1 /** 2 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. 3 * SPDX-License-Identifier: Apache-2.0. 4 */ 5 6 #pragma once 7 #include <aws/acm-pca/ACMPCA_EXPORTS.h> 8 #include <aws/acm-pca/ACMPCAErrors.h> 9 #include <aws/core/client/AWSError.h> 10 #include <aws/core/client/ClientConfiguration.h> 11 #include <aws/core/client/AWSClient.h> 12 #include <aws/core/utils/memory/stl/AWSString.h> 13 #include <aws/core/utils/json/JsonSerializer.h> 14 #include <aws/acm-pca/model/CreateCertificateAuthorityResult.h> 15 #include <aws/acm-pca/model/CreateCertificateAuthorityAuditReportResult.h> 16 #include <aws/acm-pca/model/DescribeCertificateAuthorityResult.h> 17 #include <aws/acm-pca/model/DescribeCertificateAuthorityAuditReportResult.h> 18 #include <aws/acm-pca/model/GetCertificateResult.h> 19 #include <aws/acm-pca/model/GetCertificateAuthorityCertificateResult.h> 20 #include <aws/acm-pca/model/GetCertificateAuthorityCsrResult.h> 21 #include <aws/acm-pca/model/GetPolicyResult.h> 22 #include <aws/acm-pca/model/IssueCertificateResult.h> 23 #include <aws/acm-pca/model/ListCertificateAuthoritiesResult.h> 24 #include <aws/acm-pca/model/ListPermissionsResult.h> 25 #include <aws/acm-pca/model/ListTagsResult.h> 26 #include <aws/core/NoResult.h> 27 #include <aws/core/client/AsyncCallerContext.h> 28 #include <aws/core/http/HttpTypes.h> 29 #include <future> 30 #include <functional> 31 32 namespace Aws 33 { 34 35 namespace Http 36 { 37 class HttpClient; 38 class HttpClientFactory; 39 } // namespace Http 40 41 namespace Utils 42 { 43 template< typename R, typename E> class Outcome; 44 namespace Threading 45 { 46 class Executor; 47 } // namespace Threading 48 } // namespace Utils 49 50 namespace Auth 51 { 52 class AWSCredentials; 53 class AWSCredentialsProvider; 54 } // namespace Auth 55 56 namespace Client 57 { 58 class RetryStrategy; 59 } // namespace Client 60 61 namespace ACMPCA 62 { 63 64 namespace Model 65 { 66 class CreateCertificateAuthorityRequest; 67 class CreateCertificateAuthorityAuditReportRequest; 68 class CreatePermissionRequest; 69 class DeleteCertificateAuthorityRequest; 70 class DeletePermissionRequest; 71 class DeletePolicyRequest; 72 class DescribeCertificateAuthorityRequest; 73 class DescribeCertificateAuthorityAuditReportRequest; 74 class GetCertificateRequest; 75 class GetCertificateAuthorityCertificateRequest; 76 class GetCertificateAuthorityCsrRequest; 77 class GetPolicyRequest; 78 class ImportCertificateAuthorityCertificateRequest; 79 class IssueCertificateRequest; 80 class ListCertificateAuthoritiesRequest; 81 class ListPermissionsRequest; 82 class ListTagsRequest; 83 class PutPolicyRequest; 84 class RestoreCertificateAuthorityRequest; 85 class RevokeCertificateRequest; 86 class TagCertificateAuthorityRequest; 87 class UntagCertificateAuthorityRequest; 88 class UpdateCertificateAuthorityRequest; 89 90 typedef Aws::Utils::Outcome<CreateCertificateAuthorityResult, ACMPCAError> CreateCertificateAuthorityOutcome; 91 typedef Aws::Utils::Outcome<CreateCertificateAuthorityAuditReportResult, ACMPCAError> CreateCertificateAuthorityAuditReportOutcome; 92 typedef Aws::Utils::Outcome<Aws::NoResult, ACMPCAError> CreatePermissionOutcome; 93 typedef Aws::Utils::Outcome<Aws::NoResult, ACMPCAError> DeleteCertificateAuthorityOutcome; 94 typedef Aws::Utils::Outcome<Aws::NoResult, ACMPCAError> DeletePermissionOutcome; 95 typedef Aws::Utils::Outcome<Aws::NoResult, ACMPCAError> DeletePolicyOutcome; 96 typedef Aws::Utils::Outcome<DescribeCertificateAuthorityResult, ACMPCAError> DescribeCertificateAuthorityOutcome; 97 typedef Aws::Utils::Outcome<DescribeCertificateAuthorityAuditReportResult, ACMPCAError> DescribeCertificateAuthorityAuditReportOutcome; 98 typedef Aws::Utils::Outcome<GetCertificateResult, ACMPCAError> GetCertificateOutcome; 99 typedef Aws::Utils::Outcome<GetCertificateAuthorityCertificateResult, ACMPCAError> GetCertificateAuthorityCertificateOutcome; 100 typedef Aws::Utils::Outcome<GetCertificateAuthorityCsrResult, ACMPCAError> GetCertificateAuthorityCsrOutcome; 101 typedef Aws::Utils::Outcome<GetPolicyResult, ACMPCAError> GetPolicyOutcome; 102 typedef Aws::Utils::Outcome<Aws::NoResult, ACMPCAError> ImportCertificateAuthorityCertificateOutcome; 103 typedef Aws::Utils::Outcome<IssueCertificateResult, ACMPCAError> IssueCertificateOutcome; 104 typedef Aws::Utils::Outcome<ListCertificateAuthoritiesResult, ACMPCAError> ListCertificateAuthoritiesOutcome; 105 typedef Aws::Utils::Outcome<ListPermissionsResult, ACMPCAError> ListPermissionsOutcome; 106 typedef Aws::Utils::Outcome<ListTagsResult, ACMPCAError> ListTagsOutcome; 107 typedef Aws::Utils::Outcome<Aws::NoResult, ACMPCAError> PutPolicyOutcome; 108 typedef Aws::Utils::Outcome<Aws::NoResult, ACMPCAError> RestoreCertificateAuthorityOutcome; 109 typedef Aws::Utils::Outcome<Aws::NoResult, ACMPCAError> RevokeCertificateOutcome; 110 typedef Aws::Utils::Outcome<Aws::NoResult, ACMPCAError> TagCertificateAuthorityOutcome; 111 typedef Aws::Utils::Outcome<Aws::NoResult, ACMPCAError> UntagCertificateAuthorityOutcome; 112 typedef Aws::Utils::Outcome<Aws::NoResult, ACMPCAError> UpdateCertificateAuthorityOutcome; 113 114 typedef std::future<CreateCertificateAuthorityOutcome> CreateCertificateAuthorityOutcomeCallable; 115 typedef std::future<CreateCertificateAuthorityAuditReportOutcome> CreateCertificateAuthorityAuditReportOutcomeCallable; 116 typedef std::future<CreatePermissionOutcome> CreatePermissionOutcomeCallable; 117 typedef std::future<DeleteCertificateAuthorityOutcome> DeleteCertificateAuthorityOutcomeCallable; 118 typedef std::future<DeletePermissionOutcome> DeletePermissionOutcomeCallable; 119 typedef std::future<DeletePolicyOutcome> DeletePolicyOutcomeCallable; 120 typedef std::future<DescribeCertificateAuthorityOutcome> DescribeCertificateAuthorityOutcomeCallable; 121 typedef std::future<DescribeCertificateAuthorityAuditReportOutcome> DescribeCertificateAuthorityAuditReportOutcomeCallable; 122 typedef std::future<GetCertificateOutcome> GetCertificateOutcomeCallable; 123 typedef std::future<GetCertificateAuthorityCertificateOutcome> GetCertificateAuthorityCertificateOutcomeCallable; 124 typedef std::future<GetCertificateAuthorityCsrOutcome> GetCertificateAuthorityCsrOutcomeCallable; 125 typedef std::future<GetPolicyOutcome> GetPolicyOutcomeCallable; 126 typedef std::future<ImportCertificateAuthorityCertificateOutcome> ImportCertificateAuthorityCertificateOutcomeCallable; 127 typedef std::future<IssueCertificateOutcome> IssueCertificateOutcomeCallable; 128 typedef std::future<ListCertificateAuthoritiesOutcome> ListCertificateAuthoritiesOutcomeCallable; 129 typedef std::future<ListPermissionsOutcome> ListPermissionsOutcomeCallable; 130 typedef std::future<ListTagsOutcome> ListTagsOutcomeCallable; 131 typedef std::future<PutPolicyOutcome> PutPolicyOutcomeCallable; 132 typedef std::future<RestoreCertificateAuthorityOutcome> RestoreCertificateAuthorityOutcomeCallable; 133 typedef std::future<RevokeCertificateOutcome> RevokeCertificateOutcomeCallable; 134 typedef std::future<TagCertificateAuthorityOutcome> TagCertificateAuthorityOutcomeCallable; 135 typedef std::future<UntagCertificateAuthorityOutcome> UntagCertificateAuthorityOutcomeCallable; 136 typedef std::future<UpdateCertificateAuthorityOutcome> UpdateCertificateAuthorityOutcomeCallable; 137 } // namespace Model 138 139 class ACMPCAClient; 140 141 typedef std::function<void(const ACMPCAClient*, const Model::CreateCertificateAuthorityRequest&, const Model::CreateCertificateAuthorityOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > CreateCertificateAuthorityResponseReceivedHandler; 142 typedef std::function<void(const ACMPCAClient*, const Model::CreateCertificateAuthorityAuditReportRequest&, const Model::CreateCertificateAuthorityAuditReportOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > CreateCertificateAuthorityAuditReportResponseReceivedHandler; 143 typedef std::function<void(const ACMPCAClient*, const Model::CreatePermissionRequest&, const Model::CreatePermissionOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > CreatePermissionResponseReceivedHandler; 144 typedef std::function<void(const ACMPCAClient*, const Model::DeleteCertificateAuthorityRequest&, const Model::DeleteCertificateAuthorityOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > DeleteCertificateAuthorityResponseReceivedHandler; 145 typedef std::function<void(const ACMPCAClient*, const Model::DeletePermissionRequest&, const Model::DeletePermissionOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > DeletePermissionResponseReceivedHandler; 146 typedef std::function<void(const ACMPCAClient*, const Model::DeletePolicyRequest&, const Model::DeletePolicyOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > DeletePolicyResponseReceivedHandler; 147 typedef std::function<void(const ACMPCAClient*, const Model::DescribeCertificateAuthorityRequest&, const Model::DescribeCertificateAuthorityOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > DescribeCertificateAuthorityResponseReceivedHandler; 148 typedef std::function<void(const ACMPCAClient*, const Model::DescribeCertificateAuthorityAuditReportRequest&, const Model::DescribeCertificateAuthorityAuditReportOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > DescribeCertificateAuthorityAuditReportResponseReceivedHandler; 149 typedef std::function<void(const ACMPCAClient*, const Model::GetCertificateRequest&, const Model::GetCertificateOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > GetCertificateResponseReceivedHandler; 150 typedef std::function<void(const ACMPCAClient*, const Model::GetCertificateAuthorityCertificateRequest&, const Model::GetCertificateAuthorityCertificateOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > GetCertificateAuthorityCertificateResponseReceivedHandler; 151 typedef std::function<void(const ACMPCAClient*, const Model::GetCertificateAuthorityCsrRequest&, const Model::GetCertificateAuthorityCsrOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > GetCertificateAuthorityCsrResponseReceivedHandler; 152 typedef std::function<void(const ACMPCAClient*, const Model::GetPolicyRequest&, const Model::GetPolicyOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > GetPolicyResponseReceivedHandler; 153 typedef std::function<void(const ACMPCAClient*, const Model::ImportCertificateAuthorityCertificateRequest&, const Model::ImportCertificateAuthorityCertificateOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > ImportCertificateAuthorityCertificateResponseReceivedHandler; 154 typedef std::function<void(const ACMPCAClient*, const Model::IssueCertificateRequest&, const Model::IssueCertificateOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > IssueCertificateResponseReceivedHandler; 155 typedef std::function<void(const ACMPCAClient*, const Model::ListCertificateAuthoritiesRequest&, const Model::ListCertificateAuthoritiesOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > ListCertificateAuthoritiesResponseReceivedHandler; 156 typedef std::function<void(const ACMPCAClient*, const Model::ListPermissionsRequest&, const Model::ListPermissionsOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > ListPermissionsResponseReceivedHandler; 157 typedef std::function<void(const ACMPCAClient*, const Model::ListTagsRequest&, const Model::ListTagsOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > ListTagsResponseReceivedHandler; 158 typedef std::function<void(const ACMPCAClient*, const Model::PutPolicyRequest&, const Model::PutPolicyOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > PutPolicyResponseReceivedHandler; 159 typedef std::function<void(const ACMPCAClient*, const Model::RestoreCertificateAuthorityRequest&, const Model::RestoreCertificateAuthorityOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > RestoreCertificateAuthorityResponseReceivedHandler; 160 typedef std::function<void(const ACMPCAClient*, const Model::RevokeCertificateRequest&, const Model::RevokeCertificateOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > RevokeCertificateResponseReceivedHandler; 161 typedef std::function<void(const ACMPCAClient*, const Model::TagCertificateAuthorityRequest&, const Model::TagCertificateAuthorityOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > TagCertificateAuthorityResponseReceivedHandler; 162 typedef std::function<void(const ACMPCAClient*, const Model::UntagCertificateAuthorityRequest&, const Model::UntagCertificateAuthorityOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > UntagCertificateAuthorityResponseReceivedHandler; 163 typedef std::function<void(const ACMPCAClient*, const Model::UpdateCertificateAuthorityRequest&, const Model::UpdateCertificateAuthorityOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > UpdateCertificateAuthorityResponseReceivedHandler; 164 165 /** 166 * <p>This is the <i>ACM Private CA API Reference</i>. It provides descriptions, 167 * syntax, and usage examples for each of the actions and data types involved in 168 * creating and managing private certificate authorities (CA) for your 169 * organization.</p> <p>The documentation for each action shows the Query API 170 * request parameters and the XML response. Alternatively, you can use one of the 171 * AWS SDKs to access an API that's tailored to the programming language or 172 * platform that you're using. For more information, see <a 173 * href="https://aws.amazon.com/tools/#SDKs">AWS SDKs</a>.</p> <p>Each ACM Private 174 * CA API operation has a quota that determines the number of times the operation 175 * can be called per second. ACM Private CA throttles API requests at different 176 * rates depending on the operation. Throttling means that ACM Private CA rejects 177 * an otherwise valid request because the request exceeds the operation's quota for 178 * the number of requests per second. When a request is throttled, ACM Private CA 179 * returns a <a 180 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/CommonErrors.html">ThrottlingException</a> 181 * error. ACM Private CA does not guarantee a minimum request rate for APIs. </p> 182 * <p>To see an up-to-date list of your ACM Private CA quotas, or to request a 183 * quota increase, log into your AWS account and visit the <a 184 * href="https://console.aws.amazon.com/servicequotas/">Service Quotas</a> 185 * console.</p> 186 */ 187 class AWS_ACMPCA_API ACMPCAClient : public Aws::Client::AWSJsonClient 188 { 189 public: 190 typedef Aws::Client::AWSJsonClient BASECLASS; 191 192 /** 193 * Initializes client to use DefaultCredentialProviderChain, with default http client factory, and optional client config. If client config 194 * is not specified, it will be initialized to default values. 195 */ 196 ACMPCAClient(const Aws::Client::ClientConfiguration& clientConfiguration = Aws::Client::ClientConfiguration()); 197 198 /** 199 * Initializes client to use SimpleAWSCredentialsProvider, with default http client factory, and optional client config. If client config 200 * is not specified, it will be initialized to default values. 201 */ 202 ACMPCAClient(const Aws::Auth::AWSCredentials& credentials, const Aws::Client::ClientConfiguration& clientConfiguration = Aws::Client::ClientConfiguration()); 203 204 /** 205 * Initializes client to use specified credentials provider with specified client config. If http client factory is not supplied, 206 * the default http client factory will be used 207 */ 208 ACMPCAClient(const std::shared_ptr<Aws::Auth::AWSCredentialsProvider>& credentialsProvider, 209 const Aws::Client::ClientConfiguration& clientConfiguration = Aws::Client::ClientConfiguration()); 210 211 virtual ~ACMPCAClient(); 212 213 214 /** 215 * <p>Creates a root or subordinate private certificate authority (CA). You must 216 * specify the CA configuration, an optional configuration for Online Certificate 217 * Status Protocol (OCSP) and/or a certificate revocation list (CRL), the CA type, 218 * and an optional idempotency token to avoid accidental creation of multiple CAs. 219 * The CA configuration specifies the name of the algorithm and key size to be used 220 * to create the CA private key, the type of signing algorithm that the CA uses, 221 * and X.500 subject information. The OCSP configuration can optionally specify a 222 * custom URL for the OCSP responder. The CRL configuration specifies the CRL 223 * expiration period in days (the validity period of the CRL), the Amazon S3 bucket 224 * that will contain the CRL, and a CNAME alias for the S3 bucket that is included 225 * in certificates issued by the CA. If successful, this action returns the Amazon 226 * Resource Name (ARN) of the CA.