aws-sdk-acmpca 1.51.0 → 1.53.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -17,32 +17,6 @@ module Aws::ACMPCA
17
17
  # name (DN). A DN is a sequence of relative distinguished names (RDNs).
18
18
  # The RDNs are separated by commas in the certificate.
19
19
  #
20
- # @note When making an API call, you may pass ASN1Subject
21
- # data as a hash:
22
- #
23
- # {
24
- # country: "CountryCodeString",
25
- # organization: "String64",
26
- # organizational_unit: "String64",
27
- # distinguished_name_qualifier: "ASN1PrintableString64",
28
- # state: "String128",
29
- # common_name: "String64",
30
- # serial_number: "ASN1PrintableString64",
31
- # locality: "String128",
32
- # title: "String64",
33
- # surname: "String40",
34
- # given_name: "String16",
35
- # initials: "String5",
36
- # pseudonym: "String128",
37
- # generation_qualifier: "String3",
38
- # custom_attributes: [
39
- # {
40
- # object_identifier: "CustomObjectIdentifier", # required
41
- # value: "String1To256", # required
42
- # },
43
- # ],
44
- # }
45
- #
46
20
  # @!attribute [rw] country
47
21
  # Two-digit code that specifies the country in which the certificate
48
22
  # subject located.
@@ -161,53 +135,6 @@ module Aws::ACMPCA
161
135
  #
162
136
  # [1]: https://datatracker.ietf.org/doc/html/rfc5280
163
137
  #
164
- # @note When making an API call, you may pass AccessDescription
165
- # data as a hash:
166
- #
167
- # {
168
- # access_method: { # required
169
- # custom_object_identifier: "CustomObjectIdentifier",
170
- # access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
171
- # },
172
- # access_location: { # required
173
- # other_name: {
174
- # type_id: "CustomObjectIdentifier", # required
175
- # value: "String256", # required
176
- # },
177
- # rfc_822_name: "String256",
178
- # dns_name: "String253",
179
- # directory_name: {
180
- # country: "CountryCodeString",
181
- # organization: "String64",
182
- # organizational_unit: "String64",
183
- # distinguished_name_qualifier: "ASN1PrintableString64",
184
- # state: "String128",
185
- # common_name: "String64",
186
- # serial_number: "ASN1PrintableString64",
187
- # locality: "String128",
188
- # title: "String64",
189
- # surname: "String40",
190
- # given_name: "String16",
191
- # initials: "String5",
192
- # pseudonym: "String128",
193
- # generation_qualifier: "String3",
194
- # custom_attributes: [
195
- # {
196
- # object_identifier: "CustomObjectIdentifier", # required
197
- # value: "String1To256", # required
198
- # },
199
- # ],
200
- # },
201
- # edi_party_name: {
202
- # party_name: "String256", # required
203
- # name_assigner: "String256",
204
- # },
205
- # uniform_resource_identifier: "String253",
206
- # ip_address: "String39",
207
- # registered_id: "CustomObjectIdentifier",
208
- # },
209
- # }
210
- #
211
138
  # @!attribute [rw] access_method
212
139
  # The type and format of `AccessDescription` information.
213
140
  # @return [Types::AccessMethod]
@@ -229,14 +156,6 @@ module Aws::ACMPCA
229
156
  # `CustomObjectIdentifier` or `AccessMethodType` may be provided.
230
157
  # Providing both results in `InvalidArgsException`.
231
158
  #
232
- # @note When making an API call, you may pass AccessMethod
233
- # data as a hash:
234
- #
235
- # {
236
- # custom_object_identifier: "CustomObjectIdentifier",
237
- # access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
238
- # }
239
- #
240
159
  # @!attribute [rw] custom_object_identifier
241
160
  # An object identifier (OID) specifying the `AccessMethod`. The OID
242
161
  # must satisfy the regular expression shown below. For more
@@ -265,118 +184,12 @@ module Aws::ACMPCA
265
184
  # variant must be selected, or else this parameter is ignored.
266
185
  #
267
186
  # If conflicting or duplicate certificate information is supplied from
268
- # other sources, ACM Private CA applies [order of operation rules][1] to
269
- # determine what information is used.
270
- #
271
- #
272
- #
273
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
274
- #
275
- # @note When making an API call, you may pass ApiPassthrough
276
- # data as a hash:
277
- #
278
- # {
279
- # extensions: {
280
- # certificate_policies: [
281
- # {
282
- # cert_policy_id: "CustomObjectIdentifier", # required
283
- # policy_qualifiers: [
284
- # {
285
- # policy_qualifier_id: "CPS", # required, accepts CPS
286
- # qualifier: { # required
287
- # cps_uri: "String256", # required
288
- # },
289
- # },
290
- # ],
291
- # },
292
- # ],
293
- # extended_key_usage: [
294
- # {
295
- # extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
296
- # extended_key_usage_object_identifier: "CustomObjectIdentifier",
297
- # },
298
- # ],
299
- # key_usage: {
300
- # digital_signature: false,
301
- # non_repudiation: false,
302
- # key_encipherment: false,
303
- # data_encipherment: false,
304
- # key_agreement: false,
305
- # key_cert_sign: false,
306
- # crl_sign: false,
307
- # encipher_only: false,
308
- # decipher_only: false,
309
- # },
310
- # subject_alternative_names: [
311
- # {
312
- # other_name: {
313
- # type_id: "CustomObjectIdentifier", # required
314
- # value: "String256", # required
315
- # },
316
- # rfc_822_name: "String256",
317
- # dns_name: "String253",
318
- # directory_name: {
319
- # country: "CountryCodeString",
320
- # organization: "String64",
321
- # organizational_unit: "String64",
322
- # distinguished_name_qualifier: "ASN1PrintableString64",
323
- # state: "String128",
324
- # common_name: "String64",
325
- # serial_number: "ASN1PrintableString64",
326
- # locality: "String128",
327
- # title: "String64",
328
- # surname: "String40",
329
- # given_name: "String16",
330
- # initials: "String5",
331
- # pseudonym: "String128",
332
- # generation_qualifier: "String3",
333
- # custom_attributes: [
334
- # {
335
- # object_identifier: "CustomObjectIdentifier", # required
336
- # value: "String1To256", # required
337
- # },
338
- # ],
339
- # },
340
- # edi_party_name: {
341
- # party_name: "String256", # required
342
- # name_assigner: "String256",
343
- # },
344
- # uniform_resource_identifier: "String253",
345
- # ip_address: "String39",
346
- # registered_id: "CustomObjectIdentifier",
347
- # },
348
- # ],
349
- # custom_extensions: [
350
- # {
351
- # object_identifier: "CustomObjectIdentifier", # required
352
- # value: "Base64String1To4096", # required
353
- # critical: false,
354
- # },
355
- # ],
356
- # },
357
- # subject: {
358
- # country: "CountryCodeString",
359
- # organization: "String64",
360
- # organizational_unit: "String64",
361
- # distinguished_name_qualifier: "ASN1PrintableString64",
362
- # state: "String128",
363
- # common_name: "String64",
364
- # serial_number: "ASN1PrintableString64",
365
- # locality: "String128",
366
- # title: "String64",
367
- # surname: "String40",
368
- # given_name: "String16",
369
- # initials: "String5",
370
- # pseudonym: "String128",
371
- # generation_qualifier: "String3",
372
- # custom_attributes: [
373
- # {
374
- # object_identifier: "CustomObjectIdentifier", # required
375
- # value: "String1To256", # required
376
- # },
377
- # ],
378
- # },
379
- # }
187
+ # other sources, Amazon Web Services Private CA applies [order of
188
+ # operation rules][1] to determine what information is used.
189
+ #
190
+ #
191
+ #
192
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations
380
193
  #
381
194
  # @!attribute [rw] extensions
382
195
  # Specifies X.509 extension information for a certificate.
@@ -409,16 +222,16 @@ module Aws::ACMPCA
409
222
  # [CreateCertificateAuthority][1] action to create your private CA. You
410
223
  # must then call the [GetCertificateAuthorityCertificate][2] action to
411
224
  # retrieve a private CA certificate signing request (CSR). Sign the CSR
412
- # with your ACM Private CA-hosted or on-premises root or subordinate CA
413
- # certificate. Call the [ImportCertificateAuthorityCertificate][3]
414
- # action to import the signed certificate into Certificate Manager
415
- # (ACM).
225
+ # with your Amazon Web Services Private CA-hosted or on-premises root or
226
+ # subordinate CA certificate. Call the
227
+ # [ImportCertificateAuthorityCertificate][3] action to import the signed
228
+ # certificate into Certificate Manager (ACM).
416
229
  #
417
230
  #
418
231
  #
419
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
420
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCertificate.html
421
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
232
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
233
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificateAuthorityCertificate.html
234
+ # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html
422
235
  #
423
236
  # @!attribute [rw] arn
424
237
  # Amazon Resource Name (ARN) for your private certificate authority
@@ -479,7 +292,7 @@ module Aws::ACMPCA
479
292
  #
480
293
  #
481
294
  #
482
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html
295
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html
483
296
  # @return [Time]
484
297
  #
485
298
  # @!attribute [rw] key_storage_security_standard
@@ -537,95 +350,7 @@ module Aws::ACMPCA
537
350
  #
538
351
  #
539
352
  #
540
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
541
- #
542
- # @note When making an API call, you may pass CertificateAuthorityConfiguration
543
- # data as a hash:
544
- #
545
- # {
546
- # key_algorithm: "RSA_2048", # required, accepts RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1
547
- # signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
548
- # subject: { # required
549
- # country: "CountryCodeString",
550
- # organization: "String64",
551
- # organizational_unit: "String64",
552
- # distinguished_name_qualifier: "ASN1PrintableString64",
553
- # state: "String128",
554
- # common_name: "String64",
555
- # serial_number: "ASN1PrintableString64",
556
- # locality: "String128",
557
- # title: "String64",
558
- # surname: "String40",
559
- # given_name: "String16",
560
- # initials: "String5",
561
- # pseudonym: "String128",
562
- # generation_qualifier: "String3",
563
- # custom_attributes: [
564
- # {
565
- # object_identifier: "CustomObjectIdentifier", # required
566
- # value: "String1To256", # required
567
- # },
568
- # ],
569
- # },
570
- # csr_extensions: {
571
- # key_usage: {
572
- # digital_signature: false,
573
- # non_repudiation: false,
574
- # key_encipherment: false,
575
- # data_encipherment: false,
576
- # key_agreement: false,
577
- # key_cert_sign: false,
578
- # crl_sign: false,
579
- # encipher_only: false,
580
- # decipher_only: false,
581
- # },
582
- # subject_information_access: [
583
- # {
584
- # access_method: { # required
585
- # custom_object_identifier: "CustomObjectIdentifier",
586
- # access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
587
- # },
588
- # access_location: { # required
589
- # other_name: {
590
- # type_id: "CustomObjectIdentifier", # required
591
- # value: "String256", # required
592
- # },
593
- # rfc_822_name: "String256",
594
- # dns_name: "String253",
595
- # directory_name: {
596
- # country: "CountryCodeString",
597
- # organization: "String64",
598
- # organizational_unit: "String64",
599
- # distinguished_name_qualifier: "ASN1PrintableString64",
600
- # state: "String128",
601
- # common_name: "String64",
602
- # serial_number: "ASN1PrintableString64",
603
- # locality: "String128",
604
- # title: "String64",
605
- # surname: "String40",
606
- # given_name: "String16",
607
- # initials: "String5",
608
- # pseudonym: "String128",
609
- # generation_qualifier: "String3",
610
- # custom_attributes: [
611
- # {
612
- # object_identifier: "CustomObjectIdentifier", # required
613
- # value: "String1To256", # required
614
- # },
615
- # ],
616
- # },
617
- # edi_party_name: {
618
- # party_name: "String256", # required
619
- # name_assigner: "String256",
620
- # },
621
- # uniform_resource_identifier: "String253",
622
- # ip_address: "String39",
623
- # registered_id: "CustomObjectIdentifier",
624
- # },
625
- # },
626
- # ],
627
- # },
628
- # }
353
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
629
354
  #
630
355
  # @!attribute [rw] key_algorithm
631
356
  # Type of the public key algorithm and size, in bits, of the key pair
@@ -690,15 +415,6 @@ module Aws::ACMPCA
690
415
  include Aws::Structure
691
416
  end
692
417
 
