com.amazonaws.services.certificatemanager.AWSCertificateManager Maven / Gradle / Ivy
/*
* Copyright 2018-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.certificatemanager;
import javax.annotation.Generated;
import com.amazonaws.*;
import com.amazonaws.regions.*;
import com.amazonaws.services.certificatemanager.model.*;
import com.amazonaws.services.certificatemanager.waiters.AWSCertificateManagerWaiters;
/**
* Interface for accessing ACM.
*
* Note: Do not directly implement this interface, new methods are added to it regularly. Extend from
* {@link com.amazonaws.services.certificatemanager.AbstractAWSCertificateManager} instead.
*
*
* Certificate Manager
*
* You can use Certificate Manager (ACM) to manage SSL/TLS certificates for your Amazon Web Services-based websites and
* applications. For more information about using ACM, see the Certificate Manager User Guide.
*
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public interface AWSCertificateManager {
/**
* The region metadata service name for computing region endpoints. You can use this value to retrieve metadata
* (such as supported regions) of the service.
*
* @see RegionUtils#getRegionsForService(String)
*/
String ENDPOINT_PREFIX = "acm";
/**
* Overrides the default endpoint for this client ("https://acm.us-east-1.amazonaws.com"). Callers can use this
* method to control which AWS region they want to work with.
*
* Callers can pass in just the endpoint (ex: "acm.us-east-1.amazonaws.com") or a full URL, including the protocol
* (ex: "https://acm.us-east-1.amazonaws.com"). If the protocol is not specified here, the default protocol from
* this client's {@link ClientConfiguration} will be used, which by default is HTTPS.
*
* For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available
* endpoints for all AWS services, see: https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/java-dg-region-selection.html#region-selection-
* choose-endpoint
*
* This method is not threadsafe. An endpoint should be configured when the client is created and before any
* service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in
* transit or retrying.
*
* @param endpoint
* The endpoint (ex: "acm.us-east-1.amazonaws.com") or a full URL, including the protocol (ex:
* "https://acm.us-east-1.amazonaws.com") of the region specific AWS endpoint this client will communicate
* with.
* @deprecated use {@link AwsClientBuilder#setEndpointConfiguration(AwsClientBuilder.EndpointConfiguration)} for
* example:
* {@code builder.setEndpointConfiguration(new EndpointConfiguration(endpoint, signingRegion));}
*/
@Deprecated
void setEndpoint(String endpoint);
/**
* An alternative to {@link AWSCertificateManager#setEndpoint(String)}, sets the regional endpoint for this client's
* service calls. Callers can use this method to control which AWS region they want to work with.
*
* By default, all service endpoints in all regions use the https protocol. To use http instead, specify it in the
* {@link ClientConfiguration} supplied at construction.
*
* This method is not threadsafe. A region should be configured when the client is created and before any service
* requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit
* or retrying.
*
* @param region
* The region this client will communicate with. See {@link Region#getRegion(com.amazonaws.regions.Regions)}
* for accessing a given region. Must not be null and must be a region where the service is available.
*
* @see Region#getRegion(com.amazonaws.regions.Regions)
* @see Region#createClient(Class, com.amazonaws.auth.AWSCredentialsProvider, ClientConfiguration)
* @see Region#isServiceSupported(String)
* @deprecated use {@link AwsClientBuilder#setRegion(String)}
*/
@Deprecated
void setRegion(Region region);
/**
*
* Adds one or more tags to an ACM certificate. Tags are labels that you can use to identify and organize your
* Amazon Web Services resources. Each tag consists of a key and an optional value. You
* specify the certificate on input by its Amazon Resource Name (ARN). You specify the tag by using a key-value
* pair.
*
*
* You can apply a tag to just one certificate if you want to identify a specific characteristic of that
* certificate, or you can apply the same tag to multiple certificates if you want to filter for a common
* relationship among those certificates. Similarly, you can apply the same tag to multiple resources if you want to
* specify a relationship among those resources. For example, you can add the same tag to an ACM certificate and an
* Elastic Load Balancing load balancer to indicate that they are both used by the same website. For more
* information, see Tagging ACM
* certificates.
*
*
* To remove one or more tags, use the RemoveTagsFromCertificate action. To view all of the tags that have
* been applied to the certificate, use the ListTagsForCertificate action.
*
*
* @param addTagsToCertificateRequest
* @return Result of the AddTagsToCertificate operation returned by the service.
