npm - @aws-sdk/client-acm-pca - Versions diffs - 3.28.0 → 3.32.0 - Mend

@aws-sdk/client-acm-pca 3.28.0 → 3.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/ACMPCA.ts +14 -7
package/ACMPCAClient.ts +10 -5
package/CHANGELOG.md +35 -0
package/README.md +10 -5
package/commands/CreateCertificateAuthorityCommand.ts +4 -2
package/dist/cjs/ACMPCA.js +10 -5
package/dist/cjs/ACMPCA.js.map +1 -1
package/dist/cjs/ACMPCAClient.js +10 -5
package/dist/cjs/ACMPCAClient.js.map +1 -1
package/dist/cjs/commands/CreateCertificateAuthorityCommand.js +4 -2
package/dist/cjs/commands/CreateCertificateAuthorityCommand.js.map +1 -1
package/dist/cjs/models/models_0.js +11 -2
package/dist/cjs/models/models_0.js.map +1 -1
package/dist/cjs/package.json +32 -32
package/dist/cjs/protocols/Aws_json1_1.js +28 -8
package/dist/cjs/protocols/Aws_json1_1.js.map +1 -1
package/dist/es/ACMPCA.js +10 -5
package/dist/es/ACMPCA.js.map +1 -1
package/dist/es/ACMPCAClient.js +10 -5
package/dist/es/ACMPCAClient.js.map +1 -1
package/dist/es/commands/CreateCertificateAuthorityCommand.js +4 -2
package/dist/es/commands/CreateCertificateAuthorityCommand.js.map +1 -1
package/dist/es/endpoints.js +1 -2
package/dist/es/endpoints.js.map +1 -1
package/dist/es/models/models_0.js +7 -0
package/dist/es/models/models_0.js.map +1 -1
package/dist/es/package.json +32 -32
package/dist/es/protocols/Aws_json1_1.js +26 -10
package/dist/es/protocols/Aws_json1_1.js.map +1 -1
package/dist/types/ACMPCA.d.ts +14 -7
package/dist/types/ACMPCAClient.d.ts +10 -5
package/dist/types/commands/CreateCertificateAuthorityCommand.d.ts +4 -2
package/dist/types/models/models_0.d.ts +72 -19
package/dist/types/ts3.4/ACMPCA.d.ts +14 -7
package/dist/types/ts3.4/ACMPCAClient.d.ts +10 -5
package/dist/types/ts3.4/commands/CreateCertificateAuthorityCommand.d.ts +4 -2
package/dist/types/ts3.4/models/models_0.d.ts +72 -19
package/models/models_0.ts +78 -19
package/package.json +32 -32
package/protocols/Aws_json1_1.ts +36 -9

package/dist/types/models/models_0.d.ts CHANGED Viewed

@@ -370,10 +370,17 @@ export declare enum S3ObjectAcl {
  * 		       <p>ACM Private CA assets that are stored in Amazon S3 can be protected with encryption.
  *   For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption">Encrypting Your
  * 			CRLs</a>.</p>
- * 		       <p>Your private CA uses the value in the <b>ExpirationInDays</b> parameter to calculate the <b>nextUpdate</b> field in the CRL. The CRL is refreshed at 1/2 the age of next
- * 			update or when a certificate is revoked. When a certificate is revoked, it is recorded
- * 			in the next CRL that is generated and in the next audit report. Only time valid
- * 			certificates are listed in the CRL. Expired certificates are not included. </p>
+ * 		       <p>Your private CA uses the value in the <b>ExpirationInDays</b>
+ * 			parameter to calculate the <b>nextUpdate</b> field in the CRL.
+ * 			The CRL is refreshed at 1/2 the age of next update or when a certificate is revoked.
