aws-sdk-acmpca 1.81.0 → 1.83.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3e4a1446b889652492a501e46be7c6b98e4a8df69d7c9f80aab6c07bcc6aa7b0
4
- data.tar.gz: df1dc203bf6f3f30d757a7eba310081e699d08c8ebaf4cf9eee3c22f0cba6125
3
+ metadata.gz: 429a2f288f3039a5e94259084db9f6edfd66bf05f8d62e3b010789415b85d14c
4
+ data.tar.gz: 4f1db4c4fa17d89dfe292c2e4c55d6ff148285a56b94a1d0c11f4c90e9600f12
5
5
  SHA512:
6
- metadata.gz: a027fb746d30384e3ab59bce994d65ed05d2512026b8ce7140c157a8c510e5cb7667991d5168262532aa491fa371e264e1fceb0e1bd97dbe6a427cbab3193e8c
7
- data.tar.gz: 6c2cef86d8c26eddbdeeb6b43d8291c4d59a4046559749124c52839c8d1e6b550f28883571a14b3d3fc0c453ef4c5a5eb8a7235ee793eb6342106503e8ce06e1
6
+ metadata.gz: 444541707b4c4feed78211ae44f27ec083ce4f442ad22cb025faa78615445b4e8aa0cc2bdc8e08ecb0d83dc6d4037ce9a8b92ceb93e4ef33ed803e2b27e8a4ee
7
+ data.tar.gz: db26b0a2861dd6572c1536b9474fcbc8b75106b1e24df37eddd67ca88e1db5dc06b4b577bca6fda868e720e63d34ac737cd96473bb73f414a8ae725cc2aa0739
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.83.0 (2024-10-10)
5
+ ------------------
6
+
7
+ * Feature - Documentation updates for AWS Private CA.
8
+
9
+ 1.82.0 (2024-09-24)
10
+ ------------------
11
+
12
+ * Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
13
+
4
14
  1.81.0 (2024-09-23)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.81.0
1
+ 1.83.0
@@ -36,8 +36,6 @@ require 'aws-sdk-core/plugins/telemetry.rb'
36
36
  require 'aws-sdk-core/plugins/sign.rb'
37
37
  require 'aws-sdk-core/plugins/protocols/json_rpc.rb'
38
38
 
39
- Aws::Plugins::GlobalConfiguration.add_identifier(:acmpca)
40
-
41
39
  module Aws::ACMPCA
42
40
  # An API client for ACMPCA. To construct a client, you need to configure a `:region` and `:credentials`.
43
41
  #
@@ -493,14 +491,14 @@ module Aws::ACMPCA
493
491
  # signing algorithm, and X.500 certificate subject information.
494
492
  #
495
493
  # @option params [Types::RevocationConfiguration] :revocation_configuration
496
- # Contains information to enable Online Certificate Status Protocol
497
- # (OCSP) support, to enable a certificate revocation list (CRL), to
498
- # enable both, or to enable neither. The default is for both certificate
499
- # validation mechanisms to be disabled.
494
+ # Contains information to enable support for Online Certificate Status
495
+ # Protocol (OCSP), certificate revocation list (CRL), both protocols, or
496
+ # neither. By default, both certificate validation mechanisms are
497
+ # disabled.
500
498
  #
501
- # <note markdown="1"> The following requirements apply to revocation configurations.
499
+ # The following requirements apply to revocation configurations.
502
500
  #
503
- # * A configuration disabling CRLs or OCSP must contain only the
501
+ # * A configuration disabling CRLs or OCSP must contain only the
504
502
  # `Enabled=False` parameter, and will fail if other parameters such as
505
503
  # `CustomCname` or `ExpirationInDays` are included.
506
504
  #
@@ -514,8 +512,6 @@ module Aws::ACMPCA
514
512
  # * In a CRL or OCSP configuration, the value of a CNAME parameter must
515
513
  # not include a protocol prefix such as "http://" or "https://".
516
514
  #
517
- # </note>
518
- #
519
515
  # For more information, see the [OcspConfiguration][3] and
520
516
  # [CrlConfiguration][4] types.
521
517
  #
@@ -715,17 +711,13 @@ module Aws::ACMPCA
715
711
  end
716
712
 
717
713
  # Creates an audit report that lists every time that your CA private key
718
- # is used. The report is saved in the Amazon S3 bucket that you specify
719
- # on input. The [IssueCertificate][1] and [RevokeCertificate][2] actions
720
- # use the private key.