* @throws ResourceNotFoundException
* The specified certificate cannot be found in the caller's account or the caller's account cannot be
* found.
* @throws InvalidArnException
* The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* @throws InvalidTagException
* One or both of the values that make up the key-value pair is not valid. For example, you cannot specify a
* tag value that begins with aws:.
* @throws TooManyTagsException
* The request contains too many tags. Try the request again with fewer tags.
* @throws TagPolicyException
* A specified tag did not comply with an existing tag policy and was rejected.
* @throws InvalidParameterException
* An input parameter was invalid.
* @throws ThrottlingException
* The request was denied because it exceeded a quota.
* @sample AWSCertificateManager.AddTagsToCertificate
* @see AWS API
* Documentation
*/
AddTagsToCertificateResult addTagsToCertificate(AddTagsToCertificateRequest addTagsToCertificateRequest);
/**
*
* Deletes a certificate and its associated private key. If this action succeeds, the certificate no longer appears
* in the list that can be displayed by calling the ListCertificates action or be retrieved by calling the
* GetCertificate action. The certificate will not be available for use by Amazon Web Services services
* integrated with ACM.
*
*
*
* You cannot delete an ACM certificate that is being used by another Amazon Web Services service. To delete a
* certificate that is in use, the certificate association must first be removed.
*
*
*
* @param deleteCertificateRequest
* @return Result of the DeleteCertificate operation returned by the service.
* @throws ResourceNotFoundException
* The specified certificate cannot be found in the caller's account or the caller's account cannot be
* found.
* @throws ResourceInUseException
* The certificate is in use by another Amazon Web Services service in the caller's account. Remove the
* association and try again.
* @throws AccessDeniedException
* You do not have access required to perform this action.
* @throws ThrottlingException
* The request was denied because it exceeded a quota.
* @throws ConflictException
* You are trying to update a resource or configuration that is already being created or updated. Wait for
* the previous operation to finish and try again.
* @throws InvalidArnException
* The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* @sample AWSCertificateManager.DeleteCertificate
* @see AWS API
* Documentation
*/
DeleteCertificateResult deleteCertificate(DeleteCertificateRequest deleteCertificateRequest);
/**
*
* Returns detailed metadata about the specified ACM certificate.
*
*
* If you have just created a certificate using the RequestCertificate action, there is a delay of
* several seconds before you can retrieve information about it.
*
*
* @param describeCertificateRequest
* @return Result of the DescribeCertificate operation returned by the service.
* @throws ResourceNotFoundException
* The specified certificate cannot be found in the caller's account or the caller's account cannot be
* found.
* @throws InvalidArnException
* The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* @sample AWSCertificateManager.DescribeCertificate
* @see AWS API
* Documentation
*/
DescribeCertificateResult describeCertificate(DescribeCertificateRequest describeCertificateRequest);
/**
*
* Exports a private certificate issued by a private certificate authority (CA) for use anywhere. The exported file
* contains the certificate, the certificate chain, and the encrypted private 2048-bit RSA key associated with the
* public key that is embedded in the certificate. For security, you must assign a passphrase for the private key
* when exporting it.
*
*
* For information about exporting and formatting a certificate using the ACM console or CLI, see Export a Private
* Certificate.
*
*
* @param exportCertificateRequest
* @return Result of the ExportCertificate operation returned by the service.
* @throws ResourceNotFoundException
* The specified certificate cannot be found in the caller's account or the caller's account cannot be
* found.
* @throws RequestInProgressException
* The certificate request is in process and the certificate in your account has not yet been issued.
* @throws InvalidArnException
* The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* @sample AWSCertificateManager.ExportCertificate
* @see AWS API
* Documentation
*/
ExportCertificateResult exportCertificate(ExportCertificateRequest exportCertificateRequest);
/**
*
* Returns the account configuration options associated with an Amazon Web Services account.
*
*
* @param getAccountConfigurationRequest
* @return Result of the GetAccountConfiguration operation returned by the service.
* @throws AccessDeniedException
* You do not have access required to perform this action.
* @throws ThrottlingException
* The request was denied because it exceeded a quota.
* @sample AWSCertificateManager.GetAccountConfiguration
* @see AWS
* API Documentation
*/
GetAccountConfigurationResult getAccountConfiguration(GetAccountConfigurationRequest getAccountConfigurationRequest);
/**
*
* Retrieves an Amazon-issued certificate and its certificate chain. The chain consists of the certificate of the
* issuing CA and the intermediate certificates of any other subordinate CAs. All of the certificates are base64
* encoded. You can use OpenSSL to decode
* the certificates and inspect individual fields.