+ * 			When a certificate is revoked, it is recorded in the next CRL that is generated and in
+ * 			the next audit report. Only time valid certificates are listed in the CRL. Expired
+ * 			certificates are not included.</p>
+ *
+ * 		       <p>A CRL is typically updated approximately 30 minutes after a certificate
+ * 	is revoked. If for any reason a CRL update fails, ACM Private CA makes further attempts
+ * 	every 15 minutes.</p>
+ *
  * 		       <p>CRLs contain the following fields:</p>
  * 		       <ul>
  *             <li>
@@ -465,6 +472,9 @@ export declare enum S3ObjectAcl {
  *             <code>openssl crl -inform DER -text -in <i>crl_path</i>
  * 			-noout</code>
  *          </p>
+ * 		       <p>For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html">Planning a certificate revocation list (CRL)</a>
+ * 			in the <i>AWS Certificate Manager Private Certificate Authority (PCA) User Guide</i>
+ *          </p>
  */
 export interface CrlConfiguration {
     /**
@@ -489,9 +499,8 @@ export interface CrlConfiguration {
      * <p>Name of the S3 bucket that contains the CRL. If you do not provide a value for the
      * 				<b>CustomCname</b> argument, the name of your S3 bucket
      * 			is placed into the <b>CRL Distribution Points</b> extension of
-     * 			the issued certificate. You can change the name of your bucket by calling the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> action. You must specify a
-     * 			<a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies">bucket policy</a> that
-     * 			allows ACM Private CA to write the CRL to your bucket.</p>
+     * 			the issued certificate. You can change the name of your bucket by calling the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> operation. You must specify a <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies">bucket
+     * 				policy</a> that allows ACM Private CA to write the CRL to your bucket.</p>
      */
     S3BucketName?: string;
     /**
@@ -519,17 +528,59 @@ export declare namespace CrlConfiguration {
      */
     const filterSensitiveLog: (obj: CrlConfiguration) => any;
 }
+/**
+ * <p>Contains information to enable and configure Online Certificate Status Protocol (OCSP) for
+ * 			validating certificate revocation status.</p>
+ * 		       <p>When you revoke a certificate, OCSP responses may take up to 60 minutes
+ * 	to reflect the new status.</p>
+ */
+export interface OcspConfiguration {
+    /**
+     * <p>Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating
+     * 			certificate revocation status.</p>
+     */
+    Enabled: boolean | undefined;
+    /**
+     * <p>By default, ACM Private CA injects an AWS domain into certificates being validated by the
+     * 			Online Certificate Status Protocol (OCSP). A customer can alternatively use this object
+     * 			to define a CNAME specifying a customized OCSP domain.</p>
+     * 		       <p>Note: The value of the CNAME must not include a protocol prefix such as "http://" or
+     * 			"https://".</p>
+     * 		       <p>For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/ocsp-customize.html">Customizing Online Certificate
+     * 			Status Protocol (OCSP) </a> in the <i>AWS Certificate Manager Private Certificate Authority (PCA) User
+     * 				Guide</i>.</p>
+     */
+    OcspCustomCname?: string;
+}
+export declare namespace OcspConfiguration {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: OcspConfiguration) => any;
+}
 /**
  * <p>Certificate revocation information used by the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html">CreateCertificateAuthority</a> and <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> actions. Your private certificate authority (CA)
- * 			can create and maintain a certificate revocation list (CRL). A CRL contains information
- * 			about certificates revoked by your CA. For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html">RevokeCertificate</a>.</p>
+ * 			can configure Online Certificate Status Protocol (OCSP) support and/or maintain a
+ * 			certificate revocation list (CRL). OCSP returns validation information about
+ * 			certificates as requested by clients, and a CRL contains an updated list of certificates
+ * 			revoked by your CA. For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html">RevokeCertificate</a> and <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/revocation-setup.html">Setting up a
+ * 				certificate revocation method</a> in the <i>AWS Certificate Manager Private Certificate Authority (PCA) User
+ * 				Guide</i>.</p>
  */
 export interface RevocationConfiguration {
     /**
-     * <p>Configuration of the certificate revocation list (CRL), if any, maintained by your
-     * 			private CA.</p>
+     * <p>Configuration of the certificate revocation list (CRL), if any, maintained by your private
+     * 			CA. A CRL is typically updated approximately 30 minutes after a certificate
+     * 	is revoked. If for any reason a CRL update fails, ACM Private CA makes further attempts
+     * 	every 15 minutes.</p>
      */
     CrlConfiguration?: CrlConfiguration;
+    /**
+     * <p>Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by
+     * 			your private CA. When you revoke a certificate, OCSP responses may take up to 60 minutes
+     * 	to reflect the new status.</p>
+     */
+    OcspConfiguration?: OcspConfiguration;
 }
 export declare namespace RevocationConfiguration {
     /**
@@ -566,11 +617,10 @@ export interface CreateCertificateAuthorityRequest {
      */
     CertificateAuthorityConfiguration: CertificateAuthorityConfiguration | undefined;
     /**
-     * <p>Contains a Boolean value that you can use to enable a certification revocation list
-     * 			(CRL) for the CA, the name of the S3 bucket to which ACM Private CA will write the CRL, and an
-     * 			optional CNAME alias that you can use to hide the name of your bucket in the <b>CRL Distribution Points</b> extension of your CA certificate. For
-     * 			more information, see the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html">CrlConfiguration</a> structure.
