aws-sdk-acmpca 1.34.0 → 1.35.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9ebd7ace492b94a132d32c6bf1ea0eb5d377ce469fc8ac231d7da2497fe23fc7
-  data.tar.gz: 84a05ad7a3c239e99a9154e1afb9d99aeb439bfa3063c319ddd9387c1484df48
+  metadata.gz: d04817022fa4367102b398d2f979e2f076f2a9289beaf9f9b789f9a3405f1904
+  data.tar.gz: 40e3ddf003ceaa3c2390f4112a9648eb8fca9357f287af74585531fdfc518047
 SHA512:
-  metadata.gz: 704669191732472bc40eb93ac8077e493392b0b149cf5a56df3e5c92dbeb9a7d9034795b258c60019cd6c6853f09d1721143db976f77498885bbecd023fc56f5
-  data.tar.gz: ffb31436a68b0b6ddaaa9fa086995952e8c84c47b1a0494ddaadcd8deae5976e2970fe8214efab3366ccb96f79f6e0f84984909549b72010a0eb1c6727922962
+  metadata.gz: 9ce075366b23fb423a85d72b845980d37e1c370dce89b72159973df33ebad843aec8b839d188fd90988fac0e307a6e60b51036eb5e05694e7a52e6a950c3b811
+  data.tar.gz: 0f7dbdcdcb82244e9d57792407ecc8a94f59862360959d6d5dc843ab3671497b650882e90b8b7cef804e755f4e415688a45923e6f12e7a7db3b0708e0a9f7d69

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.35.0 (2021-05-04)
+------------------
+
+* Feature - This release adds the KeyStorageSecurityStandard parameter to the CreateCertificateAuthority API to allow customers to mandate a security standard to which the CA key will be stored within.
+
 1.34.0 (2021-03-10)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.34.0
+1.35.0

data/lib/aws-sdk-acmpca.rb

@@ -49,6 +49,6 @@ require_relative 'aws-sdk-acmpca/customizations'
 # @!group service
 module Aws::ACMPCA
 
-  GEM_VERSION = '1.34.0'
+  GEM_VERSION = '1.35.0'
 
 end

data/lib/aws-sdk-acmpca/client.rb

@@ -350,7 +350,7 @@ module Aws::ACMPCA
     # successful, this action returns the Amazon Resource Name (ARN) of the
     # CA.
     #
-    # ACM Private CAA assets that are stored in Amazon S3 can be protected
+    # ACM Private CA assets that are stored in Amazon S3 can be protected
     # with encryption. For more information, see [Encrypting Your CRLs][1].
     #
     # <note markdown="1"> Both PCA and the IAM principal must have permission to write to the S3
@@ -394,6 +394,19 @@ module Aws::ACMPCA
     #   one. If you change the idempotency token for each call, PCA recognizes
     #   that you are requesting multiple certificate authorities.
     #
+    # @option params [String] :key_storage_security_standard
+    #   Specifies a cryptographic key management compliance standard used for
+    #   handling CA keys.
+    #
+    #   Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER
+    #
+    #   Note: AWS Region ap-northeast-3 supports only
+    #   FIPS\_140\_2\_LEVEL\_2\_OR\_HIGHER. You must explicitly specify this
+    #   parameter and value when creating a CA in that Region. Specifying a
+    #   different value (or no value) results in an `InvalidArgsException`
+    #   with the message "A certificate authority cannot be created in this
+    #   region with the specified security standard."
+    #
     # @option params [Array<Types::Tag>] :tags
     #   Key-value pairs that will be attached to the new private CA. You can
     #   associate up to 50 tags with a private CA. For information using tags
@@ -493,6 +506,7 @@ module Aws::ACMPCA
     #     },
     #     certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE
     #     idempotency_token: "IdempotencyToken",
+    #     key_storage_security_standard: "FIPS_140_2_LEVEL_2_OR_HIGHER", # accepts FIPS_140_2_LEVEL_2_OR_HIGHER, FIPS_140_2_LEVEL_3_OR_HIGHER
     #     tags: [
     #       {
     #         key: "TagKey", # required
@@ -526,7 +540,7 @@ module Aws::ACMPCA
     #
     #  </note>
     #
-    # ACM Private CAA assets that are stored in Amazon S3 can be protected
+    # ACM Private CA assets that are stored in Amazon S3 can be protected
     # with encryption. For more information, see [Encrypting Your Audit
     # Reports][4].
     #
@@ -983,6 +997,7 @@ module Aws::ACMPCA
     #   resp.certificate_authority.revocation_configuration.crl_configuration.custom_cname #=> String
     #   resp.certificate_authority.revocation_configuration.crl_configuration.s3_bucket_name #=> String
     #   resp.certificate_authority.restorable_until #=> Time
+    #   resp.certificate_authority.key_storage_security_standard #=> String, one of "FIPS_140_2_LEVEL_2_OR_HIGHER", "FIPS_140_2_LEVEL_3_OR_HIGHER"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthority AWS API Documentation
     #
@@ -1440,11 +1455,12 @@ module Aws::ACMPCA
     #
     #   If conflicting or duplicate certificate information is supplied during
     #   certificate issuance, ACM Private CA applies [order of operation
-    #   rules](xxxxx) to determine what information is used.
+    #   rules][2] to determine what information is used.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
+    #   [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
     #
     # @option params [required, String] :certificate_authority_arn
     #   The Amazon Resource Name (ARN) that was returned when you called
@@ -1786,6 +1802,7 @@ module Aws::ACMPCA
     #   resp.certificate_authorities[0].revocation_configuration.crl_configuration.custom_cname #=> String
     #   resp.certificate_authorities[0].revocation_configuration.crl_configuration.s3_bucket_name #=> String
     #   resp.certificate_authorities[0].restorable_until #=> Time
+    #   resp.certificate_authorities[0].key_storage_security_standard #=> String, one of "FIPS_140_2_LEVEL_2_OR_HIGHER", "FIPS_140_2_LEVEL_3_OR_HIGHER"
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthorities AWS API Documentation
@@ -2339,7 +2356,7 @@ module Aws::ACMPCA
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-acmpca'
-      context[:gem_version] = '1.34.0'
+      context[:gem_version] = '1.35.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-acmpca/client_api.rb

