acm

package module
v1.30.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 4, 2024 License: Apache-2.0 Imports: 46 Imported by: 99

Documentation

Overview

Package acm provides the API client, operations, and parameter types for AWS Certificate Manager.

Certificate Manager

You can use Certificate Manager (ACM) to manage SSL/TLS certificates for your Amazon Web Services-based websites and applications. For more information about using ACM, see the Certificate Manager User Guide.

Index

Constants

View Source
const ServiceAPIVersion = "2015-12-08"
View Source
const ServiceID = "ACM"

Variables

This section is empty.

Functions

func NewDefaultEndpointResolver

func NewDefaultEndpointResolver() *internalendpoints.Resolver

NewDefaultEndpointResolver constructs a new service endpoint resolver

func WithAPIOptions added in v1.0.0

func WithAPIOptions(optFns ...func(*middleware.Stack) error) func(*Options)

WithAPIOptions returns a functional option for setting the Client's APIOptions option.

func WithEndpointResolver deprecated

func WithEndpointResolver(v EndpointResolver) func(*Options)

Deprecated: EndpointResolver and WithEndpointResolver. Providing a value for this field will likely prevent you from using any endpoint-related service features released after the introduction of EndpointResolverV2 and BaseEndpoint.

To migrate an EndpointResolver implementation that uses a custom endpoint, set the client option BaseEndpoint instead.

func WithEndpointResolverV2 added in v1.18.0

func WithEndpointResolverV2(v EndpointResolverV2) func(*Options)

WithEndpointResolverV2 returns a functional option for setting the Client's EndpointResolverV2 option.

func WithSigV4SigningName added in v1.21.2

func WithSigV4SigningName(name string) func(*Options)

WithSigV4SigningName applies an override to the authentication workflow to use the given signing name for SigV4-authenticated operations.

This is an advanced setting. The value here is FINAL, taking precedence over the resolved signing name from both auth scheme resolution and endpoint resolution.

func WithSigV4SigningRegion added in v1.21.2

func WithSigV4SigningRegion(region string) func(*Options)

WithSigV4SigningRegion applies an override to the authentication workflow to use the given signing region for SigV4-authenticated operations.

This is an advanced setting. The value here is FINAL, taking precedence over the resolved signing region from both auth scheme resolution and endpoint resolution.

Types

type AddTagsToCertificateInput

type AddTagsToCertificateInput struct {

	// String that contains the ARN of the ACM certificate to which the tag is to be
	// applied. This must be of the form:
	//
	//     arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
	//
	// For more information about ARNs, see [Amazon Resource Names (ARNs)].
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	//
	// This member is required.
	CertificateArn *string

	// The key-value pair that defines the tag. The tag value is optional.
	//
	// This member is required.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type AddTagsToCertificateOutput

type AddTagsToCertificateOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type AuthResolverParameters added in v1.21.2

type AuthResolverParameters struct {
	// The name of the operation being invoked.
	Operation string

	// The region in which the operation is being invoked.
	Region string
}

AuthResolverParameters contains the set of inputs necessary for auth scheme resolution.

type AuthSchemeResolver added in v1.21.2

type AuthSchemeResolver interface {
	ResolveAuthSchemes(context.Context, *AuthResolverParameters) ([]*smithyauth.Option, error)
}

AuthSchemeResolver returns a set of possible authentication options for an operation.

type CertificateValidatedWaiter added in v0.31.0

type CertificateValidatedWaiter struct {
	// contains filtered or unexported fields
}

CertificateValidatedWaiter defines the waiters for CertificateValidated

func NewCertificateValidatedWaiter added in v0.31.0

func NewCertificateValidatedWaiter(client DescribeCertificateAPIClient, optFns ...func(*CertificateValidatedWaiterOptions)) *CertificateValidatedWaiter

NewCertificateValidatedWaiter constructs a CertificateValidatedWaiter.

func (*CertificateValidatedWaiter) Wait added in v0.31.0

Wait calls the waiter function for CertificateValidated waiter. The maxWaitDur is the maximum wait duration the waiter will wait. The maxWaitDur is required and must be greater than zero.

func (*CertificateValidatedWaiter) WaitForOutput added in v1.9.0

WaitForOutput calls the waiter function for CertificateValidated waiter and returns the output of the successful operation. The maxWaitDur is the maximum wait duration the waiter will wait. The maxWaitDur is required and must be greater than zero.

type CertificateValidatedWaiterOptions added in v0.31.0

type CertificateValidatedWaiterOptions struct {

	// Set of options to modify how an operation is invoked. These apply to all
	// operations invoked for this client. Use functional options on operation call to
	// modify this list for per operation behavior.
	//
	// Passing options here is functionally equivalent to passing values to this
	// config's ClientOptions field that extend the inner client's APIOptions directly.
	APIOptions []func(*middleware.Stack) error

	// Functional options to be passed to all operations invoked by this client.
	//
	// Function values that modify the inner APIOptions are applied after the waiter
	// config's own APIOptions modifiers.
	ClientOptions []func(*Options)

	// MinDelay is the minimum amount of time to delay between retries. If unset,
	// CertificateValidatedWaiter will use default minimum delay of 60 seconds. Note
	// that MinDelay must resolve to a value lesser than or equal to the MaxDelay.
	MinDelay time.Duration

