aws-sdk-acmpca 1.51.0 → 1.53.0

data/lib/aws-sdk-acmpca/client.rb

@@ -393,20 +393,22 @@ module Aws::ACMPCA
     # CA. If successful, this action returns the Amazon Resource Name (ARN)
     # of the CA.
     #
-    # ACM Private CA assets that are stored in Amazon S3 can be protected
-    # with encryption. For more information, see [Encrypting Your CRLs][1].
-    #
-    # <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
-    # bucket that you specify. If the IAM principal making the call does not
-    # have permission to write to the bucket, then an exception is thrown.
-    # For more information, see [Access policies for CRLs in Amazon S3][2].
+    # <note markdown="1"> Both Amazon Web Services Private CA and the IAM principal must have
+    # permission to write to the S3 bucket that you specify. If the IAM
+    # principal making the call does not have permission to write to the
+    # bucket, then an exception is thrown. For more information, see [Access
+    # policies for CRLs in Amazon S3][1].
     #
     #  </note>
     #
+    # Amazon Web Services Private CA assets that are stored in Amazon S3 can
+    # be protected with encryption. For more information, see [Encrypting
+    # Your CRLs][2].
+    #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
+    # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#s3-policies
+    # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption
     #
     # @option params [required, Types::CertificateAuthorityConfiguration] :certificate_authority_configuration
     #   Name and bit size of the private key algorithm, the name of the
@@ -416,13 +418,35 @@ module Aws::ACMPCA
     #   Contains information to enable Online Certificate Status Protocol
     #   (OCSP) support, to enable a certificate revocation list (CRL), to
     #   enable both, or to enable neither. The default is for both certificate
-    #   validation mechanisms to be disabled. For more information, see the
-    #   [OcspConfiguration][1] and [CrlConfiguration][2] types.
+    #   validation mechanisms to be disabled.
+    #
+    #   <note markdown="1"> The following requirements apply to revocation configurations.
+    #
+    #    * A configuration disabling CRLs or OCSP must contain only the
+    #     `Enabled=False` parameter, and will fail if other parameters such as
+    #     `CustomCname` or `ExpirationInDays` are included.
+    #
+    #   * In a CRL configuration, the `S3BucketName` parameter must conform to
+    #     [Amazon S3 bucket naming rules][1].
+    #
+    #   * A configuration containing a custom Canonical Name (CNAME) parameter
+    #     for CRLs or OCSP must conform to [RFC2396][2] restrictions on the
+    #     use of special characters in a CNAME.
+    #
+    #   * In a CRL or OCSP configuration, the value of a CNAME parameter must
+    #     not include a protocol prefix such as "http://" or "https://".
+    #
+    #    </note>
+    #
+    #   For more information, see the [OcspConfiguration][3] and
+    #   [CrlConfiguration][4] types.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html
-    #   [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
+    #   [2]: https://www.ietf.org/rfc/rfc2396.txt
+    #   [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html
+    #   [4]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
     #
     # @option params [required, String] :certificate_authority_type
     #   The type of the certificate authority.
@@ -432,10 +456,11 @@ module Aws::ACMPCA
     #   **CreateCertificateAuthority** action. Idempotency tokens for
     #   **CreateCertificateAuthority** time out after five minutes. Therefore,
     #   if you call **CreateCertificateAuthority** multiple times with the
-    #   same idempotency token within five minutes, ACM Private CA recognizes
-    #   that you are requesting only certificate authority and will issue only
-    #   one. If you change the idempotency token for each call, PCA recognizes
-    #   that you are requesting multiple certificate authorities.
+    #   same idempotency token within five minutes, Amazon Web Services
+    #   Private CA recognizes that you are requesting only certificate
+    #   authority and will issue only one. If you change the idempotency token
+    #   for each call, Amazon Web Services Private CA recognizes that you are
+    #   requesting multiple certificate authorities.
