# This file is automatically generated by botocraft. Do not edit directly.
# mypy: disable-error-code="index, override, assignment, union-attr, misc"
from pydantic import Field
from .abstract import (
Boto3Model,
ReadonlyBoto3Model,
PrimaryBoto3Model,
ReadonlyPrimaryBoto3Model,
Boto3ModelManager,
ReadonlyBoto3ModelManager,
)
from typing import ClassVar, Literal, Any, cast
from botocraft.mixins.acm import certificates_only
from .abstract import PrimaryBoto3ModelQuerySet
from botocraft.mixins.tags import TagsDictMixin
from datetime import datetime
import builtins
from botocraft.services.common import Tag
from botocraft.mixins.acm import add_certificate_tags
# ===============
# Managers
# ===============
[docs]class ACMCertificateManager(Boto3ModelManager):
service_name: str = "acm"
[docs] def import_certificate(
self,
Certificate: bytes,
PrivateKey: bytes,
*,
CertificateArn: "str | None" = None,
CertificateChain: "bytes | None" = None,
Tags: "builtins.list[Tag] | None" = None,
) -> str:
"""
Imports a certificate into Certificate Manager (ACM) to use with services that are integrated with ACM. Note that
`integrated services <https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html>`_ allow only certificate types
and keys they support to be associated with their resources. Further, their support differs depending on whether the
certificate is imported into IAM or into ACM. For more information, see the documentation for each service. For more
information about importing certificates into ACM, see `Importing
Certificates <https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html>`_ in the *Certificate Manager User
Guide*.
Args:
Certificate: The certificate to import.
PrivateKey: The private key that matches the public key in the certificate.
Keyword Args:
CertificateArn: The `Amazon Resource Name (ARN) <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-
namespaces.html>`_ of an imported certificate to replace. To import a new certificate, omit this field.
CertificateChain: The PEM encoded certificate chain.
Tags: One or more resource tags to associate with the imported certificate.
"""
args: dict[str, Any] = dict(
Certificate=self.serialize(Certificate),
PrivateKey=self.serialize(PrivateKey),
CertificateArn=self.serialize(CertificateArn),
CertificateChain=self.serialize(CertificateChain),
Tags=self.serialize(Tags),
)
_response = self.client.import_certificate(
**{k: v for k, v in args.items() if v is not None}
)
response = ImportCertificateResponse(**_response)
results: str = None
if response is not None:
results = response.CertificateArn
self.sessionize(results)
return cast("str", results)
[docs] def delete(self, CertificateArn: str) -> None:
"""
Deletes a certificate and its associated private key. If this action succeeds,
the certificate is not available for use by Amazon Web Services services
integrated with ACM. Deleting a certificate is eventually consistent. The may be
a short delay before the certificate no longer appears in the list that can be
displayed by calling the ListCertificates action or be retrieved by calling the
GetCertificate action.
Args:
CertificateArn: String that contains the ARN of the ACM certificate to be deleted. This must be of the form:
"""
args: dict[str, Any] = dict(CertificateArn=self.serialize(CertificateArn))
self.client.delete_certificate(
**{k: v for k, v in args.items() if v is not None}
)
[docs] @add_certificate_tags
def get(self, CertificateArn: str) -> "ACMCertificate | None":
"""
Returns detailed metadata about the specified ACM certificate.
Args:
CertificateArn: The Amazon Resource Name (ARN) of the ACM certificate. The ARN must have the following form:
"""
args: dict[str, Any] = dict(CertificateArn=self.serialize(CertificateArn))
_response = self.client.describe_certificate(
**{k: v for k, v in args.items() if v is not None}
)
response = DescribeCertificateResponse(**_response)
if response and response.Certificate:
self.sessionize(response.Certificate)
return response.Certificate
return None
[docs] @certificates_only
def list(
self,
*,
CertificateStatuses: "builtins.list[Literal['PENDING_VALIDATION', 'ISSUED', 'INACTIVE', 'EXPIRED', 'VALIDATION_TIMED_OUT', 'REVOKED', 'FAILED']] | None" = None,
Includes: "Filters | None" = None,
MaxItems: "int | None" = None,
SortBy: "Literal['CREATED_AT'] | None" = None,
SortOrder: "Literal['ASCENDING', 'DESCENDING'] | None" = None,
) -> PrimaryBoto3ModelQuerySet:
"""
Retrieves a list of certificate ARNs and domain names. You can request that only
certificates that match a specific status be listed. You can also filter by
specific attributes of the certificate. Default filtering returns only
``RSA_2048`` certificates. For more information, see Filters.
Keyword Args:
CertificateStatuses: Filter the certificate list by status value.
