AWS Certificate Manager API Reference

AWS Certificate Manager API Reference
AWS Certificate Manager
API Reference
Version
AWS Certificate Manager API Reference
AWS Certificate Manager: API Reference
Copyright © 2016 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner
that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not
owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by
Amazon.
AWS Certificate Manager API Reference
Table of Contents
Welcome ..................................................................................................................................... 1
Available ACM Guides ............................................................................................................ 1
Signing Requests .................................................................................................................. 1
Additional Resources ............................................................................................................. 1
Actions ........................................................................................................................................ 3
DeleteCertificate ................................................................................................................... 4
Request Syntax ............................................................................................................ 4
Request Parameters ...................................................................................................... 4
Response Elements ....................................................................................................... 4
Errors .......................................................................................................................... 4
Examples ..................................................................................................................... 5
DescribeCertificate ................................................................................................................ 6
Request Syntax ............................................................................................................ 6
Request Parameters ...................................................................................................... 6
Response Syntax .......................................................................................................... 6
Response Elements ....................................................................................................... 7
Errors .......................................................................................................................... 7
Examples ..................................................................................................................... 8
GetCertificate ...................................................................................................................... 10
Request Syntax ........................................................................................................... 10
Request Parameters .................................................................................................... 10
Response Syntax ........................................................................................................ 10
Response Elements ..................................................................................................... 10
Errors ........................................................................................................................ 11
Examples ................................................................................................................... 11
ListCertificates .................................................................................................................... 14
Request Syntax ........................................................................................................... 14
Request Parameters .................................................................................................... 14
Response Syntax ........................................................................................................ 15
Response Elements ..................................................................................................... 15
Errors ........................................................................................................................ 15
Examples ................................................................................................................... 16
RequestCertificate ............................................................................................................... 17
Request Syntax ........................................................................................................... 17
Request Parameters .................................................................................................... 17
Response Syntax ........................................................................................................ 18
Response Elements ..................................................................................................... 18
Errors ........................................................................................................................ 19
Examples ................................................................................................................... 19
ResendValidationEmail ......................................................................................................... 21
Request Syntax ........................................................................................................... 21
Request Parameters .................................................................................................... 21
Response Elements ..................................................................................................... 22
Errors ........................................................................................................................ 22
Examples ................................................................................................................... 23
Data Types ................................................................................................................................. 24
CertificateDetail ................................................................................................................... 24
Description ................................................................................................................. 24
Contents .................................................................................................................... 24
CertificateSummary ............................................................................................................. 27
Description ................................................................................................................. 27
Contents .................................................................................................................... 27
DomainValidation ................................................................................................................. 28
Description ................................................................................................................. 28
Contents .................................................................................................................... 28
Version
iii
AWS Certificate Manager API Reference
DomainValidationOption ........................................................................................................
Description .................................................................................................................
Contents ....................................................................................................................
Common Parameters ...................................................................................................................
.........................................................................................................................................
Common Errors ...........................................................................................................................
.........................................................................................................................................
Version
iv
28
28
29
30
30
32
32
AWS Certificate Manager API Reference
Available ACM Guides
Welcome
Welcome to the AWS Certificate Manager (ACM) API reference. This guide provides descriptions, syntax,
and usage examples for each ACM action. You can use AWS Certificate Manager to request ACM
Certificates for your AWS-based websites and applications. The topic for each action shows the request
parameters and the response. Alternatively, you can use one of the AWS SDKs that is tailored to the
programming language or platform that you're using. For more information, see Tools for Amazon Web
Services.
Available ACM Guides
For more information about AWS Certificate Manager, see the following guides:
• AWS Certificate Manager User Guide
• AWS Certificate Manager CLI Command Reference
Signing Requests
Requests must be signed by using an access key ID and a secret access key. We strongly recommend
that you do not use your root AWS account access key ID and secret key for everyday work with ACM.
Instead, use the access key ID and secret access key for an IAM user, or you can use the AWS Security
Token Service to generate temporary security credentials that you can use to sign requests.
All ACM operations require Signature Version 4.
Additional Resources
For more information about credentials and request signing, see the following:
• AWS Security Credentials- Provides general information about the types of credentials used for accessing
AWS.
• AWS Security Token Service- Describes how to create and use temporary security credentials.
• Signing AWS API Requests- Walks you through the process of signing a request using an access key
ID and a secret access key.
Version
1
AWS Certificate Manager API Reference
Additional Resources
• Permissions and Policies- Discusses how to use AWS Identity and Access Management to manage
user permissions.
• Using the ACM SDK- Shows you how to use the ACM java SDK.
Version
2
AWS Certificate Manager API Reference
Actions
The following actions are supported:
•
•
•
•
•
•
DeleteCertificate (p. 4)
DescribeCertificate (p. 6)
GetCertificate (p. 10)
ListCertificates (p. 14)
RequestCertificate (p. 17)
ResendValidationEmail (p. 21)
Version
3
AWS Certificate Manager API Reference
DeleteCertificate
DeleteCertificate
Deletes an ACM Certificate and its associated private key. If this action succeeds, the certificate no longer
appears in the list of ACM Certificates that can be displayed by calling the ListCertificates (p. 14) action
or be retrieved by calling the GetCertificate (p. 10) action. The certificate will not be available for use by
other AWS services.
