Copyright | (c) 2013-2023 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | Safe-Inferred |
Language | Haskell2010 |
Synopsis
- addTagsToCertificate_certificateArn :: Lens' AddTagsToCertificate Text
- addTagsToCertificate_tags :: Lens' AddTagsToCertificate (NonEmpty Tag)
- deleteCertificate_certificateArn :: Lens' DeleteCertificate Text
- describeCertificate_certificateArn :: Lens' DescribeCertificate Text
- describeCertificateResponse_certificate :: Lens' DescribeCertificateResponse (Maybe CertificateDetail)
- describeCertificateResponse_httpStatus :: Lens' DescribeCertificateResponse Int
- exportCertificate_certificateArn :: Lens' ExportCertificate Text
- exportCertificate_passphrase :: Lens' ExportCertificate ByteString
- exportCertificateResponse_certificate :: Lens' ExportCertificateResponse (Maybe Text)
- exportCertificateResponse_certificateChain :: Lens' ExportCertificateResponse (Maybe Text)
- exportCertificateResponse_privateKey :: Lens' ExportCertificateResponse (Maybe Text)
- exportCertificateResponse_httpStatus :: Lens' ExportCertificateResponse Int
- getAccountConfigurationResponse_expiryEvents :: Lens' GetAccountConfigurationResponse (Maybe ExpiryEventsConfiguration)
- getAccountConfigurationResponse_httpStatus :: Lens' GetAccountConfigurationResponse Int
- getCertificate_certificateArn :: Lens' GetCertificate Text
- getCertificateResponse_certificate :: Lens' GetCertificateResponse (Maybe Text)
- getCertificateResponse_certificateChain :: Lens' GetCertificateResponse (Maybe Text)
- getCertificateResponse_httpStatus :: Lens' GetCertificateResponse Int
- importCertificate_certificateArn :: Lens' ImportCertificate (Maybe Text)
- importCertificate_certificateChain :: Lens' ImportCertificate (Maybe ByteString)
- importCertificate_tags :: Lens' ImportCertificate (Maybe (NonEmpty Tag))
- importCertificate_certificate :: Lens' ImportCertificate ByteString
- importCertificate_privateKey :: Lens' ImportCertificate ByteString
- importCertificateResponse_certificateArn :: Lens' ImportCertificateResponse (Maybe Text)
- importCertificateResponse_httpStatus :: Lens' ImportCertificateResponse Int
- listCertificates_certificateStatuses :: Lens' ListCertificates (Maybe [CertificateStatus])
- listCertificates_includes :: Lens' ListCertificates (Maybe Filters)
- listCertificates_maxItems :: Lens' ListCertificates (Maybe Natural)
- listCertificates_nextToken :: Lens' ListCertificates (Maybe Text)
- listCertificates_sortBy :: Lens' ListCertificates (Maybe SortBy)
- listCertificates_sortOrder :: Lens' ListCertificates (Maybe SortOrder)
- listCertificatesResponse_certificateSummaryList :: Lens' ListCertificatesResponse (Maybe [CertificateSummary])
- listCertificatesResponse_nextToken :: Lens' ListCertificatesResponse (Maybe Text)
- listCertificatesResponse_httpStatus :: Lens' ListCertificatesResponse Int
- listTagsForCertificate_certificateArn :: Lens' ListTagsForCertificate Text
- listTagsForCertificateResponse_tags :: Lens' ListTagsForCertificateResponse (Maybe (NonEmpty Tag))
- listTagsForCertificateResponse_httpStatus :: Lens' ListTagsForCertificateResponse Int
- putAccountConfiguration_expiryEvents :: Lens' PutAccountConfiguration (Maybe ExpiryEventsConfiguration)
- putAccountConfiguration_idempotencyToken :: Lens' PutAccountConfiguration Text
- removeTagsFromCertificate_certificateArn :: Lens' RemoveTagsFromCertificate Text
- removeTagsFromCertificate_tags :: Lens' RemoveTagsFromCertificate (NonEmpty Tag)
- renewCertificate_certificateArn :: Lens' RenewCertificate Text
- requestCertificate_certificateAuthorityArn :: Lens' RequestCertificate (Maybe Text)
- requestCertificate_domainValidationOptions :: Lens' RequestCertificate (Maybe (NonEmpty DomainValidationOption))
- requestCertificate_idempotencyToken :: Lens' RequestCertificate (Maybe Text)
- requestCertificate_keyAlgorithm :: Lens' RequestCertificate (Maybe KeyAlgorithm)
- requestCertificate_options :: Lens' RequestCertificate (Maybe CertificateOptions)
- requestCertificate_subjectAlternativeNames :: Lens' RequestCertificate (Maybe (NonEmpty Text))
- requestCertificate_tags :: Lens' RequestCertificate (Maybe (NonEmpty Tag))
- requestCertificate_validationMethod :: Lens' RequestCertificate (Maybe ValidationMethod)
- requestCertificate_domainName :: Lens' RequestCertificate Text
- requestCertificateResponse_certificateArn :: Lens' RequestCertificateResponse (Maybe Text)
- requestCertificateResponse_httpStatus :: Lens' RequestCertificateResponse Int
- resendValidationEmail_certificateArn :: Lens' ResendValidationEmail Text
- resendValidationEmail_domain :: Lens' ResendValidationEmail Text
- resendValidationEmail_validationDomain :: Lens' ResendValidationEmail Text
- updateCertificateOptions_certificateArn :: Lens' UpdateCertificateOptions Text
- updateCertificateOptions_options :: Lens' UpdateCertificateOptions CertificateOptions
- certificateDetail_certificateArn :: Lens' CertificateDetail (Maybe Text)
- certificateDetail_certificateAuthorityArn :: Lens' CertificateDetail (Maybe Text)
- certificateDetail_createdAt :: Lens' CertificateDetail (Maybe UTCTime)
- certificateDetail_domainName :: Lens' CertificateDetail (Maybe Text)
- certificateDetail_domainValidationOptions :: Lens' CertificateDetail (Maybe (NonEmpty DomainValidation))
