// Code generated by smithy-go-codegen DO NOT EDIT. package types import ( smithydocument "github.com/aws/smithy-go/document" "time" ) // Contains metadata about an ACM certificate. This structure is returned in the // response to a DescribeCertificate request. type CertificateDetail struct { // The Amazon Resource Name (ARN) of the certificate. For more information about // ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // in the Amazon Web Services General Reference. CertificateArn *string // The Amazon Resource Name (ARN) of the private certificate authority (CA) that // issued the certificate. This has the following format: // arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 CertificateAuthorityArn *string // The time at which the certificate was requested. CreatedAt *time.Time // The fully qualified domain name for the certificate, such as www.example.com or // example.com. DomainName *string // Contains information about the initial validation of each domain name that // occurs as a result of the RequestCertificate request. This field exists only // when the certificate type is AMAZON_ISSUED . DomainValidationOptions []DomainValidation // Contains a list of Extended Key Usage X.509 v3 extension objects. Each object // specifies a purpose for which the certificate public key can be used and // consists of a name and an object identifier (OID). ExtendedKeyUsages []ExtendedKeyUsage // The reason the certificate request failed. This value exists only when the // certificate status is FAILED . For more information, see Certificate Request // Failed (https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting.html#troubleshooting-failed) // in the Certificate Manager User Guide. FailureReason FailureReason // The date and time when the certificate was imported. This value exists only // when the certificate type is IMPORTED . ImportedAt *time.Time // A list of ARNs for the Amazon Web Services resources that are using the // certificate. A certificate can be used by multiple Amazon Web Services // resources. InUseBy []string // The time at which the certificate was issued. This value exists only when the // certificate type is AMAZON_ISSUED . IssuedAt *time.Time // The name of the certificate authority that issued and signed the certificate. Issuer *string // The algorithm that was used to generate the public-private key pair. KeyAlgorithm KeyAlgorithm // A list of Key Usage X.509 v3 extension objects. Each object is a string value // that identifies the purpose of the public key contained in the certificate. // Possible extension values include DIGITAL_SIGNATURE, KEY_ENCHIPHERMENT, // NON_REPUDIATION, and more. KeyUsages []KeyUsage // The time after which the certificate is not valid. NotAfter *time.Time // The time before which the certificate is not valid. NotBefore *time.Time // Value that specifies whether to add the certificate to a transparency log. // Certificate transparency makes it possible to detect SSL certificates that have // been mistakenly or maliciously issued. A browser might respond to certificate // that has not been logged by showing an error message. The logs are // cryptographically secure. Options *CertificateOptions // Specifies whether the certificate is eligible for renewal. At this time, only // exported private certificates can be renewed with the RenewCertificate command. RenewalEligibility RenewalEligibility // Contains information about the status of ACM's managed renewal (https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html) // for the certificate. This field exists only when the certificate type is // AMAZON_ISSUED . RenewalSummary *RenewalSummary // The reason the certificate was revoked. This value exists only when the // certificate status is REVOKED . RevocationReason RevocationReason // The time at which the certificate was revoked. This value exists only when the // certificate status is REVOKED . RevokedAt *time.Time // The serial number of the certificate. Serial *string // The algorithm that was used to sign the certificate. SignatureAlgorithm *string // The status of the certificate. A certificate enters status PENDING_VALIDATION // upon being requested, unless it fails for any of the reasons given in the // troubleshooting topic Certificate request fails (https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-failed.html) // . ACM makes repeated attempts to validate a certificate for 72 hours and then // times out. If a certificate shows status FAILED or VALIDATION_TIMED_OUT, delete // the request, correct the issue with DNS validation (https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html) // or Email validation (https://docs.aws.amazon.com/acm/latest/userguide/email-validation.html) // , and try again. If validation succeeds, the certificate enters status ISSUED. Status CertificateStatus // The name of the entity that is associated with the public key contained in the // certificate. Subject *string // One or more domain names (subject alternative names) included in the // certificate. This list contains the domain names that are bound to the public // key that is contained in the certificate. The subject alternative names include // the canonical domain name (CN) of the certificate and additional domain names // that can be used to connect to the website. SubjectAlternativeNames []string // The source of the certificate. For certificates provided by ACM, this value is // AMAZON_ISSUED . For certificates that you imported with ImportCertificate , this // value is IMPORTED . ACM does not provide managed renewal (https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html) // for imported certificates. For more information about the differences between // certificates that you import and those that ACM provides, see Importing // Certificates (https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) // in the Certificate Manager User Guide. Type CertificateType noSmithyDocumentSerde } // Structure that contains options for your certificate. Currently, you can use // this only to specify whether to opt in to or out of certificate transparency // logging. Some browsers require that public certificates issued for your domain // be recorded in a log. Certificates that are not logged typically