	// MaxDelay is the maximum amount of time to delay between retries. If unset or
	// set to zero, CertificateValidatedWaiter will use default max delay of 120
	// seconds. Note that MaxDelay must resolve to value greater than or equal to the
	// MinDelay.
	MaxDelay time.Duration

	// LogWaitAttempts is used to enable logging for waiter retry attempts
	LogWaitAttempts bool

	// Retryable is function that can be used to override the service defined
	// waiter-behavior based on operation output, or returned error. This function is
	// used by the waiter to decide if a state is retryable or a terminal state.
	//
	// By default service-modeled logic will populate this option. This option can
	// thus be used to define a custom waiter state with fall-back to service-modeled
	// waiter state mutators.The function returns an error in case of a failure state.
	// In case of retry state, this function returns a bool value of true and nil
	// error, while in case of success it returns a bool value of false and nil error.
	Retryable func(context.Context, *DescribeCertificateInput, *DescribeCertificateOutput, error) (bool, error)
}

CertificateValidatedWaiterOptions are waiter options for CertificateValidatedWaiter

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client provides the API client to make operations call for AWS Certificate Manager.

func New

func New(options Options, optFns ...func(*Options)) *Client

New returns an initialized Client based on the functional options. Provide additional functional options to further configure the behavior of the client, such as changing the client's endpoint or adding custom middleware behavior.

func NewFromConfig

func NewFromConfig(cfg aws.Config, optFns ...func(*Options)) *Client

NewFromConfig returns a new client from the provided config.

func (*Client) AddTagsToCertificate

func (c *Client) AddTagsToCertificate(ctx context.Context, params *AddTagsToCertificateInput, optFns ...func(*Options)) (*AddTagsToCertificateOutput, error)

Adds one or more tags to an ACM certificate. Tags are labels that you can use to identify and organize your Amazon Web Services resources. Each tag consists of a key and an optional value . You specify the certificate on input by its Amazon Resource Name (ARN). You specify the tag by using a key-value pair.

You can apply a tag to just one certificate if you want to identify a specific characteristic of that certificate, or you can apply the same tag to multiple certificates if you want to filter for a common relationship among those certificates. Similarly, you can apply the same tag to multiple resources if you want to specify a relationship among those resources. For example, you can add the same tag to an ACM certificate and an Elastic Load Balancing load balancer to indicate that they are both used by the same website. For more information, see Tagging ACM certificates.

To remove one or more tags, use the RemoveTagsFromCertificate action. To view all of the tags that have been applied to the certificate, use the ListTagsForCertificateaction.

func (*Client) DeleteCertificate

func (c *Client) DeleteCertificate(ctx context.Context, params *DeleteCertificateInput, optFns ...func(*Options)) (*DeleteCertificateOutput, error)

Deletes a certificate and its associated private key. If this action succeeds, the certificate no longer appears in the list that can be displayed by calling the ListCertificatesaction or be retrieved by calling the GetCertificate action. The certificate will not be available for use by Amazon Web Services services integrated with ACM.

You cannot delete an ACM certificate that is being used by another Amazon Web Services service. To delete a certificate that is in use, the certificate association must first be removed.

func (*Client) DescribeCertificate

func (c *Client) DescribeCertificate(ctx context.Context, params *DescribeCertificateInput, optFns ...func(*Options)) (*DescribeCertificateOutput, error)

Returns detailed metadata about the specified ACM certificate.

If you have just created a certificate using the RequestCertificate action, there is a delay of several seconds before you can retrieve information about it.

func (*Client) ExportCertificate

func (c *Client) ExportCertificate(ctx context.Context, params *ExportCertificateInput, optFns ...func(*Options)) (*ExportCertificateOutput, error)

Exports a private certificate issued by a private certificate authority (CA) for use anywhere. The exported file contains the certificate, the certificate chain, and the encrypted private 2048-bit RSA key associated with the public key that is embedded in the certificate. For security, you must assign a passphrase for the private key when exporting it.

For information about exporting and formatting a certificate using the ACM console or CLI, see Export a Private Certificate.

func (*Client) GetAccountConfiguration added in v1.2.0

func (c *Client) GetAccountConfiguration(ctx context.Context, params *GetAccountConfigurationInput, optFns ...func(*Options)) (*GetAccountConfigurationOutput, error)

Returns the account configuration options associated with an Amazon Web Services account.

func (*Client) GetCertificate

func (c *Client) GetCertificate(ctx context.Context, params *GetCertificateInput, optFns ...func(*Options)) (*GetCertificateOutput, error)

Retrieves a certificate and its certificate chain. The certificate may be either a public or private certificate issued using the ACM RequestCertificate action, or a certificate imported into ACM using the ImportCertificate action. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs. All of the certificates are base64 encoded. You can use OpenSSLto decode the certificates and inspect individual fields.

func (*Client) ImportCertificate

func (c *Client) ImportCertificate(ctx context.Context, params *ImportCertificateInput, optFns ...func(*Options)) (*ImportCertificateOutput, error)

Imports a certificate into Certificate Manager (ACM) to use with services that are integrated with ACM. Note that integrated servicesallow only certificate types and keys they support to be associated with their resources. Further, their support differs depending on whether the certificate is imported into IAM or into ACM. For more information, see the documentation for each service. For more information about importing certificates into ACM, see Importing Certificatesin the Certificate Manager User Guide.

