aws-sdk-acmpca 1.82.0 → 1.83.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: d40f57fc25730101a992c2e0e26fcf001ed1c9506415c54fe11291a503a089e9
4
- data.tar.gz: 372d4e963017b66b600b1ada6b89d31dad8c9483718c3a398958bddcb55b73d9
3
+ metadata.gz: 429a2f288f3039a5e94259084db9f6edfd66bf05f8d62e3b010789415b85d14c
4
+ data.tar.gz: 4f1db4c4fa17d89dfe292c2e4c55d6ff148285a56b94a1d0c11f4c90e9600f12
5
5
  SHA512:
6
- metadata.gz: f090474503debe116dacf72f2ee441b17e02f762b804559a8fe903dd7c505e62fd950a4270eda5af952ae7989f3ba61f8cf7efe1da7874a2b5d6ef87caf40164
7
- data.tar.gz: f228527bc2e52b6b06c991500a89b55a8e46aaff30309dd03bc487f797fcef08a195cd00e5642a3b0795eda6eda10e9edc21ac8042c0349ae26dc366291f133d
6
+ metadata.gz: 444541707b4c4feed78211ae44f27ec083ce4f442ad22cb025faa78615445b4e8aa0cc2bdc8e08ecb0d83dc6d4037ce9a8b92ceb93e4ef33ed803e2b27e8a4ee
7
+ data.tar.gz: db26b0a2861dd6572c1536b9474fcbc8b75106b1e24df37eddd67ca88e1db5dc06b4b577bca6fda868e720e63d34ac737cd96473bb73f414a8ae725cc2aa0739
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.83.0 (2024-10-10)
5
+ ------------------
6
+
7
+ * Feature - Documentation updates for AWS Private CA.
8
+
4
9
  1.82.0 (2024-09-24)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.82.0
1
+ 1.83.0
@@ -491,14 +491,14 @@ module Aws::ACMPCA
491
491
  # signing algorithm, and X.500 certificate subject information.
492
492
  #
493
493
  # @option params [Types::RevocationConfiguration] :revocation_configuration
494
- # Contains information to enable Online Certificate Status Protocol
495
- # (OCSP) support, to enable a certificate revocation list (CRL), to
496
- # enable both, or to enable neither. The default is for both certificate
497
- # validation mechanisms to be disabled.
494
+ # Contains information to enable support for Online Certificate Status
495
+ # Protocol (OCSP), certificate revocation list (CRL), both protocols, or
496
+ # neither. By default, both certificate validation mechanisms are
497
+ # disabled.
498
498
  #
499
- # <note markdown="1"> The following requirements apply to revocation configurations.
499
+ # The following requirements apply to revocation configurations.
500
500
  #
501
- # * A configuration disabling CRLs or OCSP must contain only the
501
+ # * A configuration disabling CRLs or OCSP must contain only the
502
502
  # `Enabled=False` parameter, and will fail if other parameters such as
503
503
  # `CustomCname` or `ExpirationInDays` are included.
504
504
  #
@@ -512,8 +512,6 @@ module Aws::ACMPCA
512
512
  # * In a CRL or OCSP configuration, the value of a CNAME parameter must
513
513
  # not include a protocol prefix such as "http://" or "https://".
514
514
  #
515
- # </note>
516
- #
517
515
  # For more information, see the [OcspConfiguration][3] and
518
516
  # [CrlConfiguration][4] types.
519
517
  #
@@ -713,17 +711,13 @@ module Aws::ACMPCA
713
711
  end
714
712
 
715
713
  # Creates an audit report that lists every time that your CA private key
716
- # is used. The report is saved in the Amazon S3 bucket that you specify
717
- # on input. The [IssueCertificate][1] and [RevokeCertificate][2] actions
718
- # use the private key.
719
- #
720
- # <note markdown="1"> Both Amazon Web Services Private CA and the IAM principal must have
721
- # permission to write to the S3 bucket that you specify. If the IAM
722
- # principal making the call does not have permission to write to the
723
- # bucket, then an exception is thrown. For more information, see [Access
724
- # policies for CRLs in Amazon S3][3].
