aws-sdk-acmpca 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: aff427f706191bde9e59bac24f717e6593839b45
-  data.tar.gz: 94b351d0e47d67f3478f18b0d166deb29d792197
+  metadata.gz: 40cac150ba9219a77625e9176d5d13e2da24ac9e
+  data.tar.gz: 72aa0a8685abe3cbbd786b7333f3890d59f1fe07
 SHA512:
-  metadata.gz: 58bc18726bd6d3139b3e46aa53de529e4d9cfbab41015488cd712f189b9d0dee9a7e1d31941f4bdb591ecee6073b42bb534e5480430d01f8c50b158eb4586b25
-  data.tar.gz: cf0bf6cf15682249be98c1206452ee7ee3649efe204f06657b2741b7c1653c134dd8bb272e9321b5397d4512700cc67dabc58ea7743d4caba6f55a35135b5be4
+  metadata.gz: 0cd0ffe95fc7aad7d4f677473f90f3c75907aca77e05f5897c86b4047d4f12365847750add352987f5546d922663dee7ea865cf2a802d5f5ffda5cebbf18a999
+  data.tar.gz: 6ea223ebbc56e1d4989f2dfa869a09b22ef3065cd7a5be2e145b1889518140343c7e25aeff803929b94b9453e12487505b9f7b3e19631489e7824904fa6ca065

data/lib/aws-sdk-acmpca.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-acmpca/customizations'
 # @service
 module Aws::ACMPCA
 
-  GEM_VERSION = '1.0.0'
+  GEM_VERSION = '1.1.0'
 
 end

data/lib/aws-sdk-acmpca/client.rb

@@ -164,7 +164,7 @@ module Aws::ACMPCA
     # list) configuration specifies the CRL expiration period in days (the
     # validity period of the CRL), the Amazon S3 bucket that will contain
     # the CRL, and a CNAME alias for the S3 bucket that is included in
-    # certificates issued by the CA. If successful, this function returns
+    # certificates issued by the CA. If successful, this operation returns
     # the Amazon Resource Name (ARN) of the CA.
     #
     # @option params [required, Types::CertificateAuthorityConfiguration] :certificate_authority_configuration
@@ -189,9 +189,9 @@ module Aws::ACMPCA
     #   minutes. Therefore, if you call **CreateCertificateAuthority**
     #   multiple times with the same idempotency token within a five minute
     #   period, ACM PCA recognizes that you are requesting only one
-    #   certificate and will issue only one. If you change the idempotency
-    #   token for each call, however, ACM PCA recognizes that you are
-    #   requesting multiple certificates.
+    #   certificate. As a result, ACM PCA issues only one. If you change the
+    #   idempotency token for each call, however, ACM PCA recognizes that you
+    #   are requesting multiple certificates.
     #
     # @return [Types::CreateCertificateAuthorityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -247,14 +247,15 @@ module Aws::ACMPCA
 
     # Creates an audit report that lists every time that the your CA private
     # key is used. The report is saved in the Amazon S3 bucket that you
-    # specify on input. The IssueCertificate and RevokeCertificate functions
-    # use the private key. You can generate a new report every 30 minutes.
+    # specify on input. The IssueCertificate and RevokeCertificate
+    # operations use the private key. You can generate a new report every 30
+    # minutes.
     #
     # @option params [required, String] :certificate_authority_arn
     #   Amazon Resource Name (ARN) of the CA to be audited. This is of the
     #   form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #
     # @option params [required, String] :s3_bucket_name
@@ -291,33 +292,48 @@ module Aws::ACMPCA
       req.send_request(options)
     end
 