ACM does not provide managed renewal for certificates that you import.

Note the following guidelines when importing third party certificates:

  • You must enter the private key that matches the certificate you are importing.

  • The private key must be unencrypted. You cannot import a private key that is protected by a password or a passphrase.

  • The private key must be no larger than 5 KB (5,120 bytes).

  • The certificate, private key, and certificate chain must be PEM-encoded.

  • The current time must be between the Not Before and Not After certificate fields.

  • The Issuer field must not be empty.

  • The OCSP authority URL, if present, must not exceed 1000 characters.

  • To import a new certificate, omit the CertificateArn argument. Include this argument only when you want to replace a previously imported certificate.

  • When you import a certificate by using the CLI, you must specify the certificate, the certificate chain, and the private key by their file names preceded by fileb:// . For example, you can specify a certificate saved in the C:\temp folder as fileb://C:\temp\certificate_to_import.pem . If you are making an HTTP or HTTPS Query request, include these arguments as BLOBs.

  • When you import a certificate by using an SDK, you must specify the certificate, the certificate chain, and the private key files in the manner required by the programming language you're using.

  • The cryptographic algorithm of an imported certificate must match the algorithm of the signing CA. For example, if the signing CA key type is RSA, then the certificate key type must also be RSA.

This operation returns the Amazon Resource Name (ARN) of the imported certificate.

func (*Client) ListCertificates

func (c *Client) ListCertificates(ctx context.Context, params *ListCertificatesInput, optFns ...func(*Options)) (*ListCertificatesOutput, error)

Retrieves a list of certificate ARNs and domain names. By default, the API returns RSA_2048 certificates. To return all certificates in the account, include the keyType filter with the values [RSA_1024, RSA_2048, RSA_3072, RSA_4096, EC_prime256v1, EC_secp384r1, EC_secp521r1] .

In addition to keyType , you can also filter by the CertificateStatuses , keyUsage , and extendedKeyUsage attributes on the certificate. For more information, see Filters.

func (*Client) ListTagsForCertificate

func (c *Client) ListTagsForCertificate(ctx context.Context, params *ListTagsForCertificateInput, optFns ...func(*Options)) (*ListTagsForCertificateOutput, error)

Lists the tags that have been applied to the ACM certificate. Use the certificate's Amazon Resource Name (ARN) to specify the certificate. To add a tag to an ACM certificate, use the AddTagsToCertificateaction. To delete a tag, use the RemoveTagsFromCertificate action.

func (*Client) Options added in v1.22.0

func (c *Client) Options() Options

Options returns a copy of the client configuration.

Callers SHOULD NOT perform mutations on any inner structures within client config. Config overrides should instead be made on a per-operation basis through functional options.

func (*Client) PutAccountConfiguration added in v1.2.0

func (c *Client) PutAccountConfiguration(ctx context.Context, params *PutAccountConfigurationInput, optFns ...func(*Options)) (*PutAccountConfigurationOutput, error)

Adds or modifies account-level configurations in ACM.

The supported configuration option is DaysBeforeExpiry . This option specifies the number of days prior to certificate expiration when ACM starts generating EventBridge events. ACM sends one event per day per certificate until the certificate expires. By default, accounts receive events starting 45 days before certificate expiration.

func (*Client) RemoveTagsFromCertificate

func (c *Client) RemoveTagsFromCertificate(ctx context.Context, params *RemoveTagsFromCertificateInput, optFns ...func(*Options)) (*RemoveTagsFromCertificateOutput, error)

Remove one or more tags from an ACM certificate. A tag consists of a key-value pair. If you do not specify the value portion of the tag when calling this function, the tag will be removed regardless of value. If you specify a value, the tag is removed only if it is associated with the specified value.

To add tags to a certificate, use the AddTagsToCertificate action. To view all of the tags that have been applied to a specific ACM certificate, use the ListTagsForCertificateaction.

func (*Client) RenewCertificate

func (c *Client) RenewCertificate(ctx context.Context, params *RenewCertificateInput, optFns ...func(*Options)) (*RenewCertificateOutput, error)

Renews an eligible ACM certificate. At this time, only exported private certificates can be renewed with this operation. In order to renew your Amazon Web Services Private CA certificates with ACM, you must first grant the ACM service principal permission to do so. For more information, see Testing Managed Renewalin the ACM User Guide.

func (*Client) RequestCertificate

func (c *Client) RequestCertificate(ctx context.Context, params *RequestCertificateInput, optFns ...func(*Options)) (*RequestCertificateOutput, error)

Requests an ACM certificate for use with other Amazon Web Services services. To request an ACM certificate, you must specify a fully qualified domain name (FQDN) in the DomainName parameter. You can also specify additional FQDNs in the SubjectAlternativeNames parameter.

If you are requesting a private certificate, domain validation is not required. If you are requesting a public certificate, each domain name that you specify must be validated to verify that you own or control the domain. You can use DNS validationor email validation . We recommend that you use DNS validation. ACM issues public certificates after receiving approval from the domain owner.

ACM behavior differs from the RFC 6125 specification of the certificate validation process. ACM first checks for a Subject Alternative Name, and, if it finds one, ignores the common name (CN).