</p> <p>ACM Private CA assets that are stored in 227 * Amazon S3 can be protected with encryption. For more information, see <a 228 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption">Encrypting 229 * Your CRLs</a>.</p> <p>Both PCA and the IAM principal must have permission 230 * to write to the S3 bucket that you specify. If the IAM principal making the call 231 * does not have permission to write to the bucket, then an exception is thrown. 232 * For more information, see <a 233 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html">Configure 234 * Access to ACM Private CA</a>.</p> <p><h3>See Also:</h3> <a 235 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthority">AWS 236 * API Reference</a></p> 237 */ 238 virtual Model::CreateCertificateAuthorityOutcome CreateCertificateAuthority(const Model::CreateCertificateAuthorityRequest& request) const; 239 240 /** 241 * <p>Creates a root or subordinate private certificate authority (CA). You must 242 * specify the CA configuration, an optional configuration for Online Certificate 243 * Status Protocol (OCSP) and/or a certificate revocation list (CRL), the CA type, 244 * and an optional idempotency token to avoid accidental creation of multiple CAs. 245 * The CA configuration specifies the name of the algorithm and key size to be used 246 * to create the CA private key, the type of signing algorithm that the CA uses, 247 * and X.500 subject information. The OCSP configuration can optionally specify a 248 * custom URL for the OCSP responder. The CRL configuration specifies the CRL 249 * expiration period in days (the validity period of the CRL), the Amazon S3 bucket 250 * that will contain the CRL, and a CNAME alias for the S3 bucket that is included 251 * in certificates issued by the CA. If successful, this action returns the Amazon 252 * Resource Name (ARN) of the CA.</p> <p>ACM Private CA assets that are stored in 253 * Amazon S3 can be protected with encryption. For more information, see <a 254 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption">Encrypting 255 * Your CRLs</a>.</p> <p>Both PCA and the IAM principal must have permission 256 * to write to the S3 bucket that you specify. If the IAM principal making the call 257 * does not have permission to write to the bucket, then an exception is thrown. 258 * For more information, see <a 259 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html">Configure 260 * Access to ACM Private CA</a>.</p> <p><h3>See Also:</h3> <a 261 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthority">AWS 262 * API Reference</a></p> 263 * 264 * returns a future to the operation so that it can be executed in parallel to other requests. 265 */ 266 virtual Model::CreateCertificateAuthorityOutcomeCallable CreateCertificateAuthorityCallable(const Model::CreateCertificateAuthorityRequest& request) const; 267 268 /** 269 * <p>Creates a root or subordinate private certificate authority (CA). You must 270 * specify the CA configuration, an optional configuration for Online Certificate 271 * Status Protocol (OCSP) and/or a certificate revocation list (CRL), the CA type, 272 * and an optional idempotency token to avoid accidental creation of multiple CAs. 273 * The CA configuration specifies the name of the algorithm and key size to be used 274 * to create the CA private key, the type of signing algorithm that the CA uses, 275 * and X.500 subject information. The OCSP configuration can optionally specify a 276 * custom URL for the OCSP responder. The CRL configuration specifies the CRL 277 * expiration period in days (the validity period of the CRL), the Amazon S3 bucket 278 * that will contain the CRL, and a CNAME alias for the S3 bucket that is included 279 * in certificates issued by the CA. If successful, this action returns the Amazon 280 * Resource Name (ARN) of the CA.</p> <p>ACM Private CA assets that are stored in 281 * Amazon S3 can be protected with encryption. For more information, see <a 282 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCreateCa.html#crl-encryption">Encrypting 283 * Your CRLs</a>.</p> <p>Both PCA and the IAM principal must have permission 284 * to write to the S3 bucket that you specify. If the IAM principal making the call 285 * does not have permission to write to the bucket, then an exception is thrown. 286 * For more information, see <a 287 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html">Configure 288 * Access to ACM Private CA</a>.</p> <p><h3>See Also:</h3> <a 289 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthority">AWS 290 * API Reference</a></p> 291 * 292 * Queues the request into a thread executor and triggers associated callback when operation has finished. 293 */ 294 virtual void CreateCertificateAuthorityAsync(const Model::CreateCertificateAuthorityRequest& request, const CreateCertificateAuthorityResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 295 296 /** 297 * <p>Creates an audit report that lists every time that your CA private key is 298 * used. The report is saved in the Amazon S3 bucket that you specify on input. The 299 * <a 300 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html">IssueCertificate</a> 301 * and <a 302 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html">RevokeCertificate</a> 303 * actions use the private key. </p> <p>Both PCA and the IAM principal must 304 * have permission to write to the S3 bucket that you specify. If the IAM principal 305 * making the call does not have permission to write to the bucket, then an 306 * exception is thrown. For more information, see <a 307 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html">Configure 308 * Access to ACM Private CA</a>.</p> <p>ACM Private CA assets that are 309 * stored in Amazon S3 can be protected with encryption. For more information, see 310 * <a 311 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuditReport.html#audit-report-encryption">Encrypting 312 * Your Audit Reports</a>.</p><p><h3>See Also:</h3> <a 313 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityAuditReport">AWS 314 * API Reference</a></p> 315 */ 316 virtual Model::CreateCertificateAuthorityAuditReportOutcome CreateCertificateAuthorityAuditReport(const Model::CreateCertificateAuthorityAuditReportRequest& request) const; 317 318 /** 319 * <p>Creates an audit report that lists every time that your CA private key is 320 * used. The report is saved in the Amazon S3 bucket that you specify on input. The 321 * <a 322 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html">IssueCertificate</a> 323 * and <a 324 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html">RevokeCertificate</a> 325 * actions use the private key. </p> <p>Both PCA and the IAM principal must 326 * have permission to write to the S3 bucket that you specify. If the IAM principal 327 * making the call does not have permission to write to the bucket, then an 328 * exception is thrown. For more information, see <a 329 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html">Configure 330 * Access to ACM Private CA</a>.</p> <p>ACM Private CA assets that are 331 * stored in Amazon S3 can be protected with encryption. For more information, see 332 * <a 333 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuditReport.html#audit-report-encryption">Encrypting 334 * Your Audit Reports</a>.</p><p><h3>See Also:</h3> <a 335 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityAuditReport">AWS 336 * API Reference</a></p> 337 * 338 * returns a future to the operation so that it can be executed in parallel to other requests. 339 */ 340 virtual Model::CreateCertificateAuthorityAuditReportOutcomeCallable CreateCertificateAuthorityAuditReportCallable(const Model::CreateCertificateAuthorityAuditReportRequest& request) const; 341 342 /** 343 * <p>Creates an audit report that lists every time that your CA private key is 344 * used. The report is saved in the Amazon S3 bucket that you specify on input. The 345 * <a 346 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html">IssueCertificate</a> 347 * and <a 348 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html">RevokeCertificate</a> 349 * actions use the private key. </p> <p>Both PCA and the IAM principal must 350 * have permission to write to the S3 bucket that you specify. If the IAM principal 351 * making the call does not have permission to write to the bucket, then an 352 * exception is thrown. For more information, see <a 353 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html">Configure 354 * Access to ACM Private CA</a>.</p> <p>ACM Private CA assets that are 355 * stored in Amazon S3 can be protected with encryption. For more information, see 356 * <a 357 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuditReport.html#audit-report-encryption">Encrypting 358 * Your Audit Reports</a>.</p><p><h3>See Also:</h3> <a 359 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreateCertificateAuthorityAuditReport">AWS 360 * API Reference</a></p> 361 * 362 * Queues the request into a thread executor and triggers associated callback when operation has finished. 363 */ 364 virtual void CreateCertificateAuthorityAuditReportAsync(const Model::CreateCertificateAuthorityAuditReportRequest& request, const CreateCertificateAuthorityAuditReportResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 365 366 /** 367 * <p>Grants one or more permissions on a private CA to the AWS Certificate Manager 368 * (ACM) service principal (<code>acm.amazonaws.com</code>). These permissions 369 * allow ACM to issue and renew ACM certificates that reside in the same AWS 370 * account as the CA.</p> <p>You can list current permissions with the <a 371 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html">ListPermissions</a> 372 * action and revoke them with the <a 373 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html">DeletePermission</a> 374 * action.</p> <p class="title"> <b>About Permissions</b> </p> <ul> <li> <p>If the 375 * private CA and the certificates it issues reside in the same account, you can 376 * use <code>CreatePermission</code> to grant permissions for ACM to carry out 377 * automatic certificate renewals.</p> </li> <li> <p>For automatic certificate 378 * renewal to succeed, the ACM service principal needs permissions to create, 379 * retrieve, and list certificates.</p> </li> <li> <p>If the private CA and the ACM 380 * certificates reside in different accounts, then permissions cannot be used to 381 * enable automatic renewals. Instead, the ACM certificate owner must set up a 382 * resource-based policy to enable cross-account issuance and renewals. For more 383 * information, see <a 384 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 385 * Resource Based Policy with ACM Private CA</a>.</p> </li> </ul><p><h3>See 386 * Also:</h3> <a 387 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermission">AWS 388 * API Reference</a></p> 389 */ 390 virtual Model::CreatePermissionOutcome CreatePermission(const Model::CreatePermissionRequest& request) const; 391 392 /** 393 * <p>Grants one or more permissions on a private CA to the AWS Certificate Manager 394 * (ACM) service principal (<code>acm.amazonaws.com</code>). These permissions 395 * allow ACM to issue and renew ACM certificates that reside in the same AWS 396 * account as the CA.</p> <p>You can list current permissions with the <a 397 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html">ListPermissions</a> 398 * action and revoke them with the <a 399 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html">DeletePermission</a> 400 * action.</p> <p class="title"> <b>About Permissions</b> </p> <ul> <li> <p>If the 401 * private CA and the certificates it issues reside in the same account, you can 402 * use <code>CreatePermission</code> to grant permissions for ACM to carry out 403 * automatic certificate renewals.</p> </li> <li> <p>For automatic certificate 404 * renewal to succeed, the ACM service principal needs permissions to create, 405 * retrieve, and list certificates.</p> </li> <li> <p>If the private CA and the ACM 406 * certificates reside in different accounts, then permissions cannot be used to 407 * enable automatic renewals. Instead, the ACM certificate owner must set up a 408 * resource-based policy to enable cross-account issuance and renewals. For more 409 * information, see <a 410 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 411 * Resource Based Policy with ACM Private CA</a>.</p> </li> </ul><p><h3>See 412 * Also:</h3> <a 413 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermission">AWS 414 * API Reference</a></p> 415 * 416 * returns a future to the operation so that it can be executed in parallel to other requests. 417 */ 418 virtual Model::CreatePermissionOutcomeCallable CreatePermissionCallable(const Model::CreatePermissionRequest& request) const; 419 420 /** 421 * <p>Grants one or more permissions on a private CA to the AWS Certificate Manager 422 * (ACM) service principal (<code>acm.amazonaws.com</code>). These permissions 423 * allow ACM to issue and renew ACM certificates that reside in the same AWS 424 * account as the CA.</p> <p>You can list current permissions with the <a 425 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html">ListPermissions</a> 426 * action and revoke them with the <a 427 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html">DeletePermission</a> 428 * action.</p> <p class="title"> <b>About Permissions</b> </p> <ul> <li> <p>If the 429 * private CA and the certificates it issues reside in the same account, you can 430 * use <code>CreatePermission</code> to grant permissions for ACM to carry out 431 * automatic certificate renewals.</p> </li> <li> <p>For automatic certificate 432 * renewal to succeed, the ACM service principal needs permissions to create, 433 * retrieve, and list certificates.</p> </li> <li> <p>If the private CA and the ACM 434 * certificates reside in different accounts, then permissions cannot be used to 435 * enable automatic renewals. Instead, the ACM certificate owner must set up a 436 * resource-based policy to enable cross-account issuance and renewals. For more 437 * information, see <a 438 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 439 * Resource Based Policy with ACM Private CA</a>.</p> </li> </ul><p><h3>See 440 * Also:</h3> <a 441 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CreatePermission">AWS 442 * API Reference</a></p> 443 * 444 * Queues the request into a thread executor and triggers associated callback when operation has finished. 445 */ 446 virtual void CreatePermissionAsync(const Model::CreatePermissionRequest& request, const CreatePermissionResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 447 448 /** 449 * <p>Deletes a private certificate authority (CA). You must provide the Amazon 450 * Resource Name (ARN) of the private CA that you want to delete. You can find the 451 * ARN by calling the <a 452 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html">ListCertificateAuthorities</a> 453 * action. </p> <p>Deleting a CA will invalidate other CAs and certificates 454 * below it in your CA hierarchy.</p> <p>Before you can delete a CA that 455 * you have created and activated, you must disable it. To do this, call the <a 456 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> 457 * action and set the <b>CertificateAuthorityStatus</b> parameter to 458 * <code>DISABLED</code>. </p> <p>Additionally, you can delete a CA if you are 459 * waiting for it to be created (that is, the status of the CA is 460 * <code>CREATING</code>). You can also delete it if the CA has been created but 461 * you haven't yet imported the signed certificate into ACM Private CA (that is, 462 * the status of the CA is <code>PENDING_CERTIFICATE</code>). </p> <p>When you 463 * successfully call <a 464 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html">DeleteCertificateAuthority</a>, 465 * the CA's status changes to <code>DELETED</code>. However, the CA won't be 466 * permanently deleted until the restoration period has passed. By default, if you 467 * do not set the <code>PermanentDeletionTimeInDays</code> parameter, the CA 468 * remains restorable for 30 days. You can set the parameter from 7 to 30 days. The 469 * <a 470 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html">DescribeCertificateAuthority</a> 471 * action returns the time remaining in the restoration window of a private CA in 472 * the <code>DELETED</code> state. To restore an eligible CA, call the <a 473 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RestoreCertificateAuthority.html">RestoreCertificateAuthority</a> 474 * action.