Includes: Filter the certificate list. For more information, see the Filters structure.
MaxItems: Use this parameter when paginating results to specify the maximum number of items to return in the
response. If additional items exist beyond the number you specify, the ``NextToken`` element is sent in the
response. Use this ``NextToken`` value in a subsequent request to retrieve additional items.
SortBy: Specifies the field to sort results by. If you specify ``SortBy``, you must also specify ``SortOrder``.
SortOrder: Specifies the order of sorted results. If you specify ``SortOrder``, you must also specify ``SortBy``.
"""
paginator = self.client.get_paginator("list_certificates")
args: dict[str, Any] = dict(
CertificateStatuses=self.serialize(CertificateStatuses),
Includes=self.serialize(Includes),
MaxItems=self.serialize(MaxItems),
SortBy=self.serialize(SortBy),
SortOrder=self.serialize(SortOrder),
)
response_iterator = paginator.paginate(
**{k: v for k, v in args.items() if v is not None}
)
results = []
for _response in response_iterator:
if list(_response.keys()) == ["ResponseMetadata"]:
break
if "ResponseMetadata" in _response:
del _response["ResponseMetadata"]
response = ListCertificatesResponse(**_response)
if response.CertificateSummaryList:
results.extend(response.CertificateSummaryList)
else:
if getattr(response, "NextToken", None):
continue
break
self.sessionize(results)
if results and isinstance(results[0], Boto3Model):
return PrimaryBoto3ModelQuerySet(results)
return results
[docs] def renew(self, CertificateArn: str) -> "None":
"""
Renews an `eligible ACM certificate <https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html>`_. In order to
renew your Amazon Web Services Private CA certificates with ACM, you must first `grant the ACM service principal
permission to do so <https://docs.aws.amazon.com/privateca/latest/userguide/assign-permissions.html#PcaPermissions>`_. For
more information, see `Testing Managed Renewal <https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html>`_
in the ACM User Guide.
Args:
CertificateArn: String that contains the ARN of the ACM certificate to be renewed. This must be of the form:
"""
args: dict[str, Any] = dict(CertificateArn=self.serialize(CertificateArn))
self.client.renew_certificate(
**{k: v for k, v in args.items() if v is not None}
)
[docs] def request(
self,
DomainName: str,
*,
ValidationMethod: "Literal['EMAIL', 'DNS', 'HTTP'] | None" = None,
SubjectAlternativeNames: "builtins.list[str] | None" = None,
IdempotencyToken: "str | None" = None,
DomainValidationOptions: "builtins.list[DomainValidationOption] | None" = None,
Options: "CertificateOptions | None" = None,
CertificateAuthorityArn: "str | None" = None,
Tags: "builtins.list[Tag] | None" = None,
KeyAlgorithm: "Literal['RSA_1024', 'RSA_2048', 'RSA_3072', 'RSA_4096', 'EC_prime256v1', 'EC_secp384r1', 'EC_secp521r1'] | None" = None,
ManagedBy: "Literal['CLOUDFRONT'] | None" = None,
) -> str:
"""
Requests an ACM certificate for use with other Amazon Web Services services. To
request an ACM certificate, you must specify a fully qualified domain name
(FQDN) in the ``DomainName`` parameter. You can also specify additional FQDNs in
the ``SubjectAlternativeNames`` parameter.
Args:
DomainName: Fully qualified domain name (FQDN), such as www.example.com, that you want to secure with an ACM
certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain.
For example, *.example.com protects www.example.com, site.example.com, and images.example.com.
Keyword Args:
ValidationMethod: The method you want to use if you are requesting a public certificate to validate that you own or
control domain. You can `validate with DNS <https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-
dns.html>`_ or `validate with email <https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-email.html>`_.
We recommend that you use DNS validation.
SubjectAlternativeNames: Additional FQDNs to be included in the Subject Alternative Name extension of the ACM
certificate. For example, add the name www.example.net to a certificate for which the ``DomainName`` field is
www.example.com if users can reach your site by using either name. The maximum number of domain names that you can
add to an ACM certificate is 100. However, the initial quota is 10 domain names. If you need more than 10 names, you
must request a quota increase. For more information, see `Quotas
<https://docs.aws.amazon.com/acm/latest/userguide/acm-limits.html>`_.
IdempotencyToken: Customer chosen string that can be used to distinguish between calls to ``RequestCertificate``.
Idempotency tokens time out after one hour. Therefore, if you call ``RequestCertificate`` multiple times with the
same idempotency token within one hour, ACM recognizes that you are requesting only one certificate and will issue
only one. If you change the idempotency token for each call, ACM recognizes that you are requesting multiple
certificates.
DomainValidationOptions: The domain name that you want ACM to use to send you emails so that you can validate domain
ownership.
Options: You can use this parameter to specify whether to add the certificate to a certificate transparency log and
export your certificate.
CertificateAuthorityArn: The Amazon Resource Name (ARN) of the private certificate authority (CA) that will be used
to issue the certificate. If you do not provide an ARN and you are trying to request a private certificate, ACM will
attempt to issue a public certificate. For more information about private CAs, see the `Amazon Web Services Private
Certificate Authority <https://docs.aws.amazon.com/privateca/latest/userguide/PcaWelcome.html>`_ user guide. The ARN
must have the following form:
Tags: One or more resource tags to associate with the certificate.
KeyAlgorithm: Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data.
RSA is the default key algorithm for ACM certificates. Elliptic Curve Digital Signature Algorithm (ECDSA) keys are
smaller, offering security comparable to RSA keys but with greater computing efficiency. However, ECDSA is not
supported by all network clients. Some Amazon Web Services services may require RSA keys, or only support ECDSA keys
of a particular size, while others allow the use of either RSA and ECDSA keys to ensure that compatibility is not
broken. Check the requirements for the Amazon Web Services service where you plan to deploy your certificate. For
more information about selecting an algorithm, see `Key algorithms
<https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate- characteristics.html#algorithms-term>`_.
ManagedBy: Identifies the Amazon Web Services service that manages the certificate issued by ACM.
"""
args: dict[str, Any] = dict(
DomainName=self.serialize(DomainName),
ValidationMethod=self.serialize(ValidationMethod),
SubjectAlternativeNames=self.serialize(SubjectAlternativeNames),
IdempotencyToken=self.serialize(IdempotencyToken),
DomainValidationOptions=self.serialize(DomainValidationOptions),
Options=self.serialize(Options),
CertificateAuthorityArn=self.serialize(CertificateAuthorityArn),
Tags=self.serialize(Tags),
KeyAlgorithm=self.serialize(KeyAlgorithm),
ManagedBy=self.serialize(ManagedBy),
)
_response = self.client.request_certificate(
**{k: v for k, v in args.items() if v is not None}
)
response = RequestCertificateResponse(**_response)
results: str = None
if response is not None:
results = response.CertificateArn
self.sessionize(results)
return cast("str", results)
[docs] def revoke(
self,
CertificateArn: str,
RevocationReason: Literal[
"UNSPECIFIED",
"KEY_COMPROMISE",
"CA_COMPROMISE",
"AFFILIATION_CHANGED",
"SUPERCEDED",
"SUPERSEDED",
"CESSATION_OF_OPERATION",
"CERTIFICATE_HOLD",
"REMOVE_FROM_CRL",
"PRIVILEGE_WITHDRAWN",
"A_A_COMPROMISE",
],
) -> str:
"""
Revokes a public ACM certificate. You can only revoke certificates that have
been previously exported.
Args:
CertificateArn: The Amazon Resource Name (ARN) of the public or private certificate that will be revoked. The ARN
must have the following form:
RevocationReason: Specifies why you revoked the certificate.
"""
args: dict[str, Any] = dict(
CertificateArn=self.serialize(CertificateArn),
RevocationReason=self.serialize(RevocationReason),
)
_response = self.client.revoke_certificate(
**{k: v for k, v in args.items() if v is not None}
)
response = RevokeCertificateResponse(**_response)
results: str = None
if response is not None:
results = response.CertificateArn
self.sessionize(results)
return cast("str", results)
# ==============
# Service Models
# ==============
[docs]class ACMResourceRecord(Boto3Model):
"""
Contains a DNS record value that you can use to validate ownership or control of a
domain.
This is used by the DescribeCertificate action.
"""
Name: str
"""
The name of the DNS record to create in your domain.
This is supplied by ACM.
"""
Type: Literal["CNAME"]
"""
The type of DNS record.
Currently this can be ``CNAME``.
"""
Value: str
"""
The value of the CNAME record to add to your DNS database.
This is supplied by ACM.
"""
[docs]class ACMHttpRedirect(Boto3Model):
"""
Contains information for HTTP-based domain validation of certificates requested
through Amazon CloudFront and issued by ACM.
This field exists only when the certificate type is ``AMAZON_ISSUED`` and the validation method is ``HTTP``.
"""
RedirectFrom: "str | None" = None
"""
The URL including the domain to be validated.
The certificate authority sends ``GET`` requests here during validation.
"""
RedirectTo: "str | None" = None
"""
The URL hosting the validation token.
``RedirectFrom`` must return this content or redirect here.
"""
[docs]class DomainValidation(Boto3Model):
"""
Contains information about the validation of each domain name in the certificate.
"""
DomainName: str
"""
A fully qualified domain name (FQDN) in the certificate.
For example, ``www.example.com`` or ``example.com``.
"""
ValidationEmails: "builtins.list[str] | None" = Field(default_factory=list)
"""
A list of email addresses that ACM used to send domain validation emails.
"""
ValidationDomain: "str | None" = None
"""
The domain name that ACM used to send domain validation emails.
"""
ValidationStatus: "Literal['PENDING_VALIDATION', 'SUCCESS', 'FAILED'] | None" = None
"""
The validation status of the domain name.
This can be one of the following values:
"""
ResourceRecord: "ACMResourceRecord | None" = None
"""
Contains the CNAME record that you add to your DNS database for domain validation.
For more information, see
`Use DNS to Validate Domain Ownership <https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate-dns.html>`_.
"""
HttpRedirect: "ACMHttpRedirect | None" = None
"""
Contains information for HTTP-based domain validation of certificates requested
through Amazon CloudFront and issued by ACM.
This field exists only when the certificate type is ``AMAZON_ISSUED`` and the validation method is ``HTTP``.
"""
ValidationMethod: "Literal['EMAIL', 'DNS', 'HTTP'] | None" = None
"""
Specifies the domain validation method.
"""
[docs]class ACMRenewalSummary(Boto3Model):
"""Contains information about the status of ACM's `managed renewal <https://docs.aws.amazon.com/acm/latest/userguide/acm-
renewal.html>`_ for the certificate. This structure exists only when the certificate type is ``AMAZON_ISSUED``.
"""
RenewalStatus: Literal[
"PENDING_AUTO_RENEWAL", "PENDING_VALIDATION", "SUCCESS", "FAILED"
]
"""
The status of ACM's `managed renewal <https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html>`_ of the
certificate.
"""
DomainValidationOptions: "builtins.list[DomainValidation]"
"""
Contains information about the validation of each domain name in the certificate, as it pertains to ACM's `managed
renewal <https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html>`_. This is different from the initial
validation that occurs as a result of the RequestCertificate request. This field exists only when the certificate type
is ``AMAZON_ISSUED``.
"""
RenewalStatusReason: "Literal['NO_AVAILABLE_CONTACTS', 'ADDITIONAL_VERIFICATION_REQUIRED', 'DOMAIN_NOT_ALLOWED', 'INVALID_PUBLIC_DOMAIN', 'DOMAIN_VALIDATION_DENIED', 'CAA_ERROR', 'PCA_LIMIT_EXCEEDED', 'PCA_INVALID_ARN', 'PCA_INVALID_STATE', 'PCA_REQUEST_FAILED', 'PCA_NAME_CONSTRAINTS_VALIDATION', 'PCA_RESOURCE_NOT_FOUND', 'PCA_INVALID_ARGS', 'PCA_INVALID_DURATION', 'PCA_ACCESS_DENIED', 'SLR_NOT_FOUND', 'OTHER'] | None" = None
"""
The reason that a renewal request was unsuccessful.
"""
UpdatedAt: datetime
"""
The time at which the renewal summary was last updated.
"""
[docs]class KeyUsage(Boto3Model):
"""
The Key Usage X.509 v3 extension defines the purpose of the public key contained in
the certificate.
"""
Name: "Literal['DIGITAL_SIGNATURE', 'NON_REPUDIATION', 'KEY_ENCIPHERMENT', 'DATA_ENCIPHERMENT', 'KEY_AGREEMENT', 'CERTIFICATE_SIGNING', 'CRL_SIGNING', 'ENCIPHER_ONLY', 'DECIPHER_ONLY', 'ANY', 'CUSTOM'] | None" = None
"""
A string value that contains a Key Usage extension name.
"""
[docs]class ExtendedKeyUsage(Boto3Model):
"""
The Extended Key Usage X.509 v3 extension defines one or more purposes for which the
public key can be used.
This is in addition to or in place of the basic purposes specified by the Key Usage
extension.
"""
Name: "Literal['TLS_WEB_SERVER_AUTHENTICATION', 'TLS_WEB_CLIENT_AUTHENTICATION', 'CODE_SIGNING', 'EMAIL_PROTECTION', 'TIME_STAMPING', 'OCSP_SIGNING', 'IPSEC_END_SYSTEM', 'IPSEC_TUNNEL', 'IPSEC_USER', 'ANY', 'NONE', 'CUSTOM'] | None" = None
"""
The name of an Extended Key Usage value.
"""
OID: "str | None" = None
"""
An object identifier (OID) for the extension value.
OIDs are strings of numbers separated by periods. The following OIDs are defined in
RFC 3280 and RFC 5280.
"""
[docs]class CertificateOptions(Boto3Model):
"""
Structure that contains options for your certificate. You can use this structure to
specify whether to opt in to or out of certificate transparency logging and export
your certificate.
Some browsers require that public certificates issued for your domain be recorded in
a log. Certificates that are not logged typically generate a browser error.
Transparency makes it possible for you to detect SSL/TLS certificates that have been
mistakenly or maliciously issued for your domain. For general information, see
`Certificate Transparency Logging <https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency>`_.
You can export public ACM certificates to use with Amazon Web Services services as
well as outside Amazon Web Services Cloud. For more information, see
`Certificate Manager exportable public certificate <https://docs.aws.amazon.com/acm/latest/userguide/acm-exportable-certificates.html>`_.
"""
CertificateTransparencyLoggingPreference: "Literal['ENABLED', 'DISABLED'] | None" = None
"""
You can opt out of certificate transparency logging by specifying the ``DISABLED``
option.
Opt in by specifying
``ENABLED``.
"""
Export: "Literal['ENABLED', 'DISABLED'] | None" = None
"""
You can opt in to allow the export of your certificates by specifying ``ENABLED``.
You cannot update the value of
``Export`` after the the certificate is created.
"""
[docs]class ACMCertificate(TagsDictMixin, PrimaryBoto3Model):
"""
Contains metadata about an ACM certificate.
This structure is returned in the response to a DescribeCertificate request.
"""
tag_class: ClassVar[type[Boto3Model]] = Tag
manager_class: ClassVar[type[Boto3ModelManager]] = ACMCertificateManager
KeyAlgorithm: "str | None" = None
"""
The algorithm that was used to generate the public-private key pair.
"""
CertificateArn: "str | None" = None
"""
The Amazon Resource Name (ARN) of the certificate.
For more information about ARNs, see `Amazon Resource Names
(ARNs) <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html>`_ in the *Amazon Web Services General
Reference*.
"""
DomainName: str = Field(default=None, frozen=True)
"""
The fully qualified domain name for the certificate, such as www.example.com or
example.com.
"""
SubjectAlternativeNames: "builtins.list[str]" = Field(
default_factory=list, frozen=True
)
"""
One or more domain names (subject alternative names) included in the certificate.
This list contains the domain names that are bound to the public key that is
contained in the certificate. The subject alternative names include the canonical
domain name (CN) of the certificate and additional domain names that can be used to
connect to the website.
"""
ManagedBy: Literal["CLOUDFRONT"] = Field(default=None, frozen=True)
"""
Identifies the Amazon Web Services service that manages the certificate issued by
ACM.
"""
DomainValidationOptions: "builtins.list[DomainValidation]" = Field(
default_factory=list, frozen=True
)
"""
Contains information about the initial validation of each domain name that occurs as
a result of the RequestCertificate request.
This field exists only when the certificate type is ``AMAZON_ISSUED``.
"""
Serial: str = Field(default=None, frozen=True)
"""
The serial number of the certificate.
"""
Subject: str = Field(default=None, frozen=True)
"""
The name of the entity that is associated with the public key contained in the
certificate.
"""
Issuer: str = Field(default=None, frozen=True)
"""
The name of the certificate authority that issued and signed the certificate.
"""
CreatedAt: datetime = Field(default=None, frozen=True)
"""
The time at which the certificate was requested.
"""
IssuedAt: datetime = Field(default=None, frozen=True)
"""
The time at which the certificate was issued.
This value exists only when the certificate type is ``AMAZON_ISSUED``.
"""
ImportedAt: datetime = Field(default=None, frozen=True)
"""
The date and time when the certificate was imported.
This value exists only when the certificate type is ``IMPORTED``.
"""
Status: Literal[
"PENDING_VALIDATION",
"ISSUED",
"INACTIVE",
"EXPIRED",
"VALIDATION_TIMED_OUT",
"REVOKED",
"FAILED",
] = Field(default=None, frozen=True)
"""
The status of the certificate.
"""
RevokedAt: datetime = Field(default=None, frozen=True)
"""
The time at which the certificate was revoked.
This value exists only when the certificate status is ``REVOKED``.
"""
RevocationReason: Literal[
"UNSPECIFIED",
"KEY_COMPROMISE",
"CA_COMPROMISE",
"AFFILIATION_CHANGED",
"SUPERCEDED",
"SUPERSEDED",
"CESSATION_OF_OPERATION",
"CERTIFICATE_HOLD",
"REMOVE_FROM_CRL",
"PRIVILEGE_WITHDRAWN",
"A_A_COMPROMISE",
] = Field(default=None, frozen=True)
"""
The reason the certificate was revoked.
This value exists only when the certificate status is ``REVOKED``.
"""
NotBefore: datetime = Field(default=None, frozen=True)
"""
The time before which the certificate is not valid.
"""
NotAfter: datetime = Field(default=None, frozen=True)
"""
The time after which the certificate is not valid.
"""
SignatureAlgorithm: str = Field(default=None, frozen=True)
"""
The algorithm that was used to sign the certificate.
"""
InUseBy: "builtins.list[str]" = Field(default_factory=list, frozen=True)
"""
A list of ARNs for the Amazon Web Services resources that are using the certificate.
A certificate can be used by multiple Amazon Web Services resources.
"""
FailureReason: Literal[
"NO_AVAILABLE_CONTACTS",
"ADDITIONAL_VERIFICATION_REQUIRED",
"DOMAIN_NOT_ALLOWED",
"INVALID_PUBLIC_DOMAIN",
"DOMAIN_VALIDATION_DENIED",
"CAA_ERROR",
"PCA_LIMIT_EXCEEDED",
"PCA_INVALID_ARN",
"PCA_INVALID_STATE",
"PCA_REQUEST_FAILED",
"PCA_NAME_CONSTRAINTS_VALIDATION",
"PCA_RESOURCE_NOT_FOUND",
"PCA_INVALID_ARGS",
"PCA_INVALID_DURATION",
"PCA_ACCESS_DENIED",
"SLR_NOT_FOUND",
"OTHER",
] = Field(default=None, frozen=True)
"""
The reason the certificate request failed.
This value exists only when the certificate status is ``FAILED``. For more
information, see `Certificate Request
Failed <https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting.html#troubleshooting-failed>`_ in the
*Certificate Manager User Guide*.
"""
Type: Literal["IMPORTED", "AMAZON_ISSUED", "PRIVATE"] = Field(
default=None, frozen=True
)
"""
The source of the certificate.
For certificates provided by ACM, this value is ``AMAZON_ISSUED``. For certificates that
you imported with ImportCertificate, this value is ``IMPORTED``. ACM does not provide `managed
renewal <https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html>`_ for imported certificates. For more
information about the differences between certificates that you import and those that ACM provides, see `Importing
Certificates <https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html>`_ in the *Certificate Manager User
Guide*.
"""
RenewalSummary: ACMRenewalSummary = Field(default=None, frozen=True)
"""
Contains information about the status of ACM's `managed renewal <https://docs.aws.amazon.com/acm/latest/userguide/acm-
renewal.html>`_ for the certificate. This field exists only when the certificate type is ``AMAZON_ISSUED``.
"""
KeyUsages: "builtins.list[KeyUsage]" = Field(default_factory=list, frozen=True)
"""
A list of Key Usage X.509 v3 extension objects.
Each object is a string value that identifies the purpose of the public key
contained in the certificate. Possible extension values include DIGITAL_SIGNATURE,
KEY_ENCHIPHERMENT, NON_REPUDIATION, and more.
"""
ExtendedKeyUsages: "builtins.list[ExtendedKeyUsage]" = Field(
default_factory=list, frozen=True
)
"""
Contains a list of Extended Key Usage X.509 v3 extension objects.
Each object specifies a purpose for which the certificate public key can be used and
consists of a name and an object identifier (OID).
"""
CertificateAuthorityArn: str = Field(default=None, frozen=True)
"""
The Amazon Resource Name (ARN) of the private certificate authority (CA) that issued
the certificate.
This has the
following format:
"""
RenewalEligibility: Literal["ELIGIBLE", "INELIGIBLE"] = Field(
default=None, frozen=True
)
"""
Specifies whether the certificate is eligible for renewal.
At this time, only exported private certificates can be renewed with the
RenewCertificate command.
"""
Options: CertificateOptions = Field(default=None, frozen=True)
"""
Value that specifies whether to add the certificate to a transparency log.
Certificate transparency makes it possible to detect SSL certificates that have been
mistakenly or maliciously issued. A browser might respond to certificate that has
not been logged by showing an error message. The logs are cryptographically secure.
"""
Tags: "builtins.list[Tag] | None" = Field(default_factory=list)
"""
The tags associated with the log group.
"""
@property
def pk(self) -> str | None:
"""
Return the primary key of the model. This is the value of the
:py:attr:`CertificateArn` attribute.
Returns:
The primary key of the model instance.
"""
return self.CertificateArn
@property
def arn(self) -> str | None:
"""
Return the ARN of the model. This is the value of the
:py:attr:`CertificateArn` attribute.
Returns:
The ARN of the model instance.
"""
return self.CertificateArn
@property
def name(self) -> str | None:
"""
Return the name of the model. This is the value of the :py:attr:`DomainName`
attribute.
Returns:
The name of the model instance.
"""
return self.DomainName
def __hash__(self) -> int:
"""
Return the hash of the model.
This is the value of the
:py:attr:`CertificateArn` attribute.
"""
return hash(self.CertificateArn)
# =======================
# Request/Response Models
# =======================
[docs]class ImportCertificateResponse(Boto3Model):
CertificateArn: "str | None" = None
"""
The `Amazon Resource Name (ARN) <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html>`_ of the
imported certificate.
"""
[docs]class DescribeCertificateResponse(Boto3Model):
Certificate: "ACMCertificate | None" = None
"""
Metadata about an ACM certificate.
"""
[docs]class Filters(Boto3Model):
"""
This structure can be used in the ListCertificates action to filter the output of
the certificate list.
"""
extendedKeyUsage: "builtins.list[Literal['TLS_WEB_SERVER_AUTHENTICATION', 'TLS_WEB_CLIENT_AUTHENTICATION', 'CODE_SIGNING', 'EMAIL_PROTECTION', 'TIME_STAMPING', 'OCSP_SIGNING', 'IPSEC_END_SYSTEM', 'IPSEC_TUNNEL', 'IPSEC_USER', 'ANY', 'NONE', 'CUSTOM']] | None" = Field(
default_factory=list
)
"""
Specify one or more ExtendedKeyUsage extension values.
"""
keyUsage: "builtins.list[Literal['DIGITAL_SIGNATURE', 'NON_REPUDIATION', 'KEY_ENCIPHERMENT', 'DATA_ENCIPHERMENT', 'KEY_AGREEMENT', 'CERTIFICATE_SIGNING', 'CRL_SIGNING', 'ENCIPHER_ONLY', 'DECIPHER_ONLY', 'ANY', 'CUSTOM']] | None" = Field(
default_factory=list
)
"""
Specify one or more KeyUsage extension values.
"""
keyTypes: "builtins.list[Literal['RSA_1024', 'RSA_2048', 'RSA_3072', 'RSA_4096', 'EC_prime256v1', 'EC_secp384r1', 'EC_secp521r1']] | None" = Field(
default_factory=list
)
"""
Specify one or more algorithms that can be used to generate key pairs.
"""
exportOption: "Literal['ENABLED', 'DISABLED'] | None" = None
"""
Specify ``ENABLED`` or ``DISABLED`` to identify certificates that can be exported.
"""
managedBy: "Literal['CLOUDFRONT'] | None" = None
"""
Identifies the Amazon Web Services service that manages the certificate issued by
ACM.
"""
[docs]class CertificateSummary(Boto3Model):
"""
This structure is returned in the response object of ListCertificates action.
"""
KeyAlgorithm: "str | None" = None
"""
The algorithm that was used to generate the public-private key pair.
"""
CertificateArn: "str | None" = None
"""
Amazon Resource Name (ARN) of the certificate.
This is of the form:
"""
DomainName: "str | None" = None
"""
Fully qualified domain name (FQDN), such as www.example.com or example.com, for the
certificate.
"""
SubjectAlternativeNameSummaries: "builtins.list[str] | None" = Field(
default_factory=list
)
"""
One or more domain names (subject alternative names) included in the certificate.
This list contains the domain names that are bound to the public key that is
contained in the certificate. The subject alternative names include the canonical
domain name (CN) of the certificate and additional domain names that can be used to
connect to the website.
"""
HasAdditionalSubjectAlternativeNames: "bool | None" = None
"""
When called by `ListCertificates <https://docs.aws.amazon.com/acm/latest/APIReference/API_ListCertificates.html>`_,
indicates whether the full list of subject alternative names has been included in the response. If false, the response
includes all of the subject alternative names included in the certificate. If true, the response only includes the first
100 subject alternative names included in the certificate. To display the full list of subject alternative names, use
`DescribeCertificate <https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html>`_.
"""
Status: "Literal['PENDING_VALIDATION', 'ISSUED', 'INACTIVE', 'EXPIRED', 'VALIDATION_TIMED_OUT', 'REVOKED', 'FAILED'] | None" = None
"""
The status of the certificate.
"""
Type: "Literal['IMPORTED', 'AMAZON_ISSUED', 'PRIVATE'] | None" = None
"""
The source of the certificate.
For certificates provided by ACM, this value is ``AMAZON_ISSUED``. For certificates that
you imported with ImportCertificate, this value is ``IMPORTED``. ACM does not provide `managed
renewal <https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html>`_ for imported certificates. For more
information about the differences between certificates that you import and those that ACM provides, see `Importing
Certificates <https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html>`_ in the *Certificate Manager User
Guide*.
"""
KeyUsages: "builtins.list[Literal['DIGITAL_SIGNATURE', 'NON_REPUDIATION', 'KEY_ENCIPHERMENT', 'DATA_ENCIPHERMENT', 'KEY_AGREEMENT', 'CERTIFICATE_SIGNING', 'CRL_SIGNING', 'ENCIPHER_ONLY', 'DECIPHER_ONLY', 'ANY', 'CUSTOM']] | None" = Field(
default_factory=list
)
"""
A list of Key Usage X.509 v3 extension objects.
Each object is a string value that identifies the purpose of the public key
contained in the certificate. Possible extension values include DIGITAL_SIGNATURE,
KEY_ENCHIPHERMENT, NON_REPUDIATION, and more.
"""
ExtendedKeyUsages: "builtins.list[Literal['TLS_WEB_SERVER_AUTHENTICATION', 'TLS_WEB_CLIENT_AUTHENTICATION', 'CODE_SIGNING', 'EMAIL_PROTECTION', 'TIME_STAMPING', 'OCSP_SIGNING', 'IPSEC_END_SYSTEM', 'IPSEC_TUNNEL', 'IPSEC_USER', 'ANY', 'NONE', 'CUSTOM']] | None" = Field(
default_factory=list
)
"""
Contains a list of Extended Key Usage X.509 v3 extension objects.
Each object specifies a purpose for which the certificate public key can be used and
consists of a name and an object identifier (OID).
"""
ExportOption: "Literal['ENABLED', 'DISABLED'] | None" = None
"""
Indicates if export is enabled for the certificate.
"""
InUse: "bool | None" = None
"""
Indicates whether the certificate is currently in use by any Amazon Web Services
resources.
"""
Exported: "bool | None" = None
"""
Indicates whether the certificate has been exported.
This value exists only when the certificate type is ``PRIVATE``.
"""
RenewalEligibility: "Literal['ELIGIBLE', 'INELIGIBLE'] | None" = None
"""
Specifies whether the certificate is eligible for renewal.
At this time, only exported private certificates can be renewed with the
RenewCertificate command.
"""
NotBefore: "datetime | None" = None
"""
The time before which the certificate is not valid.
"""
NotAfter: "datetime | None" = None
"""
The time after which the certificate is not valid.
"""
CreatedAt: "datetime | None" = None
"""
The time at which the certificate was requested.
"""
IssuedAt: "datetime | None" = None
"""
The time at which the certificate was issued.
This value exists only when the certificate type is ``AMAZON_ISSUED``.
"""
ImportedAt: "datetime | None" = None
"""
The date and time when the certificate was imported.
This value exists only when the certificate type is ``IMPORTED``.
"""
RevokedAt: "datetime | None" = None
"""
The time at which the certificate was revoked.
This value exists only when the certificate status is ``REVOKED``.
"""
ManagedBy: "Literal['CLOUDFRONT'] | None" = None
"""
Identifies the Amazon Web Services service that manages the certificate issued by
ACM.
"""
[docs]class ListCertificatesResponse(Boto3Model):
NextToken: "str | None" = None
"""
When the list is truncated, this value is present and contains the value to use for
the ``NextToken`` parameter in a subsequent pagination request.
"""
CertificateSummaryList: "builtins.list[CertificateSummary] | None" = Field(
default_factory=list
)
"""
A list of ACM certificates.
"""
[docs]class DomainValidationOption(Boto3Model):
"""
Contains information about the domain names that you want ACM to use to send you
emails that enable you to validate domain ownership.
"""
DomainName: str
"""
A fully qualified domain name (FQDN) in the certificate request.
"""
ValidationDomain: str
"""
The domain name that you want ACM to use to send you validation emails.
This domain name is the suffix of the email
addresses that you want ACM to use. This must be the same as the ``DomainName`` value or a superdomain of the
``DomainName`` value. For example, if you request a certificate for ``testing.example.com``, you can specify
``example.com`` for this value. In that case, ACM sends domain validation emails to the following five addresses:
"""
[docs]class RequestCertificateResponse(Boto3Model):
CertificateArn: "str | None" = None
"""
String that contains the ARN of the issued certificate.
This must be of the form:
"""
[docs]class RevokeCertificateResponse(Boto3Model):
CertificateArn: "str | None" = None
"""
The Amazon Resource Name (ARN) of the public or private certificate that was
revoked.
"""