Documentation ¶
Overview ¶
Package acm provides the API client, operations, and parameter types for AWS Certificate Manager.
Certificate Manager ¶
You can use Certificate Manager (ACM) to manage SSL/TLS certificates for your Amazon Web Services-based websites and applications. For more information about using ACM, see the Certificate Manager User Guide.
Index ¶
- Constants
- func NewDefaultEndpointResolver() *internalendpoints.Resolver
- func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options)
- func WithEndpointResolver(v EndpointResolver) func(*Options)deprecated
- func WithEndpointResolverV2(v EndpointResolverV2) func(*Options)
- func WithSigV4SigningName(name string) func(*Options)
- func WithSigV4SigningRegion(region string) func(*Options)
- type AddTagsToCertificateInput
- type AddTagsToCertificateOutput
- type AuthResolverParameters
- type AuthSchemeResolver
- type CertificateValidatedWaiter
- type CertificateValidatedWaiterOptions
- type Client
- func (c *Client) AddTagsToCertificate(ctx context.Context, params *AddTagsToCertificateInput, ...) (*AddTagsToCertificateOutput, error)
- func (c *Client) DeleteCertificate(ctx context.Context, params *DeleteCertificateInput, optFns ...func(*Options)) (*DeleteCertificateOutput, error)
- func (c *Client) DescribeCertificate(ctx context.Context, params *DescribeCertificateInput, ...) (*DescribeCertificateOutput, error)
- func (c *Client) ExportCertificate(ctx context.Context, params *ExportCertificateInput, optFns ...func(*Options)) (*ExportCertificateOutput, error)
- func (c *Client) GetAccountConfiguration(ctx context.Context, params *GetAccountConfigurationInput, ...) (*GetAccountConfigurationOutput, error)
- func (c *Client) GetCertificate(ctx context.Context, params *GetCertificateInput, optFns ...func(*Options)) (*GetCertificateOutput, error)
- func (c *Client) ImportCertificate(ctx context.Context, params *ImportCertificateInput, optFns ...func(*Options)) (*ImportCertificateOutput, error)
- func (c *Client) ListCertificates(ctx context.Context, params *ListCertificatesInput, optFns ...func(*Options)) (*ListCertificatesOutput, error)
- func (c *Client) ListTagsForCertificate(ctx context.Context, params *ListTagsForCertificateInput, ...) (*ListTagsForCertificateOutput, error)
- func (c *Client) Options() Options
- func (c *Client) PutAccountConfiguration(ctx context.Context, params *PutAccountConfigurationInput, ...) (*PutAccountConfigurationOutput, error)
- func (c *Client) RemoveTagsFromCertificate(ctx context.Context, params *RemoveTagsFromCertificateInput, ...) (*RemoveTagsFromCertificateOutput, error)
- func (c *Client) RenewCertificate(ctx context.Context, params *RenewCertificateInput, optFns ...func(*Options)) (*RenewCertificateOutput, error)
- func (c *Client) RequestCertificate(ctx context.Context, params *RequestCertificateInput, optFns ...func(*Options)) (*RequestCertificateOutput, error)
- func (c *Client) ResendValidationEmail(ctx context.Context, params *ResendValidationEmailInput, ...) (*ResendValidationEmailOutput, error)
- func (c *Client) UpdateCertificateOptions(ctx context.Context, params *UpdateCertificateOptionsInput, ...) (*UpdateCertificateOptionsOutput, error)
- type DeleteCertificateInput
- type DeleteCertificateOutput
- type DescribeCertificateAPIClient
- type DescribeCertificateInput
- type DescribeCertificateOutput
- type EndpointParameters
- type EndpointResolver
- type EndpointResolverFunc
- type EndpointResolverOptions
- type EndpointResolverV2
- type ExportCertificateInput
- type ExportCertificateOutput
- type GetAccountConfigurationInput
- type GetAccountConfigurationOutput
- type GetCertificateInput
- type GetCertificateOutput
- type HTTPClient
- type HTTPSignerV4
- type ImportCertificateInput
- type ImportCertificateOutput
- type ListCertificatesAPIClient
- type ListCertificatesInput
- type ListCertificatesOutput
- type ListCertificatesPaginator
- type ListCertificatesPaginatorOptions
- type ListTagsForCertificateInput
- type ListTagsForCertificateOutput
- type Options
- type PutAccountConfigurationInput
- type PutAccountConfigurationOutput
- type RemoveTagsFromCertificateInput
- type RemoveTagsFromCertificateOutput
- type RenewCertificateInput
- type RenewCertificateOutput
- type RequestCertificateInput
- type RequestCertificateOutput
- type ResendValidationEmailInput
- type ResendValidationEmailOutput
- type ResolveEndpoint
- type UpdateCertificateOptionsInput
- type UpdateCertificateOptionsOutput
Constants ¶
const ServiceAPIVersion = "2015-12-08"
const ServiceID = "ACM"
Variables ¶
This section is empty.
Functions ¶
func NewDefaultEndpointResolver ¶
func NewDefaultEndpointResolver() *internalendpoints.Resolver
NewDefaultEndpointResolver constructs a new service endpoint resolver
func WithAPIOptions ¶ added in v1.0.0
func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options)
WithAPIOptions returns a functional option for setting the Client's APIOptions option.
func WithEndpointResolver
deprecated
func WithEndpointResolver(v EndpointResolver) func(*Options)
Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for this field will likely prevent you from using any endpoint-related service features released after the introduction of EndpointResolverV2 and BaseEndpoint.