     #
     # @option params [String] :key_storage_security_standard
     #   Specifies a cryptographic key management compliance standard used for
@@ -570,13 +595,13 @@ module Aws::ACMPCA
     #       crl_configuration: {
     #         enabled: false, # required
     #         expiration_in_days: 1,
-    #         custom_cname: "String253",
-    #         s3_bucket_name: "String3To255",
+    #         custom_cname: "CnameString",
+    #         s3_bucket_name: "S3BucketName3To255",
     #         s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
     #       },
     #       ocsp_configuration: {
     #         enabled: false, # required
-    #         ocsp_custom_cname: "String253",
+    #         ocsp_custom_cname: "CnameString",
     #       },
     #     },
     #     certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE
@@ -609,16 +634,17 @@ module Aws::ACMPCA
     # on input. The [IssueCertificate][1] and [RevokeCertificate][2] actions
     # use the private key.
     #
-    # <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
-    # bucket that you specify. If the IAM principal making the call does not
-    # have permission to write to the bucket, then an exception is thrown.
-    # For more information, see [Access policies for CRLs in Amazon S3][3].
+    # <note markdown="1"> Both Amazon Web Services Private CA and the IAM principal must have
+    # permission to write to the S3 bucket that you specify. If the IAM
+    # principal making the call does not have permission to write to the
+    # bucket, then an exception is thrown. For more information, see [Access
+    # policies for CRLs in Amazon S3][3].
     #
     #  </note>
     #
-    # ACM Private CA assets that are stored in Amazon S3 can be protected
-    # with encryption. For more information, see [Encrypting Your Audit
-    # Reports][4].
+    # Amazon Web Services Private CA assets that are stored in Amazon S3 can
+    # be protected with encryption. For more information, see [Encrypting
+    # Your Audit Reports][4].
     #
     # <note markdown="1"> You can generate a maximum of one report every 30 minutes.
     #
@@ -626,10 +652,10 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html
-    # [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
-    # [4]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuditReport.html#audit-report-encryption
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html
+    # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#s3-policies
+    # [4]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaAuditReport.html#audit-report-encryption
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) of the CA to be audited. This is of the
@@ -694,14 +720,14 @@ module Aws::ACMPCA
     #   accounts, then permissions cannot be used to enable automatic
     #   renewals. Instead, the ACM certificate owner must set up a
     #   resource-based policy to enable cross-account issuance and renewals.
-    #   For more information, see [Using a Resource Based Policy with ACM
-    #   Private CA][3].
+    #   For more information, see [Using a Resource Based Policy with Amazon
+    #   Web Services Private CA][3].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html
-    # [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListPermissions.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePermission.html
+    # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) of the CA that grants the permissions.
@@ -713,7 +739,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
     #
     # @option params [required, String] :principal
     #   The Amazon Web Services service or identity that receives the
@@ -766,8 +792,8 @@ module Aws::ACMPCA
     # Additionally, you can delete a CA if you are waiting for it to be
     # created (that is, the status of the CA is `CREATING`). You can also
     # delete it if the CA has been created but you haven't yet imported the
-    # signed certificate into ACM Private CA (that is, the status of the CA
-    # is `PENDING_CERTIFICATE`).
+    # signed certificate into Amazon Web Services Private CA (that is, the
+    # status of the CA is `PENDING_CERTIFICATE`).
     #
     # When you successfully call [DeleteCertificateAuthority][3], the CA's
     # status changes to `DELETED`. However, the CA won't be permanently
@@ -781,11 +807,11 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
-    # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html
-    # [4]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html
-    # [5]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RestoreCertificateAuthority.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
+    # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeleteCertificateAuthority.html
+    # [4]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DescribeCertificateAuthority.html
+    # [5]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_RestoreCertificateAuthority.html
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called
@@ -796,7 +822,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
     #
     # @option params [Integer] :permanent_deletion_time_in_days
     #   The number of days to make a CA restorable after it has been deleted.
@@ -845,14 +871,14 @@ module Aws::ACMPCA
     #   accounts, then permissions cannot be used to enable automatic
     #   renewals. Instead, the ACM certificate owner must set up a
     #   resource-based policy to enable cross-account issuance and renewals.
-    #   For more information, see [Using a Resource Based Policy with ACM
-    #   Private CA][3].