Note
You cannot delete an ACM Certificate that is being used by another AWS service. To delete a
certificate that is in use, the certificate association must first be removed.
Request Syntax
{
"CertificateArn": "string"
}
Request Parameters
For information about the common parameters that all actions use, see Common Parameters (p. 30).
The request requires the following data in JSON format.
CertificateArn
String that contains the ARN of the ACM Certificate to be deleted. This must be of the form:
arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service
Namespaces.
Type: String
Length constraints: Minimum length of 20. Maximum length of 2048.
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=/,.@-]+)*
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 32).
InvalidArnException
The requested Amazon Resource Name (ARN) does not refer to an existing resource.
HTTP Status Code: 400
Version
4
AWS Certificate Manager API Reference
Examples
ResourceInUseException
The certificate is in use by another AWS service in the caller's account. Remove the association and
try again.
HTTP Status Code: 400
ResourceNotFoundException
The specified certificate cannot be found in the caller's account, or the caller's account cannot be
found.
HTTP Status Code: 400
Examples
Delete an ACM Certificate
Sample Request
POST / HTTP/1.1
Host: acm.us-east-1.amazonaws.com
X-Amz-Target: CertificateManager.DeleteCertificate
X-Amz-Date: 20151222T164207Z
User-Agent: aws-cli/1.9.7 Python/2.7.3 Linux/3.13.0-73-generic botocore/1.3.7
Content-Type: application/x-amz-json-1.1
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20151222/useast-1/acm/aws4_request, SignedHeaders=content-type;host;user-agent;x-amz-date;xamz-target, Signature=0b29b04bb5f1ebb5fe9e6b1cb
cdeda903b4ed2e06f3abe8a092c0ed1193b4dfc
{
"CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/123456781234-1234-1234-123456789012"
}
Sample Response
HTTP/1.1 200 OK
x-amzn-RequestId: ee2db085-a8ca-11e5-9561-b3f6248b5775
Content-Type: application/x-amz-json-1.1
Content-Length: 0
Date: Tue, 22 Dec 2015 16:42:03 GMT
Version
5
AWS Certificate Manager API Reference
DescribeCertificate
DescribeCertificate
Returns a list of the fields contained in the specified ACM Certificate. For example, this action returns the
certificate status, a flag that indicates whether the certificate is associated with any other AWS service,
and the date at which the certificate request was created. The ACM Certificate is specified on input by
its Amazon Resource Name (ARN).
Request Syntax
{
"CertificateArn": "string"
}
Request Parameters
For information about the common parameters that all actions use, see Common Parameters (p. 30).
The request requires the following data in JSON format.
CertificateArn
String that contains an ACM Certificate ARN. The ARN must be of the form:
arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service
Namespaces.
Type: String
Length constraints: Minimum length of 20. Maximum length of 2048.
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=/,.@-]+)*
Required: Yes
Response Syntax
{
"Certificate": {
"CertificateArn": "string",
"CreatedAt": number,
"DomainName": "string",
"DomainValidationOptions": [
{
"DomainName": "string",
"ValidationDomain": "string",
"ValidationEmails": [
"string"
]
}
Version
6
AWS Certificate Manager API Reference
Response Elements
],
"InUseBy": [
"string"
],
"IssuedAt": number,
"Issuer": "string",
"KeyAlgorithm": "string",
"NotAfter": number,
"NotBefore": number,
"RevocationReason": "string",
"RevokedAt": number,
"Serial": "string",
"SignatureAlgorithm": "string",
"Status": "string",
"Subject": "string",
"SubjectAlternativeNames": [
"string"
]
}
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Certificate
Contains a CertificateDetail (p. 24) structure that lists the fields of an ACM Certificate.
Type: CertificateDetail (p. 24) object
Errors
For information about the errors that are common to all actions, see Common Errors (p. 32).
InvalidArnException
The requested Amazon Resource Name (ARN) does not refer to an existing resource.
HTTP Status Code: 400
ResourceNotFoundException
The specified certificate cannot be found in the caller's account, or the caller's account cannot be
found.