To migrate an EndpointResolver implementation that uses a custom endpoint, set the client option BaseEndpoint instead.
func WithEndpointResolverV2 ¶ added in v1.18.0
func WithEndpointResolverV2(v EndpointResolverV2) func(*Options)
WithEndpointResolverV2 returns a functional option for setting the Client's EndpointResolverV2 option.
func WithSigV4SigningName ¶ added in v1.21.2
WithSigV4SigningName applies an override to the authentication workflow to use the given signing name for SigV4-authenticated operations.
This is an advanced setting. The value here is FINAL, taking precedence over the resolved signing name from both auth scheme resolution and endpoint resolution.
func WithSigV4SigningRegion ¶ added in v1.21.2
WithSigV4SigningRegion applies an override to the authentication workflow to use the given signing region for SigV4-authenticated operations.
This is an advanced setting. The value here is FINAL, taking precedence over the resolved signing region from both auth scheme resolution and endpoint resolution.
Types ¶
type AddTagsToCertificateInput ¶
type AddTagsToCertificateInput struct { // String that contains the ARN of the ACM certificate to which the tag is to be // applied. This must be of the form: // // arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012 // // For more information about ARNs, see [Amazon Resource Names (ARNs)]. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html // // This member is required. CertificateArn *string // The key-value pair that defines the tag. The tag value is optional. // // This member is required. Tags []types.Tag // contains filtered or unexported fields }
type AddTagsToCertificateOutput ¶
type AddTagsToCertificateOutput struct { // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type AuthResolverParameters ¶ added in v1.21.2
type AuthResolverParameters struct { // The name of the operation being invoked. Operation string // The region in which the operation is being invoked. Region string }
AuthResolverParameters contains the set of inputs necessary for auth scheme resolution.
type AuthSchemeResolver ¶ added in v1.21.2
type AuthSchemeResolver interface {
ResolveAuthSchemes(context.Context, *AuthResolverParameters) ([]*smithyauth.Option, error)
}
AuthSchemeResolver returns a set of possible authentication options for an operation.
type CertificateValidatedWaiter ¶ added in v0.31.0
type CertificateValidatedWaiter struct {
// contains filtered or unexported fields
}
CertificateValidatedWaiter defines the waiters for CertificateValidated
func NewCertificateValidatedWaiter ¶ added in v0.31.0
func NewCertificateValidatedWaiter(client DescribeCertificateAPIClient, optFns ...func(*CertificateValidatedWaiterOptions)) *CertificateValidatedWaiter
NewCertificateValidatedWaiter constructs a CertificateValidatedWaiter.
func (*CertificateValidatedWaiter) Wait ¶ added in v0.31.0
func (w *CertificateValidatedWaiter) Wait(ctx context.Context, params *DescribeCertificateInput, maxWaitDur time.Duration, optFns ...func(*CertificateValidatedWaiterOptions)) error
Wait calls the waiter function for CertificateValidated waiter. The maxWaitDur is the maximum wait duration the waiter will wait. The maxWaitDur is required and must be greater than zero.
func (*CertificateValidatedWaiter) WaitForOutput ¶ added in v1.9.0
func (w *CertificateValidatedWaiter) WaitForOutput(ctx context.Context, params *DescribeCertificateInput, maxWaitDur time.Duration, optFns ...func(*CertificateValidatedWaiterOptions)) (*DescribeCertificateOutput, error)
WaitForOutput calls the waiter function for CertificateValidated waiter and returns the output of the successful operation. The maxWaitDur is the maximum wait duration the waiter will wait. The maxWaitDur is required and must be greater than zero.
type CertificateValidatedWaiterOptions ¶ added in v0.31.0
type CertificateValidatedWaiterOptions struct { // Set of options to modify how an operation is invoked. These apply to all // operations invoked for this client. Use functional options on operation call to // modify this list for per operation behavior. // // Passing options here is functionally equivalent to passing values to this // config's ClientOptions field that extend the inner client's APIOptions directly. APIOptions []func(*middleware.Stack) error // Functional options to be passed to all operations invoked by this client. // // Function values that modify the inner APIOptions are applied after the waiter // config's own APIOptions modifiers. ClientOptions []func(*Options) // MinDelay is the minimum amount of time to delay between retries. If unset, // CertificateValidatedWaiter will use default minimum delay of 60 seconds. Note // that MinDelay must resolve to a value lesser than or equal to the MaxDelay. MinDelay time.Duration // MaxDelay is the maximum amount of time to delay between retries. If unset or // set to zero, CertificateValidatedWaiter will use default max delay of 120 // seconds. Note that MaxDelay must resolve to value greater than or equal to the // MinDelay. MaxDelay time.Duration // LogWaitAttempts is used to enable logging for waiter retry attempts LogWaitAttempts bool // Retryable is function that can be used to override the service defined // waiter-behavior based on operation output, or returned error. This function is // used by the waiter to decide if a state is retryable or a terminal state. // // By default service-modeled logic will populate this option. This option can // thus be used to define a custom waiter state with fall-back to service-modeled // waiter state mutators.The function returns an error in case of a failure state. // In case of retry state, this function returns a bool value of true and nil // error, while in case of success it returns a bool value of false and nil error. Retryable func(context.Context, *DescribeCertificateInput, *DescribeCertificateOutput, error) (bool, error) }
CertificateValidatedWaiterOptions are waiter options for CertificateValidatedWaiter
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client provides the API client to make operations call for AWS Certificate Manager.
func New ¶
New returns an initialized Client based on the functional options. Provide additional functional options to further configure the behavior of the client, such as changing the client's endpoint or adding custom middleware behavior.
func NewFromConfig ¶
NewFromConfig returns a new client from the provided config.
func (*Client) AddTagsToCertificate ¶
func (c *Client) AddTagsToCertificate(ctx context.Context, params *AddTagsToCertificateInput, optFns ...func(*Options)) (*AddTagsToCertificateOutput, error)
Adds one or more tags to an ACM certificate. Tags are labels that you can use to identify and organize your Amazon Web Services resources. Each tag consists of a key and an optional value . You specify the certificate on input by its Amazon Resource Name (ARN). You specify the tag by using a key-value pair.
