required
1782
- # },
1783
- # rfc_822_name: "String256",
1784
- # dns_name: "String253",
1785
- # directory_name: {
1786
- # country: "CountryCodeString",
1787
- # organization: "String64",
1788
- # organizational_unit: "String64",
1789
- # distinguished_name_qualifier: "ASN1PrintableString64",
1790
- # state: "String128",
1791
- # common_name: "String64",
1792
- # serial_number: "ASN1PrintableString64",
1793
- # locality: "String128",
1794
- # title: "String64",
1795
- # surname: "String40",
1796
- # given_name: "String16",
1797
- # initials: "String5",
1798
- # pseudonym: "String128",
1799
- # generation_qualifier: "String3",
1800
- # custom_attributes: [
1801
- # {
1802
- # object_identifier: "CustomObjectIdentifier", # required
1803
- # value: "String1To256", # required
1804
- # },
1805
- # ],
1806
- # },
1807
- # edi_party_name: {
1808
- # party_name: "String256", # required
1809
- # name_assigner: "String256",
1810
- # },
1811
- # uniform_resource_identifier: "String253",
1812
- # ip_address: "String39",
1813
- # registered_id: "CustomObjectIdentifier",
1814
- # }
1815
- #
1816
1183
  # @!attribute [rw] other_name
1817
1184
  # Represents `GeneralName` using an `OtherName` object.
1818
1185
  # @return [Types::OtherName]
@@ -1870,13 +1237,6 @@ module Aws::ACMPCA
1870
1237
  include Aws::Structure
1871
1238
  end
1872
1239
 
1873
- # @note When making an API call, you may pass GetCertificateAuthorityCertificateRequest
1874
- # data as a hash:
1875
- #
1876
- # {
1877
- # certificate_authority_arn: "Arn", # required
1878
- # }
1879
- #
1880
1240
  # @!attribute [rw] certificate_authority_arn
1881
1241
  # The Amazon Resource Name (ARN) of your private CA. This is of the
1882
1242
  # form:
@@ -1913,13 +1273,6 @@ module Aws::ACMPCA
1913
1273
  include Aws::Structure
1914
1274
  end
1915
1275
 
1916
- # @note When making an API call, you may pass GetCertificateAuthorityCsrRequest
1917
- # data as a hash:
1918
- #
1919
- # {
1920
- # certificate_authority_arn: "Arn", # required
1921
- # }
1922
- #
1923
1276
  # @!attribute [rw] certificate_authority_arn
1924
1277
  # The Amazon Resource Name (ARN) that was returned when you called the
1925
1278
  # [CreateCertificateAuthority][1] action. This must be of the form:
@@ -1929,7 +1282,7 @@ module Aws::ACMPCA
1929
1282
  #
1930
1283
  #
1931
1284
  #
1932
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1285
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1933
1286
  # @return [String]
1934
1287
  #
1935
1288
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsrRequest AWS API Documentation
@@ -1953,14 +1306,6 @@ module Aws::ACMPCA
1953
1306
  include Aws::Structure
1954
1307
  end
1955
1308
 
1956
- # @note When making an API call, you may pass GetCertificateRequest
1957
- # data as a hash:
1958
- #
1959
- # {
1960
- # certificate_authority_arn: "Arn", # required
1961
- # certificate_arn: "Arn", # required
1962
- # }
1963
- #
1964
1309
  # @!attribute [rw] certificate_authority_arn
1965
1310
  # The Amazon Resource Name (ARN) that was returned when you called
1966
1311
  # [CreateCertificateAuthority][1]. This must be of the form:
@@ -1970,7 +1315,7 @@ module Aws::ACMPCA
1970
1315
  #
1971
1316
  #
1972
1317
  #
1973
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1318
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1974
1319
  # @return [String]
1975
1320
  #
1976
1321
  # @!attribute [rw] certificate_arn
@@ -2009,13 +1354,6 @@ module Aws::ACMPCA
2009
1354
  include Aws::Structure
2010
1355
  end
2011
1356
 
2012
- # @note When making an API call, you may pass GetPolicyRequest
2013
- # data as a hash:
2014
- #
2015
- # {
2016
- # resource_arn: "Arn", # required
2017
- # }
2018
- #
2019
1357
  # @!attribute [rw] resource_arn
2020
1358
  # The Amazon Resource Number (ARN) of the private CA that will have
2021
1359
  # its policy retrieved. You can find the CA's ARN by calling the
@@ -2042,15 +1380,6 @@ module Aws::ACMPCA
2042
1380
  include Aws::Structure
2043
1381
  end
2044
1382
 
