aws-sdk-acmpca 1.82.0 → 1.83.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d40f57fc25730101a992c2e0e26fcf001ed1c9506415c54fe11291a503a089e9
-  data.tar.gz: 372d4e963017b66b600b1ada6b89d31dad8c9483718c3a398958bddcb55b73d9
+  metadata.gz: 429a2f288f3039a5e94259084db9f6edfd66bf05f8d62e3b010789415b85d14c
+  data.tar.gz: 4f1db4c4fa17d89dfe292c2e4c55d6ff148285a56b94a1d0c11f4c90e9600f12
 SHA512:
-  metadata.gz: f090474503debe116dacf72f2ee441b17e02f762b804559a8fe903dd7c505e62fd950a4270eda5af952ae7989f3ba61f8cf7efe1da7874a2b5d6ef87caf40164
-  data.tar.gz: f228527bc2e52b6b06c991500a89b55a8e46aaff30309dd03bc487f797fcef08a195cd00e5642a3b0795eda6eda10e9edc21ac8042c0349ae26dc366291f133d
+  metadata.gz: 444541707b4c4feed78211ae44f27ec083ce4f442ad22cb025faa78615445b4e8aa0cc2bdc8e08ecb0d83dc6d4037ce9a8b92ceb93e4ef33ed803e2b27e8a4ee
+  data.tar.gz: db26b0a2861dd6572c1536b9474fcbc8b75106b1e24df37eddd67ca88e1db5dc06b4b577bca6fda868e720e63d34ac737cd96473bb73f414a8ae725cc2aa0739

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.83.0 (2024-10-10)
+------------------
+
+* Feature - Documentation updates for AWS Private CA.
+
 1.82.0 (2024-09-24)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.82.0
+1.83.0

data/lib/aws-sdk-acmpca/client.rb

@@ -491,14 +491,14 @@ module Aws::ACMPCA
     #   signing algorithm, and X.500 certificate subject information.
     #
     # @option params [Types::RevocationConfiguration] :revocation_configuration
-    #   Contains information to enable Online Certificate Status Protocol
-    #   (OCSP) support, to enable a certificate revocation list (CRL), to
-    #   enable both, or to enable neither. The default is for both certificate
-    #   validation mechanisms to be disabled.
+    #   Contains information to enable support for Online Certificate Status
+    #   Protocol (OCSP), certificate revocation list (CRL), both protocols, or
+    #   neither. By default, both certificate validation mechanisms are
+    #   disabled.
     #
-    #   <note markdown="1"> The following requirements apply to revocation configurations.
+    #   The following requirements apply to revocation configurations.
     #
-    #    * A configuration disabling CRLs or OCSP must contain only the
+    #   * A configuration disabling CRLs or OCSP must contain only the
     #     `Enabled=False` parameter, and will fail if other parameters such as
     #     `CustomCname` or `ExpirationInDays` are included.
     #
@@ -512,8 +512,6 @@ module Aws::ACMPCA
     #   * In a CRL or OCSP configuration, the value of a CNAME parameter must
     #     not include a protocol prefix such as "http://" or "https://".
     #
-    #    </note>
-    #
     #   For more information, see the [OcspConfiguration][3] and
     #   [CrlConfiguration][4] types.
     #
@@ -713,17 +711,13 @@ module Aws::ACMPCA
     end
 