generate a // browser error. Transparency makes it possible for you to detect SSL/TLS // certificates that have been mistakenly or maliciously issued for your domain. // For general information, see Certificate Transparency Logging (https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency) // . type CertificateOptions struct { // You can opt out of certificate transparency logging by specifying the DISABLED // option. Opt in by specifying ENABLED . CertificateTransparencyLoggingPreference CertificateTransparencyLoggingPreference noSmithyDocumentSerde } // This structure is returned in the response object of ListCertificates action. type CertificateSummary struct { // Amazon Resource Name (ARN) of the certificate. This is of the form: // arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012 // For more information about ARNs, see Amazon Resource Names (ARNs) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // . CertificateArn *string // The time at which the certificate was requested. CreatedAt *time.Time // Fully qualified domain name (FQDN), such as www.example.com or example.com, for // the certificate. DomainName *string // Indicates whether the certificate has been exported. This value exists only // when the certificate type is PRIVATE . Exported *bool // Contains a list of Extended Key Usage X.509 v3 extension objects. Each object // specifies a purpose for which the certificate public key can be used and // consists of a name and an object identifier (OID). ExtendedKeyUsages []ExtendedKeyUsageName // When called by ListCertificates (https://docs.aws.amazon.com/acm/latestAPIReference/API_ListCertificates.html) // , indicates whether the full list of subject alternative names has been included // in the response. If false, the response includes all of the subject alternative // names included in the certificate. If true, the response only includes the first // 100 subject alternative names included in the certificate. To display the full // list of subject alternative names, use DescribeCertificate (https://docs.aws.amazon.com/acm/latestAPIReference/API_DescribeCertificate.html) // . HasAdditionalSubjectAlternativeNames *bool // The date and time when the certificate was imported. This value exists only // when the certificate type is IMPORTED . ImportedAt *time.Time // Indicates whether the certificate is currently in use by any Amazon Web // Services resources. InUse *bool // The time at which the certificate was issued. This value exists only when the // certificate type is AMAZON_ISSUED . IssuedAt *time.Time // The algorithm that was used to generate the public-private key pair. KeyAlgorithm KeyAlgorithm // A list of Key Usage X.509 v3 extension objects. Each object is a string value // that identifies the purpose of the public key contained in the certificate. // Possible extension values include DIGITAL_SIGNATURE, KEY_ENCHIPHERMENT, // NON_REPUDIATION, and more. KeyUsages []KeyUsageName // The time after which the certificate is not valid. NotAfter *time.Time // The time before which the certificate is not valid. NotBefore *time.Time // Specifies whether the certificate is eligible for renewal. At this time, only // exported private certificates can be renewed with the RenewCertificate command. RenewalEligibility RenewalEligibility // The time at which the certificate was revoked. This value exists only when the // certificate status is REVOKED . RevokedAt *time.Time // The status of the certificate. A certificate enters status PENDING_VALIDATION // upon being requested, unless it fails for any of the reasons given in the // troubleshooting topic Certificate request fails (https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-failed.html) // . ACM makes repeated attempts to validate a certificate for 72 hours and then // times out. If a certificate shows status FAILED or VALIDATION_TIMED_OUT, delete // the request, correct the issue with DNS validation (https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html) // or Email validation (https://docs.aws.amazon.com/acm/latest/userguide/email-validation.html) // , and try again. If validation succeeds, the certificate enters status ISSUED. Status CertificateStatus // One or more domain names (subject alternative names) included in the // certificate. This list contains the domain names that are bound to the public // key that is contained in the certificate. The subject alternative names include // the canonical domain name (CN) of the certificate and additional domain names // that can be used to connect to the website. When called by ListCertificates (https://docs.aws.amazon.com/acm/latestAPIReference/API_ListCertificates.html) // , this parameter will only return the first 100 subject alternative names // included in the certificate. To display the full list of subject alternative // names, use DescribeCertificate (https://docs.aws.amazon.com/acm/latestAPIReference/API_DescribeCertificate.html) // . SubjectAlternativeNameSummaries []string // The source of the certificate. For certificates provided by ACM, this value is // AMAZON_ISSUED . For certificates that you imported with ImportCertificate , this // value is IMPORTED . ACM does not provide managed renewal (https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html) // for imported certificates. For more information about the differences between // certificates that you import and those that ACM provides, see Importing // Certificates (https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) // in the Certificate Manager User Guide. Type CertificateType noSmithyDocumentSerde } // Contains information about the validation of each domain name in the // certificate. type DomainValidation struct { // A fully qualified domain name (FQDN) in the certificate. For example, // www.example.com or example.com . // // This member is required. DomainName *string // Contains the CNAME record that you add to your DNS database for domain // validation. For more information, see Use DNS to Validate Domain Ownership (https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html) // . Note: The CNAME information that you need does not include the name of your // domain. If you include
 your domain name in the DNS database CNAME record, // validation fails.