693
- # @note When making an API call, you may pass CreateCertificateAuthorityAuditReportRequest
694
- # data as a hash:
695
- #
696
- # {
697
- # certificate_authority_arn: "Arn", # required
698
- # s3_bucket_name: "S3BucketName", # required
699
- # audit_report_response_format: "JSON", # required, accepts JSON, CSV
700
- # }
701
- #
702
418
  # @!attribute [rw] certificate_authority_arn
703
419
  # The Amazon Resource Name (ARN) of the CA to be audited. This is of
704
420
  # the form:
@@ -744,119 +460,6 @@ module Aws::ACMPCA
744
460
  include Aws::Structure
745
461
  end
746
462
 
747
- # @note When making an API call, you may pass CreateCertificateAuthorityRequest
748
- # data as a hash:
749
- #
750
- # {
751
- # certificate_authority_configuration: { # required
752
- # key_algorithm: "RSA_2048", # required, accepts RSA_2048, RSA_4096, EC_prime256v1, EC_secp384r1
753
- # signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
754
- # subject: { # required
755
- # country: "CountryCodeString",
756
- # organization: "String64",
757
- # organizational_unit: "String64",
758
- # distinguished_name_qualifier: "ASN1PrintableString64",
759
- # state: "String128",
760
- # common_name: "String64",
761
- # serial_number: "ASN1PrintableString64",
762
- # locality: "String128",
763
- # title: "String64",
764
- # surname: "String40",
765
- # given_name: "String16",
766
- # initials: "String5",
767
- # pseudonym: "String128",
768
- # generation_qualifier: "String3",
769
- # custom_attributes: [
770
- # {
771
- # object_identifier: "CustomObjectIdentifier", # required
772
- # value: "String1To256", # required
773
- # },
774
- # ],
775
- # },
776
- # csr_extensions: {
777
- # key_usage: {
778
- # digital_signature: false,
779
- # non_repudiation: false,
780
- # key_encipherment: false,
781
- # data_encipherment: false,
782
- # key_agreement: false,
783
- # key_cert_sign: false,
784
- # crl_sign: false,
785
- # encipher_only: false,
786
- # decipher_only: false,
787
- # },
788
- # subject_information_access: [
789
- # {
790
- # access_method: { # required
791
- # custom_object_identifier: "CustomObjectIdentifier",
792
- # access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
793
- # },
794
- # access_location: { # required
795
- # other_name: {
796
- # type_id: "CustomObjectIdentifier", # required
797
- # value: "String256", # required
798
- # },
799
- # rfc_822_name: "String256",
800
- # dns_name: "String253",
801
- # directory_name: {
802
- # country: "CountryCodeString",
803
- # organization: "String64",
804
- # organizational_unit: "String64",
805
- # distinguished_name_qualifier: "ASN1PrintableString64",
806
- # state: "String128",
807
- # common_name: "String64",
808
- # serial_number: "ASN1PrintableString64",
809
- # locality: "String128",
810
- # title: "String64",
811
- # surname: "String40",
812
- # given_name: "String16",
813
- # initials: "String5",
814
- # pseudonym: "String128",
815
- # generation_qualifier: "String3",
816
- # custom_attributes: [
817
- # {
818
- # object_identifier: "CustomObjectIdentifier", # required
819
- # value: "String1To256", # required
820
- # },
821
- # ],
822
- # },
823
- # edi_party_name: {
824
- # party_name: "String256", # required
825
- # name_assigner: "String256",
826
- # },
827
- # uniform_resource_identifier: "String253",
828
- # ip_address: "String39",
829
- # registered_id: "CustomObjectIdentifier",
830
- # },
831
- # },
832
- # ],
833
- # },
834
- # },
835
- # revocation_configuration: {
836
- # crl_configuration: {
837
- # enabled: false, # required
838
- # expiration_in_days: 1,
839
- # custom_cname: "String253",
840
- # s3_bucket_name: "String3To255",
841
- # s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
842
- # },
843
- # ocsp_configuration: {
844
- # enabled: false, # required
845
- # ocsp_custom_cname: "String253",
846
- # },
847
- # },
848
- # certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE
849
- # idempotency_token: "IdempotencyToken",
850
- # key_storage_security_standard: "FIPS_140_2_LEVEL_2_OR_HIGHER", # accepts FIPS_140_2_LEVEL_2_OR_HIGHER, FIPS_140_2_LEVEL_3_OR_HIGHER
851
- # tags: [
852
- # {
853
- # key: "TagKey", # required
854
- # value: "TagValue",
855
- # },
856
- # ],
857
- # usage_mode: "GENERAL_PURPOSE", # accepts GENERAL_PURPOSE, SHORT_LIVED_CERTIFICATE
858
- # }
859
- #
860
463
  # @!attribute [rw] certificate_authority_configuration
861
464
  # Name and bit size of the private key algorithm, the name of the
862
465
  # signing algorithm, and X.500 certificate subject information.
@@ -866,14 +469,36 @@ module Aws::ACMPCA
866
469
  # Contains information to enable Online Certificate Status Protocol
867
470
  # (OCSP) support, to enable a certificate revocation list (CRL), to
868
471
  # enable both, or to enable neither. The default is for both
869
- # certificate validation mechanisms to be disabled. For more
870
- # information, see the [OcspConfiguration][1] and
871
- # [CrlConfiguration][2] types.
472
+ # certificate validation mechanisms to be disabled.
473
+ #
474
+ # <note markdown="1"> The following requirements apply to revocation configurations.
475
+ #
476
+ # * A configuration disabling CRLs or OCSP must contain only the
477
+ # `Enabled=False` parameter, and will fail if other parameters such
478
+ # as `CustomCname` or `ExpirationInDays` are included.
872
479
  #
480
+ # * In a CRL configuration, the `S3BucketName` parameter must conform
481
+ # to [Amazon S3 bucket naming rules][1].
873
482
  #
483
+ # * A configuration containing a custom Canonical Name (CNAME)
484
+ # parameter for CRLs or OCSP must conform to [RFC2396][2]
485
+ # restrictions on the use of special characters in a CNAME.
874
486
  #
875
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html
876
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
487
+ # * In a CRL or OCSP configuration, the value of a CNAME parameter
488
+ # must not include a protocol prefix such as "http://" or
489
+ # "https://".
490
+ #
491
+ # </note>
492
+ #
493
+ # For more information, see the [OcspConfiguration][3] and
494
+ # [CrlConfiguration][4] types.
495
+ #
496
+ #
497
+ #
498
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
499
+ # [2]: https://www.ietf.org/rfc/rfc2396.txt
500
+ # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html
501
+ # [4]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
877
502
  # @return [Types::RevocationConfiguration]
878
503
  #
879
504
  # @!attribute [rw] certificate_authority_type
@@ -885,11 +510,11 @@ module Aws::ACMPCA
885
510
  # **CreateCertificateAuthority** action. Idempotency tokens for
886
511
  # **CreateCertificateAuthority** time out after five minutes.
887
512
  # Therefore, if you call **CreateCertificateAuthority** multiple times
888
- # with the same idempotency token within five minutes, ACM Private CA
889
- # recognizes that you are requesting only certificate authority and
890
- # will issue only one. If you change the idempotency token for each
891
- # call, PCA recognizes that you are requesting multiple certificate
892
- # authorities.
513
+ # with the same idempotency token within five minutes, Amazon Web
514
+ # Services Private CA recognizes that you are requesting only
515
+ # certificate authority and will issue only one. If you change the
516
+ # idempotency token for each call, Amazon Web Services Private CA
517
+ # recognizes that you are requesting multiple certificate authorities.
893
518
  # @return [String]
894
519
  #
895
520
  # @!attribute [rw] key_storage_security_standard
@@ -963,16 +588,6 @@ module Aws::ACMPCA
963
588
  include Aws::Structure
964
589
  end
965
590
 