HTTP Status Code: 400
Version
7
AWS Certificate Manager API Reference
Examples
Examples
Describe an ACM Certificate
Sample Request
POST / HTTP/1.1
Host: acm.us-east-1.amazonaws.com
X-Amz-Target: CertificateManager.DescribeCertificate
X-Amz-Date: 20151221T203246Z
User-Agent: aws-cli/1.9.7 Python/2.7.3 Linux/3.13.0-71-generic botocore/1.3.7
Content-Type: application/x-amz-json-1.1
Authorization: AWS4-HMAC-SHA256 Credential=AKIAI44QH8DHBEXAMPLE/20151221/useast-1/acm/aws4_request, SignedHeaders=content-type;host;user-agent;x-amz-date;xamz-target, Signature=76913a7d6013d34afb
dc1bbd6c3e77d5edd3fa2d9883a94d946c6eeea5908d9e
{
"CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/123456781234-1234-1234-123456789012"
}
Sample Response
HTTP/1.1 200 OK
x-amzn-RequestId: fd1e5a07-a821-11e5-845d-95c070464235
Content-Type: application/x-amz-json-1.1
Content-Length: 1035
Date: Mon, 21 Dec 2015 20:32:43 GMT
{
"Certificate": {
"CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/123456781234-1234-1234-123456789012",
"CreatedAt": 1450212224.0,
"DomainName": "example.com",
"DomainValidationOptions": [
{
"DomainName": "example.com",
"ValidationDomain": "example.com",
"ValidationEmails": [
"hostmaster@example.com",
"admin@example.com",
"admin@example.com.whoisprivacyservice.org",
"tech@example.com.whoisprivacyservice.org",
"owner@example.com.whoisprivacyservice.org",
"postmaster@example.com",
"webmaster@example.com",
Version
8
AWS Certificate Manager API Reference
Examples
"administrator@example.com"
]
},
{
"DomainName": "www.example.com",
"ValidationDomain": "www.example.com",
"ValidationEmails": [
"hostmaster@example.com",
"admin@example.com",
"admin@example.com.whoisprivacyservice.org",
"tech@example.com.whoisprivacyservice.org",
"owner@example.com.whoisprivacyservice.org",
"postmaster@example.com",
"webmaster@example.com",
"administrator@example.com"
]
}
],
"InUseBy": [
"arn:aws:cloudfront::111122223333:distribution/E12KXPQHVLSYVC"
],
"IssuedAt": 1450212292.0,
"Issuer": "Amazon",
"KeyAlgorithm": "RSA-2048",
"NotAfter": 1484481600.0,
"NotBefore": 1450137600.0,
"Serial": "07:71:71:f4:6b:e7:bf:63:87:e6:ad:3c:b2:0f:d0:5b",
"SignatureAlgorithm": "SHA256WITHRSA",
"Status": "ISSUED",
"Subject": "CN=example.com",
"SubjectAlternativeNames": [
"example.com",
"www.example.com"
]
}
}
Version
9
AWS Certificate Manager API Reference
GetCertificate
GetCertificate
Retrieves an ACM Certificate and certificate chain for the certificate specified by an ARN. The chain is
an ordered list of certificates that contains the root certificate, intermediate certificates of subordinate
CAs, and the ACM Certificate. The certificate and certificate chain are base64 encoded. If you want to
decode the certificate chain to see the individual certificate fields, you can use OpenSSL.
Note
Currently, ACM Certificates can be used only with Elastic Load Balancing and Amazon CloudFront.
Request Syntax
{
"CertificateArn": "string"
}
Request Parameters
For information about the common parameters that all actions use, see Common Parameters (p. 30).
The request requires the following data in JSON format.
CertificateArn
String that contains a certificate ARN in the following format:
arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service
Namespaces.
Type: String
Length constraints: Minimum length of 20. Maximum length of 2048.
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=/,.@-]+)*
Required: Yes
Response Syntax
{
"Certificate": "string",
"CertificateChain": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Version
10
AWS Certificate Manager API Reference
Errors
Certificate
String that contains the ACM Certificate represented by the ARN specified at input.
Type: String
Length constraints: Minimum length of 1. Maximum length of 524288.
Pattern: -{5}BEGIN
CERTIFICATE-{5}\u000D?\u000A([A-Za-z0-9/+]{64}\u000D?\u000A)*[A-Za-z0-9/+]{1,64}={0,2}\u000D?\u000A-{5}END
CERTIFICATE-{5}(\u000D?\u000A)?
CertificateChain
The certificate chain that contains the root certificate issued by the certificate authority (CA).
Type: String
Length constraints: Minimum length of 1. Maximum length of 2097152.
Pattern: (-{5}BEGIN
CERTIFICATE-{5}\u000D?\u000A([A-Za-z0-9/+]{64}\u000D?\u000A)*[A-Za-z0-9/+]{1,64}={0,2}\u000D?\u000A-{5}END
CERTIFICATE-{5}\u000D?\u000A)*-{5}BEGIN
CERTIFICATE-{5}\u000D?\u000A([A-Za-z0-9/+]{64}\u000D?\u000A)*[A-Za-z0-9/+]{1,64}={0,2}\u000D?\u000A-{5}END
CERTIFICATE-{5}(\u000D?\u000A)?
Errors
For information about the errors that are common to all actions, see Common Errors (p. 32).
InvalidArnException
The requested Amazon Resource Name (ARN) does not refer to an existing resource.
HTTP Status Code: 400
RequestInProgressException
The certificate request is in process and the certificate in your account has not yet been issued.
HTTP Status Code: 400
ResourceNotFoundException
The specified certificate cannot be found in the caller's account, or the caller's account cannot be
found.
HTTP Status Code: 400
Examples
Get an ACM Certificate
Sample Request
POST / HTTP/1.1
Host: acm.us-east-1.amazonaws.com
X-Amz-Target: CertificateManager.GetCertificate
X-Amz-Date: 20151221T210018Z
User-Agent: aws-cli/1.9.7 Python/2.7.3 Linux/3.13.0-71-generic botocore/1.3.7
Version
11
AWS Certificate Manager API Reference
Examples
Content-Type: application/x-amz-json-1.1
Authorization: AWS4-HMAC-SHA256 Credential=AKIAI44QH8DHBEXAMPLE/20151221/useast-1/acm/aws4_request, SignedHeaders=content-type;host;user-agent;x-amz-date;xamz-target, Signa
ture=b51b4c2d5518473a8552fdab8e313c76254e9ca64e4d8ab69c2ebef83dbd459b
{
"CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/123456781234-1234-1234-123456789012"
}
Sample Response
HTTP/1.1 200 OK
x-amzn-RequestId: d5300b5a-a825-11e5-9141-fbb8a078e3eb
Content-Type: application/x-amz-json-1.1
Content-Length: 6506
Date: Mon, 21 Dec 2015 21:00:15 GMT
{
"Certificate":
"------BEGIN CERTIFICATE----MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=
-----END CERTIFICATE-----\n",
"CertificateChain":
-----BEGIN CERTIFICATE----MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
Version
12
AWS Certificate Manager API Reference
Examples
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=
-----END CERTIFICATE-----\n
-----BEGIN CERTIFICATE----MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=
-----END CERTIFICATE-----\n
-----BEGIN CERTIFICATE----MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC
VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6
b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd
BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN
MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD
VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z
b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt
YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ
21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T
rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE
Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4
nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb
FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb
NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE=
-----END CERTIFICATE-----"
}
Version
13
AWS Certificate Manager API Reference
ListCertificates
ListCertificates
Retrieves a list of the ACM Certificate ARNs, and the domain name for each ARN, owned by the calling
account. You can filter the list based on the CertificateStatuses parameter, and you can display up
to MaxItems certificates at one time. If you have more than MaxItems certificates, use the NextToken
marker from the response object in your next call to the ListCertificates action to retrieve the next
set of certificate ARNs.
Request Syntax
{
"CertificateStatuses": [
"string"
],
"MaxItems": number,
"NextToken": "string"
}
Request Parameters
For information about the common parameters that all actions use, see Common Parameters (p. 30).
The request requires the following data in JSON format.
CertificateStatuses
Identifies the statuses of the ACM Certificates for which you want to retrieve the ARNs. This can be
one or more of the following values:
• PENDING_VALIDATION
• ISSUED
• INACTIVE
• EXPIRED
• VALIDATION_TIMED_OUT
• REVOKED
• FAILED
Type: array of Strings
Required: No
MaxItems
Specify this parameter when paginating results to indicate the maximum number of ACM Certificates
that you want to display for each response. If there are additional certificates beyond the maximum
you specify, use the NextToken value in your next call to the ListCertificates action.
Type: Number
Valid range: Minimum value of 1. Maximum value of 1000.
Required: No
NextToken
String that contains an opaque marker of the next ACM Certificate ARN to be displayed. Use this
parameter when paginating results, and only in a subsequent request after you've received a response
Version
14
AWS Certificate Manager API Reference
Response Syntax
where the results have been truncated. Set it to an empty string the first time you call this action, and
set it to the value of the NextToken element you receive in the response object for subsequent calls.
Type: String
Length constraints: Minimum length of 1. Maximum length of 320.
Pattern: [\u0009\u000A\u000D\u0020-\u00FF]*
Required: No
Response Syntax
{
"CertificateSummaryList": [
{
"CertificateArn": "string",
"DomainName": "string"
}
],
"NextToken": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
CertificateSummaryList
A list of the certificate ARNs.
Type: array of CertificateSummary (p. 27) objects
NextToken
If the list has been truncated, this value is present and should be used for the NextToken input
parameter on your next call to ListCertificates.
Type: String
Length constraints: Minimum length of 1. Maximum length of 320.
Pattern: [\u0009\u000A\u000D\u0020-\u00FF]*
Errors
For information about the errors that are common to all actions, see Common Errors (p. 32).
Version
15
AWS Certificate Manager API Reference
Examples
Examples
List Certificates
Sample Request
POST / HTTP/1.1
Host: acm.us-east-1.amazonaws.com
X-Amz-Target: CertificateManagerListCertificates
X-Amz-Date: 20151221T191546Z
User-Agent: aws-cli/1.9.7 Python/2.7.3 Linux/3.13.0-71-generic botocore/1.3.7
Content-Type: application/x-amz-json-1.1
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20151221/useast-1/acm/aws4_request, SignedHeaders=content-type;host;user-agent;x-amz-date;xamz-target, Signa
ture=f3a1261bf61c3759abe0d171fdde00284c444f84c0f56e9f9ac3ef348914981d
{}
Sample Response
HTTP/1.1 200 OK
x-amzn-RequestId: 3c8aed5a-a817-11e5-b91d-bb59df923d36
Content-Type: application/x-amz-json-1.1
Content-Length: 292
Date: Mon, 21 Dec 2015 19:15:45 GMT
{
"CertificateSummaryList": [
{
"CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/123456781234-1234-1234-123456789012",
"DomainName": "example.com"
},
{
"CertificateArn": "arn:aws:acm:us-east-1:444455556666:certificate/876543215678-5678-5678-210987654321",
"DomainName": "example.net"
}
]
}
Version
16
AWS Certificate Manager API Reference
RequestCertificate
RequestCertificate
Requests an ACM Certificate for use with other AWS services. To request an ACM Certificate, you must
specify the fully qualified domain name (FQDN) for your site. You can also specify additional FQDNs if
users can reach your site by using other names. For each domain name you specify, email is sent to the
domain owner to request approval to issue the certificate. After receiving approval from the domain owner,
the ACM Certificate is issued. For more information, see the AWS Certificate Manager User Guide .
Request Syntax
{
"DomainName": "string",
"DomainValidationOptions": [
{
"DomainName": "string",
"ValidationDomain": "string"
}
],
"IdempotencyToken": "string",
"SubjectAlternativeNames": [
"string"
]
}
Request Parameters
For information about the common parameters that all actions use, see Common Parameters (p. 30).
The request requires the following data in JSON format.
DomainName
Fully qualified domain name (FQDN), such as www.example.com, of the site you want to secure with
an ACM Certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in
the same domain. For example, *.example.com protects www.example.com, site.example.com, and
images.example.com.
Type: String
Length constraints: Minimum length of 1. Maximum length of 253.
Pattern:
^(\*\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$
Required: Yes
DomainValidationOptions
The base validation domain that will act as the suffix of the email addresses that are used to send
the emails. This must be the same as the Domain value or a superdomain of the Domain value. For
example, if you requested a certificate for test.example.com and specify DomainValidationOptions
of example.com, ACM sends email to the domain registrant, technical contact, and administrative
contact in WHOIS and the following five addresses:
• admin@example.com
• administrator@example.com
• hostmaster@example.com
Version
17
AWS Certificate Manager API Reference
Response Syntax
• postmaster@example.com
• webmaster@example.com
Type: array of DomainValidationOption (p. 28) objects
Length constraints: Minimum of 1 item(s) in the list. Maximum of 1000 item(s) in the list.
Required: No
IdempotencyToken
Customer chosen string that can be used to distinguish between calls to RequestCertificate.
Idempotency tokens time out after one hour. Therefore, if you call RequestCertificate multiple
times with the same idempotency token within one hour, ACM recognizes that you are requesting
only one certificate and will issue only one. If you change the idempotency token for each call, ACM
recognizes that you are requesting multiple certificates.
Type: String
Length constraints: Minimum length of 1. Maximum length of 32.
Pattern: \w+
Required: No
SubjectAlternativeNames
Additional FQDNs to be included in the Subject Alternative Name extension of the ACM Certificate.
For example, add the name www.example.net to a certificate for which the DomainName field is
www.example.com if users can reach your site by using either name.
Type: array of Strings
Length constraints: Minimum of 1 item(s) in the list. Maximum of 1000 item(s) in the list.
Required: No
Response Syntax
{
"CertificateArn": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
CertificateArn
String that contains the ARN of the issued certificate. This must be of the form:
arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
Type: String
Length constraints: Minimum length of 20. Maximum length of 2048.
Version
18
AWS Certificate Manager API Reference
Errors
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=/,.@-]+)*
Errors
For information about the errors that are common to all actions, see Common Errors (p. 32).
InvalidDomainValidationOptionsException
One or more values in the DomainValidationOption (p. 28) structure is incorrect.
HTTP Status Code: 400
LimitExceededException
An ACM limit has been exceeded. For example, you may have input more domains than are allowed
or you've requested too many certificates for your account. See the exception message returned by
ACM to determine which limit you have violated. For more information about ACM limits, see the
Limits topic.
HTTP Status Code: 400
Examples
Request an ACM Certificate
Sample Request
POST / HTTP/1.1
Host: acm.us-east-1.amazonaws.com
Accept-Encoding: identity
Content-Length: 75
X-Amz-Target: CertificateManager.RequestCertificate
X-Amz-Date: 20151222T165732Z
User-Agent: aws-cli/1.9.7 Python/2.7.3 Linux/3.13.0-73-generic botocore/1.3.7
Content-Type: application/x-amz-json-1.1
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20151222/useast-1/acm/aws4_request, SignedHeaders=content-type;host;user-agent;x-amz-date;xamz-target, Signa
ture=dbba4b1fa1199c011c0b781b94c97b14cbe75fa64dc6424232c903798d2a83b5
{
"SubjectAlternativeNames": ["example.com"],
"DomainName": "www.example.com"
}
Sample Response
HTTP/1.1 200 OK
x-amzn-RequestId: 15320637-a8cd-11e5-9141-fbb8a078e3eb
Version
19
AWS Certificate Manager API Reference
Examples
Content-Type: application/x-amz-json-1.1
Content-Length: 104
Date: Tue, 22 Dec 2015 16:57:28 GMT
{
"CertificateArn":"arn:aws:acm:us-east-1:493619779192:certificate/1ad574bdeeb0-466e-b961-74ec8b405093"
}
Version
20
AWS Certificate Manager API Reference
ResendValidationEmail
ResendValidationEmail
Resends the email that requests domain ownership validation. The domain owner or an authorized
representative must approve the ACM Certificate before it can be issued. The certificate can be approved
by clicking a link in the mail to navigate to the Amazon certificate approval website and then clicking I
Approve. However, the validation email can be blocked by spam filters. Therefore, if you do not receive
the original mail, you can request that the mail be resent within 72 hours of requesting the ACM Certificate.
If more than 72 hours have elapsed since your original request or since your last attempt to resend
validation mail, you must request a new certificate.
Request Syntax
{
"CertificateArn": "string",
"Domain": "string",
"ValidationDomain": "string"
}
Request Parameters
For information about the common parameters that all actions use, see Common Parameters (p. 30).
The request requires the following data in JSON format.
CertificateArn
String that contains the ARN of the requested certificate. The certificate ARN is generated and
returned by RequestCertificate (p. 17) as soon as the request is made. By default, using this parameter
causes email to be sent to all top-level domains you specified in the certificate request.
The ARN must be of the form:
arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012
Type: String
Length constraints: Minimum length of 20. Maximum length of 2048.
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=/,.@-]+)*
Required: Yes
Domain
The Fully Qualified Domain Name (FQDN) of the certificate that needs to be validated.
Type: String
Length constraints: Minimum length of 1. Maximum length of 253.
Pattern:
^(\*\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$
Required: Yes
ValidationDomain
The base validation domain that will act as the suffix of the email addresses that are used to send
the emails. This must be the same as the Domain value or a superdomain of the Domain value. For
Version
21
AWS Certificate Manager API Reference
Response Elements
example, if you requested a certificate for site.subdomain.example.com and specify a
ValidationDomain of subdomain.example.com, ACM sends email to the domain registrant,
technical contact, and administrative contact in WHOIS and the following five addresses:
• admin@subdomain.example.com
• administrator@subdomain.example.com
• hostmaster@subdomain.example.com
• postmaster@subdomain.example.com
• webmaster@subdomain.example.com
Type: String
Length constraints: Minimum length of 1. Maximum length of 253.
Pattern:
^(\*\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors (p. 32).
InvalidArnException
The requested Amazon Resource Name (ARN) does not refer to an existing resource.
HTTP Status Code: 400
InvalidDomainValidationOptionsException
One or more values in the DomainValidationOption (p. 28) structure is incorrect.
HTTP Status Code: 400
InvalidStateException
Processing has reached an invalid state. For example, this exception can occur if the specified domain
is not using email validation, or the current certificate status does not permit the requested operation.
See the exception message returned by ACM to determine which state is not valid.
HTTP Status Code: 400
ResourceNotFoundException
The specified certificate cannot be found in the caller's account, or the caller's account cannot be
found.
HTTP Status Code: 400
Version
22
AWS Certificate Manager API Reference
Examples
Examples
Resend Validation Email
Sample Request
POST / HTTP/1.1
Host: acm.us-east-1.amazonaws.com
Accept-Encoding: identity
Content-Length: 167
X-Amz-Target: CertificateManager.ResendValidationEmail
X-Amz-Date: 20151222T170722Z
User-Agent: aws-cli/1.9.7 Python/2.7.3 Linux/3.13.0-73-generic botocore/1.3.7
Content-Type: application/x-amz-json-1.1
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20151222/useast-1/acm/aws4_request, SignedHeaders=content-type;host;user-agent;x-amz-date;xamz-target, Signa
ture=7ec7e70cd614724945545b22bc28296f77803d0c2524573d41c994668f07f435
{
"CertificateArn": "arn:aws:acm:us-east-1:111122223333 :certificate/123456781234-1234-1234-1234567890912",
"Domain": "www.example.com",
"ValidationDomain": "example.com"
}
Sample Response
HTTP/1.1 200 OK
x-amzn-RequestId: 74bada6d-a8ce-11e5-82ad-d565a2aaa0b3
Content-Type: application/x-amz-json-1.1
Content-Length: 0
Date: Tue, 22 Dec 2015 17:07:18 GMT
Version
23
AWS Certificate Manager API Reference
CertificateDetail
Data Types
The AWS Certificate Manager API contains several data types that various actions use. This section
describes each data type in detail.
Note
The order of each element in the response is not guaranteed. Applications should not assume
a particular order.
The following data types are supported:
•
•
•
•
CertificateDetail (p. 24)
CertificateSummary (p. 27)
DomainValidation (p. 28)
DomainValidationOption (p. 28)
CertificateDetail
Description
This structure is returned in the response object of the DescribeCertificate (p. 6) action.
Contents
CertificateArn
Amazon Resource Name (ARN) of the certificate. This is of the form:
arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service
Namespaces.
Type: String
Length constraints: Minimum length of 20. Maximum length of 2048.
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=/,.@-]+)*
Version
24
AWS Certificate Manager API Reference
Contents
Required: No
CreatedAt
Time at which the certificate was requested.
Type: DateTime
Required: No
DomainName
Fully qualified domain name (FQDN), such as www.example.com or example.com, for the certificate.
Type: String
Length constraints: Minimum length of 1. Maximum length of 253.
Pattern:
^(\*\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$
Required: No
DomainValidationOptions
References a DomainValidation (p. 28) structure that contains the domain name in the certificate
and the email address that can be used for validation.
Type: array of DomainValidation (p. 28) objects
Length constraints: Minimum of 1 item(s) in the list. Maximum of 1000 item(s) in the list.
Required: No
InUseBy
List that identifies ARNs that are using the certificate. A single ACM Certificate can be used by multiple
AWS resources.
Type: array of Strings
Required: No
IssuedAt
Time at which the certificate was issued.