</p><p><h3>See Also:</h3> <a 475 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeleteCertificateAuthority">AWS 476 * API Reference</a></p> 477 */ 478 virtual Model::DeleteCertificateAuthorityOutcome DeleteCertificateAuthority(const Model::DeleteCertificateAuthorityRequest& request) const; 479 480 /** 481 * <p>Deletes a private certificate authority (CA). You must provide the Amazon 482 * Resource Name (ARN) of the private CA that you want to delete. You can find the 483 * ARN by calling the <a 484 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html">ListCertificateAuthorities</a> 485 * action. </p> <p>Deleting a CA will invalidate other CAs and certificates 486 * below it in your CA hierarchy.</p> <p>Before you can delete a CA that 487 * you have created and activated, you must disable it. To do this, call the <a 488 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> 489 * action and set the <b>CertificateAuthorityStatus</b> parameter to 490 * <code>DISABLED</code>. </p> <p>Additionally, you can delete a CA if you are 491 * waiting for it to be created (that is, the status of the CA is 492 * <code>CREATING</code>). You can also delete it if the CA has been created but 493 * you haven't yet imported the signed certificate into ACM Private CA (that is, 494 * the status of the CA is <code>PENDING_CERTIFICATE</code>). </p> <p>When you 495 * successfully call <a 496 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html">DeleteCertificateAuthority</a>, 497 * the CA's status changes to <code>DELETED</code>. However, the CA won't be 498 * permanently deleted until the restoration period has passed. By default, if you 499 * do not set the <code>PermanentDeletionTimeInDays</code> parameter, the CA 500 * remains restorable for 30 days. You can set the parameter from 7 to 30 days. The 501 * <a 502 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html">DescribeCertificateAuthority</a> 503 * action returns the time remaining in the restoration window of a private CA in 504 * the <code>DELETED</code> state. To restore an eligible CA, call the <a 505 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RestoreCertificateAuthority.html">RestoreCertificateAuthority</a> 506 * action.</p><p><h3>See Also:</h3> <a 507 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeleteCertificateAuthority">AWS 508 * API Reference</a></p> 509 * 510 * returns a future to the operation so that it can be executed in parallel to other requests. 511 */ 512 virtual Model::DeleteCertificateAuthorityOutcomeCallable DeleteCertificateAuthorityCallable(const Model::DeleteCertificateAuthorityRequest& request) const; 513 514 /** 515 * <p>Deletes a private certificate authority (CA). You must provide the Amazon 516 * Resource Name (ARN) of the private CA that you want to delete. You can find the 517 * ARN by calling the <a 518 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html">ListCertificateAuthorities</a> 519 * action. </p> <p>Deleting a CA will invalidate other CAs and certificates 520 * below it in your CA hierarchy.</p> <p>Before you can delete a CA that 521 * you have created and activated, you must disable it. To do this, call the <a 522 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> 523 * action and set the <b>CertificateAuthorityStatus</b> parameter to 524 * <code>DISABLED</code>. </p> <p>Additionally, you can delete a CA if you are 525 * waiting for it to be created (that is, the status of the CA is 526 * <code>CREATING</code>). You can also delete it if the CA has been created but 527 * you haven't yet imported the signed certificate into ACM Private CA (that is, 528 * the status of the CA is <code>PENDING_CERTIFICATE</code>). </p> <p>When you 529 * successfully call <a 530 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html">DeleteCertificateAuthority</a>, 531 * the CA's status changes to <code>DELETED</code>. However, the CA won't be 532 * permanently deleted until the restoration period has passed. By default, if you 533 * do not set the <code>PermanentDeletionTimeInDays</code> parameter, the CA 534 * remains restorable for 30 days. You can set the parameter from 7 to 30 days. The 535 * <a 536 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html">DescribeCertificateAuthority</a> 537 * action returns the time remaining in the restoration window of a private CA in 538 * the <code>DELETED</code> state. To restore an eligible CA, call the <a 539 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RestoreCertificateAuthority.html">RestoreCertificateAuthority</a> 540 * action.</p><p><h3>See Also:</h3> <a 541 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeleteCertificateAuthority">AWS 542 * API Reference</a></p> 543 * 544 * Queues the request into a thread executor and triggers associated callback when operation has finished. 545 */ 546 virtual void DeleteCertificateAuthorityAsync(const Model::DeleteCertificateAuthorityRequest& request, const DeleteCertificateAuthorityResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 547 548 /** 549 * <p>Revokes permissions on a private CA granted to the AWS Certificate Manager 550 * (ACM) service principal (acm.amazonaws.com). </p> <p>These permissions allow ACM 551 * to issue and renew ACM certificates that reside in the same AWS account as the 552 * CA. If you revoke these permissions, ACM will no longer renew the affected 553 * certificates automatically.</p> <p>Permissions can be granted with the <a 554 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html">CreatePermission</a> 555 * action and listed with the <a 556 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html">ListPermissions</a> 557 * action. </p> <p class="title"> <b>About Permissions</b> </p> <ul> <li> <p>If the 558 * private CA and the certificates it issues reside in the same account, you can 559 * use <code>CreatePermission</code> to grant permissions for ACM to carry out 560 * automatic certificate renewals.</p> </li> <li> <p>For automatic certificate 561 * renewal to succeed, the ACM service principal needs permissions to create, 562 * retrieve, and list certificates.</p> </li> <li> <p>If the private CA and the ACM 563 * certificates reside in different accounts, then permissions cannot be used to 564 * enable automatic renewals. Instead, the ACM certificate owner must set up a 565 * resource-based policy to enable cross-account issuance and renewals. For more 566 * information, see <a 567 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 568 * Resource Based Policy with ACM Private CA</a>.</p> </li> </ul><p><h3>See 569 * Also:</h3> <a 570 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermission">AWS 571 * API Reference</a></p> 572 */ 573 virtual Model::DeletePermissionOutcome DeletePermission(const Model::DeletePermissionRequest& request) const; 574 575 /** 576 * <p>Revokes permissions on a private CA granted to the AWS Certificate Manager 577 * (ACM) service principal (acm.amazonaws.com). </p> <p>These permissions allow ACM 578 * to issue and renew ACM certificates that reside in the same AWS account as the 579 * CA. If you revoke these permissions, ACM will no longer renew the affected 580 * certificates automatically.</p> <p>Permissions can be granted with the <a 581 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html">CreatePermission</a> 582 * action and listed with the <a 583 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html">ListPermissions</a> 584 * action. </p> <p class="title"> <b>About Permissions</b> </p> <ul> <li> <p>If the 585 * private CA and the certificates it issues reside in the same account, you can 586 * use <code>CreatePermission</code> to grant permissions for ACM to carry out 587 * automatic certificate renewals.</p> </li> <li> <p>For automatic certificate 588 * renewal to succeed, the ACM service principal needs permissions to create, 589 * retrieve, and list certificates.</p> </li> <li> <p>If the private CA and the ACM 590 * certificates reside in different accounts, then permissions cannot be used to 591 * enable automatic renewals. Instead, the ACM certificate owner must set up a 592 * resource-based policy to enable cross-account issuance and renewals. For more 593 * information, see <a 594 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 595 * Resource Based Policy with ACM Private CA</a>.</p> </li> </ul><p><h3>See 596 * Also:</h3> <a 597 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermission">AWS 598 * API Reference</a></p> 599 * 600 * returns a future to the operation so that it can be executed in parallel to other requests. 601 */ 602 virtual Model::DeletePermissionOutcomeCallable DeletePermissionCallable(const Model::DeletePermissionRequest& request) const; 603 604 /** 605 * <p>Revokes permissions on a private CA granted to the AWS Certificate Manager 606 * (ACM) service principal (acm.amazonaws.com). </p> <p>These permissions allow ACM 607 * to issue and renew ACM certificates that reside in the same AWS account as the 608 * CA. If you revoke these permissions, ACM will no longer renew the affected 609 * certificates automatically.</p> <p>Permissions can be granted with the <a 610 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html">CreatePermission</a> 611 * action and listed with the <a 612 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html">ListPermissions</a> 613 * action. </p> <p class="title"> <b>About Permissions</b> </p> <ul> <li> <p>If the 614 * private CA and the certificates it issues reside in the same account, you can 615 * use <code>CreatePermission</code> to grant permissions for ACM to carry out 616 * automatic certificate renewals.</p> </li> <li> <p>For automatic certificate 617 * renewal to succeed, the ACM service principal needs permissions to create, 618 * retrieve, and list certificates.</p> </li> <li> <p>If the private CA and the ACM 619 * certificates reside in different accounts, then permissions cannot be used to 620 * enable automatic renewals. Instead, the ACM certificate owner must set up a 621 * resource-based policy to enable cross-account issuance and renewals. For more 622 * information, see <a 623 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 624 * Resource Based Policy with ACM Private CA</a>.</p> </li> </ul><p><h3>See 625 * Also:</h3> <a 626 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePermission">AWS 627 * API Reference</a></p> 628 * 629 * Queues the request into a thread executor and triggers associated callback when operation has finished. 630 */ 631 virtual void DeletePermissionAsync(const Model::DeletePermissionRequest& request, const DeletePermissionResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 632 633 /** 634 * <p>Deletes the resource-based policy attached to a private CA. Deletion will 635 * remove any access that the policy has granted. If there is no policy attached to 636 * the private CA, this action will return successful.</p> <p>If you delete a 637 * policy that was applied through AWS Resource Access Manager (RAM), the CA will 638 * be removed from all shares in which it was included. </p> <p>The AWS Certificate 639 * Manager Service Linked Role that the policy supports is not affected when you 640 * delete the policy. </p> <p>The current policy can be shown with <a 641 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html">GetPolicy</a> 642 * and updated with <a 643 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html">PutPolicy</a>.</p> 644 * <p class="title"> <b>About Policies</b> </p> <ul> <li> <p>A policy grants access 645 * on a private CA to an AWS customer account, to AWS Organizations, or to an AWS 646 * Organizations unit. Policies are under the control of a CA administrator. For 647 * more information, see <a 648 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 649 * Resource Based Policy with ACM Private CA</a>.</p> </li> <li> <p>A policy 650 * permits a user of AWS Certificate Manager (ACM) to issue ACM certificates signed 651 * by a CA in another account.</p> </li> <li> <p>For ACM to manage automatic 652 * renewal of these certificates, the ACM user must configure a Service Linked Role 653 * (SLR). The SLR allows the ACM service to assume the identity of the user, 654 * subject to confirmation against the ACM Private CA policy. For more information, 655 * see <a 656 * href="https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html">Using a 657 * Service Linked Role with ACM</a>.</p> </li> <li> <p>Updates made in AWS Resource 658 * Manager (RAM) are reflected in policies. For more information, see <a 659 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html">Attach 660 * a Policy for Cross-Account Access</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 661 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicy">AWS 662 * API Reference</a></p> 663 */ 664 virtual Model::DeletePolicyOutcome DeletePolicy(const Model::DeletePolicyRequest& request) const; 665 666 /** 667 * <p>Deletes the resource-based policy attached to a private CA. Deletion will 668 * remove any access that the policy has granted. If there is no policy attached to 669 * the private CA, this action will return successful.</p> <p>If you delete a 670 * policy that was applied through AWS Resource Access Manager (RAM), the CA will 671 * be removed from all shares in which it was included. </p> <p>The AWS Certificate 672 * Manager Service Linked Role that the policy supports is not affected when you 673 * delete the policy. </p> <p>The current policy can be shown with <a 674 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html">GetPolicy</a> 675 * and updated with <a 676 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html">PutPolicy</a>.</p> 677 * <p class="title"> <b>About Policies</b> </p> <ul> <li> <p>A policy grants access 678 * on a private CA to an AWS customer account, to AWS Organizations, or to an AWS 679 * Organizations unit. Policies are under the control of a CA administrator. For 680 * more information, see <a 681 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 682 * Resource Based Policy with ACM Private CA</a>.</p> </li> <li> <p>A policy 683 * permits a user of AWS Certificate Manager (ACM) to issue ACM certificates signed 684 * by a CA in another account.</p> </li> <li> <p>For ACM to manage automatic 685 * renewal of these certificates, the ACM user must configure a Service Linked Role 686 * (SLR). The SLR allows the ACM service to assume the identity of the user, 687 * subject to confirmation against the ACM Private CA policy. For more information, 688 * see <a 689 * href="https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html">Using a 690 * Service Linked Role with ACM</a>.</p> </li> <li> <p>Updates made in AWS Resource 691 * Manager (RAM) are reflected in policies. For more information, see <a 692 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html">Attach 693 * a Policy for Cross-Account Access</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 694 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicy">AWS 695 * API Reference</a></p> 696 * 697 * returns a future to the operation so that it can be executed in parallel to other requests. 698 */ 699 virtual Model::DeletePolicyOutcomeCallable DeletePolicyCallable(const Model::DeletePolicyRequest& request) const; 700 701 /** 702 * <p>Deletes the resource-based policy attached to a private CA. Deletion will 703 * remove any access that the policy has granted. If there is no policy attached to 704 * the private CA, this action will return successful.</p> <p>If you delete a 705 * policy that was applied through AWS Resource Access Manager (RAM), the CA will 706 * be removed from all shares in which it was included. </p> <p>The AWS Certificate 707 * Manager Service Linked Role that the policy supports is not affected when you 708 * delete the policy. </p> <p>The current policy can be shown with <a 709 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html">GetPolicy</a> 710 * and updated with <a 711 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html">PutPolicy</a>.