packagePaws::ACMPCA;subservice {'acm-pca'}subsigning_name {'acm-pca'}subversion {'2017-08-22'}subtarget_prefix {'ACMPrivateCA'}subjson_version {"1.1"}hasmax_attempts=> (is=>'ro',isa=>'Int',default=> 5);hasretry=> (is=>'ro',isa=>'HashRef',default=>sub{{base=>'rand',type=>'exponential',growth_factor=> 2 }});hasretriables=> (is=>'ro',isa=>'ArrayRef',default=>sub{ [] });with'Paws::API::Caller','Paws::API::EndpointResolver','Paws::Net::V4Signature','Paws::Net::JsonCaller';subCreateCertificateAuthority {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::CreateCertificateAuthority',@_);return$self->caller->do_call($self,$call_object);}subCreateCertificateAuthorityAuditReport {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::CreateCertificateAuthorityAuditReport',@_);return$self->caller->do_call($self,$call_object);}subCreatePermission {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::CreatePermission',@_);return$self->caller->do_call($self,$call_object);}subDeleteCertificateAuthority {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::DeleteCertificateAuthority',@_);return$self->caller->do_call($self,$call_object);}subDeletePermission {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::DeletePermission',@_);return$self->caller->do_call($self,$call_object);}subDeletePolicy {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::DeletePolicy',@_);return$self->caller->do_call($self,$call_object);}subDescribeCertificateAuthority {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::DescribeCertificateAuthority',@_);return$self->caller->do_call($self,$call_object);}subDescribeCertificateAuthorityAuditReport {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::DescribeCertificateAuthorityAuditReport',@_);return$self->caller->do_call($self,$call_object);}subGetCertificate {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::GetCertificate',@_);return$self->caller->do_call($self,$call_object);}subGetCertificateAuthorityCertificate {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::GetCertificateAuthorityCertificate',@_);return$self->caller->do_call($self,$call_object);}subGetCertificateAuthorityCsr {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::GetCertificateAuthorityCsr',@_);return$self->caller->do_call($self,$call_object);}subGetPolicy {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::GetPolicy',@_);return$self->caller->do_call($self,$call_object);}subImportCertificateAuthorityCertificate {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::ImportCertificateAuthorityCertificate',@_);return$self->caller->do_call($self,$call_object);}subIssueCertificate {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::IssueCertificate',@_);return$self->caller->do_call($self,$call_object);}subListCertificateAuthorities {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::ListCertificateAuthorities',@_);return$self->caller->do_call($self,$call_object);}subListPermissions {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::ListPermissions',@_);return$self->caller->do_call($self,$call_object);}subListTags {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::ListTags',@_);return$self->caller->do_call($self,$call_object);}subPutPolicy {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::PutPolicy',@_);return$self->caller->do_call($self,$call_object);}subRestoreCertificateAuthority {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::RestoreCertificateAuthority',@_);return$self->caller->do_call($self,$call_object);}subRevokeCertificate {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::RevokeCertificate',@_);return$self->caller->do_call($self,$call_object);}subTagCertificateAuthority {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::TagCertificateAuthority',@_);return$self->caller->do_call($self,$call_object);}subUntagCertificateAuthority {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::UntagCertificateAuthority',@_);return$self->caller->do_call($self,$call_object);}subUpdateCertificateAuthority {my$self=shift;my$call_object=$self->new_with_coercions('Paws::ACMPCA::UpdateCertificateAuthority',@_);return$self->caller->do_call($self,$call_object);}subListAllCertificateAuthorities {my$self=shift;my$callback=shift@_if(ref($_[0]) eq'CODE');my$result=$self->ListCertificateAuthorities(@_);my$next_result=$result;if(notdefined$callback) {while($next_result->NextToken) {$next_result=$self->ListCertificateAuthorities(@_,NextToken=>$next_result->NextToken);push@{$result->CertificateAuthorities }, @{$next_result->CertificateAuthorities };}return$result;}else{while($result->NextToken) {$callback->($_=>'CertificateAuthorities')foreach(@{$result->CertificateAuthorities });$result=$self->ListCertificateAuthorities(@_,NextToken=>$result->NextToken);}$callback->($_=>'CertificateAuthorities')foreach(@{$result->CertificateAuthorities });}returnundef}subListAllPermissions {my$self=shift;my$callback=shift@_if(ref($_[0]) eq'CODE');my$result=$self->ListPermissions(@_);my$next_result=$result;if(notdefined$callback) {while($next_result->NextToken) {$next_result=$self->ListPermissions(@_,NextToken=>$next_result->NextToken);push@{$result->Permissions }, @{$next_result->Permissions };}return$result;}else{while($result->NextToken) {$callback->($_=>'Permissions')foreach(@{$result->Permissions });$result=$self->ListPermissions(@_,NextToken=>$result->NextToken);}$callback->($_=>'Permissions')foreach(@{$result->Permissions });}returnundef}subListAllTags {my$self=shift;my$callback=shift@_if(ref($_[0]) eq'CODE');my$result=$self->ListTags(@_);my$next_result=$result;if(notdefined$callback) {while($next_result->NextToken) {$next_result=$self->ListTags(@_,NextToken=>$next_result->NextToken);push@{$result->Tags }, @{$next_result->Tags };}return$result;}else{while($result->NextToken) {$callback->($_=>'Tags')foreach(@{$result->Tags });$result=$self->ListTags(@_,NextToken=>$result->NextToken);}$callback->($_=>'Tags')foreach(@{$result->Tags });}returnundef}suboperations {qw/CreateCertificateAuthority CreateCertificateAuthorityAuditReport CreatePermission DeleteCertificateAuthority DeletePermission DeletePolicy DescribeCertificateAuthority DescribeCertificateAuthorityAuditReport GetCertificate GetCertificateAuthorityCertificate GetCertificateAuthorityCsr GetPolicy ImportCertificateAuthorityCertificate IssueCertificate ListCertificateAuthorities ListPermissions ListTags PutPolicy RestoreCertificateAuthority RevokeCertificate TagCertificateAuthority UntagCertificateAuthority UpdateCertificateAuthority /}1;### main pod documentation begin ###=head1 NAMEPaws::ACMPCA - Perl Interface to AWS AWS Certificate Manager Private Certificate Authority=head1 SYNOPSISuse Paws;my $obj = Paws->service('ACMPCA');my $res = $obj->Method(Arg1 => $val1,Arg2 => [ 'V1', 'V2' ],# if Arg3 is an object, the HashRef will be used as arguments to the constructor# of the arguments typeArg3 => { Att1 => 'Val1' },# if Arg4 is an array of objects, the HashRefs will be passed as arguments to# the constructor of the arguments typeArg4 => [ { Att1 => 'Val1' }, { Att1 => 'Val2' } ],);=head1 DESCRIPTIONThis is the I<ACM Private CA API Reference>. It provides descriptions,syntax, and usage examples for each of the actions and data typesinvolved in creating and managing private certificate authorities (CA)for your organization.The documentation for each action shows the Query API requestparameters and the XML response. Alternatively, you can use one of theAWS SDKs to access an API that's tailored to the programming languageor platform that you're using. For more information, see AWS SDKsEach ACM Private CA API action has a quota that determines the numberof times the action can be called per second. For more information, seeAPI Rate Quotas in ACM Private CAin the ACM Private CA user guide.For the AWS API documentation, see L<https://docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22>=head1 METHODS=head2 CreateCertificateAuthority=over=item CertificateAuthorityConfiguration => L<Paws::ACMPCA::CertificateAuthorityConfiguration>=item CertificateAuthorityType => Str=item [IdempotencyToken => Str]=item [KeyStorageSecurityStandard => Str]=item [RevocationConfiguration => L<Paws::ACMPCA::RevocationConfiguration>]=item [Tags => ArrayRef[L<Paws::ACMPCA::Tag>]]=backEach argument is described in detail in: L<Paws::ACMPCA::CreateCertificateAuthority>Returns: a L<Paws::ACMPCA::CreateCertificateAuthorityResponse> instanceCreates a root or subordinate private certificate authority (CA). Youmust specify the CA configuration, the certificate revocation list(CRL) configuration, the CA type, and an optional idempotency token toavoid accidental creation of multiple CAs. The CA configurationspecifies the name of the algorithm and key size to be used to createthe CA private key, the type of signing algorithm that the CA uses, andX.500 subject information. The CRL configuration specifies