You can apply a tag to just one certificate if you want to identify a specific characteristic of that certificate, or you can apply the same tag to multiple certificates if you want to filter for a common relationship among those certificates. Similarly, you can apply the same tag to multiple resources if you want to specify a relationship among those resources. For example, you can add the same tag to an ACM certificate and an Elastic Load Balancing load balancer to indicate that they are both used by the same website. For more information, see Tagging ACM certificates.
To remove one or more tags, use the RemoveTagsFromCertificate action. To view all of the tags that have been applied to the certificate, use the ListTagsForCertificateaction.
func (*Client) DeleteCertificate ¶
func (c *Client) DeleteCertificate(ctx context.Context, params *DeleteCertificateInput, optFns ...func(*Options)) (*DeleteCertificateOutput, error)
Deletes a certificate and its associated private key. If this action succeeds, the certificate no longer appears in the list that can be displayed by calling the ListCertificatesaction or be retrieved by calling the GetCertificate action. The certificate will not be available for use by Amazon Web Services services integrated with ACM.
You cannot delete an ACM certificate that is being used by another Amazon Web Services service. To delete a certificate that is in use, the certificate association must first be removed.
func (*Client) DescribeCertificate ¶
func (c *Client) DescribeCertificate(ctx context.Context, params *DescribeCertificateInput, optFns ...func(*Options)) (*DescribeCertificateOutput, error)
Returns detailed metadata about the specified ACM certificate.
If you have just created a certificate using the RequestCertificate action, there is a delay of several seconds before you can retrieve information about it.
func (*Client) ExportCertificate ¶
func (c *Client) ExportCertificate(ctx context.Context, params *ExportCertificateInput, optFns ...func(*Options)) (*ExportCertificateOutput, error)
Exports a private certificate issued by a private certificate authority (CA) for use anywhere. The exported file contains the certificate, the certificate chain, and the encrypted private 2048-bit RSA key associated with the public key that is embedded in the certificate. For security, you must assign a passphrase for the private key when exporting it.
For information about exporting and formatting a certificate using the ACM console or CLI, see Export a Private Certificate.
func (*Client) GetAccountConfiguration ¶ added in v1.2.0
func (c *Client) GetAccountConfiguration(ctx context.Context, params *GetAccountConfigurationInput, optFns ...func(*Options)) (*GetAccountConfigurationOutput, error)
Returns the account configuration options associated with an Amazon Web Services account.
func (*Client) GetCertificate ¶
func (c *Client) GetCertificate(ctx context.Context, params *GetCertificateInput, optFns ...func(*Options)) (*GetCertificateOutput, error)
Retrieves a certificate and its certificate chain. The certificate may be either a public or private certificate issued using the ACM RequestCertificate action, or a certificate imported into ACM using the ImportCertificate action. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs. All of the certificates are base64 encoded. You can use OpenSSLto decode the certificates and inspect individual fields.
func (*Client) ImportCertificate ¶
func (c *Client) ImportCertificate(ctx context.Context, params *ImportCertificateInput, optFns ...func(*Options)) (*ImportCertificateOutput, error)
Imports a certificate into Certificate Manager (ACM) to use with services that are integrated with ACM. Note that integrated servicesallow only certificate types and keys they support to be associated with their resources. Further, their support differs depending on whether the certificate is imported into IAM or into ACM. For more information, see the documentation for each service. For more information about importing certificates into ACM, see Importing Certificatesin the Certificate Manager User Guide.
ACM does not provide managed renewal for certificates that you import.
Note the following guidelines when importing third party certificates:
You must enter the private key that matches the certificate you are importing.
The private key must be unencrypted. You cannot import a private key that is protected by a password or a passphrase.
The private key must be no larger than 5 KB (5,120 bytes).
The certificate, private key, and certificate chain must be PEM-encoded.
The current time must be between the Not Before and Not After certificate fields.
The Issuer field must not be empty.
The OCSP authority URL, if present, must not exceed 1000 characters.
To import a new certificate, omit the CertificateArn argument. Include this argument only when you want to replace a previously imported certificate.
When you import a certificate by using the CLI, you must specify the certificate, the certificate chain, and the private key by their file names preceded by fileb:// . For example, you can specify a certificate saved in the C:\temp folder as fileb://C:\temp\certificate_to_import.pem . If you are making an HTTP or HTTPS Query request, include these arguments as BLOBs.
When you import a certificate by using an SDK, you must specify the certificate, the certificate chain, and the private key files in the manner required by the programming language you're using.
The cryptographic algorithm of an imported certificate must match the algorithm of the signing CA. For example, if the signing CA key type is RSA, then the certificate key type must also be RSA.
This operation returns the Amazon Resource Name (ARN) of the imported certificate.
func (*Client) ListCertificates ¶
func (c *Client) ListCertificates(ctx context.Context, params *ListCertificatesInput, optFns ...func(*Options)) (*ListCertificatesOutput, error)
Retrieves a list of certificate ARNs and domain names. By default, the API returns RSA_2048 certificates. To return all certificates in the account, include the keyType filter with the values [RSA_1024, RSA_2048, RSA_3072, RSA_4096, EC_prime256v1, EC_secp384r1, EC_secp521r1] .
