* Note: Do not directly implement this interface, new methods are added to it regularly. Extend from * {@link com.amazonaws.services.certificatemanager.AbstractAWSCertificateManager} instead. *
*
*
* You can use Certificate Manager (ACM) to manage SSL/TLS certificates for your Amazon Web Services-based websites and * applications. For more information about using ACM, see the Certificate Manager User Guide. *
*/ @Generated("com.amazonaws:aws-java-sdk-code-generator") public interface AWSCertificateManager { /** * The region metadata service name for computing region endpoints. You can use this value to retrieve metadata * (such as supported regions) of the service. * * @see RegionUtils#getRegionsForService(String) */ String ENDPOINT_PREFIX = "acm"; /** * Overrides the default endpoint for this client ("https://acm.us-east-1.amazonaws.com"). Callers can use this * method to control which AWS region they want to work with. ** Callers can pass in just the endpoint (ex: "acm.us-east-1.amazonaws.com") or a full URL, including the protocol * (ex: "https://acm.us-east-1.amazonaws.com"). If the protocol is not specified here, the default protocol from * this client's {@link ClientConfiguration} will be used, which by default is HTTPS. *
* For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available * endpoints for all AWS services, see: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-region-selection.html#region-selection- * choose-endpoint *
* This method is not threadsafe. An endpoint should be configured when the client is created and before any * service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in * transit or retrying. * * @param endpoint * The endpoint (ex: "acm.us-east-1.amazonaws.com") or a full URL, including the protocol (ex: * "https://acm.us-east-1.amazonaws.com") of the region specific AWS endpoint this client will communicate * with. * @deprecated use {@link AwsClientBuilder#setEndpointConfiguration(AwsClientBuilder.EndpointConfiguration)} for * example: * {@code builder.setEndpointConfiguration(new EndpointConfiguration(endpoint, signingRegion));} */ @Deprecated void setEndpoint(String endpoint); /** * An alternative to {@link AWSCertificateManager#setEndpoint(String)}, sets the regional endpoint for this client's * service calls. Callers can use this method to control which AWS region they want to work with. *
* By default, all service endpoints in all regions use the https protocol. To use http instead, specify it in the * {@link ClientConfiguration} supplied at construction. *
* This method is not threadsafe. A region should be configured when the client is created and before any service * requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit * or retrying. * * @param region * The region this client will communicate with. See {@link Region#getRegion(com.amazonaws.regions.Regions)} * for accessing a given region. Must not be null and must be a region where the service is available. * * @see Region#getRegion(com.amazonaws.regions.Regions) * @see Region#createClient(Class, com.amazonaws.auth.AWSCredentialsProvider, ClientConfiguration) * @see Region#isServiceSupported(String) * @deprecated use {@link AwsClientBuilder#setRegion(String)} */ @Deprecated void setRegion(Region region); /** *
* Adds one or more tags to an ACM certificate. Tags are labels that you can use to identify and organize your
* Amazon Web Services resources. Each tag consists of a key and an optional value. You
* specify the certificate on input by its Amazon Resource Name (ARN). You specify the tag by using a key-value
* pair.
*
* You can apply a tag to just one certificate if you want to identify a specific characteristic of that * certificate, or you can apply the same tag to multiple certificates if you want to filter for a common * relationship among those certificates. Similarly, you can apply the same tag to multiple resources if you want to * specify a relationship among those resources. For example, you can add the same tag to an ACM certificate and an * Elastic Load Balancing load balancer to indicate that they are both used by the same website. For more * information, see Tagging ACM * certificates. *
** To remove one or more tags, use the RemoveTagsFromCertificate action. To view all of the tags that have * been applied to the certificate, use the ListTagsForCertificate action. *
* * @param addTagsToCertificateRequest * @return Result of the AddTagsToCertificate operation returned by the service. * @throws ResourceNotFoundException * The specified certificate cannot be found in the caller's account or the caller's account cannot be * found. * @throws InvalidArnException * The requested Amazon Resource Name (ARN) does not refer to an existing resource. * @throws InvalidTagException * One or both of the values that make up the key-value pair is not valid. For example, you cannot specify a * tag value that begins withaws:.
* @throws TooManyTagsException
* The request contains too many tags. Try the request again with fewer tags.
* @throws TagPolicyException
* A specified tag did not comply with an existing tag policy and was rejected.
* @throws InvalidParameterException
* An input parameter was invalid.
* @throws ThrottlingException
* The request was denied because it exceeded a quota.