721
- #
722
- # <note markdown="1"> Both Amazon Web Services Private CA and the IAM principal must have
723
- # permission to write to the S3 bucket that you specify. If the IAM
724
- # principal making the call does not have permission to write to the
725
- # bucket, then an exception is thrown. For more information, see [Access
726
- # policies for CRLs in Amazon S3][3].
714
+ # is used to issue a certificate. The [IssueCertificate][1] and
715
+ # [RevokeCertificate][2] actions use the private key.
727
716
  #
728
- # </note>
717
+ # To save the audit report to your designated Amazon S3 bucket, you must
718
+ # create a bucket policy that grants Amazon Web Services Private CA
719
+ # permission to access and write to it. For an example policy, see
720
+ # [Prepare an Amazon S3 bucket for audit reports][3].
729
721
  #
730
722
  # Amazon Web Services Private CA assets that are stored in Amazon S3 can
731
723
  # be protected with encryption. For more information, see [Encrypting
@@ -739,7 +731,7 @@ module Aws::ACMPCA
739
731
  #
740
732
  # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html
741
733
  # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html
742
- # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#s3-policies
734
+ # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaAuditReport.html#s3-access
743
735
  # [4]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaAuditReport.html#audit-report-encryption
744
736
  #
745
737
  # @option params [required, String] :certificate_authority_arn
@@ -1551,44 +1543,46 @@ module Aws::ACMPCA
1551
1543
  # Amazon Web Services Private CA allows the following extensions to be
1552
1544
  # marked critical in the imported CA certificate or chain.
1553
1545
  #
1554
- # * Basic constraints (*must* be marked critical)
1546
+ # * Authority key identifier
1555
1547
  #
1556
- # * Subject alternative names
1548
+ # * Basic constraints (*must* be marked critical)
1557
1549
  #
1558
- # * Key usage
1550
+ # * Certificate policies
1559
1551
  #
1560
1552
  # * Extended key usage
1561
1553
  #
1562
- # * Authority key identifier
1563
- #
1564
- # * Subject key identifier
1554
+ # * Inhibit anyPolicy
1565
1555
  #
1566
1556
  # * Issuer alternative name
1567
1557
  #
1568
- # * Subject directory attributes
1569
- #
1570
- # * Subject information access
1558
+ # * Key usage
1571
1559
  #
1572
- # * Certificate policies
1560
+ # * Name constraints
1573
1561
  #
1574
1562
  # * Policy mappings
1575
1563
  #
1576
- # * Inhibit anyPolicy
1564
+ # * Subject alternative name
1577
1565
  #
1578
- # Amazon Web Services Private CA rejects the following extensions when
1579
- # they are marked critical in an imported CA certificate or chain.
1566
+ # * Subject directory attributes
1580
1567
  #
1581
- # * Name constraints
1568
+ # * Subject key identifier
1582
1569
  #
1583
- # * Policy constraints
1570
+ # * Subject information access
1584
1571
  #
1585
- # * CRL distribution points
1572
+ # Amazon Web Services Private CA rejects the following extensions when
1573
+ # they are marked critical in an imported CA certificate or chain.
1586
1574
  #
1587
1575
  # * Authority information access
1588
1576
  #
1577
+ # * CRL distribution points
1578
+ #
1589
1579
  # * Freshest CRL
1590
1580
  #
1591
- # * Any other extension
1581
+ # * Policy constraints
1582
+ #
1583
+ # Amazon Web Services Private Certificate Authority will also reject any
1584
+ # other extension marked as critical not contained on the preceding list
1585
+ # of allowed extensions.
1592
1586
  #
1593
1587
  #
1594
1588
  #
@@ -2574,15 +2568,15 @@ module Aws::ACMPCA
2574
2568
  # `
2575
2569
  #
2576
2570
  # @option params [Types::RevocationConfiguration] :revocation_configuration
2577
- # Contains information to enable Online Certificate Status Protocol
2578
- # (OCSP) support, to enable a certificate revocation list (CRL), to
2579
- # enable both, or to enable neither. If this parameter is not supplied,
2580
- # existing capibilites remain unchanged. For more information, see the
2581
- # [OcspConfiguration][1] and [CrlConfiguration][2] types.