2045
- # @note When making an API call, you may pass ImportCertificateAuthorityCertificateRequest
2046
- # data as a hash:
2047
- #
2048
- # {
2049
- # certificate_authority_arn: "Arn", # required
2050
- # certificate: "data", # required
2051
- # certificate_chain: "data",
2052
- # }
2053
- #
2054
1383
  # @!attribute [rw] certificate_authority_arn
2055
1384
  # The Amazon Resource Name (ARN) that was returned when you called
2056
1385
  # [CreateCertificateAuthority][1]. This must be of the form:
@@ -2060,7 +1389,7 @@ module Aws::ACMPCA
2060
1389
  #
2061
1390
  #
2062
1391
  #
2063
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1392
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
2064
1393
  # @return [String]
2065
1394
  #
2066
1395
  # @!attribute [rw] certificate
@@ -2072,9 +1401,9 @@ module Aws::ACMPCA
2072
1401
  # @!attribute [rw] certificate_chain
2073
1402
  # A PEM-encoded file that contains all of your certificates, other
2074
1403
  # than the certificate you're importing, chaining up to your root CA.
2075
- # Your ACM Private CA-hosted or on-premises root certificate is the
2076
- # last in the chain, and each certificate in the chain signs the one
2077
- # preceding.
1404
+ # Your Amazon Web Services Private CA-hosted or on-premises root
1405
+ # certificate is the last in the chain, and each certificate in the
1406
+ # chain signs the one preceding.
2078
1407
  #
2079
1408
  # This parameter must be supplied when you import a subordinate CA.
2080
1409
  # When you import a root CA, there is no chain.
@@ -2123,7 +1452,7 @@ module Aws::ACMPCA
2123
1452
  #
2124
1453
  #
2125
1454
  #
2126
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
1455
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
2127
1456
  #
2128
1457
  # @!attribute [rw] message
2129
1458
  # @return [String]
@@ -2195,127 +1524,6 @@ module Aws::ACMPCA
2195
1524
  include Aws::Structure
2196
1525
  end
2197
1526
 