After successful completion of the RequestCertificate action, there is a delay of several seconds before you can retrieve information about the new certificate.

func (*Client) ResendValidationEmail

func (c *Client) ResendValidationEmail(ctx context.Context, params *ResendValidationEmailInput, optFns ...func(*Options)) (*ResendValidationEmailOutput, error)

Resends the email that requests domain ownership validation. The domain owner or an authorized representative must approve the ACM certificate before it can be issued. The certificate can be approved by clicking a link in the mail to navigate to the Amazon certificate approval website and then clicking I Approve. However, the validation email can be blocked by spam filters. Therefore, if you do not receive the original mail, you can request that the mail be resent within 72 hours of requesting the ACM certificate. If more than 72 hours have elapsed since your original request or since your last attempt to resend validation mail, you must request a new certificate. For more information about setting up your contact email addresses, see Configure Email for your Domain.

func (*Client) UpdateCertificateOptions

func (c *Client) UpdateCertificateOptions(ctx context.Context, params *UpdateCertificateOptionsInput, optFns ...func(*Options)) (*UpdateCertificateOptionsOutput, error)

Updates a certificate. Currently, you can use this function to specify whether to opt in to or out of recording your certificate in a certificate transparency log. For more information, see Opting Out of Certificate Transparency Logging.

type DeleteCertificateInput

type DeleteCertificateInput struct {

	// String that contains the ARN of the ACM certificate to be deleted. This must be
	// of the form:
	//
	//     arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
	//
	// For more information about ARNs, see [Amazon Resource Names (ARNs)].
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	//
	// This member is required.
	CertificateArn *string
	// contains filtered or unexported fields
}

type DeleteCertificateOutput

type DeleteCertificateOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type DescribeCertificateAPIClient added in v0.31.0

type DescribeCertificateAPIClient interface {
	DescribeCertificate(context.Context, *DescribeCertificateInput, ...func(*Options)) (*DescribeCertificateOutput, error)
}

DescribeCertificateAPIClient is a client that implements the DescribeCertificate operation.

type DescribeCertificateInput

type DescribeCertificateInput struct {

	// The Amazon Resource Name (ARN) of the ACM certificate. The ARN must have the
	// following form:
	//
	//     arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
	//
	// For more information about ARNs, see [Amazon Resource Names (ARNs)].
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	//
	// This member is required.
	CertificateArn *string
	// contains filtered or unexported fields
}

type DescribeCertificateOutput

type DescribeCertificateOutput struct {

	// Metadata about an ACM certificate.
	Certificate *types.CertificateDetail

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type EndpointParameters added in v1.18.0

type EndpointParameters struct {
	// The AWS region used to dispatch the request.
	//
	// Parameter is
	// required.
	//
	// AWS::Region
	Region *string

	// When true, use the dual-stack endpoint. If the configured endpoint does not
	// support dual-stack, dispatching the request MAY return an error.
	//
	// Defaults to
	// false if no value is provided.
	//
	// AWS::UseDualStack
	UseDualStack *bool

	// When true, send this request to the FIPS-compliant regional endpoint. If the
	// configured endpoint does not have a FIPS compliant endpoint, dispatching the
	// request will return an error.
	//
	// Defaults to false if no value is
	// provided.
	//
	// AWS::UseFIPS
	UseFIPS *bool

	// Override the endpoint used to send this request
	//
	// Parameter is
	// required.
	//
	// SDK::Endpoint
	Endpoint *string
}

EndpointParameters provides the parameters that influence how endpoints are resolved.

func (EndpointParameters) ValidateRequired added in v1.18.0

func (p EndpointParameters) ValidateRequired() error

ValidateRequired validates required parameters are set.

func (EndpointParameters) WithDefaults added in v1.18.0

func (p EndpointParameters) WithDefaults() EndpointParameters

WithDefaults returns a shallow copy of EndpointParameterswith default values applied to members where applicable.

type EndpointResolver

type EndpointResolver interface {
	ResolveEndpoint(region string, options EndpointResolverOptions) (aws.Endpoint, error)
}

EndpointResolver interface for resolving service endpoints.

func EndpointResolverFromURL added in v1.1.0

func EndpointResolverFromURL(url string, optFns ...func(*aws.Endpoint)) EndpointResolver

EndpointResolverFromURL returns an EndpointResolver configured using the provided endpoint url. By default, the resolved endpoint resolver uses the client region as signing region, and the endpoint source is set to EndpointSourceCustom.You can provide functional options to configure endpoint values for the resolved endpoint.

type EndpointResolverFunc

type EndpointResolverFunc func(region string, options EndpointResolverOptions) (aws.Endpoint, error)

EndpointResolverFunc is a helper utility that wraps a function so it satisfies the EndpointResolver interface. This is useful when you want to add additional endpoint resolving logic, or stub out specific endpoints with custom values.

func (EndpointResolverFunc) ResolveEndpoint

func (fn EndpointResolverFunc) ResolveEndpoint(region string, options EndpointResolverOptions) (endpoint aws.Endpoint, err error)

type EndpointResolverOptions added in v0.29.0

type EndpointResolverOptions = internalendpoints.Options

EndpointResolverOptions is the service endpoint resolver options

type EndpointResolverV2 added in v1.18.0

type EndpointResolverV2 interface {
	// ResolveEndpoint attempts to resolve the endpoint with the provided options,
	// returning the endpoint if found. Otherwise an error is returned.
	ResolveEndpoint(ctx context.Context, params EndpointParameters) (
		smithyendpoints.Endpoint, error,
	)
}