- certificateDetail_extendedKeyUsages :: Lens' CertificateDetail (Maybe [ExtendedKeyUsage])
- certificateDetail_failureReason :: Lens' CertificateDetail (Maybe FailureReason)
- certificateDetail_importedAt :: Lens' CertificateDetail (Maybe UTCTime)
- certificateDetail_inUseBy :: Lens' CertificateDetail (Maybe [Text])
- certificateDetail_issuedAt :: Lens' CertificateDetail (Maybe UTCTime)
- certificateDetail_issuer :: Lens' CertificateDetail (Maybe Text)
- certificateDetail_keyAlgorithm :: Lens' CertificateDetail (Maybe KeyAlgorithm)
- certificateDetail_keyUsages :: Lens' CertificateDetail (Maybe [KeyUsage])
- certificateDetail_notAfter :: Lens' CertificateDetail (Maybe UTCTime)
- certificateDetail_notBefore :: Lens' CertificateDetail (Maybe UTCTime)
- certificateDetail_options :: Lens' CertificateDetail (Maybe CertificateOptions)
- certificateDetail_renewalEligibility :: Lens' CertificateDetail (Maybe RenewalEligibility)
- certificateDetail_renewalSummary :: Lens' CertificateDetail (Maybe RenewalSummary)
- certificateDetail_revocationReason :: Lens' CertificateDetail (Maybe RevocationReason)
- certificateDetail_revokedAt :: Lens' CertificateDetail (Maybe UTCTime)
- certificateDetail_serial :: Lens' CertificateDetail (Maybe Text)
- certificateDetail_signatureAlgorithm :: Lens' CertificateDetail (Maybe Text)
- certificateDetail_status :: Lens' CertificateDetail (Maybe CertificateStatus)
- certificateDetail_subject :: Lens' CertificateDetail (Maybe Text)
- certificateDetail_subjectAlternativeNames :: Lens' CertificateDetail (Maybe (NonEmpty Text))
- certificateDetail_type :: Lens' CertificateDetail (Maybe CertificateType)
- certificateOptions_certificateTransparencyLoggingPreference :: Lens' CertificateOptions (Maybe CertificateTransparencyLoggingPreference)
- certificateSummary_certificateArn :: Lens' CertificateSummary (Maybe Text)
- certificateSummary_createdAt :: Lens' CertificateSummary (Maybe UTCTime)
- certificateSummary_domainName :: Lens' CertificateSummary (Maybe Text)
- certificateSummary_exported :: Lens' CertificateSummary (Maybe Bool)
- certificateSummary_extendedKeyUsages :: Lens' CertificateSummary (Maybe [ExtendedKeyUsageName])
- certificateSummary_hasAdditionalSubjectAlternativeNames :: Lens' CertificateSummary (Maybe Bool)
- certificateSummary_importedAt :: Lens' CertificateSummary (Maybe UTCTime)
- certificateSummary_inUse :: Lens' CertificateSummary (Maybe Bool)
- certificateSummary_issuedAt :: Lens' CertificateSummary (Maybe UTCTime)
- certificateSummary_keyAlgorithm :: Lens' CertificateSummary (Maybe KeyAlgorithm)
- certificateSummary_keyUsages :: Lens' CertificateSummary (Maybe [KeyUsageName])
- certificateSummary_notAfter :: Lens' CertificateSummary (Maybe UTCTime)
- certificateSummary_notBefore :: Lens' CertificateSummary (Maybe UTCTime)
- certificateSummary_renewalEligibility :: Lens' CertificateSummary (Maybe RenewalEligibility)
- certificateSummary_revokedAt :: Lens' CertificateSummary (Maybe UTCTime)
- certificateSummary_status :: Lens' CertificateSummary (Maybe CertificateStatus)
- certificateSummary_subjectAlternativeNameSummaries :: Lens' CertificateSummary (Maybe (NonEmpty Text))
- certificateSummary_type :: Lens' CertificateSummary (Maybe CertificateType)
- domainValidation_resourceRecord :: Lens' DomainValidation (Maybe ResourceRecord)
- domainValidation_validationDomain :: Lens' DomainValidation (Maybe Text)
- domainValidation_validationEmails :: Lens' DomainValidation (Maybe [Text])
- domainValidation_validationMethod :: Lens' DomainValidation (Maybe ValidationMethod)
- domainValidation_validationStatus :: Lens' DomainValidation (Maybe DomainStatus)
- domainValidation_domainName :: Lens' DomainValidation Text
- domainValidationOption_domainName :: Lens' DomainValidationOption Text
- domainValidationOption_validationDomain :: Lens' DomainValidationOption Text
- expiryEventsConfiguration_daysBeforeExpiry :: Lens' ExpiryEventsConfiguration (Maybe Natural)
- extendedKeyUsage_name :: Lens' ExtendedKeyUsage (Maybe ExtendedKeyUsageName)
- extendedKeyUsage_oid :: Lens' ExtendedKeyUsage (Maybe Text)
- filters_extendedKeyUsage :: Lens' Filters (Maybe [ExtendedKeyUsageName])
- filters_keyTypes :: Lens' Filters (Maybe [KeyAlgorithm])
- filters_keyUsage :: Lens' Filters (Maybe [KeyUsageName])
- keyUsage_name :: Lens' KeyUsage (Maybe KeyUsageName)
- renewalSummary_renewalStatusReason :: Lens' RenewalSummary (Maybe FailureReason)
- renewalSummary_renewalStatus :: Lens' RenewalSummary RenewalStatus
- renewalSummary_domainValidationOptions :: Lens' RenewalSummary (NonEmpty DomainValidation)
- renewalSummary_updatedAt :: Lens' RenewalSummary UTCTime
- resourceRecord_name :: Lens' ResourceRecord Text
- resourceRecord_type :: Lens' ResourceRecord RecordType
- resourceRecord_value :: Lens' ResourceRecord Text
- tag_value :: Lens' Tag (Maybe Text)
- tag_key :: Lens' Tag Text
Operations
AddTagsToCertificate
addTagsToCertificate_certificateArn :: Lens' AddTagsToCertificate Text Source #
String that contains the ARN of the ACM certificate to which the tag is to be applied. This must be of the form:
arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
For more information about ARNs, see Amazon Resource Names (ARNs).