     # Creates an audit report that lists every time that your CA private key
-    # is used. The report is saved in the Amazon S3 bucket that you specify
-    # on input. The [IssueCertificate][1] and [RevokeCertificate][2] actions
-    # use the private key.
-    #
-    # <note markdown="1"> Both Amazon Web Services Private CA and the IAM principal must have
-    # permission to write to the S3 bucket that you specify. If the IAM
-    # principal making the call does not have permission to write to the
-    # bucket, then an exception is thrown. For more information, see [Access
-    # policies for CRLs in Amazon S3][3].
+    # is used to issue a certificate. The [IssueCertificate][1] and
+    # [RevokeCertificate][2] actions use the private key.
     #
-    #  </note>
+    # To save the audit report to your designated Amazon S3 bucket, you must
+    # create a bucket policy that grants Amazon Web Services Private CA
+    # permission to access and write to it. For an example policy, see
+    # [Prepare an Amazon S3 bucket for audit reports][3].
     #
     # Amazon Web Services Private CA assets that are stored in Amazon S3 can
     # be protected with encryption. For more information, see [Encrypting
@@ -737,7 +731,7 @@ module Aws::ACMPCA
     #
     # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html
     # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html
-    # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#s3-policies
+    # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaAuditReport.html#s3-access
     # [4]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaAuditReport.html#audit-report-encryption
     #
     # @option params [required, String] :certificate_authority_arn
@@ -1549,44 +1543,46 @@ module Aws::ACMPCA
     # Amazon Web Services Private CA allows the following extensions to be
     # marked critical in the imported CA certificate or chain.
     #
-    # * Basic constraints (*must* be marked critical)
+    # * Authority key identifier
     #
-    # * Subject alternative names
+    # * Basic constraints (*must* be marked critical)
     #
-    # * Key usage
+    # * Certificate policies
     #
     # * Extended key usage
     #
-    # * Authority key identifier
-    #
-    # * Subject key identifier
+    # * Inhibit anyPolicy
     #
     # * Issuer alternative name
     #
-    # * Subject directory attributes
-    #
-    # * Subject information access
+    # * Key usage
     #
-    # * Certificate policies
+    # * Name constraints
     #
     # * Policy mappings
     #
-    # * Inhibit anyPolicy
+    # * Subject alternative name
     #
-    # Amazon Web Services Private CA rejects the following extensions when
-    # they are marked critical in an imported CA certificate or chain.
+    # * Subject directory attributes
     #
-    # * Name constraints
+    # * Subject key identifier
     #
-    # * Policy constraints
+    # * Subject information access
     #
-    # * CRL distribution points
+    # Amazon Web Services Private CA rejects the following extensions when
+    # they are marked critical in an imported CA certificate or chain.
     #
     # * Authority information access
     #
+    # * CRL distribution points
+    #
     # * Freshest CRL
     #
-    # * Any other extension
+    # * Policy constraints
+    #
+    # Amazon Web Services Private Certificate Authority will also reject any
+    # other extension marked as critical not contained on the preceding list
+    # of allowed extensions.
     #
     #
     #
@@ -2572,15 +2568,15 @@ module Aws::ACMPCA
     #   `
     #
     # @option params [Types::RevocationConfiguration] :revocation_configuration
-    #   Contains information to enable Online Certificate Status Protocol
-    #   (OCSP) support, to enable a certificate revocation list (CRL), to
-    #   enable both, or to enable neither. If this parameter is not supplied,
-    #   existing capibilites remain unchanged. For more information, see the
-    #   [OcspConfiguration][1] and [CrlConfiguration][2] types.
+    #   Contains information to enable support for Online Certificate Status
+    #   Protocol (OCSP), certificate revocation list (CRL), both protocols, or
+    #   neither. If you don't supply this parameter, existing capibilites
+    #   remain unchanged. For more information, see the [OcspConfiguration][1]
+    #   and [CrlConfiguration][2] types.
     #
-    #   <note markdown="1"> The following requirements apply to revocation configurations.
+    #   The following requirements apply to revocation configurations.
     #
-    #    * A configuration disabling CRLs or OCSP must contain only the
+    #   * A configuration disabling CRLs or OCSP must contain only the
     #     `Enabled=False` parameter, and will fail if other parameters such as
     #     `CustomCname` or `ExpirationInDays` are included.
     #
@@ -2594,7 +2590,17 @@ module Aws::ACMPCA
     #   * In a CRL or OCSP configuration, the value of a CNAME parameter must
     #     not include a protocol prefix such as "http://" or "https://".
     #
-    #    </note>
+    #   If you update the `S3BucketName` of [CrlConfiguration][2], you can
+    #   break revocation for existing certificates. In other words, if you
+    #   call [UpdateCertificateAuthority][5] to update the CRL
+    #   configuration's S3 bucket name, Amazon Web Services Private CA only
+    #   writes CRLs to the new S3 bucket. Certificates issued prior to this
+    #   point will have the old S3 bucket name in your CRL Distribution Point
+    #   (CDP) extension, essentially breaking revocation. If you must update
+    #   the S3 bucket, you'll need to reissue old certificates to keep the
+    #   revocation working. Alternatively, you can use a [CustomCname][6] in
+    #   your CRL configuration if you might need to change the S3 bucket name
+    #   in the future.
     #
     #
     #
@@ -2602,6 +2608,8 @@ module Aws::ACMPCA
     #   [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
     #   [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
     #   [4]: https://www.ietf.org/rfc/rfc2396.txt
+    #   [5]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
+    #   [6]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html#privateca-Type-CrlConfiguration-CustomCname
     #
     # @option params [String] :status
     #   Status of your private CA.
@@ -2658,7 +2666,7 @@ module Aws::ACMPCA
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-acmpca'
-      context[:gem_version] = '1.82.0'
+      context[:gem_version] = '1.83.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-acmpca/types.rb