966
- # @note When making an API call, you may pass CreatePermissionRequest
967
- # data as a hash:
968
- #
969
- # {
970
- # certificate_authority_arn: "Arn", # required
971
- # principal: "Principal", # required
972
- # source_account: "AccountId",
973
- # actions: ["IssueCertificate"], # required, accepts IssueCertificate, GetCertificate, ListPermissions
974
- # }
975
- #
976
591
  # @!attribute [rw] certificate_authority_arn
977
592
  # The Amazon Resource Name (ARN) of the CA that grants the
978
593
  # permissions. You can find the ARN by calling the
@@ -984,7 +599,7 @@ module Aws::ACMPCA
984
599
  #
985
600
  #
986
601
  #
987
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
602
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
988
603
  # @return [String]
989
604
  #
990
605
  # @!attribute [rw] principal
@@ -1023,10 +638,11 @@ module Aws::ACMPCA
1023
638
  # specifying a value for the **CustomCname** parameter. Your private CA
1024
639
  # copies the CNAME or the S3 bucket name to the **CRL Distribution
1025
640
  # Points** extension of each certificate it issues. Your S3 bucket
1026
- # policy must give write permission to ACM Private CA.
641
+ # policy must give write permission to Amazon Web Services Private CA.
1027
642
  #
1028
- # ACM Private CA assets that are stored in Amazon S3 can be protected
1029
- # with encryption. For more information, see [Encrypting Your CRLs][1].
643
+ # Amazon Web Services Private CA assets that are stored in Amazon S3 can
644
+ # be protected with encryption. For more information, see [Encrypting
645
+ # Your CRLs][1].
1030
646
  #
1031
647
  # Your private CA uses the value in the **ExpirationInDays** parameter
1032
648
  # to calculate the **nextUpdate** field in the CRL. The CRL is refreshed
@@ -1036,8 +652,8 @@ module Aws::ACMPCA
1036
652
  # expiration, and it always appears in the audit report.
1037
653
  #
1038
654
  # A CRL is typically updated approximately 30 minutes after a
1039
- # certificate is revoked. If for any reason a CRL update fails, ACM
1040
- # Private CA makes further attempts every 15 minutes.
655
+ # certificate is revoked. If for any reason a CRL update fails, Amazon
656
+ # Web Services Private CA makes further attempts every 15 minutes.
1041
657
  #
1042
658
  # CRLs contain the following fields:
1043
659
  #
@@ -1081,29 +697,20 @@ module Aws::ACMPCA
1081
697
  #
1082
698
  # * **Signature Value**\: Signature computed over the CRL.
1083
699
  #
1084
- # Certificate revocation lists created by ACM Private CA are
1085
- # DER-encoded. You can use the following OpenSSL command to list a CRL.
700
+ # Certificate revocation lists created by Amazon Web Services Private CA
701
+ # are DER-encoded. You can use the following OpenSSL command to list a
702
+ # CRL.
1086
703
  #
1087
704
  # `openssl crl -inform DER -text -in crl_path -noout`
1088
705
  #
1089
706
  # For more information, see [Planning a certificate revocation list
1090
- # (CRL)][2] in the *Private Certificate Authority (PCA) User Guide*
1091
- #
1092
- #
707
+ # (CRL)][2] in the *Amazon Web Services Private Certificate Authority
708
+ # User Guide*
1093
709
  #
1094
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption
1095
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html
1096
710
  #
1097
- # @note When making an API call, you may pass CrlConfiguration
1098
- # data as a hash:
1099
711
  #
1100
- # {
1101
- # enabled: false, # required
1102
- # expiration_in_days: 1,
1103
- # custom_cname: "String253",
1104
- # s3_bucket_name: "String3To255",
1105
- # s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
1106
- # }
712
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption
713
+ # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html
1107
714
  #
1108
715
  # @!attribute [rw] enabled
1109
716
  # Boolean value that specifies whether certificate revocation lists
@@ -1114,8 +721,8 @@ module Aws::ACMPCA
1114
721
  #
1115
722
  #
1116
723
  #
1117
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1118
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
724
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
725
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
1119
726
  # @return [Boolean]
1120
727
  #
1121
728
  # @!attribute [rw] expiration_in_days
@@ -1127,6 +734,17 @@ module Aws::ACMPCA
1127
734
  # extension that enables the use of an alias for the CRL distribution
1128
735
  # point. Use this value if you don't want the name of your S3 bucket
1129
736
  # to be public.
737
+ #
738
+ # <note markdown="1"> The content of a Canonical Name (CNAME) record must conform to
739
+ # [RFC2396][1] restrictions on the use of special characters in URIs.
740
+ # Additionally, the value of the CNAME must not include a protocol
741
+ # prefix such as "http://" or "https://".
742
+ #
743
+ # </note>
744
+ #
745
+ #
746
+ #
747
+ # [1]: https://www.ietf.org/rfc/rfc2396.txt
1130
748
  # @return [String]
1131
749
  #
1132
750
  # @!attribute [rw] s3_bucket_name
@@ -1135,13 +753,19 @@ module Aws::ACMPCA
1135
753
  # is placed into the **CRL Distribution Points** extension of the
1136
754
  # issued certificate. You can change the name of your bucket by
1137
755
  # calling the [UpdateCertificateAuthority][1] operation. You must
1138
- # specify a [bucket policy][2] that allows ACM Private CA to write the
1139
- # CRL to your bucket.
756
+ # specify a [bucket policy][2] that allows Amazon Web Services Private
757
+ # CA to write the CRL to your bucket.
1140
758
  #
759
+ # <note markdown="1"> The `S3BucketName` parameter must conform to the [S3 bucket naming
760
+ # rules][3].
1141
761
  #
762
+ # </note>
1142
763
  #
1143
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
1144
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies
764
+ #
765
+ #
766
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
767
+ # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-policies
768
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
1145
769
  # @return [String]
1146
770
  #
1147
771
  # @!attribute [rw] s3_object_acl
@@ -1167,7 +791,7 @@ module Aws::ACMPCA
1167
791
  #
1168
792
  #
1169
793
  #
1170
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-bpa
794
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-bpa
1171
795
  # @return [String]
1172
796
  #
1173
797
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CrlConfiguration AWS API Documentation
@@ -1185,68 +809,6 @@ module Aws::ACMPCA
1185
809
  # Describes the certificate extensions to be added to the certificate
1186
810
  # signing request (CSR).
1187
811
  #
1188
- # @note When making an API call, you may pass CsrExtensions
1189
- # data as a hash:
1190
- #
1191
- # {
1192
- # key_usage: {
1193
- # digital_signature: false,
1194
- # non_repudiation: false,
1195
- # key_encipherment: false,
1196
- # data_encipherment: false,
1197
- # key_agreement: false,
1198
- # key_cert_sign: false,
1199
- # crl_sign: false,
1200
- # encipher_only: false,
1201
- # decipher_only: false,
1202
- # },
1203
- # subject_information_access: [
1204
- # {
1205
- # access_method: { # required
1206
- # custom_object_identifier: "CustomObjectIdentifier",
1207
- # access_method_type: "CA_REPOSITORY", # accepts CA_REPOSITORY, RESOURCE_PKI_MANIFEST, RESOURCE_PKI_NOTIFY
1208
- # },
1209
- # access_location: { # required
1210
- # other_name: {
1211
- # type_id: "CustomObjectIdentifier", # required
1212
- # value: "String256", # required
1213
- # },
1214
- # rfc_822_name: "String256",
1215
- # dns_name: "String253",
1216
- # directory_name: {
1217
- # country: "CountryCodeString",
1218
- # organization: "String64",
1219
- # organizational_unit: "String64",
1220
- # distinguished_name_qualifier: "ASN1PrintableString64",
1221
- # state: "String128",
1222
- # common_name: "String64",
1223
- # serial_number: "ASN1PrintableString64",
1224
- # locality: "String128",
1225
- # title: "String64",
1226
- # surname: "String40",
1227
- # given_name: "String16",
1228
- # initials: "String5",
1229
- # pseudonym: "String128",
1230
- # generation_qualifier: "String3",
1231
- # custom_attributes: [
1232
- # {
1233
- # object_identifier: "CustomObjectIdentifier", # required
1234
- # value: "String1To256", # required
1235
- # },
1236
- # ],
1237
- # },
1238
- # edi_party_name: {
1239
- # party_name: "String256", # required
1240
- # name_assigner: "String256",
1241
- # },
1242
- # uniform_resource_identifier: "String253",
1243
- # ip_address: "String39",
1244
- # registered_id: "CustomObjectIdentifier",
1245
- # },
1246
- # },
1247
- # ],
1248
- # }
1249
- #
1250
812
  # @!attribute [rw] key_usage
1251
813
  # Indicates the purpose of the certificate and of the key contained in
1252
814
  # the certificate.
@@ -1273,14 +835,6 @@ module Aws::ACMPCA
1273
835
 
1274
836
  # Defines the X.500 relative distinguished name (RDN).
1275
837
  #
1276
- # @note When making an API call, you may pass CustomAttribute
1277
- # data as a hash:
1278
- #
1279
- # {
1280
- # object_identifier: "CustomObjectIdentifier", # required
1281
- # value: "String1To256", # required
1282
- # }
1283
- #
1284
838
  # @!attribute [rw] object_identifier
1285
839
  # Specifies the object identifier (OID) of the attribute type of the
1286
840
  # relative distinguished name (RDN).
@@ -1306,16 +860,7 @@ module Aws::ACMPCA
1306
860
  #
1307
861
  #
1308
862
  #
1309
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
1310
- #
1311
- # @note When making an API call, you may pass CustomExtension
1312
- # data as a hash:
1313
- #
1314
- # {
1315
- # object_identifier: "CustomObjectIdentifier", # required
1316
- # value: "Base64String1To4096", # required
1317
- # critical: false,
1318
- # }
863
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations
1319
864
  #
1320
865
  # @!attribute [rw] object_identifier
1321
866
  # Specifies the object identifier (OID) of the X.509 extension. For
@@ -1344,14 +889,6 @@ module Aws::ACMPCA
1344
889
  include Aws::Structure
1345
890
  end
1346
891
 