addTagsToCertificate_tags :: Lens' AddTagsToCertificate (NonEmpty Tag) Source #
The key-value pair that defines the tag. The tag value is optional.
DeleteCertificate
deleteCertificate_certificateArn :: Lens' DeleteCertificate Text Source #
String that contains the ARN of the ACM certificate to be deleted. This must be of the form:
arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
For more information about ARNs, see Amazon Resource Names (ARNs).
DescribeCertificate
describeCertificate_certificateArn :: Lens' DescribeCertificate Text Source #
The Amazon Resource Name (ARN) of the ACM certificate. The ARN must have the following form:
arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
For more information about ARNs, see Amazon Resource Names (ARNs).
describeCertificateResponse_certificate :: Lens' DescribeCertificateResponse (Maybe CertificateDetail) Source #
Metadata about an ACM certificate.
describeCertificateResponse_httpStatus :: Lens' DescribeCertificateResponse Int Source #
The response's http status code.
ExportCertificate
exportCertificate_certificateArn :: Lens' ExportCertificate Text Source #
An Amazon Resource Name (ARN) of the issued certificate. This must be of the form:
arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012
exportCertificate_passphrase :: Lens' ExportCertificate ByteString Source #
Passphrase to associate with the encrypted exported private key.
When creating your passphrase, you can use any ASCII character except #, $, or %.
If you want to later decrypt the private key, you must have the passphrase. You can use the following OpenSSL command to decrypt a private key. After entering the command, you are prompted for the passphrase.
openssl rsa -in encrypted_key.pem -out decrypted_key.pem
--
-- Note: This Lens
automatically encodes and decodes Base64 data.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This Lens
accepts and returns only raw unencoded data.
exportCertificateResponse_certificate :: Lens' ExportCertificateResponse (Maybe Text) Source #
The base64 PEM-encoded certificate.
exportCertificateResponse_certificateChain :: Lens' ExportCertificateResponse (Maybe Text) Source #
The base64 PEM-encoded certificate chain. This does not include the certificate that you are exporting.
exportCertificateResponse_privateKey :: Lens' ExportCertificateResponse (Maybe Text) Source #
The encrypted private key associated with the public key in the certificate. The key is output in PKCS #8 format and is base64 PEM-encoded.
exportCertificateResponse_httpStatus :: Lens' ExportCertificateResponse Int Source #
The response's http status code.
GetAccountConfiguration
getAccountConfigurationResponse_expiryEvents :: Lens' GetAccountConfigurationResponse (Maybe ExpiryEventsConfiguration) Source #
Expiration events configuration options associated with the Amazon Web Services account.
getAccountConfigurationResponse_httpStatus :: Lens' GetAccountConfigurationResponse Int Source #
The response's http status code.
GetCertificate
getCertificate_certificateArn :: Lens' GetCertificate Text Source #
String that contains a certificate ARN in the following format:
arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
For more information about ARNs, see Amazon Resource Names (ARNs).
getCertificateResponse_certificate :: Lens' GetCertificateResponse (Maybe Text) Source #
The ACM-issued certificate corresponding to the ARN specified as input.
getCertificateResponse_certificateChain :: Lens' GetCertificateResponse (Maybe Text) Source #
Certificates forming the requested certificate's chain of trust. The chain consists of the certificate of the issuing CA and the intermediate certificates of any other subordinate CAs.
getCertificateResponse_httpStatus :: Lens' GetCertificateResponse Int Source #
The response's http status code.
ImportCertificate
importCertificate_certificateArn :: Lens' ImportCertificate (Maybe Text) Source #
The Amazon Resource Name (ARN) of an imported certificate to replace. To import a new certificate, omit this field.
importCertificate_certificateChain :: Lens' ImportCertificate (Maybe ByteString) Source #
The PEM encoded certificate chain.--
-- Note: This Lens
automatically encodes and decodes Base64 data.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This Lens
accepts and returns only raw unencoded data.
importCertificate_tags :: Lens' ImportCertificate (Maybe (NonEmpty Tag)) Source #
One or more resource tags to associate with the imported certificate.