the CRLexpiration period in days (the validity period of the CRL), the AmazonS3 bucket that will contain the CRL, and a CNAME alias for the S3bucket that is included in certificates issued by the CA. Ifsuccessful, this action returns the Amazon Resource Name (ARN) of theCA.ACM Private CA assets that are stored in Amazon S3 can be protectedwith encryption. For more information, see Encrypting Your CRLsBoth PCA and the IAM principal must have permission to write to the S3bucket that you specify. If the IAM principal making the call does nothave permission to write to the bucket, then an exception is thrown.For more information, see Configure Access to ACM Private CA=head2 CreateCertificateAuthorityAuditReport=over=item AuditReportResponseFormat => Str=item CertificateAuthorityArn => Str=item S3BucketName => Str=backEach argument is described in detail in: L<Paws::ACMPCA::CreateCertificateAuthorityAuditReport>Returns: a L<Paws::ACMPCA::CreateCertificateAuthorityAuditReportResponse> instanceCreates an audit report that lists every time that your CA private keyis used. The report is saved in the Amazon S3 bucket that you specifyon input. The IssueCertificateand RevokeCertificateactions use the private key.Both PCA and the IAM principal must have permission to write to the S3bucket that you specify. If the IAM principal making the call does nothave permission to write to the bucket, then an exception is thrown.For more information, see Configure Access to ACM Private CAACM Private CA assets that are stored in Amazon S3 can be protectedwith encryption. For more information, see Encrypting Your AuditReports=head2 CreatePermission=over=item Actions => ArrayRef[Str|Undef]=item CertificateAuthorityArn => Str=item Principal => Str=item [SourceAccount => Str]=backEach argument is described in detail in: L<Paws::ACMPCA::CreatePermission>Returns: nothingGrants one or more permissions on a private CA to the AWS CertificateManager (ACM) service principal (C<acm.amazonaws.com>). Thesepermissions allow ACM to issue and renew ACM certificates that residein the same AWS account as the CA.You can list current permissions with the ListPermissionsaction and revoke them with the DeletePermissionaction.B<About Permissions>=over=item *If the private CA and the certificates it issues reside in the sameaccount, you can use C<CreatePermission> to grant permissions for ACMto carry out automatic certificate renewals.=item *For automatic certificate renewal to succeed, the ACM service principalneeds permissions to create, retrieve, and list certificates.=item *If the private CA and the ACM certificates reside in differentaccounts, then permissions cannot be used to enable automatic renewals.Instead, the ACM certificate owner must set up a resource-based policyto enable cross-account issuance and renewals. For more information,see Using a Resource Based Policy with ACM Private CA=back=head2 DeleteCertificateAuthority=over=item CertificateAuthorityArn => Str=item [PermanentDeletionTimeInDays => Int]=backEach argument is described in detail in: L<Paws::ACMPCA::DeleteCertificateAuthority>Returns: nothingDeletes a private certificate authority (CA). You must provide theAmazon Resource Name (ARN) of the private CA that you want to delete.You can find the ARN by calling the ListCertificateAuthoritiesaction.Deleting a CA will invalidate other CAs and certificates below it inyour CA hierarchy.Before you can delete a CA that you have created and activated, youmust disable it. To do this, call the UpdateCertificateAuthorityaction and set the B<CertificateAuthorityStatus> parameter toC<DISABLED>.Additionally, you can delete a CA if you are waiting for it to becreated (that is, the status of the CA is C<CREATING>). You can alsodelete it if the CA has been created but you haven't yet imported thesigned certificate into ACM Private CA (that is, the status of the CAis C<PENDING_CERTIFICATE>).When you successfully call DeleteCertificateAuthoritythe CA's status changes to C<DELETED>. However, the CA won't bepermanently deleted until the restoration period has passed. Bydefault, if you do not set the C<PermanentDeletionTimeInDays>parameter, the CA remains restorable for 30 days. You can set theparameter from 7 to 30 days. The DescribeCertificateAuthorityaction returns the time remaining in the restoration window of aprivate CA in the C<DELETED> state. To restore an eligible CA, call theRestoreCertificateAuthorityaction.