EndpointResolverV2 provides the interface for resolving service endpoints.

func NewDefaultEndpointResolverV2 added in v1.18.0

func NewDefaultEndpointResolverV2() EndpointResolverV2

type ExportCertificateInput

type ExportCertificateInput struct {

	// An Amazon Resource Name (ARN) of the issued certificate. This must be of the
	// form:
	//
	//     arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012
	//
	// This member is required.
	CertificateArn *string

	// Passphrase to associate with the encrypted exported private key.
	//
	// When creating your passphrase, you can use any ASCII character except #, $, or
	// %.
	//
	// If you want to later decrypt the private key, you must have the passphrase. You
	// can use the following OpenSSL command to decrypt a private key. After entering
	// the command, you are prompted for the passphrase.
	//
	//     openssl rsa -in encrypted_key.pem -out decrypted_key.pem
	//
	// This member is required.
	Passphrase []byte
	// contains filtered or unexported fields
}

type ExportCertificateOutput

type ExportCertificateOutput struct {

	// The base64 PEM-encoded certificate.
	Certificate *string

	// The base64 PEM-encoded certificate chain. This does not include the certificate
	// that you are exporting.
	CertificateChain *string

	// The encrypted private key associated with the public key in the certificate.
	// The key is output in PKCS #8 format and is base64 PEM-encoded.
	PrivateKey *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetAccountConfigurationInput added in v1.2.0

type GetAccountConfigurationInput struct {
	// contains filtered or unexported fields
}

type GetAccountConfigurationOutput added in v1.2.0

type GetAccountConfigurationOutput struct {

	// Expiration events configuration options associated with the Amazon Web Services
	// account.
	ExpiryEvents *types.ExpiryEventsConfiguration

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type GetCertificateInput

type GetCertificateInput struct {

	// String that contains a certificate ARN in the following format:
	//
	//     arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
	//
	// For more information about ARNs, see [Amazon Resource Names (ARNs)].
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	//
	// This member is required.
	CertificateArn *string
	// contains filtered or unexported fields
}

type GetCertificateOutput

type GetCertificateOutput struct {

	// The ACM-issued certificate corresponding to the ARN specified as input.
	Certificate *string

	// Certificates forming the requested certificate's chain of trust. The chain
	// consists of the certificate of the issuing CA and the intermediate certificates
	// of any other subordinate CAs.
	CertificateChain *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type HTTPClient

type HTTPClient interface {
	Do(*http.Request) (*http.Response, error)
}

type HTTPSignerV4

type HTTPSignerV4 interface {
	SignHTTP(ctx context.Context, credentials aws.Credentials, r *http.Request, payloadHash string, service string, region string, signingTime time.Time, optFns ...func(*v4.SignerOptions)) error
}

type ImportCertificateInput

type ImportCertificateInput struct {

	// The certificate to import.
	//
	// This member is required.
	Certificate []byte

	// The private key that matches the public key in the certificate.
	//
	// This member is required.
	PrivateKey []byte

	// The [Amazon Resource Name (ARN)] of an imported certificate to replace. To import a new certificate, omit
	// this field.
	//
	// [Amazon Resource Name (ARN)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	CertificateArn *string

	// The PEM encoded certificate chain.
	CertificateChain []byte

	// One or more resource tags to associate with the imported certificate.
	//
	// Note: You cannot apply tags when reimporting a certificate.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type ImportCertificateOutput

type ImportCertificateOutput struct {

	// The [Amazon Resource Name (ARN)] of the imported certificate.
	//
	// [Amazon Resource Name (ARN)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	CertificateArn *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListCertificatesAPIClient added in v0.30.0

type ListCertificatesAPIClient interface {
	ListCertificates(context.Context, *ListCertificatesInput, ...func(*Options)) (*ListCertificatesOutput, error)
}

ListCertificatesAPIClient is a client that implements the ListCertificates operation.

type ListCertificatesInput

type ListCertificatesInput struct {

	// Filter the certificate list by status value.
	CertificateStatuses []types.CertificateStatus

	// Filter the certificate list. For more information, see the Filters structure.
	Includes *types.Filters

	// Use this parameter when paginating results to specify the maximum number of
	// items to return in the response. If additional items exist beyond the number you
	// specify, the NextToken element is sent in the response. Use this NextToken
	// value in a subsequent request to retrieve additional items.
	MaxItems *int32

	// Use this parameter only when paginating results and only in a subsequent
	// request after you receive a response with truncated results. Set it to the value
	// of NextToken from the response you just received.
	NextToken *string

	// Specifies the field to sort results by. If you specify SortBy , you must also
	// specify SortOrder .
	SortBy types.SortBy

	// Specifies the order of sorted results. If you specify SortOrder , you must also
	// specify SortBy .
	SortOrder types.SortOrder
	// contains filtered or unexported fields
}

type ListCertificatesOutput

type ListCertificatesOutput struct {

	// A list of ACM certificates.
	CertificateSummaryList []types.CertificateSummary

	// When the list is truncated, this value is present and contains the value to use
	// for the NextToken parameter in a subsequent pagination request.
	NextToken *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ListCertificatesPaginator added in v0.30.0

type ListCertificatesPaginator struct {
	// contains filtered or unexported fields
}