1347
- # @note When making an API call, you may pass DeleteCertificateAuthorityRequest
1348
- # data as a hash:
1349
- #
1350
- # {
1351
- # certificate_authority_arn: "Arn", # required
1352
- # permanent_deletion_time_in_days: 1,
1353
- # }
1354
- #
1355
892
  # @!attribute [rw] certificate_authority_arn
1356
893
  # The Amazon Resource Name (ARN) that was returned when you called
1357
894
  # [CreateCertificateAuthority][1]. This must have the following form:
@@ -1361,7 +898,7 @@ module Aws::ACMPCA
1361
898
  #
1362
899
  #
1363
900
  #
1364
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
901
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1365
902
  # @return [String]
1366
903
  #
1367
904
  # @!attribute [rw] permanent_deletion_time_in_days
@@ -1379,15 +916,6 @@ module Aws::ACMPCA
1379
916
  include Aws::Structure
1380
917
  end
1381
918
 
1382
- # @note When making an API call, you may pass DeletePermissionRequest
1383
- # data as a hash:
1384
- #
1385
- # {
1386
- # certificate_authority_arn: "Arn", # required
1387
- # principal: "Principal", # required
1388
- # source_account: "AccountId",
1389
- # }
1390
- #
1391
919
  # @!attribute [rw] certificate_authority_arn
1392
920
  # The Amazon Resource Number (ARN) of the private CA that issued the
1393
921
  # permissions. You can find the CA's ARN by calling the
@@ -1399,7 +927,7 @@ module Aws::ACMPCA
1399
927
  #
1400
928
  #
1401
929
  #
1402
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
930
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
1403
931
  # @return [String]
1404
932
  #
1405
933
  # @!attribute [rw] principal
@@ -1422,13 +950,6 @@ module Aws::ACMPCA
1422
950
  include Aws::Structure
1423
951
  end
1424
952
 
1425
- # @note When making an API call, you may pass DeletePolicyRequest
1426
- # data as a hash:
1427
- #
1428
- # {
1429
- # resource_arn: "Arn", # required
1430
- # }
1431
- #
1432
953
  # @!attribute [rw] resource_arn
1433
954
  # The Amazon Resource Number (ARN) of the private CA that will have
1434
955
  # its policy deleted. You can find the CA's ARN by calling the
@@ -1438,7 +959,7 @@ module Aws::ACMPCA
1438
959
  #
1439
960
  #
1440
961
  #
1441
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
962
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
1442
963
  # @return [String]
1443
964
  #
1444
965
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicyRequest AWS API Documentation
@@ -1449,14 +970,6 @@ module Aws::ACMPCA
1449
970
  include Aws::Structure
1450
971
  end
1451
972
 
1452
- # @note When making an API call, you may pass DescribeCertificateAuthorityAuditReportRequest
1453
- # data as a hash:
1454
- #
1455
- # {
1456
- # certificate_authority_arn: "Arn", # required
1457
- # audit_report_id: "AuditReportId", # required
1458
- # }
1459
- #
1460
973
  # @!attribute [rw] certificate_authority_arn
1461
974
  # The Amazon Resource Name (ARN) of the private CA. This must be of
1462
975
  # the form:
@@ -1471,7 +984,7 @@ module Aws::ACMPCA
1471
984
  #
1472
985
  #
1473
986
  #
1474
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
987
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html
1475
988
  # @return [String]
1476
989
  #
1477
990
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReportRequest AWS API Documentation
@@ -1512,13 +1025,6 @@ module Aws::ACMPCA
1512
1025
  include Aws::Structure
1513
1026
  end
1514
1027
 
1515
- # @note When making an API call, you may pass DescribeCertificateAuthorityRequest
1516
- # data as a hash:
1517
- #
1518
- # {
1519
- # certificate_authority_arn: "Arn", # required
1520
- # }
1521
- #
1522
1028
  # @!attribute [rw] certificate_authority_arn
1523
1029
  # The Amazon Resource Name (ARN) that was returned when you called
1524
1030
  # [CreateCertificateAuthority][1]. This must be of the form:
@@ -1528,7 +1034,7 @@ module Aws::ACMPCA
1528
1034
  #
1529
1035
  #
1530
1036
  #
1531
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1037
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1532
1038
  # @return [String]
1533
1039
  #
1534
1040
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityRequest AWS API Documentation
@@ -1545,7 +1051,7 @@ module Aws::ACMPCA
1545
1051
  #
1546
1052
  #
1547
1053
  #
1548
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthority.html
1054
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CertificateAuthority.html
1549
1055
  # @return [Types::CertificateAuthority]
1550
1056
  #
1551
1057
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityResponse AWS API Documentation
@@ -1563,14 +1069,6 @@ module Aws::ACMPCA
1563
1069
  #
1564
1070
  # [1]: https://datatracker.ietf.org/doc/html/rfc5280
1565
1071
  #
1566
- # @note When making an API call, you may pass EdiPartyName
1567
- # data as a hash:
1568
- #
1569
- # {
1570
- # party_name: "String256", # required
1571
- # name_assigner: "String256",
1572
- # }
1573
- #
1574
1072
  # @!attribute [rw] party_name
1575
1073
  # Specifies the party name.
1576
1074
  # @return [String]
@@ -1592,14 +1090,6 @@ module Aws::ACMPCA
1592
1090
  # be used other than basic purposes indicated in the `KeyUsage`
1593
1091
  # extension.
1594
1092
  #
1595
- # @note When making an API call, you may pass ExtendedKeyUsage
1596
- # data as a hash:
1597
- #
1598
- # {
1599
- # extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
1600
- # extended_key_usage_object_identifier: "CustomObjectIdentifier",
1601
- # }
1602
- #
1603
1093
  # @!attribute [rw] extended_key_usage_type
1604
1094
  # Specifies a standard `ExtendedKeyUsage` as defined as in [RFC
1605
1095
  # 5280][1].
@@ -1625,88 +1115,6 @@ module Aws::ACMPCA
1625
1115
 
1626
1116
  # Contains X.509 extension information for a certificate.
1627
1117
  #
1628
- # @note When making an API call, you may pass Extensions
1629
- # data as a hash:
1630
- #
1631
- # {
1632
- # certificate_policies: [
1633
- # {
1634
- # cert_policy_id: "CustomObjectIdentifier", # required
1635
- # policy_qualifiers: [
1636
- # {
1637
- # policy_qualifier_id: "CPS", # required, accepts CPS
1638
- # qualifier: { # required
1639
- # cps_uri: "String256", # required
1640
- # },
1641
- # },
1642
- # ],
1643
- # },
1644
- # ],
1645
- # extended_key_usage: [
1646
- # {
1647
- # extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
1648
- # extended_key_usage_object_identifier: "CustomObjectIdentifier",
1649
- # },
1650
- # ],
1651
- # key_usage: {
1652
- # digital_signature: false,
1653
- # non_repudiation: false,
1654
- # key_encipherment: false,
1655
- # data_encipherment: false,
1656
- # key_agreement: false,
1657
- # key_cert_sign: false,
1658
- # crl_sign: false,
1659
- # encipher_only: false,
1660
- # decipher_only: false,
1661
- # },
1662
- # subject_alternative_names: [
1663
- # {
1664
- # other_name: {
1665
- # type_id: "CustomObjectIdentifier", # required
1666
- # value: "String256", # required
1667
- # },
1668
- # rfc_822_name: "String256",
1669
- # dns_name: "String253",
1670
- # directory_name: {
1671
- # country: "CountryCodeString",
1672
- # organization: "String64",
1673
- # organizational_unit: "String64",
1674
- # distinguished_name_qualifier: "ASN1PrintableString64",
1675
- # state: "String128",
1676
- # common_name: "String64",
1677
- # serial_number: "ASN1PrintableString64",
1678
- # locality: "String128",
1679
- # title: "String64",
1680
- # surname: "String40",
1681
- # given_name: "String16",
1682
- # initials: "String5",
1683
- # pseudonym: "String128",
1684
- # generation_qualifier: "String3",
1685
- # custom_attributes: [
1686
- # {
1687
- # object_identifier: "CustomObjectIdentifier", # required
1688
- # value: "String1To256", # required
1689
- # },
1690
- # ],
1691
- # },
1692
- # edi_party_name: {
1693
- # party_name: "String256", # required
1694
- # name_assigner: "String256",
1695
- # },
1696
- # uniform_resource_identifier: "String253",
1697
- # ip_address: "String39",
1698
- # registered_id: "CustomObjectIdentifier",
1699
- # },
1700
- # ],
1701
- # custom_extensions: [
1702
- # {
1703
- # object_identifier: "CustomObjectIdentifier", # required
1704
- # value: "Base64String1To4096", # required
1705
- # critical: false,
1706
- # },
1707
- # ],
1708
- # }
1709
- #
1710
1118
  # @!attribute [rw] certificate_policies
1711
1119
  # Contains a sequence of one or more policy information terms, each of
1712
1120
  # which consists of an object identifier (OID) and optional
@@ -1772,47 +1180,6 @@ module Aws::ACMPCA
1772
1180
  #
1773
1181
  # [1]: https://datatracker.ietf.org/doc/html/rfc5280
1774
1182
  #
1775
- # @note When making an API call, you may pass GeneralName
1776
- # data as a hash:
1777
- #
1778
- # {
1779
- # other_name: {
1780
- # type_id: "CustomObjectIdentifier", # required
1781
- # value: "String256", # required
1782
- # },
1783
- # rfc_822_name: "String256",
1784
- # dns_name: "String253",
1785
- # directory_name: {
1786
- # country: "CountryCodeString",
1787
- # organization: "String64",
1788
- # organizational_unit: "String64",
1789
- # distinguished_name_qualifier: "ASN1PrintableString64",
1790
- # state: "String128",
1791
- # common_name: "String64",
1792
- # serial_number: "ASN1PrintableString64",
1793
- # locality: "String128",
1794
- # title: "String64",
1795
- # surname: "String40",
1796
- # given_name: "String16",
1797
- # initials: "String5",
1798
- # pseudonym: "String128",
1799
- # generation_qualifier: "String3",
1800
- # custom_attributes: [
1801
- # {
1802
- # object_identifier: "CustomObjectIdentifier", # required
1803
- # value: "String1To256", # required
1804
- # },
1805
- # ],
1806
- # },
1807
- # edi_party_name: {
1808
- # party_name: "String256", # required
1809
- # name_assigner: "String256",
1810
- # },
1811
- # uniform_resource_identifier: "String253",
1812
- # ip_address: "String39",
1813
- # registered_id: "CustomObjectIdentifier",
1814
- # }
1815
- #
1816
1183
  # @!attribute [rw] other_name
1817
1184
  # Represents `GeneralName` using an `OtherName` object.
1818
1185
  # @return [Types::OtherName]
@@ -1870,13 +1237,6 @@ module Aws::ACMPCA
1870
1237
  include Aws::Structure
1871
1238
  end
1872
1239
 