</p> 712 * <p class="title"> <b>About Policies</b> </p> <ul> <li> <p>A policy grants access 713 * on a private CA to an AWS customer account, to AWS Organizations, or to an AWS 714 * Organizations unit. Policies are under the control of a CA administrator. For 715 * more information, see <a 716 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 717 * Resource Based Policy with ACM Private CA</a>.</p> </li> <li> <p>A policy 718 * permits a user of AWS Certificate Manager (ACM) to issue ACM certificates signed 719 * by a CA in another account.</p> </li> <li> <p>For ACM to manage automatic 720 * renewal of these certificates, the ACM user must configure a Service Linked Role 721 * (SLR). The SLR allows the ACM service to assume the identity of the user, 722 * subject to confirmation against the ACM Private CA policy. For more information, 723 * see <a 724 * href="https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html">Using a 725 * Service Linked Role with ACM</a>.</p> </li> <li> <p>Updates made in AWS Resource 726 * Manager (RAM) are reflected in policies. For more information, see <a 727 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html">Attach 728 * a Policy for Cross-Account Access</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 729 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DeletePolicy">AWS 730 * API Reference</a></p> 731 * 732 * Queues the request into a thread executor and triggers associated callback when operation has finished. 733 */ 734 virtual void DeletePolicyAsync(const Model::DeletePolicyRequest& request, const DeletePolicyResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 735 736 /** 737 * <p>Lists information about your private certificate authority (CA) or one that 738 * has been shared with you. You specify the private CA on input by its ARN (Amazon 739 * Resource Name). The output contains the status of your CA. This can be any of 740 * the following: </p> <ul> <li> <p> <code>CREATING</code> - ACM Private CA is 741 * creating your private certificate authority.</p> </li> <li> <p> 742 * <code>PENDING_CERTIFICATE</code> - The certificate is pending. You must use your 743 * ACM Private CA-hosted or on-premises root or subordinate CA to sign your private 744 * CA CSR and then import it into PCA. </p> </li> <li> <p> <code>ACTIVE</code> - 745 * Your private CA is active.</p> </li> <li> <p> <code>DISABLED</code> - Your 746 * private CA has been disabled.</p> </li> <li> <p> <code>EXPIRED</code> - Your 747 * private CA certificate has expired.</p> </li> <li> <p> <code>FAILED</code> - 748 * Your private CA has failed. Your CA can fail because of problems such a network 749 * outage or back-end AWS failure or other errors. A failed CA can never return to 750 * the pending state. You must create a new CA. </p> </li> <li> <p> 751 * <code>DELETED</code> - Your private CA is within the restoration period, after 752 * which it is permanently deleted. The length of time remaining in the CA's 753 * restoration period is also included in this action's output.</p> </li> 754 * </ul><p><h3>See Also:</h3> <a 755 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthority">AWS 756 * API Reference</a></p> 757 */ 758 virtual Model::DescribeCertificateAuthorityOutcome DescribeCertificateAuthority(const Model::DescribeCertificateAuthorityRequest& request) const; 759 760 /** 761 * <p>Lists information about your private certificate authority (CA) or one that 762 * has been shared with you. You specify the private CA on input by its ARN (Amazon 763 * Resource Name). The output contains the status of your CA. This can be any of 764 * the following: </p> <ul> <li> <p> <code>CREATING</code> - ACM Private CA is 765 * creating your private certificate authority.</p> </li> <li> <p> 766 * <code>PENDING_CERTIFICATE</code> - The certificate is pending. You must use your 767 * ACM Private CA-hosted or on-premises root or subordinate CA to sign your private 768 * CA CSR and then import it into PCA. </p> </li> <li> <p> <code>ACTIVE</code> - 769 * Your private CA is active.</p> </li> <li> <p> <code>DISABLED</code> - Your 770 * private CA has been disabled.</p> </li> <li> <p> <code>EXPIRED</code> - Your 771 * private CA certificate has expired.</p> </li> <li> <p> <code>FAILED</code> - 772 * Your private CA has failed. Your CA can fail because of problems such a network 773 * outage or back-end AWS failure or other errors. A failed CA can never return to 774 * the pending state. You must create a new CA. </p> </li> <li> <p> 775 * <code>DELETED</code> - Your private CA is within the restoration period, after 776 * which it is permanently deleted. The length of time remaining in the CA's 777 * restoration period is also included in this action's output.</p> </li> 778 * </ul><p><h3>See Also:</h3> <a 779 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthority">AWS 780 * API Reference</a></p> 781 * 782 * returns a future to the operation so that it can be executed in parallel to other requests. 783 */ 784 virtual Model::DescribeCertificateAuthorityOutcomeCallable DescribeCertificateAuthorityCallable(const Model::DescribeCertificateAuthorityRequest& request) const; 785 786 /** 787 * <p>Lists information about your private certificate authority (CA) or one that 788 * has been shared with you. You specify the private CA on input by its ARN (Amazon 789 * Resource Name). The output contains the status of your CA. This can be any of 790 * the following: </p> <ul> <li> <p> <code>CREATING</code> - ACM Private CA is 791 * creating your private certificate authority.</p> </li> <li> <p> 792 * <code>PENDING_CERTIFICATE</code> - The certificate is pending. You must use your 793 * ACM Private CA-hosted or on-premises root or subordinate CA to sign your private 794 * CA CSR and then import it into PCA. </p> </li> <li> <p> <code>ACTIVE</code> - 795 * Your private CA is active.</p> </li> <li> <p> <code>DISABLED</code> - Your 796 * private CA has been disabled.</p> </li> <li> <p> <code>EXPIRED</code> - Your 797 * private CA certificate has expired.</p> </li> <li> <p> <code>FAILED</code> - 798 * Your private CA has failed. Your CA can fail because of problems such a network 799 * outage or back-end AWS failure or other errors. A failed CA can never return to 800 * the pending state. You must create a new CA. </p> </li> <li> <p> 801 * <code>DELETED</code> - Your private CA is within the restoration period, after 802 * which it is permanently deleted. The length of time remaining in the CA's 803 * restoration period is also included in this action's output.</p> </li> 804 * </ul><p><h3>See Also:</h3> <a 805 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthority">AWS 806 * API Reference</a></p> 807 * 808 * Queues the request into a thread executor and triggers associated callback when operation has finished. 809 */ 810 virtual void DescribeCertificateAuthorityAsync(const Model::DescribeCertificateAuthorityRequest& request, const DescribeCertificateAuthorityResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 811 812 /** 813 * <p>Lists information about a specific audit report created by calling the <a 814 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html">CreateCertificateAuthorityAuditReport</a> 815 * action. Audit information is created every time the certificate authority (CA) 816 * private key is used. The private key is used when you call the <a 817 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html">IssueCertificate</a> 818 * action or the <a 819 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html">RevokeCertificate</a> 820 * action. </p><p><h3>See Also:</h3> <a 821 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReport">AWS 822 * API Reference</a></p> 823 */ 824 virtual Model::DescribeCertificateAuthorityAuditReportOutcome DescribeCertificateAuthorityAuditReport(const Model::DescribeCertificateAuthorityAuditReportRequest& request) const; 825 826 /** 827 * <p>Lists information about a specific audit report created by calling the <a 828 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html">CreateCertificateAuthorityAuditReport</a> 829 * action. Audit information is created every time the certificate authority (CA) 830 * private key is used. The private key is used when you call the <a 831 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html">IssueCertificate</a> 832 * action or the <a 833 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html">RevokeCertificate</a> 834 * action. </p><p><h3>See Also:</h3> <a 835 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReport">AWS 836 * API Reference</a></p> 837 * 838 * returns a future to the operation so that it can be executed in parallel to other requests. 839 */ 840 virtual Model::DescribeCertificateAuthorityAuditReportOutcomeCallable DescribeCertificateAuthorityAuditReportCallable(const Model::DescribeCertificateAuthorityAuditReportRequest& request) const; 841 842 /** 843 * <p>Lists information about a specific audit report created by calling the <a 844 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html">CreateCertificateAuthorityAuditReport</a> 845 * action. Audit information is created every time the certificate authority (CA) 846 * private key is used. The private key is used when you call the <a 847 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html">IssueCertificate</a> 848 * action or the <a 849 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_RevokeCertificate.html">RevokeCertificate</a> 850 * action. </p><p><h3>See Also:</h3> <a 851 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/DescribeCertificateAuthorityAuditReport">AWS 852 * API Reference</a></p> 853 * 854 * Queues the request into a thread executor and triggers associated callback when operation has finished. 855 */ 856 virtual void DescribeCertificateAuthorityAuditReportAsync(const Model::DescribeCertificateAuthorityAuditReportRequest& request, const DescribeCertificateAuthorityAuditReportResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 857 858 /** 859 * <p>Retrieves a certificate from your private CA or one that has been shared with 860 * you. The ARN of the certificate is returned when you call the <a 861 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html">IssueCertificate</a> 862 * action. You must specify both the ARN of your private CA and the ARN of the 863 * issued certificate when calling the <b>GetCertificate</b> action. You can 864 * retrieve the certificate if it is in the <b>ISSUED</b> state. You can call the 865 * <a 866 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html">CreateCertificateAuthorityAuditReport</a> 867 * action to create a report that contains information about all of the 868 * certificates issued and revoked by your private CA. </p><p><h3>See Also:</h3> 869 * <a 870 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificate">AWS 871 * API Reference</a></p> 872 */ 873 virtual Model::GetCertificateOutcome GetCertificate(const Model::GetCertificateRequest& request) const; 874 875 /** 876 * <p>Retrieves a certificate from your private CA or one that has been shared with 877 * you. The ARN of the certificate is returned when you call the <a 878 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html">IssueCertificate</a> 879 * action. You must specify both the ARN of your private CA and the ARN of the 880 * issued certificate when calling the <b>GetCertificate</b> action. You can 881 * retrieve the certificate if it is in the <b>ISSUED</b> state. You can call the 882 * <a 883 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html">CreateCertificateAuthorityAuditReport</a> 884 * action to create a report that contains information about all of the 885 * certificates issued and revoked by your private CA. </p><p><h3>See Also:</h3> 886 * <a 887 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificate">AWS 888 * API Reference</a></p> 889 * 890 * returns a future to the operation so that it can be executed in parallel to other requests. 891 */ 892 virtual Model::GetCertificateOutcomeCallable GetCertificateCallable(const Model::GetCertificateRequest& request) const; 893 894 /** 895 * <p>Retrieves a certificate from your private CA or one that has been shared with 896 * you. The ARN of the certificate is returned when you call the <a 897 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_IssueCertificate.html">IssueCertificate</a> 898 * action. You must specify both the ARN of your private CA and the ARN of the 899 * issued certificate when calling the <b>GetCertificate</b> action. You can 900 * retrieve the certificate if it is in the <b>ISSUED</b> state. You can call the 901 * <a 902 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html">CreateCertificateAuthorityAuditReport</a> 903 * action to create a report that contains information about all of the 904 * certificates issued and revoked by your private CA. </p><p><h3>See Also:</h3> 905 * <a 906 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificate">AWS 907 * API Reference</a></p> 908 * 909 * Queues the request into a thread executor and triggers associated callback when operation has finished. 910 */ 911 virtual void GetCertificateAsync(const Model::GetCertificateRequest& request, const GetCertificateResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 912 913 /** 914 * <p>Retrieves the certificate and certificate chain for your private certificate 915 * authority (CA) or one that has been shared with you. Both the certificate and 916 * the chain are base64 PEM-encoded. The chain does not include the CA certificate. 917 * Each certificate in the chain signs the one before it. </p><p><h3>See Also:</h3> 918 * <a 919 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCertificate">AWS 920 * API Reference</a></p> 921 */ 922 virtual Model::GetCertificateAuthorityCertificateOutcome GetCertificateAuthorityCertificate(const Model::GetCertificateAuthorityCertificateRequest& request) const; 923 924 /** 925 * <p>Retrieves the certificate and certificate chain for your private certificate 926 * authority (CA) or one that has been shared with you. Both the certificate and 927 * the chain are base64 PEM-encoded. The chain does not include the CA certificate. 928 * Each certificate in the chain signs the one before it. </p><p><h3>See Also:</h3> 929 * <a 930 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCertificate">AWS 931 * API Reference</a></p> 932 * 933 * returns a future to the operation so that it can be executed in parallel to other requests. 934 */ 935 virtual Model::GetCertificateAuthorityCertificateOutcomeCallable GetCertificateAuthorityCertificateCallable(const Model::GetCertificateAuthorityCertificateRequest& request) const; 936 937 /** 938 * <p>Retrieves the certificate and certificate chain for your private certificate 939 * authority (CA) or one that has been shared with you. Both the certificate and 940 * the chain are base64 PEM-encoded. The chain does not include the CA certificate. 941 * Each certificate in the chain signs the one before it. </p><p><h3>See Also:</h3> 942 * <a 943 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCertificate">AWS 944 * API Reference</a></p> 945 * 946 * Queues the request into a thread executor and triggers associated callback when operation has finished. 