714
+ # is used to issue a certificate. The [IssueCertificate][1] and
715
+ # [RevokeCertificate][2] actions use the private key.
725
716
  #
726
- # </note>
717
+ # To save the audit report to your designated Amazon S3 bucket, you must
718
+ # create a bucket policy that grants Amazon Web Services Private CA
719
+ # permission to access and write to it. For an example policy, see
720
+ # [Prepare an Amazon S3 bucket for audit reports][3].
727
721
  #
728
722
  # Amazon Web Services Private CA assets that are stored in Amazon S3 can
729
723
  # be protected with encryption. For more information, see [Encrypting
@@ -737,7 +731,7 @@ module Aws::ACMPCA
737
731
  #
738
732
  # [1]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_IssueCertificate.html
739
733
  # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_RevokeCertificate.html
740
- # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#s3-policies
734
+ # [3]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaAuditReport.html#s3-access
741
735
  # [4]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaAuditReport.html#audit-report-encryption
742
736
  #
743
737
  # @option params [required, String] :certificate_authority_arn
@@ -1549,44 +1543,46 @@ module Aws::ACMPCA
1549
1543
  # Amazon Web Services Private CA allows the following extensions to be
1550
1544
  # marked critical in the imported CA certificate or chain.
1551
1545
  #
1552
- # * Basic constraints (*must* be marked critical)
1546
+ # * Authority key identifier
1553
1547
  #
1554
- # * Subject alternative names
1548
+ # * Basic constraints (*must* be marked critical)
1555
1549
  #
1556
- # * Key usage
1550
+ # * Certificate policies
1557
1551
  #
1558
1552
  # * Extended key usage
1559
1553
  #
1560
- # * Authority key identifier
1561
- #
1562
- # * Subject key identifier
1554
+ # * Inhibit anyPolicy
1563
1555
  #
1564
1556
  # * Issuer alternative name
1565
1557
  #
1566
- # * Subject directory attributes
1567
- #
1568
- # * Subject information access
1558
+ # * Key usage
1569
1559
  #
1570
- # * Certificate policies
1560
+ # * Name constraints
1571
1561
  #
1572
1562
  # * Policy mappings
1573
1563
  #
1574
- # * Inhibit anyPolicy
1564
+ # * Subject alternative name
1575
1565
  #
1576
- # Amazon Web Services Private CA rejects the following extensions when
1577
- # they are marked critical in an imported CA certificate or chain.
1566
+ # * Subject directory attributes
1578
1567
  #
1579
- # * Name constraints
1568
+ # * Subject key identifier
1580
1569
  #
1581
- # * Policy constraints
1570
+ # * Subject information access
1582
1571
  #
1583
- # * CRL distribution points
1572
+ # Amazon Web Services Private CA rejects the following extensions when
1573
+ # they are marked critical in an imported CA certificate or chain.
1584
1574
  #
1585
1575
  # * Authority information access
1586
1576
  #
1577
+ # * CRL distribution points
1578
+ #
1587
1579
  # * Freshest CRL
1588
1580
  #
1589
- # * Any other extension
1581
+ # * Policy constraints
1582
+ #
1583
+ # Amazon Web Services Private Certificate Authority will also reject any
1584
+ # other extension marked as critical not contained on the preceding list
1585
+ # of allowed extensions.
1590
1586
  #
1591
1587
  #
1592
1588
  #
@@ -2572,15 +2568,15 @@ module Aws::ACMPCA
2572
2568
  # `
2573
2569
  #
2574
2570
  # @option params [Types::RevocationConfiguration] :revocation_configuration
2575
- # Contains information to enable Online Certificate Status Protocol
2576
- # (OCSP) support, to enable a certificate revocation list (CRL), to
2577
- # enable both, or to enable neither. If this parameter is not supplied,
2578
- # existing capibilites remain unchanged. For more information, see the
2579
- # [OcspConfiguration][1] and [CrlConfiguration][2] types.