-     * 		</p>
+     * <p>Contains information to enable Online Certificate Status Protocol (OCSP) support,
+     * 			to enable a certificate revocation list (CRL), to enable both, or to enable neither. The
+     * 			default is for both certificate validation mechanisms to be disabled. For more
+     * 			information, see the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html">OcspConfiguration</a> and <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html">CrlConfiguration</a> types.</p>
      */
     RevocationConfiguration?: RevocationConfiguration;
     /**
@@ -1037,8 +1087,8 @@ export interface CertificateAuthority {
      */
     CertificateAuthorityConfiguration?: CertificateAuthorityConfiguration;
     /**
-     * <p>Information about the certificate revocation list (CRL) created and maintained by your
-     * 			private CA. </p>
+     * <p>Information about the Online Certificate Status Protocol (OCSP) configuration or
+     * 			certificate revocation list (CRL) created and maintained by your private CA. </p>
      */
     RevocationConfiguration?: RevocationConfiguration;
     /**
@@ -2067,7 +2117,10 @@ export interface UpdateCertificateAuthorityRequest {
      */
     CertificateAuthorityArn: string | undefined;
     /**
-     * <p>Revocation information for your private CA.</p>
+     * <p>Contains information to enable Online Certificate Status Protocol (OCSP) support,
+     * 			to enable a certificate revocation list (CRL), to enable both, or to enable neither. If
+     * 			this parameter is not supplied, existing capibilites remain unchanged. For more
+     * 			information, see the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html">OcspConfiguration</a> and <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html">CrlConfiguration</a> types.</p>
      */
     RevocationConfiguration?: RevocationConfiguration;
     /**

package/dist/types/ts3.4/ACMPCA.d.ts CHANGED Viewed

@@ -32,20 +32,27 @@ import { HttpHandlerOptions as __HttpHandlerOptions } from "@aws-sdk/types";
  * 			tailored to the programming language or platform that you're using. For more
  * 			information, see <a href="https://aws.amazon.com/tools/#SDKs">AWS
  * 			SDKs</a>.</p>
- * 		       <note>
- * 			         <p>Each ACM Private CA API action has a quota that determines the number of times the action
- * 				can be called per second. For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaLimits.html#PcaLimits-api">API Rate Quotas in ACM Private CA</a>
- * 				in the ACM Private CA user guide.</p>
- * 		       </note>
+ * 		       <p>Each ACM Private CA API operation has a quota that determines the number of times the operation
+ * 			can be called per second. ACM Private CA throttles API requests at different rates depending
+ * 			on the operation. Throttling means that ACM Private CA rejects an otherwise valid request
+ * 			because the request exceeds the operation's quota for the number of requests per second.