In addition to keyType , you can also filter by the CertificateStatuses , keyUsage , and extendedKeyUsage attributes on the certificate. For more information, see Filters.
func (*Client) ListTagsForCertificate ¶
func (c *Client) ListTagsForCertificate(ctx context.Context, params *ListTagsForCertificateInput, optFns ...func(*Options)) (*ListTagsForCertificateOutput, error)
Lists the tags that have been applied to the ACM certificate. Use the certificate's Amazon Resource Name (ARN) to specify the certificate. To add a tag to an ACM certificate, use the AddTagsToCertificateaction. To delete a tag, use the RemoveTagsFromCertificate action.
func (*Client) Options ¶ added in v1.22.0
Options returns a copy of the client configuration.
Callers SHOULD NOT perform mutations on any inner structures within client config. Config overrides should instead be made on a per-operation basis through functional options.
func (*Client) PutAccountConfiguration ¶ added in v1.2.0
func (c *Client) PutAccountConfiguration(ctx context.Context, params *PutAccountConfigurationInput, optFns ...func(*Options)) (*PutAccountConfigurationOutput, error)
Adds or modifies account-level configurations in ACM.
The supported configuration option is DaysBeforeExpiry . This option specifies the number of days prior to certificate expiration when ACM starts generating EventBridge events. ACM sends one event per day per certificate until the certificate expires. By default, accounts receive events starting 45 days before certificate expiration.
func (*Client) RemoveTagsFromCertificate ¶
func (c *Client) RemoveTagsFromCertificate(ctx context.Context, params *RemoveTagsFromCertificateInput, optFns ...func(*Options)) (*RemoveTagsFromCertificateOutput, error)
Remove one or more tags from an ACM certificate. A tag consists of a key-value pair. If you do not specify the value portion of the tag when calling this function, the tag will be removed regardless of value. If you specify a value, the tag is removed only if it is associated with the specified value.
To add tags to a certificate, use the AddTagsToCertificate action. To view all of the tags that have been applied to a specific ACM certificate, use the ListTagsForCertificateaction.
func (*Client) RenewCertificate ¶
func (c *Client) RenewCertificate(ctx context.Context, params *RenewCertificateInput, optFns ...func(*Options)) (*RenewCertificateOutput, error)
Renews an eligible ACM certificate. At this time, only exported private certificates can be renewed with this operation. In order to renew your Amazon Web Services Private CA certificates with ACM, you must first grant the ACM service principal permission to do so. For more information, see Testing Managed Renewalin the ACM User Guide.
func (*Client) RequestCertificate ¶
func (c *Client) RequestCertificate(ctx context.Context, params *RequestCertificateInput, optFns ...func(*Options)) (*RequestCertificateOutput, error)
Requests an ACM certificate for use with other Amazon Web Services services. To request an ACM certificate, you must specify a fully qualified domain name (FQDN) in the DomainName parameter. You can also specify additional FQDNs in the SubjectAlternativeNames parameter.
If you are requesting a private certificate, domain validation is not required. If you are requesting a public certificate, each domain name that you specify must be validated to verify that you own or control the domain. You can use DNS validationor email validation . We recommend that you use DNS validation. ACM issues public certificates after receiving approval from the domain owner.
ACM behavior differs from the RFC 6125 specification of the certificate validation process. ACM first checks for a Subject Alternative Name, and, if it finds one, ignores the common name (CN).
After successful completion of the RequestCertificate action, there is a delay of several seconds before you can retrieve information about the new certificate.
func (*Client) ResendValidationEmail ¶
func (c *Client) ResendValidationEmail(ctx context.Context, params *ResendValidationEmailInput, optFns ...func(*Options)) (*ResendValidationEmailOutput, error)
Resends the email that requests domain ownership validation. The domain owner or an authorized representative must approve the ACM certificate before it can be issued. The certificate can be approved by clicking a link in the mail to navigate to the Amazon certificate approval website and then clicking I Approve. However, the validation email can be blocked by spam filters. Therefore, if you do not receive the original mail, you can request that the mail be resent within 72 hours of requesting the ACM certificate. If more than 72 hours have elapsed since your original request or since your last attempt to resend validation mail, you must request a new certificate. For more information about setting up your contact email addresses, see Configure Email for your Domain.
func (*Client) UpdateCertificateOptions ¶
func (c *Client) UpdateCertificateOptions(ctx context.Context, params *UpdateCertificateOptionsInput, optFns ...func(*Options)) (*UpdateCertificateOptionsOutput, error)
Updates a certificate. Currently, you can use this function to specify whether to opt in to or out of recording your certificate in a certificate transparency log. For more information, see Opting Out of Certificate Transparency Logging.
type DeleteCertificateInput ¶
type DeleteCertificateInput struct { // String that contains the ARN of the ACM certificate to be deleted. This must be // of the form: // // arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012 // // For more information about ARNs, see [Amazon Resource Names (ARNs)]. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html // // This member is required. CertificateArn *string // contains filtered or unexported fields }
type DeleteCertificateOutput ¶
type DeleteCertificateOutput struct { // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type DescribeCertificateAPIClient ¶ added in v0.31.0
type DescribeCertificateAPIClient interface {
DescribeCertificate(context.Context, *DescribeCertificateInput, ...func(*Options)) (*DescribeCertificateOutput, error)
}
DescribeCertificateAPIClient is a client that implements the DescribeCertificate operation.