947 */ 948 virtual void GetCertificateAuthorityCertificateAsync(const Model::GetCertificateAuthorityCertificateRequest& request, const GetCertificateAuthorityCertificateResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 949 950 /** 951 * <p>Retrieves the certificate signing request (CSR) for your private certificate 952 * authority (CA). The CSR is created when you call the <a 953 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html">CreateCertificateAuthority</a> 954 * action. Sign the CSR with your ACM Private CA-hosted or on-premises root or 955 * subordinate CA. Then import the signed certificate back into ACM Private CA by 956 * calling the <a 957 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html">ImportCertificateAuthorityCertificate</a> 958 * action. The CSR is returned as a base64 PEM-encoded string. </p><p><h3>See 959 * Also:</h3> <a 960 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsr">AWS 961 * API Reference</a></p> 962 */ 963 virtual Model::GetCertificateAuthorityCsrOutcome GetCertificateAuthorityCsr(const Model::GetCertificateAuthorityCsrRequest& request) const; 964 965 /** 966 * <p>Retrieves the certificate signing request (CSR) for your private certificate 967 * authority (CA). The CSR is created when you call the <a 968 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html">CreateCertificateAuthority</a> 969 * action. Sign the CSR with your ACM Private CA-hosted or on-premises root or 970 * subordinate CA. Then import the signed certificate back into ACM Private CA by 971 * calling the <a 972 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html">ImportCertificateAuthorityCertificate</a> 973 * action. The CSR is returned as a base64 PEM-encoded string. </p><p><h3>See 974 * Also:</h3> <a 975 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsr">AWS 976 * API Reference</a></p> 977 * 978 * returns a future to the operation so that it can be executed in parallel to other requests. 979 */ 980 virtual Model::GetCertificateAuthorityCsrOutcomeCallable GetCertificateAuthorityCsrCallable(const Model::GetCertificateAuthorityCsrRequest& request) const; 981 982 /** 983 * <p>Retrieves the certificate signing request (CSR) for your private certificate 984 * authority (CA). The CSR is created when you call the <a 985 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html">CreateCertificateAuthority</a> 986 * action. Sign the CSR with your ACM Private CA-hosted or on-premises root or 987 * subordinate CA. Then import the signed certificate back into ACM Private CA by 988 * calling the <a 989 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html">ImportCertificateAuthorityCertificate</a> 990 * action. The CSR is returned as a base64 PEM-encoded string. </p><p><h3>See 991 * Also:</h3> <a 992 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetCertificateAuthorityCsr">AWS 993 * API Reference</a></p> 994 * 995 * Queues the request into a thread executor and triggers associated callback when operation has finished. 996 */ 997 virtual void GetCertificateAuthorityCsrAsync(const Model::GetCertificateAuthorityCsrRequest& request, const GetCertificateAuthorityCsrResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 998 999 /** 1000 * <p>Retrieves the resource-based policy attached to a private CA. If either the 1001 * private CA resource or the policy cannot be found, this action returns a 1002 * <code>ResourceNotFoundException</code>. </p> <p>The policy can be attached or 1003 * updated with <a 1004 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html">PutPolicy</a> 1005 * and removed with <a 1006 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html">DeletePolicy</a>.</p> 1007 * <p class="title"> <b>About Policies</b> </p> <ul> <li> <p>A policy grants access 1008 * on a private CA to an AWS customer account, to AWS Organizations, or to an AWS 1009 * Organizations unit. Policies are under the control of a CA administrator. For 1010 * more information, see <a 1011 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 1012 * Resource Based Policy with ACM Private CA</a>.</p> </li> <li> <p>A policy 1013 * permits a user of AWS Certificate Manager (ACM) to issue ACM certificates signed 1014 * by a CA in another account.</p> </li> <li> <p>For ACM to manage automatic 1015 * renewal of these certificates, the ACM user must configure a Service Linked Role 1016 * (SLR). The SLR allows the ACM service to assume the identity of the user, 1017 * subject to confirmation against the ACM Private CA policy. For more information, 1018 * see <a 1019 * href="https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html">Using a 1020 * Service Linked Role with ACM</a>.</p> </li> <li> <p>Updates made in AWS Resource 1021 * Manager (RAM) are reflected in policies. For more information, see <a 1022 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html">Attach 1023 * a Policy for Cross-Account Access</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 1024 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicy">AWS 1025 * API Reference</a></p> 1026 */ 1027 virtual Model::GetPolicyOutcome GetPolicy(const Model::GetPolicyRequest& request) const; 1028 1029 /** 1030 * <p>Retrieves the resource-based policy attached to a private CA. If either the 1031 * private CA resource or the policy cannot be found, this action returns a 1032 * <code>ResourceNotFoundException</code>. </p> <p>The policy can be attached or 1033 * updated with <a 1034 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html">PutPolicy</a> 1035 * and removed with <a 1036 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html">DeletePolicy</a>.</p> 1037 * <p class="title"> <b>About Policies</b> </p> <ul> <li> <p>A policy grants access 1038 * on a private CA to an AWS customer account, to AWS Organizations, or to an AWS 1039 * Organizations unit. Policies are under the control of a CA administrator. For 1040 * more information, see <a 1041 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 1042 * Resource Based Policy with ACM Private CA</a>.</p> </li> <li> <p>A policy 1043 * permits a user of AWS Certificate Manager (ACM) to issue ACM certificates signed 1044 * by a CA in another account.</p> </li> <li> <p>For ACM to manage automatic 1045 * renewal of these certificates, the ACM user must configure a Service Linked Role 1046 * (SLR). The SLR allows the ACM service to assume the identity of the user, 1047 * subject to confirmation against the ACM Private CA policy. For more information, 1048 * see <a 1049 * href="https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html">Using a 1050 * Service Linked Role with ACM</a>.</p> </li> <li> <p>Updates made in AWS Resource 1051 * Manager (RAM) are reflected in policies. For more information, see <a 1052 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html">Attach 1053 * a Policy for Cross-Account Access</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 1054 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicy">AWS 1055 * API Reference</a></p> 1056 * 1057 * returns a future to the operation so that it can be executed in parallel to other requests. 1058 */ 1059 virtual Model::GetPolicyOutcomeCallable GetPolicyCallable(const Model::GetPolicyRequest& request) const; 1060 1061 /** 1062 * <p>Retrieves the resource-based policy attached to a private CA. If either the 1063 * private CA resource or the policy cannot be found, this action returns a 1064 * <code>ResourceNotFoundException</code>. </p> <p>The policy can be attached or 1065 * updated with <a 1066 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_PutPolicy.html">PutPolicy</a> 1067 * and removed with <a 1068 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html">DeletePolicy</a>.</p> 1069 * <p class="title"> <b>About Policies</b> </p> <ul> <li> <p>A policy grants access 1070 * on a private CA to an AWS customer account, to AWS Organizations, or to an AWS 1071 * Organizations unit. Policies are under the control of a CA administrator. For 1072 * more information, see <a 1073 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 1074 * Resource Based Policy with ACM Private CA</a>.</p> </li> <li> <p>A policy 1075 * permits a user of AWS Certificate Manager (ACM) to issue ACM certificates signed 1076 * by a CA in another account.</p> </li> <li> <p>For ACM to manage automatic 1077 * renewal of these certificates, the ACM user must configure a Service Linked Role 1078 * (SLR). The SLR allows the ACM service to assume the identity of the user, 1079 * subject to confirmation against the ACM Private CA policy. For more information, 1080 * see <a 1081 * href="https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html">Using a 1082 * Service Linked Role with ACM</a>.</p> </li> <li> <p>Updates made in AWS Resource 1083 * Manager (RAM) are reflected in policies. For more information, see <a 1084 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html">Attach 1085 * a Policy for Cross-Account Access</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 1086 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/GetPolicy">AWS 1087 * API Reference</a></p> 1088 * 1089 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1090 */ 1091 virtual void GetPolicyAsync(const Model::GetPolicyRequest& request, const GetPolicyResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1092 1093 /** 1094 * <p>Imports a signed private CA certificate into ACM Private CA. This action is 1095 * used when you are using a chain of trust whose root is located outside ACM 1096 * Private CA. Before you can call this action, the following preparations must in 1097 * place:</p> <ol> <li> <p>In ACM Private CA, call the <a 1098 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html">CreateCertificateAuthority</a> 1099 * action to create the private CA that you plan to back with the imported 1100 * certificate.</p> </li> <li> <p>Call the <a 1101 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCsr.html">GetCertificateAuthorityCsr</a> 1102 * action to generate a certificate signing request (CSR).</p> </li> <li> <p>Sign 1103 * the CSR using a root or intermediate CA hosted by either an on-premises PKI 1104 * hierarchy or by a commercial CA.</p> </li> <li> <p>Create a certificate chain 1105 * and copy the signed certificate and the certificate chain to your working 1106 * directory.</p> </li> </ol> <p>ACM Private CA supports three scenarios for 1107 * installing a CA certificate:</p> <ul> <li> <p>Installing a certificate for a 1108 * root CA hosted by ACM Private CA.</p> </li> <li> <p>Installing a subordinate CA 1109 * certificate whose parent authority is hosted by ACM Private CA.</p> </li> <li> 1110 * <p>Installing a subordinate CA certificate whose parent authority is externally 1111 * hosted.</p> </li> </ul> <p>The following additional requirements apply when you 1112 * import a CA certificate.</p> <ul> <li> <p>Only a self-signed certificate can be 1113 * imported as a root CA.</p> </li> <li> <p>A self-signed certificate cannot be 1114 * imported as a subordinate CA.</p> </li> <li> <p>Your certificate chain must not 1115 * include the private CA certificate that you are importing.</p> </li> <li> 1116 * <p>Your root CA must be the last certificate in your chain. The subordinate 1117 * certificate, if any, that your root CA signed must be next to last. The 1118 * subordinate certificate signed by the preceding subordinate CA must come next, 1119 * and so on until your chain is built. </p> </li> <li> <p>The chain must be 1120 * PEM-encoded.</p> </li> <li> <p>The maximum allowed size of a certificate is 32 1121 * KB.</p> </li> <li> <p>The maximum allowed size of a certificate chain is 2 1122 * MB.</p> </li> </ul> <p> <i>Enforcement of Critical Constraints</i> </p> <p>ACM 1123 * Private CA allows the following extensions to be marked critical in the imported 1124 * CA certificate or chain.</p> <ul> <li> <p>Basic constraints (<i>must</i> be 1125 * marked critical)</p> </li> <li> <p>Subject alternative names</p> </li> <li> 1126 * <p>Key usage</p> </li> <li> <p>Extended key usage</p> </li> <li> <p>Authority 1127 * key identifier</p> </li> <li> <p>Subject key identifier</p> </li> <li> <p>Issuer 1128 * alternative name</p> </li> <li> <p>Subject directory attributes</p> </li> <li> 1129 * <p>Subject information access</p> </li> <li> <p>Certificate policies</p> </li> 1130 * <li> <p>Policy mappings</p> </li> <li> <p>Inhibit anyPolicy</p> </li> </ul> 1131 * <p>ACM Private CA rejects the following extensions when they are marked critical 1132 * in an imported CA certificate or chain.</p> <ul> <li> <p>Name constraints</p> 1133 * </li> <li> <p>Policy constraints</p> </li> <li> <p>CRL distribution points</p> 1134 * </li> <li> <p>Authority information access</p> </li> <li> <p>Freshest CRL</p> 1135 * </li> <li> <p>Any other extension</p> </li> </ul><p><h3>See Also:</h3> <a 1136 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ImportCertificateAuthorityCertificate">AWS 1137 * API Reference</a></p> 1138 */ 1139 virtual Model::ImportCertificateAuthorityCertificateOutcome ImportCertificateAuthorityCertificate(const Model::ImportCertificateAuthorityCertificateRequest& request) const; 1140 1141 /** 1142 * <p>Imports a signed private CA certificate into ACM Private CA. This action is 1143 * used when you are using a chain of trust whose root is located outside ACM 1144 * Private CA. Before you can call this action, the following preparations must in 1145 * place:</p> <ol> <li> <p>In ACM Private CA, call the <a 1146 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html">CreateCertificateAuthority</a> 1147 * action to create the private CA that you plan to back with the imported 1148 * certificate.</p> </li> <li> <p>Call the <a 1149 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCsr.html">GetCertificateAuthorityCsr</a> 1150 * action to generate a certificate signing request (CSR).</p> </li> <li> <p>Sign 1151 * the CSR using a root or intermediate CA hosted by either an on-premises PKI 1152 * hierarchy or by a commercial CA.</p> </li> <li> <p>Create a certificate chain 1153 * and copy the signed certificate and the certificate chain to your working 1154 * directory.</p> </li> </ol> <p>ACM Private CA supports three scenarios for 1155 * installing a CA certificate:</p> <ul> <li> <p>Installing a certificate for a 1156 * root CA hosted by ACM Private CA.</p> </li> <li> <p>Installing a subordinate CA 1157 * certificate whose parent authority is hosted by ACM Private CA.</p> </li> <li> 1158 * <p>Installing a subordinate CA certificate whose parent authority is externally 1159 * hosted.</p> </li> </ul> <p>The following additional requirements apply when you 1160 * import a CA certificate.</p> <ul> <li> <p>Only a self-signed certificate can be 1161 * imported as a root CA.</p> </li> <li> <p>A self-signed certificate cannot be 1162 * imported as a subordinate CA.</p> </li> <li> <p>Your certificate chain must not 1163 * include the private CA certificate that you are importing.</p> </li> <li> 1164 * <p>Your root CA must be the last certificate in your chain. The subordinate 1165 * certificate, if any, that your root CA signed must be next to last. The 1166 * subordinate certificate signed by the preceding subordinate CA must come next, 1167 * and so on until your chain is built. </p> </li> <li> <p>The chain must be 1168 * PEM-encoded.</p> </li> <li> <p>The maximum allowed size of a certificate is 32 1169 * KB.</p> </li> <li> <p>The maximum allowed size of a certificate chain is 2 1170 * MB.</p> </li> </ul> <p> <i>Enforcement of Critical Constraints</i> </p> <p>ACM 1171 * Private CA allows the following extensions to be marked critical in the imported 1172 * CA certificate or chain.</p> <ul> <li> <p>Basic constraints (<i>must</i> be 1173 * marked critical)</p> </li> <li> <p>Subject alternative names</p> </li> <li> 1174 * <p>Key usage</p> </li> <li> <p>Extended key usage</p> </li> <li> <p>Authority 1175 * key identifier</p> </li> <li> <p>Subject key identifier</p> </li> <li> <p>Issuer 1176 * alternative name</p> </li> <li> <p>Subject directory attributes</p> </li> <li> 1177 * <p>Subject information access</p> </li> <li> <p>Certificate policies</p> </li> 1178 * <li> <p>Policy mappings</p> </li> <li> <p>Inhibit anyPolicy</p> </li> </ul> 1179 * <p>ACM Private CA rejects the following extensions when they are marked critical 1180 * in an imported CA certificate or chain.</p> <ul> <li> <p>Name constraints</p> 1181 * </li> <li> <p>Policy constraints</p> </li> <li> <p>CRL distribution points</p> 1182 * </li> <li> <p>Authority information access</p> </li> <li> <p>Freshest CRL</p> 1183 * </li> <li> <p>Any other extension</p> </li> </ul><p><h3>See Also:</h3> <a 1184 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ImportCertificateAuthorityCertificate">AWS 1185 * API Reference</a></p> 1186 * 1187 * returns a future to the operation so that it can be executed in parallel to other requests. 1188 */ 1189 virtual Model::ImportCertificateAuthorityCertificateOutcomeCallable ImportCertificateAuthorityCertificateCallable(const Model::ImportCertificateAuthorityCertificateRequest& request) const; 1190 1191 /** 1192 * <p>Imports a signed private CA certificate into ACM Private CA. This action is 1193 * used when you are using a chain of trust whose root is located outside ACM 1194 * Private CA. Before you can call this action, the following preparations must in 1195 * place:</p> <ol> <li> <p>In ACM Private CA, call the <a 1196 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html">CreateCertificateAuthority</a> 1197 * action to create the private CA that you plan to back with the imported 1198 * certificate.