+ * 			When a request is throttled, ACM Private CA returns a <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/CommonErrors.html">ThrottlingException</a> error. ACM Private CA does not guarantee a minimum request
+ * 			rate for APIs. </p>
+ *
+ * 		       <p>To see an up-to-date list of your ACM Private CA quotas, or to request a quota increase,
+ * 			log into your AWS account and visit the <a href="https://console.aws.amazon.com/servicequotas/">Service Quotas</a>
+ * 			console.</p>
  */
 export declare class ACMPCA extends ACMPCAClient {
     /**
      * <p>Creates a root or subordinate private certificate authority (CA). You must specify the
-     * 			CA configuration, the certificate revocation list (CRL) configuration, the CA type, and
+     * 			CA configuration, an optional configuration for Online Certificate Status Protocol (OCSP)
+     * 			and/or a certificate revocation list (CRL), the CA type, and
      * 			an optional idempotency token to avoid accidental creation of multiple CAs. The CA
      * 			configuration specifies the name of the algorithm and key size to be used to create the
      * 			CA private key, the type of signing algorithm that the CA uses, and X.500 subject
-     * 			information. The CRL configuration specifies the CRL expiration period in days (the
+     * 			information. The OCSP configuration can optionally specify a custom URL for the OCSP responder.
+     * 			The CRL configuration specifies the CRL expiration period in days (the
      * 			validity period of the CRL), the Amazon S3 bucket that will contain the CRL, and a CNAME
      * 			alias for the S3 bucket that is included in certificates issued by the CA. If
      * 			successful, this action returns the Amazon Resource Name (ARN) of the CA.</p>

package/dist/types/ts3.4/ACMPCAClient.d.ts CHANGED Viewed

@@ -145,11 +145,16 @@ export interface ACMPCAClientResolvedConfig extends ACMPCAClientResolvedConfigTy
  * 			tailored to the programming language or platform that you're using. For more
  * 			information, see <a href="https://aws.amazon.com/tools/#SDKs">AWS
  * 			SDKs</a>.</p>
- * 		       <note>
- * 			         <p>Each ACM Private CA API action has a quota that determines the number of times the action
- * 				can be called per second. For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaLimits.html#PcaLimits-api">API Rate Quotas in ACM Private CA</a>
- * 				in the ACM Private CA user guide.</p>
- * 		       </note>
+ * 		       <p>Each ACM Private CA API operation has a quota that determines the number of times the operation
+ * 			can be called per second. ACM Private CA throttles API requests at different rates depending
+ * 			on the operation. Throttling means that ACM Private CA rejects an otherwise valid request
+ * 			because the request exceeds the operation's quota for the number of requests per second.
+ * 			When a request is throttled, ACM Private CA returns a <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/CommonErrors.html">ThrottlingException</a> error. ACM Private CA does not guarantee a minimum request
+ * 			rate for APIs. </p>
+ *
+ * 		       <p>To see an up-to-date list of your ACM Private CA quotas, or to request a quota increase,
+ * 			log into your AWS account and visit the <a href="https://console.aws.amazon.com/servicequotas/">Service Quotas</a>
+ * 			console.</p>
  */
 export declare class ACMPCAClient extends __Client<__HttpHandlerOptions, ServiceInputTypes, ServiceOutputTypes, ACMPCAClientResolvedConfig> {
     /**

package/dist/types/ts3.4/commands/CreateCertificateAuthorityCommand.d.ts CHANGED Viewed

@@ -8,11 +8,13 @@ export interface CreateCertificateAuthorityCommandOutput extends CreateCertifica
 }
 /**
  * <p>Creates a root or subordinate private certificate authority (CA). You must specify the
- * 			CA configuration, the certificate revocation list (CRL) configuration, the CA type, and
+ * 			CA configuration, an optional configuration for Online Certificate Status Protocol (OCSP)
+ * 			and/or a certificate revocation list (CRL), the CA type, and
  * 			an optional idempotency token to avoid accidental creation of multiple CAs. The CA
  * 			configuration specifies the name of the algorithm and key size to be used to create the
  * 			CA private key, the type of signing algorithm that the CA uses, and X.500 subject
- * 			information. The CRL configuration specifies the CRL expiration period in days (the
+ * 			information. The OCSP configuration can optionally specify a custom URL for the OCSP responder.