+    #   For more information, see [Using a Resource Based Policy with Amazon
+    #   Web Services Private CA][3].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html
-    # [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreatePermission.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListPermissions.html
+    # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Number (ARN) of the private CA that issued the
@@ -865,7 +891,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
     #
     # @option params [required, String] :principal
     #   The Amazon Web Services service or identity that will have its CA
@@ -914,7 +940,7 @@ module Aws::ACMPCA
     #   customer account, to Amazon Web Services Organizations, or to an
     #   Amazon Web Services Organizations unit. Policies are under the
     #   control of a CA administrator. For more information, see [Using a
-    #   Resource Based Policy with ACM Private CA][3].
+    #   Resource Based Policy with Amazon Web Services Private CA][3].
     #
     # * A policy permits a user of Certificate Manager (ACM) to issue ACM
     #   certificates signed by a CA in another account.
@@ -922,8 +948,8 @@ module Aws::ACMPCA
     # * For ACM to manage automatic renewal of these certificates, the ACM
     #   user must configure a Service Linked Role (SLR). The SLR allows the
     #   ACM service to assume the identity of the user, subject to
-    #   confirmation against the ACM Private CA policy. For more
-    #   information, see [Using a Service Linked Role with ACM][4].
+    #   confirmation against the Amazon Web Services Private CA policy. For
+    #   more information, see [Using a Service Linked Role with ACM][4].
     #
     # * Updates made in Amazon Web Services Resource Manager (RAM) are
     #   reflected in policies. For more information, see [Attach a Policy
@@ -931,11 +957,11 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html
-    # [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetPolicy.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_PutPolicy.html
+    # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html
     # [4]: https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html
-    # [5]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html
+    # [5]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-ram.html
     #
     # @option params [required, String] :resource_arn
     #   The Amazon Resource Number (ARN) of the private CA that will have its
@@ -946,7 +972,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -970,12 +996,13 @@ module Aws::ACMPCA
     # its ARN (Amazon Resource Name). The output contains the status of your
     # CA. This can be any of the following:
     #
-    # * `CREATING` - ACM Private CA is creating your private certificate
-    #   authority.
+    # * `CREATING` - Amazon Web Services Private CA is creating your private
+    #   certificate authority.
     #
     # * `PENDING_CERTIFICATE` - The certificate is pending. You must use
-    #   your ACM Private CA-hosted or on-premises root or subordinate CA to
-    #   sign your private CA CSR and then import it into PCA.
+    #   your Amazon Web Services Private CA-hosted or on-premises root or
+    #   subordinate CA to sign your private CA CSR and then import it into
+    #   Amazon Web Services Private CA.
     #
     # * `ACTIVE` - Your private CA is active.
     #
@@ -1001,7 +1028,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
     #
     # @return [Types::DescribeCertificateAuthorityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1110,9 +1137,9 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html
-    # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html
+    # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) of the private CA. This must be of the
@@ -1127,7 +1154,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
     #
     # @return [Types::DescribeCertificateAuthorityAuditReportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1176,8 +1203,8 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called
@@ -1188,7 +1215,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
     #
     # @option params [required, String] :certificate_arn
     #   The ARN of the issued certificate. The ARN contains the certificate
@@ -1268,16 +1295,16 @@ module Aws::ACMPCA
 
     # Retrieves the certificate signing request (CSR) for your private
     # certificate authority (CA). The CSR is created when you call the
-    # [CreateCertificateAuthority][1] action. Sign the CSR with your ACM
-    # Private CA-hosted or on-premises root or subordinate CA. Then import
-    # the signed certificate back into ACM Private CA by calling the
-    # [ImportCertificateAuthorityCertificate][2] action. The CSR is returned
-    # as a base64 PEM-encoded string.