Note: You cannot apply tags when reimporting a certificate.
importCertificate_certificate :: Lens' ImportCertificate ByteString Source #
The certificate to import.--
-- Note: This Lens
automatically encodes and decodes Base64 data.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This Lens
accepts and returns only raw unencoded data.
importCertificate_privateKey :: Lens' ImportCertificate ByteString Source #
The private key that matches the public key in the certificate.--
-- Note: This Lens
automatically encodes and decodes Base64 data.
-- The underlying isomorphism will encode to Base64 representation during
-- serialisation, and decode from Base64 representation during deserialisation.
-- This Lens
accepts and returns only raw unencoded data.
importCertificateResponse_certificateArn :: Lens' ImportCertificateResponse (Maybe Text) Source #
The Amazon Resource Name (ARN) of the imported certificate.
importCertificateResponse_httpStatus :: Lens' ImportCertificateResponse Int Source #
The response's http status code.
ListCertificates
listCertificates_certificateStatuses :: Lens' ListCertificates (Maybe [CertificateStatus]) Source #
Filter the certificate list by status value.
listCertificates_includes :: Lens' ListCertificates (Maybe Filters) Source #
Filter the certificate list. For more information, see the Filters structure.
listCertificates_maxItems :: Lens' ListCertificates (Maybe Natural) Source #
Use this parameter when paginating results to specify the maximum number
of items to return in the response. If additional items exist beyond the
number you specify, the NextToken
element is sent in the response. Use
this NextToken
value in a subsequent request to retrieve additional
items.
listCertificates_nextToken :: Lens' ListCertificates (Maybe Text) Source #
Use this parameter only when paginating results and only in a subsequent
request after you receive a response with truncated results. Set it to
the value of NextToken
from the response you just received.
listCertificates_sortBy :: Lens' ListCertificates (Maybe SortBy) Source #
Specifies the field to sort results by. If you specify SortBy
, you
must also specify SortOrder
.
listCertificates_sortOrder :: Lens' ListCertificates (Maybe SortOrder) Source #
Specifies the order of sorted results. If you specify SortOrder
, you
must also specify SortBy
.
listCertificatesResponse_certificateSummaryList :: Lens' ListCertificatesResponse (Maybe [CertificateSummary]) Source #
A list of ACM certificates.
listCertificatesResponse_nextToken :: Lens' ListCertificatesResponse (Maybe Text) Source #
When the list is truncated, this value is present and contains the value
to use for the NextToken
parameter in a subsequent pagination request.
listCertificatesResponse_httpStatus :: Lens' ListCertificatesResponse Int Source #
The response's http status code.
ListTagsForCertificate
listTagsForCertificate_certificateArn :: Lens' ListTagsForCertificate Text Source #
String that contains the ARN of the ACM certificate for which you want to list the tags. This must have the following form:
arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
For more information about ARNs, see Amazon Resource Names (ARNs).
listTagsForCertificateResponse_tags :: Lens' ListTagsForCertificateResponse (Maybe (NonEmpty Tag)) Source #
The key-value pairs that define the applied tags.
listTagsForCertificateResponse_httpStatus :: Lens' ListTagsForCertificateResponse Int Source #
The response's http status code.
PutAccountConfiguration
putAccountConfiguration_expiryEvents :: Lens' PutAccountConfiguration (Maybe ExpiryEventsConfiguration) Source #
Specifies expiration events associated with an account.
putAccountConfiguration_idempotencyToken :: Lens' PutAccountConfiguration Text Source #
Customer-chosen string used to distinguish between calls to
PutAccountConfiguration
. Idempotency tokens time out after one hour.
If you call PutAccountConfiguration
multiple times with the same
unexpired idempotency token, ACM treats it as the same request and
returns the original result. If you change the idempotency token for
each call, ACM treats each call as a new request.
RemoveTagsFromCertificate
removeTagsFromCertificate_certificateArn :: Lens' RemoveTagsFromCertificate Text Source #
String that contains the ARN of the ACM Certificate with one or more tags that you want to remove. This must be of the form:
arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
For more information about ARNs, see Amazon Resource Names (ARNs).
removeTagsFromCertificate_tags :: Lens' RemoveTagsFromCertificate (NonEmpty Tag) Source #
The key-value pair that defines the tag to remove.
RenewCertificate
renewCertificate_certificateArn :: Lens' RenewCertificate Text Source #
String that contains the ARN of the ACM certificate to be renewed. This must be of the form:
arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
For more information about ARNs, see Amazon Resource Names (ARNs).
RequestCertificate
requestCertificate_certificateAuthorityArn :: Lens' RequestCertificate (Maybe Text) Source #
The Amazon Resource Name (ARN) of the private certificate authority (CA) that will be used to issue the certificate. If you do not provide an ARN and you are trying to request a private certificate, ACM will attempt to issue a public certificate. For more information about private CAs, see the Amazon Web Services Private Certificate Authority user guide. The ARN must have the following form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
requestCertificate_domainValidationOptions :: Lens' RequestCertificate (Maybe (NonEmpty DomainValidationOption)) Source #
The domain name that you want ACM to use to send you emails so that you can validate domain ownership.
requestCertificate_idempotencyToken :: Lens' RequestCertificate (Maybe Text) Source #
Customer chosen string that can be used to distinguish between calls to
RequestCertificate
. Idempotency tokens time out after one hour.