+ * 			The CRL configuration specifies the CRL expiration period in days (the
  * 			validity period of the CRL), the Amazon S3 bucket that will contain the CRL, and a CNAME
  * 			alias for the S3 bucket that is included in certificates issued by the CA. If
  * 			successful, this action returns the Amazon Resource Name (ARN) of the CA.</p>

package/dist/types/ts3.4/models/models_0.d.ts CHANGED Viewed

@@ -370,10 +370,17 @@ export declare enum S3ObjectAcl {
  * 		       <p>ACM Private CA assets that are stored in Amazon S3 can be protected with encryption.
  *   For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption">Encrypting Your
  * 			CRLs</a>.</p>
- * 		       <p>Your private CA uses the value in the <b>ExpirationInDays</b> parameter to calculate the <b>nextUpdate</b> field in the CRL. The CRL is refreshed at 1/2 the age of next
- * 			update or when a certificate is revoked. When a certificate is revoked, it is recorded
- * 			in the next CRL that is generated and in the next audit report. Only time valid
- * 			certificates are listed in the CRL. Expired certificates are not included. </p>
+ * 		       <p>Your private CA uses the value in the <b>ExpirationInDays</b>
+ * 			parameter to calculate the <b>nextUpdate</b> field in the CRL.
+ * 			The CRL is refreshed at 1/2 the age of next update or when a certificate is revoked.
+ * 			When a certificate is revoked, it is recorded in the next CRL that is generated and in
+ * 			the next audit report. Only time valid certificates are listed in the CRL. Expired
+ * 			certificates are not included.</p>
+ *
+ * 		       <p>A CRL is typically updated approximately 30 minutes after a certificate
+ * 	is revoked. If for any reason a CRL update fails, ACM Private CA makes further attempts
+ * 	every 15 minutes.</p>
+ *
  * 		       <p>CRLs contain the following fields:</p>
  * 		       <ul>
  *             <li>
@@ -465,6 +472,9 @@ export declare enum S3ObjectAcl {
  *             <code>openssl crl -inform DER -text -in <i>crl_path</i>
  * 			-noout</code>
  *          </p>
+ * 		       <p>For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html">Planning a certificate revocation list (CRL)</a>
+ * 			in the <i>AWS Certificate Manager Private Certificate Authority (PCA) User Guide</i>
+ *          </p>
  */
 export interface CrlConfiguration {
     /**
@@ -489,9 +499,8 @@ export interface CrlConfiguration {
      * <p>Name of the S3 bucket that contains the CRL. If you do not provide a value for the
      * 				<b>CustomCname</b> argument, the name of your S3 bucket
      * 			is placed into the <b>CRL Distribution Points</b> extension of
-     * 			the issued certificate. You can change the name of your bucket by calling the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> action. You must specify a
-     * 			<a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies">bucket policy</a> that
-     * 			allows ACM Private CA to write the CRL to your bucket.</p>
+     * 			the issued certificate. You can change the name of your bucket by calling the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> operation. You must specify a <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies">bucket
+     * 				policy</a> that allows ACM Private CA to write the CRL to your bucket.</p>
      */
     S3BucketName?: string;
     /**
@@ -519,17 +528,59 @@ export declare namespace CrlConfiguration {
      */
     const filterSensitiveLog: (obj: CrlConfiguration) => any;
 }
+/**
+ * <p>Contains information to enable and configure Online Certificate Status Protocol (OCSP) for
+ * 			validating certificate revocation status.</p>
+ * 		       <p>When you revoke a certificate, OCSP responses may take up to 60 minutes
+ * 	to reflect the new status.</p>
+ */
+export interface OcspConfiguration {
+    /**
+     * <p>Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating
+     * 			certificate revocation status.</p>
+     */
+    Enabled: boolean | undefined;
+    /**
+     * <p>By default, ACM Private CA injects an AWS domain into certificates being validated by the
+     * 			Online Certificate Status Protocol (OCSP). A customer can alternatively use this object
+     * 			to define a CNAME specifying a customized OCSP domain.</p>
+     * 		       <p>Note: The value of the CNAME must not include a protocol prefix such as "http://" or
+     * 			"https://".</p>
+     * 		       <p>For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/ocsp-customize.html">Customizing Online Certificate
+     * 			Status Protocol (OCSP) </a> in the <i>AWS Certificate Manager Private Certificate Authority (PCA) User
+     * 				Guide</i>.</p>
+     */
+    OcspCustomCname?: string;
+}
+export declare namespace OcspConfiguration {
+    /**
+     * @internal
+     */