</p> </li> <li> <p>Call the <a 1199 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificateAuthorityCsr.html">GetCertificateAuthorityCsr</a> 1200 * action to generate a certificate signing request (CSR).</p> </li> <li> <p>Sign 1201 * the CSR using a root or intermediate CA hosted by either an on-premises PKI 1202 * hierarchy or by a commercial CA.</p> </li> <li> <p>Create a certificate chain 1203 * and copy the signed certificate and the certificate chain to your working 1204 * directory.</p> </li> </ol> <p>ACM Private CA supports three scenarios for 1205 * installing a CA certificate:</p> <ul> <li> <p>Installing a certificate for a 1206 * root CA hosted by ACM Private CA.</p> </li> <li> <p>Installing a subordinate CA 1207 * certificate whose parent authority is hosted by ACM Private CA.</p> </li> <li> 1208 * <p>Installing a subordinate CA certificate whose parent authority is externally 1209 * hosted.</p> </li> </ul> <p>The following additional requirements apply when you 1210 * import a CA certificate.</p> <ul> <li> <p>Only a self-signed certificate can be 1211 * imported as a root CA.</p> </li> <li> <p>A self-signed certificate cannot be 1212 * imported as a subordinate CA.</p> </li> <li> <p>Your certificate chain must not 1213 * include the private CA certificate that you are importing.</p> </li> <li> 1214 * <p>Your root CA must be the last certificate in your chain. The subordinate 1215 * certificate, if any, that your root CA signed must be next to last. The 1216 * subordinate certificate signed by the preceding subordinate CA must come next, 1217 * and so on until your chain is built. </p> </li> <li> <p>The chain must be 1218 * PEM-encoded.</p> </li> <li> <p>The maximum allowed size of a certificate is 32 1219 * KB.</p> </li> <li> <p>The maximum allowed size of a certificate chain is 2 1220 * MB.</p> </li> </ul> <p> <i>Enforcement of Critical Constraints</i> </p> <p>ACM 1221 * Private CA allows the following extensions to be marked critical in the imported 1222 * CA certificate or chain.</p> <ul> <li> <p>Basic constraints (<i>must</i> be 1223 * marked critical)</p> </li> <li> <p>Subject alternative names</p> </li> <li> 1224 * <p>Key usage</p> </li> <li> <p>Extended key usage</p> </li> <li> <p>Authority 1225 * key identifier</p> </li> <li> <p>Subject key identifier</p> </li> <li> <p>Issuer 1226 * alternative name</p> </li> <li> <p>Subject directory attributes</p> </li> <li> 1227 * <p>Subject information access</p> </li> <li> <p>Certificate policies</p> </li> 1228 * <li> <p>Policy mappings</p> </li> <li> <p>Inhibit anyPolicy</p> </li> </ul> 1229 * <p>ACM Private CA rejects the following extensions when they are marked critical 1230 * in an imported CA certificate or chain.</p> <ul> <li> <p>Name constraints</p> 1231 * </li> <li> <p>Policy constraints</p> </li> <li> <p>CRL distribution points</p> 1232 * </li> <li> <p>Authority information access</p> </li> <li> <p>Freshest CRL</p> 1233 * </li> <li> <p>Any other extension</p> </li> </ul><p><h3>See Also:</h3> <a 1234 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ImportCertificateAuthorityCertificate">AWS 1235 * API Reference</a></p> 1236 * 1237 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1238 */ 1239 virtual void ImportCertificateAuthorityCertificateAsync(const Model::ImportCertificateAuthorityCertificateRequest& request, const ImportCertificateAuthorityCertificateResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1240 1241 /** 1242 * <p>Uses your private certificate authority (CA), or one that has been shared 1243 * with you, to issue a client certificate. This action returns the Amazon Resource 1244 * Name (ARN) of the certificate. You can retrieve the certificate by calling the 1245 * <a 1246 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html">GetCertificate</a> 1247 * action and specifying the ARN. </p> <p>You cannot use the ACM 1248 * <b>ListCertificateAuthorities</b> action to retrieve the ARNs of the 1249 * certificates that you issue by using ACM Private CA.</p> <p><h3>See 1250 * Also:</h3> <a 1251 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificate">AWS 1252 * API Reference</a></p> 1253 */ 1254 virtual Model::IssueCertificateOutcome IssueCertificate(const Model::IssueCertificateRequest& request) const; 1255 1256 /** 1257 * <p>Uses your private certificate authority (CA), or one that has been shared 1258 * with you, to issue a client certificate. This action returns the Amazon Resource 1259 * Name (ARN) of the certificate. You can retrieve the certificate by calling the 1260 * <a 1261 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html">GetCertificate</a> 1262 * action and specifying the ARN. </p> <p>You cannot use the ACM 1263 * <b>ListCertificateAuthorities</b> action to retrieve the ARNs of the 1264 * certificates that you issue by using ACM Private CA.</p> <p><h3>See 1265 * Also:</h3> <a 1266 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificate">AWS 1267 * API Reference</a></p> 1268 * 1269 * returns a future to the operation so that it can be executed in parallel to other requests. 1270 */ 1271 virtual Model::IssueCertificateOutcomeCallable IssueCertificateCallable(const Model::IssueCertificateRequest& request) const; 1272 1273 /** 1274 * <p>Uses your private certificate authority (CA), or one that has been shared 1275 * with you, to issue a client certificate. This action returns the Amazon Resource 1276 * Name (ARN) of the certificate. You can retrieve the certificate by calling the 1277 * <a 1278 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetCertificate.html">GetCertificate</a> 1279 * action and specifying the ARN. </p> <p>You cannot use the ACM 1280 * <b>ListCertificateAuthorities</b> action to retrieve the ARNs of the 1281 * certificates that you issue by using ACM Private CA.</p> <p><h3>See 1282 * Also:</h3> <a 1283 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/IssueCertificate">AWS 1284 * API Reference</a></p> 1285 * 1286 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1287 */ 1288 virtual void IssueCertificateAsync(const Model::IssueCertificateRequest& request, const IssueCertificateResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1289 1290 /** 1291 * <p>Lists the private certificate authorities that you created by using the <a 1292 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html">CreateCertificateAuthority</a> 1293 * action.</p><p><h3>See Also:</h3> <a 1294 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthorities">AWS 1295 * API Reference</a></p> 1296 */ 1297 virtual Model::ListCertificateAuthoritiesOutcome ListCertificateAuthorities(const Model::ListCertificateAuthoritiesRequest& request) const; 1298 1299 /** 1300 * <p>Lists the private certificate authorities that you created by using the <a 1301 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html">CreateCertificateAuthority</a> 1302 * action.</p><p><h3>See Also:</h3> <a 1303 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthorities">AWS 1304 * API Reference</a></p> 1305 * 1306 * returns a future to the operation so that it can be executed in parallel to other requests. 1307 */ 1308 virtual Model::ListCertificateAuthoritiesOutcomeCallable ListCertificateAuthoritiesCallable(const Model::ListCertificateAuthoritiesRequest& request) const; 1309 1310 /** 1311 * <p>Lists the private certificate authorities that you created by using the <a 1312 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthority.html">CreateCertificateAuthority</a> 1313 * action.</p><p><h3>See Also:</h3> <a 1314 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListCertificateAuthorities">AWS 1315 * API Reference</a></p> 1316 * 1317 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1318 */ 1319 virtual void ListCertificateAuthoritiesAsync(const Model::ListCertificateAuthoritiesRequest& request, const ListCertificateAuthoritiesResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1320 1321 /** 1322 * <p>List all permissions on a private CA, if any, granted to the AWS Certificate 1323 * Manager (ACM) service principal (acm.amazonaws.com). </p> <p>These permissions 1324 * allow ACM to issue and renew ACM certificates that reside in the same AWS 1325 * account as the CA. </p> <p>Permissions can be granted with the <a 1326 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html">CreatePermission</a> 1327 * action and revoked with the <a 1328 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html">DeletePermission</a> 1329 * action.</p> <p class="title"> <b>About Permissions</b> </p> <ul> <li> <p>If the 1330 * private CA and the certificates it issues reside in the same account, you can 1331 * use <code>CreatePermission</code> to grant permissions for ACM to carry out 1332 * automatic certificate renewals.</p> </li> <li> <p>For automatic certificate 1333 * renewal to succeed, the ACM service principal needs permissions to create, 1334 * retrieve, and list certificates.</p> </li> <li> <p>If the private CA and the ACM 1335 * certificates reside in different accounts, then permissions cannot be used to 1336 * enable automatic renewals. Instead, the ACM certificate owner must set up a 1337 * resource-based policy to enable cross-account issuance and renewals. For more 1338 * information, see <a 1339 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 1340 * Resource Based Policy with ACM Private CA</a>.</p> </li> </ul><p><h3>See 1341 * Also:</h3> <a 1342 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissions">AWS 1343 * API Reference</a></p> 1344 */ 1345 virtual Model::ListPermissionsOutcome ListPermissions(const Model::ListPermissionsRequest& request) const; 1346 1347 /** 1348 * <p>List all permissions on a private CA, if any, granted to the AWS Certificate 1349 * Manager (ACM) service principal (acm.amazonaws.com). </p> <p>These permissions 1350 * allow ACM to issue and renew ACM certificates that reside in the same AWS 1351 * account as the CA. </p> <p>Permissions can be granted with the <a 1352 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html">CreatePermission</a> 1353 * action and revoked with the <a 1354 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html">DeletePermission</a> 1355 * action.</p> <p class="title"> <b>About Permissions</b> </p> <ul> <li> <p>If the 1356 * private CA and the certificates it issues reside in the same account, you can 1357 * use <code>CreatePermission</code> to grant permissions for ACM to carry out 1358 * automatic certificate renewals.</p> </li> <li> <p>For automatic certificate 1359 * renewal to succeed, the ACM service principal needs permissions to create, 1360 * retrieve, and list certificates.</p> </li> <li> <p>If the private CA and the ACM 1361 * certificates reside in different accounts, then permissions cannot be used to 1362 * enable automatic renewals. Instead, the ACM certificate owner must set up a 1363 * resource-based policy to enable cross-account issuance and renewals. For more 1364 * information, see <a 1365 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 1366 * Resource Based Policy with ACM Private CA</a>.</p> </li> </ul><p><h3>See 1367 * Also:</h3> <a 1368 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissions">AWS 1369 * API Reference</a></p> 1370 * 1371 * returns a future to the operation so that it can be executed in parallel to other requests. 1372 */ 1373 virtual Model::ListPermissionsOutcomeCallable ListPermissionsCallable(const Model::ListPermissionsRequest& request) const; 1374 1375 /** 1376 * <p>List all permissions on a private CA, if any, granted to the AWS Certificate 1377 * Manager (ACM) service principal (acm.amazonaws.com). </p> <p>These permissions 1378 * allow ACM to issue and renew ACM certificates that reside in the same AWS 1379 * account as the CA. </p> <p>Permissions can be granted with the <a 1380 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html">CreatePermission</a> 1381 * action and revoked with the <a 1382 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html">DeletePermission</a> 1383 * action.</p> <p class="title"> <b>About Permissions</b> </p> <ul> <li> <p>If the 1384 * private CA and the certificates it issues reside in the same account, you can 1385 * use <code>CreatePermission</code> to grant permissions for ACM to carry out 1386 * automatic certificate renewals.</p> </li> <li> <p>For automatic certificate 1387 * renewal to succeed, the ACM service principal needs permissions to create, 1388 * retrieve, and list certificates.</p> </li> <li> <p>If the private CA and the ACM 1389 * certificates reside in different accounts, then permissions cannot be used to 1390 * enable automatic renewals. Instead, the ACM certificate owner must set up a 1391 * resource-based policy to enable cross-account issuance and renewals. For more 1392 * information, see <a 1393 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 1394 * Resource Based Policy with ACM Private CA</a>.</p> </li> </ul><p><h3>See 1395 * Also:</h3> <a 1396 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListPermissions">AWS 1397 * API Reference</a></p> 1398 * 1399 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1400 */ 1401 virtual void ListPermissionsAsync(const Model::ListPermissionsRequest& request, const ListPermissionsResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1402 1403 /** 1404 * <p>Lists the tags, if any, that are associated with your private CA or one that 1405 * has been shared with you. Tags are labels that you can use to identify and 1406 * organize your CAs. Each tag consists of a key and an optional value. Call the <a 1407 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html">TagCertificateAuthority</a> 1408 * action to add one or more tags to your CA. Call the <a 1409 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html">UntagCertificateAuthority</a> 1410 * action to remove tags. </p><p><h3>See Also:</h3> <a 1411 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListTags">AWS 1412 * API Reference</a></p> 1413 */ 1414 virtual Model::ListTagsOutcome ListTags(const Model::ListTagsRequest& request) const; 1415 1416 /** 1417 * <p>Lists the tags, if any, that are associated with your private CA or one that 1418 * has been shared with you. Tags are labels that you can use to identify and 1419 * organize your CAs. Each tag consists of a key and an optional value. Call the <a 1420 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html">TagCertificateAuthority</a> 1421 * action to add one or more tags to your CA. Call the <a 1422 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html">UntagCertificateAuthority</a> 1423 * action to remove tags. </p><p><h3>See Also:</h3> <a 1424 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListTags">AWS 1425 * API Reference</a></p> 1426 * 1427 * returns a future to the operation so that it can be executed in parallel to other requests. 1428 */ 1429 virtual Model::ListTagsOutcomeCallable ListTagsCallable(const Model::ListTagsRequest& request) const; 1430 1431 /** 1432 * <p>Lists the tags, if any, that are associated with your private CA or one that 1433 * has been shared with you. Tags are labels that you can use to identify and 1434 * organize your CAs. Each tag consists of a key and an optional value. Call the <a 1435 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html">TagCertificateAuthority</a> 1436 * action to add one or more tags to your CA. Call the <a 1437 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html">UntagCertificateAuthority</a> 1438 * action to remove tags. </p><p><h3>See Also:</h3> <a 1439 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/ListTags">AWS 1440 * API Reference</a></p> 1441 * 1442 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1443 */ 1444 virtual void ListTagsAsync(const Model::ListTagsRequest& request, const ListTagsResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1445 1446 /** 1447 * <p>Attaches a resource-based policy to a private CA. </p> <p>A policy can also 1448 * be applied by sharing a private CA through AWS Resource Access Manager (RAM). 