2571
+ # Contains information to enable support for Online Certificate Status
2572
+ # Protocol (OCSP), certificate revocation list (CRL), both protocols, or
2573
+ # neither. If you don't supply this parameter, existing capibilites
2574
+ # remain unchanged. For more information, see the [OcspConfiguration][1]
2575
+ # and [CrlConfiguration][2] types.
2580
2576
  #
2581
- # <note markdown="1"> The following requirements apply to revocation configurations.
2577
+ # The following requirements apply to revocation configurations.
2582
2578
  #
2583
- # * A configuration disabling CRLs or OCSP must contain only the
2579
+ # * A configuration disabling CRLs or OCSP must contain only the
2584
2580
  # `Enabled=False` parameter, and will fail if other parameters such as
2585
2581
  # `CustomCname` or `ExpirationInDays` are included.
2586
2582
  #
@@ -2594,7 +2590,17 @@ module Aws::ACMPCA
2594
2590
  # * In a CRL or OCSP configuration, the value of a CNAME parameter must
2595
2591
  # not include a protocol prefix such as "http://" or "https://".
2596
2592
  #
2597
- # </note>
2593
+ # If you update the `S3BucketName` of [CrlConfiguration][2], you can
2594
+ # break revocation for existing certificates. In other words, if you
2595
+ # call [UpdateCertificateAuthority][5] to update the CRL
2596
+ # configuration's S3 bucket name, Amazon Web Services Private CA only
2597
+ # writes CRLs to the new S3 bucket. Certificates issued prior to this
2598
+ # point will have the old S3 bucket name in your CRL Distribution Point
2599
+ # (CDP) extension, essentially breaking revocation. If you must update
2600
+ # the S3 bucket, you'll need to reissue old certificates to keep the
2601
+ # revocation working. Alternatively, you can use a [CustomCname][6] in
2602
+ # your CRL configuration if you might need to change the S3 bucket name
2603
+ # in the future.
2598
2604
  #
2599
2605
  #
2600
2606
  #
@@ -2602,6 +2608,8 @@ module Aws::ACMPCA
2602
2608
  # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
2603
2609
  # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
2604
2610
  # [4]: https://www.ietf.org/rfc/rfc2396.txt
2611
+ # [5]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
2612
+ # [6]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html#privateca-Type-CrlConfiguration-CustomCname
2605
2613
  #
2606
2614
  # @option params [String] :status
2607
2615
  # Status of your private CA.
@@ -2658,7 +2666,7 @@ module Aws::ACMPCA
2658
2666
  tracer: tracer
2659
2667
  )
2660
2668
  context[:gem_name] = 'aws-sdk-acmpca'
2661
- context[:gem_version] = '1.82.0'
2669
+ context[:gem_version] = '1.83.0'
2662
2670
  Seahorse::Client::Request.new(handlers, context)
2663
2671
  end
2664
2672
 
@@ -466,14 +466,14 @@ module Aws::ACMPCA
466
466
  # @return [Types::CertificateAuthorityConfiguration]
467
467
  #
468
468
  # @!attribute [rw] revocation_configuration
469
- # Contains information to enable Online Certificate Status Protocol
470
- # (OCSP) support, to enable a certificate revocation list (CRL), to
471
- # enable both, or to enable neither. The default is for both
472
- # certificate validation mechanisms to be disabled.
469
+ # Contains information to enable support for Online Certificate Status
470
+ # Protocol (OCSP), certificate revocation list (CRL), both protocols,
471
+ # or neither. By default, both certificate validation mechanisms are
472
+ # disabled.
473
473
  #
474
- # <note markdown="1"> The following requirements apply to revocation configurations.
474
+ # The following requirements apply to revocation configurations.
475
475
  #
476
- # * A configuration disabling CRLs or OCSP must contain only the
476
+ # * A configuration disabling CRLs or OCSP must contain only the
477
477
  # `Enabled=False` parameter, and will fail if other parameters such
478
478
  # as `CustomCname` or `ExpirationInDays` are included.
479
479
  #
@@ -488,8 +488,6 @@ module Aws::ACMPCA
488
488
  # must not include a protocol prefix such as "http://" or
489
489
  # "https://".
490
490
  #
491
- # </note>
492
- #
493
491
  # For more information, see the [OcspConfiguration][3] and
494
492
  # [CrlConfiguration][4] types.
495
493
  #
@@ -2518,16 +2516,15 @@ module Aws::ACMPCA
2518
2516
  # @return [String]
2519
2517
  #
2520
2518
  # @!attribute [rw] revocation_configuration
2521
- # Contains information to enable Online Certificate Status Protocol
2522
- # (OCSP) support, to enable a certificate revocation list (CRL), to
2523
- # enable both, or to enable neither. If this parameter is not
2524
- # supplied, existing capibilites remain unchanged. For more
2525
- # information, see the [OcspConfiguration][1] and
2526
- # [CrlConfiguration][2] types.
2519
+ # Contains information to enable support for Online Certificate Status
2520
+ # Protocol (OCSP), certificate revocation list (CRL), both protocols,
2521
+ # or neither. If you don't supply this parameter, existing
2522
+ # capibilites remain unchanged. For more information, see the
2523
+ # [OcspConfiguration][1] and [CrlConfiguration][2] types.
2527
2524
  #
2528
- # <note markdown="1"> The following requirements apply to revocation configurations.
2525
+ # The following requirements apply to revocation configurations.
2529
2526
  #
2530
- # * A configuration disabling CRLs or OCSP must contain only the
2527
+ # * A configuration disabling CRLs or OCSP must contain only the
2531
2528
  # `Enabled=False` parameter, and will fail if other parameters such
2532
2529
  # as `CustomCname` or `ExpirationInDays` are included.
2533
2530
  #
@@ -2542,7 +2539,17 @@ module Aws::ACMPCA
2542
2539
  # must not include a protocol prefix such as "http://" or
2543
2540
  # "https://".
2544
2541
  #
2545
- # </note>
2542
+ # If you update the `S3BucketName` of [CrlConfiguration][2], you can
2543
+ # break revocation for existing certificates. In other words, if you
2544
+ # call [UpdateCertificateAuthority][5] to update the CRL
2545
+ # configuration's S3 bucket name, Amazon Web Services Private CA only
2546
+ # writes CRLs to the new S3 bucket. Certificates issued prior to this
2547
+ # point will have the old S3 bucket name in your CRL Distribution
2548
+ # Point (CDP) extension, essentially breaking revocation. If you must
2549
+ # update the S3 bucket, you'll need to reissue old certificates to
2550
+ # keep the revocation working. Alternatively, you can use a
2551
+ # [CustomCname][6] in your CRL configuration if you might need to
2552
+ # change the S3 bucket name in the future.
2546
2553
  #
2547
2554
  #
2548
2555
  #
@@ -2550,6 +2557,8 @@ module Aws::ACMPCA
2550
2557
  # [2]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html
2551
2558
  # [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
2552
2559
  # [4]: https://www.ietf.org/rfc/rfc2396.txt
2560
+ # [5]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html
2561
+ # [6]: https://docs.aws.amazon.com/privateca/latest/APIReference/API_CrlConfiguration.html#privateca-Type-CrlConfiguration-CustomCname
2553
2562
  # @return [Types::RevocationConfiguration]
2554
2563
  #
2555
2564
  # @!attribute [rw] status
@@ -55,7 +55,7 @@ module Aws::ACMPCA
55
55
  autoload :EndpointProvider, 'aws-sdk-acmpca/endpoint_provider'
56
56
  autoload :Endpoints, 'aws-sdk-acmpca/endpoints'
57
57
 
58
- GEM_VERSION = '1.82.0'
58
+ GEM_VERSION = '1.83.0'
59
59
 
60
60
  end
61
61
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-acmpca
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.82.0
4
+ version: 1.83.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-09-24 00:00:00.000000000 Z
11
+ date: 2024-10-10 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core