1873
- # @note When making an API call, you may pass GetCertificateAuthorityCertificateRequest
1874
- # data as a hash:
1875
- #
1876
- # {
1877
- # certificate_authority_arn: "Arn", # required
1878
- # }
1879
- #
1880
1240
  # @!attribute [rw] certificate_authority_arn
1881
1241
  # The Amazon Resource Name (ARN) of your private CA. This is of the
1882
1242
  # form:
@@ -1913,13 +1273,6 @@ module Aws::ACMPCA
1913
1273
  include Aws::Structure
1914
1274
  end
1915
1275
 
1916
- # @note When making an API call, you may pass GetCertificateAuthorityCsrRequest
1917
- # data as a hash:
1918
- #
1919
- # {
1920
- # certificate_authority_arn: "Arn", # required
1921
- # }
1922
- #
1923
1276
  # @!attribute [rw] certificate_authority_arn
1924
1277
  # The Amazon Resource Name (ARN) that was returned when you called the
1925
1278
  # [CreateCertificateAuthority][1] action. This must be of the form:
@@ -1929,7 +1282,7 @@ module Aws::ACMPCA
1929
1282
  #
1930
1283
  #
1931
1284
  #
1932
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1285
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1933
1286
  # @return [String]
1934
1287
  #
1935
1288
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsrRequest AWS API Documentation
@@ -1953,14 +1306,6 @@ module Aws::ACMPCA
1953
1306
  include Aws::Structure
1954
1307
  end
1955
1308
 
1956
- # @note When making an API call, you may pass GetCertificateRequest
1957
- # data as a hash:
1958
- #
1959
- # {
1960
- # certificate_authority_arn: "Arn", # required
1961
- # certificate_arn: "Arn", # required
1962
- # }
1963
- #
1964
1309
  # @!attribute [rw] certificate_authority_arn
1965
1310
  # The Amazon Resource Name (ARN) that was returned when you called
1966
1311
  # [CreateCertificateAuthority][1]. This must be of the form:
@@ -1970,7 +1315,7 @@ module Aws::ACMPCA
1970
1315
  #
1971
1316
  #
1972
1317
  #
1973
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1318
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
1974
1319
  # @return [String]
1975
1320
  #
1976
1321
  # @!attribute [rw] certificate_arn
@@ -2009,13 +1354,6 @@ module Aws::ACMPCA
2009
1354
  include Aws::Structure
2010
1355
  end
2011
1356
 
2012
- # @note When making an API call, you may pass GetPolicyRequest
2013
- # data as a hash:
2014
- #
2015
- # {
2016
- # resource_arn: "Arn", # required
2017
- # }
2018
- #
2019
1357
  # @!attribute [rw] resource_arn
2020
1358
  # The Amazon Resource Number (ARN) of the private CA that will have
2021
1359
  # its policy retrieved. You can find the CA's ARN by calling the
@@ -2042,15 +1380,6 @@ module Aws::ACMPCA
2042
1380
  include Aws::Structure
2043
1381
  end
2044
1382
 
2045
- # @note When making an API call, you may pass ImportCertificateAuthorityCertificateRequest
2046
- # data as a hash:
2047
- #
2048
- # {
2049
- # certificate_authority_arn: "Arn", # required
2050
- # certificate: "data", # required
2051
- # certificate_chain: "data",
2052
- # }
2053
- #
2054
1383
  # @!attribute [rw] certificate_authority_arn
2055
1384
  # The Amazon Resource Name (ARN) that was returned when you called
2056
1385
  # [CreateCertificateAuthority][1]. This must be of the form:
@@ -2060,7 +1389,7 @@ module Aws::ACMPCA
2060
1389
  #
2061
1390
  #
2062
1391
  #
2063
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1392
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
2064
1393
  # @return [String]
2065
1394
  #
2066
1395
  # @!attribute [rw] certificate
@@ -2072,9 +1401,9 @@ module Aws::ACMPCA
2072
1401
  # @!attribute [rw] certificate_chain
2073
1402
  # A PEM-encoded file that contains all of your certificates, other
2074
1403
  # than the certificate you're importing, chaining up to your root CA.
2075
- # Your ACM Private CA-hosted or on-premises root certificate is the
2076
- # last in the chain, and each certificate in the chain signs the one
2077
- # preceding.
1404
+ # Your Amazon Web Services Private CA-hosted or on-premises root
1405
+ # certificate is the last in the chain, and each certificate in the
1406
+ # chain signs the one preceding.
2078
1407
  #
2079
1408
  # This parameter must be supplied when you import a subordinate CA.
2080
1409
  # When you import a root CA, there is no chain.
@@ -2123,7 +1452,7 @@ module Aws::ACMPCA
2123
1452
  #
2124
1453
  #
2125
1454
  #
2126
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
1455
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
2127
1456
  #
2128
1457
  # @!attribute [rw] message
2129
1458
  # @return [String]
@@ -2195,127 +1524,6 @@ module Aws::ACMPCA
2195
1524
  include Aws::Structure
2196
1525
  end
2197
1526
 