+    const filterSensitiveLog: (obj: OcspConfiguration) => any;
+}
 /**
  * <p>Certificate revocation information used by the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html">CreateCertificateAuthority</a> and <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> actions. Your private certificate authority (CA)
- * 			can create and maintain a certificate revocation list (CRL). A CRL contains information
- * 			about certificates revoked by your CA. For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html">RevokeCertificate</a>.</p>
+ * 			can configure Online Certificate Status Protocol (OCSP) support and/or maintain a
+ * 			certificate revocation list (CRL). OCSP returns validation information about
+ * 			certificates as requested by clients, and a CRL contains an updated list of certificates
+ * 			revoked by your CA. For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html">RevokeCertificate</a> and <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/revocation-setup.html">Setting up a
+ * 				certificate revocation method</a> in the <i>AWS Certificate Manager Private Certificate Authority (PCA) User
+ * 				Guide</i>.</p>
  */
 export interface RevocationConfiguration {
     /**
-     * <p>Configuration of the certificate revocation list (CRL), if any, maintained by your
-     * 			private CA.</p>
+     * <p>Configuration of the certificate revocation list (CRL), if any, maintained by your private
+     * 			CA. A CRL is typically updated approximately 30 minutes after a certificate
+     * 	is revoked. If for any reason a CRL update fails, ACM Private CA makes further attempts
+     * 	every 15 minutes.</p>
      */
     CrlConfiguration?: CrlConfiguration;
+    /**
+     * <p>Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by
+     * 			your private CA. When you revoke a certificate, OCSP responses may take up to 60 minutes
+     * 	to reflect the new status.</p>
+     */
+    OcspConfiguration?: OcspConfiguration;
 }
 export declare namespace RevocationConfiguration {
     /**
@@ -566,11 +617,10 @@ export interface CreateCertificateAuthorityRequest {
      */
     CertificateAuthorityConfiguration: CertificateAuthorityConfiguration | undefined;
     /**
-     * <p>Contains a Boolean value that you can use to enable a certification revocation list
-     * 			(CRL) for the CA, the name of the S3 bucket to which ACM Private CA will write the CRL, and an
-     * 			optional CNAME alias that you can use to hide the name of your bucket in the <b>CRL Distribution Points</b> extension of your CA certificate. For
-     * 			more information, see the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html">CrlConfiguration</a> structure.
-     * 		</p>
+     * <p>Contains information to enable Online Certificate Status Protocol (OCSP) support,
+     * 			to enable a certificate revocation list (CRL), to enable both, or to enable neither. The
+     * 			default is for both certificate validation mechanisms to be disabled. For more
+     * 			information, see the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html">OcspConfiguration</a> and <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html">CrlConfiguration</a> types.</p>
      */
     RevocationConfiguration?: RevocationConfiguration;
     /**
@@ -1037,8 +1087,8 @@ export interface CertificateAuthority {
      */
     CertificateAuthorityConfiguration?: CertificateAuthorityConfiguration;
     /**
-     * <p>Information about the certificate revocation list (CRL) created and maintained by your
-     * 			private CA. </p>
+     * <p>Information about the Online Certificate Status Protocol (OCSP) configuration or
+     * 			certificate revocation list (CRL) created and maintained by your private CA. </p>
      */
     RevocationConfiguration?: RevocationConfiguration;
     /**
@@ -2067,7 +2117,10 @@ export interface UpdateCertificateAuthorityRequest {
      */
     CertificateAuthorityArn: string | undefined;
     /**
-     * <p>Revocation information for your private CA.</p>
+     * <p>Contains information to enable Online Certificate Status Protocol (OCSP) support,
+     * 			to enable a certificate revocation list (CRL), to enable both, or to enable neither. If
+     * 			this parameter is not supplied, existing capibilites remain unchanged. For more
+     * 			information, see the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html">OcspConfiguration</a> and <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html">CrlConfiguration</a> types.</p>
      */
     RevocationConfiguration?: RevocationConfiguration;
     /**

package/models/models_0.ts CHANGED Viewed

@@ -449,10 +449,17 @@ export enum S3ObjectAcl {
  * 		       <p>ACM Private CA assets that are stored in Amazon S3 can be protected with encryption.