@@ -466,14 +466,14 @@ module Aws::ACMPCA
     #   @return [Types::CertificateAuthorityConfiguration]
     #
     # @!attribute [rw] revocation_configuration
-    #   Contains information to enable Online Certificate Status Protocol
-    #   (OCSP) support, to enable a certificate revocation list (CRL), to
-    #   enable both, or to enable neither. The default is for both
-    #   certificate validation mechanisms to be disabled.
+    #   Contains information to enable support for Online Certificate Status
+    #   Protocol (OCSP), certificate revocation list (CRL), both protocols,
+    #   or neither. By default, both certificate validation mechanisms are
+    #   disabled.
     #
-    #   <note markdown="1"> The following requirements apply to revocation configurations.
+    #   The following requirements apply to revocation configurations.
     #
-    #    * A configuration disabling CRLs or OCSP must contain only the
+    #   * A configuration disabling CRLs or OCSP must contain only the
     #     `Enabled=False` parameter, and will fail if other parameters such
     #     as `CustomCname` or `ExpirationInDays` are included.
     #
@@ -488,8 +488,6 @@ module Aws::ACMPCA
     #     must not include a protocol prefix such as "http://" or
     #     "https://".
     #
-    #    </note>
-    #
     #   For more information, see the [OcspConfiguration][3] and
     #   [CrlConfiguration][4] types.
     #
@@ -2518,16 +2516,15 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] revocation_configuration
-    #   Contains information to enable Online Certificate Status Protocol
-    #   (OCSP) support, to enable a certificate revocation list (CRL), to
-    #   enable both, or to enable neither. If this parameter is not
-    #   supplied, existing capibilites remain unchanged. For more
-    #   information, see the [OcspConfiguration][1] and
-    #   [CrlConfiguration][2] types.
+    #   Contains information to enable support for Online Certificate Status
+    #   Protocol (OCSP), certificate revocation list (CRL), both protocols,
+    #   or neither. If you don't supply this parameter, existing
+    #   capibilites remain unchanged. For more information, see the
+    #   [OcspConfiguration][1] and [CrlConfiguration][2] types.
     #
-    #   <note markdown="1"> The following requirements apply to revocation configurations.
+    #   The following requirements apply to revocation configurations.
     #
-    #    * A configuration disabling CRLs or OCSP must contain only the
+    #   * A configuration disabling CRLs or OCSP must contain only the
     #     `Enabled=False` parameter, and will fail if other parameters such
     #     as `CustomCname` or `ExpirationInDays` are included.
     #
@@ -2542,7 +2539,17 @@ module Aws::ACMPCA
     #     must not include a protocol prefix such as "http://" or
     #     "https://".
     #
-    #    </note>
+    #   If you update the `S3BucketName` of [CrlConfiguration][2], you can
+    #   break revocation for existing certificates. In other words, if you
+    #   call [UpdateCertificateAuthority][5] to update the CRL
+    #   configuration's S3 bucket name, Amazon Web Services Private CA only
+    #   writes CRLs to the new S3 bucket. Certificates issued prior to this
+    #   point will have the old S3 bucket name in your CRL Distribution
+    #   Point (CDP) extension, essentially breaking revocation. If you must
+    #   update the S3 bucket, you'll need to reissue old certificates to
+    #   keep the revocation working. Alternatively, you can use a
+    #   [CustomCname][6] in your CRL configuration if you might need to
+    #   change the S3 bucket name in the future.
     #
     #
     #
@@ -2550,6 +2557,8 @@ module Aws::ACMPCA
     #   [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
     #   [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
     #   [4]: https://www.ietf.org/rfc/rfc2396.txt
+    #   [5]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
+    #   [6]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html#privateca-Type-CrlConfiguration-CustomCname
     #   @return [Types::RevocationConfiguration]
     #
     # @!attribute [rw] status

data/lib/aws-sdk-acmpca.rb

@@ -55,7 +55,7 @@ module Aws::ACMPCA
   autoload :EndpointProvider, 'aws-sdk-acmpca/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-acmpca/endpoints'
 
-  GEM_VERSION = '1.82.0'
+  GEM_VERSION = '1.83.0'
 
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-acmpca
 version: !ruby/object:Gem::Version
-  version: 1.82.0
+  version: 1.83.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-09-24 00:00:00.000000000 Z
+date: 2024-10-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core