2198
- # @note When making an API call, you may pass IssueCertificateRequest
2199
- # data as a hash:
2200
- #
2201
- # {
2202
- # api_passthrough: {
2203
- # extensions: {
2204
- # certificate_policies: [
2205
- # {
2206
- # cert_policy_id: "CustomObjectIdentifier", # required
2207
- # policy_qualifiers: [
2208
- # {
2209
- # policy_qualifier_id: "CPS", # required, accepts CPS
2210
- # qualifier: { # required
2211
- # cps_uri: "String256", # required
2212
- # },
2213
- # },
2214
- # ],
2215
- # },
2216
- # ],
2217
- # extended_key_usage: [
2218
- # {
2219
- # extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
2220
- # extended_key_usage_object_identifier: "CustomObjectIdentifier",
2221
- # },
2222
- # ],
2223
- # key_usage: {
2224
- # digital_signature: false,
2225
- # non_repudiation: false,
2226
- # key_encipherment: false,
2227
- # data_encipherment: false,
2228
- # key_agreement: false,
2229
- # key_cert_sign: false,
2230
- # crl_sign: false,
2231
- # encipher_only: false,
2232
- # decipher_only: false,
2233
- # },
2234
- # subject_alternative_names: [
2235
- # {
2236
- # other_name: {
2237
- # type_id: "CustomObjectIdentifier", # required
2238
- # value: "String256", # required
2239
- # },
2240
- # rfc_822_name: "String256",
2241
- # dns_name: "String253",
2242
- # directory_name: {
2243
- # country: "CountryCodeString",
2244
- # organization: "String64",
2245
- # organizational_unit: "String64",
2246
- # distinguished_name_qualifier: "ASN1PrintableString64",
2247
- # state: "String128",
2248
- # common_name: "String64",
2249
- # serial_number: "ASN1PrintableString64",
2250
- # locality: "String128",
2251
- # title: "String64",
2252
- # surname: "String40",
2253
- # given_name: "String16",
2254
- # initials: "String5",
2255
- # pseudonym: "String128",
2256
- # generation_qualifier: "String3",
2257
- # custom_attributes: [
2258
- # {
2259
- # object_identifier: "CustomObjectIdentifier", # required
2260
- # value: "String1To256", # required
2261
- # },
2262
- # ],
2263
- # },
2264
- # edi_party_name: {
2265
- # party_name: "String256", # required
2266
- # name_assigner: "String256",
2267
- # },
2268
- # uniform_resource_identifier: "String253",
2269
- # ip_address: "String39",
2270
- # registered_id: "CustomObjectIdentifier",
2271
- # },
2272
- # ],
2273
- # custom_extensions: [
2274
- # {
2275
- # object_identifier: "CustomObjectIdentifier", # required
2276
- # value: "Base64String1To4096", # required
2277
- # critical: false,
2278
- # },
2279
- # ],
2280
- # },
2281
- # subject: {
2282
- # country: "CountryCodeString",
2283
- # organization: "String64",
2284
- # organizational_unit: "String64",
2285
- # distinguished_name_qualifier: "ASN1PrintableString64",
2286
- # state: "String128",
2287
- # common_name: "String64",
2288
- # serial_number: "ASN1PrintableString64",
2289
- # locality: "String128",
2290
- # title: "String64",
2291
- # surname: "String40",
2292
- # given_name: "String16",
2293
- # initials: "String5",
2294
- # pseudonym: "String128",
2295
- # generation_qualifier: "String3",
2296
- # custom_attributes: [
2297
- # {
2298
- # object_identifier: "CustomObjectIdentifier", # required
2299
- # value: "String1To256", # required
2300
- # },
2301
- # ],
2302
- # },
2303
- # },
2304
- # certificate_authority_arn: "Arn", # required
2305
- # csr: "data", # required
2306
- # signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
2307
- # template_arn: "Arn",
2308
- # validity: { # required
2309
- # value: 1, # required
2310
- # type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
2311
- # },
2312
- # validity_not_before: {
2313
- # value: 1, # required
2314
- # type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
2315
- # },
2316
- # idempotency_token: "IdempotencyToken",
2317
- # }
2318
- #
2319
1527
  # @!attribute [rw] api_passthrough
2320
1528
  # Specifies X.509 certificate information to be included in the issued
2321
1529
  # certificate. An `APIPassthrough` or `APICSRPassthrough` template
@@ -2324,13 +1532,13 @@ module Aws::ACMPCA
2324
1532
  # Certificate Templates][1].
2325
1533
  #
2326
1534
  # If conflicting or duplicate certificate information is supplied
2327
- # during certificate issuance, ACM Private CA applies [order of
2328
- # operation rules][2] to determine what information is used.
1535
+ # during certificate issuance, Amazon Web Services Private CA applies
1536
+ # [order of operation rules][2] to determine what information is used.
2329
1537
  #
2330
1538
  #
2331
1539
  #
2332
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
2333
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
1540
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html
1541
+ # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations
2334
1542
  # @return [Types::ApiPassthrough]
2335
1543
  #
2336
1544
  # @!attribute [rw] certificate_authority_arn
@@ -2342,7 +1550,7 @@ module Aws::ACMPCA
2342
1550
  #
2343
1551
  #
2344
1552
  #
2345
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1553
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
2346
1554
  # @return [String]
2347
1555
  #
2348
1556
  # @!attribute [rw] csr
@@ -2381,22 +1589,22 @@ module Aws::ACMPCA
2381
1589
  #
2382
1590
  # @!attribute [rw] template_arn
2383
1591
  # Specifies a custom configuration template to use when issuing a
2384
- # certificate. If this parameter is not provided, ACM Private CA
2385
- # defaults to the `EndEntityCertificate/V1` template. For CA
2386
- # certificates, you should choose the shortest path length that meets
2387
- # your needs. The path length is indicated by the PathLen*N* portion
2388
- # of the ARN, where *N* is the [CA depth][1].
1592
+ # certificate. If this parameter is not provided, Amazon Web Services
1593
+ # Private CA defaults to the `EndEntityCertificate/V1` template. For
1594
+ # CA certificates, you should choose the shortest path length that
1595
+ # meets your needs. The path length is indicated by the PathLen*N*
1596
+ # portion of the ARN, where *N* is the [CA depth][1].
2389
1597
  #
2390
1598
  # Note: The CA depth configured on a subordinate CA certificate must
2391
1599
  # not exceed the limit set by its parents in the CA hierarchy.
2392
1600
  #
2393
- # For a list of `TemplateArn` values supported by ACM Private CA, see
2394
- # [Understanding Certificate Templates][2].
1601
+ # For a list of `TemplateArn` values supported by Amazon Web Services
1602
+ # Private CA, see [Understanding Certificate Templates][2].
2395
1603
  #
2396
1604
  #
2397
1605
  #
2398
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaTerms.html#terms-cadepth
2399
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
1606
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaTerms.html#terms-cadepth
1607
+ # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html
2400
1608
  # @return [String]
2401
1609
  #
2402
1610
  # @!attribute [rw] validity
@@ -2428,11 +1636,11 @@ module Aws::ACMPCA
2428
1636
  # certificate. This parameter sets the “Not Before" date for the
2429
1637
  # certificate.
2430
1638
  #
2431
- # By default, when issuing a certificate, ACM Private CA sets the
2432
- # "Not Before" date to the issuance time minus 60 minutes. This
2433
- # compensates for clock inconsistencies across computer systems. The
2434
- # `ValidityNotBefore` parameter can be used to customize the “Not
2435
- # Before” value.
1639
+ # By default, when issuing a certificate, Amazon Web Services Private
1640
+ # CA sets the "Not Before" date to the issuance time minus 60
1641
+ # minutes. This compensates for clock inconsistencies across computer
1642
+ # systems. The `ValidityNotBefore` parameter can be used to customize
1643
+ # the “Not Before” value.
2436
1644
  #
2437
1645
  # Unlike the `Validity` parameter, the `ValidityNotBefore` parameter
2438
1646
  # is optional.
@@ -2453,10 +1661,11 @@ module Aws::ACMPCA
2453
1661
  # the **IssueCertificate** action. Idempotency tokens for
2454
1662
  # **IssueCertificate** time out after one minute. Therefore, if you
2455
1663
  # call **IssueCertificate** multiple times with the same idempotency
2456
- # token within one minute, ACM Private CA recognizes that you are
2457
- # requesting only one certificate and will issue only one. If you
2458
- # change the idempotency token for each call, PCA recognizes that you
2459
- # are requesting multiple certificates.
1664
+ # token within one minute, Amazon Web Services Private CA recognizes
1665
+ # that you are requesting only one certificate and will issue only
1666
+ # one. If you change the idempotency token for each call, Amazon Web
1667
+ # Services Private CA recognizes that you are requesting multiple
1668
+ # certificates.
2460
1669
  # @return [String]
2461
1670
  #
2462
1671
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificateRequest AWS API Documentation
@@ -2493,21 +1702,6 @@ module Aws::ACMPCA
2493
1702
  # Defines one or more purposes for which the key contained in the
2494
1703
  # certificate can be used. Default value for each option is false.
2495
1704
  #
2496
- # @note When making an API call, you may pass KeyUsage
2497
- # data as a hash:
2498
- #
2499
- # {
2500
- # digital_signature: false,
2501
- # non_repudiation: false,
2502
- # key_encipherment: false,
2503
- # data_encipherment: false,
2504
- # key_agreement: false,
2505
- # key_cert_sign: false,
2506
- # crl_sign: false,
2507
- # encipher_only: false,
2508
- # decipher_only: false,
2509
- # }
2510
- #
2511
1705
  # @!attribute [rw] digital_signature
2512
1706
  # Key can be used for digital signing.
2513
1707
  # @return [Boolean]
@@ -2560,8 +1754,8 @@ module Aws::ACMPCA
2560
1754
  include Aws::Structure
2561
1755
  end
2562
1756
 