2571
+ # Contains information to enable support for Online Certificate Status
2572
+ # Protocol (OCSP), certificate revocation list (CRL), both protocols, or
2573
+ # neither. If you don't supply this parameter, existing capibilites
2574
+ # remain unchanged. For more information, see the [OcspConfiguration][1]
2575
+ # and [CrlConfiguration][2] types.
2582
2576
  #
2583
- # <note markdown="1"> The following requirements apply to revocation configurations.
2577
+ # The following requirements apply to revocation configurations.
2584
2578
  #
2585
- # * A configuration disabling CRLs or OCSP must contain only the
2579
+ # * A configuration disabling CRLs or OCSP must contain only the
2586
2580
  # `Enabled=False` parameter, and will fail if other parameters such as
2587
2581
  # `CustomCname` or `ExpirationInDays` are included.
2588
2582
  #
@@ -2596,7 +2590,17 @@ module Aws::ACMPCA
2596
2590
  # * In a CRL or OCSP configuration, the value of a CNAME parameter must
2597
2591
  # not include a protocol prefix such as "http://" or "https://".
2598
2592
  #
2599
- # </note>
2593
+ # If you update the `S3BucketName` of [CrlConfiguration][2], you can
2594
+ # break revocation for existing certificates. In other words, if you
2595
+ # call [UpdateCertificateAuthority][5] to update the CRL
2596
+ # configuration's S3 bucket name, Amazon Web Services Private CA only
2597
+ # writes CRLs to the new S3 bucket. Certificates issued prior to this
2598
+ # point will have the old S3 bucket name in your CRL Distribution Point
2599
+ # (CDP) extension, essentially breaking revocation. If you must update
2600
+ # the S3 bucket, you'll need to reissue old certificates to keep the
2601
+ # revocation working. Alternatively, you can use a [CustomCname][6] in
2602
+ # your CRL configuration if you might need to change the S3 bucket name
2603
+ # in the future.
2600
2604
  #
2601
2605
  #
2602
2606
  #
@@ -2604,6 +2608,8 @@ module Aws::ACMPCA
2604
2608
  # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
2605
2609
  # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
2606
2610
  # [4]: https://www.ietf.org/rfc/rfc2396.txt
2611
+ # [5]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
2612
+ # [6]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html#privateca-Type-CrlConfiguration-CustomCname
2607
2613
  #
2608
2614
  # @option params [String] :status
2609
2615
  # Status of your private CA.
@@ -2660,7 +2666,7 @@ module Aws::ACMPCA
2660
2666
  tracer: tracer
2661
2667
  )
2662
2668
  context[:gem_name] = 'aws-sdk-acmpca'
2663
- context[:gem_version] = '1.81.0'
2669
+ context[:gem_version] = '1.83.0'
2664
2670
  Seahorse::Client::Request.new(handlers, context)
2665
2671
  end
2666
2672
 
@@ -466,14 +466,14 @@ module Aws::ACMPCA
466
466
  # @return [Types::CertificateAuthorityConfiguration]
467
467
  #
468
468
  # @!attribute [rw] revocation_configuration
469
- # Contains information to enable Online Certificate Status Protocol
470
- # (OCSP) support, to enable a certificate revocation list (CRL), to
471
- # enable both, or to enable neither. The default is for both
472
- # certificate validation mechanisms to be disabled.
469
+ # Contains information to enable support for Online Certificate Status
470
+ # Protocol (OCSP), certificate revocation list (CRL), both protocols,
471
+ # or neither. By default, both certificate validation mechanisms are
472
+ # disabled.
473
473
  #
474
- # <note markdown="1"> The following requirements apply to revocation configurations.
474
+ # The following requirements apply to revocation configurations.