Therefore, if you call RequestCertificate
multiple times with the same
idempotency token within one hour, ACM recognizes that you are
requesting only one certificate and will issue only one. If you change
the idempotency token for each call, ACM recognizes that you are
requesting multiple certificates.
requestCertificate_keyAlgorithm :: Lens' RequestCertificate (Maybe KeyAlgorithm) Source #
Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. RSA is the default key algorithm for ACM certificates. Elliptic Curve Digital Signature Algorithm (ECDSA) keys are smaller, offering security comparable to RSA keys but with greater computing efficiency. However, ECDSA is not supported by all network clients. Some AWS services may require RSA keys, or only support ECDSA keys of a particular size, while others allow the use of either RSA and ECDSA keys to ensure that compatibility is not broken. Check the requirements for the AWS service where you plan to deploy your certificate.
Default: RSA_2048
requestCertificate_options :: Lens' RequestCertificate (Maybe CertificateOptions) Source #
Currently, you can use this parameter to specify whether to add the certificate to a certificate transparency log. Certificate transparency makes it possible to detect SSL/TLS certificates that have been mistakenly or maliciously issued. Certificates that have not been logged typically produce an error message in a browser. For more information, see Opting Out of Certificate Transparency Logging.
requestCertificate_subjectAlternativeNames :: Lens' RequestCertificate (Maybe (NonEmpty Text)) Source #
Additional FQDNs to be included in the Subject Alternative Name
extension of the ACM certificate. For example, add the name
www.example.net to a certificate for which the DomainName
field is
www.example.com if users can reach your site by using either name. The
maximum number of domain names that you can add to an ACM certificate is
100. However, the initial quota is 10 domain names. If you need more
than 10 names, you must request a quota increase. For more information,
see
Quotas.
The maximum length of a SAN DNS name is 253 octets. The name is made up of multiple labels separated by periods. No label can be longer than 63 octets. Consider the following examples:
(63 octets).(63 octets).(63 octets).(61 octets)
is legal because the total length is 253 octets (63+1+63+1+63+1+61) and no label exceeds 63 octets.(64 octets).(63 octets).(63 octets).(61 octets)
is not legal because the total length exceeds 253 octets (64+1+63+1+63+1+61) and the first label exceeds 63 octets.(63 octets).(63 octets).(63 octets).(62 octets)
is not legal because the total length of the DNS name (63+1+63+1+63+1+62) exceeds 253 octets.
requestCertificate_tags :: Lens' RequestCertificate (Maybe (NonEmpty Tag)) Source #
One or more resource tags to associate with the certificate.
requestCertificate_validationMethod :: Lens' RequestCertificate (Maybe ValidationMethod) Source #
The method you want to use if you are requesting a public certificate to validate that you own or control domain. You can validate with DNS or validate with email. We recommend that you use DNS validation.
requestCertificate_domainName :: Lens' RequestCertificate Text Source #
Fully qualified domain name (FQDN), such as www.example.com, that you want to secure with an ACM certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example, *.example.com protects www.example.com, site.example.com, and images.example.com.
In compliance with RFC 5280, the length of the domain name (technically, the Common Name) that you provide cannot exceed 64 octets (characters), including periods. To add a longer domain name, specify it in the Subject Alternative Name field, which supports names up to 253 octets in length.
requestCertificateResponse_certificateArn :: Lens' RequestCertificateResponse (Maybe Text) Source #
String that contains the ARN of the issued certificate. This must be of the form:
arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
requestCertificateResponse_httpStatus :: Lens' RequestCertificateResponse Int Source #
The response's http status code.
ResendValidationEmail
resendValidationEmail_certificateArn :: Lens' ResendValidationEmail Text Source #
String that contains the ARN of the requested certificate. The certificate ARN is generated and returned by the RequestCertificate action as soon as the request is made. By default, using this parameter causes email to be sent to all top-level domains you specified in the certificate request. The ARN must be of the form:
arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
resendValidationEmail_domain :: Lens' ResendValidationEmail Text Source #
The fully qualified domain name (FQDN) of the certificate that needs to be validated.
resendValidationEmail_validationDomain :: Lens' ResendValidationEmail Text Source #
The base validation domain that will act as the suffix of the email
addresses that are used to send the emails. This must be the same as the
Domain
value or a superdomain of the Domain
value. For example, if
you requested a certificate for site.subdomain.example.com
and specify
a ValidationDomain of subdomain.example.com
, ACM sends email to
the domain registrant, technical contact, and administrative contact in
WHOIS and the following five addresses:
- admin@subdomain.example.com
- administrator@subdomain.example.com
- hostmaster@subdomain.example.com
- postmaster@subdomain.example.com
- webmaster@subdomain.example.com
UpdateCertificateOptions
updateCertificateOptions_certificateArn :: Lens' UpdateCertificateOptions Text Source #
ARN of the requested certificate to update. This must be of the form:
arn:aws:acm:us-east-1:
account
:certificate/
12345678-1234-1234-1234-123456789012
updateCertificateOptions_options :: Lens' UpdateCertificateOptions CertificateOptions Source #
Use to update the options for your certificate. Currently, you can specify whether to add your certificate to a transparency log. Certificate transparency makes it possible to detect SSL/TLS certificates that have been mistakenly or maliciously issued. Certificates that have not been logged typically produce an error message in a browser.