=head2 DeletePermission=over=item CertificateAuthorityArn => Str=item Principal => Str=item [SourceAccount => Str]=backEach argument is described in detail in: L<Paws::ACMPCA::DeletePermission>Returns: nothingRevokes permissions on a private CA granted to the AWS CertificateManager (ACM) service principal (acm.amazonaws.com).These permissions allow ACM to issue and renew ACM certificates thatreside in the same AWS account as the CA. If you revoke thesepermissions, ACM will no longer renew the affected certificatesautomatically.Permissions can be granted with the CreatePermissionaction and listed with the ListPermissionsaction.B<About Permissions>=over=item *If the private CA and the certificates it issues reside in the sameaccount, you can use C<CreatePermission> to grant permissions for ACMto carry out automatic certificate renewals.=item *For automatic certificate renewal to succeed, the ACM service principalneeds permissions to create, retrieve, and list certificates.=item *If the private CA and the ACM certificates reside in differentaccounts, then permissions cannot be used to enable automatic renewals.Instead, the ACM certificate owner must set up a resource-based policyto enable cross-account issuance and renewals. For more information,see Using a Resource Based Policy with ACM Private CA=back=head2 DeletePolicy=over=item ResourceArn => Str=backEach argument is described in detail in: L<Paws::ACMPCA::DeletePolicy>Returns: nothingDeletes the resource-based policy attached to a private CA. Deletionwill remove any access that the policy has granted. If there is nopolicy attached to the private CA, this action will return successful.If you delete a policy that was applied through AWS Resource AccessManager (RAM), the CA will be removed from all shares in which it wasincluded.The AWS Certificate Manager Service Linked Role that the policysupports is not affected when you delete the policy.The current policy can be shown with GetPolicyand updated with PutPolicyB<About Policies>=over=item *A policy grants access on a private CA to an AWS customer account, toAWS Organizations, or to an AWS Organizations unit. Policies are underthe control of a CA administrator. For more information, see Using aResource Based Policy with ACM Private CA=item *A policy permits a user of AWS Certificate Manager (ACM) to issue ACMcertificates signed by a CA in another account.=item *For ACM to manage automatic renewal of these certificates, the ACM usermust configure a Service Linked Role (SLR). The SLR allows the ACMservice to assume the identity of the user, subject to confirmationagainst the ACM Private CA policy. For more information, see Using aService Linked Role with ACM=item *Updates made in AWS Resource Manager (RAM) are reflected in policies.For more information, see Attach a Policy for Cross-Account Access=back=head2 DescribeCertificateAuthority=over=item CertificateAuthorityArn => Str=backEach argument is described in detail in: L<Paws::ACMPCA::DescribeCertificateAuthority>Returns: a L<Paws::ACMPCA::DescribeCertificateAuthorityResponse> instanceLists information about your private certificate authority (CA) or onethat has been shared with you. You specify the private CA on input byits ARN (Amazon Resource Name). The output contains the status of yourCA. This can be any of the following:=over=item *C<CREATING> - ACM Private CA is creating your private certificateauthority.=item *C<PENDING_CERTIFICATE> - The certificate is pending. You must use yourACM Private CA-hosted or on-premises root or subordinate CA to signyour private CA CSR and then import it into PCA.=item *C<ACTIVE> - Your private CA is active.=item *C<DISABLED> - Your private CA has been disabled.=item *C<EXPIRED> - Your private CA certificate has expired.=item *C<FAILED> - Your private CA has failed. Your CA can fail because ofproblems such a network outage or back-end AWS failure or other errors.A failed CA can never return to the pending state. You must create anew CA.=item *C<DELETED> - Your private CA is within the restoration period, afterwhich it is permanently deleted. The length of time remaining in theCA's restoration period is also included in this action's output.