ListCertificatesPaginator is a paginator for ListCertificates

func NewListCertificatesPaginator added in v0.30.0

func NewListCertificatesPaginator(client ListCertificatesAPIClient, params *ListCertificatesInput, optFns ...func(*ListCertificatesPaginatorOptions)) *ListCertificatesPaginator

NewListCertificatesPaginator returns a new ListCertificatesPaginator

func (*ListCertificatesPaginator) HasMorePages added in v0.30.0

func (p *ListCertificatesPaginator) HasMorePages() bool

HasMorePages returns a boolean indicating whether more pages are available

func (*ListCertificatesPaginator) NextPage added in v0.30.0

func (p *ListCertificatesPaginator) NextPage(ctx context.Context, optFns ...func(*Options)) (*ListCertificatesOutput, error)

NextPage retrieves the next ListCertificates page.

type ListCertificatesPaginatorOptions added in v0.30.0

type ListCertificatesPaginatorOptions struct {
	// Use this parameter when paginating results to specify the maximum number of
	// items to return in the response. If additional items exist beyond the number you
	// specify, the NextToken element is sent in the response. Use this NextToken
	// value in a subsequent request to retrieve additional items.
	Limit int32

	// Set to true if pagination should stop if the service returns a pagination token
	// that matches the most recent token provided to the service.
	StopOnDuplicateToken bool
}

ListCertificatesPaginatorOptions is the paginator options for ListCertificates

type ListTagsForCertificateInput

type ListTagsForCertificateInput struct {

	// String that contains the ARN of the ACM certificate for which you want to list
	// the tags. This must have the following form:
	//
	//     arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
	//
	// For more information about ARNs, see [Amazon Resource Names (ARNs)].
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	//
	// This member is required.
	CertificateArn *string
	// contains filtered or unexported fields
}

type ListTagsForCertificateOutput

type ListTagsForCertificateOutput struct {

	// The key-value pairs that define the applied tags.
	Tags []types.Tag

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type Options

type Options struct {
	// Set of options to modify how an operation is invoked. These apply to all
	// operations invoked for this client. Use functional options on operation call to
	// modify this list for per operation behavior.
	APIOptions []func(*middleware.Stack) error

	// The optional application specific identifier appended to the User-Agent header.
	AppID string

	// This endpoint will be given as input to an EndpointResolverV2. It is used for
	// providing a custom base endpoint that is subject to modifications by the
	// processing EndpointResolverV2.
	BaseEndpoint *string

	// Configures the events that will be sent to the configured logger.
	ClientLogMode aws.ClientLogMode

	// The credentials object to use when signing requests.
	Credentials aws.CredentialsProvider

	// The configuration DefaultsMode that the SDK should use when constructing the
	// clients initial default settings.
	DefaultsMode aws.DefaultsMode

	// The endpoint options to be used when attempting to resolve an endpoint.
	EndpointOptions EndpointResolverOptions

	// The service endpoint resolver.
	//
	// Deprecated: Deprecated: EndpointResolver and WithEndpointResolver. Providing a
	// value for this field will likely prevent you from using any endpoint-related
	// service features released after the introduction of EndpointResolverV2 and
	// BaseEndpoint.
	//
	// To migrate an EndpointResolver implementation that uses a custom endpoint, set
	// the client option BaseEndpoint instead.
	EndpointResolver EndpointResolver

	// Resolves the endpoint used for a particular service operation. This should be
	// used over the deprecated EndpointResolver.
	EndpointResolverV2 EndpointResolverV2

	// Signature Version 4 (SigV4) Signer
	HTTPSignerV4 HTTPSignerV4

	// The logger writer interface to write logging messages to.
	Logger logging.Logger

	// The client meter provider.
	MeterProvider metrics.MeterProvider

	// The region to send requests to. (Required)
	Region string

	// RetryMaxAttempts specifies the maximum number attempts an API client will call
	// an operation that fails with a retryable error. A value of 0 is ignored, and
	// will not be used to configure the API client created default retryer, or modify
	// per operation call's retry max attempts.
	//
	// If specified in an operation call's functional options with a value that is
	// different than the constructed client's Options, the Client's Retryer will be
	// wrapped to use the operation's specific RetryMaxAttempts value.
	RetryMaxAttempts int

	// RetryMode specifies the retry mode the API client will be created with, if
	// Retryer option is not also specified.
	//
	// When creating a new API Clients this member will only be used if the Retryer
	// Options member is nil. This value will be ignored if Retryer is not nil.
	//
	// Currently does not support per operation call overrides, may in the future.
	RetryMode aws.RetryMode

	// Retryer guides how HTTP requests should be retried in case of recoverable
	// failures. When nil the API client will use a default retryer. The kind of
	// default retry created by the API client can be changed with the RetryMode
	// option.
	Retryer aws.Retryer

	// The RuntimeEnvironment configuration, only populated if the DefaultsMode is set
	// to DefaultsModeAuto and is initialized using config.LoadDefaultConfig . You
	// should not populate this structure programmatically, or rely on the values here
	// within your applications.
	RuntimeEnvironment aws.RuntimeEnvironment

	// The client tracer provider.
	TracerProvider tracing.TracerProvider

	// The HTTP client to invoke API calls with. Defaults to client's default HTTP
	// implementation if nil.
	HTTPClient HTTPClient