Types
CertificateDetail
certificateDetail_certificateArn :: Lens' CertificateDetail (Maybe Text) Source #
The Amazon Resource Name (ARN) of the certificate. For more information about ARNs, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.
certificateDetail_certificateAuthorityArn :: Lens' CertificateDetail (Maybe Text) Source #
The Amazon Resource Name (ARN) of the private certificate authority (CA) that issued the certificate. This has the following format:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
certificateDetail_createdAt :: Lens' CertificateDetail (Maybe UTCTime) Source #
The time at which the certificate was requested.
certificateDetail_domainName :: Lens' CertificateDetail (Maybe Text) Source #
The fully qualified domain name for the certificate, such as www.example.com or example.com.
certificateDetail_domainValidationOptions :: Lens' CertificateDetail (Maybe (NonEmpty DomainValidation)) Source #
Contains information about the initial validation of each domain name
that occurs as a result of the RequestCertificate request. This field
exists only when the certificate type is AMAZON_ISSUED
.
certificateDetail_extendedKeyUsages :: Lens' CertificateDetail (Maybe [ExtendedKeyUsage]) Source #
Contains a list of Extended Key Usage X.509 v3 extension objects. Each object specifies a purpose for which the certificate public key can be used and consists of a name and an object identifier (OID).
certificateDetail_failureReason :: Lens' CertificateDetail (Maybe FailureReason) Source #
The reason the certificate request failed. This value exists only when
the certificate status is FAILED
. For more information, see
Certificate Request Failed
in the Certificate Manager User Guide.
certificateDetail_importedAt :: Lens' CertificateDetail (Maybe UTCTime) Source #
The date and time when the certificate was imported. This value exists
only when the certificate type is IMPORTED
.
certificateDetail_inUseBy :: Lens' CertificateDetail (Maybe [Text]) Source #
A list of ARNs for the Amazon Web Services resources that are using the certificate. A certificate can be used by multiple Amazon Web Services resources.
certificateDetail_issuedAt :: Lens' CertificateDetail (Maybe UTCTime) Source #
The time at which the certificate was issued. This value exists only
when the certificate type is AMAZON_ISSUED
.
certificateDetail_issuer :: Lens' CertificateDetail (Maybe Text) Source #
The name of the certificate authority that issued and signed the certificate.
certificateDetail_keyAlgorithm :: Lens' CertificateDetail (Maybe KeyAlgorithm) Source #
The algorithm that was used to generate the public-private key pair.
certificateDetail_keyUsages :: Lens' CertificateDetail (Maybe [KeyUsage]) Source #
A list of Key Usage X.509 v3 extension objects. Each object is a string value that identifies the purpose of the public key contained in the certificate. Possible extension values include DIGITAL_SIGNATURE, KEY_ENCHIPHERMENT, NON_REPUDIATION, and more.
certificateDetail_notAfter :: Lens' CertificateDetail (Maybe UTCTime) Source #
The time after which the certificate is not valid.
certificateDetail_notBefore :: Lens' CertificateDetail (Maybe UTCTime) Source #
The time before which the certificate is not valid.
certificateDetail_options :: Lens' CertificateDetail (Maybe CertificateOptions) Source #
Value that specifies whether to add the certificate to a transparency log. Certificate transparency makes it possible to detect SSL certificates that have been mistakenly or maliciously issued. A browser might respond to certificate that has not been logged by showing an error message. The logs are cryptographically secure.
certificateDetail_renewalEligibility :: Lens' CertificateDetail (Maybe RenewalEligibility) Source #
Specifies whether the certificate is eligible for renewal. At this time, only exported private certificates can be renewed with the RenewCertificate command.
certificateDetail_renewalSummary :: Lens' CertificateDetail (Maybe RenewalSummary) Source #
Contains information about the status of ACM's
managed renewal
for the certificate. This field exists only when the certificate type is
AMAZON_ISSUED
.
certificateDetail_revocationReason :: Lens' CertificateDetail (Maybe RevocationReason) Source #
The reason the certificate was revoked. This value exists only when the
certificate status is REVOKED
.
certificateDetail_revokedAt :: Lens' CertificateDetail (Maybe UTCTime) Source #
The time at which the certificate was revoked. This value exists only
when the certificate status is REVOKED
.
certificateDetail_serial :: Lens' CertificateDetail (Maybe Text) Source #
The serial number of the certificate.
certificateDetail_signatureAlgorithm :: Lens' CertificateDetail (Maybe Text) Source #
The algorithm that was used to sign the certificate.
certificateDetail_status :: Lens' CertificateDetail (Maybe CertificateStatus) Source #
The status of the certificate.
A certificate enters status PENDING_VALIDATION upon being requested, unless it fails for any of the reasons given in the troubleshooting topic Certificate request fails. ACM makes repeated attempts to validate a certificate for 72 hours and then times out. If a certificate shows status FAILED or VALIDATION_TIMED_OUT, delete the request, correct the issue with DNS validation or Email validation, and try again. If validation succeeds, the certificate enters status ISSUED.
certificateDetail_subject :: Lens' CertificateDetail (Maybe Text) Source #
The name of the entity that is associated with the public key contained in the certificate.
certificateDetail_subjectAlternativeNames :: Lens' CertificateDetail (Maybe (NonEmpty Text)) Source #
One or more domain names (subject alternative names) included in the certificate. This list contains the domain names that are bound to the public key that is contained in the certificate. The subject alternative names include the canonical domain name (CN) of the certificate and additional domain names that can be used to connect to the website.
certificateDetail_type :: Lens' CertificateDetail (Maybe CertificateType) Source #
The source of the certificate. For certificates provided by ACM, this
value is AMAZON_ISSUED
. For certificates that you imported with
ImportCertificate, this value is IMPORTED
. ACM does not provide
managed renewal
for imported certificates. For more information about the differences
between certificates that you import and those that ACM provides, see
Importing Certificates
in the Certificate Manager User Guide.