*
*
* @param getCertificateRequest
* @return Result of the GetCertificate operation returned by the service.
* @throws ResourceNotFoundException
* The specified certificate cannot be found in the caller's account or the caller's account cannot be
* found.
* @throws RequestInProgressException
* The certificate request is in process and the certificate in your account has not yet been issued.
* @throws InvalidArnException
* The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* @sample AWSCertificateManager.GetCertificate
* @see AWS API
* Documentation
*/
GetCertificateResult getCertificate(GetCertificateRequest getCertificateRequest);
/**
*
* Imports a certificate into Certificate Manager (ACM) to use with services that are integrated with ACM. Note that
* integrated services allow only
* certificate types and keys they support to be associated with their resources. Further, their support differs
* depending on whether the certificate is imported into IAM or into ACM. For more information, see the
* documentation for each service. For more information about importing certificates into ACM, see Importing Certificates in the
* Certificate Manager User Guide.
*
*
*
* ACM does not provide managed
* renewal for certificates that you import.
*
*
*
* Note the following guidelines when importing third party certificates:
*
*
* -
*
* You must enter the private key that matches the certificate you are importing.
*
*
* -
*
* The private key must be unencrypted. You cannot import a private key that is protected by a password or a
* passphrase.
*
*
* -
*
* The private key must be no larger than 5 KB (5,120 bytes).
*
*
* -
*
* If the certificate you are importing is not self-signed, you must enter its certificate chain.
*
*
* -
*
* If a certificate chain is included, the issuer must be the subject of one of the certificates in the chain.
*
*
* -
*
* The certificate, private key, and certificate chain must be PEM-encoded.
*
*
* -
*
* The current time must be between the Not Before and Not After certificate fields.
*
*
* -
*
* The Issuer field must not be empty.
*
*
* -
*
* The OCSP authority URL, if present, must not exceed 1000 characters.
*
*
* -
*
* To import a new certificate, omit the CertificateArn argument. Include this argument only when you
* want to replace a previously imported certificate.
*
*
* -
*
* When you import a certificate by using the CLI, you must specify the certificate, the certificate chain, and the
* private key by their file names preceded by fileb://. For example, you can specify a certificate
* saved in the C:\temp folder as fileb://C:\temp\certificate_to_import.pem. If you are
* making an HTTP or HTTPS Query request, include these arguments as BLOBs.
*
*
* -
*
* When you import a certificate by using an SDK, you must specify the certificate, the certificate chain, and the
* private key files in the manner required by the programming language you're using.
*
*
* -
*
* The cryptographic algorithm of an imported certificate must match the algorithm of the signing CA. For example,
* if the signing CA key type is RSA, then the certificate key type must also be RSA.
*
*
*
*
* This operation returns the Amazon Resource Name (ARN)
* of the imported certificate.
*
*
* @param importCertificateRequest
* @return Result of the ImportCertificate operation returned by the service.
* @throws ResourceNotFoundException
* The specified certificate cannot be found in the caller's account or the caller's account cannot be
* found.
* @throws LimitExceededException
* An ACM quota has been exceeded.
* @throws InvalidTagException
* One or both of the values that make up the key-value pair is not valid. For example, you cannot specify a
* tag value that begins with aws:.
* @throws TooManyTagsException
* The request contains too many tags. Try the request again with fewer tags.
* @throws TagPolicyException
* A specified tag did not comply with an existing tag policy and was rejected.
* @throws InvalidParameterException
* An input parameter was invalid.
* @throws InvalidArnException
* The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* @sample AWSCertificateManager.ImportCertificate
* @see AWS API
* Documentation
*/
ImportCertificateResult importCertificate(ImportCertificateRequest importCertificateRequest);
/**
*
* Retrieves a list of certificate ARNs and domain names. You can request that only certificates that match a
* specific status be listed. You can also filter by specific attributes of the certificate. Default filtering
* returns only RSA_2048 certificates. For more information, see Filters.
*
*
* @param listCertificatesRequest
* @return Result of the ListCertificates operation returned by the service.
* @throws InvalidArgsException
* One or more of of request parameters specified is not valid.
* @throws ValidationException
* The supplied input failed to satisfy constraints of an Amazon Web Services service.