 For example, if the name is // "_a79865eb4cd1a6ab990a45779b4e0b96.yourdomain.com", only // "_a79865eb4cd1a6ab990a45779b4e0b96" must be used. ResourceRecord *ResourceRecord // The domain name that ACM used to send domain validation emails. ValidationDomain *string // A list of email addresses that ACM used to send domain validation emails. ValidationEmails []string // Specifies the domain validation method. ValidationMethod ValidationMethod // The validation status of the domain name. This can be one of the following // values: // - PENDING_VALIDATION // - SUCCESS // - FAILED ValidationStatus DomainStatus noSmithyDocumentSerde } // Contains information about the domain names that you want ACM to use to send // you emails that enable you to validate domain ownership. type DomainValidationOption struct { // A fully qualified domain name (FQDN) in the certificate request. // // This member is required. DomainName *string // The domain name that you want ACM to use to send you validation emails. This // domain name is the suffix of the email addresses that you want ACM to use. This // must be the same as the DomainName value or a superdomain of the DomainName // value. For example, if you request a certificate for testing.example.com , you // can specify example.com for this value. In that case, ACM sends domain // validation emails to the following five addresses: // - admin@example.com // - administrator@example.com // - hostmaster@example.com // - postmaster@example.com // - webmaster@example.com // // This member is required. ValidationDomain *string noSmithyDocumentSerde } // Object containing expiration events options associated with an Amazon Web // Services account. type ExpiryEventsConfiguration struct { // Specifies the number of days prior to certificate expiration when ACM starts // generating EventBridge events. ACM sends one event per day per certificate // until the certificate expires. By default, accounts receive events starting 45 // days before certificate expiration. DaysBeforeExpiry *int32 noSmithyDocumentSerde } // The Extended Key Usage X.509 v3 extension defines one or more purposes for // which the public key can be used. This is in addition to or in place of the // basic purposes specified by the Key Usage extension. type ExtendedKeyUsage struct { // The name of an Extended Key Usage value. Name ExtendedKeyUsageName // An object identifier (OID) for the extension value. OIDs are strings of numbers // separated by periods. The following OIDs are defined in RFC 3280 and RFC 5280. // - 1.3.6.1.5.5.7.3.1 (TLS_WEB_SERVER_AUTHENTICATION) // - 1.3.6.1.5.5.7.3.2 (TLS_WEB_CLIENT_AUTHENTICATION) // - 1.3.6.1.5.5.7.3.3 (CODE_SIGNING) // - 1.3.6.1.5.5.7.3.4 (EMAIL_PROTECTION) // - 1.3.6.1.5.5.7.3.8 (TIME_STAMPING) // - 1.3.6.1.5.5.7.3.9 (OCSP_SIGNING) // - 1.3.6.1.5.5.7.3.5 (IPSEC_END_SYSTEM) // - 1.3.6.1.5.5.7.3.6 (IPSEC_TUNNEL) // - 1.3.6.1.5.5.7.3.7 (IPSEC_USER) OID *string noSmithyDocumentSerde } // This structure can be used in the ListCertificates action to filter the output // of the certificate list. type Filters struct { // Specify one or more ExtendedKeyUsage extension values. ExtendedKeyUsage []ExtendedKeyUsageName // Specify one or more algorithms that can be used to generate key pairs. Default // filtering returns only RSA_1024 and RSA_2048 certificates that have at least // one domain. To return other certificate types, provide the desired type // signatures in a comma-separated list. For example, "keyTypes": // ["RSA_2048","RSA_4096"] returns both RSA_2048 and RSA_4096 certificates. KeyTypes []KeyAlgorithm // Specify one or more KeyUsage extension values. KeyUsage []KeyUsageName noSmithyDocumentSerde } // The Key Usage X.509 v3 extension defines the purpose of the public key // contained in the certificate. type KeyUsage struct { // A string value that contains a Key Usage extension name. Name KeyUsageName noSmithyDocumentSerde } // Contains information about the status of ACM's managed renewal (https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html) // for the certificate. This structure exists only when the certificate type is // AMAZON_ISSUED . type RenewalSummary struct { // Contains information about the validation of each domain name in the // certificate, as it pertains to ACM's managed renewal (https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html) // . This is different from the initial validation that occurs as a result of the // RequestCertificate request. This field exists only when the certificate type is // AMAZON_ISSUED . // // This member is required. DomainValidationOptions []DomainValidation // The status of ACM's managed renewal (https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html) // of the certificate. // // This member is required. RenewalStatus RenewalStatus // The time at which the renewal summary was last updated. // // This member is required. UpdatedAt *time.Time // The reason that a renewal request was unsuccessful. RenewalStatusReason FailureReason noSmithyDocumentSerde } // Contains a DNS record value that you can use to validate ownership or control // of a domain. This is used by the DescribeCertificate action. type ResourceRecord struct { // The name of the DNS record to create in your domain. This is supplied by ACM. // // This member is required. Name *string // The type of DNS record. Currently this can be CNAME . // // This member is required. Type RecordType // The value of the CNAME record to add to your DNS database. This is supplied by // ACM. // // This member is required. Value *string noSmithyDocumentSerde } // A key-value pair that identifies or specifies metadata about an ACM resource. type Tag struct { // The key of the tag. // // This member is required. Key *string // The value of the tag. Value *string noSmithyDocumentSerde } type noSmithyDocumentSerde = smithydocument.NoSerde