type DescribeCertificateInput ¶
type DescribeCertificateInput struct { // The Amazon Resource Name (ARN) of the ACM certificate. The ARN must have the // following form: // // arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012 // // For more information about ARNs, see [Amazon Resource Names (ARNs)]. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html // // This member is required. CertificateArn *string // contains filtered or unexported fields }
type DescribeCertificateOutput ¶
type DescribeCertificateOutput struct { // Metadata about an ACM certificate. Certificate *types.CertificateDetail // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type EndpointParameters ¶ added in v1.18.0
type EndpointParameters struct { // The AWS region used to dispatch the request. // // Parameter is // required. // // AWS::Region Region *string // When true, use the dual-stack endpoint. If the configured endpoint does not // support dual-stack, dispatching the request MAY return an error. // // Defaults to // false if no value is provided. // // AWS::UseDualStack UseDualStack *bool // When true, send this request to the FIPS-compliant regional endpoint. If the // configured endpoint does not have a FIPS compliant endpoint, dispatching the // request will return an error. // // Defaults to false if no value is // provided. // // AWS::UseFIPS UseFIPS *bool // Override the endpoint used to send this request // // Parameter is // required. // // SDK::Endpoint Endpoint *string }
EndpointParameters provides the parameters that influence how endpoints are resolved.
func (EndpointParameters) ValidateRequired ¶ added in v1.18.0
func (p EndpointParameters) ValidateRequired() error
ValidateRequired validates required parameters are set.
func (EndpointParameters) WithDefaults ¶ added in v1.18.0
func (p EndpointParameters) WithDefaults() EndpointParameters
WithDefaults returns a shallow copy of EndpointParameterswith default values applied to members where applicable.
type EndpointResolver ¶
type EndpointResolver interface {
ResolveEndpoint(region string, options EndpointResolverOptions) (aws.Endpoint, error)
}
EndpointResolver interface for resolving service endpoints.
func EndpointResolverFromURL ¶ added in v1.1.0
func EndpointResolverFromURL(url string, optFns ...func(*aws.Endpoint)) EndpointResolver
EndpointResolverFromURL returns an EndpointResolver configured using the provided endpoint url. By default, the resolved endpoint resolver uses the client region as signing region, and the endpoint source is set to EndpointSourceCustom.You can provide functional options to configure endpoint values for the resolved endpoint.
type EndpointResolverFunc ¶
type EndpointResolverFunc func(region string, options EndpointResolverOptions) (aws.Endpoint, error)
EndpointResolverFunc is a helper utility that wraps a function so it satisfies the EndpointResolver interface. This is useful when you want to add additional endpoint resolving logic, or stub out specific endpoints with custom values.
func (EndpointResolverFunc) ResolveEndpoint ¶
func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error)
type EndpointResolverOptions ¶ added in v0.29.0
type EndpointResolverOptions = internalendpoints.Options
EndpointResolverOptions is the service endpoint resolver options
type EndpointResolverV2 ¶ added in v1.18.0
type EndpointResolverV2 interface { // ResolveEndpoint attempts to resolve the endpoint with the provided options, // returning the endpoint if found. Otherwise an error is returned. ResolveEndpoint(ctx context.Context, params EndpointParameters) ( smithyendpoints.Endpoint, error, ) }
EndpointResolverV2 provides the interface for resolving service endpoints.
func NewDefaultEndpointResolverV2 ¶ added in v1.18.0
func NewDefaultEndpointResolverV2() EndpointResolverV2
type ExportCertificateInput ¶
type ExportCertificateInput struct { // An Amazon Resource Name (ARN) of the issued certificate. This must be of the // form: // // arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012 // // This member is required. CertificateArn *string // Passphrase to associate with the encrypted exported private key. // // When creating your passphrase, you can use any ASCII character except #, $, or // %. // // If you want to later decrypt the private key, you must have the passphrase. You // can use the following OpenSSL command to decrypt a private key. After entering // the command, you are prompted for the passphrase. // // openssl rsa -in encrypted_key.pem -out decrypted_key.pem // // This member is required. Passphrase []byte // contains filtered or unexported fields }
type ExportCertificateOutput ¶
type ExportCertificateOutput struct { // The base64 PEM-encoded certificate. Certificate *string // The base64 PEM-encoded certificate chain. This does not include the certificate // that you are exporting. CertificateChain *string // The encrypted private key associated with the public key in the certificate. // The key is output in PKCS #8 format and is base64 PEM-encoded. PrivateKey *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type GetAccountConfigurationInput ¶ added in v1.2.0
type GetAccountConfigurationInput struct {
// contains filtered or unexported fields
}
type GetAccountConfigurationOutput ¶ added in v1.2.0
type GetAccountConfigurationOutput struct { // Expiration events configuration options associated with the Amazon Web Services // account. ExpiryEvents *types.ExpiryEventsConfiguration // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type GetCertificateInput ¶
type GetCertificateInput struct { // String that contains a certificate ARN in the following format: // // arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012 // // For more information about ARNs, see [Amazon Resource Names (ARNs)]. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html // // This member is required. CertificateArn *string // contains filtered or unexported fields }
type GetCertificateOutput ¶
type GetCertificateOutput struct { // The ACM-issued certificate corresponding to the ARN specified as input. Certificate *string // Certificates forming the requested certificate's chain of trust. The chain // consists of the certificate of the issuing CA and the intermediate certificates // of any other subordinate CAs. CertificateChain *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type HTTPSignerV4 ¶
type ImportCertificateInput ¶
type ImportCertificateInput struct { // The certificate to import. // // This member is required. Certificate []byte // The private key that matches the public key in the certificate. // // This member is required. PrivateKey []byte // The [Amazon Resource Name (ARN)] of an imported certificate to replace. To import a new certificate, omit // this field. // // [Amazon Resource Name (ARN)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html CertificateArn *string // The PEM encoded certificate chain. CertificateChain []byte // One or more resource tags to associate with the imported certificate. // // Note: You cannot apply tags when reimporting a certificate. Tags []types.Tag // contains filtered or unexported fields }
type ImportCertificateOutput ¶
type ImportCertificateOutput struct { // The [Amazon Resource Name (ARN)] of the imported certificate. // // [Amazon Resource Name (ARN)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html CertificateArn *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type ListCertificatesAPIClient ¶ added in v0.30.0
type ListCertificatesAPIClient interface {
ListCertificates(context.Context, *ListCertificatesInput, ...func(*Options)) (*ListCertificatesOutput, error)
}
ListCertificatesAPIClient is a client that implements the ListCertificates operation.
type ListCertificatesInput ¶
type ListCertificatesInput struct { // Filter the certificate list by status value. CertificateStatuses []types.CertificateStatus // Filter the certificate list. For more information, see the Filters structure. Includes *types.Filters // Use this parameter when paginating results to specify the maximum number of // items to return in the response. If additional items exist beyond the number you // specify, the NextToken element is sent in the response. Use this NextToken // value in a subsequent request to retrieve additional items. MaxItems *int32 // Use this parameter only when paginating results and only in a subsequent // request after you receive a response with truncated results. Set it to the value // of NextToken from the response you just received. NextToken *string // Specifies the field to sort results by. If you specify SortBy , you must also // specify SortOrder . SortBy types.SortBy // Specifies the order of sorted results. If you specify SortOrder , you must also // specify SortBy . SortOrder types.SortOrder // contains filtered or unexported fields }
type ListCertificatesOutput ¶
type ListCertificatesOutput struct { // A list of ACM certificates. CertificateSummaryList []types.CertificateSummary // When the list is truncated, this value is present and contains the value to use // for the NextToken parameter in a subsequent pagination request. NextToken *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type ListCertificatesPaginator ¶ added in v0.30.0
type ListCertificatesPaginator struct {
// contains filtered or unexported fields
}
ListCertificatesPaginator is a paginator for ListCertificates
func NewListCertificatesPaginator ¶ added in v0.30.0
func NewListCertificatesPaginator(client ListCertificatesAPIClient, params *ListCertificatesInput, optFns ...func(*ListCertificatesPaginatorOptions)) *ListCertificatesPaginator
NewListCertificatesPaginator returns a new ListCertificatesPaginator
func (*ListCertificatesPaginator) HasMorePages ¶ added in v0.30.0
func (p *ListCertificatesPaginator) HasMorePages() bool
HasMorePages returns a boolean indicating whether more pages are available
func (*ListCertificatesPaginator) NextPage ¶ added in v0.30.0
func (p *ListCertificatesPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListCertificatesOutput, error)
NextPage retrieves the next ListCertificates page.
type ListCertificatesPaginatorOptions ¶ added in v0.30.0
type ListCertificatesPaginatorOptions struct { // Use this parameter when paginating results to specify the maximum number of // items to return in the response. If additional items exist beyond the number you // specify, the NextToken element is sent in the response. Use this NextToken // value in a subsequent request to retrieve additional items. Limit int32 // Set to true if pagination should stop if the service returns a pagination token // that matches the most recent token provided to the service. StopOnDuplicateToken bool }
ListCertificatesPaginatorOptions is the paginator options for ListCertificates
type ListTagsForCertificateInput ¶
type ListTagsForCertificateInput struct { // String that contains the ARN of the ACM certificate for which you want to list // the tags. This must have the following form: // // arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012 // // For more information about ARNs, see [Amazon Resource Names (ARNs)]. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html // // This member is required. CertificateArn *string // contains filtered or unexported fields }
type ListTagsForCertificateOutput ¶
type ListTagsForCertificateOutput struct { // The key-value pairs that define the applied tags. Tags []types.Tag // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type Options ¶
type Options struct { // Set of options to modify how an operation is invoked. These apply to all // operations invoked for this client. Use functional options on operation call to // modify this list for per operation behavior. APIOptions []func(*middleware.Stack) error // The optional application specific identifier appended to the User-Agent header. AppID string // This endpoint will be given as input to an EndpointResolverV2. It is used for // providing a custom base endpoint that is subject to modifications by the // processing EndpointResolverV2. BaseEndpoint *string // Configures the events that will be sent to the configured logger. ClientLogMode aws.ClientLogMode // The credentials object to use when signing requests. Credentials aws.CredentialsProvider // The configuration DefaultsMode that the SDK should use when constructing the // clients initial default settings. DefaultsMode aws.DefaultsMode // The endpoint options to be used when attempting to resolve an endpoint. EndpointOptions EndpointResolverOptions // The service endpoint resolver. // // Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a // value for this field will likely prevent you from using any endpoint-related // service features released after the introduction of EndpointResolverV2 and // BaseEndpoint. // // To migrate an EndpointResolver implementation that uses a custom endpoint, set // the client option BaseEndpoint instead. EndpointResolver EndpointResolver // Resolves the endpoint used for a particular service operation. This should be // used over the deprecated EndpointResolver. EndpointResolverV2 EndpointResolverV2 // Signature Version 4 (SigV4) Signer HTTPSignerV4 HTTPSignerV4 // The logger writer interface to write logging messages to. Logger logging.Logger // The client meter provider. MeterProvider metrics.MeterProvider // The region to send requests to. (Required) Region string // RetryMaxAttempts specifies the maximum number attempts an API client will call // an operation that fails with a retryable error. A value of 0 is ignored, and // will not be used to configure the API client created default retryer, or modify // per operation call's retry max attempts. // // If specified in an operation call's functional options with a value that is // different than the constructed client's Options, the Client's Retryer will be // wrapped to use the operation's specific RetryMaxAttempts value. RetryMaxAttempts int // RetryMode specifies the retry mode the API client will be created with, if // Retryer option is not also specified. // // When creating a new API Clients this member will only be used if the Retryer // Options member is nil. This value will be ignored if Retryer is not nil. // // Currently does not support per operation call overrides, may in the