1449 * For more information, see <a 1450 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html">Attach 1451 * a Policy for Cross-Account Access</a>.</p> <p>The policy can be displayed with 1452 * <a 1453 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html">GetPolicy</a> 1454 * and removed with <a 1455 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html">DeletePolicy</a>.</p> 1456 * <p class="title"> <b>About Policies</b> </p> <ul> <li> <p>A policy grants access 1457 * on a private CA to an AWS customer account, to AWS Organizations, or to an AWS 1458 * Organizations unit. Policies are under the control of a CA administrator. For 1459 * more information, see <a 1460 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 1461 * Resource Based Policy with ACM Private CA</a>.</p> </li> <li> <p>A policy 1462 * permits a user of AWS Certificate Manager (ACM) to issue ACM certificates signed 1463 * by a CA in another account.</p> </li> <li> <p>For ACM to manage automatic 1464 * renewal of these certificates, the ACM user must configure a Service Linked Role 1465 * (SLR). The SLR allows the ACM service to assume the identity of the user, 1466 * subject to confirmation against the ACM Private CA policy. For more information, 1467 * see <a 1468 * href="https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html">Using a 1469 * Service Linked Role with ACM</a>.</p> </li> <li> <p>Updates made in AWS Resource 1470 * Manager (RAM) are reflected in policies. For more information, see <a 1471 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html">Attach 1472 * a Policy for Cross-Account Access</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 1473 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PutPolicy">AWS 1474 * API Reference</a></p> 1475 */ 1476 virtual Model::PutPolicyOutcome PutPolicy(const Model::PutPolicyRequest& request) const; 1477 1478 /** 1479 * <p>Attaches a resource-based policy to a private CA. </p> <p>A policy can also 1480 * be applied by sharing a private CA through AWS Resource Access Manager (RAM). 1481 * For more information, see <a 1482 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html">Attach 1483 * a Policy for Cross-Account Access</a>.</p> <p>The policy can be displayed with 1484 * <a 1485 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html">GetPolicy</a> 1486 * and removed with <a 1487 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html">DeletePolicy</a>.</p> 1488 * <p class="title"> <b>About Policies</b> </p> <ul> <li> <p>A policy grants access 1489 * on a private CA to an AWS customer account, to AWS Organizations, or to an AWS 1490 * Organizations unit. Policies are under the control of a CA administrator. For 1491 * more information, see <a 1492 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 1493 * Resource Based Policy with ACM Private CA</a>.</p> </li> <li> <p>A policy 1494 * permits a user of AWS Certificate Manager (ACM) to issue ACM certificates signed 1495 * by a CA in another account.</p> </li> <li> <p>For ACM to manage automatic 1496 * renewal of these certificates, the ACM user must configure a Service Linked Role 1497 * (SLR). The SLR allows the ACM service to assume the identity of the user, 1498 * subject to confirmation against the ACM Private CA policy. For more information, 1499 * see <a 1500 * href="https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html">Using a 1501 * Service Linked Role with ACM</a>.</p> </li> <li> <p>Updates made in AWS Resource 1502 * Manager (RAM) are reflected in policies. For more information, see <a 1503 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html">Attach 1504 * a Policy for Cross-Account Access</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 1505 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PutPolicy">AWS 1506 * API Reference</a></p> 1507 * 1508 * returns a future to the operation so that it can be executed in parallel to other requests. 1509 */ 1510 virtual Model::PutPolicyOutcomeCallable PutPolicyCallable(const Model::PutPolicyRequest& request) const; 1511 1512 /** 1513 * <p>Attaches a resource-based policy to a private CA. </p> <p>A policy can also 1514 * be applied by sharing a private CA through AWS Resource Access Manager (RAM). 1515 * For more information, see <a 1516 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html">Attach 1517 * a Policy for Cross-Account Access</a>.</p> <p>The policy can be displayed with 1518 * <a 1519 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_GetPolicy.html">GetPolicy</a> 1520 * and removed with <a 1521 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePolicy.html">DeletePolicy</a>.</p> 1522 * <p class="title"> <b>About Policies</b> </p> <ul> <li> <p>A policy grants access 1523 * on a private CA to an AWS customer account, to AWS Organizations, or to an AWS 1524 * Organizations unit. Policies are under the control of a CA administrator. For 1525 * more information, see <a 1526 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html">Using a 1527 * Resource Based Policy with ACM Private CA</a>.</p> </li> <li> <p>A policy 1528 * permits a user of AWS Certificate Manager (ACM) to issue ACM certificates signed 1529 * by a CA in another account.</p> </li> <li> <p>For ACM to manage automatic 1530 * renewal of these certificates, the ACM user must configure a Service Linked Role 1531 * (SLR). The SLR allows the ACM service to assume the identity of the user, 1532 * subject to confirmation against the ACM Private CA policy. For more information, 1533 * see <a 1534 * href="https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html">Using a 1535 * Service Linked Role with ACM</a>.</p> </li> <li> <p>Updates made in AWS Resource 1536 * Manager (RAM) are reflected in policies. For more information, see <a 1537 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-ram.html">Attach 1538 * a Policy for Cross-Account Access</a>.</p> </li> </ul><p><h3>See Also:</h3> <a 1539 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/PutPolicy">AWS 1540 * API Reference</a></p> 1541 * 1542 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1543 */ 1544 virtual void PutPolicyAsync(const Model::PutPolicyRequest& request, const PutPolicyResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1545 1546 /** 1547 * <p>Restores a certificate authority (CA) that is in the <code>DELETED</code> 1548 * state. You can restore a CA during the period that you defined in the 1549 * <b>PermanentDeletionTimeInDays</b> parameter of the <a 1550 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html">DeleteCertificateAuthority</a> 1551 * action. Currently, you can specify 7 to 30 days. If you did not specify a 1552 * <b>PermanentDeletionTimeInDays</b> value, by default you can restore the CA at 1553 * any time in a 30 day period. You can check the time remaining in the restoration 1554 * period of a private CA in the <code>DELETED</code> state by calling the <a 1555 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html">DescribeCertificateAuthority</a> 1556 * or <a 1557 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html">ListCertificateAuthorities</a> 1558 * actions. The status of a restored CA is set to its pre-deletion status when the 1559 * <b>RestoreCertificateAuthority</b> action returns. To change its status to 1560 * <code>ACTIVE</code>, call the <a 1561 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> 1562 * action. If the private CA was in the <code>PENDING_CERTIFICATE</code> state at 1563 * deletion, you must use the <a 1564 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html">ImportCertificateAuthorityCertificate</a> 1565 * action to import a certificate authority into the private CA before it can be 1566 * activated. You cannot restore a CA after the restoration period has 1567 * ended.</p><p><h3>See Also:</h3> <a 1568 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthority">AWS 1569 * API Reference</a></p> 1570 */ 1571 virtual Model::RestoreCertificateAuthorityOutcome RestoreCertificateAuthority(const Model::RestoreCertificateAuthorityRequest& request) const; 1572 1573 /** 1574 * <p>Restores a certificate authority (CA) that is in the <code>DELETED</code> 1575 * state. You can restore a CA during the period that you defined in the 1576 * <b>PermanentDeletionTimeInDays</b> parameter of the <a 1577 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html">DeleteCertificateAuthority</a> 1578 * action. Currently, you can specify 7 to 30 days. If you did not specify a 1579 * <b>PermanentDeletionTimeInDays</b> value, by default you can restore the CA at 1580 * any time in a 30 day period. You can check the time remaining in the restoration 1581 * period of a private CA in the <code>DELETED</code> state by calling the <a 1582 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html">DescribeCertificateAuthority</a> 1583 * or <a 1584 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html">ListCertificateAuthorities</a> 1585 * actions. The status of a restored CA is set to its pre-deletion status when the 1586 * <b>RestoreCertificateAuthority</b> action returns. To change its status to 1587 * <code>ACTIVE</code>, call the <a 1588 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> 1589 * action. If the private CA was in the <code>PENDING_CERTIFICATE</code> state at 1590 * deletion, you must use the <a 1591 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html">ImportCertificateAuthorityCertificate</a> 1592 * action to import a certificate authority into the private CA before it can be 1593 * activated. You cannot restore a CA after the restoration period has 1594 * ended.</p><p><h3>See Also:</h3> <a 1595 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthority">AWS 1596 * API Reference</a></p> 1597 * 1598 * returns a future to the operation so that it can be executed in parallel to other requests. 1599 */ 1600 virtual Model::RestoreCertificateAuthorityOutcomeCallable RestoreCertificateAuthorityCallable(const Model::RestoreCertificateAuthorityRequest& request) const; 1601 1602 /** 1603 * <p>Restores a certificate authority (CA) that is in the <code>DELETED</code> 1604 * state. You can restore a CA during the period that you defined in the 1605 * <b>PermanentDeletionTimeInDays</b> parameter of the <a 1606 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeleteCertificateAuthority.html">DeleteCertificateAuthority</a> 1607 * action. Currently, you can specify 7 to 30 days. If you did not specify a 1608 * <b>PermanentDeletionTimeInDays</b> value, by default you can restore the CA at 1609 * any time in a 30 day period. You can check the time remaining in the restoration 1610 * period of a private CA in the <code>DELETED</code> state by calling the <a 1611 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_DescribeCertificateAuthority.html">DescribeCertificateAuthority</a> 1612 * or <a 1613 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListCertificateAuthorities.html">ListCertificateAuthorities</a> 1614 * actions. The status of a restored CA is set to its pre-deletion status when the 1615 * <b>RestoreCertificateAuthority</b> action returns. To change its status to 1616 * <code>ACTIVE</code>, call the <a 1617 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UpdateCertificateAuthority.html">UpdateCertificateAuthority</a> 1618 * action. If the private CA was in the <code>PENDING_CERTIFICATE</code> state at 1619 * deletion, you must use the <a 1620 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ImportCertificateAuthorityCertificate.html">ImportCertificateAuthorityCertificate</a> 1621 * action to import a certificate authority into the private CA before it can be 1622 * activated. You cannot restore a CA after the restoration period has 1623 * ended.</p><p><h3>See Also:</h3> <a 1624 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RestoreCertificateAuthority">AWS 1625 * API Reference</a></p> 1626 * 1627 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1628 */ 1629 virtual void RestoreCertificateAuthorityAsync(const Model::RestoreCertificateAuthorityRequest& request, const RestoreCertificateAuthorityResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1630 1631 /** 1632 * <p>Revokes a certificate that was issued inside ACM Private CA. If you enable a 1633 * certificate revocation list (CRL) when you create or update your private CA, 1634 * information about the revoked certificates will be included in the CRL. ACM 1635 * Private CA writes the CRL to an S3 bucket that you specify. A CRL is typically 1636 * updated approximately 30 minutes after a certificate is revoked. If for any 1637 * reason the CRL update fails, ACM Private CA attempts makes further attempts 1638 * every 15 minutes. With Amazon CloudWatch, you can create alarms for the metrics 1639 * <code>CRLGenerated</code> and <code>MisconfiguredCRLBucket</code>. For more 1640 * information, see <a 1641 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCloudWatch.html">Supported 1642 * CloudWatch Metrics</a>.</p> <p>Both PCA and the IAM principal must have 1643 * permission to write to the S3 bucket that you specify. If the IAM principal 1644 * making the call does not have permission to write to the bucket, then an 1645 * exception is thrown. For more information, see <a 1646 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html">Configure 1647 * Access to ACM Private CA</a>.</p> <p>ACM Private CA also writes 1648 * revocation information to the audit report. For more information, see <a 1649 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html">CreateCertificateAuthorityAuditReport</a>.</p> 1650 * <p>You cannot revoke a root CA self-signed certificate.</p> 1651 * <p><h3>See Also:</h3> <a 1652 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RevokeCertificate">AWS 1653 * API Reference</a></p> 1654 */ 1655 virtual Model::RevokeCertificateOutcome RevokeCertificate(const Model::RevokeCertificateRequest& request) const; 1656 1657 /** 1658 * <p>Revokes a certificate that was issued inside ACM Private CA. If you enable a 1659 * certificate revocation list (CRL) when you create or update your private CA, 1660 * information about the revoked certificates will be included in the CRL. ACM 1661 * Private CA writes the CRL to an S3 bucket that you specify. A CRL is typically 1662 * updated approximately 30 minutes after a certificate is revoked. If for any 1663 * reason the CRL update fails, ACM Private CA attempts makes further attempts 1664 * every 15 minutes. With Amazon CloudWatch, you can create alarms for the metrics 1665 * <code>CRLGenerated</code> and <code>MisconfiguredCRLBucket</code>. For more 1666 * information, see <a 1667 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCloudWatch.html">Supported 1668 * CloudWatch Metrics</a>.</p> <p>Both PCA and the IAM principal must have 1669 * permission to write to the S3 bucket that you specify. If the IAM principal 1670 * making the call does not have permission to write to the bucket, then an 1671 * exception is thrown. For more information, see <a 1672 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html">Configure 1673 * Access to ACM Private CA</a>.</p> <p>ACM Private CA also writes 1674 * revocation information to the audit report. For more information, see <a 1675 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html">CreateCertificateAuthorityAuditReport</a>.</p> 1676 * <p>You cannot revoke a root CA self-signed certificate.</p> 1677 * <p><h3>See Also:</h3> <a 1678 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RevokeCertificate">AWS 1679 * API Reference</a></p> 1680 * 1681 * returns a future to the operation so that it can be executed in parallel to other requests. 1682 */ 1683 virtual Model::RevokeCertificateOutcomeCallable RevokeCertificateCallable(const Model::RevokeCertificateRequest& request) const; 1684 1685 /** 1686 * <p>Revokes a certificate that was issued inside ACM Private CA. If you enable a 1687 * certificate revocation list (CRL) when you create or update your private CA, 1688 * information about the revoked certificates will be included in the CRL. ACM 1689 * Private CA writes the CRL to an S3 bucket that you specify. A CRL is typically 1690 * updated approximately 30 minutes after a certificate is revoked. If for any 1691 * reason the CRL update fails, ACM Private CA attempts makes further attempts 1692 * every 15 minutes. With Amazon CloudWatch, you can create alarms for the metrics 1693 * <code>CRLGenerated</code> and <code>MisconfiguredCRLBucket</code>. For more 1694 * information, see <a 1695 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaCloudWatch.html">Supported 1696 * CloudWatch Metrics</a>.</p> <p>Both PCA and the IAM principal must have 1697 * permission to write to the S3 bucket that you specify. If the IAM principal 1698 * making the call does not have permission to write to the bucket, then an 1699 * exception is thrown. For more information, see <a 1700 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html">Configure 1701 * Access to ACM Private CA</a>.</p> <p>ACM Private CA also writes 1702 * revocation information to the audit report. For more information, see <a 1703 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreateCertificateAuthorityAuditReport.html">CreateCertificateAuthorityAuditReport</a>.</p> 1704 * <p>You cannot revoke a root CA self-signed certificate.</p> 1705 * <p><h3>See Also:</h3> <a 1706 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/RevokeCertificate">AWS 1707 * API Reference</a></p> 1708 * 1709 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1710 */ 1711 virtual void RevokeCertificateAsync(const Model::RevokeCertificateRequest& request, const RevokeCertificateResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1712 1713 /** 1714 * <p>Adds one or more tags to your private CA. Tags are labels that you can use to 1715 * identify and organize your AWS resources. Each tag consists of a key and an 1716 * optional value. You specify the private CA on input by its Amazon Resource Name 1717 * (ARN). You specify the tag by using a key-value pair. You can apply a tag to 1718 * just one private CA if you want to identify a specific characteristic of that 1719 * CA, or you can apply the same tag to multiple private CAs if you want to filter 1720 * for a common relationship among those CAs. To remove one or more tags, use the 1721 * <a 1722 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html">UntagCertificateAuthority</a> 1723 * action. Call the <a 1724 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html">ListTags</a> 1725 * action to see what tags are associated with your CA. </p><p><h3>See Also:</h3> 1726 * <a 1727 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/TagCertificateAuthority">AWS 1728 * API Reference</a></p> 1729 */ 1730 virtual Model::TagCertificateAuthorityOutcome TagCertificateAuthority(const Model::TagCertificateAuthorityRequest& request) const; 1731 1732 /** 1733 * <p>Adds one or more tags to your private CA. Tags are labels that you can use to 1734 * identify and organize your AWS resources. Each tag consists of a key and an 1735 * optional value. You specify the private CA on input by its Amazon Resource Name 1736 * (ARN). You specify the tag by using a key-value pair. You can apply a tag to 1737 * just one private CA if you want to identify a specific characteristic of that 1738 * CA, or you can apply the same tag to multiple private CAs if you want to filter 1739 * for a common relationship among those CAs. To remove one or more tags, use the 1740 * <a 1741 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html">UntagCertificateAuthority</a> 1742 * action. Call the <a 1743 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html">ListTags</a> 1744 * action to see what tags are associated with your CA. </p><p><h3>See Also:</h3> 1745 * <a 1746 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/TagCertificateAuthority">AWS 1747 * API Reference</a></p> 1748 * 1749 * returns a future to the operation so that it can be executed in parallel to other requests. 1750 */ 1751 virtual Model::TagCertificateAuthorityOutcomeCallable TagCertificateAuthorityCallable(const Model::TagCertificateAuthorityRequest& request) const; 1752 1753 /** 1754 * <p>Adds one or more tags to your private CA. Tags are labels that you can use to 1755 * identify and organize your AWS resources. Each tag consists of a key and an 1756 * optional value. You specify the private CA on input by its Amazon Resource Name 1757 * (ARN). You specify the tag by using a key-value pair. You can apply a tag to 1758 * just one private CA if you want to identify a specific characteristic of that 1759 * CA, or you can apply the same tag to multiple private CAs if you want to filter 1760 * for a common relationship among those CAs. To remove one or more tags, use the 1761 * <a 1762 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_UntagCertificateAuthority.html">UntagCertificateAuthority</a> 1763 * action. Call the <a 1764 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html">ListTags</a> 1765 * action to see what tags are associated with your CA. </p><p><h3>See Also:</h3> 1766 * <a 1767 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/TagCertificateAuthority">AWS 1768 * API Reference</a></p> 1769 * 1770 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1771 */ 1772 virtual void TagCertificateAuthorityAsync(const Model::TagCertificateAuthorityRequest& request, const TagCertificateAuthorityResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1773 1774 /** 1775 * <p>Remove one or more tags from your private CA. A tag consists of a key-value 1776 * pair. If you do not specify the value portion of the tag when calling this 1777 * action, the tag will be removed regardless of value. If you specify a value, the 1778 * tag is removed only if it is associated with the specified value. To add tags to 1779 * a private CA, use the <a 1780 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html">TagCertificateAuthority</a>. 1781 * Call the <a 1782 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html">ListTags</a> 1783 * action to see what tags are associated with your CA. </p><p><h3>See Also:</h3> 1784 * <a 1785 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UntagCertificateAuthority">AWS 1786 * API Reference</a></p> 1787 */ 1788 virtual Model::UntagCertificateAuthorityOutcome UntagCertificateAuthority(const Model::UntagCertificateAuthorityRequest& request) const; 1789 1790 /** 1791 * <p>Remove one or more tags from your private CA. A tag consists of a key-value 1792 * pair. If you do not specify the value portion of the tag when calling this 1793 * action, the tag will be removed regardless of value. If you specify a value, the 1794 * tag is removed only if it is associated with the specified value. To add tags to 1795 * a private CA, use the <a 1796 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html">TagCertificateAuthority</a>. 1797 * Call the <a 1798 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html">ListTags</a> 1799 * action to see what tags are associated with your CA. </p><p><h3>See Also:</h3> 1800 * <a 1801 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UntagCertificateAuthority">AWS 1802 * API Reference</a></p> 1803 * 1804 * returns a future to the operation so that it can be executed in parallel to other requests. 1805 */ 1806 virtual Model::UntagCertificateAuthorityOutcomeCallable UntagCertificateAuthorityCallable(const Model::UntagCertificateAuthorityRequest& request) const; 1807 1808 /** 1809 * <p>Remove one or more tags from your private CA. A tag consists of a key-value 1810 * pair. If you do not specify the value portion of the tag when calling this 1811 * action, the tag will be removed regardless of value. If you specify a value, the 1812 * tag is removed only if it is associated with the specified value. To add tags to 1813 * a private CA, use the <a 1814 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_TagCertificateAuthority.html">TagCertificateAuthority</a>. 1815 * Call the <a 1816 * href="https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListTags.html">ListTags</a> 1817 * action to see what tags are associated with your CA. </p><p><h3>See Also:</h3> 1818 * <a 1819 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UntagCertificateAuthority">AWS 1820 * API Reference</a></p> 1821 * 1822 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1823 */ 1824 virtual void UntagCertificateAuthorityAsync(const Model::UntagCertificateAuthorityRequest& request, const UntagCertificateAuthorityResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1825 1826 /** 1827 * <p>Updates the status or configuration of a private certificate authority (CA). 1828 * Your private CA must be in the <code>ACTIVE</code> or <code>DISABLED</code> 1829 * state before you can update it. You can disable a private CA that is in the 1830 * <code>ACTIVE</code> state or make a CA that is in the <code>DISABLED</code> 1831 * state active again.</p> <p>Both PCA and the IAM principal must have 1832 * permission to write to the S3 bucket that you specify. If the IAM principal 1833 * making the call does not have permission to write to the bucket, then an 1834 * exception is thrown. For more information, see <a 1835 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html">Configure 1836 * Access to ACM Private CA</a>.</p> <p><h3>See Also:</h3> <a 1837 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UpdateCertificateAuthority">AWS 1838 * API Reference</a></p> 1839 */ 1840 virtual Model::UpdateCertificateAuthorityOutcome UpdateCertificateAuthority(const Model::UpdateCertificateAuthorityRequest& request) const; 1841 1842 /** 1843 * <p>Updates the status or configuration of a private certificate authority (CA). 1844 * Your private CA must be in the <code>ACTIVE</code> or <code>DISABLED</code> 1845 * state before you can update it. You can disable a private CA that is in the 1846 * <code>ACTIVE</code> state or make a CA that is in the <code>DISABLED</code> 1847 * state active again.</p> <p>Both PCA and the IAM principal must have 1848 * permission to write to the S3 bucket that you specify. If the IAM principal 1849 * making the call does not have permission to write to the bucket, then an 1850 * exception is thrown. For more information, see <a 1851 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html">Configure 1852 * Access to ACM Private CA</a>.</p> <p><h3>See Also:</h3> <a 1853 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UpdateCertificateAuthority">AWS 1854 * API Reference</a></p> 1855 * 1856 * returns a future to the operation so that it can be executed in parallel to other requests. 1857 */ 1858 virtual Model::UpdateCertificateAuthorityOutcomeCallable UpdateCertificateAuthorityCallable(const Model::UpdateCertificateAuthorityRequest& request) const; 1859 1860 /** 1861 * <p>Updates the status or configuration of a private certificate authority (CA). 1862 * Your private CA must be in the <code>ACTIVE</code> or <code>DISABLED</code> 1863 * state before you can update it. You can disable a private CA that is in the 1864 * <code>ACTIVE</code> state or make a CA that is in the <code>DISABLED</code> 1865 * state active again.</p> <p>Both PCA and the IAM principal must have 1866 * permission to write to the S3 bucket that you specify. If the IAM principal 1867 * making the call does not have permission to write to the bucket, then an 1868 * exception is thrown. For more information, see <a 1869 * href="https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaAuthAccess.html">Configure 1870 * Access to ACM Private CA</a>.</p> <p><h3>See Also:</h3> <a 1871 * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/UpdateCertificateAuthority">AWS 1872 * API Reference</a></p> 1873 * 1874 * Queues the request into a thread executor and triggers associated callback when operation has finished. 1875 */ 1876 virtual void UpdateCertificateAuthorityAsync(const Model::UpdateCertificateAuthorityRequest& request, const UpdateCertificateAuthorityResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const; 1877 1878 1879 void OverrideEndpoint(const Aws::String& endpoint); 1880 private: 1881 void init(const Aws::Client::ClientConfiguration& clientConfiguration); 1882 void CreateCertificateAuthorityAsyncHelper(const Model::CreateCertificateAuthorityRequest& request, const CreateCertificateAuthorityResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1883 void CreateCertificateAuthorityAuditReportAsyncHelper(const Model::CreateCertificateAuthorityAuditReportRequest& request, const CreateCertificateAuthorityAuditReportResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1884 void CreatePermissionAsyncHelper(const Model::CreatePermissionRequest& request, const CreatePermissionResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1885 void DeleteCertificateAuthorityAsyncHelper(const Model::DeleteCertificateAuthorityRequest& request, const DeleteCertificateAuthorityResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1886 void DeletePermissionAsyncHelper(const Model::DeletePermissionRequest& request, const DeletePermissionResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1887 void DeletePolicyAsyncHelper(const Model::DeletePolicyRequest& request, const DeletePolicyResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1888 void DescribeCertificateAuthorityAsyncHelper(const Model::DescribeCertificateAuthorityRequest& request, const DescribeCertificateAuthorityResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1889 void DescribeCertificateAuthorityAuditReportAsyncHelper(const Model::DescribeCertificateAuthorityAuditReportRequest& request, const DescribeCertificateAuthorityAuditReportResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1890 void GetCertificateAsyncHelper(const Model::GetCertificateRequest& request, const GetCertificateResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1891 void GetCertificateAuthorityCertificateAsyncHelper(const Model::GetCertificateAuthorityCertificateRequest& request, const GetCertificateAuthorityCertificateResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1892 void GetCertificateAuthorityCsrAsyncHelper(const Model::GetCertificateAuthorityCsrRequest& request, const GetCertificateAuthorityCsrResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1893 void GetPolicyAsyncHelper(const Model::GetPolicyRequest& request, const GetPolicyResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1894 void ImportCertificateAuthorityCertificateAsyncHelper(const Model::ImportCertificateAuthorityCertificateRequest& request, const ImportCertificateAuthorityCertificateResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1895 void IssueCertificateAsyncHelper(const Model::IssueCertificateRequest& request, const IssueCertificateResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1896 void ListCertificateAuthoritiesAsyncHelper(const Model::ListCertificateAuthoritiesRequest& request, const ListCertificateAuthoritiesResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1897 void ListPermissionsAsyncHelper(const Model::ListPermissionsRequest& request, const ListPermissionsResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1898 void ListTagsAsyncHelper(const Model::ListTagsRequest& request, const ListTagsResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1899 void PutPolicyAsyncHelper(const Model::PutPolicyRequest& request, const PutPolicyResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1900 void RestoreCertificateAuthorityAsyncHelper(const Model::RestoreCertificateAuthorityRequest& request, const RestoreCertificateAuthorityResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1901 void RevokeCertificateAsyncHelper(const Model::RevokeCertificateRequest& request, const RevokeCertificateResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1902 void TagCertificateAuthorityAsyncHelper(const Model::TagCertificateAuthorityRequest& request, const TagCertificateAuthorityResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1903 void UntagCertificateAuthorityAsyncHelper(const Model::UntagCertificateAuthorityRequest& request, const UntagCertificateAuthorityResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1904 void UpdateCertificateAuthorityAsyncHelper(const Model::UpdateCertificateAuthorityRequest& request, const UpdateCertificateAuthorityResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context) const; 1905 1906 Aws::String m_uri; 1907 Aws::String m_configScheme; 1908 std::shared_ptr<Aws::Utils::Threading::Executor> m_executor; 1909 }; 1910 1911 } // namespace ACMPCA 1912 } // namespace Aws 1913