* @sample AWSCertificateManager.AddTagsToCertificate
* @see AWS API
* Documentation
*/
AddTagsToCertificateResult addTagsToCertificate(AddTagsToCertificateRequest addTagsToCertificateRequest);
/**
* * Deletes a certificate and its associated private key. If this action succeeds, the certificate no longer appears * in the list that can be displayed by calling the ListCertificates action or be retrieved by calling the * GetCertificate action. The certificate will not be available for use by Amazon Web Services services * integrated with ACM. *
** You cannot delete an ACM certificate that is being used by another Amazon Web Services service. To delete a * certificate that is in use, the certificate association must first be removed. *
** Returns detailed metadata about the specified ACM certificate. *
*
* If you have just created a certificate using the RequestCertificate action, there is a delay of
* several seconds before you can retrieve information about it.
*
* Exports a private certificate issued by a private certificate authority (CA) for use anywhere. The exported file * contains the certificate, the certificate chain, and the encrypted private 2048-bit RSA key associated with the * public key that is embedded in the certificate. For security, you must assign a passphrase for the private key * when exporting it. *
** For information about exporting and formatting a certificate using the ACM console or CLI, see Export a Private * Certificate. *
* * @param exportCertificateRequest * @return Result of the ExportCertificate operation returned by the service. * @throws ResourceNotFoundException * The specified certificate cannot be found in the caller's account or the caller's account cannot be * found. * @throws RequestInProgressException * The certificate request is in process and the certificate in your account has not yet been issued. * @throws InvalidArnException * The requested Amazon Resource Name (ARN) does not refer to an existing resource. * @sample AWSCertificateManager.ExportCertificate * @see AWS API * Documentation */ ExportCertificateResult exportCertificate(ExportCertificateRequest exportCertificateRequest); /** ** Returns the account configuration options associated with an Amazon Web Services account. *
* * @param getAccountConfigurationRequest * @return Result of the GetAccountConfiguration operation returned by the service. * @throws AccessDeniedException * You do not have access required to perform this action. * @throws ThrottlingException * The request was denied because it exceeded a quota. * @sample AWSCertificateManager.GetAccountConfiguration * @see AWS * API Documentation */ GetAccountConfigurationResult getAccountConfiguration(GetAccountConfigurationRequest getAccountConfigurationRequest); /** ** Retrieves an Amazon-issued certificate and its certificate chain. The chain consists of the certificate of the * issuing CA and the intermediate certificates of any other subordinate CAs. All of the certificates are base64 * encoded. You can use OpenSSL to decode * the certificates and inspect individual fields. *
* * @param getCertificateRequest * @return Result of the GetCertificate operation returned by the service. * @throws ResourceNotFoundException * The specified certificate cannot be found in the caller's account or the caller's account cannot be * found. * @throws RequestInProgressException * The certificate request is in process and the certificate in your account has not yet been issued. * @throws InvalidArnException * The requested Amazon Resource Name (ARN) does not refer to an existing resource. * @sample AWSCertificateManager.GetCertificate * @see AWS API * Documentation */ GetCertificateResult getCertificate(GetCertificateRequest getCertificateRequest); /** ** Imports a certificate into Certificate Manager (ACM) to use with services that are integrated with ACM. Note that * integrated services allow only * certificate types and keys they support to be associated with their resources. Further, their support differs * depending on whether the certificate is imported into IAM or into ACM. For more information, see the * documentation for each service. For more information about importing certificates into ACM, see Importing Certificates in the * Certificate Manager User Guide. *
** ACM does not provide managed * renewal for certificates that you import. *
** Note the following guidelines when importing third party certificates: *
** You must enter the private key that matches the certificate you are importing. *
** The private key must be unencrypted. You cannot import a private key that is protected by a password or a * passphrase. *
** The private key must be no larger than 5 KB (5,120 bytes). *
** If the certificate you are importing is not self-signed, you must enter its certificate chain. *
** If a certificate chain is included, the issuer must be the subject of one of the certificates in the chain. *
** The certificate, private key, and certificate chain must be PEM-encoded. *
*
* The current time must be between the Not Before and Not After certificate fields.
*
* The Issuer field must not be empty.
*
* The OCSP authority URL, if present, must not exceed 1000 characters. *
*
* To import a new certificate, omit the CertificateArn argument. Include this argument only when you
* want to replace a previously imported certificate.