2198
- # @note When making an API call, you may pass IssueCertificateRequest
2199
- # data as a hash:
2200
- #
2201
- # {
2202
- # api_passthrough: {
2203
- # extensions: {
2204
- # certificate_policies: [
2205
- # {
2206
- # cert_policy_id: "CustomObjectIdentifier", # required
2207
- # policy_qualifiers: [
2208
- # {
2209
- # policy_qualifier_id: "CPS", # required, accepts CPS
2210
- # qualifier: { # required
2211
- # cps_uri: "String256", # required
2212
- # },
2213
- # },
2214
- # ],
2215
- # },
2216
- # ],
2217
- # extended_key_usage: [
2218
- # {
2219
- # extended_key_usage_type: "SERVER_AUTH", # accepts SERVER_AUTH, CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, TIME_STAMPING, OCSP_SIGNING, SMART_CARD_LOGIN, DOCUMENT_SIGNING, CERTIFICATE_TRANSPARENCY
2220
- # extended_key_usage_object_identifier: "CustomObjectIdentifier",
2221
- # },
2222
- # ],
2223
- # key_usage: {
2224
- # digital_signature: false,
2225
- # non_repudiation: false,
2226
- # key_encipherment: false,
2227
- # data_encipherment: false,
2228
- # key_agreement: false,
2229
- # key_cert_sign: false,
2230
- # crl_sign: false,
2231
- # encipher_only: false,
2232
- # decipher_only: false,
2233
- # },
2234
- # subject_alternative_names: [
2235
- # {
2236
- # other_name: {
2237
- # type_id: "CustomObjectIdentifier", # required
2238
- # value: "String256", # required
2239
- # },
2240
- # rfc_822_name: "String256",
2241
- # dns_name: "String253",
2242
- # directory_name: {
2243
- # country: "CountryCodeString",
2244
- # organization: "String64",
2245
- # organizational_unit: "String64",
2246
- # distinguished_name_qualifier: "ASN1PrintableString64",
2247
- # state: "String128",
2248
- # common_name: "String64",
2249
- # serial_number: "ASN1PrintableString64",
2250
- # locality: "String128",
2251
- # title: "String64",
2252
- # surname: "String40",
2253
- # given_name: "String16",
2254
- # initials: "String5",
2255
- # pseudonym: "String128",
2256
- # generation_qualifier: "String3",
2257
- # custom_attributes: [
2258
- # {
2259
- # object_identifier: "CustomObjectIdentifier", # required
2260
- # value: "String1To256", # required
2261
- # },
2262
- # ],
2263
- # },
2264
- # edi_party_name: {
2265
- # party_name: "String256", # required
2266
- # name_assigner: "String256",
2267
- # },
2268
- # uniform_resource_identifier: "String253",
2269
- # ip_address: "String39",
2270
- # registered_id: "CustomObjectIdentifier",
2271
- # },
2272
- # ],
2273
- # custom_extensions: [
2274
- # {
2275
- # object_identifier: "CustomObjectIdentifier", # required
2276
- # value: "Base64String1To4096", # required
2277
- # critical: false,
2278
- # },
2279
- # ],
2280
- # },
2281
- # subject: {
2282
- # country: "CountryCodeString",
2283
- # organization: "String64",
2284
- # organizational_unit: "String64",
2285
- # distinguished_name_qualifier: "ASN1PrintableString64",
2286
- # state: "String128",
2287
- # common_name: "String64",
2288
- # serial_number: "ASN1PrintableString64",
2289
- # locality: "String128",
2290
- # title: "String64",
2291
- # surname: "String40",
2292
- # given_name: "String16",
2293
- # initials: "String5",
2294
- # pseudonym: "String128",
2295
- # generation_qualifier: "String3",
2296
- # custom_attributes: [
2297
- # {
2298
- # object_identifier: "CustomObjectIdentifier", # required
2299
- # value: "String1To256", # required
2300
- # },
2301
- # ],
2302
- # },
2303
- # },
2304
- # certificate_authority_arn: "Arn", # required
2305
- # csr: "data", # required
2306
- # signing_algorithm: "SHA256WITHECDSA", # required, accepts SHA256WITHECDSA, SHA384WITHECDSA, SHA512WITHECDSA, SHA256WITHRSA, SHA384WITHRSA, SHA512WITHRSA
2307
- # template_arn: "Arn",
2308
- # validity: { # required
2309
- # value: 1, # required
2310
- # type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
2311
- # },
2312
- # validity_not_before: {
2313
- # value: 1, # required
2314
- # type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
2315
- # },
2316
- # idempotency_token: "IdempotencyToken",
2317
- # }
2318
- #
2319
1527
  # @!attribute [rw] api_passthrough
2320
1528
  # Specifies X.509 certificate information to be included in the issued
2321
1529
  # certificate. An `APIPassthrough` or `APICSRPassthrough` template
@@ -2324,13 +1532,13 @@ module Aws::ACMPCA
2324
1532
  # Certificate Templates][1].
2325
1533
  #
2326
1534
  # If conflicting or duplicate certificate information is supplied
2327
- # during certificate issuance, ACM Private CA applies [order of
2328
- # operation rules][2] to determine what information is used.
1535
+ # during certificate issuance, Amazon Web Services Private CA applies
1536
+ # [order of operation rules][2] to determine what information is used.
2329
1537
  #
2330
1538
  #
2331
1539
  #
2332
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
2333
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
1540
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html
1541
+ # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html#template-order-of-operations
2334
1542
  # @return [Types::ApiPassthrough]
2335
1543
  #
2336
1544
  # @!attribute [rw] certificate_authority_arn
@@ -2342,7 +1550,7 @@ module Aws::ACMPCA
2342
1550
  #
2343
1551
  #
2344
1552
  #
2345
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1553
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
2346
1554
  # @return [String]
2347
1555
  #
2348
1556
  # @!attribute [rw] csr
@@ -2381,22 +1589,22 @@ module Aws::ACMPCA
2381
1589
  #
2382
1590
  # @!attribute [rw] template_arn
2383
1591
  # Specifies a custom configuration template to use when issuing a
2384
- # certificate. If this parameter is not provided, ACM Private CA
2385
- # defaults to the `EndEntityCertificate/V1` template. For CA
2386
- # certificates, you should choose the shortest path length that meets
2387
- # your needs. The path length is indicated by the PathLen*N* portion
2388
- # of the ARN, where *N* is the [CA depth][1].
1592
+ # certificate. If this parameter is not provided, Amazon Web Services
1593
+ # Private CA defaults to the `EndEntityCertificate/V1` template. For
1594
+ # CA certificates, you should choose the shortest path length that
1595
+ # meets your needs. The path length is indicated by the PathLen*N*
1596
+ # portion of the ARN, where *N* is the [CA depth][1].
2389
1597
  #
2390
1598
  # Note: The CA depth configured on a subordinate CA certificate must
2391
1599
  # not exceed the limit set by its parents in the CA hierarchy.
2392
1600
  #
2393
- # For a list of `TemplateArn` values supported by ACM Private CA, see
2394
- # [Understanding Certificate Templates][2].
1601
+ # For a list of `TemplateArn` values supported by Amazon Web Services
1602
+ # Private CA, see [Understanding Certificate Templates][2].
2395
1603
  #
2396
1604
  #
2397
1605
  #
2398
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaTerms.html#terms-cadepth
2399
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
1606
+ # [1]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaTerms.html#terms-cadepth
1607
+ # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/UsingTemplates.html
2400
1608
  # @return [String]
2401
1609
  #
2402
1610
  # @!attribute [rw] validity
@@ -2428,11 +1636,11 @@ module Aws::ACMPCA
2428
1636
  # certificate. This parameter sets the “Not Before" date for the
2429
1637
  # certificate.
2430
1638
  #
2431
- # By default, when issuing a certificate, ACM Private CA sets the
2432
- # "Not Before" date to the issuance time minus 60 minutes. This
2433
- # compensates for clock inconsistencies across computer systems. The
2434
- # `ValidityNotBefore` parameter can be used to customize the “Not
2435
- # Before” value.
1639
+ # By default, when issuing a certificate, Amazon Web Services Private
1640
+ # CA sets the "Not Before" date to the issuance time minus 60
1641
+ # minutes. This compensates for clock inconsistencies across computer
1642
+ # systems. The `ValidityNotBefore` parameter can be used to customize
1643
+ # the “Not Before” value.
2436
1644
  #
2437
1645
  # Unlike the `Validity` parameter, the `ValidityNotBefore` parameter
2438
1646
  # is optional.
@@ -2453,10 +1661,11 @@ module Aws::ACMPCA
2453
1661
  # the **IssueCertificate** action. Idempotency tokens for
2454
1662
  # **IssueCertificate** time out after one minute. Therefore, if you
2455
1663
  # call **IssueCertificate** multiple times with the same idempotency
2456
- # token within one minute, ACM Private CA recognizes that you are
2457
- # requesting only one certificate and will issue only one. If you
2458
- # change the idempotency token for each call, PCA recognizes that you
2459
- # are requesting multiple certificates.
1664
+ # token within one minute, Amazon Web Services Private CA recognizes
1665
+ # that you are requesting only one certificate and will issue only
1666
+ # one. If you change the idempotency token for each call, Amazon Web
1667
+ # Services Private CA recognizes that you are requesting multiple
1668
+ # certificates.
2460
1669
  # @return [String]
2461
1670
  #
2462
1671
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificateRequest AWS API Documentation
@@ -2493,21 +1702,6 @@ module Aws::ACMPCA
2493
1702
  # Defines one or more purposes for which the key contained in the
2494
1703
  # certificate can be used. Default value for each option is false.
2495
1704
  #
2496
- # @note When making an API call, you may pass KeyUsage
2497
- # data as a hash:
2498
- #
2499
- # {
2500
- # digital_signature: false,
2501
- # non_repudiation: false,
2502
- # key_encipherment: false,
2503
- # data_encipherment: false,
2504
- # key_agreement: false,
2505
- # key_cert_sign: false,
2506
- # crl_sign: false,
2507
- # encipher_only: false,
2508
- # decipher_only: false,
2509
- # }
2510
- #
2511
1705
  # @!attribute [rw] digital_signature
2512
1706
  # Key can be used for digital signing.
2513
1707
  # @return [Boolean]
@@ -2560,8 +1754,8 @@ module Aws::ACMPCA
2560
1754
  include Aws::Structure
2561
1755
  end
2562
1756
 
2563
- # An ACM Private CA quota has been exceeded. See the exception message
2564
- # returned to determine the quota that was exceeded.
1757
+ # An Amazon Web Services Private CA quota has been exceeded. See the
1758
+ # exception message returned to determine the quota that was exceeded.
2565
1759
  #
2566
1760
  # @!attribute [rw] message
2567
1761
  # @return [String]
@@ -2574,15 +1768,6 @@ module Aws::ACMPCA
2574
1768
  include Aws::Structure
2575
1769
  end
2576
1770
 
2577
- # @note When making an API call, you may pass ListCertificateAuthoritiesRequest
2578
- # data as a hash:
2579
- #
2580
- # {
2581
- # next_token: "NextToken",
2582
- # max_results: 1,
2583
- # resource_owner: "SELF", # accepts SELF, OTHER_ACCOUNTS
2584
- # }
2585
- #
2586
1771
  # @!attribute [rw] next_token
2587
1772
  # Use this parameter when paginating results in a subsequent request
2588
1773
  # after you receive a response with truncated results. Set it to the
@@ -2632,15 +1817,6 @@ module Aws::ACMPCA
2632
1817
  include Aws::Structure
2633
1818
  end
2634
1819
 
2635
- # @note When making an API call, you may pass ListPermissionsRequest
2636
- # data as a hash:
2637
- #
2638
- # {
2639
- # certificate_authority_arn: "Arn", # required
2640
- # next_token: "NextToken",
2641
- # max_results: 1,
2642
- # }
2643
- #
2644
1820
  # @!attribute [rw] certificate_authority_arn
2645
1821
  # The Amazon Resource Number (ARN) of the private CA to inspect. You
2646
1822
  # can find the ARN by calling the [ListCertificateAuthorities][1]
@@ -2651,7 +1827,7 @@ module Aws::ACMPCA
2651
1827
  #
2652
1828
  #
2653
1829
  #
2654
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
1830
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
2655
1831
  # @return [String]
2656
1832
  #
2657
1833
  # @!attribute [rw] next_token
@@ -2698,15 +1874,6 @@ module Aws::ACMPCA
2698
1874
  include Aws::Structure
2699
1875
  end
2700
1876
 
2701
- # @note When making an API call, you may pass ListTagsRequest
2702
- # data as a hash:
2703
- #
2704
- # {
2705
- # certificate_authority_arn: "Arn", # required
2706
- # next_token: "NextToken",
2707
- # max_results: 1,
2708
- # }
2709
- #
2710
1877
  # @!attribute [rw] certificate_authority_arn
2711
1878
  # The Amazon Resource Name (ARN) that was returned when you called the
2712
1879
  # [CreateCertificateAuthority][1] action. This must be of the form:
@@ -2716,7 +1883,7 @@ module Aws::ACMPCA
2716
1883
  #
2717
1884
  #
2718
1885
  #
2719
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
1886
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
2720
1887
  # @return [String]
2721
1888
  #
2722
1889
  # @!attribute [rw] next_token
@@ -2809,35 +1976,32 @@ module Aws::ACMPCA
2809
1976
  # When you revoke a certificate, OCSP responses may take up to 60
2810
1977
  # minutes to reflect the new status.
2811
1978
  #
2812
- # @note When making an API call, you may pass OcspConfiguration
2813
- # data as a hash:
2814
- #
2815
- # {
2816
- # enabled: false, # required
2817
- # ocsp_custom_cname: "String253",
2818
- # }
2819
- #
2820
1979
  # @!attribute [rw] enabled
2821
1980
  # Flag enabling use of the Online Certificate Status Protocol (OCSP)
2822
1981
  # for validating certificate revocation status.
2823
1982
  # @return [Boolean]
2824
1983
  #
2825
1984
  # @!attribute [rw] ocsp_custom_cname
2826
- # By default, ACM Private CA injects an Amazon Web Services domain
2827
- # into certificates being validated by the Online Certificate Status
2828
- # Protocol (OCSP). A customer can alternatively use this object to
2829
- # define a CNAME specifying a customized OCSP domain.
1985
+ # By default, Amazon Web Services Private CA injects an Amazon Web
1986
+ # Services domain into certificates being validated by the Online
1987
+ # Certificate Status Protocol (OCSP). A customer can alternatively use
1988
+ # this object to define a CNAME specifying a customized OCSP domain.
2830
1989
  #
2831
- # Note: The value of the CNAME must not include a protocol prefix such
2832
- # as "http://" or "https://".
1990
+ # <note markdown="1"> The content of a Canonical Name (CNAME) record must conform to
1991
+ # [RFC2396][1] restrictions on the use of special characters in URIs.
1992
+ # Additionally, the value of the CNAME must not include a protocol
1993
+ # prefix such as "http://" or "https://".
1994
+ #
1995
+ # </note>
2833
1996
  #
2834
1997
  # For more information, see [Customizing Online Certificate Status
2835
- # Protocol (OCSP) ][1] in the *Private Certificate Authority (PCA)
2836
- # User Guide*.
1998
+ # Protocol (OCSP) ][2] in the *Amazon Web Services Private Certificate
1999
+ # Authority User Guide*.
2837
2000
  #
2838
2001
  #
2839
2002
  #
2840
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/ocsp-customize.html
2003
+ # [1]: https://www.ietf.org/rfc/rfc2396.txt
2004
+ # [2]: https://docs.aws.amazon.com/privateca/latest/userguide/ocsp-customize.html
2841
2005
  # @return [String]
2842
2006
  #
2843
2007
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/OcspConfiguration AWS API Documentation
@@ -2858,14 +2022,6 @@ module Aws::ACMPCA
2858
2022
  #
2859
2023
  # [1]: https://csrc.nist.gov/glossary/term/Object_Identifier
2860
2024
  #
2861
- # @note When making an API call, you may pass OtherName
2862
- # data as a hash:
2863
- #
2864
- # {
2865
- # type_id: "CustomObjectIdentifier", # required
2866
- # value: "String256", # required
2867
- # }
2868
- #
2869
2025
  # @!attribute [rw] type_id
2870
2026
  # Specifies an OID.
2871
2027
  # @return [String]
@@ -2894,9 +2050,9 @@ module Aws::ACMPCA
2894
2050
  #
2895
2051
  #
2896
2052
  #
2897
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html
2898
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html
2899
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html
2053
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreatePermission.html
2054
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePermission.html
2055
+ # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListPermissions.html
2900
2056
  #
2901
2057
  # @!attribute [rw] certificate_authority_arn
2902
2058
  # The Amazon Resource Number (ARN) of the private CA from which the
@@ -2953,21 +2109,6 @@ module Aws::ACMPCA
2953
2109
 
2954
2110
  # Defines the X.509 `CertificatePolicies` extension.
2955
2111
  #
2956
- # @note When making an API call, you may pass PolicyInformation
2957
- # data as a hash:
2958
- #
2959
- # {
2960
- # cert_policy_id: "CustomObjectIdentifier", # required
2961
- # policy_qualifiers: [
2962
- # {
2963
- # policy_qualifier_id: "CPS", # required, accepts CPS
2964
- # qualifier: { # required
2965
- # cps_uri: "String256", # required
2966
- # },
2967
- # },
2968
- # ],
2969
- # }
2970
- #
2971
2112
  # @!attribute [rw] cert_policy_id
2972
2113
  # Specifies the object identifier (OID) of the certificate policy
2973
2114
  # under which the certificate was issued. For more information, see
@@ -2979,8 +2120,9 @@ module Aws::ACMPCA
2979
2120
  # @return [String]
2980
2121
  #
2981
2122
  # @!attribute [rw] policy_qualifiers
2982
- # Modifies the given `CertPolicyId` with a qualifier. ACM Private CA
2983
- # supports the certification practice statement (CPS) qualifier.
2123
+ # Modifies the given `CertPolicyId` with a qualifier. Amazon Web
2124
+ # Services Private CA supports the certification practice statement
2125
+ # (CPS) qualifier.
2984
2126
  # @return [Array<Types::PolicyQualifierInfo>]
2985
2127
  #
2986
2128
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PolicyInformation AWS API Documentation
@@ -2993,26 +2135,16 @@ module Aws::ACMPCA
2993
2135
  end
2994
2136
 
2995
2137
  # Modifies the `CertPolicyId` of a `PolicyInformation` object with a
2996
- # qualifier. ACM Private CA supports the certification practice
2997
- # statement (CPS) qualifier.
2998
- #
2999
- # @note When making an API call, you may pass PolicyQualifierInfo
3000
- # data as a hash:
3001
- #
3002
- # {
3003
- # policy_qualifier_id: "CPS", # required, accepts CPS
3004
- # qualifier: { # required
3005
- # cps_uri: "String256", # required
3006
- # },
3007
- # }
2138
+ # qualifier. Amazon Web Services Private CA supports the certification
2139
+ # practice statement (CPS) qualifier.
3008
2140
  #
3009
2141
  # @!attribute [rw] policy_qualifier_id
3010
2142
  # Identifies the qualifier modifying a `CertPolicyId`.
3011
2143
  # @return [String]
3012
2144
  #
3013
2145
  # @!attribute [rw] qualifier
3014
- # Defines the qualifier type. ACM Private CA supports the use of a URI
3015
- # for a CPS qualifier in this field.
2146
+ # Defines the qualifier type. Amazon Web Services Private CA supports
2147
+ # the use of a URI for a CPS qualifier in this field.
3016
2148
  # @return [Types::Qualifier]
3017
2149
  #
3018
2150
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PolicyQualifierInfo AWS API Documentation
@@ -3024,14 +2156,6 @@ module Aws::ACMPCA
3024
2156
  include Aws::Structure
3025
2157
  end
3026
2158
 
3027
- # @note When making an API call, you may pass PutPolicyRequest
3028
- # data as a hash:
3029
- #
3030
- # {
3031
- # resource_arn: "Arn", # required
3032
- # policy: "AWSPolicy", # required
3033
- # }
3034
- #
3035
2159
  # @!attribute [rw] resource_arn
3036
2160
  # The Amazon Resource Number (ARN) of the private CA to associate with
3037
2161
  # the policy. The ARN of the CA can be found by calling the
@@ -3041,7 +2165,7 @@ module Aws::ACMPCA
3041
2165
  #
3042
2166
  #
3043
2167
  #
3044
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html
2168
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html
3045
2169
  # @return [String]
3046
2170
  #
3047
2171
  # @!attribute [rw] policy
@@ -3066,21 +2190,14 @@ module Aws::ACMPCA
3066
2190
  include Aws::Structure
3067
2191
  end
3068
2192
 
3069
- # Defines a `PolicyInformation` qualifier. ACM Private CA supports the
3070
- # [certification practice statement (CPS) qualifier][1] defined in RFC
3071
- # 5280.
2193
+ # Defines a `PolicyInformation` qualifier. Amazon Web Services Private
2194
+ # CA supports the [certification practice statement (CPS) qualifier][1]
2195
+ # defined in RFC 5280.
3072
2196
  #
3073
2197
  #
3074
2198
  #
3075
2199
  # [1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4
3076
2200
  #
3077
- # @note When making an API call, you may pass Qualifier
3078
- # data as a hash:
3079
- #
3080
- # {
3081
- # cps_uri: "String256", # required
3082
- # }
3083
- #
3084
2201
  # @!attribute [rw] cps_uri
3085
2202
  # Contains a pointer to a certification practice statement (CPS)
3086
2203
  # published by the CA.
@@ -3147,13 +2264,6 @@ module Aws::ACMPCA
3147
2264
  include Aws::Structure
3148
2265
  end
3149
2266
 
3150
- # @note When making an API call, you may pass RestoreCertificateAuthorityRequest
3151
- # data as a hash:
3152
- #
3153
- # {
3154
- # certificate_authority_arn: "Arn", # required
3155
- # }
3156
- #
3157
2267
  # @!attribute [rw] certificate_authority_arn
3158
2268
  # The Amazon Resource Name (ARN) that was returned when you called the
3159
2269
  # [CreateCertificateAuthority][1] action. This must be of the form:
@@ -3163,7 +2273,7 @@ module Aws::ACMPCA
3163
2273
  #
3164
2274
  #
3165
2275
  #
3166
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
2276
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
3167
2277
  # @return [String]
3168
2278
  #
3169
2279
  # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthorityRequest AWS API Documentation
@@ -3182,38 +2292,22 @@ module Aws::ACMPCA
3182
2292
  # about certificates as requested by clients, and a CRL contains an
3183
2293
  # updated list of certificates revoked by your CA. For more information,
3184
2294
  # see [RevokeCertificate][3] and [Setting up a certificate revocation
3185
- # method][4] in the *Private Certificate Authority (PCA) User Guide*.
3186
- #
2295
+ # method][4] in the *Amazon Web Services Private Certificate Authority
2296
+ # User Guide*.
3187
2297
  #
3188
2298
  #
3189
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
3190
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html
3191
- # [3]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html
3192
- # [4]: https://docs.aws.amazon.com/acm-pca/latest/userguide/revocation-setup.html
3193
2299
  #
3194
- # @note When making an API call, you may pass RevocationConfiguration
3195
- # data as a hash:
3196
- #
3197
- # {
3198
- # crl_configuration: {
3199
- # enabled: false, # required
3200
- # expiration_in_days: 1,
3201
- # custom_cname: "String253",
3202
- # s3_bucket_name: "String3To255",
3203
- # s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
3204
- # },
3205
- # ocsp_configuration: {
3206
- # enabled: false, # required
3207
- # ocsp_custom_cname: "String253",
3208
- # },
3209
- # }
2300
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
2301
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
2302
+ # [3]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html
2303
+ # [4]: https://docs.aws.amazon.com/privateca/latest/userguide/revocation-setup.html
3210
2304
  #
3211
2305
  # @!attribute [rw] crl_configuration
3212
2306
  # Configuration of the certificate revocation list (CRL), if any,
3213
2307
  # maintained by your private CA. A CRL is typically updated
3214
2308
  # approximately 30 minutes after a certificate is revoked. If for any
3215
- # reason a CRL update fails, ACM Private CA makes further attempts
3216
- # every 15 minutes.
2309
+ # reason a CRL update fails, Amazon Web Services Private CA makes
2310
+ # further attempts every 15 minutes.
3217
2311
  # @return [Types::CrlConfiguration]
3218
2312
  #
3219
2313
  # @!attribute [rw] ocsp_configuration
@@ -3232,15 +2326,6 @@ module Aws::ACMPCA
3232
2326
  include Aws::Structure
3233
2327
  end
3234
2328
 
3235
- # @note When making an API call, you may pass RevokeCertificateRequest
3236
- # data as a hash:
3237
- #
3238
- # {
3239
- # certificate_authority_arn: "Arn", # required
3240
- # certificate_serial: "String128", # required
3241
- # revocation_reason: "UNSPECIFIED", # required, accepts UNSPECIFIED, KEY_COMPROMISE, CERTIFICATE_AUTHORITY_COMPROMISE, AFFILIATION_CHANGED, SUPERSEDED, CESSATION_OF_OPERATION, PRIVILEGE_WITHDRAWN, A_A_COMPROMISE
3242
- # }
3243
- #
3244
2329
  # @!attribute [rw] certificate_authority_arn
3245
2330
  # Amazon Resource Name (ARN) of the private CA that issued the
3246
2331
  # certificate to be revoked. This must be of the form:
@@ -3266,7 +2351,7 @@ module Aws::ACMPCA
3266
2351
  #
3267
2352
  #
3268
2353
  #
3269
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html
2354
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_GetCertificate.html
3270
2355
  # [2]: https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html
3271
2356
  # @return [String]
3272
2357
  #
@@ -3292,16 +2377,8 @@ module Aws::ACMPCA
3292
2377
  #
3293
2378
  #
3294
2379
  #
3295
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html
3296
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html
3297
- #
3298
- # @note When making an API call, you may pass Tag
3299
- # data as a hash:
3300
- #
3301
- # {
3302
- # key: "TagKey", # required
3303
- # value: "TagValue",
3304
- # }
2380
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_TagCertificateAuthority.html
2381
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UntagCertificateAuthority.html
3305
2382
  #
3306
2383
  # @!attribute [rw] key
3307
2384
  # Key (name) of the tag.
@@ -3320,19 +2397,6 @@ module Aws::ACMPCA
3320
2397
  include Aws::Structure
3321
2398
  end
3322
2399
 
3323
- # @note When making an API call, you may pass TagCertificateAuthorityRequest
3324
- # data as a hash:
3325
- #
3326
- # {
3327
- # certificate_authority_arn: "Arn", # required
3328
- # tags: [ # required
3329
- # {
3330
- # key: "TagKey", # required
3331
- # value: "TagValue",
3332
- # },
3333
- # ],
3334
- # }
3335
- #
3336
2400
  # @!attribute [rw] certificate_authority_arn
3337
2401
  # The Amazon Resource Name (ARN) that was returned when you called
3338
2402
  # [CreateCertificateAuthority][1]. This must be of the form:
@@ -3342,7 +2406,7 @@ module Aws::ACMPCA
3342
2406
  #
3343
2407
  #
3344
2408
  #
3345
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
2409
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
3346
2410
  # @return [String]
3347
2411
  #
3348
2412
  # @!attribute [rw] tags
@@ -3372,19 +2436,6 @@ module Aws::ACMPCA
3372
2436
  include Aws::Structure
3373
2437
  end
3374
2438
 
3375
- # @note When making an API call, you may pass UntagCertificateAuthorityRequest
3376
- # data as a hash:
3377
- #
3378
- # {
3379
- # certificate_authority_arn: "Arn", # required
3380
- # tags: [ # required
3381
- # {
3382
- # key: "TagKey", # required
3383
- # value: "TagValue",
3384
- # },
3385
- # ],
3386
- # }
3387
- #
3388
2439
  # @!attribute [rw] certificate_authority_arn
3389
2440
  # The Amazon Resource Name (ARN) that was returned when you called
3390
2441
  # [CreateCertificateAuthority][1]. This must be of the form:
@@ -3394,7 +2445,7 @@ module Aws::ACMPCA
3394
2445
  #
3395
2446
  #
3396
2447
  #
3397
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html
2448
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreateCertificateAuthority.html
3398
2449
  # @return [String]
3399
2450
  #
3400
2451
  # @!attribute [rw] tags
@@ -3410,27 +2461,6 @@ module Aws::ACMPCA
3410
2461
  include Aws::Structure
3411
2462
  end
3412
2463
 
3413
- # @note When making an API call, you may pass UpdateCertificateAuthorityRequest
3414
- # data as a hash:
3415
- #
3416
- # {
3417
- # certificate_authority_arn: "Arn", # required
3418
- # revocation_configuration: {
3419
- # crl_configuration: {
3420
- # enabled: false, # required
3421
- # expiration_in_days: 1,
3422
- # custom_cname: "String253",
3423
- # s3_bucket_name: "String3To255",
3424
- # s3_object_acl: "PUBLIC_READ", # accepts PUBLIC_READ, BUCKET_OWNER_FULL_CONTROL
3425
- # },
3426
- # ocsp_configuration: {
3427
- # enabled: false, # required
3428
- # ocsp_custom_cname: "String253",
3429
- # },
3430
- # },
3431
- # status: "CREATING", # accepts CREATING, PENDING_CERTIFICATE, ACTIVE, DELETED, DISABLED, EXPIRED, FAILED
3432
- # }
3433
- #
3434
2464
  # @!attribute [rw] certificate_authority_arn
3435
2465
  # Amazon Resource Name (ARN) of the private CA that issued the
3436
2466
  # certificate to be revoked. This must be of the form:
@@ -3447,10 +2477,31 @@ module Aws::ACMPCA
3447
2477
  # information, see the [OcspConfiguration][1] and
3448
2478
  # [CrlConfiguration][2] types.
3449
2479
  #
2480
+ # <note markdown="1"> The following requirements apply to revocation configurations.
2481
+ #
2482
+ # * A configuration disabling CRLs or OCSP must contain only the
2483
+ # `Enabled=False` parameter, and will fail if other parameters such
2484
+ # as `CustomCname` or `ExpirationInDays` are included.
2485
+ #
2486
+ # * In a CRL configuration, the `S3BucketName` parameter must conform
2487
+ # to [Amazon S3 bucket naming rules][3].
2488
+ #
2489
+ # * A configuration containing a custom Canonical Name (CNAME)
2490
+ # parameter for CRLs or OCSP must conform to [RFC2396][4]
2491
+ # restrictions on the use of special characters in a CNAME.
3450
2492
  #
2493
+ # * In a CRL or OCSP configuration, the value of a CNAME parameter
2494
+ # must not include a protocol prefix such as "http://" or
2495
+ # "https://".
3451
2496
  #
3452
- # [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html
3453
- # [2]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html
2497
+ # </note>
2498
+ #
2499
+ #
2500
+ #
2501
+ # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_OcspConfiguration.html
2502
+ # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
2503
+ # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
2504
+ # [4]: https://www.ietf.org/rfc/rfc2396.txt
3454
2505
  # @return [Types::RevocationConfiguration]
3455
2506
  #
3456
2507
  # @!attribute [rw] status
@@ -3473,34 +2524,26 @@ module Aws::ACMPCA
3473
2524
  # after issuance, stated in days, months, or years. For more
3474
2525
  # information, see [Validity][1] in RFC 5280.
3475
2526
  #
3476
- # ACM Private CA API consumes the `Validity` data type differently in
3477
- # two distinct parameters of the `IssueCertificate` action. The required
3478
- # parameter `IssueCertificate`\:`Validity` specifies the end of a
3479
- # certificate's validity period. The optional parameter
3480
- # `IssueCertificate`\:`ValidityNotBefore` specifies a customized
3481
- # starting time for the validity period.
2527
+ # Amazon Web Services Private CA API consumes the `Validity` data type
2528
+ # differently in two distinct parameters of the `IssueCertificate`
2529
+ # action. The required parameter `IssueCertificate`\:`Validity`
2530
+ # specifies the end of a certificate's validity period. The optional
2531
+ # parameter `IssueCertificate`\:`ValidityNotBefore` specifies a
2532
+ # customized starting time for the validity period.
3482
2533
  #
3483
2534
  #
3484
2535
  #
3485
2536
  # [1]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5
3486
2537
  #
3487
- # @note When making an API call, you may pass Validity
3488
- # data as a hash:
3489
- #
3490
- # {
3491
- # value: 1, # required
3492
- # type: "END_DATE", # required, accepts END_DATE, ABSOLUTE, DAYS, MONTHS, YEARS
3493
- # }
3494
- #
3495
2538
  # @!attribute [rw] value
3496
2539
  # A long integer interpreted according to the value of `Type`, below.
3497
2540
  # @return [Integer]
3498
2541
  #
3499
2542
  # @!attribute [rw] type
3500
- # Determines how *ACM Private CA* interprets the `Value` parameter, an
3501
- # integer. Supported validity types include those listed below. Type
3502
- # definitions with values include a sample input value and the
3503
- # resulting output.
2543
+ # Determines how *Amazon Web Services Private CA* interprets the
2544
+ # `Value` parameter, an integer. Supported validity types include
2545
+ # those listed below. Type definitions with values include a sample
2546
+ # input value and the resulting output.
3504
2547
  #
3505
2548
  # `END_DATE`\: The specific date and time when the certificate will
3506
2549
  # expire, expressed using UTCTime (YYMMDDHHMMSS) or GeneralizedTime