	// The auth scheme resolver which determines how to authenticate for each
	// operation.
	AuthSchemeResolver AuthSchemeResolver

	// The list of auth schemes supported by the client.
	AuthSchemes []smithyhttp.AuthScheme
	// contains filtered or unexported fields
}

func (Options) Copy

func (o Options) Copy() Options

Copy creates a clone where the APIOptions list is deep copied.

func (Options) GetIdentityResolver added in v1.21.2

func (o Options) GetIdentityResolver(schemeID string) smithyauth.IdentityResolver

type PutAccountConfigurationInput added in v1.2.0

type PutAccountConfigurationInput struct {

	// Customer-chosen string used to distinguish between calls to
	// PutAccountConfiguration . Idempotency tokens time out after one hour. If you
	// call PutAccountConfiguration multiple times with the same unexpired idempotency
	// token, ACM treats it as the same request and returns the original result. If you
	// change the idempotency token for each call, ACM treats each call as a new
	// request.
	//
	// This member is required.
	IdempotencyToken *string

	// Specifies expiration events associated with an account.
	ExpiryEvents *types.ExpiryEventsConfiguration
	// contains filtered or unexported fields
}

type PutAccountConfigurationOutput added in v1.2.0

type PutAccountConfigurationOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type RemoveTagsFromCertificateInput

type RemoveTagsFromCertificateInput struct {

	// String that contains the ARN of the ACM Certificate with one or more tags that
	// you want to remove. This must be of the form:
	//
	//     arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
	//
	// For more information about ARNs, see [Amazon Resource Names (ARNs)].
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	//
	// This member is required.
	CertificateArn *string

	// The key-value pair that defines the tag to remove.
	//
	// This member is required.
	Tags []types.Tag
	// contains filtered or unexported fields
}

type RemoveTagsFromCertificateOutput

type RemoveTagsFromCertificateOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type RenewCertificateInput

type RenewCertificateInput struct {

	// String that contains the ARN of the ACM certificate to be renewed. This must be
	// of the form:
	//
	//     arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
	//
	// For more information about ARNs, see [Amazon Resource Names (ARNs)].
	//
	// [Amazon Resource Names (ARNs)]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
	//
	// This member is required.
	CertificateArn *string
	// contains filtered or unexported fields
}

type RenewCertificateOutput

type RenewCertificateOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type RequestCertificateInput

type RequestCertificateInput struct {

	// Fully qualified domain name (FQDN), such as www.example.com, that you want to
	// secure with an ACM certificate. Use an asterisk (*) to create a wildcard
	// certificate that protects several sites in the same domain. For example,
	// *.example.com protects www.example.com, site.example.com, and
	// images.example.com.
	//
	// In compliance with [RFC 5280], the length of the domain name (technically, the Common
	// Name) that you provide cannot exceed 64 octets (characters), including periods.
	// To add a longer domain name, specify it in the Subject Alternative Name field,
	// which supports names up to 253 octets in length.
	//
	// [RFC 5280]: https://datatracker.ietf.org/doc/html/rfc5280
	//
	// This member is required.
	DomainName *string

	// The Amazon Resource Name (ARN) of the private certificate authority (CA) that
	// will be used to issue the certificate. If you do not provide an ARN and you are
	// trying to request a private certificate, ACM will attempt to issue a public
	// certificate. For more information about private CAs, see the [Amazon Web Services Private Certificate Authority]user guide. The
	// ARN must have the following form:
	//
	//     arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
	//
	// [Amazon Web Services Private Certificate Authority]: https://docs.aws.amazon.com/privateca/latest/userguide/PcaWelcome.html
	CertificateAuthorityArn *string

	// The domain name that you want ACM to use to send you emails so that you can
	// validate domain ownership.
	DomainValidationOptions []types.DomainValidationOption

	// Customer chosen string that can be used to distinguish between calls to
	// RequestCertificate . Idempotency tokens time out after one hour. Therefore, if
	// you call RequestCertificate multiple times with the same idempotency token
	// within one hour, ACM recognizes that you are requesting only one certificate and
	// will issue only one. If you change the idempotency token for each call, ACM
	// recognizes that you are requesting multiple certificates.
	IdempotencyToken *string

	// Specifies the algorithm of the public and private key pair that your
	// certificate uses to encrypt data. RSA is the default key algorithm for ACM
	// certificates. Elliptic Curve Digital Signature Algorithm (ECDSA) keys are
	// smaller, offering security comparable to RSA keys but with greater computing
	// efficiency. However, ECDSA is not supported by all network clients. Some Amazon
	// Web Services services may require RSA keys, or only support ECDSA keys of a
	// particular size, while others allow the use of either RSA and ECDSA keys to
	// ensure that compatibility is not broken. Check the requirements for the Amazon
	// Web Services service where you plan to deploy your certificate. For more
	// information about selecting an algorithm, see [Key algorithms].
	//
	// Algorithms supported for an ACM certificate request include:
	//
	//   - RSA_2048
	//
	//   - EC_prime256v1
	//
	//   - EC_secp384r1
	//
	// Other listed algorithms are for imported certificates only.
	//
	// When you request a private PKI certificate signed by a CA from Amazon Web
	// Services Private CA, the specified signing algorithm family (RSA or ECDSA) must
	// match the algorithm family of the CA's secret key.
	//
	// Default: RSA_2048
	//
	// [Key algorithms]: https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html#algorithms
	KeyAlgorithm types.KeyAlgorithm