-    # Deletes the private certificate authority (CA) that you created or
-    # started to create by calling the CreateCertificateAuthority function.
-    # This action requires that you enter an ARN (Amazon Resource Name) for
-    # the private CA that you want to delete. You can find the ARN by
-    # calling the ListCertificateAuthorities function. You can delete the CA
-    # if you are waiting for it to be created (the **Status** field of the
-    # CertificateAuthority is `CREATING`) or if the CA has been created but
-    # you haven't yet imported the signed certificate (the **Status** is
-    # `PENDING_CERTIFICATE`) into ACM PCA. If you've already imported the
-    # certificate, you cannot delete the CA unless it has been disabled for
-    # more than 30 days. To disable a CA, call the
-    # UpdateCertificateAuthority function and set the
-    # **CertificateAuthorityStatus** argument to `DISABLED`.
+    # Deletes a private certificate authority (CA). You must provide the ARN
+    # (Amazon Resource Name) of the private CA that you want to delete. You
+    # can find the ARN by calling the ListCertificateAuthorities operation.
+    # Before you can delete a CA, you must disable it. Call the
+    # UpdateCertificateAuthority operation and set the
+    # **CertificateAuthorityStatus** parameter to `DISABLED`.
+    #
+    # Additionally, you can delete a CA if you are waiting for it to be
+    # created (the **Status** field of the CertificateAuthority is
+    # `CREATING`). You can also delete it if the CA has been created but you
+    # haven't yet imported the signed certificate (the **Status** is
+    # `PENDING_CERTIFICATE`) into ACM PCA.
+    #
+    # If the CA is in one of the aforementioned states and you call
+    # DeleteCertificateAuthority, the CA's status changes to `DELETED`.
+    # However, the CA won't be permentantly deleted until the restoration
+    # period has passed. By default, if you do not set the
+    # `PermanentDeletionTimeInDays` parameter, the CA remains restorable for
+    # 30 days. You can set the parameter from 7 to 30 days. The
+    # DescribeCertificateAuthority operation returns the time remaining in
+    # the restoration window of a Private CA in the `DELETED` state. To
+    # restore an eligable CA, call the RestoreCertificateAuthority
+    # operation.
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called
-    #   CreateCertificateAuthority. This must be of the form:
+    #   CreateCertificateAuthority. This must have the following form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #
+    # @option params [Integer] :permanent_deletion_time_in_days
+    #   The number of days to make a CA restorable after it has been deleted.
+    #   This can be anywhere from 7 to 30 days, with 30 being the default.
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.delete_certificate_authority({
     #     certificate_authority_arn: "Arn", # required
+    #     permanent_deletion_time_in_days: 1,
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeleteCertificateAuthority AWS API Documentation
@@ -334,29 +350,33 @@ module Aws::ACMPCA
     # output contains the status of your CA. This can be any of the
     # following:
     #
-    # * **CREATING:** ACM PCA is creating your private certificate
-    #   authority.
+    # * `CREATING` - ACM PCA is creating your private certificate authority.
     #
-    # * **PENDING\_CERTIFICATE:** The certificate is pending. You must use
+    # * `PENDING_CERTIFICATE` - The certificate is pending. You must use
     #   your on-premises root or subordinate CA to sign your private CA CSR
     #   and then import it into PCA.
     #
-    # * **ACTIVE:** Your private CA is active.
+    # * `ACTIVE` - Your private CA is active.
     #
-    # * **DISABLED:** Your private CA has been disabled.
+    # * `DISABLED` - Your private CA has been disabled.
     #
-    # * **EXPIRED:** Your private CA certificate has expired.
+    # * `EXPIRED` - Your private CA certificate has expired.
     #
-    # * **FAILED:** Your private CA has failed. Your CA can fail for
+    # * `FAILED` - Your private CA has failed. Your CA can fail because of
     #   problems such a network outage or backend AWS failure or other
     #   errors. A failed CA can never return to the pending state. You must
     #   create a new CA.
     #
+    # * `DELETED` - Your private CA is within the restoration period, after
+    #   which it will be permanently deleted. The length of time remaining
+    #   in the CA's restoration period will also be included in this
+    #   operation's output.
+    #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called
     #   CreateCertificateAuthority. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #
     # @return [Types::DescribeCertificateAuthorityResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -376,7 +396,7 @@ module Aws::ACMPCA
     #   resp.certificate_authority.last_state_change_at #=> Time
     #   resp.certificate_authority.type #=> String, one of "SUBORDINATE"
     #   resp.certificate_authority.serial #=> String
-    #   resp.certificate_authority.status #=> String, one of "CREATING", "PENDING_CERTIFICATE", "ACTIVE", "DISABLED", "EXPIRED", "FAILED"
+    #   resp.certificate_authority.status #=> String, one of "CREATING", "PENDING_CERTIFICATE", "ACTIVE", "DELETED", "DISABLED", "EXPIRED", "FAILED"
     #   resp.certificate_authority.not_before #=> Time
     #   resp.certificate_authority.not_after #=> Time
     #   resp.certificate_authority.failure_reason #=> String, one of "REQUEST_TIMED_OUT", "UNSUPPORTED_ALGORITHM", "OTHER"
@@ -400,6 +420,7 @@ module Aws::ACMPCA
     #   resp.certificate_authority.revocation_configuration.crl_configuration.expiration_in_days #=> Integer
     #   resp.certificate_authority.revocation_configuration.crl_configuration.custom_cname #=> String
     #   resp.certificate_authority.revocation_configuration.crl_configuration.s3_bucket_name #=> String
+    #   resp.certificate_authority.restorable_until #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthority AWS API Documentation
     #
@@ -411,21 +432,21 @@ module Aws::ACMPCA
     end
 
     # Lists information about a specific audit report created by calling the
-    # CreateCertificateAuthorityAuditReport function. Audit information is
+    # CreateCertificateAuthorityAuditReport operation. Audit information is
     # created every time the certificate authority (CA) private key is used.
-    # The private key is used when you call the IssueCertificate function or
-    # the RevokeCertificate function.
+    # The private key is used when you call the IssueCertificate operation
+    # or the RevokeCertificate operation.
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) of the private CA. This must be of the
     #   form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #
     # @option params [required, String] :audit_report_id
     #   The report ID returned by calling the
-    #   CreateCertificateAuthorityAuditReport function.
+    #   CreateCertificateAuthorityAuditReport operation.
     #
     # @return [Types::DescribeCertificateAuthorityAuditReportResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -458,11 +479,11 @@ module Aws::ACMPCA
     end
 
     # Retrieves a certificate from your private CA. The ARN of the
-    # certificate is returned when you call the IssueCertificate function.
+    # certificate is returned when you call the IssueCertificate operation.
     # You must specify both the ARN of your private CA and the ARN of the
-    # issued certificate when calling the **GetCertificate** function. You
+    # issued certificate when calling the **GetCertificate** operation. You
     # can retrieve the certificate if it is in the **ISSUED** state. You can
-    # call the CreateCertificateAuthorityAuditReport function to create a
+    # call the CreateCertificateAuthorityAuditReport operation to create a
     # report that contains information about all of the certificates issued
     # and revoked by your private CA.
     #
@@ -470,14 +491,14 @@ module Aws::ACMPCA
     #   The Amazon Resource Name (ARN) that was returned when you called
     #   CreateCertificateAuthority. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #
     # @option params [required, String] :certificate_arn
     #   The ARN of the issued certificate. The ARN contains the certificate
     #   serial number and must be in the following form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
     #   `
     #
     # @return [Types::GetCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -515,7 +536,7 @@ module Aws::ACMPCA
     #   The Amazon Resource Name (ARN) of your private CA. This is of the
     #   form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #
     # @return [Types::GetCertificateAuthorityCertificateResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -545,17 +566,17 @@ module Aws::ACMPCA
 
     # Retrieves the certificate signing request (CSR) for your private
     # certificate authority (CA). The CSR is created when you call the
-    # CreateCertificateAuthority function. Take the CSR to your on-premises
+    # CreateCertificateAuthority operation. Take the CSR to your on-premises
     # X.509 infrastructure and sign it by using your root or a subordinate
     # CA. Then import the signed certificate back into ACM PCA by calling
-    # the ImportCertificateAuthorityCertificate function. The CSR is
+    # the ImportCertificateAuthorityCertificate operation. The CSR is
     # returned as a base64 PEM-encoded string.
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called the
-    #   CreateCertificateAuthority function. This must be of the form:
+    #   CreateCertificateAuthority operation. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #
     # @return [Types::GetCertificateAuthorityCsrResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -582,10 +603,10 @@ module Aws::ACMPCA
     end
 
     # Imports your signed private CA certificate into ACM PCA. Before you
-    # can call this function, you must create the private certificate
-    # authority by calling the CreateCertificateAuthority function. You must
-    # then generate a certificate signing request (CSR) by calling the
-    # GetCertificateAuthorityCsr function. Take the CSR to your on-premises
+    # can call this operation, you must create the private certificate
+    # authority by calling the CreateCertificateAuthority operation. You
+    # must then generate a certificate signing request (CSR) by calling the
+    # GetCertificateAuthorityCsr operation. Take the CSR to your on-premises
     # CA and use the root certificate or a subordinate certificate to sign
     # it. Create a certificate chain and copy the signed certificate and the
     # certificate chain to your working directory.
@@ -611,7 +632,7 @@ module Aws::ACMPCA
     #   The Amazon Resource Name (ARN) that was returned when you called
     #   CreateCertificateAuthority. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #
     # @option params [required, String, IO] :certificate
@@ -644,11 +665,11 @@ module Aws::ACMPCA
     end
 
     # Uses your private certificate authority (CA) to issue a client
-    # certificate. This function returns the Amazon Resource Name (ARN) of
+    # certificate. This operation returns the Amazon Resource Name (ARN) of
     # the certificate. You can retrieve the certificate by calling the
-    # GetCertificate function and specifying the ARN.
+    # GetCertificate operation and specifying the ARN.
     #
-    # <note markdown="1"> You cannot use the ACM **ListCertificateAuthorities** function to
+    # <note markdown="1"> You cannot use the ACM **ListCertificateAuthorities** operation to
     # retrieve the ARNs of the certificates that you issue by using ACM PCA.
     #
     #  </note>
@@ -657,7 +678,7 @@ module Aws::ACMPCA
     #   The Amazon Resource Name (ARN) that was returned when you called
     #   CreateCertificateAuthority. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #
     # @option params [required, String, IO] :csr
@@ -685,7 +706,7 @@ module Aws::ACMPCA
     #
     # @option params [String] :idempotency_token
     #   Custom string that can be used to distinguish between calls to the
-    #   **IssueCertificate** function. Idempotency tokens time out after one
+    #   **IssueCertificate** operation. Idempotency tokens time out after one
     #   hour. Therefore, if you call **IssueCertificate** multiple times with
     #   the same idempotency token within 5 minutes, ACM PCA recognizes that
     #   you are requesting only one certificate and will issue only one. If
@@ -723,7 +744,7 @@ module Aws::ACMPCA
     end
 
     # Lists the private certificate authorities that you created by using
-    # the CreateCertificateAuthority function.
+    # the CreateCertificateAuthority operation.
     #
     # @option params [String] :next_token
     #   Use this parameter when paginating results in a subsequent request
@@ -758,7 +779,7 @@ module Aws::ACMPCA
     #   resp.certificate_authorities[0].last_state_change_at #=> Time
     #   resp.certificate_authorities[0].type #=> String, one of "SUBORDINATE"
     #   resp.certificate_authorities[0].serial #=> String
-    #   resp.certificate_authorities[0].status #=> String, one of "CREATING", "PENDING_CERTIFICATE", "ACTIVE", "DISABLED", "EXPIRED", "FAILED"
+    #   resp.certificate_authorities[0].status #=> String, one of "CREATING", "PENDING_CERTIFICATE", "ACTIVE", "DELETED", "DISABLED", "EXPIRED", "FAILED"
     #   resp.certificate_authorities[0].not_before #=> Time
     #   resp.certificate_authorities[0].not_after #=> Time
     #   resp.certificate_authorities[0].failure_reason #=> String, one of "REQUEST_TIMED_OUT", "UNSUPPORTED_ALGORITHM", "OTHER"
@@ -782,6 +803,7 @@ module Aws::ACMPCA
     #   resp.certificate_authorities[0].revocation_configuration.crl_configuration.expiration_in_days #=> Integer
     #   resp.certificate_authorities[0].revocation_configuration.crl_configuration.custom_cname #=> String
     #   resp.certificate_authorities[0].revocation_configuration.crl_configuration.s3_bucket_name #=> String
+    #   resp.certificate_authorities[0].restorable_until #=> Time
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthorities AWS API Documentation
@@ -796,14 +818,14 @@ module Aws::ACMPCA
     # Lists the tags, if any, that are associated with your private CA. Tags
     # are labels that you can use to identify and organize your CAs. Each
     # tag consists of a key and an optional value. Call the
-    # TagCertificateAuthority function to add one or more tags to your CA.
-    # Call the UntagCertificateAuthority function to remove tags.
+    # TagCertificateAuthority operation to add one or more tags to your CA.
+    # Call the UntagCertificateAuthority operation to remove tags.
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called the
-    #   CreateCertificateAuthority function. This must be of the form:
+    #   CreateCertificateAuthority operation. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #
     # @option params [String] :next_token
@@ -847,8 +869,50 @@ module Aws::ACMPCA
       req.send_request(options)
     end
 
+    # Restores a certificate authority (CA) that is in the `DELETED` state.
+    # You can restore a CA during the period that you defined in the
+    # **PermanentDeletionTimeInDays** parameter of the
+    # DeleteCertificateAuthority operation. Currently, you can specify 7 to
+    # 30 days. If you did not specify a **PermanentDeletionTimeInDays**
+    # value, by default you can restore the CA at any time in a 30 day
+    # period. You can check the time remaining in the restoration period of
+    # a private CA in the `DELETED` state by calling the
+    # DescribeCertificateAuthority or ListCertificateAuthorities operations.
+    # The status of a restored CA is set to its pre-deletion status when the
+    # **RestoreCertificateAuthority** operation returns. To change its
+    # status to `ACTIVE`, call the UpdateCertificateAuthority operation. If
+    # the private CA was in the `PENDING_CERTIFICATE` state at deletion, you
+    # must use the ImportCertificateAuthorityCertificate operation to import
+    # a certificate authority into the private CA before it can be
+    # activated. You cannot restore a CA after the restoration period has
+    # ended.
+    #
+    # @option params [required, String] :certificate_authority_arn
+    #   The Amazon Resource Name (ARN) that was returned when you called the
+    #   CreateCertificateAuthority operation. This must be of the form:
+    #
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.restore_certificate_authority({
+    #     certificate_authority_arn: "Arn", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthority AWS API Documentation
+    #
+    # @overload restore_certificate_authority(params = {})
+    # @param [Hash] params ({})
+    def restore_certificate_authority(params = {}, options = {})
+      req = build_request(:restore_certificate_authority, params)
+      req.send_request(options)
+    end
+
     # Revokes a certificate that you issued by calling the IssueCertificate
-    # function. If you enable a certificate revocation list (CRL) when you
+    # operation. If you enable a certificate revocation list (CRL) when you
     # create or update your private CA, information about the revoked
     # certificates will be included in the CRL. ACM PCA writes the CRL to an
     # S3 bucket that you specify. For more information about revocation, see
@@ -860,7 +924,7 @@ module Aws::ACMPCA
     #   Amazon Resource Name (ARN) of the private CA that issued the
     #   certificate to be revoked. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #
     # @option params [required, String] :certificate_serial
@@ -868,19 +932,19 @@ module Aws::ACMPCA
     #   hexadecimal format. You can retrieve the serial number by calling
     #   GetCertificate with the Amazon Resource Name (ARN) of the certificate
     #   you want and the ARN of your private CA. The **GetCertificate**
-    #   function retrieves the certificate in the PEM format. You can use the
+    #   operation retrieves the certificate in the PEM format. You can use the
     #   following OpenSSL command to list the certificate in text format and
     #   copy the hexadecimal serial number.
     #
     #   `openssl x509 -in file_path -text -noout`
     #
     #   You can also copy the serial number from the console or use the
-    #   [DescribeCertificate][1] function in the *AWS Certificate Manager API
+    #   [DescribeCertificate][1] operation in the *AWS Certificate Manager API
     #   Reference*.
     #
     #
     #
-    #   [1]: http://docs.aws.amazon.comacm/latest/APIReferenceAPI_DescribeCertificate.html
+    #   [1]: https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html
     #
     # @option params [required, String] :revocation_reason
     #   Specifies why you revoked the certificate.
@@ -912,14 +976,14 @@ module Aws::ACMPCA
     # to identify a specific characteristic of that CA, or you can apply the
     # same tag to multiple private CAs if you want to filter for a common
     # relationship among those CAs. To remove one or more tags, use the
-    # UntagCertificateAuthority function. Call the ListTags function to see
-    # what tags are associated with your CA.
+    # UntagCertificateAuthority operation. Call the ListTags operation to
+    # see what tags are associated with your CA.
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called
     #   CreateCertificateAuthority. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #
     # @option params [required, Array<Types::Tag>] :tags
@@ -950,17 +1014,17 @@ module Aws::ACMPCA
 
     # Remove one or more tags from your private CA. A tag consists of a
     # key-value pair. If you do not specify the value portion of the tag
-    # when calling this function, the tag will be removed regardless of
+    # when calling this operation, the tag will be removed regardless of
     # value. If you specify a value, the tag is removed only if it is
     # associated with the specified value. To add tags to a private CA, use
-    # the TagCertificateAuthority. Call the ListTags function to see what
+    # the TagCertificateAuthority. Call the ListTags operation to see what
     # tags are associated with your CA.
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called
     #   CreateCertificateAuthority. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #
     # @option params [required, Array<Types::Tag>] :tags
@@ -990,17 +1054,16 @@ module Aws::ACMPCA
     end
 
     # Updates the status or configuration of a private certificate authority
-    # (CA). Your private CA must be in the <b> <code>ACTIVE</code> </b> or
-    # <b> <code>DISABLED</code> </b> state before you can update it. You can
-    # disable a private CA that is in the <b> <code>ACTIVE</code> </b> state
-    # or make a CA that is in the <b> <code>DISABLED</code> </b> state
-    # active again.
+    # (CA). Your private CA must be in the `ACTIVE` or `DISABLED` state
+    # before you can update it. You can disable a private CA that is in the
+    # `ACTIVE` state or make a CA that is in the `DISABLED` state active
+    # again.
     #
     # @option params [required, String] :certificate_authority_arn
     #   Amazon Resource Name (ARN) of the private CA that issued the
     #   certificate to be revoked. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #
     # @option params [Types::RevocationConfiguration] :revocation_configuration
@@ -1023,7 +1086,7 @@ module Aws::ACMPCA
     #         s3_bucket_name: "String3To255",
     #       },
     #     },
-    #     status: "CREATING", # accepts CREATING, PENDING_CERTIFICATE, ACTIVE, DISABLED, EXPIRED, FAILED
+    #     status: "CREATING", # accepts CREATING, PENDING_CERTIFICATE, ACTIVE, DELETED, DISABLED, EXPIRED, FAILED
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UpdateCertificateAuthority AWS API Documentation
@@ -1048,7 +1111,7 @@ module Aws::ACMPCA
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-acmpca'
-      context[:gem_version] = '1.0.0'
+      context[:gem_version] = '1.1.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-acmpca/client_api.rb

@@ -70,11 +70,13 @@ module Aws::ACMPCA
     MalformedCertificateException = Shapes::StructureShape.new(name: 'MalformedCertificateException')
     MaxResults = Shapes::IntegerShape.new(name: 'MaxResults')
     NextToken = Shapes::StringShape.new(name: 'NextToken')
+    PermanentDeletionTimeInDays = Shapes::IntegerShape.new(name: 'PermanentDeletionTimeInDays')
     PositiveLong = Shapes::IntegerShape.new(name: 'PositiveLong')
     RequestAlreadyProcessedException = Shapes::StructureShape.new(name: 'RequestAlreadyProcessedException')
     RequestFailedException = Shapes::StructureShape.new(name: 'RequestFailedException')
     RequestInProgressException = Shapes::StructureShape.new(name: 'RequestInProgressException')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
+    RestoreCertificateAuthorityRequest = Shapes::StructureShape.new(name: 'RestoreCertificateAuthorityRequest')
     RevocationConfiguration = Shapes::StructureShape.new(name: 'RevocationConfiguration')
     RevocationReason = Shapes::StringShape.new(name: 'RevocationReason')
     RevokeCertificateRequest = Shapes::StructureShape.new(name: 'RevokeCertificateRequest')
@@ -129,6 +131,7 @@ module Aws::ACMPCA
     CertificateAuthority.add_member(:failure_reason, Shapes::ShapeRef.new(shape: FailureReason, location_name: "FailureReason"))
     CertificateAuthority.add_member(:certificate_authority_configuration, Shapes::ShapeRef.new(shape: CertificateAuthorityConfiguration, location_name: "CertificateAuthorityConfiguration"))
     CertificateAuthority.add_member(:revocation_configuration, Shapes::ShapeRef.new(shape: RevocationConfiguration, location_name: "RevocationConfiguration"))
+    CertificateAuthority.add_member(:restorable_until, Shapes::ShapeRef.new(shape: TStamp, location_name: "RestorableUntil"))
     CertificateAuthority.struct_class = Types::CertificateAuthority
 
     CertificateAuthorityConfiguration.add_member(:key_algorithm, Shapes::ShapeRef.new(shape: KeyAlgorithm, required: true, location_name: "KeyAlgorithm"))
@@ -161,6 +164,7 @@ module Aws::ACMPCA
     CrlConfiguration.struct_class = Types::CrlConfiguration
 
     DeleteCertificateAuthorityRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
+    DeleteCertificateAuthorityRequest.add_member(:permanent_deletion_time_in_days, Shapes::ShapeRef.new(shape: PermanentDeletionTimeInDays, location_name: "PermanentDeletionTimeInDays"))
     DeleteCertificateAuthorityRequest.struct_class = Types::DeleteCertificateAuthorityRequest
 
     DescribeCertificateAuthorityAuditReportRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
@@ -232,6 +236,9 @@ module Aws::ACMPCA
     ListTagsResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
     ListTagsResponse.struct_class = Types::ListTagsResponse
 
