ExpiryEventsConfiguration
Object containing expiration events options associated with an AWS account.
Contents
NoteIn the following list, the required parameters are described first.
DaysBeforeExpiry
Specifies the number of days prior to certificate expiration when ACM starts generating
EventBridge events. ACM sends one event per day per certificate until the certificate expires. By default, accounts receive events starting 45 days before certificate expiration.
Type: Integer
Valid Range: Minimum value of 1.
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for Ruby V3
ExtendedKeyUsage
ExtendedKeyUsage
The Extended Key Usage X.509 v3 extension defines one or more purposes for which the public key can be used. This is in addition to or in place of the basic purposes specified by the Key Usage extension.
Contents
NoteIn the following list, the required parameters are described first.
Name
The name of an Extended Key Usage value.
Type: String
Valid Values: TLS_WEB_SERVER_AUTHENTICATION | TLS_WEB_CLIENT_AUTHENTICATION
| CODE_SIGNING | EMAIL_PROTECTION | TIME_STAMPING | OCSP_SIGNING | IPSEC_END_SYSTEM | IPSEC_TUNNEL | IPSEC_USER | ANY | NONE | CUSTOM Required: No
OID
An object identifier (OID) for the extension value. OIDs are strings of numbers separated by periods.
The following OIDs are defined in RFC 3280 and RFC 5280.
• 1.3.6.1.5.5.7.3.1 (TLS_WEB_SERVER_AUTHENTICATION)
• 1.3.6.1.5.5.7.3.2 (TLS_WEB_CLIENT_AUTHENTICATION)
• 1.3.6.1.5.5.7.3.3 (CODE_SIGNING)
• 1.3.6.1.5.5.7.3.4 (EMAIL_PROTECTION)
• 1.3.6.1.5.5.7.3.8 (TIME_STAMPING)
• 1.3.6.1.5.5.7.3.9 (OCSP_SIGNING)
• 1.3.6.1.5.5.7.3.5 (IPSEC_END_SYSTEM)
• 1.3.6.1.5.5.7.3.6 (IPSEC_TUNNEL)
• 1.3.6.1.5.5.7.3.7 (IPSEC_USER) Type: String
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for Ruby V3
Filters
Filters
This structure can be used in the ListCertificates (p. 28) action to filter the output of the certificate list.
Contents
NoteIn the following list, the required parameters are described first.
extendedKeyUsage
Specify one or more ExtendedKeyUsage (p. 66) extension values.
Type: Array of strings
Valid Values: TLS_WEB_SERVER_AUTHENTICATION | TLS_WEB_CLIENT_AUTHENTICATION
| CODE_SIGNING | EMAIL_PROTECTION | TIME_STAMPING | OCSP_SIGNING | IPSEC_END_SYSTEM | IPSEC_TUNNEL | IPSEC_USER | ANY | NONE | CUSTOM Required: No
keyTypes
Specify one or more algorithms that can be used to generate key pairs.
Default filtering returns only RSA_1024 and RSA_2048 certificates that have at least one domain.
To return other certificate types, provide the desired type signatures in a comma-separated list. For example, "keyTypes": ["RSA_2048","RSA_4096"] returns both RSA_2048 and RSA_4096 certificates.
Type: Array of strings
Valid Values: RSA_1024 | RSA_2048 | RSA_3072 | RSA_4096 | EC_prime256v1 | EC_secp384r1 | EC_secp521r1
Required: No keyUsage
Specify one or more KeyUsage (p. 69) extension values.
Type: Array of strings
Valid Values: DIGITAL_SIGNATURE | NON_REPUDIATION | KEY_ENCIPHERMENT | DATA_ENCIPHERMENT | KEY_AGREEMENT | CERTIFICATE_SIGNING | CRL_SIGNING | ENCIPHER_ONLY | DECIPHER_ONLY | ANY | CUSTOM
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for Ruby V3
See Also
KeyUsage
KeyUsage
The Key Usage X.509 v3 extension defines the purpose of the public key contained in the certificate.
Contents
NoteIn the following list, the required parameters are described first.
Name
A string value that contains a Key Usage extension name.
Type: String
Valid Values: DIGITAL_SIGNATURE | NON_REPUDIATION | KEY_ENCIPHERMENT | DATA_ENCIPHERMENT | KEY_AGREEMENT | CERTIFICATE_SIGNING | CRL_SIGNING | ENCIPHER_ONLY | DECIPHER_ONLY | ANY | CUSTOM
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for Ruby V3
RenewalSummary
RenewalSummary
Contains information about the status of ACM's managed renewal for the certificate. This structure exists only when the certificate type is AMAZON_ISSUED.
Contents
NoteIn the following list, the required parameters are described first.
DomainValidationOptions
Contains information about the validation of each domain name in the certificate, as it pertains to ACM's managed renewal. This is different from the initial validation that occurs as a result of the RequestCertificate (p. 42) request. This field exists only when the certificate type is AMAZON_ISSUED.
Type: Array of DomainValidation (p. 62) objects
Array Members: Minimum number of 1 item. Maximum number of 1000 items.
Required: Yes RenewalStatus
The status of ACM's managed renewal of the certificate.
Type: String
Valid Values: PENDING_AUTO_RENEWAL | PENDING_VALIDATION | SUCCESS | FAILED Required: Yes
UpdatedAt
The time at which the renewal summary was last updated.
Type: Timestamp Required: Yes RenewalStatusReason
The reason that a renewal request was unsuccessful.
Type: String
Valid Values: NO_AVAILABLE_CONTACTS | ADDITIONAL_VERIFICATION_REQUIRED | DOMAIN_NOT_ALLOWED | INVALID_PUBLIC_DOMAIN | DOMAIN_VALIDATION_DENIED
| CAA_ERROR | PCA_LIMIT_EXCEEDED | PCA_INVALID_ARN | PCA_INVALID_STATE
| PCA_REQUEST_FAILED | PCA_NAME_CONSTRAINTS_VALIDATION |
PCA_RESOURCE_NOT_FOUND | PCA_INVALID_ARGS | PCA_INVALID_DURATION | PCA_ACCESS_DENIED | SLR_NOT_FOUND | OTHER
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++
See Also
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for Ruby V3
ResourceRecord
ResourceRecord
Contains a DNS record value that you can use to validate ownership or control of a domain. This is used by the DescribeCertificate (p. 9) action.
Contents
NoteIn the following list, the required parameters are described first.
Name
The name of the DNS record to create in your domain. This is supplied by ACM.
Type: String Required: Yes Type
The type of DNS record. Currently this can be CNAME.
Type: String
Valid Values: CNAME Required: Yes Value
The value of the CNAME record to add to your DNS database. This is supplied by ACM.
Type: String Required: Yes
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for Ruby V3
Tag
Tag
A key-value pair that identifies or specifies metadata about an ACM resource.
Contents
NoteIn the following list, the required parameters are described first.
Key
The key of the tag.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern: [\p{L}\p{Z}\p{N}_.:\/=+\-@]*
Required: Yes Value
The value of the tag.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 256.
Pattern: [\p{L}\p{Z}\p{N}_.:\/=+\-@]*
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
• AWS SDK for C++
• AWS SDK for Go
• AWS SDK for Java V2
• AWS SDK for Ruby V3