  *   For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption">Encrypting Your
  * 			CRLs</a>.</p>
- * 		       <p>Your private CA uses the value in the <b>ExpirationInDays</b> parameter to calculate the <b>nextUpdate</b> field in the CRL. The CRL is refreshed at 1/2 the age of next
- * 			update or when a certificate is revoked. When a certificate is revoked, it is recorded
- * 			in the next CRL that is generated and in the next audit report. Only time valid
- * 			certificates are listed in the CRL. Expired certificates are not included. </p>
+ * 		       <p>Your private CA uses the value in the <b>ExpirationInDays</b>
+ * 			parameter to calculate the <b>nextUpdate</b> field in the CRL.
+ * 			The CRL is refreshed at 1/2 the age of next update or when a certificate is revoked.
+ * 			When a certificate is revoked, it is recorded in the next CRL that is generated and in
+ * 			the next audit report. Only time valid certificates are listed in the CRL. Expired
+ * 			certificates are not included.</p>
+ *
+ * 		       <p>A CRL is typically updated approximately 30 minutes after a certificate
+ * 	is revoked. If for any reason a CRL update fails, ACM Private CA makes further attempts
+ * 	every 15 minutes.</p>
+ *
  * 		       <p>CRLs contain the following fields:</p>
  * 		       <ul>
  *             <li>
@@ -544,6 +551,9 @@ export enum S3ObjectAcl {
  *             <code>openssl crl -inform DER -text -in <i>crl_path</i>
  * 			-noout</code>
  *          </p>
+ * 		       <p>For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/crl-planning.html">Planning a certificate revocation list (CRL)</a>
+ * 			in the <i>AWS Certificate Manager Private Certificate Authority (PCA) User Guide</i>
+ *          </p>
  */
 export interface CrlConfiguration {
   /**
@@ -571,9 +581,8 @@ export interface CrlConfiguration {
    * <p>Name of the S3 bucket that contains the CRL. If you do not provide a value for the
    * 				<b>CustomCname</b> argument, the name of your S3 bucket
    * 			is placed into the <b>CRL Distribution Points</b> extension of
-   * 			the issued certificate. You can change the name of your bucket by calling the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> action. You must specify a
-   * 			<a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies">bucket policy</a> that
-   * 			allows ACM Private CA to write the CRL to your bucket.</p>
+   * 			the issued certificate. You can change the name of your bucket by calling the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> operation. You must specify a <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#s3-policies">bucket
+   * 				policy</a> that allows ACM Private CA to write the CRL to your bucket.</p>
    */
   S3BucketName?: string;
@@ -606,17 +615,65 @@ export namespace CrlConfiguration {
   });
 }
+/**
+ * <p>Contains information to enable and configure Online Certificate Status Protocol (OCSP) for
+ * 			validating certificate revocation status.</p>
+ * 		       <p>When you revoke a certificate, OCSP responses may take up to 60 minutes
+ * 	to reflect the new status.</p>
+ */
+export interface OcspConfiguration {
+  /**
+   * <p>Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating
+   * 			certificate revocation status.</p>
+   */
+  Enabled: boolean | undefined;
+  /**
+   * <p>By default, ACM Private CA injects an AWS domain into certificates being validated by the
+   * 			Online Certificate Status Protocol (OCSP). A customer can alternatively use this object
+   * 			to define a CNAME specifying a customized OCSP domain.</p>
+   * 		       <p>Note: The value of the CNAME must not include a protocol prefix such as "http://" or
+   * 			"https://".</p>
+   * 		       <p>For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/ocsp-customize.html">Customizing Online Certificate
+   * 			Status Protocol (OCSP) </a> in the <i>AWS Certificate Manager Private Certificate Authority (PCA) User
+   * 				Guide</i>.</p>
+   */
+  OcspCustomCname?: string;
+}
+export namespace OcspConfiguration {
+  /**
+   * @internal
+   */
+  export const filterSensitiveLog = (obj: OcspConfiguration): any => ({
+    ...obj,
+  });
+}
 /**
  * <p>Certificate revocation information used by the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html">CreateCertificateAuthority</a> and <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> actions. Your private certificate authority (CA)