*
* When you import a certificate by using the CLI, you must specify the certificate, the certificate chain, and the
* private key by their file names preceded by fileb://. For example, you can specify a certificate
* saved in the C:\temp folder as fileb://C:\temp\certificate_to_import.pem. If you are
* making an HTTP or HTTPS Query request, include these arguments as BLOBs.
*
* When you import a certificate by using an SDK, you must specify the certificate, the certificate chain, and the * private key files in the manner required by the programming language you're using. *
** The cryptographic algorithm of an imported certificate must match the algorithm of the signing CA. For example, * if the signing CA key type is RSA, then the certificate key type must also be RSA. *
** This operation returns the Amazon Resource Name (ARN) * of the imported certificate. *
* * @param importCertificateRequest * @return Result of the ImportCertificate operation returned by the service. * @throws ResourceNotFoundException * The specified certificate cannot be found in the caller's account or the caller's account cannot be * found. * @throws LimitExceededException * An ACM quota has been exceeded. * @throws InvalidTagException * One or both of the values that make up the key-value pair is not valid. For example, you cannot specify a * tag value that begins withaws:.
* @throws TooManyTagsException
* The request contains too many tags. Try the request again with fewer tags.
* @throws TagPolicyException
* A specified tag did not comply with an existing tag policy and was rejected.
* @throws InvalidParameterException
* An input parameter was invalid.
* @throws InvalidArnException
* The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* @sample AWSCertificateManager.ImportCertificate
* @see AWS API
* Documentation
*/
ImportCertificateResult importCertificate(ImportCertificateRequest importCertificateRequest);
/**
*
* Retrieves a list of certificate ARNs and domain names. You can request that only certificates that match a
* specific status be listed. You can also filter by specific attributes of the certificate. Default filtering
* returns only RSA_2048 certificates. For more information, see Filters.
*
* Lists the tags that have been applied to the ACM certificate. Use the certificate's Amazon Resource Name (ARN) to * specify the certificate. To add a tag to an ACM certificate, use the AddTagsToCertificate action. To * delete a tag, use the RemoveTagsFromCertificate action. *
* * @param listTagsForCertificateRequest * @return Result of the ListTagsForCertificate operation returned by the service. * @throws ResourceNotFoundException * The specified certificate cannot be found in the caller's account or the caller's account cannot be * found. * @throws InvalidArnException * The requested Amazon Resource Name (ARN) does not refer to an existing resource. * @sample AWSCertificateManager.ListTagsForCertificate * @see AWS API * Documentation */ ListTagsForCertificateResult listTagsForCertificate(ListTagsForCertificateRequest listTagsForCertificateRequest); /** ** Adds or modifies account-level configurations in ACM. *
*
* The supported configuration option is DaysBeforeExpiry. This option specifies the number of days
* prior to certificate expiration when ACM starts generating EventBridge events. ACM sends one event
* per day per certificate until the certificate expires. By default, accounts receive events starting 45 days
* before certificate expiration.
*
* Remove one or more tags from an ACM certificate. A tag consists of a key-value pair. If you do not specify the * value portion of the tag when calling this function, the tag will be removed regardless of value. If you specify * a value, the tag is removed only if it is associated with the specified value. *
** To add tags to a certificate, use the AddTagsToCertificate action. To view all of the tags that have been * applied to a specific ACM certificate, use the ListTagsForCertificate action. *
* * @param removeTagsFromCertificateRequest * @return Result of the RemoveTagsFromCertificate operation returned by the service. * @throws ResourceNotFoundException * The specified certificate cannot be found in the caller's account or the caller's account cannot be * found. * @throws InvalidArnException * The requested Amazon Resource Name (ARN) does not refer to an existing resource. * @throws InvalidTagException * One or both of the values that make up the key-value pair is not valid. For example, you cannot specify a * tag value that begins withaws:.
* @throws TagPolicyException
* A specified tag did not comply with an existing tag policy and was rejected.
* @throws InvalidParameterException
* An input parameter was invalid.
* @throws ThrottlingException
* The request was denied because it exceeded a quota.