CertificateOptions
certificateOptions_certificateTransparencyLoggingPreference :: Lens' CertificateOptions (Maybe CertificateTransparencyLoggingPreference) Source #
You can opt out of certificate transparency logging by specifying the
DISABLED
option. Opt in by specifying ENABLED
.
CertificateSummary
certificateSummary_certificateArn :: Lens' CertificateSummary (Maybe Text) Source #
Amazon Resource Name (ARN) of the certificate. This is of the form:
arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
For more information about ARNs, see Amazon Resource Names (ARNs).
certificateSummary_createdAt :: Lens' CertificateSummary (Maybe UTCTime) Source #
The time at which the certificate was requested.
certificateSummary_domainName :: Lens' CertificateSummary (Maybe Text) Source #
Fully qualified domain name (FQDN), such as www.example.com or example.com, for the certificate.
certificateSummary_exported :: Lens' CertificateSummary (Maybe Bool) Source #
Indicates whether the certificate has been exported. This value exists
only when the certificate type is PRIVATE
.
certificateSummary_extendedKeyUsages :: Lens' CertificateSummary (Maybe [ExtendedKeyUsageName]) Source #
Contains a list of Extended Key Usage X.509 v3 extension objects. Each object specifies a purpose for which the certificate public key can be used and consists of a name and an object identifier (OID).
certificateSummary_hasAdditionalSubjectAlternativeNames :: Lens' CertificateSummary (Maybe Bool) Source #
When called by ListCertificates, indicates whether the full list of subject alternative names has been included in the response. If false, the response includes all of the subject alternative names included in the certificate. If true, the response only includes the first 100 subject alternative names included in the certificate. To display the full list of subject alternative names, use DescribeCertificate.
certificateSummary_importedAt :: Lens' CertificateSummary (Maybe UTCTime) Source #
The date and time when the certificate was imported. This value exists
only when the certificate type is IMPORTED
.
certificateSummary_inUse :: Lens' CertificateSummary (Maybe Bool) Source #
Indicates whether the certificate is currently in use by any Amazon Web Services resources.
certificateSummary_issuedAt :: Lens' CertificateSummary (Maybe UTCTime) Source #
The time at which the certificate was issued. This value exists only
when the certificate type is AMAZON_ISSUED
.
certificateSummary_keyAlgorithm :: Lens' CertificateSummary (Maybe KeyAlgorithm) Source #
The algorithm that was used to generate the public-private key pair.
certificateSummary_keyUsages :: Lens' CertificateSummary (Maybe [KeyUsageName]) Source #
A list of Key Usage X.509 v3 extension objects. Each object is a string value that identifies the purpose of the public key contained in the certificate. Possible extension values include DIGITAL_SIGNATURE, KEY_ENCHIPHERMENT, NON_REPUDIATION, and more.
certificateSummary_notAfter :: Lens' CertificateSummary (Maybe UTCTime) Source #
The time after which the certificate is not valid.
certificateSummary_notBefore :: Lens' CertificateSummary (Maybe UTCTime) Source #
The time before which the certificate is not valid.
certificateSummary_renewalEligibility :: Lens' CertificateSummary (Maybe RenewalEligibility) Source #
Specifies whether the certificate is eligible for renewal. At this time, only exported private certificates can be renewed with the RenewCertificate command.
certificateSummary_revokedAt :: Lens' CertificateSummary (Maybe UTCTime) Source #
The time at which the certificate was revoked. This value exists only
when the certificate status is REVOKED
.
certificateSummary_status :: Lens' CertificateSummary (Maybe CertificateStatus) Source #
The status of the certificate.
A certificate enters status PENDING_VALIDATION upon being requested, unless it fails for any of the reasons given in the troubleshooting topic Certificate request fails. ACM makes repeated attempts to validate a certificate for 72 hours and then times out. If a certificate shows status FAILED or VALIDATION_TIMED_OUT, delete the request, correct the issue with DNS validation or Email validation, and try again. If validation succeeds, the certificate enters status ISSUED.
certificateSummary_subjectAlternativeNameSummaries :: Lens' CertificateSummary (Maybe (NonEmpty Text)) Source #
One or more domain names (subject alternative names) included in the certificate. This list contains the domain names that are bound to the public key that is contained in the certificate. The subject alternative names include the canonical domain name (CN) of the certificate and additional domain names that can be used to connect to the website.
When called by ListCertificates, this parameter will only return the first 100 subject alternative names included in the certificate. To display the full list of subject alternative names, use DescribeCertificate.
certificateSummary_type :: Lens' CertificateSummary (Maybe CertificateType) Source #
The source of the certificate. For certificates provided by ACM, this
value is AMAZON_ISSUED
. For certificates that you imported with
ImportCertificate, this value is IMPORTED
. ACM does not provide
managed renewal
for imported certificates. For more information about the differences
between certificates that you import and those that ACM provides, see
Importing Certificates
in the Certificate Manager User Guide.
DomainValidation
domainValidation_resourceRecord :: Lens' DomainValidation (Maybe ResourceRecord) Source #
Contains the CNAME record that you add to your DNS database for domain validation. For more information, see Use DNS to Validate Domain Ownership.