=back=head2 DescribeCertificateAuthorityAuditReport=over=item AuditReportId => Str=item CertificateAuthorityArn => Str=backEach argument is described in detail in: L<Paws::ACMPCA::DescribeCertificateAuthorityAuditReport>Returns: a L<Paws::ACMPCA::DescribeCertificateAuthorityAuditReportResponse> instanceLists information about a specific audit report created by calling theCreateCertificateAuthorityAuditReportaction. Audit information is created every time the certificateauthority (CA) private key is used. The private key is used when youcall the IssueCertificateaction or the RevokeCertificateaction.=head2 GetCertificate=over=item CertificateArn => Str=item CertificateAuthorityArn => Str=backEach argument is described in detail in: L<Paws::ACMPCA::GetCertificate>Returns: a L<Paws::ACMPCA::GetCertificateResponse> instanceRetrieves a certificate from your private CA or one that has beenshared with you. The ARN of the certificate is returned when you callthe IssueCertificateaction. You must specify both the ARN of your private CA and the ARN ofthe issued certificate when calling the B<GetCertificate> action. Youcan retrieve the certificate if it is in the B<ISSUED> state. You cancall the CreateCertificateAuthorityAuditReportaction to create a report that contains information about all of thecertificates issued and revoked by your private CA.=head2 GetCertificateAuthorityCertificate=over=item CertificateAuthorityArn => Str=backEach argument is described in detail in: L<Paws::ACMPCA::GetCertificateAuthorityCertificate>Returns: a L<Paws::ACMPCA::GetCertificateAuthorityCertificateResponse> instanceRetrieves the certificate and certificate chain for your privatecertificate authority (CA) or one that has been shared with you. Boththe certificate and the chain are base64 PEM-encoded. The chain doesnot include the CA certificate. Each certificate in the chain signs theone before it.=head2 GetCertificateAuthorityCsr=over=item CertificateAuthorityArn => Str=backEach argument is described in detail in: L<Paws::ACMPCA::GetCertificateAuthorityCsr>Returns: a L<Paws::ACMPCA::GetCertificateAuthorityCsrResponse> instanceRetrieves the certificate signing request (CSR) for your privatecertificate authority (CA). The CSR is created when you call theCreateCertificateAuthorityaction. Sign the CSR with your ACM Private CA-hosted or on-premisesroot or subordinate CA. Then import the signed certificate back intoACM Private CA by calling the ImportCertificateAuthorityCertificateaction. The CSR is returned as a base64 PEM-encoded string.=head2 GetPolicy=over=item ResourceArn => Str=backEach argument is described in detail in: L<Paws::ACMPCA::GetPolicy>Returns: a L<Paws::ACMPCA::GetPolicyResponse> instanceRetrieves the resource-based policy attached to a private CA. If eitherthe private CA resource or the policy cannot be found, this actionreturns a C<ResourceNotFoundException>.The policy can be attached or updated with PutPolicyand removed with DeletePolicyB<About Policies>=over=item *A policy grants access on a private CA to an AWS customer account, toAWS Organizations, or to an AWS Organizations unit. Policies are underthe control of a CA administrator. For more information, see Using aResource Based Policy with ACM Private CA=item *A policy permits a user of AWS Certificate Manager (ACM) to issue ACMcertificates signed by a CA in another account.=item *For ACM to manage automatic renewal of these certificates, the ACM usermust configure a Service Linked Role (SLR). The SLR allows the ACMservice to assume the identity of the user, subject to confirmationagainst the ACM Private CA policy. For more information, see Using aService Linked Role with ACM=item *Updates made in AWS Resource Manager (RAM) are reflected in policies.For more information, see Attach a Policy for Cross-Account Access=back=head2 ImportCertificateAuthorityCertificate=over=item Certificate => Str=item CertificateAuthorityArn => Str=item [CertificateChain => Str]=backEach argument is described in detail in: L<Paws::ACMPCA::ImportCertificateAuthorityCertificate>Returns: nothingImports a signed private CA certificate into ACM Private CA. Thisaction is used when you are using a chain of trust whose root islocated outside ACM Private CA. Before you can call this action, thefollowing preparations must in place:=over=item 1.In ACM Private CA, call the CreateCertificateAuthorityaction to create the private CA that you plan to back with the importedcertificate.=item 2.Call the GetCertificateAuthorityCsraction to generate a certificate signing request (CSR).=item 3.Sign the CSR using a root or intermediate CA hosted by either anon-premises PKI hierarchy or by a commercial CA.