	// Currently, you can use this parameter to specify whether to add the certificate
	// to a certificate transparency log. Certificate transparency makes it possible to
	// detect SSL/TLS certificates that have been mistakenly or maliciously issued.
	// Certificates that have not been logged typically produce an error message in a
	// browser. For more information, see [Opting Out of Certificate Transparency Logging].
	//
	// [Opting Out of Certificate Transparency Logging]: https://docs.aws.amazon.com/acm/latest/userguide/acm-bestpractices.html#best-practices-transparency
	Options *types.CertificateOptions

	// Additional FQDNs to be included in the Subject Alternative Name extension of
	// the ACM certificate. For example, add the name www.example.net to a certificate
	// for which the DomainName field is www.example.com if users can reach your site
	// by using either name. The maximum number of domain names that you can add to an
	// ACM certificate is 100. However, the initial quota is 10 domain names. If you
	// need more than 10 names, you must request a quota increase. For more
	// information, see [Quotas].
	//
	// The maximum length of a SAN DNS name is 253 octets. The name is made up of
	// multiple labels separated by periods. No label can be longer than 63 octets.
	// Consider the following examples:
	//
	//   - (63 octets).(63 octets).(63 octets).(61 octets) is legal because the total
	//   length is 253 octets (63+1+63+1+63+1+61) and no label exceeds 63 octets.
	//
	//   - (64 octets).(63 octets).(63 octets).(61 octets) is not legal because the
	//   total length exceeds 253 octets (64+1+63+1+63+1+61) and the first label exceeds
	//   63 octets.
	//
	//   - (63 octets).(63 octets).(63 octets).(62 octets) is not legal because the
	//   total length of the DNS name (63+1+63+1+63+1+62) exceeds 253 octets.
	//
	// [Quotas]: https://docs.aws.amazon.com/acm/latest/userguide/acm-limits.html
	SubjectAlternativeNames []string

	// One or more resource tags to associate with the certificate.
	Tags []types.Tag

	// The method you want to use if you are requesting a public certificate to
	// validate that you own or control domain. You can [validate with DNS]or [validate with email]. We recommend that you use
	// DNS validation.
	//
	// [validate with email]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-email.html
	// [validate with DNS]: https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html
	ValidationMethod types.ValidationMethod
	// contains filtered or unexported fields
}

type RequestCertificateOutput

type RequestCertificateOutput struct {

	// String that contains the ARN of the issued certificate. This must be of the
	// form:
	//
	//     arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
	CertificateArn *string

	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ResendValidationEmailInput

type ResendValidationEmailInput struct {

	// String that contains the ARN of the requested certificate. The certificate ARN
	// is generated and returned by the RequestCertificateaction as soon as the request is made. By
	// default, using this parameter causes email to be sent to all top-level domains
	// you specified in the certificate request. The ARN must be of the form:
	//
	//     arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
	//
	// This member is required.
	CertificateArn *string

	// The fully qualified domain name (FQDN) of the certificate that needs to be
	// validated.
	//
	// This member is required.
	Domain *string

	// The base validation domain that will act as the suffix of the email addresses
	// that are used to send the emails. This must be the same as the Domain value or
	// a superdomain of the Domain value. For example, if you requested a certificate
	// for site.subdomain.example.com and specify a ValidationDomain of
	// subdomain.example.com , ACM sends email to the domain registrant, technical
	// contact, and administrative contact in WHOIS and the following five addresses:
	//
	//   - admin@subdomain.example.com
	//
	//   - administrator@subdomain.example.com
	//
	//   - hostmaster@subdomain.example.com
	//
	//   - postmaster@subdomain.example.com
	//
	//   - webmaster@subdomain.example.com
	//
	// This member is required.
	ValidationDomain *string
	// contains filtered or unexported fields
}

type ResendValidationEmailOutput

type ResendValidationEmailOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

type ResolveEndpoint

type ResolveEndpoint struct {
	Resolver EndpointResolver
	Options  EndpointResolverOptions
}

func (*ResolveEndpoint) HandleSerialize

func (*ResolveEndpoint) ID

func (*ResolveEndpoint) ID() string

type UpdateCertificateOptionsInput

type UpdateCertificateOptionsInput struct {

	// ARN of the requested certificate to update. This must be of the form:
	//
	//     arn:aws:acm:us-east-1:account:certificate/12345678-1234-1234-1234-123456789012
	//
	// This member is required.
	CertificateArn *string

	// Use to update the options for your certificate. Currently, you can specify
	// whether to add your certificate to a transparency log. Certificate transparency
	// makes it possible to detect SSL/TLS certificates that have been mistakenly or
	// maliciously issued. Certificates that have not been logged typically produce an
	// error message in a browser.
	//
	// This member is required.
	Options *types.CertificateOptions
	// contains filtered or unexported fields
}

type UpdateCertificateOptionsOutput

type UpdateCertificateOptionsOutput struct {
	// Metadata pertaining to the operation's result.
	ResultMetadata middleware.Metadata
	// contains filtered or unexported fields
}

Directories

Path Synopsis
internal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL