diff --git a/.changelog/3dd05ac7785640ed83071dfe2d33234c.json b/.changelog/3dd05ac7785640ed83071dfe2d33234c.json new file mode 100644 index 00000000000..5c72dfdee07 --- /dev/null +++ b/.changelog/3dd05ac7785640ed83071dfe2d33234c.json @@ -0,0 +1,8 @@ +{ + "id": "3dd05ac7-7856-40ed-8307-1dfe2d33234c", + "type": "feature", + "description": "AWS Private CA now supports an option to omit the CDP extension from issued certificates, when CRL revocation is enabled.", + "modules": [ + "service/acmpca" + ] +} \ No newline at end of file diff --git a/.changelog/d428af5ae4a04553a6525ec1c396163a.json b/.changelog/d428af5ae4a04553a6525ec1c396163a.json new file mode 100644 index 00000000000..677bd4a1350 --- /dev/null +++ b/.changelog/d428af5ae4a04553a6525ec1c396163a.json @@ -0,0 +1,8 @@ +{ + "id": "d428af5a-e4a0-4553-a652-5ec1c396163a", + "type": "feature", + "description": "This release adds support for IPv6-only instance plans.", + "modules": [ + "service/lightsail" + ] +} \ No newline at end of file diff --git a/service/acmpca/api_op_GetCertificate.go b/service/acmpca/api_op_GetCertificate.go index 15c2dd326ce..5b7450d387b 100644 --- a/service/acmpca/api_op_GetCertificate.go +++ b/service/acmpca/api_op_GetCertificate.go @@ -171,7 +171,7 @@ type CertificateIssuedWaiterOptions struct { APIOptions []func(*middleware.Stack) error // MinDelay is the minimum amount of time to delay between retries. If unset, - // CertificateIssuedWaiter will use default minimum delay of 3 seconds. Note that + // CertificateIssuedWaiter will use default minimum delay of 1 seconds. Note that // MinDelay must resolve to a value lesser than or equal to the MaxDelay. MinDelay time.Duration @@ -204,7 +204,7 @@ type CertificateIssuedWaiter struct { // NewCertificateIssuedWaiter constructs a CertificateIssuedWaiter. func NewCertificateIssuedWaiter(client GetCertificateAPIClient, optFns ...func(*CertificateIssuedWaiterOptions)) *CertificateIssuedWaiter { options := CertificateIssuedWaiterOptions{} - options.MinDelay = 3 * time.Second + options.MinDelay = 1 * time.Second options.MaxDelay = 120 * time.Second options.Retryable = certificateIssuedStateRetryable diff --git a/service/acmpca/api_op_ListCertificateAuthorities.go b/service/acmpca/api_op_ListCertificateAuthorities.go index 466e8122b08..74cabc1e83e 100644 --- a/service/acmpca/api_op_ListCertificateAuthorities.go +++ b/service/acmpca/api_op_ListCertificateAuthorities.go @@ -35,7 +35,8 @@ type ListCertificateAuthoritiesInput struct { // Use this parameter when paginating results to specify the maximum number of // items to return in the response on each page. If additional items exist beyond // the number you specify, the NextToken element is sent in the response. Use this - // NextToken value in a subsequent request to retrieve additional items. + // NextToken value in a subsequent request to retrieve additional items. Although + // the maximum value is 1000, the action only returns a maximum of 100 items. MaxResults *int32 // Use this parameter when paginating results in a subsequent request after you @@ -155,7 +156,8 @@ type ListCertificateAuthoritiesPaginatorOptions struct { // Use this parameter when paginating results to specify the maximum number of // items to return in the response on each page. If additional items exist beyond // the number you specify, the NextToken element is sent in the response. Use this - // NextToken value in a subsequent request to retrieve additional items. + // NextToken value in a subsequent request to retrieve additional items. Although + // the maximum value is 1000, the action only returns a maximum of 100 items. Limit int32 // Set to true if pagination should stop if the service returns a pagination token diff --git a/service/acmpca/deserializers.go b/service/acmpca/deserializers.go index 2d44a82548f..40a1e196d25 100644 --- a/service/acmpca/deserializers.go +++ b/service/acmpca/deserializers.go @@ -3967,6 +3967,11 @@ func awsAwsjson11_deserializeDocumentCrlConfiguration(v **types.CrlConfiguration for key, value := range shape { switch key { + case "CrlDistributionPointExtensionConfiguration": + if err := awsAwsjson11_deserializeDocumentCrlDistributionPointExtensionConfiguration(&sv.CrlDistributionPointExtensionConfiguration, value); err != nil { + return err + } + case "CustomCname": if value != nil { jtv, ok := value.(string) @@ -4025,6 +4030,46 @@ func awsAwsjson11_deserializeDocumentCrlConfiguration(v **types.CrlConfiguration return nil } +func awsAwsjson11_deserializeDocumentCrlDistributionPointExtensionConfiguration(v **types.CrlDistributionPointExtensionConfiguration, value interface{}) error { + if v == nil { + return fmt.Errorf("unexpected nil of type %T", v) + } + if value == nil { + return nil + } + + shape, ok := value.(map[string]interface{}) + if !ok { + return fmt.Errorf("unexpected JSON type %v", value) + } + + var sv *types.CrlDistributionPointExtensionConfiguration + if *v == nil { + sv = &types.CrlDistributionPointExtensionConfiguration{} + } else { + sv = *v + } + + for key, value := range shape { + switch key { + case "OmitExtension": + if value != nil { + jtv, ok := value.(bool) + if !ok { + return fmt.Errorf("expected Boolean to be of type *bool, got %T instead", value) + } + sv.OmitExtension = ptr.Bool(jtv) + } + + default: + _, _ = key, value + + } + } + *v = sv + return nil +} + func awsAwsjson11_deserializeDocumentCsrExtensions(v **types.CsrExtensions, value interface{}) error { if v == nil { return fmt.Errorf("unexpected nil of type %T", v) diff --git a/service/acmpca/endpoints.go b/service/acmpca/endpoints.go index c7c9ca209d5..9f9f1e28e58 100644 --- a/service/acmpca/endpoints.go +++ b/service/acmpca/endpoints.go @@ -366,8 +366,8 @@ func (r *resolver) ResolveEndpoint( } } if _UseFIPS == true { - if true == _PartitionResult.SupportsFIPS { - if "aws-us-gov" == _PartitionResult.Name { + if _PartitionResult.SupportsFIPS == true { + if _PartitionResult.Name == "aws-us-gov" { uriString := func() string { var out strings.Builder out.WriteString("https://acm-pca.") diff --git a/service/acmpca/serializers.go b/service/acmpca/serializers.go index 47e8c302f82..afdd5419761 100644 --- a/service/acmpca/serializers.go +++ b/service/acmpca/serializers.go @@ -1494,6 +1494,13 @@ func awsAwsjson11_serializeDocumentCrlConfiguration(v *types.CrlConfiguration, v object := value.Object() defer object.Close() + if v.CrlDistributionPointExtensionConfiguration != nil { + ok := object.Key("CrlDistributionPointExtensionConfiguration") + if err := awsAwsjson11_serializeDocumentCrlDistributionPointExtensionConfiguration(v.CrlDistributionPointExtensionConfiguration, ok); err != nil { + return err + } + } + if v.CustomCname != nil { ok := object.Key("CustomCname") ok.String(*v.CustomCname) @@ -1522,6 +1529,18 @@ func awsAwsjson11_serializeDocumentCrlConfiguration(v *types.CrlConfiguration, v return nil } +func awsAwsjson11_serializeDocumentCrlDistributionPointExtensionConfiguration(v *types.CrlDistributionPointExtensionConfiguration, value smithyjson.Value) error { + object := value.Object() + defer object.Close() + + if v.OmitExtension != nil { + ok := object.Key("OmitExtension") + ok.Boolean(*v.OmitExtension) + } + + return nil +} + func awsAwsjson11_serializeDocumentCsrExtensions(v *types.CsrExtensions, value smithyjson.Value) error { object := value.Object() defer object.Close() diff --git a/service/acmpca/types/types.go b/service/acmpca/types/types.go index 63f9a278045..7cbca8b5603 100644 --- a/service/acmpca/types/types.go +++ b/service/acmpca/types/types.go @@ -251,12 +251,14 @@ type CertificateAuthorityConfiguration struct { // supported. You can enable CRLs for your new or an existing private CA by setting // the Enabled parameter to true . Your private CA writes CRLs to an S3 bucket that // you specify in the S3BucketName parameter. You can hide the name of your bucket -// by specifying a value for the CustomCname parameter. Your private CA copies the -// CNAME or the S3 bucket name to the CRL Distribution Points extension of each -// certificate it issues. Your S3 bucket policy must give write permission to -// Amazon Web Services Private CA. Amazon Web Services Private CA assets that are -// stored in Amazon S3 can be protected with encryption. For more information, see -// Encrypting Your CRLs (https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption) +// by specifying a value for the CustomCname parameter. Your private CA by default +// copies the CNAME or the S3 bucket name to the CRL Distribution Points extension +// of each certificate it issues. If you want to configure this default behavior to +// be something different, you can set the +// CrlDistributionPointExtensionConfiguration parameter. Your S3 bucket policy must +// give write permission to Amazon Web Services Private CA. Amazon Web Services +// Private CA assets that are stored in Amazon S3 can be protected with encryption. +// For more information, see Encrypting Your CRLs (https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption) // . Your private CA uses the value in the ExpirationInDays parameter to calculate // the nextUpdate field in the CRL. The CRL is refreshed prior to a certificate's // expiration date or when a certificate is revoked. When a certificate is revoked, @@ -302,6 +304,12 @@ type CrlConfiguration struct { // This member is required. Enabled *bool + // Configures the behavior of the CRL Distribution Point extension for + // certificates issued by your certificate authority. If this field is not + // provided, then the CRl Distribution Point Extension will be present and contain + // the default CRL URL. + CrlDistributionPointExtensionConfiguration *CrlDistributionPointExtensionConfiguration + // Name inserted into the certificate CRL Distribution Points extension that // enables the use of an alias for the CRL distribution point. Use this value if // you don't want the name of your S3 bucket to be public. The content of a @@ -341,6 +349,28 @@ type CrlConfiguration struct { noSmithyDocumentSerde } +// Contains configuration information for the default behavior of the CRL +// Distribution Point (CDP) extension in certificates issued by your CA. This +// extension contains a link to download the CRL, so you can check whether a +// certificate has been revoked. To choose whether you want this extension omitted +// or not in certificates issued by your CA, you can set the OmitExtension +// parameter. +type CrlDistributionPointExtensionConfiguration struct { + + // Configures whether the CRL Distribution Point extension should be populated + // with the default URL to the CRL. If set to true , then the CDP extension will + // not be present in any certificates issued by that CA unless otherwise specified + // through CSR or API passthrough. Only set this if you have another way to + // distribute the CRL Distribution Points ffor certificates issued by your CA, such + // as the Matter Distributed Compliance Ledger This configuration cannot be enabled + // with a custom CNAME set. + // + // This member is required. + OmitExtension *bool + + noSmithyDocumentSerde +} + // Describes the certificate extensions to be added to the certificate signing // request (CSR). type CsrExtensions struct { diff --git a/service/acmpca/validators.go b/service/acmpca/validators.go index 41d3f2d1ed2..e1c6ad66cde 100644 --- a/service/acmpca/validators.go +++ b/service/acmpca/validators.go @@ -671,6 +671,26 @@ func validateCrlConfiguration(v *types.CrlConfiguration) error { if v.Enabled == nil { invalidParams.Add(smithy.NewErrParamRequired("Enabled")) } + if v.CrlDistributionPointExtensionConfiguration != nil { + if err := validateCrlDistributionPointExtensionConfiguration(v.CrlDistributionPointExtensionConfiguration); err != nil { + invalidParams.AddNested("CrlDistributionPointExtensionConfiguration", err.(smithy.InvalidParamsError)) + } + } + if invalidParams.Len() > 0 { + return invalidParams + } else { + return nil + } +} + +func validateCrlDistributionPointExtensionConfiguration(v *types.CrlDistributionPointExtensionConfiguration) error { + if v == nil { + return nil + } + invalidParams := smithy.InvalidParamsError{Context: "CrlDistributionPointExtensionConfiguration"} + if v.OmitExtension == nil { + invalidParams.Add(smithy.NewErrParamRequired("OmitExtension")) + } if invalidParams.Len() > 0 { return invalidParams } else { diff --git a/service/lightsail/deserializers.go b/service/lightsail/deserializers.go index bebd17d04a8..89532fc09a5 100644 --- a/service/lightsail/deserializers.go +++ b/service/lightsail/deserializers.go @@ -22678,6 +22678,19 @@ func awsAwsjson11_deserializeDocumentBundle(v **types.Bundle, value interface{}) } } + case "publicIpv4AddressCount": + if value != nil { + jtv, ok := value.(json.Number) + if !ok { + return fmt.Errorf("expected integer to be json.Number, got %T instead", value) + } + i64, err := jtv.Int64() + if err != nil { + return err + } + sv.PublicIpv4AddressCount = ptr.Int32(int32(i64)) + } + case "ramSizeInGb": if value != nil { switch jtv := value.(type) { @@ -27324,6 +27337,11 @@ func awsAwsjson11_deserializeDocumentInstanceAccessDetails(v **types.InstanceAcc sv.IpAddress = ptr.String(jtv) } + case "ipv6Addresses": + if err := awsAwsjson11_deserializeDocumentIpv6AddressList(&sv.Ipv6Addresses, value); err != nil { + return err + } + case "password": if value != nil { jtv, ok := value.(string) diff --git a/service/lightsail/types/types.go b/service/lightsail/types/types.go index 955364ca3a1..9adccf6a599 100644 --- a/service/lightsail/types/types.go +++ b/service/lightsail/types/types.go @@ -628,6 +628,10 @@ type Bundle struct { // The price in US dollars ( 5.0 ) of the bundle. Price *float32 + // An integer that indicates the public ipv4 address count included in the bundle, + // the value is either 0 or 1. + PublicIpv4AddressCount *int32 + // The amount of RAM in GB ( 2.0 ). RamSizeInGb *float32 @@ -2053,6 +2057,9 @@ type InstanceAccessDetails struct { // The public IP address of the Amazon Lightsail instance. IpAddress *string + // The IPv6 address of the Amazon Lightsail instance. + Ipv6Addresses []string + // For RDP access, the password for your Amazon Lightsail instance. Password will // be an empty string if the password for your new instance is not ready yet. When // you create an instance, it can take up to 15 minutes for the instance to be