- * 			can create and maintain a certificate revocation list (CRL). A CRL contains information
- * 			about certificates revoked by your CA. For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html">RevokeCertificate</a>.</p>
+ * 			can configure Online Certificate Status Protocol (OCSP) support and/or maintain a
+ * 			certificate revocation list (CRL). OCSP returns validation information about
+ * 			certificates as requested by clients, and a CRL contains an updated list of certificates
+ * 			revoked by your CA. For more information, see <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html">RevokeCertificate</a> and <a href="https://docs.aws.amazon.com/acm-pca/latest/userguide/revocation-setup.html">Setting up a
+ * 				certificate revocation method</a> in the <i>AWS Certificate Manager Private Certificate Authority (PCA) User
+ * 				Guide</i>.</p>
  */
 export interface RevocationConfiguration {
   /**
-   * <p>Configuration of the certificate revocation list (CRL), if any, maintained by your
-   * 			private CA.</p>
+   * <p>Configuration of the certificate revocation list (CRL), if any, maintained by your private
+   * 			CA. A CRL is typically updated approximately 30 minutes after a certificate
+   * 	is revoked. If for any reason a CRL update fails, ACM Private CA makes further attempts
+   * 	every 15 minutes.</p>
    */
   CrlConfiguration?: CrlConfiguration;
+  /**
+   * <p>Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by
+   * 			your private CA. When you revoke a certificate, OCSP responses may take up to 60 minutes
+   * 	to reflect the new status.</p>
+   */
+  OcspConfiguration?: OcspConfiguration;
 }
 export namespace RevocationConfiguration {
@@ -663,11 +720,10 @@ export interface CreateCertificateAuthorityRequest {
   CertificateAuthorityConfiguration: CertificateAuthorityConfiguration | undefined;
   /**
-   * <p>Contains a Boolean value that you can use to enable a certification revocation list
-   * 			(CRL) for the CA, the name of the S3 bucket to which ACM Private CA will write the CRL, and an
-   * 			optional CNAME alias that you can use to hide the name of your bucket in the <b>CRL Distribution Points</b> extension of your CA certificate. For
-   * 			more information, see the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html">CrlConfiguration</a> structure.
-   * 		</p>
+   * <p>Contains information to enable Online Certificate Status Protocol (OCSP) support,
+   * 			to enable a certificate revocation list (CRL), to enable both, or to enable neither. The
+   * 			default is for both certificate validation mechanisms to be disabled. For more
+   * 			information, see the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html">OcspConfiguration</a> and <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html">CrlConfiguration</a> types.</p>
    */
   RevocationConfiguration?: RevocationConfiguration;
@@ -1246,8 +1302,8 @@ export interface CertificateAuthority {
   CertificateAuthorityConfiguration?: CertificateAuthorityConfiguration;
   /**
-   * <p>Information about the certificate revocation list (CRL) created and maintained by your
-   * 			private CA. </p>
+   * <p>Information about the Online Certificate Status Protocol (OCSP) configuration or
+   * 			certificate revocation list (CRL) created and maintained by your private CA. </p>
    */
   RevocationConfiguration?: RevocationConfiguration;
@@ -2492,7 +2548,10 @@ export interface UpdateCertificateAuthorityRequest {
   CertificateAuthorityArn: string | undefined;
   /**
-   * <p>Revocation information for your private CA.</p>
+   * <p>Contains information to enable Online Certificate Status Protocol (OCSP) support,
+   * 			to enable a certificate revocation list (CRL), to enable both, or to enable neither. If
+   * 			this parameter is not supplied, existing capibilites remain unchanged. For more
+   * 			information, see the <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_OcspConfiguration.html">OcspConfiguration</a> and <a href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CrlConfiguration.html">CrlConfiguration</a> types.</p>
    */
   RevocationConfiguration?: RevocationConfiguration;