475
475
  #
476
- # * A configuration disabling CRLs or OCSP must contain only the
476
+ # * A configuration disabling CRLs or OCSP must contain only the
477
477
  # `Enabled=False` parameter, and will fail if other parameters such
478
478
  # as `CustomCname` or `ExpirationInDays` are included.
479
479
  #
@@ -488,8 +488,6 @@ module Aws::ACMPCA
488
488
  # must not include a protocol prefix such as "http://" or
489
489
  # "https://".
490
490
  #
491
- # </note>
492
- #
493
491
  # For more information, see the [OcspConfiguration][3] and
494
492
  # [CrlConfiguration][4] types.
495
493
  #
@@ -2518,16 +2516,15 @@ module Aws::ACMPCA
2518
2516
  # @return [String]
2519
2517
  #
2520
2518
  # @!attribute [rw] revocation_configuration
2521
- # Contains information to enable Online Certificate Status Protocol
2522
- # (OCSP) support, to enable a certificate revocation list (CRL), to
2523
- # enable both, or to enable neither. If this parameter is not
2524
- # supplied, existing capibilites remain unchanged. For more
2525
- # information, see the [OcspConfiguration][1] and
2526
- # [CrlConfiguration][2] types.
2519
+ # Contains information to enable support for Online Certificate Status
2520
+ # Protocol (OCSP), certificate revocation list (CRL), both protocols,
2521
+ # or neither. If you don't supply this parameter, existing
2522
+ # capibilites remain unchanged. For more information, see the
2523
+ # [OcspConfiguration][1] and [CrlConfiguration][2] types.
2527
2524
  #
2528
- # <note markdown="1"> The following requirements apply to revocation configurations.
2525
+ # The following requirements apply to revocation configurations.
2529
2526
  #
2530
- # * A configuration disabling CRLs or OCSP must contain only the
2527
+ # * A configuration disabling CRLs or OCSP must contain only the
2531
2528
  # `Enabled=False` parameter, and will fail if other parameters such
2532
2529
  # as `CustomCname` or `ExpirationInDays` are included.
2533
2530
  #
@@ -2542,7 +2539,17 @@ module Aws::ACMPCA
2542
2539
  # must not include a protocol prefix such as "http://" or
2543
2540
  # "https://".
2544
2541
  #
2545
- # </note>
2542
+ # If you update the `S3BucketName` of [CrlConfiguration][2], you can
2543
+ # break revocation for existing certificates. In other words, if you
2544
+ # call [UpdateCertificateAuthority][5] to update the CRL
2545
+ # configuration's S3 bucket name, Amazon Web Services Private CA only
2546
+ # writes CRLs to the new S3 bucket. Certificates issued prior to this
2547
+ # point will have the old S3 bucket name in your CRL Distribution
2548
+ # Point (CDP) extension, essentially breaking revocation. If you must
2549
+ # update the S3 bucket, you'll need to reissue old certificates to
2550
+ # keep the revocation working. Alternatively, you can use a
2551
+ # [CustomCname][6] in your CRL configuration if you might need to
2552
+ # change the S3 bucket name in the future.
2546
2553
  #
2547
2554
  #
2548
2555
  #
@@ -2550,6 +2557,8 @@ module Aws::ACMPCA
2550
2557
  # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
2551
2558
  # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
2552
2559
  # [4]: https://www.ietf.org/rfc/rfc2396.txt
2560
+ # [5]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
2561
+ # [6]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html#privateca-Type-CrlConfiguration-CustomCname
2553
2562
  # @return [Types::RevocationConfiguration]
2554
2563
  #
2555
2564
  # @!attribute [rw] status
@@ -11,6 +11,8 @@
11
11
  require 'aws-sdk-core'
12
12
  require 'aws-sigv4'
13
13
 
14
+ Aws::Plugins::GlobalConfiguration.add_identifier(:acmpca)
15
+
14
16
  # This module provides support for AWS Certificate Manager Private Certificate Authority. This module is available in the
15
17
  # `aws-sdk-acmpca` gem.
16
18
  #
@@ -53,7 +55,7 @@ module Aws::ACMPCA
53
55
  autoload :EndpointProvider, 'aws-sdk-acmpca/endpoint_provider'
54
56
  autoload :Endpoints, 'aws-sdk-acmpca/endpoints'
55
57
 
56
- GEM_VERSION = '1.81.0'
58
+ GEM_VERSION = '1.83.0'
57
59
 
58
60
  end
59
61
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-acmpca
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.81.0
4
+ version: 1.83.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-09-23 00:00:00.000000000 Z
11
+ date: 2024-10-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core