future. RetryMode aws.RetryMode // Retryer guides how HTTP requests should be retried in case of recoverable // failures. When nil the API client will use a default retryer. The kind of // default retry created by the API client can be changed with the RetryMode // option. Retryer aws.Retryer // The RuntimeEnvironment configuration, only populated if the DefaultsMode is set // to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You // should not populate this structure programmatically, or rely on the values here // within your applications. RuntimeEnvironment aws.RuntimeEnvironment // The client tracer provider. TracerProvider tracing.TracerProvider // The HTTP client to invoke API calls with. Defaults to client's default HTTP // implementation if nil. HTTPClient HTTPClient // The auth scheme resolver which determines how to authenticate for each // operation. AuthSchemeResolver AuthSchemeResolver // The list of auth schemes supported by the client. AuthSchemes []smithyhttp.AuthScheme // contains filtered or unexported fields }
func (Options) GetIdentityResolver ¶ added in v1.21.2
func (o Options) GetIdentityResolver(schemeID string) smithyauth.IdentityResolver
type PutAccountConfigurationInput ¶ added in v1.2.0
type PutAccountConfigurationInput struct { // Customer-chosen string used to distinguish between calls to // PutAccountConfiguration . Idempotency tokens time out after one hour. If you // call PutAccountConfiguration multiple times with the same unexpired idempotency // token, ACM treats it as the same request and returns the original result. If you // change the idempotency token for each call, ACM treats each call as a new // request. // // This member is required. IdempotencyToken *string // Specifies expiration events associated with an account. ExpiryEvents *types.ExpiryEventsConfiguration // contains filtered or unexported fields }
type PutAccountConfigurationOutput ¶ added in v1.2.0
type PutAccountConfigurationOutput struct { // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type RemoveTagsFromCertificateInput ¶
type RemoveTagsFromCertificateInput struct { // String that contains the ARN of the ACM Certificate with one or more tags that // you want to remove. This must be of the form: // // arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012 // // For more information about ARNs, see [Amazon Resource Names (ARNs)]. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html // // This member is required. CertificateArn *string // The key-value pair that defines the tag to remove. // // This member is required. Tags []types.Tag // contains filtered or unexported fields }
type RemoveTagsFromCertificateOutput ¶
type RemoveTagsFromCertificateOutput struct { // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type RenewCertificateInput ¶
type RenewCertificateInput struct { // String that contains the ARN of the ACM certificate to be renewed. This must be // of the form: // // arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012 // // For more information about ARNs, see [Amazon Resource Names (ARNs)]. // // [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html // // This member is required. CertificateArn *string // contains filtered or unexported fields }
type RenewCertificateOutput ¶
type RenewCertificateOutput struct { // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type RequestCertificateInput ¶
type RequestCertificateInput struct { // Fully qualified domain name (FQDN), such as www.example.com, that you want to // secure with an ACM certificate. Use an asterisk (*) to create a wildcard // certificate that protects several sites in the same domain. For example, // *.example.com protects www.example.com, site.example.com, and // images.example.com. // // In compliance with [RFC 5280], the length of the domain name (technically, the Common // Name) that you provide cannot exceed 64 octets (characters), including periods. // To add a longer domain name, specify it in the Subject Alternative Name field, // which supports names up to 253 octets in length. // // [RFC 5280]: https://datatracker.ietf.org/doc/html/rfc5280 // // This member is required. DomainName *string // The Amazon Resource Name (ARN) of the private certificate authority (CA) that // will be used to issue the certificate. If you do not provide an ARN and you are // trying to request a private certificate, ACM will attempt to issue a public // certificate. For more information about private CAs, see the [Amazon Web Services Private Certificate Authority]user guide. The // ARN must have the following form: // // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 // // [Amazon Web Services Private Certificate Authority]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaWelcome.html CertificateAuthorityArn *string // The domain name that you want ACM to use to send you emails so that you can // validate domain ownership. DomainValidationOptions []types.DomainValidationOption // Customer chosen string that can be used to distinguish between calls to // RequestCertificate . Idempotency tokens time out after one hour. Therefore, if // you call RequestCertificate multiple times with the same idempotency token // within one hour, ACM recognizes that you are requesting only one certificate and // will issue only one. If you change the idempotency token for each call, ACM // recognizes that you are requesting multiple certificates. IdempotencyToken *string // Specifies the algorithm of the public and private key pair that your // certificate uses to encrypt data. RSA is the default key algorithm for ACM // certificates. Elliptic Curve Digital Signature Algorithm (ECDSA) keys are // smaller, offering security comparable to RSA keys but with greater computing // efficiency. However, ECDSA is not supported by all network clients. Some Amazon // Web Services services may require RSA keys, or only support ECDSA keys of a // particular size, while others allow the use of either RSA and ECDSA keys to // ensure that compatibility is not broken. Check the requirements for the Amazon // Web Services service where you plan to deploy your certificate. For more // information about selecting an algorithm, see [Key algorithms]. // // Algorithms supported for an ACM certificate request include: // // - RSA_2048 // // - EC_prime256v1 // // - EC_secp384r1 // // Other listed algorithms are for imported certificates only. // // When you request a private PKI certificate signed by a CA from Amazon Web // Services Private CA, the specified signing algorithm family (RSA or