2563
- # An ACM Private CA quota has been exceeded. See the exception message
2564
- # returned to determine the quota that was exceeded.
1757
+ # An Amazon Web Services Private CA quota has been exceeded. See the
1758
+ # exception message returned to determine the quota that was exceeded.
2565
1759
  #
2566
1760
  # @!attribute [rw] message
2567
1761
  # @return [String]
@@ -2574,15 +1768,6 @@ module Aws::ACMPCA
2574
1768
  include Aws::Structure
2575
1769
  end
2576
1770
 
2577
- # @note When making an API call, you may pass ListCertificateAuthoritiesRequest
2578
- # data as a hash:
2579
- #
2580
- # {
2581
- # next_token: "NextToken",
2582
- # max_results: 1,
2583
- # resource_owner: "SELF", # accepts SELF, OTHER_ACCOUNTS
2584
- # }
2585
- #
2586
1771
  # @!attribute [rw] next_token
2587
1772
  # Use this parameter when paginating results in a subsequent request
2588
1773
  # after you receive a response with truncated results. Set it to the
@@ -2632,15 +1817,6 @@ module Aws::ACMPCA
2632
1817
  include Aws::Structure
2633
1818
  end
2634
1819
 
2635
- # @note When making an API call, you may pass ListPermissionsRequest
2636
- # data as a hash:
2637
- #
2638
- # {
2639
- # certificate_authority_arn: "Arn", # required
2640
- # next_token: "NextToken",
2641
- # max_results: 1,
2642
- # }
2643
- #
2644
1820
  # @!attribute [rw] certificate_authority_arn
2645
1821
  # The Amazon Resource Number (ARN) of the private CA to inspect. You
2646
1822
  # can find the ARN by calling the [ListCertificateAuthorities][1]
@@ -2651,7 +1827,7 @@ module Aws::ACMPCA
2651
1827
  #
2652
1828
  #
2653
1829
  #
2654
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
1830
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
2655
1831
  # @return [String]
2656
1832
  #
2657
1833
  # @!attribute [rw] next_token
@@ -2698,15 +1874,6 @@ module Aws::ACMPCA
2698
1874
  include Aws::Structure
2699
1875
  end
2700
1876
 
