This release adds support for IPv6-only instance plans.

AWS Private CA now supports an option to omit the CDP extension from issued certificates, when CRL revocation is enabled.

Author: aws-sdk-cpp-automation

VERSION

@@ -1 +1 @@
-1.11.250
+1.11.251

generated/src/aws-cpp-sdk-acm-pca/include/aws/acm-pca/model/CrlConfiguration.h

@@ -7,6 +7,7 @@
 #include <aws/acm-pca/ACMPCA_EXPORTS.h>
 #include <aws/core/utils/memory/stl/AWSString.h>
 #include <aws/acm-pca/model/S3ObjectAcl.h>
+#include <aws/acm-pca/model/CrlDistributionPointExtensionConfiguration.h>
 #include <utility>
 
 namespace Aws
@@ -31,9 +32,11 @@ namespace Model
    * the <b>Enabled</b> parameter to <code>true</code>. Your private CA writes CRLs
    * to an S3 bucket that you specify in the <b>S3BucketName</b> parameter. You can
    * hide the name of your bucket by specifying a value for the <b>CustomCname</b>
-   * parameter. Your private CA copies the CNAME or the S3 bucket name to the <b>CRL
-   * Distribution Points</b> extension of each certificate it issues. Your S3 bucket
-   * policy must give write permission to Amazon Web Services Private CA. </p>
+   * parameter. Your private CA by default copies the CNAME or the S3 bucket name to
+   * the <b>CRL Distribution Points</b> extension of each certificate it issues. If
+   * you want to configure this default behavior to be something different, you can
+   * set the <b>CrlDistributionPointExtensionConfiguration</b> parameter. Your S3
+   * bucket policy must give write permission to Amazon Web Services Private CA. </p>
    * <p>Amazon Web Services Private CA assets that are stored in Amazon S3 can be
    * protected with encryption. For more information, see <a
    * href="https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption">Encrypting
@@ -476,6 +479,55 @@ namespace Model
      */
     inline CrlConfiguration& WithS3ObjectAcl(S3ObjectAcl&& value) { SetS3ObjectAcl(std::move(value)); return *this;}
 
+
+    /**
+     * <p>Configures the behavior of the CRL Distribution Point extension for
+     * certificates issued by your certificate authority. If this field is not
+     * provided, then the CRl Distribution Point Extension will be present and contain
+     * the default CRL URL.</p>
+     */
+    inline const CrlDistributionPointExtensionConfiguration& GetCrlDistributionPointExtensionConfiguration() const{ return m_crlDistributionPointExtensionConfiguration; }
+
+    /**
+     * <p>Configures the behavior of the CRL Distribution Point extension for
+     * certificates issued by your certificate authority. If this field is not
+     * provided, then the CRl Distribution Point Extension will be present and contain
+     * the default CRL URL.</p>
+     */
+    inline bool CrlDistributionPointExtensionConfigurationHasBeenSet() const { return m_crlDistributionPointExtensionConfigurationHasBeenSet; }
+
+    /**
+     * <p>Configures the behavior of the CRL Distribution Point extension for
+     * certificates issued by your certificate authority. If this field is not
+     * provided, then the CRl Distribution Point Extension will be present and contain
+     * the default CRL URL.</p>
+     */
+    inline void SetCrlDistributionPointExtensionConfiguration(const CrlDistributionPointExtensionConfiguration& value) { m_crlDistributionPointExtensionConfigurationHasBeenSet = true; m_crlDistributionPointExtensionConfiguration = value; }
+
+    /**
+     * <p>Configures the behavior of the CRL Distribution Point extension for
+     * certificates issued by your certificate authority. If this field is not
+     * provided, then the CRl Distribution Point Extension will be present and contain
+     * the default CRL URL.</p>
+     */
+    inline void SetCrlDistributionPointExtensionConfiguration(CrlDistributionPointExtensionConfiguration&& value) { m_crlDistributionPointExtensionConfigurationHasBeenSet = true; m_crlDistributionPointExtensionConfiguration = std::move(value); }
+
+    /**
+     * <p>Configures the behavior of the CRL Distribution Point extension for
+     * certificates issued by your certificate authority. If this field is not
+     * provided, then the CRl Distribution Point Extension will be present and contain
+     * the default CRL URL.</p>
+     */
+    inline CrlConfiguration& WithCrlDistributionPointExtensionConfiguration(const CrlDistributionPointExtensionConfiguration& value) { SetCrlDistributionPointExtensionConfiguration(value); return *this;}
+
+    /**
+     * <p>Configures the behavior of the CRL Distribution Point extension for
+     * certificates issued by your certificate authority. If this field is not
+     * provided, then the CRl Distribution Point Extension will be present and contain
+     * the default CRL URL.</p>
+     */
+    inline CrlConfiguration& WithCrlDistributionPointExtensionConfiguration(CrlDistributionPointExtensionConfiguration&& value) { SetCrlDistributionPointExtensionConfiguration(std::move(value)); return *this;}
+
   private:
 
     bool m_enabled;
@@ -492,6 +544,9 @@ namespace Model
 
     S3ObjectAcl m_s3ObjectAcl;
     bool m_s3ObjectAclHasBeenSet = false;
+
+    CrlDistributionPointExtensionConfiguration m_crlDistributionPointExtensionConfiguration;
+    bool m_crlDistributionPointExtensionConfigurationHasBeenSet = false;
   };
 
 } // namespace Model

generated/src/aws-cpp-sdk-acm-pca/include/aws/acm-pca/model/CrlDistributionPointExtensionConfiguration.h

@@ -0,0 +1,99 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+#pragma once
+#include <aws/acm-pca/ACMPCA_EXPORTS.h>
+
+namespace Aws
+{
+namespace Utils
+{
+namespace Json
+{
+  class JsonValue;
+  class JsonView;
+} // namespace Json
+} // namespace Utils
+namespace ACMPCA
+{
+namespace Model
+{
+
+  /**
+   * <p>Contains configuration information for the default behavior of the CRL
+   * Distribution Point (CDP) extension in certificates issued by your CA. This
+   * extension contains a link to download the CRL, so you can check whether a
+   * certificate has been revoked. To choose whether you want this extension omitted
+   * or not in certificates issued by your CA, you can set the <b>OmitExtension</b>
+   * parameter.</p><p><h3>See Also:</h3>   <a
+   * href="http://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/CrlDistributionPointExtensionConfiguration">AWS
+   * API Reference</a></p>
+   */
+  class CrlDistributionPointExtensionConfiguration
+  {
+  public:
+    AWS_ACMPCA_API CrlDistributionPointExtensionConfiguration();
+    AWS_ACMPCA_API CrlDistributionPointExtensionConfiguration(Aws::Utils::Json::JsonView jsonValue);
+    AWS_ACMPCA_API CrlDistributionPointExtensionConfiguration& operator=(Aws::Utils::Json::JsonView jsonValue);
+    AWS_ACMPCA_API Aws::Utils::Json::JsonValue Jsonize() const;
+
+
+    /**
+     * <p>Configures whether the CRL Distribution Point extension should be populated
+     * with the default URL to the CRL. If set to <code>true</code>, then the CDP
+     * extension will not be present in any certificates issued by that CA unless
+     * otherwise specified through CSR or API passthrough.</p>  <p>Only set this
+     * if you have another way to distribute the CRL Distribution Points ffor
+     * certificates issued by your CA, such as the Matter Distributed Compliance
+     * Ledger</p> <p>This configuration cannot be enabled with a custom CNAME set.</p>
+     * 
+     */
+    inline bool GetOmitExtension() const{ return m_omitExtension; }
+
+    /**
+     * <p>Configures whether the CRL Distribution Point extension should be populated
+     * with the default URL to the CRL. If set to <code>true</code>, then the CDP
+     * extension will not be present in any certificates issued by that CA unless
+     * otherwise specified through CSR or API passthrough.</p>  <p>Only set this
+     * if you have another way to distribute the CRL Distribution Points ffor
+     * certificates issued by your CA, such as the Matter Distributed Compliance
+     * Ledger</p> <p>This configuration cannot be enabled with a custom CNAME set.</p>
+     * 
+     */
+    inline bool OmitExtensionHasBeenSet() const { return m_omitExtensionHasBeenSet; }
+
+    /**
+     * <p>Configures whether the CRL Distribution Point extension should be populated
+     * with the default URL to the CRL. If set to <code>true</code>, then the CDP
+     * extension will not be present in any certificates issued by that CA unless
+     * otherwise specified through CSR or API passthrough.</p>  <p>Only set this
+     * if you have another way to distribute the CRL Distribution Points ffor
+     * certificates issued by your CA, such as the Matter Distributed Compliance
+     * Ledger</p> <p>This configuration cannot be enabled with a custom CNAME set.</p>
+     * 
+     */
+    inline void SetOmitExtension(bool value) { m_omitExtensionHasBeenSet = true; m_omitExtension = value; }
+
+    /**
+     * <p>Configures whether the CRL Distribution Point extension should be populated
+     * with the default URL to the CRL. If set to <code>true</code>, then the CDP
+     * extension will not be present in any certificates issued by that CA unless
+     * otherwise specified through CSR or API passthrough.</p>  <p>Only set this
+     * if you have another way to distribute the CRL Distribution Points ffor
+     * certificates issued by your CA, such as the Matter Distributed Compliance
+     * Ledger</p> <p>This configuration cannot be enabled with a custom CNAME set.</p>
+     * 
+     */
+    inline CrlDistributionPointExtensionConfiguration& WithOmitExtension(bool value) { SetOmitExtension(value); return *this;}
+
+  private:
+
+    bool m_omitExtension;
+    bool m_omitExtensionHasBeenSet = false;
+  };
+
+} // namespace Model
+} // namespace ACMPCA
+} // namespace Aws

generated/src/aws-cpp-sdk-acm-pca/include/aws/acm-pca/model/ListCertificateAuthoritiesRequest.h

@@ -97,7 +97,8 @@ namespace Model
      * items to return in the response on each page. If additional items exist beyond
      * the number you specify, the <code>NextToken</code> element is sent in the
      * response. Use this <code>NextToken</code> value in a subsequent request to
-     * retrieve additional items.</p>
+     * retrieve additional items.</p> <p>Although the maximum value is 1000, the action
+     * only returns a maximum of 100 items.</p>
      */
     inline int GetMaxResults() const{ return m_maxResults; }
 
@@ -106,7 +107,8 @@ namespace Model
      * items to return in the response on each page. If additional items exist beyond
      * the number you specify, the <code>NextToken</code> element is sent in the
      * response. Use this <code>NextToken</code> value in a subsequent request to
-     * retrieve additional items.</p>
+     * retrieve additional items.</p> <p>Although the maximum value is 1000, the action
+     * only returns a maximum of 100 items.</p>
      */
     inline bool MaxResultsHasBeenSet() const { return m_maxResultsHasBeenSet; }
 
@@ -115,7 +117,8 @@ namespace Model
      * items to return in the response on each page. If additional items exist beyond
      * the number you specify, the <code>NextToken</code> element is sent in the
      * response. Use this <code>NextToken</code> value in a subsequent request to
-     * retrieve additional items.</p>
+     * retrieve additional items.</p> <p>Although the maximum value is 1000, the action
+     * only returns a maximum of 100 items.</p>
      */
     inline void SetMaxResults(int value) { m_maxResultsHasBeenSet = true; m_maxResults = value; }
 
@@ -124,7 +127,8 @@ namespace Model
      * items to return in the response on each page. If additional items exist beyond
      * the number you specify, the <code>NextToken</code> element is sent in the
      * response. Use this <code>NextToken</code> value in a subsequent request to
-     * retrieve additional items.</p>
+     * retrieve additional items.</p> <p>Although the maximum value is 1000, the action
+     * only returns a maximum of 100 items.</p>
      */
     inline ListCertificateAuthoritiesRequest& WithMaxResults(int value) { SetMaxResults(value); return *this;}