+    RestoreCertificateAuthorityRequest.add_member(:certificate_authority_arn, Shapes::ShapeRef.new(shape: Arn, required: true, location_name: "CertificateAuthorityArn"))
+    RestoreCertificateAuthorityRequest.struct_class = Types::RestoreCertificateAuthorityRequest
+
     RevocationConfiguration.add_member(:crl_configuration, Shapes::ShapeRef.new(shape: CrlConfiguration, location_name: "CrlConfiguration"))
     RevocationConfiguration.struct_class = Types::RevocationConfiguration
 
@@ -332,6 +339,7 @@ module Aws::ACMPCA
         o.input = Shapes::ShapeRef.new(shape: DescribeCertificateAuthorityAuditReportRequest)
         o.output = Shapes::ShapeRef.new(shape: DescribeCertificateAuthorityAuditReportResponse)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArgsException)
       end)
 
@@ -369,6 +377,7 @@ module Aws::ACMPCA
         o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
       end)
 
       api.add_operation(:import_certificate_authority_certificate, Seahorse::Model::Operation.new.tap do |o|
@@ -382,6 +391,7 @@ module Aws::ACMPCA
         o.errors << Shapes::ShapeRef.new(shape: RequestFailedException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
         o.errors << Shapes::ShapeRef.new(shape: MalformedCertificateException)
         o.errors << Shapes::ShapeRef.new(shape: CertificateMismatchException)
       end)
@@ -419,6 +429,17 @@ module Aws::ACMPCA
         o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
       end)
 
+      api.add_operation(:restore_certificate_authority, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "RestoreCertificateAuthority"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: RestoreCertificateAuthorityRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+      end)
+
       api.add_operation(:revoke_certificate, Seahorse::Model::Operation.new.tap do |o|
         o.name = "RevokeCertificate"
         o.http_method = "POST"
@@ -442,6 +463,7 @@ module Aws::ACMPCA
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidTagException)
         o.errors << Shapes::ShapeRef.new(shape: TooManyTagsException)
       end)
@@ -454,6 +476,7 @@ module Aws::ACMPCA
         o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidStateException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidTagException)
       end)
 

data/lib/aws-sdk-acmpca/types.rb

@@ -16,7 +16,7 @@ module Aws::ACMPCA
     # service. The **Subject** must contain an X.500 distinguished name
     # (DN). A DN is a sequence of relative distinguished names (RDNs). The
     # RDNs are separated by commas in the certificate. The DN must be unique
-    # for each for each entity, but your private CA can issue more than one
+    # for each entity, but your private CA can issue more than one
     # certificate with the same DN to the same entity.
     #
     # @note When making an API call, you may pass ASN1Subject
@@ -40,7 +40,7 @@ module Aws::ACMPCA
     #       }
     #
     # @!attribute [rw] country
-    #   Two digit code that specifies the country in which the certificate
+    #   Two-digit code that specifies the country in which the certificate
     #   subject located.
     #   @return [String]
     #
@@ -77,12 +77,12 @@ module Aws::ACMPCA
     #   @return [String]
     #
     # @!attribute [rw] title
-    #   A title such as Mr. or Ms. which is pre-pended to the name to refer
+    #   A title such as Mr. or Ms., which is pre-pended to the name to refer
     #   formally to the certificate subject.
     #   @return [String]
     #
     # @!attribute [rw] surname
-    #   Family name. In the US and the UK for example, the surname of an
+    #   Family name. In the US and the UK, for example, the surname of an
     #   individual is ordered last. In Asian cultures the surname is
     #   typically ordered first.
     #   @return [String]
@@ -133,11 +133,11 @@ module Aws::ACMPCA
     # Digital certificates verify that the entity named in the certificate
     # **Subject** field owns or controls the public key contained in the
     # **Subject Public Key Info** field. Call the CreateCertificateAuthority
-    # function to create your private CA. You must then call the
-    # GetCertificateAuthorityCertificate function to retrieve a private CA
+    # operation to create your private CA. You must then call the
+    # GetCertificateAuthorityCertificate operation to retrieve a private CA
     # certificate signing request (CSR). Take the CSR to your on-premises CA
     # and sign it with the root CA certificate or a subordinate certificate.
-    # Call the ImportCertificateAuthorityCertificate function to import the
+    # Call the ImportCertificateAuthorityCertificate operation to import the
     # signed certificate into AWS Certificate Manager (ACM).
     #
     # @!attribute [rw] arn
@@ -186,6 +186,12 @@ module Aws::ACMPCA
     #   maintained by your private CA.
     #   @return [Types::RevocationConfiguration]
     #
+    # @!attribute [rw] restorable_until
+    #   The period during which a deleted CA can be restored. For more
+    #   information, see the `PermanentDeletionTimeInDays` parameter of the
+    #   DeleteCertificateAuthorityRequest operation.
+    #   @return [Time]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CertificateAuthority AWS API Documentation
     #
     class CertificateAuthority < Struct.new(
@@ -199,7 +205,8 @@ module Aws::ACMPCA
       :not_after,
       :failure_reason,
       :certificate_authority_configuration,
-      :revocation_configuration)
+      :revocation_configuration,
+      :restorable_until)
       include Aws::Structure
     end
 