+    # [CreateCertificateAuthority][1] action. Sign the CSR with your Amazon
+    # Web Services Private CA-hosted or on-premises root or subordinate CA.
+    # Then import the signed certificate back into Amazon Web Services
+    # Private CA by calling the [ImportCertificateAuthorityCertificate][2]
+    # action. The CSR is returned as a base64 PEM-encoded string.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called the
@@ -1288,7 +1315,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
     #
     # @return [Types::GetCertificateAuthorityCsrResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1331,7 +1358,7 @@ module Aws::ACMPCA
     #   customer account, to Amazon Web Services Organizations, or to an
     #   Amazon Web Services Organizations unit. Policies are under the
     #   control of a CA administrator. For more information, see [Using a
-    #   Resource Based Policy with ACM Private CA][3].
+    #   Resource Based Policy with Amazon Web Services Private CA][3].
     #
     # * A policy permits a user of Certificate Manager (ACM) to issue ACM
     #   certificates signed by a CA in another account.
@@ -1339,8 +1366,8 @@ module Aws::ACMPCA
     # * For ACM to manage automatic renewal of these certificates, the ACM
     #   user must configure a Service Linked Role (SLR). The SLR allows the
     #   ACM service to assume the identity of the user, subject to
-    #   confirmation against the ACM Private CA policy. For more
-    #   information, see [Using a Service Linked Role with ACM][4].
+    #   confirmation against the Amazon Web Services Private CA policy. For
+    #   more information, see [Using a Service Linked Role with ACM][4].
     #
     # * Updates made in Amazon Web Services Resource Manager (RAM) are
     #   reflected in policies. For more information, see [Attach a Policy
@@ -1348,11 +1375,11 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html
-    # [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_PutPolicy.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePolicy.html
+    # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html
     # [4]: https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html
-    # [5]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html
+    # [5]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-ram.html
     #
     # @option params [required, String] :resource_arn
     #   The Amazon Resource Number (ARN) of the private CA that will have its
@@ -1382,14 +1409,14 @@ module Aws::ACMPCA
       req.send_request(options)
     end
 
-    # Imports a signed private CA certificate into ACM Private CA. This
-    # action is used when you are using a chain of trust whose root is
-    # located outside ACM Private CA. Before you can call this action, the
-    # following preparations must in place:
+    # Imports a signed private CA certificate into Amazon Web Services
+    # Private CA. This action is used when you are using a chain of trust
+    # whose root is located outside Amazon Web Services Private CA. Before
+    # you can call this action, the following preparations must in place:
     #
-    # 1.  In ACM Private CA, call the [CreateCertificateAuthority][1] action
-    #     to create the private CA that you plan to back with the imported
-    #     certificate.
+    # 1.  In Amazon Web Services Private CA, call the
+    #     [CreateCertificateAuthority][1] action to create the private CA
+    #     that you plan to back with the imported certificate.
     #
     # 2.  Call the [GetCertificateAuthorityCsr][2] action to generate a
     #     certificate signing request (CSR).
@@ -1400,13 +1427,14 @@ module Aws::ACMPCA
     # 4.  Create a certificate chain and copy the signed certificate and the
     #     certificate chain to your working directory.
     #
-    # ACM Private CA supports three scenarios for installing a CA
-    # certificate:
+    # Amazon Web Services Private CA supports three scenarios for installing
+    # a CA certificate:
     #
-    # * Installing a certificate for a root CA hosted by ACM Private CA.
+    # * Installing a certificate for a root CA hosted by Amazon Web Services
+    #   Private CA.
     #
     # * Installing a subordinate CA certificate whose parent authority is
-    #   hosted by ACM Private CA.
+    #   hosted by Amazon Web Services Private CA.
     #
     # * Installing a subordinate CA certificate whose parent authority is
     #   externally hosted.
@@ -1434,8 +1462,8 @@ module Aws::ACMPCA
     #
     # *Enforcement of Critical Constraints*
     #
-    # ACM Private CA allows the following extensions to be marked critical
-    # in the imported CA certificate or chain.