=item 4.Create a certificate chain and copy the signed certificate and thecertificate chain to your working directory.=backACM Private CA supports three scenarios for installing a CAcertificate:=over=item *Installing a certificate for a root CA hosted by ACM Private CA.=item *Installing a subordinate CA certificate whose parent authority ishosted by ACM Private CA.=item *Installing a subordinate CA certificate whose parent authority isexternally hosted.=backThe following additional requirements apply when you import a CAcertificate.=over=item *Only a self-signed certificate can be imported as a root CA.=item *A self-signed certificate cannot be imported as a subordinate CA.=item *Your certificate chain must not include the private CA certificate thatyou are importing.=item *Your root CA must be the last certificate in your chain. Thesubordinate certificate, if any, that your root CA signed must be nextto last. The subordinate certificate signed by the precedingsubordinate CA must come next, and so on until your chain is built.=item *The chain must be PEM-encoded.=item *The maximum allowed size of a certificate is 32 KB.=item *The maximum allowed size of a certificate chain is 2 MB.=backI<Enforcement of Critical Constraints>ACM Private CA allows the following extensions to be marked critical inthe imported CA certificate or chain.=over=item *Basic constraints (I<must> be marked critical)=item *Subject alternative names=item *Key usage=item *Extended key usage=item *Authority key identifier=item *Subject key identifier=item *Issuer alternative name=item *Subject directory attributes=item *Subject information access=item *Certificate policies=item *Policy mappings=item *Inhibit anyPolicy=backACM Private CA rejects the following extensions when they are markedcritical in an imported CA certificate or chain.=over=item *Name constraints=item *Policy constraints=item *CRL distribution points=item *Authority information access=item *Freshest CRL=item *Any other extension=back=head2 IssueCertificate=over=item CertificateAuthorityArn => Str=item Csr => Str=item SigningAlgorithm => Str=item Validity => L<Paws::ACMPCA::Validity>=item [ApiPassthrough => L<Paws::ACMPCA::ApiPassthrough>]=item [IdempotencyToken => Str]=item [TemplateArn => Str]=item [ValidityNotBefore => L<Paws::ACMPCA::Validity>]=backEach argument is described in detail in: L<Paws::ACMPCA::IssueCertificate>Returns: a L<Paws::ACMPCA::IssueCertificateResponse> instanceUses your private certificate authority (CA), or one that has beenshared with you, to issue a client certificate. This action returns theAmazon Resource Name (ARN) of the certificate. You can retrieve thecertificate by calling the GetCertificateaction and specifying the ARN.You cannot use the ACM B<ListCertificateAuthorities> action to retrievethe ARNs of the certificates that you issue by using ACM Private CA.=head2 ListCertificateAuthorities=over=item [MaxResults => Int]=item [NextToken => Str]=item [ResourceOwner => Str]=backEach argument is described in detail in: L<Paws::ACMPCA::ListCertificateAuthorities>Returns: a L<Paws::ACMPCA::ListCertificateAuthoritiesResponse> instanceLists the private certificate authorities that you created by using theCreateCertificateAuthorityaction.=head2 ListPermissions=over=item CertificateAuthorityArn => Str=item [MaxResults => Int]=item [NextToken => Str]=backEach argument is described in detail in: L<Paws::ACMPCA::ListPermissions>Returns: a L<Paws::ACMPCA::ListPermissionsResponse> instanceList all permissions on a private CA, if any, granted to the AWSCertificate Manager (ACM) service principal (acm.amazonaws.com).These permissions allow ACM to issue and renew ACM certificates thatreside in the same AWS account as the CA.Permissions can be granted with the CreatePermissionaction and revoked with the DeletePermissionaction.B<About Permissions>=over=item *If the private CA and the certificates it issues reside in the sameaccount, you can use C<CreatePermission> to grant permissions for ACMto carry out automatic certificate renewals.=item *For automatic certificate renewal to succeed, the ACM service principalneeds permissions to create, retrieve, and list certificates.