@@ -209,7 +216,7 @@ module Aws::ACMPCA
     # issues a certificate, the signature algorithm it uses used when
     # issuing certificates, and its X.500 distinguished name. You must
     # specify this information when you call the CreateCertificateAuthority
-    # function.
+    # operation.
     #
     # @note When making an API call, you may pass CertificateAuthorityConfiguration
     #   data as a hash:
@@ -272,7 +279,7 @@ module Aws::ACMPCA
     #   Amazon Resource Name (ARN) of the CA to be audited. This is of the
     #   form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #   @return [String]
     #
@@ -372,9 +379,9 @@ module Aws::ACMPCA
     #   five minutes. Therefore, if you call **CreateCertificateAuthority**
     #   multiple times with the same idempotency token within a five minute
     #   period, ACM PCA recognizes that you are requesting only one
-    #   certificate and will issue only one. If you change the idempotency
-    #   token for each call, however, ACM PCA recognizes that you are
-    #   requesting multiple certificates.
+    #   certificate. As a result, ACM PCA issues only one. If you change the
+    #   idempotency token for each call, however, ACM PCA recognizes that
+    #   you are requesting multiple certificates.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityRequest AWS API Documentation
@@ -391,7 +398,7 @@ module Aws::ACMPCA
     #   If successful, the Amazon Resource Name (ARN) of the certificate
     #   authority (CA). This is of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #   @return [String]
     #
@@ -481,8 +488,8 @@ module Aws::ACMPCA
     #   Boolean value that specifies whether certificate revocation lists
     #   (CRLs) are enabled. You can use this value to enable certificate
     #   revocation for a new CA when you call the CreateCertificateAuthority
-    #   function or for an existing CA when you call the
-    #   UpdateCertificateAuthority function.
+    #   operation or for an existing CA when you call the
+    #   UpdateCertificateAuthority operation.
     #   @return [Boolean]
     #
     # @!attribute [rw] expiration_in_days
@@ -501,7 +508,7 @@ module Aws::ACMPCA
     #   value for the **CustomCname** argument, the name of your S3 bucket
     #   is placed into the **CRL Distribution Points** extension of the
     #   issued certificate. You can change the name of your bucket by
-    #   calling the UpdateCertificateAuthority function. You must specify a
+    #   calling the UpdateCertificateAuthority operation. You must specify a
     #   bucket policy that allows ACM PCA to write the CRL to your bucket.
     #   @return [String]
     #
@@ -520,20 +527,28 @@ module Aws::ACMPCA
     #
     #       {
     #         certificate_authority_arn: "Arn", # required
+    #         permanent_deletion_time_in_days: 1,
     #       }
     #
     # @!attribute [rw] certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called
-    #   CreateCertificateAuthority. This must be of the form:
+    #   CreateCertificateAuthority. This must have the following form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #   @return [String]
     #
+    # @!attribute [rw] permanent_deletion_time_in_days
+    #   The number of days to make a CA restorable after it has been
+    #   deleted. This can be anywhere from 7 to 30 days, with 30 being the
+    #   default.
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeleteCertificateAuthorityRequest AWS API Documentation
     #
     class DeleteCertificateAuthorityRequest < Struct.new(
-      :certificate_authority_arn)
+      :certificate_authority_arn,
+      :permanent_deletion_time_in_days)
       include Aws::Structure
     end
 