ECDSA) must // match the algorithm family of the CA's secret key. // // Default: RSA_2048 // // [Key algorithms]: https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms KeyAlgorithm types.KeyAlgorithm // Currently, you can use this parameter to specify whether to add the certificate // to a certificate transparency log. Certificate transparency makes it possible to // detect SSL/TLS certificates that have been mistakenly or maliciously issued. // Certificates that have not been logged typically produce an error message in a // browser. For more information, see [Opting Out of Certificate Transparency Logging]. // // [Opting Out of Certificate Transparency Logging]: https://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html#best-practices-transparency Options *types.CertificateOptions // Additional FQDNs to be included in the Subject Alternative Name extension of // the ACM certificate. For example, add the name www.example.net to a certificate // for which the DomainName field is www.example.com if users can reach your site // by using either name. The maximum number of domain names that you can add to an // ACM certificate is 100. However, the initial quota is 10 domain names. If you // need more than 10 names, you must request a quota increase. For more // information, see [Quotas]. // // The maximum length of a SAN DNS name is 253 octets. The name is made up of // multiple labels separated by periods. No label can be longer than 63 octets. // Consider the following examples: // // - (63 octets).(63 octets).(63 octets).(61 octets) is legal because the total // length is 253 octets (63+1+63+1+63+1+61) and no label exceeds 63 octets. // // - (64 octets).(63 octets).(63 octets).(61 octets) is not legal because the // total length exceeds 253 octets (64+1+63+1+63+1+61) and the first label exceeds // 63 octets. // // - (63 octets).(63 octets).(63 octets).(62 octets) is not legal because the // total length of the DNS name (63+1+63+1+63+1+62) exceeds 253 octets. // // [Quotas]: https://docs.aws.amazon.com/acm/latest/userguide/acm-limits.html SubjectAlternativeNames []string // One or more resource tags to associate with the certificate. Tags []types.Tag // The method you want to use if you are requesting a public certificate to // validate that you own or control domain. You can [validate with DNS]or [validate with email]. We recommend that you use // DNS validation. // // [validate with email]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-email.html // [validate with DNS]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html ValidationMethod types.ValidationMethod // contains filtered or unexported fields }
type RequestCertificateOutput ¶
type RequestCertificateOutput struct { // String that contains the ARN of the issued certificate. This must be of the // form: // // arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012 CertificateArn *string // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type ResendValidationEmailInput ¶
type ResendValidationEmailInput struct { // String that contains the ARN of the requested certificate. The certificate ARN // is generated and returned by the RequestCertificateaction as soon as the request is made. By // default, using this parameter causes email to be sent to all top-level domains // you specified in the certificate request. The ARN must be of the form: // // arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012 // // This member is required. CertificateArn *string // The fully qualified domain name (FQDN) of the certificate that needs to be // validated. // // This member is required. Domain *string // The base validation domain that will act as the suffix of the email addresses // that are used to send the emails. This must be the same as the Domain value or // a superdomain of the Domain value. For example, if you requested a certificate // for site.subdomain.example.com and specify a ValidationDomain of // subdomain.example.com , ACM sends email to the domain registrant, technical // contact, and administrative contact in WHOIS and the following five addresses: // // - admin@subdomain.example.com // // - administrator@subdomain.example.com // // - hostmaster@subdomain.example.com // // - postmaster@subdomain.example.com // // - webmaster@subdomain.example.com // // This member is required. ValidationDomain *string // contains filtered or unexported fields }
type ResendValidationEmailOutput ¶
type ResendValidationEmailOutput struct { // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
type ResolveEndpoint ¶
type ResolveEndpoint struct { Resolver EndpointResolver Options EndpointResolverOptions }
func (*ResolveEndpoint) HandleSerialize ¶
func (m *ResolveEndpoint) HandleSerialize(ctx context.Context, in middleware.SerializeInput, next middleware.SerializeHandler) ( out middleware.SerializeOutput, metadata middleware.Metadata, err error, )
func (*ResolveEndpoint) ID ¶
func (*ResolveEndpoint) ID() string
type UpdateCertificateOptionsInput ¶
type UpdateCertificateOptionsInput struct { // ARN of the requested certificate to update. This must be of the form: // // arn:aws:acm:us-east-1:account:certificate/12345678-1234-1234-1234-123456789012 // // This member is required. CertificateArn *string // Use to update the options for your certificate. Currently, you can specify // whether to add your certificate to a transparency log. Certificate transparency // makes it possible to detect SSL/TLS certificates that have been mistakenly or // maliciously issued. Certificates that have not been logged typically produce an // error message in a browser. // // This member is required. Options *types.CertificateOptions // contains filtered or unexported fields }
type UpdateCertificateOptionsOutput ¶
type UpdateCertificateOptionsOutput struct { // Metadata pertaining to the operation's result. ResultMetadata middleware.Metadata // contains filtered or unexported fields }
Source Files ¶
- api_client.go
- api_op_AddTagsToCertificate.go
- api_op_DeleteCertificate.go
- api_op_DescribeCertificate.go
- api_op_ExportCertificate.go
- api_op_GetAccountConfiguration.go
- api_op_GetCertificate.go
- api_op_ImportCertificate.go
- api_op_ListCertificates.go
- api_op_ListTagsForCertificate.go
- api_op_PutAccountConfiguration.go
- api_op_RemoveTagsFromCertificate.go
- api_op_RenewCertificate.go
- api_op_RequestCertificate.go
- api_op_ResendValidationEmail.go
- api_op_UpdateCertificateOptions.go
- auth.go
- deserializers.go
- doc.go
- endpoints.go
- go_module_metadata.go
- options.go
- serializers.go
- validators.go