=item *If the private CA and the ACM certificates reside in differentaccounts, then permissions cannot be used to enable automatic renewals.Instead, the ACM certificate owner must set up a resource-based policyto enable cross-account issuance and renewals. For more information,see Using a Resource Based Policy with ACM Private CA=back=head2 ListTags=over=item CertificateAuthorityArn => Str=item [MaxResults => Int]=item [NextToken => Str]=backEach argument is described in detail in: L<Paws::ACMPCA::ListTags>Returns: a L<Paws::ACMPCA::ListTagsResponse> instanceLists the tags, if any, that are associated with your private CA or onethat has been shared with you. Tags are labels that you can use toidentify and organize your CAs. Each tag consists of a key and anoptional value. Call the TagCertificateAuthorityaction to add one or more tags to your CA. Call theUntagCertificateAuthorityaction to remove tags.=head2 PutPolicy=over=item Policy => Str=item ResourceArn => Str=backEach argument is described in detail in: L<Paws::ACMPCA::PutPolicy>Returns: nothingAttaches a resource-based policy to a private CA.A policy can also be applied by sharing a private CA through AWSResource Access Manager (RAM). For more information, see Attach aPolicy for Cross-Account AccessThe policy can be displayed with GetPolicyand removed with DeletePolicyB<About Policies>=over=item *A policy grants access on a private CA to an AWS customer account, toAWS Organizations, or to an AWS Organizations unit. Policies are underthe control of a CA administrator. For more information, see Using aResource Based Policy with ACM Private CA=item *A policy permits a user of AWS Certificate Manager (ACM) to issue ACMcertificates signed by a CA in another account.=item *For ACM to manage automatic renewal of these certificates, the ACM usermust configure a Service Linked Role (SLR). The SLR allows the ACMservice to assume the identity of the user, subject to confirmationagainst the ACM Private CA policy. For more information, see Using aService Linked Role with ACM=item *Updates made in AWS Resource Manager (RAM) are reflected in policies.For more information, see Attach a Policy for Cross-Account Access=back=head2 RestoreCertificateAuthority=over=item CertificateAuthorityArn => Str=backEach argument is described in detail in: L<Paws::ACMPCA::RestoreCertificateAuthority>Returns: nothingRestores a certificate authority (CA) that is in the C<DELETED> state.You can restore a CA during the period that you defined in theB<PermanentDeletionTimeInDays> parameter of theDeleteCertificateAuthorityaction. Currently, you can specify 7 to 30 days. If you did not specifya B<PermanentDeletionTimeInDays> value, by default you can restore theCA at any time in a 30 day period. You can check the time remaining inthe restoration period of a private CA in the C<DELETED> state bycalling the DescribeCertificateAuthorityor ListCertificateAuthoritiesactions. The status of a restored CA is set to its pre-deletion statuswhen the B<RestoreCertificateAuthority> action returns. To change itsstatus to C<ACTIVE>, call the UpdateCertificateAuthorityaction. If the private CA was in the C<PENDING_CERTIFICATE> state atdeletion, you must use the ImportCertificateAuthorityCertificateaction to import a certificate authority into the private CA before itcan be activated. You cannot restore a CA after the restoration periodhas ended.=head2 RevokeCertificate=over=item CertificateAuthorityArn => Str=item CertificateSerial => Str=item RevocationReason => Str=backEach argument is described in detail in: L<Paws::ACMPCA::RevokeCertificate>Returns: nothingRevokes a certificate that was issued inside ACM Private CA. If youenable a certificate revocation list (CRL) when you create or updateyour private CA, information about the revoked certificates will beincluded in the CRL. ACM Private CA writes the CRL to an S3 bucket thatyou specify. A CRL is typically updated approximately 30 minutes aftera certificate is revoked. If for any reason the CRL update fails, ACMPrivate CA attempts makes further attempts every 15 minutes. WithAmazon CloudWatch, you can create alarms for the metricsC<CRLGenerated> and C<MisconfiguredCRLBucket>. For more information,see Supported CloudWatch MetricsBoth PCA and the IAM principal must have permission to write to the S3bucket that you specify. If the IAM principal making the call does nothave permission to write to the bucket, then an exception is thrown.For more information, see Configure Access to ACM Private CAACM Private CA also writes revocation information to the audit report.For more information, see CreateCertificateAuthorityAuditReportYou cannot revoke a root CA self-signed certificate.=head2 TagCertificateAuthority=over=item CertificateAuthorityArn => Str=item Tags => ArrayRef[L<Paws::ACMPCA::Tag>]=backEach argument is described in detail in: L<Paws::ACMPCA::TagCertificateAuthority>Returns: nothingAdds one or more tags to your private CA. Tags are labels that you canuse to identify and organize your AWS resources. Each tag consists of akey and an optional value. You specify the private CA on input by itsAmazon Resource Name (ARN). You specify the tag by using a key-valuepair. You can apply a tag to just one private CA if you want toidentify a specific characteristic of that CA, or you can apply thesame tag to multiple private CAs if you want to filter for a commonrelationship among those CAs. To remove one or more tags, use theUntagCertificateAuthorityaction. Call the ListTagsaction to see what tags are associated with your CA.=head2 UntagCertificateAuthority=over=item CertificateAuthorityArn => Str=item Tags => ArrayRef[L<Paws::ACMPCA::Tag>]=backEach argument is described in detail in: L<Paws::ACMPCA::UntagCertificateAuthority>Returns: nothingRemove one or more tags from your private CA. A tag consists of akey-value pair. If you do not specify the value portion of the tag whencalling this action, the tag will be removed regardless of value. Ifyou specify a value, the tag is removed only if it is associated withthe specified value. To add tags to a private CA, use theTagCertificateAuthorityCall the ListTagsaction to see what tags are associated with your CA.=head2 UpdateCertificateAuthority=over=item CertificateAuthorityArn => Str=item [RevocationConfiguration => L<Paws::ACMPCA::RevocationConfiguration>]=item [Status => Str]=backEach argument is described in detail in: L<Paws::ACMPCA::UpdateCertificateAuthority>Returns: nothingUpdates the status or configuration of a private certificate authority(CA). Your private CA must be in the C<ACTIVE> or C<DISABLED> statebefore you can update it. You can disable a private CA that is in theC<ACTIVE> state or make a CA that is in the C<DISABLED> state activeagain.Both PCA and the IAM principal must have permission to write to the S3bucket that you specify. If the IAM principal making the call does nothave permission to write to the bucket, then an exception is thrown.For more information, see Configure Access to ACM Private CA=head1 PAGINATORSPaginator methods are helpers that repetively call methods that return partial results=head2 ListAllCertificateAuthorities(sub { },[MaxResults => Int, NextToken => Str, ResourceOwner => Str])=head2 ListAllCertificateAuthorities([MaxResults => Int, NextToken => Str, ResourceOwner => Str])If passed a sub as first parameter, it will call the sub for each element found in :- CertificateAuthorities, passing the object as the first parameter, and the string 'CertificateAuthorities' as the second parameterIf not, it will return a a L<Paws::ACMPCA::ListCertificateAuthoritiesResponse> instance with all the C<param>s; from all the responses. Please take into account that this mode can potentially consume vasts ammounts of memory.=head2 ListAllPermissions(sub { },CertificateAuthorityArn => Str, [MaxResults => Int, NextToken => Str])=head2 ListAllPermissions(CertificateAuthorityArn => Str, [MaxResults => Int, NextToken => Str])If passed a sub as first parameter, it will call the sub for each element found in :- Permissions, passing the object as the first parameter, and the string 'Permissions' as the second parameterIf not, it will return a a L<Paws::ACMPCA::ListPermissionsResponse> instance with all the C<param>s; from all the responses. Please take into account that this mode can potentially consume vasts ammounts of memory.=head2 ListAllTags(sub { },CertificateAuthorityArn => Str, [MaxResults => Int, NextToken => Str])=head2 ListAllTags(CertificateAuthorityArn => Str, [MaxResults => Int, NextToken => Str])If passed a sub as first parameter, it will call the sub for each element found in :- Tags, passing the object as the first parameter, and the string 'Tags' as the second parameterIf not, it will return a a L<Paws::ACMPCA::ListTagsResponse> instance with all the C<param>s; from all the responses. Please take into account that this mode can potentially consume vasts ammounts of memory.=head1 SEE ALSOThis service class forms part of L<Paws>=head1 BUGS and CONTRIBUTIONSThe source code is located here: L<https://github.com/pplu/aws-sdk-perl>Please report bugs to: L<https://github.com/pplu/aws-sdk-perl/issues>=cut