@@ -88,6 +88,7 @@ module Aws::ACMPCA
     IssueCertificateRequest = Shapes::StructureShape.new(name: 'IssueCertificateRequest')
     IssueCertificateResponse = Shapes::StructureShape.new(name: 'IssueCertificateResponse')
     KeyAlgorithm = Shapes::StringShape.new(name: 'KeyAlgorithm')
+    KeyStorageSecurityStandard = Shapes::StringShape.new(name: 'KeyStorageSecurityStandard')
     KeyUsage = Shapes::StructureShape.new(name: 'KeyUsage')
     LimitExceededException = Shapes::StructureShape.new(name: 'LimitExceededException')
     ListCertificateAuthoritiesRequest = Shapes::StructureShape.new(name: 'ListCertificateAuthoritiesRequest')
@@ -196,6 +197,7 @@ module Aws::ACMPCA
     CertificateAuthority.add_member(:certificate_authority_configuration, Shapes::ShapeRef.new(shape: CertificateAuthorityConfiguration, location_name: "CertificateAuthorityConfiguration"))
     CertificateAuthority.add_member(:revocation_configuration, Shapes::ShapeRef.new(shape: RevocationConfiguration, location_name: "RevocationConfiguration"))
     CertificateAuthority.add_member(:restorable_until, Shapes::ShapeRef.new(shape: TStamp, location_name: "RestorableUntil"))
+    CertificateAuthority.add_member(:key_storage_security_standard, Shapes::ShapeRef.new(shape: KeyStorageSecurityStandard, location_name: "KeyStorageSecurityStandard"))
     CertificateAuthority.struct_class = Types::CertificateAuthority
 
     CertificateAuthorityConfiguration.add_member(:key_algorithm, Shapes::ShapeRef.new(shape: KeyAlgorithm, required: true, location_name: "KeyAlgorithm"))
@@ -225,6 +227,7 @@ module Aws::ACMPCA
     CreateCertificateAuthorityRequest.add_member(:revocation_configuration, Shapes::ShapeRef.new(shape: RevocationConfiguration, location_name: "RevocationConfiguration"))
     CreateCertificateAuthorityRequest.add_member(:certificate_authority_type, Shapes::ShapeRef.new(shape: CertificateAuthorityType, required: true, location_name: "CertificateAuthorityType"))
     CreateCertificateAuthorityRequest.add_member(:idempotency_token, Shapes::ShapeRef.new(shape: IdempotencyToken, location_name: "IdempotencyToken"))
+    CreateCertificateAuthorityRequest.add_member(:key_storage_security_standard, Shapes::ShapeRef.new(shape: KeyStorageSecurityStandard, location_name: "KeyStorageSecurityStandard"))
     CreateCertificateAuthorityRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
     CreateCertificateAuthorityRequest.struct_class = Types::CreateCertificateAuthorityRequest
 