@@ -549,13 +564,13 @@ module Aws::ACMPCA
     #   The Amazon Resource Name (ARN) of the private CA. This must be of
     #   the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #   @return [String]
     #
     # @!attribute [rw] audit_report_id
     #   The report ID returned by calling the
-    #   CreateCertificateAuthorityAuditReport function.
+    #   CreateCertificateAuthorityAuditReport operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReportRequest AWS API Documentation
@@ -605,7 +620,7 @@ module Aws::ACMPCA
     #   The Amazon Resource Name (ARN) that was returned when you called
     #   CreateCertificateAuthority. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #   @return [String]
     #
@@ -639,7 +654,7 @@ module Aws::ACMPCA
     #   The Amazon Resource Name (ARN) of your private CA. This is of the
     #   form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #   @return [String]
     #
@@ -678,9 +693,9 @@ module Aws::ACMPCA
     #
     # @!attribute [rw] certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called the
-    #   CreateCertificateAuthority function. This must be of the form:
+    #   CreateCertificateAuthority operation. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #   @return [String]
     #
@@ -715,7 +730,7 @@ module Aws::ACMPCA
     #   The Amazon Resource Name (ARN) that was returned when you called
     #   CreateCertificateAuthority. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `.
     #   @return [String]
     #
@@ -723,7 +738,7 @@ module Aws::ACMPCA
     #   The ARN of the issued certificate. The ARN contains the certificate
     #   serial number and must be in the following form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
     #   `
     #   @return [String]
     #
@@ -767,7 +782,7 @@ module Aws::ACMPCA
     #   The Amazon Resource Name (ARN) that was returned when you called
     #   CreateCertificateAuthority. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #   @return [String]
     #
@@ -810,7 +825,7 @@ module Aws::ACMPCA
     #   The Amazon Resource Name (ARN) that was returned when you called
     #   CreateCertificateAuthority. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #   @return [String]
     #
@@ -842,8 +857,8 @@ module Aws::ACMPCA
     #
     # @!attribute [rw] idempotency_token
     #   Custom string that can be used to distinguish between calls to the
-    #   **IssueCertificate** function. Idempotency tokens time out after one
-    #   hour. Therefore, if you call **IssueCertificate** multiple times
+    #   **IssueCertificate** operation. Idempotency tokens time out after
+    #   one hour. Therefore, if you call **IssueCertificate** multiple times
     #   with the same idempotency token within 5 minutes, ACM PCA recognizes
     #   that you are requesting only one certificate and will issue only
     #   one. If you change the idempotency token for each call, PCA
@@ -865,7 +880,7 @@ module Aws::ACMPCA
     #   The Amazon Resource Name (ARN) of the issued certificate and the
     #   certificate serial number. This is of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
     #   `
     #   @return [String]
     #
@@ -936,9 +951,9 @@ module Aws::ACMPCA
     #
     # @!attribute [rw] certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called the
-    #   CreateCertificateAuthority function. This must be of the form:
+    #   CreateCertificateAuthority operation. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #   @return [String]
     #
@@ -982,8 +997,30 @@ module Aws::ACMPCA
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass RestoreCertificateAuthorityRequest
+    #   data as a hash:
+    #
+    #       {
+    #         certificate_authority_arn: "Arn", # required
+    #       }
+    #
+    # @!attribute [rw] certificate_authority_arn
+    #   The Amazon Resource Name (ARN) that was returned when you called the
+    #   CreateCertificateAuthority operation. This must be of the form:
+    #
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthorityRequest AWS API Documentation
+    #
+    class RestoreCertificateAuthorityRequest < Struct.new(
+      :certificate_authority_arn)
+      include Aws::Structure
+    end
+
     # Certificate revocation information used by the
-    # CreateCertificateAuthority and UpdateCertificateAuthority functions.
+    # CreateCertificateAuthority and UpdateCertificateAuthority operations.
     # Your private certificate authority (CA) can create and maintain a
     # certificate revocation list (CRL). A CRL contains information about
     # certificates revoked by your CA. For more information, see
@@ -1026,7 +1063,7 @@ module Aws::ACMPCA
     #   Amazon Resource Name (ARN) of the private CA that issued the
     #   certificate to be revoked. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #   @return [String]
     #
@@ -1035,19 +1072,19 @@ module Aws::ACMPCA
     #   hexadecimal format. You can retrieve the serial number by calling
     #   GetCertificate with the Amazon Resource Name (ARN) of the
     #   certificate you want and the ARN of your private CA. The
-    #   **GetCertificate** function retrieves the certificate in the PEM
+    #   **GetCertificate** operation retrieves the certificate in the PEM
     #   format. You can use the following OpenSSL command to list the
     #   certificate in text format and copy the hexadecimal serial number.
     #
     #   `openssl x509 -in file_path -text -noout`
     #
     #   You can also copy the serial number from the console or use the
-    #   [DescribeCertificate][1] function in the *AWS Certificate Manager
+    #   [DescribeCertificate][1] operation in the *AWS Certificate Manager
     #   API Reference*.
     #
     #
     #
-    #   [1]: http://docs.aws.amazon.comacm/latest/APIReferenceAPI_DescribeCertificate.html
+    #   [1]: https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html
     #   @return [String]
     #
     # @!attribute [rw] revocation_reason
@@ -1066,8 +1103,8 @@ module Aws::ACMPCA
     # Tags are labels that you can use to identify and organize your private
     # CAs. Each tag consists of a key and an optional value. You can
     # associate up to 50 tags with a private CA. To add one or more tags to
-    # a private CA, call the TagCertificateAuthority function. To remove a
-    # tag, call the UntagCertificateAuthority function.
+    # a private CA, call the TagCertificateAuthority operation. To remove a
+    # tag, call the UntagCertificateAuthority operation.
     #
     # @note When making an API call, you may pass Tag
     #   data as a hash:
@@ -1110,7 +1147,7 @@ module Aws::ACMPCA
     #   The Amazon Resource Name (ARN) that was returned when you called
     #   CreateCertificateAuthority. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #   @return [String]
     #
@@ -1143,7 +1180,7 @@ module Aws::ACMPCA
     #   The Amazon Resource Name (ARN) that was returned when you called
     #   CreateCertificateAuthority. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #   @return [String]
     #
@@ -1172,14 +1209,14 @@ module Aws::ACMPCA
     #             s3_bucket_name: "String3To255",
     #           },
     #         },
-    #         status: "CREATING", # accepts CREATING, PENDING_CERTIFICATE, ACTIVE, DISABLED, EXPIRED, FAILED
+    #         status: "CREATING", # accepts CREATING, PENDING_CERTIFICATE, ACTIVE, DELETED, DISABLED, EXPIRED, FAILED
     #       }
     #
     # @!attribute [rw] certificate_authority_arn
     #   Amazon Resource Name (ARN) of the private CA that issued the
     #   certificate to be revoked. This must be of the form:
     #
-    #   `arn:aws:acm:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
+    #   `arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
     #   `
     #   @return [String]
     #
@@ -1203,7 +1240,7 @@ module Aws::ACMPCA
     # Length of time for which the certificate issued by your private
     # certificate authority (CA), or by the private CA itself, is valid in
     # days, months, or years. You can issue a certificate by calling the
-    # IssueCertificate function.
+    # IssueCertificate operation.
     #
     # @note When making an API call, you may pass Validity
     #   data as a hash:

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-acmpca
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-04-04 00:00:00.000000000 Z
+date: 2018-06-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -75,7 +75,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2.2
+rubygems_version: 2.5.2.3
 signing_key: 
 specification_version: 4
 summary: AWS SDK for Ruby - ACM-PCA