2701
- # @note When making an API call, you may pass ListTagsRequest
2702
- # data as a hash:
2703
- #
2704
- # {
2705
- # certificate_authority_arn: "Arn", # required
2706
- # next_token: "NextToken",
2707
- # max_results: 1,
2708
- # }
2709
- #
2710
1877
  # @!attribute [rw] certificate_authority_arn
2711
1878
  # The Amazon Resource Name (ARN) that was returned when you called the
2712
1879
  # [CreateCertificateAuthority][1] action. This must be of the form:
@@ -2716,7 +1883,7 @@ module Aws::ACMPCA
2716
1883
  #
2717
1884
  #
2718
1885
  #
2719
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1886
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
2720
1887
  # @return [String]
2721
1888
  #
2722
1889
  # @!attribute [rw] next_token
@@ -2809,35 +1976,32 @@ module Aws::ACMPCA
2809
1976
  # When you revoke a certificate, OCSP responses may take up to 60
2810
1977
  # minutes to reflect the new status.
2811
1978
  #
2812
- # @note When making an API call, you may pass OcspConfiguration
2813
- # data as a hash:
2814
- #
2815
- # {
2816
- # enabled: false, # required
2817
- # ocsp_custom_cname: "String253",
2818
- # }
2819
- #
2820
1979
  # @!attribute [rw] enabled
2821
1980
  # Flag enabling use of the Online Certificate Status Protocol (OCSP)
2822
1981
  # for validating certificate revocation status.
2823
1982
  # @return [Boolean]
2824
1983
  #
2825
1984
  # @!attribute [rw] ocsp_custom_cname
2826
- # By default, ACM Private CA injects an Amazon Web Services domain
2827
- # into certificates being validated by the Online Certificate Status
2828
- # Protocol (OCSP). A customer can alternatively use this object to
2829
- # define a CNAME specifying a customized OCSP domain.
1985
+ # By default, Amazon Web Services Private CA injects an Amazon Web
1986
+ # Services domain into certificates being validated by the Online
1987
+ # Certificate Status Protocol (OCSP). A customer can alternatively use
1988
+ # this object to define a CNAME specifying a customized OCSP domain.
2830
1989
  #
2831
- # Note: The value of the CNAME must not include a protocol prefix such
2832
- # as "http://" or "https://".
1990
+ # <note markdown="1"> The content of a Canonical Name (CNAME) record must conform to
1991
+ # [RFC2396][1] restrictions on the use of special characters in URIs.
1992
+ # Additionally, the value of the CNAME must not include a protocol
1993
+ # prefix such as "http://" or "https://".
1994
+ #
1995
+ # </note>
2833
1996
  #
2834
1997
  # For more information, see [Customizing Online Certificate Status
2835
- # Protocol (OCSP) ][1] in the *Private Certificate Authority (PCA)
2836
- # User Guide*.
1998
+ # Protocol (OCSP) ][2] in the *Amazon Web Services Private Certificate
1999
+ # Authority User Guide*.
2837
2000
  #
2838
2001
  #
2839
2002
  #
2840
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/ocsp-customize.html
2003
+ # [1]: https://www.ietf.org/rfc/rfc2396.txt
2004
+ # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/ocsp-customize.html
2841
2005
  # @return [String]
2842
2006
  #
2843
2007
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/OcspConfiguration AWS API Documentation
@@ -2858,14 +2022,6 @@ module Aws::ACMPCA
2858
2022
  #
2859
2023
  # [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
2860
2024
  #
2861
- # @note When making an API call, you may pass OtherName
2862
- # data as a hash:
2863
- #
2864
- # {
2865
- # type_id: "CustomObjectIdentifier", # required
2866
- # value: "String256", # required
2867
- # }
2868
- #
2869
2025
  # @!attribute [rw] type_id
2870
2026
  # Specifies an OID.
2871
2027
  # @return [String]
@@ -2894,9 +2050,9 @@ module Aws::ACMPCA
2894
2050
  #
2895
2051
  #
2896
2052
  #
2897
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html
2898
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html
2899
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html
2053
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreatePermission.html
2054
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePermission.html
2055
+ # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListPermissions.html
2900
2056
  #
2901
2057
  # @!attribute [rw] certificate_authority_arn
2902
2058
  # The Amazon Resource Number (ARN) of the private CA from which the
@@ -2953,21 +2109,6 @@ module Aws::ACMPCA
2953
2109
 
2954
2110
  # Defines the X.509 `CertificatePolicies` extension.
2955
2111
  #
2956
- # @note When making an API call, you may pass PolicyInformation
2957
- # data as a hash:
2958
- #
2959
- # {
2960
- # cert_policy_id: "CustomObjectIdentifier", # required
2961
- # policy_qualifiers: [
2962
- # {
2963
- # policy_qualifier_id: "CPS", # required, accepts CPS
2964
- # qualifier: { # required
2965
- # cps_uri: "String256", # required
2966
- # },
2967
- # },
2968
- # ],
2969
- # }
2970
- #
2971
2112
  # @!attribute [rw] cert_policy_id
2972
2113
  # Specifies the object identifier (OID) of the certificate policy
2973
2114
  # under which the certificate was issued. For more information, see
@@ -2979,8 +2120,9 @@ module Aws::ACMPCA
2979
2120
  # @return [String]
2980
2121
  #
2981
2122
  # @!attribute [rw] policy_qualifiers
2982
- # Modifies the given `CertPolicyId` with a qualifier. ACM Private CA
2983
- # supports the certification practice statement (CPS) qualifier.
2123
+ # Modifies the given `CertPolicyId` with a qualifier. Amazon Web
2124
+ # Services Private CA supports the certification practice statement
2125
+ # (CPS) qualifier.
2984
2126
  # @return [Array<Types::PolicyQualifierInfo>]
2985
2127
  #
2986
2128
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PolicyInformation AWS API Documentation
@@ -2993,26 +2135,16 @@ module Aws::ACMPCA
2993
2135
  end
2994
2136
 