* @sample AWSCertificateManager.RemoveTagsFromCertificate
* @see AWS
* API Documentation
*/
RemoveTagsFromCertificateResult removeTagsFromCertificate(RemoveTagsFromCertificateRequest removeTagsFromCertificateRequest);
/**
* * Renews an eligible ACM certificate. At this time, only exported private certificates can be renewed with this * operation. In order to renew your Amazon Web Services Private CA certificates with ACM, you must first grant the ACM service principal * permission to do so. For more information, see Testing Managed Renewal in the * ACM User Guide. *
* * @param renewCertificateRequest * @return Result of the RenewCertificate operation returned by the service. * @throws ResourceNotFoundException * The specified certificate cannot be found in the caller's account or the caller's account cannot be * found. * @throws InvalidArnException * The requested Amazon Resource Name (ARN) does not refer to an existing resource. * @sample AWSCertificateManager.RenewCertificate * @see AWS API * Documentation */ RenewCertificateResult renewCertificate(RenewCertificateRequest renewCertificateRequest); /** *
* Requests an ACM certificate for use with other Amazon Web Services services. To request an ACM certificate, you
* must specify a fully qualified domain name (FQDN) in the DomainName parameter. You can also specify
* additional FQDNs in the SubjectAlternativeNames parameter.
*
* If you are requesting a private certificate, domain validation is not required. If you are requesting a public * certificate, each domain name that you specify must be validated to verify that you own or control the domain. * You can use DNS * validation or email * validation. We recommend that you use DNS validation. ACM issues public certificates after receiving approval * from the domain owner. *
** ACM behavior differs from the RFC 6125 * specification of the certificate validation process. ACM first checks for a Subject Alternative Name, and, if it * finds one, ignores the common name (CN). *
*
* After successful completion of the RequestCertificate action, there is a delay of several seconds
* before you can retrieve information about the new certificate.
*
aws:.
* @throws TooManyTagsException
* The request contains too many tags. Try the request again with fewer tags.
* @throws TagPolicyException
* A specified tag did not comply with an existing tag policy and was rejected.
* @throws InvalidParameterException
* An input parameter was invalid.
* @sample AWSCertificateManager.RequestCertificate
* @see AWS API
* Documentation
*/
RequestCertificateResult requestCertificate(RequestCertificateRequest requestCertificateRequest);
/**
* * Resends the email that requests domain ownership validation. The domain owner or an authorized representative * must approve the ACM certificate before it can be issued. The certificate can be approved by clicking a link in * the mail to navigate to the Amazon certificate approval website and then clicking I Approve. However, the * validation email can be blocked by spam filters. Therefore, if you do not receive the original mail, you can * request that the mail be resent within 72 hours of requesting the ACM certificate. If more than 72 hours have * elapsed since your original request or since your last attempt to resend validation mail, you must request a new * certificate. For more information about setting up your contact email addresses, see Configure Email for your Domain. *
* * @param resendValidationEmailRequest * @return Result of the ResendValidationEmail operation returned by the service. * @throws ResourceNotFoundException * The specified certificate cannot be found in the caller's account or the caller's account cannot be * found. * @throws InvalidStateException * Processing has reached an invalid state. * @throws InvalidArnException * The requested Amazon Resource Name (ARN) does not refer to an existing resource. * @throws InvalidDomainValidationOptionsException * One or more values in the DomainValidationOption structure is incorrect. * @sample AWSCertificateManager.ResendValidationEmail * @see AWS API * Documentation */ ResendValidationEmailResult resendValidationEmail(ResendValidationEmailRequest resendValidationEmailRequest); /** ** Updates a certificate. Currently, you can use this function to specify whether to opt in to or out of recording * your certificate in a certificate transparency log. For more information, see * Opting Out of Certificate Transparency Logging. *
* * @param updateCertificateOptionsRequest * @return Result of the UpdateCertificateOptions operation returned by the service. * @throws ResourceNotFoundException * The specified certificate cannot be found in the caller's account or the caller's account cannot be * found. * @throws LimitExceededException * An ACM quota has been exceeded. * @throws InvalidStateException * Processing has reached an invalid state. * @throws InvalidArnException * The requested Amazon Resource Name (ARN) does not refer to an existing resource. * @sample AWSCertificateManager.UpdateCertificateOptions * @see AWS * API Documentation */ UpdateCertificateOptionsResult updateCertificateOptions(UpdateCertificateOptionsRequest updateCertificateOptionsRequest); /** * Shuts down this client object, releasing any resources that might be held open. This is an optional method, and * callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client * has been shutdown, it should not be used to make any more requests. */ void shutdown(); /** * Returns additional metadata for a previously executed successful request, typically used for debugging issues * where a service isn't acting as expected. This data isn't considered part of the result data returned by an * operation, so it's available through this separate, diagnostic interface. ** Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic * information for an executed request, you should use this method to retrieve it as soon as possible after * executing a request. * * @param request * The originally executed request. * * @return The response metadata for the specified request, or null if none is available. */ ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request); AWSCertificateManagerWaiters waiters(); }