* @sample AWSCertificateManager.ListCertificates
* @see AWS API
* Documentation
*/
ListCertificatesResult listCertificates(ListCertificatesRequest listCertificatesRequest);
/**
*
* Lists the tags that have been applied to the ACM certificate. Use the certificate's Amazon Resource Name (ARN) to
* specify the certificate. To add a tag to an ACM certificate, use the AddTagsToCertificate action. To
* delete a tag, use the RemoveTagsFromCertificate action.
*
*
* @param listTagsForCertificateRequest
* @return Result of the ListTagsForCertificate operation returned by the service.
* @throws ResourceNotFoundException
* The specified certificate cannot be found in the caller's account or the caller's account cannot be
* found.
* @throws InvalidArnException
* The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* @sample AWSCertificateManager.ListTagsForCertificate
* @see AWS API
* Documentation
*/
ListTagsForCertificateResult listTagsForCertificate(ListTagsForCertificateRequest listTagsForCertificateRequest);
/**
*
* Adds or modifies account-level configurations in ACM.
*
*
* The supported configuration option is DaysBeforeExpiry. This option specifies the number of days
* prior to certificate expiration when ACM starts generating EventBridge events. ACM sends one event
* per day per certificate until the certificate expires. By default, accounts receive events starting 45 days
* before certificate expiration.
*
*
* @param putAccountConfigurationRequest
* @return Result of the PutAccountConfiguration operation returned by the service.
* @throws ValidationException
* The supplied input failed to satisfy constraints of an Amazon Web Services service.
* @throws ThrottlingException
* The request was denied because it exceeded a quota.
* @throws AccessDeniedException
* You do not have access required to perform this action.
* @throws ConflictException
* You are trying to update a resource or configuration that is already being created or updated. Wait for
* the previous operation to finish and try again.
* @sample AWSCertificateManager.PutAccountConfiguration
* @see AWS
* API Documentation
*/
PutAccountConfigurationResult putAccountConfiguration(PutAccountConfigurationRequest putAccountConfigurationRequest);
/**
*
* Remove one or more tags from an ACM certificate. A tag consists of a key-value pair. If you do not specify the
* value portion of the tag when calling this function, the tag will be removed regardless of value. If you specify
* a value, the tag is removed only if it is associated with the specified value.
*
*
* To add tags to a certificate, use the AddTagsToCertificate action. To view all of the tags that have been
* applied to a specific ACM certificate, use the ListTagsForCertificate action.
*
*
* @param removeTagsFromCertificateRequest
* @return Result of the RemoveTagsFromCertificate operation returned by the service.
* @throws ResourceNotFoundException
* The specified certificate cannot be found in the caller's account or the caller's account cannot be
* found.
* @throws InvalidArnException
* The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* @throws InvalidTagException
* One or both of the values that make up the key-value pair is not valid. For example, you cannot specify a
* tag value that begins with aws:.
* @throws TagPolicyException
* A specified tag did not comply with an existing tag policy and was rejected.
* @throws InvalidParameterException
* An input parameter was invalid.
* @throws ThrottlingException
* The request was denied because it exceeded a quota.
* @sample AWSCertificateManager.RemoveTagsFromCertificate
* @see AWS
* API Documentation
*/
RemoveTagsFromCertificateResult removeTagsFromCertificate(RemoveTagsFromCertificateRequest removeTagsFromCertificateRequest);
/**
*
* Renews an eligible ACM certificate. At this time, only exported private certificates can be renewed with this
* operation. In order to renew your Amazon Web Services Private CA certificates with ACM, you must first grant the ACM service principal
* permission to do so. For more information, see Testing Managed Renewal in the
* ACM User Guide.
*
*
* @param renewCertificateRequest
* @return Result of the RenewCertificate operation returned by the service.
* @throws ResourceNotFoundException
* The specified certificate cannot be found in the caller's account or the caller's account cannot be
* found.
* @throws InvalidArnException
* The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* @sample AWSCertificateManager.RenewCertificate
* @see AWS API
* Documentation
*/
RenewCertificateResult renewCertificate(RenewCertificateRequest renewCertificateRequest);
/**
*
* Requests an ACM certificate for use with other Amazon Web Services services. To request an ACM certificate, you
* must specify a fully qualified domain name (FQDN) in the DomainName parameter. You can also specify
* additional FQDNs in the SubjectAlternativeNames parameter.
*
*
* If you are requesting a private certificate, domain validation is not required. If you are requesting a public
* certificate, each domain name that you specify must be validated to verify that you own or control the domain.
* You can use DNS
* validation or email
* validation. We recommend that you use DNS validation. ACM issues public certificates after receiving approval
* from the domain owner.
*
*
*
* ACM behavior differs from the RFC 6125
* specification of the certificate validation process. ACM first checks for a Subject Alternative Name, and, if it
* finds one, ignores the common name (CN).
*
*
*
* After successful completion of the RequestCertificate action, there is a delay of several seconds
* before you can retrieve information about the new certificate.
*
*
* @param requestCertificateRequest
* @return Result of the RequestCertificate operation returned by the service.
* @throws LimitExceededException
* An ACM quota has been exceeded.
* @throws InvalidDomainValidationOptionsException
* One or more values in the DomainValidationOption structure is incorrect.
* @throws InvalidArnException
* The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* @throws InvalidTagException
* One or both of the values that make up the key-value pair is not valid. For example, you cannot specify a
* tag value that begins with aws:.
* @throws TooManyTagsException
* The request contains too many tags. Try the request again with fewer tags.
* @throws TagPolicyException
* A specified tag did not comply with an existing tag policy and was rejected.
* @throws InvalidParameterException
* An input parameter was invalid.
* @sample AWSCertificateManager.RequestCertificate
* @see AWS API
* Documentation
*/
RequestCertificateResult requestCertificate(RequestCertificateRequest requestCertificateRequest);
/**
*
* Resends the email that requests domain ownership validation. The domain owner or an authorized representative
* must approve the ACM certificate before it can be issued. The certificate can be approved by clicking a link in
* the mail to navigate to the Amazon certificate approval website and then clicking I Approve. However, the
* validation email can be blocked by spam filters. Therefore, if you do not receive the original mail, you can
* request that the mail be resent within 72 hours of requesting the ACM certificate. If more than 72 hours have
* elapsed since your original request or since your last attempt to resend validation mail, you must request a new
* certificate. For more information about setting up your contact email addresses, see Configure Email for your Domain.
*
*
* @param resendValidationEmailRequest
* @return Result of the ResendValidationEmail operation returned by the service.
* @throws ResourceNotFoundException
* The specified certificate cannot be found in the caller's account or the caller's account cannot be
* found.
* @throws InvalidStateException
* Processing has reached an invalid state.
* @throws InvalidArnException
* The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* @throws InvalidDomainValidationOptionsException
* One or more values in the DomainValidationOption structure is incorrect.
* @sample AWSCertificateManager.ResendValidationEmail
* @see AWS API
* Documentation
*/
ResendValidationEmailResult resendValidationEmail(ResendValidationEmailRequest resendValidationEmailRequest);
/**
*
* Updates a certificate. Currently, you can use this function to specify whether to opt in to or out of recording
* your certificate in a certificate transparency log. For more information, see
* Opting Out of Certificate Transparency Logging.
*
*
* @param updateCertificateOptionsRequest
* @return Result of the UpdateCertificateOptions operation returned by the service.
* @throws ResourceNotFoundException
* The specified certificate cannot be found in the caller's account or the caller's account cannot be
* found.
* @throws LimitExceededException
* An ACM quota has been exceeded.
* @throws InvalidStateException
* Processing has reached an invalid state.
* @throws InvalidArnException
* The requested Amazon Resource Name (ARN) does not refer to an existing resource.
* @sample AWSCertificateManager.UpdateCertificateOptions
* @see AWS
* API Documentation
*/
UpdateCertificateOptionsResult updateCertificateOptions(UpdateCertificateOptionsRequest updateCertificateOptionsRequest);
/**
* Shuts down this client object, releasing any resources that might be held open. This is an optional method, and
* callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client
* has been shutdown, it should not be used to make any more requests.
*/
void shutdown();
/**
* Returns additional metadata for a previously executed successful request, typically used for debugging issues
* where a service isn't acting as expected. This data isn't considered part of the result data returned by an
* operation, so it's available through this separate, diagnostic interface.
*
* Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic
* information for an executed request, you should use this method to retrieve it as soon as possible after
* executing a request.
*
* @param request
* The originally executed request.
*
* @return The response metadata for the specified request, or null if none is available.
*/
ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request);
AWSCertificateManagerWaiters waiters();
}