Type: DateTime
Required: No
Issuer
The X.500 distinguished name of the CA that issued and signed the certificate.
Type: String
Required: No
KeyAlgorithm
Asymmetric algorithm used to generate the public and private key pair. Currently the only supported
value is RSA_2048.
Type: String
Valid Values: RSA_2048 | EC_prime256v1
Required: No
NotAfter
Time after which the certificate is not valid.
Type: DateTime
Version
25
AWS Certificate Manager API Reference
Contents
Required: No
NotBefore
Time before which the certificate is not valid.
Type: DateTime
Required: No
RevocationReason
A RevocationReason enumeration value that indicates why the certificate was revoked. This value
exists only if the certificate has been revoked. This can be one of the following vales:
• UNSPECIFIED
• KEY_COMPROMISE
• CA_COMPROMISE
• AFFILIATION_CHANGED
• SUPERCEDED
•
•
•
•
•
CESSATION_OF_OPERATION
CERTIFICATE_HOLD
REMOVE_FROM_CRL
PRIVILEGE_WITHDRAWN
A_A_COMPROMISE
Type: String
Valid Values: UNSPECIFIED | KEY_COMPROMISE | CA_COMPROMISE | AFFILIATION_CHANGED
| SUPERCEDED | CESSATION_OF_OPERATION | CERTIFICATE_HOLD | REMOVE_FROM_CRL
| PRIVILEGE_WITHDRAWN | A_A_COMPROMISE
Required: No
RevokedAt
The time, if any, at which the certificate was revoked. This value exists only if the certificate has been
revoked.
Type: DateTime
Required: No
Serial
String that contains the serial number of the certificate.
Type: String
Required: No
SignatureAlgorithm
Algorithm used to generate a signature. Currently the only supported value is SHA256WITHRSA.
Type: String
Required: No
Status
A CertificateStatus enumeration value that can contain one of the following:
•
•
•
•
PENDING_VALIDATION
ISSUED
INACTIVE
EXPIRED
• REVOKED
Version
26
AWS Certificate Manager API Reference
CertificateSummary
• FAILED
• VALIDATION_TIMED_OUT
Type: String
Valid Values: PENDING_VALIDATION | ISSUED | INACTIVE | EXPIRED |
VALIDATION_TIMED_OUT | REVOKED | FAILED
Required: No
Subject
The X.500 distinguished name of the entity associated with the public key contained in the certificate.
Type: String
Required: No
SubjectAlternativeNames
One or more domain names (subject alternative names) included in the certificate request. After the
certificate is issued, this list includes the domain names bound to the public key contained in the
certificate. The subject alternative names include the canonical domain name (CN) of the certificate
and additional domain names that can be used to connect to the website.
Type: array of Strings
Length constraints: Minimum of 1 item(s) in the list. Maximum of 1000 item(s) in the list.
Required: No
CertificateSummary
Description
This structure is returned in the response object of ListCertificates (p. 14) action.
Contents
CertificateArn
Amazon Resource Name (ARN) of the certificate. This is of the form:
arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012
For more information about ARNs, see Amazon Resource Names (ARNs) and AWS Service
Namespaces.
Type: String
Length constraints: Minimum length of 20. Maximum length of 2048.
Pattern:
arn:[\w+=/,.@-]+:[\w+=/,.@-]+:[\w+=/,.@-]*:[0-9]+:[\w+=,.@-]+(/[\w+=/,.@-]+)*
Required: No
DomainName
Fully qualified domain name (FQDN), such as www.example.com or example.com, for the certificate.
Type: String
Version
27
AWS Certificate Manager API Reference
DomainValidation
Length constraints: Minimum length of 1. Maximum length of 253.
Pattern:
^(\*\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$
Required: No
DomainValidation
Description
Structure that contains the domain name, the base validation domain to which validation email is sent,
and the email addresses used to validate the domain identity.
Contents
DomainName
Fully Qualified Domain Name (FQDN) of the form www.example.com or example.com
Type: String
Length constraints: Minimum length of 1. Maximum length of 253.
Pattern:
^(\*\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$
Required: Yes
ValidationDomain
The base validation domain that acts as the suffix of the email addresses that are used to send the
emails.
Type: String
Length constraints: Minimum length of 1. Maximum length of 253.
Pattern:
^(\*\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$
Required: No
ValidationEmails
A list of contact address for the domain registrant.
Type: array of Strings
Required: No
DomainValidationOption
Description
This structure is used in the request object of the RequestCertificate (p. 17) action.
Version
28
AWS Certificate Manager API Reference
Contents
Contents
DomainName
Fully Qualified Domain Name (FQDN) of the certificate being requested.
Type: String
Length constraints: Minimum length of 1. Maximum length of 253.
Pattern:
^(\*\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$
Required: Yes
ValidationDomain
The domain to which validation email is sent. This is the base validation domain that will act as the
suffix of the email addresses. This must be the same as the DomainName value or a superdomain
of the DomainName value. For example, if you requested a certificate for
site.subdomain.example.com and specify a ValidationDomain of subdomain.example.com,
ACM sends email to the domain registrant, technical contact, and administrative contact in WHOIS
for the base domain and the following five addresses:
• admin@subdomain.example.com
• administrator@subdomain.example.com
• hostmaster@subdomain.example.com
• postmaster@subdomain.example.com
• webmaster@subdomain.example.com
Type: String
Length constraints: Minimum length of 1. Maximum length of 253.