2995
2137
  # Modifies the `CertPolicyId` of a `PolicyInformation` object with a
2996
- # qualifier. ACM Private CA supports the certification practice
2997
- # statement (CPS) qualifier.
2998
- #
2999
- # @note When making an API call, you may pass PolicyQualifierInfo
3000
- # data as a hash:
3001
- #
3002
- # {
3003
- # policy_qualifier_id: "CPS", # required, accepts CPS
3004
- # qualifier: { # required
3005
- # cps_uri: "String256", # required
3006
- # },
3007
- # }
2138
+ # qualifier. Amazon Web Services Private CA supports the certification
2139
+ # practice statement (CPS) qualifier.
3008
2140
  #
3009
2141
  # @!attribute [rw] policy_qualifier_id
3010
2142
  # Identifies the qualifier modifying a `CertPolicyId`.
3011
2143
  # @return [String]
3012
2144
  #
3013
2145
  # @!attribute [rw] qualifier
3014
- # Defines the qualifier type. ACM Private CA supports the use of a URI
3015
- # for a CPS qualifier in this field.
2146
+ # Defines the qualifier type. Amazon Web Services Private CA supports
2147
+ # the use of a URI for a CPS qualifier in this field.
3016
2148
  # @return [Types::Qualifier]
3017
2149
  #
3018
2150
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PolicyQualifierInfo AWS API Documentation
@@ -3024,14 +2156,6 @@ module Aws::ACMPCA
3024
2156
  include Aws::Structure
3025
2157
  end
3026
2158
 
3027
- # @note When making an API call, you may pass PutPolicyRequest
3028
- # data as a hash:
3029
- #
3030
- # {
3031
- # resource_arn: "Arn", # required
3032
- # policy: "AWSPolicy", # required
3033
- # }
3034
- #
3035
2159
  # @!attribute [rw] resource_arn
3036
2160
  # The Amazon Resource Number (ARN) of the private CA to associate with
3037
2161
  # the policy. The ARN of the CA can be found by calling the
@@ -3041,7 +2165,7 @@ module Aws::ACMPCA
3041
2165
  #
3042
2166
  #
3043
2167
  #
3044
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
2168
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
3045
2169
  # @return [String]
3046
2170
  #
3047
2171
  # @!attribute [rw] policy
@@ -3066,21 +2190,14 @@ module Aws::ACMPCA
3066
2190
  include Aws::Structure
3067
2191
  end
3068
2192
 
3069
- # Defines a `PolicyInformation` qualifier. ACM Private CA supports the
3070
- # [certification practice statement (CPS) qualifier][1] defined in RFC
3071
- # 5280.
2193
+ # Defines a `PolicyInformation` qualifier. Amazon Web Services Private
2194
+ # CA supports the [certification practice statement (CPS) qualifier][1]
2195
+ # defined in RFC 5280.
3072
2196
  #
3073
2197
  #
3074
2198
  #
3075
2199
  # [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
3076
2200
  #
3077
- # @note When making an API call, you may pass Qualifier
3078
- # data as a hash:
3079
- #
3080
- # {
3081
- # cps_uri: "String256", # required
3082
- # }
3083
- #
3084
2201
  # @!attribute [rw] cps_uri
3085
2202
  # Contains a pointer to a certification practice statement (CPS)
3086
2203
  # published by the CA.
@@ -3147,13 +2264,6 @@ module Aws::ACMPCA
3147
2264
  include Aws::Structure
3148
2265
  end
3149
2266
 
3150
- # @note When making an API call, you may pass RestoreCertificateAuthorityRequest
3151
- # data as a hash:
3152
- #
3153
- # {
3154
- # certificate_authority_arn: "Arn", # required
3155
- # }
3156
- #
3157
2267
  # @!attribute [rw] certificate_authority_arn
3158
2268
  # The Amazon Resource Name (ARN) that was returned when you called the
3159
2269
  # [CreateCertificateAuthority][1] action. This must be of the form:
@@ -3163,7 +2273,7 @@ module Aws::ACMPCA
3163
2273
  #
3164
2274
  #
3165
2275
  #
3166
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
2276
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
3167
2277
  # @return [String]
3168
2278
  #
3169
2279
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthorityRequest AWS API Documentation
@@ -3182,38 +2292,22 @@ module Aws::ACMPCA
3182
2292
  # about certificates as requested by clients, and a CRL contains an
3183
2293
  # updated list of certificates revoked by your CA. For more information,
3184
2294
  # see [RevokeCertificate][3] and [Setting up a certificate revocation
3185
- # method][4] in the *Private Certificate Authority (PCA) User Guide*.
3186
- #
2295
+ # method][4] in the *Amazon Web Services Private Certificate Authority
2296
+ # User Guide*.
3187
2297
  #
3188
2298
  #
3189
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
3190
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
3191
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html
3192
- # [4]: https://docs.aws.amazon.com/acm-pca/latest/userguide/revocation-setup.html
3193
2299
  #
3194
- # @note When making an API call, you may pass RevocationConfiguration
3195
- # data as a hash:
3196
- #
3197
- # {
3198
- # crl_configuration: {
3199
- # enabled: false, # required
3200
- # expiration_in_days: 1,
3201
- # custom_cname: "String253",
3202
- # s3_bucket_name: "String3To255",
3203
- # s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
3204
- # },
3205
- # ocsp_configuration: {
3206
- # enabled: false, # required
3207
- # ocsp_custom_cname: "String253",
3208
- # },
3209
- # }
2300
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
2301
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
2302
+ # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html
2303
+ # [4]: https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html
3210
2304
  #
3211
2305
  # @!attribute [rw] crl_configuration
3212
2306
  # Configuration of the certificate revocation list (CRL), if any,
3213
2307
  # maintained by your private CA. A CRL is typically updated
3214
2308
  # approximately 30 minutes after a certificate is revoked. If for any
3215
- # reason a CRL update fails, ACM Private CA makes further attempts
3216
- # every 15 minutes.
2309
+ # reason a CRL update fails, Amazon Web Services Private CA makes
2310
+ # further attempts every 15 minutes.
3217
2311
  # @return [Types::CrlConfiguration]
3218
2312
  #
3219
2313
  # @!attribute [rw] ocsp_configuration
@@ -3232,15 +2326,6 @@ module Aws::ACMPCA
3232
2326
  include Aws::Structure
3233
2327
  end
3234
2328
 