+    # Amazon Web Services Private CA allows the following extensions to be
+    # marked critical in the imported CA certificate or chain.
     #
     # * Basic constraints (*must* be marked critical)
     #
@@ -1461,8 +1489,8 @@ module Aws::ACMPCA
     #
     # * Inhibit anyPolicy
     #
-    # ACM Private CA rejects the following extensions when they are marked
-    # critical in an imported CA certificate or chain.
+    # Amazon Web Services Private CA rejects the following extensions when
+    # they are marked critical in an imported CA certificate or chain.
     #
     # * Name constraints
     #
@@ -1478,8 +1506,8 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCsr.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificateAuthorityCsr.html
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called
@@ -1490,7 +1518,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
     #
     # @option params [required, String, StringIO, File] :certificate
     #   The PEM-encoded certificate for a private CA. This may be a
@@ -1500,8 +1528,9 @@ module Aws::ACMPCA
     # @option params [String, StringIO, File] :certificate_chain
     #   A PEM-encoded file that contains all of your certificates, other than
     #   the certificate you're importing, chaining up to your root CA. Your
-    #   ACM Private CA-hosted or on-premises root certificate is the last in
-    #   the chain, and each certificate in the chain signs the one preceding.
+    #   Amazon Web Services Private CA-hosted or on-premises root certificate
+    #   is the last in the chain, and each certificate in the chain signs the
+    #   one preceding.
     #
     #   This parameter must be supplied when you import a subordinate CA. When
     #   you import a root CA, there is no chain.
@@ -1532,14 +1561,14 @@ module Aws::ACMPCA
     # specifying the ARN.
     #
     # <note markdown="1"> You cannot use the ACM **ListCertificateAuthorities** action to
-    # retrieve the ARNs of the certificates that you issue by using ACM
-    # Private CA.
+    # retrieve the ARNs of the certificates that you issue by using Amazon
+    # Web Services Private CA.
     #
     #  </note>
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificate.html
     #
     # @option params [Types::ApiPassthrough] :api_passthrough
     #   Specifies X.509 certificate information to be included in the issued
@@ -1549,13 +1578,13 @@ module Aws::ACMPCA
     #   Certificate Templates][1].
     #
     #   If conflicting or duplicate certificate information is supplied during
-    #   certificate issuance, ACM Private CA applies [order of operation
-    #   rules][2] to determine what information is used.
+    #   certificate issuance, Amazon Web Services Private CA applies [order of
+    #   operation rules][2] to determine what information is used.
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
-    #   [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html
+    #   [2]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called
@@ -1566,7 +1595,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
     #
     # @option params [required, String, StringIO, File] :csr
     #   The certificate signing request (CSR) for the certificate you want to
@@ -1602,8 +1631,8 @@ module Aws::ACMPCA
     #
     # @option params [String] :template_arn
     #   Specifies a custom configuration template to use when issuing a
-    #   certificate. If this parameter is not provided, ACM Private CA
-    #   defaults to the `EndEntityCertificate/V1` template. For CA
+    #   certificate. If this parameter is not provided, Amazon Web Services
+    #   Private CA defaults to the `EndEntityCertificate/V1` template. For CA
     #   certificates, you should choose the shortest path length that meets
     #   your needs. The path length is indicated by the PathLen*N* portion of
     #   the ARN, where *N* is the [CA depth][1].
@@ -1611,13 +1640,13 @@ module Aws::ACMPCA
     #   Note: The CA depth configured on a subordinate CA certificate must not
     #   exceed the limit set by its parents in the CA hierarchy.
     #
-    #   For a list of `TemplateArn` values supported by ACM Private CA, see
-    #   [Understanding Certificate Templates][2].
+    #   For a list of `TemplateArn` values supported by Amazon Web Services
+    #   Private CA, see [Understanding Certificate Templates][2].