data/lib/aws-sdk-acmpca/types.rb

@@ -236,8 +236,12 @@ module Aws::ACMPCA
     # variant must be selected, or else this parameter is ignored.
     #
     # If conflicting or duplicate certificate information is supplied from
-    # other sources, ACM Private CA applies [order of operation
-    # rules](xxxxx) to determine what information is used.
+    # other sources, ACM Private CA applies [order of operation rules][1] to
+    # determine what information is used.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
     #
     # @note When making an API call, you may pass ApiPassthrough
     #   data as a hash:
@@ -428,6 +432,20 @@ module Aws::ACMPCA
     #   [1]: https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthorityRequest.html
     #   @return [Time]
     #
+    # @!attribute [rw] key_storage_security_standard
+    #   Defines a cryptographic key management compliance standard used for
+    #   handling CA keys.
+    #
+    #   Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER
+    #
+    #   Note: AWS Region ap-northeast-3 supports only
+    #   FIPS\_140\_2\_LEVEL\_2\_OR\_HIGHER. You must explicitly specify this
+    #   parameter and value when creating a CA in that Region. Specifying a
+    #   different value (or no value) results in an `InvalidArgsException`
+    #   with the message "A certificate authority cannot be created in this
+    #   region with the specified security standard."
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CertificateAuthority AWS API Documentation
     #
     class CertificateAuthority < Struct.new(
@@ -443,7 +461,8 @@ module Aws::ACMPCA
       :failure_reason,
       :certificate_authority_configuration,
       :revocation_configuration,
-      :restorable_until)
+      :restorable_until,
+      :key_storage_security_standard)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -739,6 +758,7 @@ module Aws::ACMPCA
     #         },
     #         certificate_authority_type: "ROOT", # required, accepts ROOT, SUBORDINATE
     #         idempotency_token: "IdempotencyToken",
+    #         key_storage_security_standard: "FIPS_140_2_LEVEL_2_OR_HIGHER", # accepts FIPS_140_2_LEVEL_2_OR_HIGHER, FIPS_140_2_LEVEL_3_OR_HIGHER
     #         tags: [
     #           {
     #             key: "TagKey", # required
@@ -781,6 +801,20 @@ module Aws::ACMPCA
     #   authorities.
     #   @return [String]
     #
+    # @!attribute [rw] key_storage_security_standard
+    #   Specifies a cryptographic key management compliance standard used
+    #   for handling CA keys.
+    #
+    #   Default: FIPS\_140\_2\_LEVEL\_3\_OR\_HIGHER
+    #
+    #   Note: AWS Region ap-northeast-3 supports only
+    #   FIPS\_140\_2\_LEVEL\_2\_OR\_HIGHER. You must explicitly specify this
+    #   parameter and value when creating a CA in that Region. Specifying a
+    #   different value (or no value) results in an `InvalidArgsException`
+    #   with the message "A certificate authority cannot be created in this
+    #   region with the specified security standard."
+    #   @return [String]
+    #
     # @!attribute [rw] tags
     #   Key-value pairs that will be attached to the new private CA. You can
     #   associate up to 50 tags with a private CA. For information using
@@ -799,6 +833,7 @@ module Aws::ACMPCA
       :revocation_configuration,
       :certificate_authority_type,
       :idempotency_token,
+      :key_storage_security_standard,
       :tags)
       SENSITIVE = []
       include Aws::Structure
@@ -880,7 +915,7 @@ module Aws::ACMPCA
     # Points** extension of each certificate it issues. Your S3 bucket
     # policy must give write permission to ACM Private CA.
     #
-    # ACM Private CAA assets that are stored in Amazon S3 can be protected
+    # ACM Private CA assets that are stored in Amazon S3 can be protected
     # with encryption. For more information, see [Encrypting Your CRLs][1].
     #
     # Your private CA uses the value in the **ExpirationInDays** parameter
@@ -2014,11 +2049,12 @@ module Aws::ACMPCA
     #
     #   If conflicting or duplicate certificate information is supplied
     #   during certificate issuance, ACM Private CA applies [order of
-    #   operation rules](xxxxx) to determine what information is used.
+    #   operation rules][2] to determine what information is used.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html
+    #   [2]: https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html#template-order-of-operations
     #   @return [Types::ApiPassthrough]
     #
     # @!attribute [rw] certificate_authority_arn

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-acmpca
 version: !ruby/object:Gem::Version
-  version: 1.34.0
+  version: 1.35.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-10 00:00:00.000000000 Z
+date: 2021-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -67,8 +67,8 @@ homepage: https://github.com/aws/aws-sdk-ruby
 licenses:
 - Apache-2.0
 metadata:
-  source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-acmpca
-  changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/master/gems/aws-sdk-acmpca/CHANGELOG.md
+  source_code_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-acmpca
+  changelog_uri: https://github.com/aws/aws-sdk-ruby/tree/version-3/gems/aws-sdk-acmpca/CHANGELOG.md
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -84,8 +84,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6.2
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: AWS SDK for Ruby - ACM-PCA