3235
- # @note When making an API call, you may pass RevokeCertificateRequest
3236
- # data as a hash:
3237
- #
3238
- # {
3239
- # certificate_authority_arn: "Arn", # required
3240
- # certificate_serial: "String128", # required
3241
- # revocation_reason: "UNSPECIFIED", # required, accepts UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, PRIVILEGE_WITHDRAWN, A_A_COMPROMISE
3242
- # }
3243
- #
3244
2329
  # @!attribute [rw] certificate_authority_arn
3245
2330
  # Amazon Resource Name (ARN) of the private CA that issued the
3246
2331
  # certificate to be revoked. This must be of the form:
@@ -3266,7 +2351,7 @@ module Aws::ACMPCA
3266
2351
  #
3267
2352
  #
3268
2353
  #
3269
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html
2354
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificate.html
3270
2355
  # [2]: https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html
3271
2356
  # @return [String]
3272
2357
  #
@@ -3292,16 +2377,8 @@ module Aws::ACMPCA
3292
2377
  #
3293
2378
  #
3294
2379
  #
3295
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html
3296
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html
3297
- #
3298
- # @note When making an API call, you may pass Tag
3299
- # data as a hash:
3300
- #
3301
- # {
3302
- # key: "TagKey", # required
3303
- # value: "TagValue",
3304
- # }
2380
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_TagCertificateAuthority.html
2381
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UntagCertificateAuthority.html
3305
2382
  #
3306
2383
  # @!attribute [rw] key
3307
2384
  # Key (name) of the tag.
@@ -3320,19 +2397,6 @@ module Aws::ACMPCA
3320
2397
  include Aws::Structure
3321
2398
  end
3322
2399
 
3323
- # @note When making an API call, you may pass TagCertificateAuthorityRequest
3324
- # data as a hash:
3325
- #
3326
- # {
3327
- # certificate_authority_arn: "Arn", # required
3328
- # tags: [ # required
3329
- # {
3330
- # key: "TagKey", # required
3331
- # value: "TagValue",
3332
- # },
3333
- # ],
3334
- # }
3335
- #
3336
2400
  # @!attribute [rw] certificate_authority_arn
3337
2401
  # The Amazon Resource Name (ARN) that was returned when you called
3338
2402
  # [CreateCertificateAuthority][1]. This must be of the form:
@@ -3342,7 +2406,7 @@ module Aws::ACMPCA
3342
2406
  #
3343
2407
  #
3344
2408
  #
3345
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
2409
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
3346
2410
  # @return [String]
3347
2411
  #
3348
2412
  # @!attribute [rw] tags
@@ -3372,19 +2436,6 @@ module Aws::ACMPCA
3372
2436
  include Aws::Structure
3373
2437
  end
3374
2438
 
3375
- # @note When making an API call, you may pass UntagCertificateAuthorityRequest
3376
- # data as a hash:
3377
- #
3378
- # {
3379
- # certificate_authority_arn: "Arn", # required
3380
- # tags: [ # required
3381
- # {
3382
- # key: "TagKey", # required
3383
- # value: "TagValue",
3384
- # },
3385
- # ],
3386
- # }
3387
- #
3388
2439
  # @!attribute [rw] certificate_authority_arn
3389
2440
  # The Amazon Resource Name (ARN) that was returned when you called
3390
2441
  # [CreateCertificateAuthority][1]. This must be of the form:
@@ -3394,7 +2445,7 @@ module Aws::ACMPCA
3394
2445
  #
3395
2446
  #
3396
2447
  #
3397
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
2448
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
3398
2449
  # @return [String]
3399
2450
  #
3400
2451
  # @!attribute [rw] tags
@@ -3410,27 +2461,6 @@ module Aws::ACMPCA
3410
2461
  include Aws::Structure
3411
2462
  end
3412
2463
 
3413
- # @note When making an API call, you may pass UpdateCertificateAuthorityRequest
3414
- # data as a hash:
3415
- #
3416
- # {
3417
- # certificate_authority_arn: "Arn", # required
3418
- # revocation_configuration: {
3419
- # crl_configuration: {
3420
- # enabled: false, # required
3421
- # expiration_in_days: 1,
3422
- # custom_cname: "String253",
3423
- # s3_bucket_name: "String3To255",
3424
- # s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
3425
- # },
3426
- # ocsp_configuration: {
3427
- # enabled: false, # required
3428
- # ocsp_custom_cname: "String253",
3429
- # },
3430
- # },
3431
- # status: "CREATING", # accepts CREATING, PENDING_CERTIFICATE, ACTIVE, DELETED, DISABLED, EXPIRED, FAILED
3432
- # }
3433
- #
3434
2464
  # @!attribute [rw] certificate_authority_arn
3435
2465
  # Amazon Resource Name (ARN) of the private CA that issued the
3436
2466
  # certificate to be revoked. This must be of the form:
@@ -3447,10 +2477,31 @@ module Aws::ACMPCA
3447
2477
  # information, see the [OcspConfiguration][1] and
3448
2478
  # [CrlConfiguration][2] types.
3449
2479
  #
2480
+ # <note markdown="1"> The following requirements apply to revocation configurations.
2481
+ #
2482
+ # * A configuration disabling CRLs or OCSP must contain only the
2483
+ # `Enabled=False` parameter, and will fail if other parameters such
2484
+ # as `CustomCname` or `ExpirationInDays` are included.
2485
+ #
2486
+ # * In a CRL configuration, the `S3BucketName` parameter must conform
2487
+ # to [Amazon S3 bucket naming rules][3].
2488
+ #
2489
+ # * A configuration containing a custom Canonical Name (CNAME)
2490
+ # parameter for CRLs or OCSP must conform to [RFC2396][4]
2491
+ # restrictions on the use of special characters in a CNAME.
3450
2492
  #
2493
+ # * In a CRL or OCSP configuration, the value of a CNAME parameter
2494
+ # must not include a protocol prefix such as "http://" or
2495
+ # "https://".
3451
2496
  #
3452
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html
3453
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
2497
+ # </note>
2498
+ #
2499
+ #
2500
+ #
2501
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html
2502
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
2503
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
2504
+ # [4]: https://www.ietf.org/rfc/rfc2396.txt
3454
2505
  # @return [Types::RevocationConfiguration]
3455
2506
  #
3456
2507
  # @!attribute [rw] status
@@ -3473,34 +2524,26 @@ module Aws::ACMPCA
3473
2524
  # after issuance, stated in days, months, or years. For more
3474
2525
  # information, see [Validity][1] in RFC 5280.
3475
2526
  #
3476
- # ACM Private CA API consumes the `Validity` data type differently in
3477
- # two distinct parameters of the `IssueCertificate` action. The required
3478
- # parameter `IssueCertificate`\:`Validity` specifies the end of a
3479
- # certificate's validity period. The optional parameter
3480
- # `IssueCertificate`\:`ValidityNotBefore` specifies a customized
3481
- # starting time for the validity period.
2527
+ # Amazon Web Services Private CA API consumes the `Validity` data type
2528
+ # differently in two distinct parameters of the `IssueCertificate`
2529
+ # action. The required parameter `IssueCertificate`\:`Validity`
2530
+ # specifies the end of a certificate's validity period. The optional
2531
+ # parameter `IssueCertificate`\:`ValidityNotBefore` specifies a
2532
+ # customized starting time for the validity period.
3482
2533
  #
3483
2534
  #
3484
2535
  #
3485
2536
  # [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
3486
2537
  #
3487
- # @note When making an API call, you may pass Validity
3488
- # data as a hash:
3489
- #
3490
- # {
3491
- # value: 1, # required
3492
- # type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
3493
- # }
3494
- #
3495
2538
  # @!attribute [rw] value
3496
2539
  # A long integer interpreted according to the value of `Type`, below.
3497
2540
  # @return [Integer]
3498
2541
  #
3499
2542
  # @!attribute [rw] type
3500
- # Determines how *ACM Private CA* interprets the `Value` parameter, an
3501
- # integer. Supported validity types include those listed below. Type
3502
- # definitions with values include a sample input value and the
3503
- # resulting output.
2543
+ # Determines how *Amazon Web Services Private CA* interprets the
2544
+ # `Value` parameter, an integer. Supported validity types include
2545
+ # those listed below. Type definitions with values include a sample
2546
+ # input value and the resulting output.
3504
2547
  #
3505
2548
  # `END_DATE`\: The specific date and time when the certificate will
3506
2549
  # expire, expressed using UTCTime (YYMMDDHHMMSS) or GeneralizedTime