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaTerms.html#terms-cadepth
-    #   [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaTerms.html#terms-cadepth
+    #   [2]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html
     #
     # @option params [required, Types::Validity] :validity
     #   Information describing the end of the validity period of the
@@ -1647,10 +1676,10 @@ module Aws::ACMPCA
     #   certificate. This parameter sets the “Not Before" date for the
     #   certificate.
     #
-    #   By default, when issuing a certificate, ACM Private CA sets the "Not
-    #   Before" date to the issuance time minus 60 minutes. This compensates
-    #   for clock inconsistencies across computer systems. The
-    #   `ValidityNotBefore` parameter can be used to customize the “Not
+    #   By default, when issuing a certificate, Amazon Web Services Private CA
+    #   sets the "Not Before" date to the issuance time minus 60 minutes.
+    #   This compensates for clock inconsistencies across computer systems.
+    #   The `ValidityNotBefore` parameter can be used to customize the “Not
     #   Before” value.
     #
     #   Unlike the `Validity` parameter, the `ValidityNotBefore` parameter is
@@ -1671,10 +1700,10 @@ module Aws::ACMPCA
     #   the **IssueCertificate** action. Idempotency tokens for
     #   **IssueCertificate** time out after one minute. Therefore, if you call
     #   **IssueCertificate** multiple times with the same idempotency token
-    #   within one minute, ACM Private CA recognizes that you are requesting
-    #   only one certificate and will issue only one. If you change the
-    #   idempotency token for each call, PCA recognizes that you are
-    #   requesting multiple certificates.
+    #   within one minute, Amazon Web Services Private CA recognizes that you
+    #   are requesting only one certificate and will issue only one. If you
+    #   change the idempotency token for each call, Amazon Web Services
+    #   Private CA recognizes that you are requesting multiple certificates.
     #
     # @return [Types::IssueCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1818,7 +1847,7 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
     #
     # @option params [String] :next_token
     #   Use this parameter when paginating results in a subsequent request
@@ -1966,14 +1995,14 @@ module Aws::ACMPCA
     #   accounts, then permissions cannot be used to enable automatic
     #   renewals. Instead, the ACM certificate owner must set up a
     #   resource-based policy to enable cross-account issuance and renewals.
-    #   For more information, see [Using a Resource Based Policy with ACM
-    #   Private CA][3].
+    #   For more information, see [Using a Resource Based Policy with Amazon
+    #   Web Services Private CA][3].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html
-    # [3]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreatePermission.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePermission.html
+    # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Number (ARN) of the private CA to inspect. You can
@@ -1985,7 +2014,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
     #
     # @option params [String] :next_token
     #   When paginating results, use this parameter in a subsequent request
@@ -2044,8 +2073,8 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_TagCertificateAuthority.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UntagCertificateAuthority.html
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called the
@@ -2056,7 +2085,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
     #
     # @option params [String] :next_token
     #   Use this parameter when paginating results in a subsequent request
@@ -2116,7 +2145,7 @@ module Aws::ACMPCA
     #   customer account, to Amazon Web Services Organizations, or to an
     #   Amazon Web Services Organizations unit. Policies are under the
     #   control of a CA administrator. For more information, see [Using a
-    #   Resource Based Policy with ACM Private CA][4].
+    #   Resource Based Policy with Amazon Web Services Private CA][4].
     #
     # * A policy permits a user of Certificate Manager (ACM) to issue ACM
     #   certificates signed by a CA in another account.
@@ -2124,8 +2153,8 @@ module Aws::ACMPCA
     # * For ACM to manage automatic renewal of these certificates, the ACM
     #   user must configure a Service Linked Role (SLR). The SLR allows the
     #   ACM service to assume the identity of the user, subject to
-    #   confirmation against the ACM Private CA policy. For more
-    #   information, see [Using a Service Linked Role with ACM][5].
+    #   confirmation against the Amazon Web Services Private CA policy. For
+    #   more information, see [Using a Service Linked Role with ACM][5].
     #
     # * Updates made in Amazon Web Services Resource Manager (RAM) are
     #   reflected in policies. For more information, see [Attach a Policy
@@ -2133,10 +2162,10 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html
-    # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html
-    # [4]: https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-ram.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetPolicy.html
+    # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePolicy.html
+    # [4]: https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html
     # [5]: https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html
     #
     # @option params [required, String] :resource_arn
@@ -2148,7 +2177,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
     #
     # @option params [required, String] :policy
     #   The path and file name of a JSON-formatted IAM policy to attach to the
@@ -2200,11 +2229,11 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html
-    # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
-    # [4]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
-    # [5]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeleteCertificateAuthority.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DescribeCertificateAuthority.html
+    # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
+    # [4]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
+    # [5]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called the
@@ -2215,7 +2244,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
@@ -2234,26 +2263,29 @@ module Aws::ACMPCA
       req.send_request(options)
     end
 
-    # Revokes a certificate that was issued inside ACM Private CA. If you
-    # enable a certificate revocation list (CRL) when you create or update
-    # your private CA, information about the revoked certificates will be
-    # included in the CRL. ACM Private CA writes the CRL to an S3 bucket
-    # that you specify. A CRL is typically updated approximately 30 minutes
-    # after a certificate is revoked. If for any reason the CRL update
-    # fails, ACM Private CA attempts makes further attempts every 15
-    # minutes. With Amazon CloudWatch, you can create alarms for the metrics
-    # `CRLGenerated` and `MisconfiguredCRLBucket`. For more information, see
-    # [Supported CloudWatch Metrics][1].
-    #
-    # <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
-    # bucket that you specify. If the IAM principal making the call does not
-    # have permission to write to the bucket, then an exception is thrown.
-    # For more information, see [Access policies for CRLs in Amazon S3][2].
+    # Revokes a certificate that was issued inside Amazon Web Services
+    # Private CA. If you enable a certificate revocation list (CRL) when you
+    # create or update your private CA, information about the revoked
+    # certificates will be included in the CRL. Amazon Web Services Private
+    # CA writes the CRL to an S3 bucket that you specify. A CRL is typically
+    # updated approximately 30 minutes after a certificate is revoked. If
+    # for any reason the CRL update fails, Amazon Web Services Private CA
+    # attempts makes further attempts every 15 minutes. With Amazon
+    # CloudWatch, you can create alarms for the metrics `CRLGenerated` and
+    # `MisconfiguredCRLBucket`. For more information, see [Supported
+    # CloudWatch Metrics][1].
+    #
+    # <note markdown="1"> Both Amazon Web Services Private CA and the IAM principal must have
+    # permission to write to the S3 bucket that you specify. If the IAM
+    # principal making the call does not have permission to write to the
+    # bucket, then an exception is thrown. For more information, see [Access
+    # policies for CRLs in Amazon S3][2].
     #
     #  </note>
     #
-    # ACM Private CA also writes revocation information to the audit report.
-    # For more information, see [CreateCertificateAuthorityAuditReport][3].
+    # Amazon Web Services Private CA also writes revocation information to
+    # the audit report. For more information, see
+    # [CreateCertificateAuthorityAuditReport][3].
     #
     # <note markdown="1"> You cannot revoke a root CA self-signed certificate.
     #
@@ -2261,9 +2293,9 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCloudWatch.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
-    # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCloudWatch.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#s3-policies
+    # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
     #
     # @option params [required, String] :certificate_authority_arn
     #   Amazon Resource Name (ARN) of the private CA that issued the
@@ -2289,7 +2321,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificate.html
     #   [2]: https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html
     #
     # @option params [required, String] :revocation_reason
@@ -2325,10 +2357,19 @@ module Aws::ACMPCA
     # the [UntagCertificateAuthority][1] action. Call the [ListTags][2]
     # action to see what tags are associated with your CA.
     #
+    # <note markdown="1"> To attach tags to a private CA during the creation procedure, a CA
+    # administrator must first associate an inline IAM policy with the
+    # `CreateCertificateAuthority` action and explicitly allow tagging. For
+    # more information, see [Attaching tags to a CA at the time of
+    # creation][3].
+    #
+    #  </note>
+    #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UntagCertificateAuthority.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListTags.html
+    # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/auth-InlinePolicies.html#policy-tag-ca
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called
@@ -2339,7 +2380,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
     #
     # @option params [required, Array<Types::Tag>] :tags
     #   List of tags to be associated with the CA.
@@ -2377,8 +2418,8 @@ module Aws::ACMPCA
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html
-    # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html
+    # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_TagCertificateAuthority.html
+    # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListTags.html
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called
@@ -2389,7 +2430,7 @@ module Aws::ACMPCA
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
     #
     # @option params [required, Array<Types::Tag>] :tags
     #   List of tags to be removed from the CA.
@@ -2423,16 +2464,17 @@ module Aws::ACMPCA
     # `ACTIVE` state or make a CA that is in the `DISABLED` state active
     # again.
     #
-    # <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
-    # bucket that you specify. If the IAM principal making the call does not
-    # have permission to write to the bucket, then an exception is thrown.
-    # For more information, see [Access policies for CRLs in Amazon S3][1].
+    # <note markdown="1"> Both Amazon Web Services Private CA and the IAM principal must have
+    # permission to write to the S3 bucket that you specify. If the IAM
+    # principal making the call does not have permission to write to the
+    # bucket, then an exception is thrown. For more information, see [Access
+    # policies for CRLs in Amazon S3][1].
     #
     #  </note>
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html#s3-policies
+    # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#s3-policies
     #
     # @option params [required, String] :certificate_authority_arn
     #   Amazon Resource Name (ARN) of the private CA that issued the
@@ -2448,10 +2490,30 @@ module Aws::ACMPCA
     #   existing capibilites remain unchanged. For more information, see the
     #   [OcspConfiguration][1] and [CrlConfiguration][2] types.
     #
+    #   <note markdown="1"> The following requirements apply to revocation configurations.
+    #
+    #    * A configuration disabling CRLs or OCSP must contain only the
+    #     `Enabled=False` parameter, and will fail if other parameters such as
+    #     `CustomCname` or `ExpirationInDays` are included.
+    #
+    #   * In a CRL configuration, the `S3BucketName` parameter must conform to
+    #     [Amazon S3 bucket naming rules][3].
+    #
+    #   * A configuration containing a custom Canonical Name (CNAME) parameter
+    #     for CRLs or OCSP must conform to [RFC2396][4] restrictions on the
+    #     use of special characters in a CNAME.
+    #
+    #   * In a CRL or OCSP configuration, the value of a CNAME parameter must
+    #     not include a protocol prefix such as "http://" or "https://".
+    #
+    #    </note>
+    #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html
-    #   [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
+    #   [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html
+    #   [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
+    #   [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
+    #   [4]: https://www.ietf.org/rfc/rfc2396.txt
     #
     # @option params [String] :status
     #   Status of your private CA.
@@ -2466,13 +2528,13 @@ module Aws::ACMPCA
     #       crl_configuration: {
     #         enabled: false, # required
     #         expiration_in_days: 1,
-    #         custom_cname: "String253",
-    #         s3_bucket_name: "String3To255",
+    #         custom_cname: "CnameString",
+    #         s3_bucket_name: "S3BucketName3To255",
     #         s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
     #       },
     #       ocsp_configuration: {
     #         enabled: false, # required
-    #         ocsp_custom_cname: "String253",
+    #         ocsp_custom_cname: "CnameString",
     #       },
     #     },
     #     status: "CREATING", # accepts CREATING, PENDING_CERTIFICATE, ACTIVE, DELETED, DISABLED, EXPIRED, FAILED
@@ -2500,7 +2562,7 @@ module Aws::ACMPCA
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-acmpca'
-      context[:gem_version] = '1.51.0'
+      context[:gem_version] = '1.53.0'
       Seahorse::Client::Request.new(handlers, context)
     end