Note: The CNAME information that you need does not include the name of your domain. If you include your domain name in the DNS database CNAME record, validation fails. For example, if the name is "_a79865eb4cd1a6ab990a45779b4e0b96.yourdomain.com", only "_a79865eb4cd1a6ab990a45779b4e0b96" must be used.
domainValidation_validationDomain :: Lens' DomainValidation (Maybe Text) Source #
The domain name that ACM used to send domain validation emails.
domainValidation_validationEmails :: Lens' DomainValidation (Maybe [Text]) Source #
A list of email addresses that ACM used to send domain validation emails.
domainValidation_validationMethod :: Lens' DomainValidation (Maybe ValidationMethod) Source #
Specifies the domain validation method.
domainValidation_validationStatus :: Lens' DomainValidation (Maybe DomainStatus) Source #
The validation status of the domain name. This can be one of the following values:
PENDING_VALIDATION
- SUCCESS
- FAILED
domainValidation_domainName :: Lens' DomainValidation Text Source #
A fully qualified domain name (FQDN) in the certificate. For example,
www.example.com
or example.com
.
DomainValidationOption
domainValidationOption_domainName :: Lens' DomainValidationOption Text Source #
A fully qualified domain name (FQDN) in the certificate request.
domainValidationOption_validationDomain :: Lens' DomainValidationOption Text Source #
The domain name that you want ACM to use to send you validation emails.
This domain name is the suffix of the email addresses that you want ACM
to use. This must be the same as the DomainName
value or a superdomain
of the DomainName
value. For example, if you request a certificate for
testing.example.com
, you can specify example.com
for this value. In
that case, ACM sends domain validation emails to the following five
addresses:
- admin@example.com
- administrator@example.com
- hostmaster@example.com
- postmaster@example.com
- webmaster@example.com
ExpiryEventsConfiguration
expiryEventsConfiguration_daysBeforeExpiry :: Lens' ExpiryEventsConfiguration (Maybe Natural) Source #
Specifies the number of days prior to certificate expiration when ACM
starts generating EventBridge
events. ACM sends one event per day per
certificate until the certificate expires. By default, accounts receive
events starting 45 days before certificate expiration.
ExtendedKeyUsage
extendedKeyUsage_name :: Lens' ExtendedKeyUsage (Maybe ExtendedKeyUsageName) Source #
The name of an Extended Key Usage value.
extendedKeyUsage_oid :: Lens' ExtendedKeyUsage (Maybe Text) Source #
An object identifier (OID) for the extension value. OIDs are strings of numbers separated by periods. The following OIDs are defined in RFC 3280 and RFC 5280.
1.3.6.1.5.5.7.3.1 (TLS_WEB_SERVER_AUTHENTICATION)
1.3.6.1.5.5.7.3.2 (TLS_WEB_CLIENT_AUTHENTICATION)
1.3.6.1.5.5.7.3.3 (CODE_SIGNING)
1.3.6.1.5.5.7.3.4 (EMAIL_PROTECTION)
1.3.6.1.5.5.7.3.8 (TIME_STAMPING)
1.3.6.1.5.5.7.3.9 (OCSP_SIGNING)
1.3.6.1.5.5.7.3.5 (IPSEC_END_SYSTEM)
1.3.6.1.5.5.7.3.6 (IPSEC_TUNNEL)
1.3.6.1.5.5.7.3.7 (IPSEC_USER)
Filters
filters_extendedKeyUsage :: Lens' Filters (Maybe [ExtendedKeyUsageName]) Source #
Specify one or more ExtendedKeyUsage extension values.
filters_keyTypes :: Lens' Filters (Maybe [KeyAlgorithm]) Source #
Specify one or more algorithms that can be used to generate key pairs.
Default filtering returns only RSA_1024
and RSA_2048
certificates
that have at least one domain. To return other certificate types,
provide the desired type signatures in a comma-separated list. For
example, "keyTypes": ["RSA_2048","RSA_4096"]
returns both
RSA_2048
and RSA_4096
certificates.
filters_keyUsage :: Lens' Filters (Maybe [KeyUsageName]) Source #
Specify one or more KeyUsage extension values.
KeyUsage
keyUsage_name :: Lens' KeyUsage (Maybe KeyUsageName) Source #
A string value that contains a Key Usage extension name.
RenewalSummary
renewalSummary_renewalStatusReason :: Lens' RenewalSummary (Maybe FailureReason) Source #
The reason that a renewal request was unsuccessful.
renewalSummary_renewalStatus :: Lens' RenewalSummary RenewalStatus Source #
The status of ACM's managed renewal of the certificate.
renewalSummary_domainValidationOptions :: Lens' RenewalSummary (NonEmpty DomainValidation) Source #
Contains information about the validation of each domain name in the
certificate, as it pertains to ACM's
managed renewal.
This is different from the initial validation that occurs as a result of
the RequestCertificate request. This field exists only when the
certificate type is AMAZON_ISSUED
.
renewalSummary_updatedAt :: Lens' RenewalSummary UTCTime Source #
The time at which the renewal summary was last updated.
ResourceRecord
resourceRecord_name :: Lens' ResourceRecord Text Source #
The name of the DNS record to create in your domain. This is supplied by ACM.
resourceRecord_type :: Lens' ResourceRecord RecordType Source #
The type of DNS record. Currently this can be CNAME
.
resourceRecord_value :: Lens' ResourceRecord Text Source #
The value of the CNAME record to add to your DNS database. This is supplied by ACM.