Pattern:
^(\*\.)?(((?!-)[A-Za-z0-9-]{0,62}[A-Za-z0-9])\.)+((?!-)[A-Za-z0-9-]{1,62}[A-Za-z0-9])$
Required: Yes
Version
29
AWS Certificate Manager API Reference
Common Parameters
The following table lists the parameters that all actions use for signing Signature Version 4 requests. Any
action-specific parameters are listed in the topic for that action. To view sample requests, see Examples
of Signed Signature Version 4 Requests or Signature Version 4 Test Suite in the Amazon Web Services
General Reference.
Action
The action to be performed.
Type: string
Required: Yes
Version
The API version that the request is written for, expressed in the format YYYY-MM-DD.
Type: string
Required: Yes
X-Amz-Algorithm
The hash algorithm that you used to create the request signature.
Condition: Specify this parameter when you include authentication information in a query string
instead of in the HTTP authorization header.
Type: string
Valid Values: AWS4-HMAC-SHA256
Required: Conditional
X-Amz-Credential
The credential scope value, which is a string that includes your access key, the date, the region you
are targeting, the service you are requesting, and a termination string ("aws4_request"). The value
is expressed in the following format: access_key/YYYYMMDD/region/service/aws4_request.
For more information, see Task 2: Create a String to Sign for Signature Version 4 in the Amazon
Web Services General Reference.
Condition: Specify this parameter when you include authentication information in a query string
instead of in the HTTP authorization header.
Type: string
Version
30
AWS Certificate Manager API Reference
Required: Conditional
X-Amz-Date
The date that is used to create the signature. The format must be ISO 8601 basic format
(YYYYMMDD'T'HHMMSS'Z'). For example, the following date time is a valid X-Amz-Date value:
20120325T120000Z.
Condition: X-Amz-Date is optional for all requests; it can be used to override the date used for signing
requests. If the Date header is specified in the ISO 8601 basic format, X-Amz-Date is not required.
When X-Amz-Date is used, it always overrides the value of the Date header. For more information,
see Handling Dates in Signature Version 4 in the Amazon Web Services General Reference.
Type: string
Required: Conditional
X-Amz-Security-Token
The temporary security token that was obtained through a call to AWS Security Token Service. For
a list of services that support AWS Security Token Service, go to Using Temporary Security Credentials
to Access AWS in Using Temporary Security Credentials.
Condition: If you're using temporary security credentials from the AWS Security Token Service, you
must include the security token.
Type: string
Required: Conditional
X-Amz-Signature
Specifies the hex-encoded signature that was calculated from the string to sign and the derived
signing key.
Condition: Specify this parameter when you include authentication information in a query string
instead of in the HTTP authorization header.
Type: string
Required: Conditional
X-Amz-SignedHeaders
Specifies all the HTTP headers that were included as part of the canonical request. For more
information about specifying signed headers, see Task 1: Create a Canonical Request For Signature
Version 4 in the Amazon Web Services General Reference.
Condition: Specify this parameter when you include authentication information in a query string
instead of in the HTTP authorization header.
Type: string
Required: Conditional
Version
31
AWS Certificate Manager API Reference
Common Errors
This section lists the common errors that all actions return. Any action-specific errors are listed in the
topic for the action.
IncompleteSignature
The request signature does not conform to AWS standards.
HTTP Status Code: 400
InternalFailure
The request processing has failed because of an unknown error, exception or failure.
HTTP Status Code: 500
InvalidAction
The action or operation requested is invalid. Verify that the action is typed correctly.
HTTP Status Code: 400
InvalidClientTokenId
The X.509 certificate or AWS access key ID provided does not exist in our records.
HTTP Status Code: 403
InvalidParameterCombination
Parameters that must not be used together were used together.
HTTP Status Code: 400
InvalidParameterValue
An invalid or out-of-range value was supplied for the input parameter.
HTTP Status Code: 400
InvalidQueryParameter
The AWS query string is malformed or does not adhere to AWS standards.
HTTP Status Code: 400
MalformedQueryString
The query string contains a syntax error.
HTTP Status Code: 404
MissingAction
The request is missing an action or a required parameter.
Version
32
AWS Certificate Manager API Reference
HTTP Status Code: 400
MissingAuthenticationToken
The request must contain either a valid (registered) AWS access key ID or X.509 certificate.
HTTP Status Code: 403
MissingParameter
A required parameter for the specified action is not supplied.
HTTP Status Code: 400
OptInRequired
The AWS access key ID needs a subscription for the service.
HTTP Status Code: 403
RequestExpired
The request reached the service more than 15 minutes after the date stamp on the request or more
than 15 minutes after the request expiration date (such as for pre-signed URLs), or the date stamp
on the request is more than 15 minutes in the future.
HTTP Status Code: 400
ServiceUnavailable
The request has failed due to a temporary failure of the server.
HTTP Status Code: 503
Throttling
The request was denied due to request throttling.
HTTP Status Code: 400
ValidationError
The input fails to satisfy the constraints specified by an AWS service.
HTTP Status Code: 400
Version
33
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertising