-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Amazon Certificate Manager SDK.
--   
--   The types from this library are intended to be used with
--   <a>amazonka</a>, which provides mechanisms for specifying AuthN/AuthZ
--   information, sending requests, and receiving responses.
--   
--   Lenses are used for constructing and manipulating types, due to the
--   depth of nesting of AWS types and transparency regarding
--   de/serialisation into more palatable Haskell values. The provided
--   lenses should be compatible with any of the major lens libraries such
--   as <a>lens</a> or <a>lens-family-core</a>.
--   
--   See <a>Network.AWS.CertificateManager</a> or <a>the AWS
--   documentation</a> to get started.
@package amazonka-certificatemanager
@version 1.6.0


module Network.AWS.CertificateManager.Types

-- | API version <tt>2015-12-08</tt> of the Amazon Certificate Manager SDK
--   configuration.
certificateManager :: Service

-- | One or both of the values that make up the key-value pair is not
--   valid. For example, you cannot specify a tag value that begins with
--   <tt>aws:</tt> .
_InvalidTagException :: AsError a => Getting (First ServiceError) a ServiceError

-- | One or more values in the <a>DomainValidationOption</a> structure is
--   incorrect.
_InvalidDomainValidationOptionsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request contains too many tags. Try the request again with fewer
--   tags.
_TooManyTagsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The certificate request is in process and the certificate in your
--   account has not yet been issued.
_RequestInProgressException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The requested Amazon Resource Name (ARN) does not refer to an existing
--   resource.
_InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The specified certificate cannot be found in the caller's account or
--   the caller's account cannot be found.
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Processing has reached an invalid state.
_InvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError

-- | An ACM limit has been exceeded.
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The certificate is in use by another AWS service in the caller's
--   account. Remove the association and try again.
_ResourceInUseException :: AsError a => Getting (First ServiceError) a ServiceError
data CertificateStatus
CSExpired :: CertificateStatus
CSFailed :: CertificateStatus
CSInactive :: CertificateStatus
CSIssued :: CertificateStatus
CSPendingValidation :: CertificateStatus
CSRevoked :: CertificateStatus
CSValidationTimedOut :: CertificateStatus
data CertificateTransparencyLoggingPreference
Disabled :: CertificateTransparencyLoggingPreference
Enabled :: CertificateTransparencyLoggingPreference
data CertificateType
AmazonIssued :: CertificateType
Imported :: CertificateType
Private :: CertificateType
data DomainStatus
Failed :: DomainStatus
PendingValidation :: DomainStatus
Success :: DomainStatus
data ExtendedKeyUsageName
Any :: ExtendedKeyUsageName
CodeSigning :: ExtendedKeyUsageName
Custom :: ExtendedKeyUsageName
EmailProtection :: ExtendedKeyUsageName
IPsecEndSystem :: ExtendedKeyUsageName
IPsecTunnel :: ExtendedKeyUsageName
IPsecUser :: ExtendedKeyUsageName
None :: ExtendedKeyUsageName
OcspSigning :: ExtendedKeyUsageName
TLSWebClientAuthentication :: ExtendedKeyUsageName
TLSWebServerAuthentication :: ExtendedKeyUsageName
TimeStamping :: ExtendedKeyUsageName
data FailureReason
AdditionalVerificationRequired :: FailureReason
CaaError :: FailureReason
DomainNotAllowed :: FailureReason
InvalidPublicDomain :: FailureReason
NoAvailableContacts :: FailureReason
Other :: FailureReason
PcaInvalidARN :: FailureReason
PcaInvalidArgs :: FailureReason
PcaInvalidState :: FailureReason
PcaLimitExceeded :: FailureReason
PcaRequestFailed :: FailureReason
PcaResourceNotFound :: FailureReason
data KeyAlgorithm
EcPRIME256V1 :: KeyAlgorithm
EcSECP384R1 :: KeyAlgorithm
EcSECP521R1 :: KeyAlgorithm
Rsa1024 :: KeyAlgorithm
Rsa2048 :: KeyAlgorithm
Rsa4096 :: KeyAlgorithm
data KeyUsageName
KUNAny :: KeyUsageName
KUNCertificateSigning :: KeyUsageName
KUNCrlSigning :: KeyUsageName
KUNCustom :: KeyUsageName
KUNDataEncipherment :: KeyUsageName
KUNDecipherOnly :: KeyUsageName
KUNDigitalSignature :: KeyUsageName
KUNEncipherOnly :: KeyUsageName
KUNKeyAgreement :: KeyUsageName
KUNKeyEncipherment :: KeyUsageName
KUNNonRepudiation :: KeyUsageName
data RecordType
Cname :: RecordType
data RenewalEligibility
Eligible :: RenewalEligibility
Ineligible :: RenewalEligibility
data RenewalStatus
RSFailed :: RenewalStatus
RSPendingAutoRenewal :: RenewalStatus
RSPendingValidation :: RenewalStatus
RSSuccess :: RenewalStatus
data RevocationReason
AACompromise :: RevocationReason
AffiliationChanged :: RevocationReason
CaCompromise :: RevocationReason
CertificateHold :: RevocationReason
CessationOfOperation :: RevocationReason
KeyCompromise :: RevocationReason
PrivilegeWithdrawn :: RevocationReason
RemoveFromCrl :: RevocationReason
Superceded :: RevocationReason
Unspecified :: RevocationReason
data ValidationMethod
DNS :: ValidationMethod
Email :: ValidationMethod

-- | Contains metadata about an ACM certificate. This structure is returned
--   in the response to a <tt>DescribeCertificate</tt> request.
--   
--   <i>See:</i> <a>certificateDetail</a> smart constructor.
data CertificateDetail

-- | Creates a value of <a>CertificateDetail</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cdSubject</a> - The name of the entity that is associated with
--   the public key contained in the certificate.</li>
--   <li><a>cdStatus</a> - The status of the certificate.</li>
--   <li><a>cdFailureReason</a> - The reason the certificate request
--   failed. This value exists only when the certificate status is
--   <tt>FAILED</tt> . For more information, see <a>Certificate Request
--   Failed</a> in the <i>AWS Certificate Manager User Guide</i> .</li>
--   <li><a>cdSubjectAlternativeNames</a> - One or more domain names
--   (subject alternative names) included in the certificate. This list
--   contains the domain names that are bound to the public key that is
--   contained in the certificate. The subject alternative names include
--   the canonical domain name (CN) of the certificate and additional
--   domain names that can be used to connect to the website.</li>
--   <li><a>cdInUseBy</a> - A list of ARNs for the AWS resources that are
--   using the certificate. A certificate can be used by multiple AWS
--   resources.</li>
--   <li><a>cdCreatedAt</a> - The time at which the certificate was
--   requested. This value exists only when the certificate type is
--   <tt>AMAZON_ISSUED</tt> .</li>
--   <li><a>cdCertificateARN</a> - The Amazon Resource Name (ARN) of the
--   certificate. For more information about ARNs, see <a>Amazon Resource
--   Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS General
--   Reference</i> .</li>
--   <li><a>cdSerial</a> - The serial number of the certificate.</li>
--   <li><a>cdRenewalEligibility</a> - Specifies whether the certificate is
--   eligible for renewal.</li>
--   <li><a>cdExtendedKeyUsages</a> - Contains a list of Extended Key Usage
--   X.509 v3 extension objects. Each object specifies a purpose for which
--   the certificate public key can be used and consists of a name and an
--   object identifier (OID).</li>
--   <li><a>cdImportedAt</a> - The date and time at which the certificate
--   was imported. This value exists only when the certificate type is
--   <tt>IMPORTED</tt> .</li>
--   <li><a>cdKeyUsages</a> - A list of Key Usage X.509 v3 extension
--   objects. Each object is a string value that identifies the purpose of
--   the public key contained in the certificate. Possible extension values
--   include DIGITAL_SIGNATURE, KEY_ENCHIPHERMENT, NON_REPUDIATION, and
--   more.</li>
--   <li><a>cdRevokedAt</a> - The time at which the certificate was
--   revoked. This value exists only when the certificate status is
--   <tt>REVOKED</tt> .</li>
--   <li><a>cdNotBefore</a> - The time before which the certificate is not
--   valid.</li>
--   <li><a>cdRevocationReason</a> - The reason the certificate was
--   revoked. This value exists only when the certificate status is
--   <tt>REVOKED</tt> .</li>
--   <li><a>cdDomainName</a> - The fully qualified domain name for the
--   certificate, such as www.example.com or example.com.</li>
--   <li><a>cdRenewalSummary</a> - Contains information about the status of
--   ACM's <a>managed renewal</a> for the certificate. This field exists
--   only when the certificate type is <tt>AMAZON_ISSUED</tt> .</li>
--   <li><a>cdKeyAlgorithm</a> - The algorithm that was used to generate
--   the public-private key pair.</li>
--   <li><a>cdType</a> - The source of the certificate. For certificates
--   provided by ACM, this value is <tt>AMAZON_ISSUED</tt> . For
--   certificates that you imported with <tt>ImportCertificate</tt> , this
--   value is <tt>IMPORTED</tt> . ACM does not provide <a>managed
--   renewal</a> for imported certificates. For more information about the
--   differences between certificates that you import and those that ACM
--   provides, see <a>Importing Certificates</a> in the <i>AWS Certificate
--   Manager User Guide</i> .</li>
--   <li><a>cdOptions</a> - Value that specifies whether to add the
--   certificate to a transparency log. Certificate transparency makes it
--   possible to detect SSL certificates that have been mistakenly or
--   maliciously issued. A browser might respond to certificate that has
--   not been logged by showing an error message. The logs are
--   cryptographically secure.</li>
--   <li><a>cdIssuedAt</a> - The time at which the certificate was issued.
--   This value exists only when the certificate type is
--   <tt>AMAZON_ISSUED</tt> .</li>
--   <li><a>cdSignatureAlgorithm</a> - The algorithm that was used to sign
--   the certificate.</li>
--   <li><a>cdDomainValidationOptions</a> - Contains information about the
--   initial validation of each domain name that occurs as a result of the
--   <tt>RequestCertificate</tt> request. This field exists only when the
--   certificate type is <tt>AMAZON_ISSUED</tt> .</li>
--   <li><a>cdIssuer</a> - The name of the certificate authority that
--   issued and signed the certificate.</li>
--   <li><a>cdNotAfter</a> - The time after which the certificate is not
--   valid.</li>
--   <li><a>cdCertificateAuthorityARN</a> - The Amazon Resource Name (ARN)
--   of the ACM PCA private certificate authority (CA) that issued the
--   certificate. This has the following format:
--   <tt>arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012</tt></li>
--   </ul>
certificateDetail :: CertificateDetail

-- | The name of the entity that is associated with the public key
--   contained in the certificate.
cdSubject :: Lens' CertificateDetail (Maybe Text)

-- | The status of the certificate.
cdStatus :: Lens' CertificateDetail (Maybe CertificateStatus)

-- | The reason the certificate request failed. This value exists only when
--   the certificate status is <tt>FAILED</tt> . For more information, see
--   <a>Certificate Request Failed</a> in the <i>AWS Certificate Manager
--   User Guide</i> .
cdFailureReason :: Lens' CertificateDetail (Maybe FailureReason)

-- | One or more domain names (subject alternative names) included in the
--   certificate. This list contains the domain names that are bound to the
--   public key that is contained in the certificate. The subject
--   alternative names include the canonical domain name (CN) of the
--   certificate and additional domain names that can be used to connect to
--   the website.
cdSubjectAlternativeNames :: Lens' CertificateDetail (Maybe (NonEmpty Text))

-- | A list of ARNs for the AWS resources that are using the certificate. A
--   certificate can be used by multiple AWS resources.
cdInUseBy :: Lens' CertificateDetail [Text]

-- | The time at which the certificate was requested. This value exists
--   only when the certificate type is <tt>AMAZON_ISSUED</tt> .
cdCreatedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | The Amazon Resource Name (ARN) of the certificate. For more
--   information about ARNs, see <a>Amazon Resource Names (ARNs) and AWS
--   Service Namespaces</a> in the <i>AWS General Reference</i> .
cdCertificateARN :: Lens' CertificateDetail (Maybe Text)

-- | The serial number of the certificate.
cdSerial :: Lens' CertificateDetail (Maybe Text)

-- | Specifies whether the certificate is eligible for renewal.
cdRenewalEligibility :: Lens' CertificateDetail (Maybe RenewalEligibility)

-- | Contains a list of Extended Key Usage X.509 v3 extension objects. Each
--   object specifies a purpose for which the certificate public key can be
--   used and consists of a name and an object identifier (OID).
cdExtendedKeyUsages :: Lens' CertificateDetail [ExtendedKeyUsage]

-- | The date and time at which the certificate was imported. This value
--   exists only when the certificate type is <tt>IMPORTED</tt> .
cdImportedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | A list of Key Usage X.509 v3 extension objects. Each object is a
--   string value that identifies the purpose of the public key contained
--   in the certificate. Possible extension values include
--   DIGITAL_SIGNATURE, KEY_ENCHIPHERMENT, NON_REPUDIATION, and more.
cdKeyUsages :: Lens' CertificateDetail [KeyUsage]

-- | The time at which the certificate was revoked. This value exists only
--   when the certificate status is <tt>REVOKED</tt> .
cdRevokedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | The time before which the certificate is not valid.
cdNotBefore :: Lens' CertificateDetail (Maybe UTCTime)

-- | The reason the certificate was revoked. This value exists only when
--   the certificate status is <tt>REVOKED</tt> .
cdRevocationReason :: Lens' CertificateDetail (Maybe RevocationReason)

-- | The fully qualified domain name for the certificate, such as
--   www.example.com or example.com.
cdDomainName :: Lens' CertificateDetail (Maybe Text)

-- | Contains information about the status of ACM's <a>managed renewal</a>
--   for the certificate. This field exists only when the certificate type
--   is <tt>AMAZON_ISSUED</tt> .
cdRenewalSummary :: Lens' CertificateDetail (Maybe RenewalSummary)

-- | The algorithm that was used to generate the public-private key pair.
cdKeyAlgorithm :: Lens' CertificateDetail (Maybe KeyAlgorithm)

-- | The source of the certificate. For certificates provided by ACM, this
--   value is <tt>AMAZON_ISSUED</tt> . For certificates that you imported
--   with <tt>ImportCertificate</tt> , this value is <tt>IMPORTED</tt> .
--   ACM does not provide <a>managed renewal</a> for imported certificates.
--   For more information about the differences between certificates that
--   you import and those that ACM provides, see <a>Importing
--   Certificates</a> in the <i>AWS Certificate Manager User Guide</i> .
cdType :: Lens' CertificateDetail (Maybe CertificateType)

-- | Value that specifies whether to add the certificate to a transparency
--   log. Certificate transparency makes it possible to detect SSL
--   certificates that have been mistakenly or maliciously issued. A
--   browser might respond to certificate that has not been logged by
--   showing an error message. The logs are cryptographically secure.
cdOptions :: Lens' CertificateDetail (Maybe CertificateOptions)

-- | The time at which the certificate was issued. This value exists only
--   when the certificate type is <tt>AMAZON_ISSUED</tt> .
cdIssuedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | The algorithm that was used to sign the certificate.
cdSignatureAlgorithm :: Lens' CertificateDetail (Maybe Text)

-- | Contains information about the initial validation of each domain name
--   that occurs as a result of the <tt>RequestCertificate</tt> request.
--   This field exists only when the certificate type is
--   <tt>AMAZON_ISSUED</tt> .
cdDomainValidationOptions :: Lens' CertificateDetail (Maybe (NonEmpty DomainValidation))

-- | The name of the certificate authority that issued and signed the
--   certificate.
cdIssuer :: Lens' CertificateDetail (Maybe Text)

-- | The time after which the certificate is not valid.
cdNotAfter :: Lens' CertificateDetail (Maybe UTCTime)

-- | The Amazon Resource Name (ARN) of the ACM PCA private certificate
--   authority (CA) that issued the certificate. This has the following
--   format:
--   <tt>arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012</tt>
cdCertificateAuthorityARN :: Lens' CertificateDetail (Maybe Text)

-- | Structure that contains options for your certificate. Currently, you
--   can use this only to specify whether to opt in to or out of
--   certificate transparency logging. Some browsers require that public
--   certificates issued for your domain be recorded in a log. Certificates
--   that are not logged typically generate a browser error. Transparency
--   makes it possible for you to detect SSL<i>TLS certificates that have
--   been mistakenly or maliciously issued for your domain. For general
--   information, see
--   &lt;http:</i><i>docs.aws.amazon.com</i>acm<i>latest</i>userguide/acm-concepts.html#concept-transparency
--   Certificate Transparency Logging&gt; .
--   
--   <i>See:</i> <a>certificateOptions</a> smart constructor.
data CertificateOptions

-- | Creates a value of <a>CertificateOptions</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>coCertificateTransparencyLoggingPreference</a> - You can opt
--   out of certificate transparency logging by specifying the
--   <tt>DISABLED</tt> option. Opt in by specifying <tt>ENABLED</tt> .</li>
--   </ul>
certificateOptions :: CertificateOptions

-- | You can opt out of certificate transparency logging by specifying the
--   <tt>DISABLED</tt> option. Opt in by specifying <tt>ENABLED</tt> .
coCertificateTransparencyLoggingPreference :: Lens' CertificateOptions (Maybe CertificateTransparencyLoggingPreference)

-- | This structure is returned in the response object of
--   <tt>ListCertificates</tt> action.
--   
--   <i>See:</i> <a>certificateSummary</a> smart constructor.
data CertificateSummary

-- | Creates a value of <a>CertificateSummary</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>csCertificateARN</a> - Amazon Resource Name (ARN) of the
--   certificate. This is of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   <li><a>csDomainName</a> - Fully qualified domain name (FQDN), such as
--   www.example.com or example.com, for the certificate.</li>
--   </ul>
certificateSummary :: CertificateSummary

-- | Amazon Resource Name (ARN) of the certificate. This is of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
csCertificateARN :: Lens' CertificateSummary (Maybe Text)

-- | Fully qualified domain name (FQDN), such as www.example.com or
--   example.com, for the certificate.
csDomainName :: Lens' CertificateSummary (Maybe Text)

-- | Contains information about the validation of each domain name in the
--   certificate.
--   
--   <i>See:</i> <a>domainValidation</a> smart constructor.
data DomainValidation

-- | Creates a value of <a>DomainValidation</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dvValidationEmails</a> - A list of email addresses that ACM
--   used to send domain validation emails.</li>
--   <li><a>dvValidationMethod</a> - Specifies the domain validation
--   method.</li>
--   <li><a>dvResourceRecord</a> - Contains the CNAME record that you add
--   to your DNS database for domain validation. For more information, see
--   <a>Use DNS to Validate Domain Ownership</a> .</li>
--   <li><a>dvValidationStatus</a> - The validation status of the domain
--   name. This can be one of the following values: *
--   <tt>PENDING_VALIDATION</tt> * SUCCESS * FAILED</li>
--   <li><a>dvValidationDomain</a> - The domain name that ACM used to send
--   domain validation emails.</li>
--   <li><a>dvDomainName</a> - A fully qualified domain name (FQDN) in the
--   certificate. For example, <tt>www.example.com</tt> or
--   <tt>example.com</tt> .</li>
--   </ul>
domainValidation :: Text -> DomainValidation

-- | A list of email addresses that ACM used to send domain validation
--   emails.
dvValidationEmails :: Lens' DomainValidation [Text]

-- | Specifies the domain validation method.
dvValidationMethod :: Lens' DomainValidation (Maybe ValidationMethod)

-- | Contains the CNAME record that you add to your DNS database for domain
--   validation. For more information, see <a>Use DNS to Validate Domain
--   Ownership</a> .
dvResourceRecord :: Lens' DomainValidation (Maybe ResourceRecord)

-- | The validation status of the domain name. This can be one of the
--   following values: * <tt>PENDING_VALIDATION</tt> * SUCCESS * FAILED
dvValidationStatus :: Lens' DomainValidation (Maybe DomainStatus)

-- | The domain name that ACM used to send domain validation emails.
dvValidationDomain :: Lens' DomainValidation (Maybe Text)

-- | A fully qualified domain name (FQDN) in the certificate. For example,
--   <tt>www.example.com</tt> or <tt>example.com</tt> .
dvDomainName :: Lens' DomainValidation Text

-- | Contains information about the domain names that you want ACM to use
--   to send you emails that enable you to validate domain ownership.
--   
--   <i>See:</i> <a>domainValidationOption</a> smart constructor.
data DomainValidationOption

-- | Creates a value of <a>DomainValidationOption</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dvoDomainName</a> - A fully qualified domain name (FQDN) in the
--   certificate request.</li>
--   <li><a>dvoValidationDomain</a> - The domain name that you want ACM to
--   use to send you validation emails. This domain name is the suffix of
--   the email addresses that you want ACM to use. This must be the same as
--   the <tt>DomainName</tt> value or a superdomain of the
--   <tt>DomainName</tt> value. For example, if you request a certificate
--   for <tt>testing.example.com</tt> , you can specify
--   <tt>example.com</tt> for this value. In that case, ACM sends domain
--   validation emails to the following five addresses: *
--   admin<tt>example.com * administrator</tt>example.com *
--   hostmaster<tt>example.com * postmaster</tt>example.com *
--   webmaster@example.com</li>
--   </ul>
domainValidationOption :: Text -> Text -> DomainValidationOption

-- | A fully qualified domain name (FQDN) in the certificate request.
dvoDomainName :: Lens' DomainValidationOption Text

-- | The domain name that you want ACM to use to send you validation
--   emails. This domain name is the suffix of the email addresses that you
--   want ACM to use. This must be the same as the <tt>DomainName</tt>
--   value or a superdomain of the <tt>DomainName</tt> value. For example,
--   if you request a certificate for <tt>testing.example.com</tt> , you
--   can specify <tt>example.com</tt> for this value. In that case, ACM
--   sends domain validation emails to the following five addresses: *
--   admin<tt>example.com * administrator</tt>example.com *
--   hostmaster<tt>example.com * postmaster</tt>example.com *
--   webmaster@example.com
dvoValidationDomain :: Lens' DomainValidationOption Text

-- | The Extended Key Usage X.509 v3 extension defines one or more purposes
--   for which the public key can be used. This is in addition to or in
--   place of the basic purposes specified by the Key Usage extension.
--   
--   <i>See:</i> <a>extendedKeyUsage</a> smart constructor.
data ExtendedKeyUsage

-- | Creates a value of <a>ExtendedKeyUsage</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ekuOId</a> - An object identifier (OID) for the extension
--   value. OIDs are strings of numbers separated by periods. The following
--   OIDs are defined in RFC 3280 and RFC 5280. * <tt>1.3.6.1.5.5.7.3.1
--   (TLS_WEB_SERVER_AUTHENTICATION)</tt> * <tt>1.3.6.1.5.5.7.3.2
--   (TLS_WEB_CLIENT_AUTHENTICATION)</tt> * <tt>1.3.6.1.5.5.7.3.3
--   (CODE_SIGNING)</tt> * <tt>1.3.6.1.5.5.7.3.4 (EMAIL_PROTECTION)</tt> *
--   <tt>1.3.6.1.5.5.7.3.8 (TIME_STAMPING)</tt> * <tt>1.3.6.1.5.5.7.3.9
--   (OCSP_SIGNING)</tt> * <tt>1.3.6.1.5.5.7.3.5 (IPSEC_END_SYSTEM)</tt> *
--   <tt>1.3.6.1.5.5.7.3.6 (IPSEC_TUNNEL)</tt> * <tt>1.3.6.1.5.5.7.3.7
--   (IPSEC_USER)</tt></li>
--   <li><a>ekuName</a> - The name of an Extended Key Usage value.</li>
--   </ul>
extendedKeyUsage :: ExtendedKeyUsage

-- | An object identifier (OID) for the extension value. OIDs are strings
--   of numbers separated by periods. The following OIDs are defined in RFC
--   3280 and RFC 5280. * <tt>1.3.6.1.5.5.7.3.1
--   (TLS_WEB_SERVER_AUTHENTICATION)</tt> * <tt>1.3.6.1.5.5.7.3.2
--   (TLS_WEB_CLIENT_AUTHENTICATION)</tt> * <tt>1.3.6.1.5.5.7.3.3
--   (CODE_SIGNING)</tt> * <tt>1.3.6.1.5.5.7.3.4 (EMAIL_PROTECTION)</tt> *
--   <tt>1.3.6.1.5.5.7.3.8 (TIME_STAMPING)</tt> * <tt>1.3.6.1.5.5.7.3.9
--   (OCSP_SIGNING)</tt> * <tt>1.3.6.1.5.5.7.3.5 (IPSEC_END_SYSTEM)</tt> *
--   <tt>1.3.6.1.5.5.7.3.6 (IPSEC_TUNNEL)</tt> * <tt>1.3.6.1.5.5.7.3.7
--   (IPSEC_USER)</tt>
ekuOId :: Lens' ExtendedKeyUsage (Maybe Text)

-- | The name of an Extended Key Usage value.
ekuName :: Lens' ExtendedKeyUsage (Maybe ExtendedKeyUsageName)

-- | This structure can be used in the <tt>ListCertificates</tt> action to
--   filter the output of the certificate list.
--   
--   <i>See:</i> <a>filters</a> smart constructor.
data Filters

-- | Creates a value of <a>Filters</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>fKeyTypes</a> - Specify one or more algorithms that can be used
--   to generate key pairs.</li>
--   <li><a>fKeyUsage</a> - Specify one or more <a>KeyUsage</a> extension
--   values.</li>
--   <li><a>fExtendedKeyUsage</a> - Specify one or more
--   <a>ExtendedKeyUsage</a> extension values.</li>
--   </ul>
filters :: Filters

-- | Specify one or more algorithms that can be used to generate key pairs.
fKeyTypes :: Lens' Filters [KeyAlgorithm]

-- | Specify one or more <a>KeyUsage</a> extension values.
fKeyUsage :: Lens' Filters [KeyUsageName]

-- | Specify one or more <a>ExtendedKeyUsage</a> extension values.
fExtendedKeyUsage :: Lens' Filters [ExtendedKeyUsageName]

-- | The Key Usage X.509 v3 extension defines the purpose of the public key
--   contained in the certificate.
--   
--   <i>See:</i> <a>keyUsage</a> smart constructor.
data KeyUsage

-- | Creates a value of <a>KeyUsage</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>kuName</a> - A string value that contains a Key Usage extension
--   name.</li>
--   </ul>
keyUsage :: KeyUsage

-- | A string value that contains a Key Usage extension name.
kuName :: Lens' KeyUsage (Maybe KeyUsageName)

-- | Contains information about the status of ACM's <a>managed renewal</a>
--   for the certificate. This structure exists only when the certificate
--   type is <tt>AMAZON_ISSUED</tt> .
--   
--   <i>See:</i> <a>renewalSummary</a> smart constructor.
data RenewalSummary

-- | Creates a value of <a>RenewalSummary</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rsRenewalStatus</a> - The status of ACM's <a>managed
--   renewal</a> of the certificate.</li>
--   <li><a>rsDomainValidationOptions</a> - Contains information about the
--   validation of each domain name in the certificate, as it pertains to
--   ACM's <a>managed renewal</a> . This is different from the initial
--   validation that occurs as a result of the <tt>RequestCertificate</tt>
--   request. This field exists only when the certificate type is
--   <tt>AMAZON_ISSUED</tt> .</li>
--   </ul>
renewalSummary :: RenewalStatus -> NonEmpty DomainValidation -> RenewalSummary

-- | The status of ACM's <a>managed renewal</a> of the certificate.
rsRenewalStatus :: Lens' RenewalSummary RenewalStatus

-- | Contains information about the validation of each domain name in the
--   certificate, as it pertains to ACM's <a>managed renewal</a> . This is
--   different from the initial validation that occurs as a result of the
--   <tt>RequestCertificate</tt> request. This field exists only when the
--   certificate type is <tt>AMAZON_ISSUED</tt> .
rsDomainValidationOptions :: Lens' RenewalSummary (NonEmpty DomainValidation)

-- | Contains a DNS record value that you can use to can use to validate
--   ownership or control of a domain. This is used by the
--   <tt>DescribeCertificate</tt> action.
--   
--   <i>See:</i> <a>resourceRecord</a> smart constructor.
data ResourceRecord

-- | Creates a value of <a>ResourceRecord</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rrName</a> - The name of the DNS record to create in your
--   domain. This is supplied by ACM.</li>
--   <li><a>rrType</a> - The type of DNS record. Currently this can be
--   <tt>CNAME</tt> .</li>
--   <li><a>rrValue</a> - The value of the CNAME record to add to your DNS
--   database. This is supplied by ACM.</li>
--   </ul>
resourceRecord :: Text -> RecordType -> Text -> ResourceRecord

-- | The name of the DNS record to create in your domain. This is supplied
--   by ACM.
rrName :: Lens' ResourceRecord Text

-- | The type of DNS record. Currently this can be <tt>CNAME</tt> .
rrType :: Lens' ResourceRecord RecordType

-- | The value of the CNAME record to add to your DNS database. This is
--   supplied by ACM.
rrValue :: Lens' ResourceRecord Text

-- | A key-value pair that identifies or specifies metadata about an ACM
--   resource.
--   
--   <i>See:</i> <a>tag</a> smart constructor.
data Tag

-- | Creates a value of <a>Tag</a> with the minimum fields required to make
--   a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>tagValue</a> - The value of the tag.</li>
--   <li><a>tagKey</a> - The key of the tag.</li>
--   </ul>
tag :: Text -> Tag

-- | The value of the tag.
tagValue :: Lens' Tag (Maybe Text)

-- | The key of the tag.
tagKey :: Lens' Tag Text


-- | Resends the email that requests domain ownership validation. The
--   domain owner or an authorized representative must approve the ACM
--   certificate before it can be issued. The certificate can be approved
--   by clicking a link in the mail to navigate to the Amazon certificate
--   approval website and then clicking <b>I Approve</b> . However, the
--   validation email can be blocked by spam filters. Therefore, if you do
--   not receive the original mail, you can request that the mail be resent
--   within 72 hours of requesting the ACM certificate. If more than 72
--   hours have elapsed since your original request or since your last
--   attempt to resend validation mail, you must request a new certificate.
--   For more information about setting up your contact email addresses,
--   see <a>Configure Email for your Domain</a> .
module Network.AWS.CertificateManager.ResendValidationEmail

-- | Creates a value of <a>ResendValidationEmail</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rveCertificateARN</a> - String that contains the ARN of the
--   requested certificate. The certificate ARN is generated and returned
--   by the <tt>RequestCertificate</tt> action as soon as the request is
--   made. By default, using this parameter causes email to be sent to all
--   top-level domains you specified in the certificate request. The ARN
--   must be of the form:
--   <tt>arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt></li>
--   <li><a>rveDomain</a> - The fully qualified domain name (FQDN) of the
--   certificate that needs to be validated.</li>
--   <li><a>rveValidationDomain</a> - The base validation domain that will
--   act as the suffix of the email addresses that are used to send the
--   emails. This must be the same as the <tt>Domain</tt> value or a
--   superdomain of the <tt>Domain</tt> value. For example, if you
--   requested a certificate for <tt>site.subdomain.example.com</tt> and
--   specify a <b>ValidationDomain</b> of <tt>subdomain.example.com</tt> ,
--   ACM sends email to the domain registrant, technical contact, and
--   administrative contact in WHOIS and the following five addresses: *
--   admin<tt>subdomain.example.com *
--   administrator</tt>subdomain.example.com *
--   hostmaster<tt>subdomain.example.com *
--   postmaster</tt>subdomain.example.com *
--   webmaster@subdomain.example.com</li>
--   </ul>
resendValidationEmail :: Text -> Text -> Text -> ResendValidationEmail

-- | <i>See:</i> <a>resendValidationEmail</a> smart constructor.
data ResendValidationEmail

-- | String that contains the ARN of the requested certificate. The
--   certificate ARN is generated and returned by the
--   <tt>RequestCertificate</tt> action as soon as the request is made. By
--   default, using this parameter causes email to be sent to all top-level
--   domains you specified in the certificate request. The ARN must be of
--   the form:
--   <tt>arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
rveCertificateARN :: Lens' ResendValidationEmail Text

-- | The fully qualified domain name (FQDN) of the certificate that needs
--   to be validated.
rveDomain :: Lens' ResendValidationEmail Text

-- | The base validation domain that will act as the suffix of the email
--   addresses that are used to send the emails. This must be the same as
--   the <tt>Domain</tt> value or a superdomain of the <tt>Domain</tt>
--   value. For example, if you requested a certificate for
--   <tt>site.subdomain.example.com</tt> and specify a
--   <b>ValidationDomain</b> of <tt>subdomain.example.com</tt> , ACM sends
--   email to the domain registrant, technical contact, and administrative
--   contact in WHOIS and the following five addresses: *
--   admin<tt>subdomain.example.com *
--   administrator</tt>subdomain.example.com *
--   hostmaster<tt>subdomain.example.com *
--   postmaster</tt>subdomain.example.com * webmaster@subdomain.example.com
rveValidationDomain :: Lens' ResendValidationEmail Text

-- | Creates a value of <a>ResendValidationEmailResponse</a> with the
--   minimum fields required to make a request.
resendValidationEmailResponse :: ResendValidationEmailResponse

-- | <i>See:</i> <a>resendValidationEmailResponse</a> smart constructor.
data ResendValidationEmailResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmailResponse
instance Data.Data.Data Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmailResponse
instance GHC.Show.Show Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmailResponse
instance GHC.Read.Read Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmailResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmailResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Data.Data.Data Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance GHC.Show.Show Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance GHC.Read.Read Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance GHC.Classes.Eq Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmailResponse
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail


-- | Requests an ACM certificate for use with other AWS services. To
--   request an ACM certificate, you must specify a fully qualified domain
--   name (FQDN) in the <tt>DomainName</tt> parameter. You can also specify
--   additional FQDNs in the <tt>SubjectAlternativeNames</tt> parameter.
--   
--   If you are requesting a private certificate, domain validation is not
--   required. If you are requesting a public certificate, each domain name
--   that you specify must be validated to verify that you own or control
--   the domain. You can use <a>DNS validation</a> or <a>email
--   validation</a> . We recommend that you use DNS validation. ACM issues
--   public certificates after receiving approval from the domain owner.
module Network.AWS.CertificateManager.RequestCertificate

-- | Creates a value of <a>RequestCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rcIdempotencyToken</a> - Customer chosen string that can be
--   used to distinguish between calls to <tt>RequestCertificate</tt> .
--   Idempotency tokens time out after one hour. Therefore, if you call
--   <tt>RequestCertificate</tt> multiple times with the same idempotency
--   token within one hour, ACM recognizes that you are requesting only one
--   certificate and will issue only one. If you change the idempotency
--   token for each call, ACM recognizes that you are requesting multiple
--   certificates.</li>
--   <li><a>rcValidationMethod</a> - The method you want to use if you are
--   requesting a public certificate to validate that you own or control
--   domain. You can <a>validate with DNS</a> or <a>validate with email</a>
--   . We recommend that you use DNS validation.</li>
--   <li><a>rcSubjectAlternativeNames</a> - Additional FQDNs to be included
--   in the Subject Alternative Name extension of the ACM certificate. For
--   example, add the name www.example.net to a certificate for which the
--   <tt>DomainName</tt> field is www.example.com if users can reach your
--   site by using either name. The maximum number of domain names that you
--   can add to an ACM certificate is 100. However, the initial limit is 10
--   domain names. If you need more than 10 names, you must request a limit
--   increase. For more information, see <a>Limits</a> . The maximum length
--   of a SAN DNS name is 253 octets. The name is made up of multiple
--   labels separated by periods. No label can be longer than 63 octets.
--   Consider the following examples: * <tt>(63 octets).(63 octets).(63
--   octets).(61 octets)</tt> is legal because the total length is 253
--   octets (63+1+63+1+63+1+61) and no label exceeds 63 octets. * <tt>(64
--   octets).(63 octets).(63 octets).(61 octets)</tt> is not legal because
--   the total length exceeds 253 octets (64+1+63+1+63+1+61) and the first
--   label exceeds 63 octets. * <tt>(63 octets).(63 octets).(63 octets).(62
--   octets)</tt> is not legal because the total length of the DNS name
--   (63+1+63+1+63+1+62) exceeds 253 octets.</li>
--   <li><a>rcOptions</a> - Currently, you can use this parameter to
--   specify whether to add the certificate to a certificate transparency
--   log. Certificate transparency makes it possible to detect SSL<i>TLS
--   certificates that have been mistakenly or maliciously issued.
--   Certificates that have not been logged typically produce an error
--   message in a browser. For more information, see
--   &lt;http:</i><i>docs.aws.amazon.com</i>acm<i>latest</i>userguide/acm-bestpractices.html#best-practices-transparency
--   Opting Out of Certificate Transparency Logging&gt; .</li>
--   <li><a>rcDomainValidationOptions</a> - The domain name that you want
--   ACM to use to send you emails so that you can validate domain
--   ownership.</li>
--   <li><a>rcCertificateAuthorityARN</a> - The Amazon Resource Name (ARN)
--   of the private certificate authority (CA) that will be used to issue
--   the certificate. If you do not provide an ARN and you are trying to
--   request a private certificate, ACM will attempt to issue a public
--   certificate. For more information about private CAs, see the <a>AWS
--   Certificate Manager Private Certificate Authority (PCA)</a> user
--   guide. The ARN must have the following form:
--   <tt>arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012</tt></li>
--   <li><a>rcDomainName</a> - Fully qualified domain name (FQDN), such as
--   www.example.com, that you want to secure with an ACM certificate. Use
--   an asterisk (*) to create a wildcard certificate that protects several
--   sites in the same domain. For example, *.example.com protects
--   www.example.com, site.example.com, and images.example.com. The first
--   domain name you enter cannot exceed 63 octets, including periods. Each
--   subsequent Subject Alternative Name (SAN), however, can be up to 253
--   octets in length.</li>
--   </ul>
requestCertificate :: Text -> RequestCertificate

-- | <i>See:</i> <a>requestCertificate</a> smart constructor.
data RequestCertificate

-- | Customer chosen string that can be used to distinguish between calls
--   to <tt>RequestCertificate</tt> . Idempotency tokens time out after one
--   hour. Therefore, if you call <tt>RequestCertificate</tt> multiple
--   times with the same idempotency token within one hour, ACM recognizes
--   that you are requesting only one certificate and will issue only one.
--   If you change the idempotency token for each call, ACM recognizes that
--   you are requesting multiple certificates.
rcIdempotencyToken :: Lens' RequestCertificate (Maybe Text)

-- | The method you want to use if you are requesting a public certificate
--   to validate that you own or control domain. You can <a>validate with
--   DNS</a> or <a>validate with email</a> . We recommend that you use DNS
--   validation.
rcValidationMethod :: Lens' RequestCertificate (Maybe ValidationMethod)

-- | Additional FQDNs to be included in the Subject Alternative Name
--   extension of the ACM certificate. For example, add the name
--   www.example.net to a certificate for which the <tt>DomainName</tt>
--   field is www.example.com if users can reach your site by using either
--   name. The maximum number of domain names that you can add to an ACM
--   certificate is 100. However, the initial limit is 10 domain names. If
--   you need more than 10 names, you must request a limit increase. For
--   more information, see <a>Limits</a> . The maximum length of a SAN DNS
--   name is 253 octets. The name is made up of multiple labels separated
--   by periods. No label can be longer than 63 octets. Consider the
--   following examples: * <tt>(63 octets).(63 octets).(63 octets).(61
--   octets)</tt> is legal because the total length is 253 octets
--   (63+1+63+1+63+1+61) and no label exceeds 63 octets. * <tt>(64
--   octets).(63 octets).(63 octets).(61 octets)</tt> is not legal because
--   the total length exceeds 253 octets (64+1+63+1+63+1+61) and the first
--   label exceeds 63 octets. * <tt>(63 octets).(63 octets).(63 octets).(62
--   octets)</tt> is not legal because the total length of the DNS name
--   (63+1+63+1+63+1+62) exceeds 253 octets.
rcSubjectAlternativeNames :: Lens' RequestCertificate (Maybe (NonEmpty Text))

-- | Currently, you can use this parameter to specify whether to add the
--   certificate to a certificate transparency log. Certificate
--   transparency makes it possible to detect SSL<i>TLS certificates that
--   have been mistakenly or maliciously issued. Certificates that have not
--   been logged typically produce an error message in a browser. For more
--   information, see
--   &lt;http:</i><i>docs.aws.amazon.com</i>acm<i>latest</i>userguide/acm-bestpractices.html#best-practices-transparency
--   Opting Out of Certificate Transparency Logging&gt; .
rcOptions :: Lens' RequestCertificate (Maybe CertificateOptions)

-- | The domain name that you want ACM to use to send you emails so that
--   you can validate domain ownership.
rcDomainValidationOptions :: Lens' RequestCertificate (Maybe (NonEmpty DomainValidationOption))

-- | The Amazon Resource Name (ARN) of the private certificate authority
--   (CA) that will be used to issue the certificate. If you do not provide
--   an ARN and you are trying to request a private certificate, ACM will
--   attempt to issue a public certificate. For more information about
--   private CAs, see the <a>AWS Certificate Manager Private Certificate
--   Authority (PCA)</a> user guide. The ARN must have the following form:
--   <tt>arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012</tt>
rcCertificateAuthorityARN :: Lens' RequestCertificate (Maybe Text)

-- | Fully qualified domain name (FQDN), such as www.example.com, that you
--   want to secure with an ACM certificate. Use an asterisk (*) to create
--   a wildcard certificate that protects several sites in the same domain.
--   For example, *.example.com protects www.example.com, site.example.com,
--   and images.example.com. The first domain name you enter cannot exceed
--   63 octets, including periods. Each subsequent Subject Alternative Name
--   (SAN), however, can be up to 253 octets in length.
rcDomainName :: Lens' RequestCertificate Text

-- | Creates a value of <a>RequestCertificateResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rcrsCertificateARN</a> - String that contains the ARN of the
--   issued certificate. This must be of the form:
--   <tt>arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt></li>
--   <li><a>rcrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
requestCertificateResponse :: Int -> RequestCertificateResponse

-- | <i>See:</i> <a>requestCertificateResponse</a> smart constructor.
data RequestCertificateResponse

-- | String that contains the ARN of the issued certificate. This must be
--   of the form:
--   <tt>arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
rcrsCertificateARN :: Lens' RequestCertificateResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
rcrsResponseStatus :: Lens' RequestCertificateResponse Int
instance GHC.Generics.Generic Network.AWS.CertificateManager.RequestCertificate.RequestCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.RequestCertificate.RequestCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.RequestCertificate.RequestCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.RequestCertificate.RequestCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.RequestCertificate.RequestCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Data.Data.Data Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.RequestCertificate.RequestCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.RequestCertificate.RequestCertificate


-- | Remove one or more tags from an ACM certificate. A tag consists of a
--   key-value pair. If you do not specify the value portion of the tag
--   when calling this function, the tag will be removed regardless of
--   value. If you specify a value, the tag is removed only if it is
--   associated with the specified value.
--   
--   To add tags to a certificate, use the <tt>AddTagsToCertificate</tt>
--   action. To view all of the tags that have been applied to a specific
--   ACM certificate, use the <tt>ListTagsForCertificate</tt> action.
module Network.AWS.CertificateManager.RemoveTagsFromCertificate

-- | Creates a value of <a>RemoveTagsFromCertificate</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rtfcCertificateARN</a> - String that contains the ARN of the
--   ACM Certificate with one or more tags that you want to remove. This
--   must be of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   <li><a>rtfcTags</a> - The key-value pair that defines the tag to
--   remove.</li>
--   </ul>
removeTagsFromCertificate :: Text -> NonEmpty Tag -> RemoveTagsFromCertificate

-- | <i>See:</i> <a>removeTagsFromCertificate</a> smart constructor.
data RemoveTagsFromCertificate

-- | String that contains the ARN of the ACM Certificate with one or more
--   tags that you want to remove. This must be of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
rtfcCertificateARN :: Lens' RemoveTagsFromCertificate Text

-- | The key-value pair that defines the tag to remove.
rtfcTags :: Lens' RemoveTagsFromCertificate (NonEmpty Tag)

-- | Creates a value of <a>RemoveTagsFromCertificateResponse</a> with the
--   minimum fields required to make a request.
removeTagsFromCertificateResponse :: RemoveTagsFromCertificateResponse

-- | <i>See:</i> <a>removeTagsFromCertificateResponse</a> smart
--   constructor.
data RemoveTagsFromCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Data.Data.Data Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate


-- | Lists the tags that have been applied to the ACM certificate. Use the
--   certificate's Amazon Resource Name (ARN) to specify the certificate.
--   To add a tag to an ACM certificate, use the
--   <tt>AddTagsToCertificate</tt> action. To delete a tag, use the
--   <tt>RemoveTagsFromCertificate</tt> action.
module Network.AWS.CertificateManager.ListTagsForCertificate

-- | Creates a value of <a>ListTagsForCertificate</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ltfcCertificateARN</a> - String that contains the ARN of the
--   ACM certificate for which you want to list the tags. This must have
--   the following form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   </ul>
listTagsForCertificate :: Text -> ListTagsForCertificate

-- | <i>See:</i> <a>listTagsForCertificate</a> smart constructor.
data ListTagsForCertificate

-- | String that contains the ARN of the ACM certificate for which you want
--   to list the tags. This must have the following form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
ltfcCertificateARN :: Lens' ListTagsForCertificate Text

-- | Creates a value of <a>ListTagsForCertificateResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ltfcrsTags</a> - The key-value pairs that define the applied
--   tags.</li>
--   <li><a>ltfcrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listTagsForCertificateResponse :: Int -> ListTagsForCertificateResponse

-- | <i>See:</i> <a>listTagsForCertificateResponse</a> smart constructor.
data ListTagsForCertificateResponse

-- | The key-value pairs that define the applied tags.
ltfcrsTags :: Lens' ListTagsForCertificateResponse (Maybe (NonEmpty Tag))

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
ltfcrsResponseStatus :: Lens' ListTagsForCertificateResponse Int
instance GHC.Generics.Generic Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Data.Data.Data Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate


-- | Retrieves a list of certificate ARNs and domain names. You can request
--   that only certificates that match a specific status be listed. You can
--   also filter by specific attributes of the certificate.
--   
--   This operation returns paginated results.
module Network.AWS.CertificateManager.ListCertificates

-- | Creates a value of <a>ListCertificates</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lcCertificateStatuses</a> - Filter the certificate list by
--   status value.</li>
--   <li><a>lcNextToken</a> - Use this parameter only when paginating
--   results and only in a subsequent request after you receive a response
--   with truncated results. Set it to the value of <tt>NextToken</tt> from
--   the response you just received.</li>
--   <li><a>lcIncludes</a> - Filter the certificate list. For more
--   information, see the <a>Filters</a> structure.</li>
--   <li><a>lcMaxItems</a> - Use this parameter when paginating results to
--   specify the maximum number of items to return in the response. If
--   additional items exist beyond the number you specify, the
--   <tt>NextToken</tt> element is sent in the response. Use this
--   <tt>NextToken</tt> value in a subsequent request to retrieve
--   additional items.</li>
--   </ul>
listCertificates :: ListCertificates

-- | <i>See:</i> <a>listCertificates</a> smart constructor.
data ListCertificates

-- | Filter the certificate list by status value.
lcCertificateStatuses :: Lens' ListCertificates [CertificateStatus]

-- | Use this parameter only when paginating results and only in a
--   subsequent request after you receive a response with truncated
--   results. Set it to the value of <tt>NextToken</tt> from the response
--   you just received.
lcNextToken :: Lens' ListCertificates (Maybe Text)

-- | Filter the certificate list. For more information, see the
--   <a>Filters</a> structure.
lcIncludes :: Lens' ListCertificates (Maybe Filters)

-- | Use this parameter when paginating results to specify the maximum
--   number of items to return in the response. If additional items exist
--   beyond the number you specify, the <tt>NextToken</tt> element is sent
--   in the response. Use this <tt>NextToken</tt> value in a subsequent
--   request to retrieve additional items.
lcMaxItems :: Lens' ListCertificates (Maybe Natural)

-- | Creates a value of <a>ListCertificatesResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lcrsCertificateSummaryList</a> - A list of ACM
--   certificates.</li>
--   <li><a>lcrsNextToken</a> - When the list is truncated, this value is
--   present and contains the value to use for the <tt>NextToken</tt>
--   parameter in a subsequent pagination request.</li>
--   <li><a>lcrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listCertificatesResponse :: Int -> ListCertificatesResponse

-- | <i>See:</i> <a>listCertificatesResponse</a> smart constructor.
data ListCertificatesResponse

-- | A list of ACM certificates.
lcrsCertificateSummaryList :: Lens' ListCertificatesResponse [CertificateSummary]

-- | When the list is truncated, this value is present and contains the
--   value to use for the <tt>NextToken</tt> parameter in a subsequent
--   pagination request.
lcrsNextToken :: Lens' ListCertificatesResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lcrsResponseStatus :: Lens' ListCertificatesResponse Int
instance GHC.Generics.Generic Network.AWS.CertificateManager.ListCertificates.ListCertificatesResponse
instance Data.Data.Data Network.AWS.CertificateManager.ListCertificates.ListCertificatesResponse
instance GHC.Show.Show Network.AWS.CertificateManager.ListCertificates.ListCertificatesResponse
instance GHC.Read.Read Network.AWS.CertificateManager.ListCertificates.ListCertificatesResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.ListCertificates.ListCertificatesResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Data.Data.Data Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance GHC.Show.Show Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance GHC.Read.Read Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance GHC.Classes.Eq Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ListCertificates.ListCertificatesResponse
instance Network.AWS.Pager.AWSPager Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.ListCertificates.ListCertificates


-- | Imports a certificate into AWS Certificate Manager (ACM) to use with
--   services that are integrated with ACM. Note that <a>integrated
--   services</a> allow only certificate types and keys they support to be
--   associated with their resources. Further, their support differs
--   depending on whether the certificate is imported into IAM or into ACM.
--   For more information, see the documentation for each service. For more
--   information about importing certificates into ACM, see <a>Importing
--   Certificates</a> in the <i>AWS Certificate Manager User Guide</i> .
--   
--   Note the following guidelines when importing third party certificates:
--   
--   <ul>
--   <li>You must enter the private key that matches the certificate you
--   are importing.</li>
--   <li>The private key must be unencrypted. You cannot import a private
--   key that is protected by a password or a passphrase.</li>
--   <li>If the certificate you are importing is not self-signed, you must
--   enter its certificate chain.</li>
--   <li>If a certificate chain is included, the issuer must be the subject
--   of one of the certificates in the chain.</li>
--   <li>The certificate, private key, and certificate chain must be
--   PEM-encoded.</li>
--   <li>The current time must be between the <tt>Not Before</tt> and
--   <tt>Not After</tt> certificate fields.</li>
--   <li>The <tt>Issuer</tt> field must not be empty.</li>
--   <li>The OCSP authority URL, if present, must not exceed 1000
--   characters.</li>
--   <li>To import a new certificate, omit the <tt>CertificateArn</tt>
--   argument. Include this argument only when you want to replace a
--   previously imported certificate.</li>
--   <li>When you import a certificate by using the CLI, you must specify
--   the certificate, the certificate chain, and the private key by their
--   file names preceded by <tt>file://</tt> . For example, you can specify
--   a certificate saved in the <tt>C:temp</tt> folder as
--   <tt>file://C:tempcertificate_to_import.pem</tt> . If you are making an
--   HTTP or HTTPS Query request, include these arguments as BLOBs.</li>
--   <li>When you import a certificate by using an SDK, you must specify
--   the certificate, the certificate chain, and the private key files in
--   the manner required by the programming language you're using.</li>
--   </ul>
--   
--   This operation returns the <a>Amazon Resource Name (ARN)</a> of the
--   imported certificate.
module Network.AWS.CertificateManager.ImportCertificate

-- | Creates a value of <a>ImportCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>icCertificateARN</a> - The <a>Amazon Resource Name (ARN)</a> of
--   an imported certificate to replace. To import a new certificate, omit
--   this field.</li>
--   <li><a>icCertificateChain</a> - The PEM encoded certificate chain.--
--   <i>Note:</i> This <tt>Lens</tt> automatically encodes and decodes
--   Base64 data. The underlying isomorphism will encode to Base64
--   representation during serialisation, and decode from Base64
--   representation during deserialisation. This <tt>Lens</tt> accepts and
--   returns only raw unencoded data.</li>
--   <li><a>icCertificate</a> - The certificate to import.-- <i>Note:</i>
--   This <tt>Lens</tt> automatically encodes and decodes Base64 data. The
--   underlying isomorphism will encode to Base64 representation during
--   serialisation, and decode from Base64 representation during
--   deserialisation. This <tt>Lens</tt> accepts and returns only raw
--   unencoded data.</li>
--   <li><a>icPrivateKey</a> - The private key that matches the public key
--   in the certificate.-- <i>Note:</i> This <tt>Lens</tt> automatically
--   encodes and decodes Base64 data. The underlying isomorphism will
--   encode to Base64 representation during serialisation, and decode from
--   Base64 representation during deserialisation. This <tt>Lens</tt>
--   accepts and returns only raw unencoded data.</li>
--   </ul>
importCertificate :: ByteString -> ByteString -> ImportCertificate

-- | <i>See:</i> <a>importCertificate</a> smart constructor.
data ImportCertificate

-- | The <a>Amazon Resource Name (ARN)</a> of an imported certificate to
--   replace. To import a new certificate, omit this field.
icCertificateARN :: Lens' ImportCertificate (Maybe Text)

-- | The PEM encoded certificate chain.-- <i>Note:</i> This <tt>Lens</tt>
--   automatically encodes and decodes Base64 data. The underlying
--   isomorphism will encode to Base64 representation during serialisation,
--   and decode from Base64 representation during deserialisation. This
--   <tt>Lens</tt> accepts and returns only raw unencoded data.
icCertificateChain :: Lens' ImportCertificate (Maybe ByteString)

-- | The certificate to import.-- <i>Note:</i> This <tt>Lens</tt>
--   automatically encodes and decodes Base64 data. The underlying
--   isomorphism will encode to Base64 representation during serialisation,
--   and decode from Base64 representation during deserialisation. This
--   <tt>Lens</tt> accepts and returns only raw unencoded data.
icCertificate :: Lens' ImportCertificate ByteString

-- | The private key that matches the public key in the certificate.--
--   <i>Note:</i> This <tt>Lens</tt> automatically encodes and decodes
--   Base64 data. The underlying isomorphism will encode to Base64
--   representation during serialisation, and decode from Base64
--   representation during deserialisation. This <tt>Lens</tt> accepts and
--   returns only raw unencoded data.
icPrivateKey :: Lens' ImportCertificate ByteString

-- | Creates a value of <a>ImportCertificateResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>icrsCertificateARN</a> - The <a>Amazon Resource Name (ARN)</a>
--   of the imported certificate.</li>
--   <li><a>icrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
importCertificateResponse :: Int -> ImportCertificateResponse

-- | <i>See:</i> <a>importCertificateResponse</a> smart constructor.
data ImportCertificateResponse

-- | The <a>Amazon Resource Name (ARN)</a> of the imported certificate.
icrsCertificateARN :: Lens' ImportCertificateResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
icrsResponseStatus :: Lens' ImportCertificateResponse Int
instance GHC.Generics.Generic Network.AWS.CertificateManager.ImportCertificate.ImportCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.ImportCertificate.ImportCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.ImportCertificate.ImportCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.ImportCertificate.ImportCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.ImportCertificate.ImportCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Data.Data.Data Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ImportCertificate.ImportCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.ImportCertificate.ImportCertificate


-- | Retrieves a certificate specified by an ARN and its certificate chain
--   . The chain is an ordered list of certificates that contains the end
--   entity certificate, intermediate certificates of subordinate CAs, and
--   the root certificate in that order. The certificate and certificate
--   chain are base64 encoded. If you want to decode the certificate to see
--   the individual fields, you can use OpenSSL.
module Network.AWS.CertificateManager.GetCertificate

-- | Creates a value of <a>GetCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gcCertificateARN</a> - String that contains a certificate ARN
--   in the following format:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   </ul>
getCertificate :: Text -> GetCertificate

-- | <i>See:</i> <a>getCertificate</a> smart constructor.
data GetCertificate

-- | String that contains a certificate ARN in the following format:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
gcCertificateARN :: Lens' GetCertificate Text

-- | Creates a value of <a>GetCertificateResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gcrsCertificate</a> - String that contains the ACM certificate
--   represented by the ARN specified at input.</li>
--   <li><a>gcrsCertificateChain</a> - The certificate chain that contains
--   the root certificate issued by the certificate authority (CA).</li>
--   <li><a>gcrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getCertificateResponse :: Int -> GetCertificateResponse

-- | <i>See:</i> <a>getCertificateResponse</a> smart constructor.
data GetCertificateResponse

-- | String that contains the ACM certificate represented by the ARN
--   specified at input.
gcrsCertificate :: Lens' GetCertificateResponse (Maybe Text)

-- | The certificate chain that contains the root certificate issued by the
--   certificate authority (CA).
gcrsCertificateChain :: Lens' GetCertificateResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gcrsResponseStatus :: Lens' GetCertificateResponse Int
instance GHC.Generics.Generic Network.AWS.CertificateManager.GetCertificate.GetCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.GetCertificate.GetCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.GetCertificate.GetCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.GetCertificate.GetCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.GetCertificate.GetCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Data.Data.Data Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.GetCertificate.GetCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.GetCertificate.GetCertificate


-- | Exports a private certificate issued by a private certificate
--   authority (CA) for use anywhere. You can export the certificate, the
--   certificate chain, and the encrypted private key associated with the
--   public key embedded in the certificate. You must store the private key
--   securely. The private key is a 2048 bit RSA key. You must provide a
--   passphrase for the private key when exporting it. You can use the
--   following OpenSSL command to decrypt it later. Provide the passphrase
--   when prompted.
--   
--   <pre>
--   openssl rsa -in encrypted_key.pem -out decrypted_key.pem
--   </pre>
module Network.AWS.CertificateManager.ExportCertificate

-- | Creates a value of <a>ExportCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ecCertificateARN</a> - An Amazon Resource Name (ARN) of the
--   issued certificate. This must be of the form:
--   <tt>arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012</tt></li>
--   <li><a>ecPassphrase</a> - Passphrase to associate with the encrypted
--   exported private key. If you want to later decrypt the private key,
--   you must have the passphrase. You can use the following OpenSSL
--   command to decrypt a private key: <tt>openssl rsa -in
--   encrypted_key.pem -out decrypted_key.pem</tt> -- <i>Note:</i> This
--   <tt>Lens</tt> automatically encodes and decodes Base64 data. The
--   underlying isomorphism will encode to Base64 representation during
--   serialisation, and decode from Base64 representation during
--   deserialisation. This <tt>Lens</tt> accepts and returns only raw
--   unencoded data.</li>
--   </ul>
exportCertificate :: Text -> ByteString -> ExportCertificate

-- | <i>See:</i> <a>exportCertificate</a> smart constructor.
data ExportCertificate

-- | An Amazon Resource Name (ARN) of the issued certificate. This must be
--   of the form:
--   <tt>arn:aws:acm:region:account:certificate/12345678-1234-1234-1234-123456789012</tt>
ecCertificateARN :: Lens' ExportCertificate Text

-- | Passphrase to associate with the encrypted exported private key. If
--   you want to later decrypt the private key, you must have the
--   passphrase. You can use the following OpenSSL command to decrypt a
--   private key: <tt>openssl rsa -in encrypted_key.pem -out
--   decrypted_key.pem</tt> -- <i>Note:</i> This <tt>Lens</tt>
--   automatically encodes and decodes Base64 data. The underlying
--   isomorphism will encode to Base64 representation during serialisation,
--   and decode from Base64 representation during deserialisation. This
--   <tt>Lens</tt> accepts and returns only raw unencoded data.
ecPassphrase :: Lens' ExportCertificate ByteString

-- | Creates a value of <a>ExportCertificateResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ecrsPrivateKey</a> - The PEM-encoded private key associated
--   with the public key in the certificate.</li>
--   <li><a>ecrsCertificate</a> - The base64 PEM-encoded certificate.</li>
--   <li><a>ecrsCertificateChain</a> - The base64 PEM-encoded certificate
--   chain. This does not include the certificate that you are
--   exporting.</li>
--   <li><a>ecrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
exportCertificateResponse :: Int -> ExportCertificateResponse

-- | <i>See:</i> <a>exportCertificateResponse</a> smart constructor.
data ExportCertificateResponse

-- | The PEM-encoded private key associated with the public key in the
--   certificate.
ecrsPrivateKey :: Lens' ExportCertificateResponse (Maybe Text)

-- | The base64 PEM-encoded certificate.
ecrsCertificate :: Lens' ExportCertificateResponse (Maybe Text)

-- | The base64 PEM-encoded certificate chain. This does not include the
--   certificate that you are exporting.
ecrsCertificateChain :: Lens' ExportCertificateResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
ecrsResponseStatus :: Lens' ExportCertificateResponse Int
instance GHC.Generics.Generic Network.AWS.CertificateManager.ExportCertificate.ExportCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.ExportCertificate.ExportCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.ExportCertificate.ExportCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.ExportCertificate.ExportCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.ExportCertificate.ExportCertificate
instance Data.Data.Data Network.AWS.CertificateManager.ExportCertificate.ExportCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.ExportCertificate.ExportCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.ExportCertificate.ExportCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.ExportCertificate.ExportCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ExportCertificate.ExportCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.ExportCertificate.ExportCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ExportCertificate.ExportCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.ExportCertificate.ExportCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.ExportCertificate.ExportCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.ExportCertificate.ExportCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.ExportCertificate.ExportCertificate


-- | Returns detailed metadata about the specified ACM certificate.
module Network.AWS.CertificateManager.DescribeCertificate

-- | Creates a value of <a>DescribeCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dCertificateARN</a> - The Amazon Resource Name (ARN) of the ACM
--   certificate. The ARN must have the following form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   </ul>
describeCertificate :: Text -> DescribeCertificate

-- | <i>See:</i> <a>describeCertificate</a> smart constructor.
data DescribeCertificate

-- | The Amazon Resource Name (ARN) of the ACM certificate. The ARN must
--   have the following form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
dCertificateARN :: Lens' DescribeCertificate Text

-- | Creates a value of <a>DescribeCertificateResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dcrsCertificate</a> - Metadata about an ACM certificate.</li>
--   <li><a>dcrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
describeCertificateResponse :: Int -> DescribeCertificateResponse

-- | <i>See:</i> <a>describeCertificateResponse</a> smart constructor.
data DescribeCertificateResponse

-- | Metadata about an ACM certificate.
dcrsCertificate :: Lens' DescribeCertificateResponse (Maybe CertificateDetail)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
dcrsResponseStatus :: Lens' DescribeCertificateResponse Int
instance GHC.Generics.Generic Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Data.Data.Data Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate


-- | Deletes a certificate and its associated private key. If this action
--   succeeds, the certificate no longer appears in the list that can be
--   displayed by calling the <tt>ListCertificates</tt> action or be
--   retrieved by calling the <tt>GetCertificate</tt> action. The
--   certificate will not be available for use by AWS services integrated
--   with ACM.
module Network.AWS.CertificateManager.DeleteCertificate

-- | Creates a value of <a>DeleteCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dcCertificateARN</a> - String that contains the ARN of the ACM
--   certificate to be deleted. This must be of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   </ul>
deleteCertificate :: Text -> DeleteCertificate

-- | <i>See:</i> <a>deleteCertificate</a> smart constructor.
data DeleteCertificate

-- | String that contains the ARN of the ACM certificate to be deleted.
--   This must be of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
dcCertificateARN :: Lens' DeleteCertificate Text

-- | Creates a value of <a>DeleteCertificateResponse</a> with the minimum
--   fields required to make a request.
deleteCertificateResponse :: DeleteCertificateResponse

-- | <i>See:</i> <a>deleteCertificateResponse</a> smart constructor.
data DeleteCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Data.Data.Data Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate


-- | Adds one or more tags to an ACM certificate. Tags are labels that you
--   can use to identify and organize your AWS resources. Each tag consists
--   of a <tt>key</tt> and an optional <tt>value</tt> . You specify the
--   certificate on input by its Amazon Resource Name (ARN). You specify
--   the tag by using a key-value pair.
--   
--   You can apply a tag to just one certificate if you want to identify a
--   specific characteristic of that certificate, or you can apply the same
--   tag to multiple certificates if you want to filter for a common
--   relationship among those certificates. Similarly, you can apply the
--   same tag to multiple resources if you want to specify a relationship
--   among those resources. For example, you can add the same tag to an ACM
--   certificate and an Elastic Load Balancing load balancer to indicate
--   that they are both used by the same website. For more information, see
--   <a>Tagging ACM certificates</a> .
--   
--   To remove one or more tags, use the <tt>RemoveTagsFromCertificate</tt>
--   action. To view all of the tags that have been applied to the
--   certificate, use the <tt>ListTagsForCertificate</tt> action.
module Network.AWS.CertificateManager.AddTagsToCertificate

-- | Creates a value of <a>AddTagsToCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>attcCertificateARN</a> - String that contains the ARN of the
--   ACM certificate to which the tag is to be applied. This must be of the
--   form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   <li><a>attcTags</a> - The key-value pair that defines the tag. The tag
--   value is optional.</li>
--   </ul>
addTagsToCertificate :: Text -> NonEmpty Tag -> AddTagsToCertificate

-- | <i>See:</i> <a>addTagsToCertificate</a> smart constructor.
data AddTagsToCertificate

-- | String that contains the ARN of the ACM certificate to which the tag
--   is to be applied. This must be of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
attcCertificateARN :: Lens' AddTagsToCertificate Text

-- | The key-value pair that defines the tag. The tag value is optional.
attcTags :: Lens' AddTagsToCertificate (NonEmpty Tag)

-- | Creates a value of <a>AddTagsToCertificateResponse</a> with the
--   minimum fields required to make a request.
addTagsToCertificateResponse :: AddTagsToCertificateResponse

-- | <i>See:</i> <a>addTagsToCertificateResponse</a> smart constructor.
data AddTagsToCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Data.Data.Data Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificateResponse
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate


-- | Updates a certificate. Currently, you can use this function to specify
--   whether to opt in to or out of recording your certificate in a
--   certificate transparency log. For more information, see <a>Opting Out
--   of Certificate Transparency Logging</a> .
module Network.AWS.CertificateManager.UpdateCertificateOptions

-- | Creates a value of <a>UpdateCertificateOptions</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ucoCertificateARN</a> - ARN of the requested certificate to
--   update. This must be of the form:
--   <tt>arn:aws:acm:us-east-1:<i>account</i>
--   :certificate/<i>12345678-1234-1234-1234-123456789012</i> </tt></li>
--   <li><a>ucoOptions</a> - Use to update the options for your
--   certificate. Currently, you can specify whether to add your
--   certificate to a transparency log. Certificate transparency makes it
--   possible to detect SSL/TLS certificates that have been mistakenly or
--   maliciously issued. Certificates that have not been logged typically
--   produce an error message in a browser.</li>
--   </ul>
updateCertificateOptions :: Text -> CertificateOptions -> UpdateCertificateOptions

-- | <i>See:</i> <a>updateCertificateOptions</a> smart constructor.
data UpdateCertificateOptions

-- | ARN of the requested certificate to update. This must be of the form:
--   <tt>arn:aws:acm:us-east-1:<i>account</i>
--   :certificate/<i>12345678-1234-1234-1234-123456789012</i> </tt>
ucoCertificateARN :: Lens' UpdateCertificateOptions Text

-- | Use to update the options for your certificate. Currently, you can
--   specify whether to add your certificate to a transparency log.
--   Certificate transparency makes it possible to detect SSL/TLS
--   certificates that have been mistakenly or maliciously issued.
--   Certificates that have not been logged typically produce an error
--   message in a browser.
ucoOptions :: Lens' UpdateCertificateOptions CertificateOptions

-- | Creates a value of <a>UpdateCertificateOptionsResponse</a> with the
--   minimum fields required to make a request.
updateCertificateOptionsResponse :: UpdateCertificateOptionsResponse

-- | <i>See:</i> <a>updateCertificateOptionsResponse</a> smart constructor.
data UpdateCertificateOptionsResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptionsResponse
instance Data.Data.Data Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptionsResponse
instance GHC.Show.Show Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptionsResponse
instance GHC.Read.Read Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptionsResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptionsResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptions
instance Data.Data.Data Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptions
instance GHC.Show.Show Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptions
instance GHC.Read.Read Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptions
instance GHC.Classes.Eq Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptions
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptions
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptionsResponse
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptions
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptions
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptions
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptions
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptions
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.UpdateCertificateOptions.UpdateCertificateOptions


module Network.AWS.CertificateManager.Waiters


-- | <b>AWS Certificate Manager</b>
--   
--   Welcome to the AWS Certificate Manager (ACM) API documentation.
--   
--   You can use ACM to manage SSL<i>TLS certificates for your AWS-based
--   websites and applications. For general information about using ACM,
--   see the
--   &lt;http:</i><i>docs.aws.amazon.com</i>acm<i>latest</i>userguide<i>
--   </i>AWS Certificate Manager User Guide/ &gt; .
module Network.AWS.CertificateManager

-- | API version <tt>2015-12-08</tt> of the Amazon Certificate Manager SDK
--   configuration.
certificateManager :: Service

-- | One or both of the values that make up the key-value pair is not
--   valid. For example, you cannot specify a tag value that begins with
--   <tt>aws:</tt> .
_InvalidTagException :: AsError a => Getting (First ServiceError) a ServiceError

-- | One or more values in the <a>DomainValidationOption</a> structure is
--   incorrect.
_InvalidDomainValidationOptionsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request contains too many tags. Try the request again with fewer
--   tags.
_TooManyTagsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The certificate request is in process and the certificate in your
--   account has not yet been issued.
_RequestInProgressException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The requested Amazon Resource Name (ARN) does not refer to an existing
--   resource.
_InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The specified certificate cannot be found in the caller's account or
--   the caller's account cannot be found.
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Processing has reached an invalid state.
_InvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError

-- | An ACM limit has been exceeded.
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The certificate is in use by another AWS service in the caller's
--   account. Remove the association and try again.
_ResourceInUseException :: AsError a => Getting (First ServiceError) a ServiceError
data CertificateStatus
CSExpired :: CertificateStatus
CSFailed :: CertificateStatus
CSInactive :: CertificateStatus
CSIssued :: CertificateStatus
CSPendingValidation :: CertificateStatus
CSRevoked :: CertificateStatus
CSValidationTimedOut :: CertificateStatus
data CertificateTransparencyLoggingPreference
Disabled :: CertificateTransparencyLoggingPreference
Enabled :: CertificateTransparencyLoggingPreference
data CertificateType
AmazonIssued :: CertificateType
Imported :: CertificateType
Private :: CertificateType
data DomainStatus
Failed :: DomainStatus
PendingValidation :: DomainStatus
Success :: DomainStatus
data ExtendedKeyUsageName
Any :: ExtendedKeyUsageName
CodeSigning :: ExtendedKeyUsageName
Custom :: ExtendedKeyUsageName
EmailProtection :: ExtendedKeyUsageName
IPsecEndSystem :: ExtendedKeyUsageName
IPsecTunnel :: ExtendedKeyUsageName
IPsecUser :: ExtendedKeyUsageName
None :: ExtendedKeyUsageName
OcspSigning :: ExtendedKeyUsageName
TLSWebClientAuthentication :: ExtendedKeyUsageName
TLSWebServerAuthentication :: ExtendedKeyUsageName
TimeStamping :: ExtendedKeyUsageName
data FailureReason
AdditionalVerificationRequired :: FailureReason
CaaError :: FailureReason
DomainNotAllowed :: FailureReason
InvalidPublicDomain :: FailureReason
NoAvailableContacts :: FailureReason
Other :: FailureReason
PcaInvalidARN :: FailureReason
PcaInvalidArgs :: FailureReason
PcaInvalidState :: FailureReason
PcaLimitExceeded :: FailureReason
PcaRequestFailed :: FailureReason
PcaResourceNotFound :: FailureReason
data KeyAlgorithm
EcPRIME256V1 :: KeyAlgorithm
EcSECP384R1 :: KeyAlgorithm
EcSECP521R1 :: KeyAlgorithm
Rsa1024 :: KeyAlgorithm
Rsa2048 :: KeyAlgorithm
Rsa4096 :: KeyAlgorithm
data KeyUsageName
KUNAny :: KeyUsageName
KUNCertificateSigning :: KeyUsageName
KUNCrlSigning :: KeyUsageName
KUNCustom :: KeyUsageName
KUNDataEncipherment :: KeyUsageName
KUNDecipherOnly :: KeyUsageName
KUNDigitalSignature :: KeyUsageName
KUNEncipherOnly :: KeyUsageName
KUNKeyAgreement :: KeyUsageName
KUNKeyEncipherment :: KeyUsageName
KUNNonRepudiation :: KeyUsageName
data RecordType
Cname :: RecordType
data RenewalEligibility
Eligible :: RenewalEligibility
Ineligible :: RenewalEligibility
data RenewalStatus
RSFailed :: RenewalStatus
RSPendingAutoRenewal :: RenewalStatus
RSPendingValidation :: RenewalStatus
RSSuccess :: RenewalStatus
data RevocationReason
AACompromise :: RevocationReason
AffiliationChanged :: RevocationReason
CaCompromise :: RevocationReason
CertificateHold :: RevocationReason
CessationOfOperation :: RevocationReason
KeyCompromise :: RevocationReason
PrivilegeWithdrawn :: RevocationReason
RemoveFromCrl :: RevocationReason
Superceded :: RevocationReason
Unspecified :: RevocationReason
data ValidationMethod
DNS :: ValidationMethod
Email :: ValidationMethod

-- | Contains metadata about an ACM certificate. This structure is returned
--   in the response to a <tt>DescribeCertificate</tt> request.
--   
--   <i>See:</i> <a>certificateDetail</a> smart constructor.
data CertificateDetail

-- | Creates a value of <a>CertificateDetail</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cdSubject</a> - The name of the entity that is associated with
--   the public key contained in the certificate.</li>
--   <li><a>cdStatus</a> - The status of the certificate.</li>
--   <li><a>cdFailureReason</a> - The reason the certificate request
--   failed. This value exists only when the certificate status is
--   <tt>FAILED</tt> . For more information, see <a>Certificate Request
--   Failed</a> in the <i>AWS Certificate Manager User Guide</i> .</li>
--   <li><a>cdSubjectAlternativeNames</a> - One or more domain names
--   (subject alternative names) included in the certificate. This list
--   contains the domain names that are bound to the public key that is
--   contained in the certificate. The subject alternative names include
--   the canonical domain name (CN) of the certificate and additional
--   domain names that can be used to connect to the website.</li>
--   <li><a>cdInUseBy</a> - A list of ARNs for the AWS resources that are
--   using the certificate. A certificate can be used by multiple AWS
--   resources.</li>
--   <li><a>cdCreatedAt</a> - The time at which the certificate was
--   requested. This value exists only when the certificate type is
--   <tt>AMAZON_ISSUED</tt> .</li>
--   <li><a>cdCertificateARN</a> - The Amazon Resource Name (ARN) of the
--   certificate. For more information about ARNs, see <a>Amazon Resource
--   Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS General
--   Reference</i> .</li>
--   <li><a>cdSerial</a> - The serial number of the certificate.</li>
--   <li><a>cdRenewalEligibility</a> - Specifies whether the certificate is
--   eligible for renewal.</li>
--   <li><a>cdExtendedKeyUsages</a> - Contains a list of Extended Key Usage
--   X.509 v3 extension objects. Each object specifies a purpose for which
--   the certificate public key can be used and consists of a name and an
--   object identifier (OID).</li>
--   <li><a>cdImportedAt</a> - The date and time at which the certificate
--   was imported. This value exists only when the certificate type is
--   <tt>IMPORTED</tt> .</li>
--   <li><a>cdKeyUsages</a> - A list of Key Usage X.509 v3 extension
--   objects. Each object is a string value that identifies the purpose of
--   the public key contained in the certificate. Possible extension values
--   include DIGITAL_SIGNATURE, KEY_ENCHIPHERMENT, NON_REPUDIATION, and
--   more.</li>
--   <li><a>cdRevokedAt</a> - The time at which the certificate was
--   revoked. This value exists only when the certificate status is
--   <tt>REVOKED</tt> .</li>
--   <li><a>cdNotBefore</a> - The time before which the certificate is not
--   valid.</li>
--   <li><a>cdRevocationReason</a> - The reason the certificate was
--   revoked. This value exists only when the certificate status is
--   <tt>REVOKED</tt> .</li>
--   <li><a>cdDomainName</a> - The fully qualified domain name for the
--   certificate, such as www.example.com or example.com.</li>
--   <li><a>cdRenewalSummary</a> - Contains information about the status of
--   ACM's <a>managed renewal</a> for the certificate. This field exists
--   only when the certificate type is <tt>AMAZON_ISSUED</tt> .</li>
--   <li><a>cdKeyAlgorithm</a> - The algorithm that was used to generate
--   the public-private key pair.</li>
--   <li><a>cdType</a> - The source of the certificate. For certificates
--   provided by ACM, this value is <tt>AMAZON_ISSUED</tt> . For
--   certificates that you imported with <tt>ImportCertificate</tt> , this
--   value is <tt>IMPORTED</tt> . ACM does not provide <a>managed
--   renewal</a> for imported certificates. For more information about the
--   differences between certificates that you import and those that ACM
--   provides, see <a>Importing Certificates</a> in the <i>AWS Certificate
--   Manager User Guide</i> .</li>
--   <li><a>cdOptions</a> - Value that specifies whether to add the
--   certificate to a transparency log. Certificate transparency makes it
--   possible to detect SSL certificates that have been mistakenly or
--   maliciously issued. A browser might respond to certificate that has
--   not been logged by showing an error message. The logs are
--   cryptographically secure.</li>
--   <li><a>cdIssuedAt</a> - The time at which the certificate was issued.
--   This value exists only when the certificate type is
--   <tt>AMAZON_ISSUED</tt> .</li>
--   <li><a>cdSignatureAlgorithm</a> - The algorithm that was used to sign
--   the certificate.</li>
--   <li><a>cdDomainValidationOptions</a> - Contains information about the
--   initial validation of each domain name that occurs as a result of the
--   <tt>RequestCertificate</tt> request. This field exists only when the
--   certificate type is <tt>AMAZON_ISSUED</tt> .</li>
--   <li><a>cdIssuer</a> - The name of the certificate authority that
--   issued and signed the certificate.</li>
--   <li><a>cdNotAfter</a> - The time after which the certificate is not
--   valid.</li>
--   <li><a>cdCertificateAuthorityARN</a> - The Amazon Resource Name (ARN)
--   of the ACM PCA private certificate authority (CA) that issued the
--   certificate. This has the following format:
--   <tt>arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012</tt></li>
--   </ul>
certificateDetail :: CertificateDetail

-- | The name of the entity that is associated with the public key
--   contained in the certificate.
cdSubject :: Lens' CertificateDetail (Maybe Text)

-- | The status of the certificate.
cdStatus :: Lens' CertificateDetail (Maybe CertificateStatus)

-- | The reason the certificate request failed. This value exists only when
--   the certificate status is <tt>FAILED</tt> . For more information, see
--   <a>Certificate Request Failed</a> in the <i>AWS Certificate Manager
--   User Guide</i> .
cdFailureReason :: Lens' CertificateDetail (Maybe FailureReason)

-- | One or more domain names (subject alternative names) included in the
--   certificate. This list contains the domain names that are bound to the
--   public key that is contained in the certificate. The subject
--   alternative names include the canonical domain name (CN) of the
--   certificate and additional domain names that can be used to connect to
--   the website.
cdSubjectAlternativeNames :: Lens' CertificateDetail (Maybe (NonEmpty Text))

-- | A list of ARNs for the AWS resources that are using the certificate. A
--   certificate can be used by multiple AWS resources.
cdInUseBy :: Lens' CertificateDetail [Text]

-- | The time at which the certificate was requested. This value exists
--   only when the certificate type is <tt>AMAZON_ISSUED</tt> .
cdCreatedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | The Amazon Resource Name (ARN) of the certificate. For more
--   information about ARNs, see <a>Amazon Resource Names (ARNs) and AWS
--   Service Namespaces</a> in the <i>AWS General Reference</i> .
cdCertificateARN :: Lens' CertificateDetail (Maybe Text)

-- | The serial number of the certificate.
cdSerial :: Lens' CertificateDetail (Maybe Text)

-- | Specifies whether the certificate is eligible for renewal.
cdRenewalEligibility :: Lens' CertificateDetail (Maybe RenewalEligibility)

-- | Contains a list of Extended Key Usage X.509 v3 extension objects. Each
--   object specifies a purpose for which the certificate public key can be
--   used and consists of a name and an object identifier (OID).
cdExtendedKeyUsages :: Lens' CertificateDetail [ExtendedKeyUsage]

-- | The date and time at which the certificate was imported. This value
--   exists only when the certificate type is <tt>IMPORTED</tt> .
cdImportedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | A list of Key Usage X.509 v3 extension objects. Each object is a
--   string value that identifies the purpose of the public key contained
--   in the certificate. Possible extension values include
--   DIGITAL_SIGNATURE, KEY_ENCHIPHERMENT, NON_REPUDIATION, and more.
cdKeyUsages :: Lens' CertificateDetail [KeyUsage]

-- | The time at which the certificate was revoked. This value exists only
--   when the certificate status is <tt>REVOKED</tt> .
cdRevokedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | The time before which the certificate is not valid.
cdNotBefore :: Lens' CertificateDetail (Maybe UTCTime)

-- | The reason the certificate was revoked. This value exists only when
--   the certificate status is <tt>REVOKED</tt> .
cdRevocationReason :: Lens' CertificateDetail (Maybe RevocationReason)

-- | The fully qualified domain name for the certificate, such as
--   www.example.com or example.com.
cdDomainName :: Lens' CertificateDetail (Maybe Text)

-- | Contains information about the status of ACM's <a>managed renewal</a>
--   for the certificate. This field exists only when the certificate type
--   is <tt>AMAZON_ISSUED</tt> .
cdRenewalSummary :: Lens' CertificateDetail (Maybe RenewalSummary)

-- | The algorithm that was used to generate the public-private key pair.
cdKeyAlgorithm :: Lens' CertificateDetail (Maybe KeyAlgorithm)

-- | The source of the certificate. For certificates provided by ACM, this
--   value is <tt>AMAZON_ISSUED</tt> . For certificates that you imported
--   with <tt>ImportCertificate</tt> , this value is <tt>IMPORTED</tt> .
--   ACM does not provide <a>managed renewal</a> for imported certificates.
--   For more information about the differences between certificates that
--   you import and those that ACM provides, see <a>Importing
--   Certificates</a> in the <i>AWS Certificate Manager User Guide</i> .
cdType :: Lens' CertificateDetail (Maybe CertificateType)

-- | Value that specifies whether to add the certificate to a transparency
--   log. Certificate transparency makes it possible to detect SSL
--   certificates that have been mistakenly or maliciously issued. A
--   browser might respond to certificate that has not been logged by
--   showing an error message. The logs are cryptographically secure.
cdOptions :: Lens' CertificateDetail (Maybe CertificateOptions)

-- | The time at which the certificate was issued. This value exists only
--   when the certificate type is <tt>AMAZON_ISSUED</tt> .
cdIssuedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | The algorithm that was used to sign the certificate.
cdSignatureAlgorithm :: Lens' CertificateDetail (Maybe Text)

-- | Contains information about the initial validation of each domain name
--   that occurs as a result of the <tt>RequestCertificate</tt> request.
--   This field exists only when the certificate type is
--   <tt>AMAZON_ISSUED</tt> .
cdDomainValidationOptions :: Lens' CertificateDetail (Maybe (NonEmpty DomainValidation))

-- | The name of the certificate authority that issued and signed the
--   certificate.
cdIssuer :: Lens' CertificateDetail (Maybe Text)

-- | The time after which the certificate is not valid.
cdNotAfter :: Lens' CertificateDetail (Maybe UTCTime)

-- | The Amazon Resource Name (ARN) of the ACM PCA private certificate
--   authority (CA) that issued the certificate. This has the following
--   format:
--   <tt>arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012</tt>
cdCertificateAuthorityARN :: Lens' CertificateDetail (Maybe Text)

-- | Structure that contains options for your certificate. Currently, you
--   can use this only to specify whether to opt in to or out of
--   certificate transparency logging. Some browsers require that public
--   certificates issued for your domain be recorded in a log. Certificates
--   that are not logged typically generate a browser error. Transparency
--   makes it possible for you to detect SSL<i>TLS certificates that have
--   been mistakenly or maliciously issued for your domain. For general
--   information, see
--   &lt;http:</i><i>docs.aws.amazon.com</i>acm<i>latest</i>userguide/acm-concepts.html#concept-transparency
--   Certificate Transparency Logging&gt; .
--   
--   <i>See:</i> <a>certificateOptions</a> smart constructor.
data CertificateOptions

-- | Creates a value of <a>CertificateOptions</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>coCertificateTransparencyLoggingPreference</a> - You can opt
--   out of certificate transparency logging by specifying the
--   <tt>DISABLED</tt> option. Opt in by specifying <tt>ENABLED</tt> .</li>
--   </ul>
certificateOptions :: CertificateOptions

-- | You can opt out of certificate transparency logging by specifying the
--   <tt>DISABLED</tt> option. Opt in by specifying <tt>ENABLED</tt> .
coCertificateTransparencyLoggingPreference :: Lens' CertificateOptions (Maybe CertificateTransparencyLoggingPreference)

-- | This structure is returned in the response object of
--   <tt>ListCertificates</tt> action.
--   
--   <i>See:</i> <a>certificateSummary</a> smart constructor.
data CertificateSummary

-- | Creates a value of <a>CertificateSummary</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>csCertificateARN</a> - Amazon Resource Name (ARN) of the
--   certificate. This is of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   <li><a>csDomainName</a> - Fully qualified domain name (FQDN), such as
--   www.example.com or example.com, for the certificate.</li>
--   </ul>
certificateSummary :: CertificateSummary

-- | Amazon Resource Name (ARN) of the certificate. This is of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
csCertificateARN :: Lens' CertificateSummary (Maybe Text)

-- | Fully qualified domain name (FQDN), such as www.example.com or
--   example.com, for the certificate.
csDomainName :: Lens' CertificateSummary (Maybe Text)

-- | Contains information about the validation of each domain name in the
--   certificate.
--   
--   <i>See:</i> <a>domainValidation</a> smart constructor.
data DomainValidation

-- | Creates a value of <a>DomainValidation</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dvValidationEmails</a> - A list of email addresses that ACM
--   used to send domain validation emails.</li>
--   <li><a>dvValidationMethod</a> - Specifies the domain validation
--   method.</li>
--   <li><a>dvResourceRecord</a> - Contains the CNAME record that you add
--   to your DNS database for domain validation. For more information, see
--   <a>Use DNS to Validate Domain Ownership</a> .</li>
--   <li><a>dvValidationStatus</a> - The validation status of the domain
--   name. This can be one of the following values: *
--   <tt>PENDING_VALIDATION</tt> * SUCCESS * FAILED</li>
--   <li><a>dvValidationDomain</a> - The domain name that ACM used to send
--   domain validation emails.</li>
--   <li><a>dvDomainName</a> - A fully qualified domain name (FQDN) in the
--   certificate. For example, <tt>www.example.com</tt> or
--   <tt>example.com</tt> .</li>
--   </ul>
domainValidation :: Text -> DomainValidation

-- | A list of email addresses that ACM used to send domain validation
--   emails.
dvValidationEmails :: Lens' DomainValidation [Text]

-- | Specifies the domain validation method.
dvValidationMethod :: Lens' DomainValidation (Maybe ValidationMethod)

-- | Contains the CNAME record that you add to your DNS database for domain
--   validation. For more information, see <a>Use DNS to Validate Domain
--   Ownership</a> .
dvResourceRecord :: Lens' DomainValidation (Maybe ResourceRecord)

-- | The validation status of the domain name. This can be one of the
--   following values: * <tt>PENDING_VALIDATION</tt> * SUCCESS * FAILED
dvValidationStatus :: Lens' DomainValidation (Maybe DomainStatus)

-- | The domain name that ACM used to send domain validation emails.
dvValidationDomain :: Lens' DomainValidation (Maybe Text)

-- | A fully qualified domain name (FQDN) in the certificate. For example,
--   <tt>www.example.com</tt> or <tt>example.com</tt> .
dvDomainName :: Lens' DomainValidation Text

-- | Contains information about the domain names that you want ACM to use
--   to send you emails that enable you to validate domain ownership.
--   
--   <i>See:</i> <a>domainValidationOption</a> smart constructor.
data DomainValidationOption

-- | Creates a value of <a>DomainValidationOption</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dvoDomainName</a> - A fully qualified domain name (FQDN) in the
--   certificate request.</li>
--   <li><a>dvoValidationDomain</a> - The domain name that you want ACM to
--   use to send you validation emails. This domain name is the suffix of
--   the email addresses that you want ACM to use. This must be the same as
--   the <tt>DomainName</tt> value or a superdomain of the
--   <tt>DomainName</tt> value. For example, if you request a certificate
--   for <tt>testing.example.com</tt> , you can specify
--   <tt>example.com</tt> for this value. In that case, ACM sends domain
--   validation emails to the following five addresses: *
--   admin<tt>example.com * administrator</tt>example.com *
--   hostmaster<tt>example.com * postmaster</tt>example.com *
--   webmaster@example.com</li>
--   </ul>
domainValidationOption :: Text -> Text -> DomainValidationOption

-- | A fully qualified domain name (FQDN) in the certificate request.
dvoDomainName :: Lens' DomainValidationOption Text

-- | The domain name that you want ACM to use to send you validation
--   emails. This domain name is the suffix of the email addresses that you
--   want ACM to use. This must be the same as the <tt>DomainName</tt>
--   value or a superdomain of the <tt>DomainName</tt> value. For example,
--   if you request a certificate for <tt>testing.example.com</tt> , you
--   can specify <tt>example.com</tt> for this value. In that case, ACM
--   sends domain validation emails to the following five addresses: *
--   admin<tt>example.com * administrator</tt>example.com *
--   hostmaster<tt>example.com * postmaster</tt>example.com *
--   webmaster@example.com
dvoValidationDomain :: Lens' DomainValidationOption Text

-- | The Extended Key Usage X.509 v3 extension defines one or more purposes
--   for which the public key can be used. This is in addition to or in
--   place of the basic purposes specified by the Key Usage extension.
--   
--   <i>See:</i> <a>extendedKeyUsage</a> smart constructor.
data ExtendedKeyUsage

-- | Creates a value of <a>ExtendedKeyUsage</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ekuOId</a> - An object identifier (OID) for the extension
--   value. OIDs are strings of numbers separated by periods. The following
--   OIDs are defined in RFC 3280 and RFC 5280. * <tt>1.3.6.1.5.5.7.3.1
--   (TLS_WEB_SERVER_AUTHENTICATION)</tt> * <tt>1.3.6.1.5.5.7.3.2
--   (TLS_WEB_CLIENT_AUTHENTICATION)</tt> * <tt>1.3.6.1.5.5.7.3.3
--   (CODE_SIGNING)</tt> * <tt>1.3.6.1.5.5.7.3.4 (EMAIL_PROTECTION)</tt> *
--   <tt>1.3.6.1.5.5.7.3.8 (TIME_STAMPING)</tt> * <tt>1.3.6.1.5.5.7.3.9
--   (OCSP_SIGNING)</tt> * <tt>1.3.6.1.5.5.7.3.5 (IPSEC_END_SYSTEM)</tt> *
--   <tt>1.3.6.1.5.5.7.3.6 (IPSEC_TUNNEL)</tt> * <tt>1.3.6.1.5.5.7.3.7
--   (IPSEC_USER)</tt></li>
--   <li><a>ekuName</a> - The name of an Extended Key Usage value.</li>
--   </ul>
extendedKeyUsage :: ExtendedKeyUsage

-- | An object identifier (OID) for the extension value. OIDs are strings
--   of numbers separated by periods. The following OIDs are defined in RFC
--   3280 and RFC 5280. * <tt>1.3.6.1.5.5.7.3.1
--   (TLS_WEB_SERVER_AUTHENTICATION)</tt> * <tt>1.3.6.1.5.5.7.3.2
--   (TLS_WEB_CLIENT_AUTHENTICATION)</tt> * <tt>1.3.6.1.5.5.7.3.3
--   (CODE_SIGNING)</tt> * <tt>1.3.6.1.5.5.7.3.4 (EMAIL_PROTECTION)</tt> *
--   <tt>1.3.6.1.5.5.7.3.8 (TIME_STAMPING)</tt> * <tt>1.3.6.1.5.5.7.3.9
--   (OCSP_SIGNING)</tt> * <tt>1.3.6.1.5.5.7.3.5 (IPSEC_END_SYSTEM)</tt> *
--   <tt>1.3.6.1.5.5.7.3.6 (IPSEC_TUNNEL)</tt> * <tt>1.3.6.1.5.5.7.3.7
--   (IPSEC_USER)</tt>
ekuOId :: Lens' ExtendedKeyUsage (Maybe Text)

-- | The name of an Extended Key Usage value.
ekuName :: Lens' ExtendedKeyUsage (Maybe ExtendedKeyUsageName)

-- | This structure can be used in the <tt>ListCertificates</tt> action to
--   filter the output of the certificate list.
--   
--   <i>See:</i> <a>filters</a> smart constructor.
data Filters

-- | Creates a value of <a>Filters</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>fKeyTypes</a> - Specify one or more algorithms that can be used
--   to generate key pairs.</li>
--   <li><a>fKeyUsage</a> - Specify one or more <a>KeyUsage</a> extension
--   values.</li>
--   <li><a>fExtendedKeyUsage</a> - Specify one or more
--   <a>ExtendedKeyUsage</a> extension values.</li>
--   </ul>
filters :: Filters

-- | Specify one or more algorithms that can be used to generate key pairs.
fKeyTypes :: Lens' Filters [KeyAlgorithm]

-- | Specify one or more <a>KeyUsage</a> extension values.
fKeyUsage :: Lens' Filters [KeyUsageName]

-- | Specify one or more <a>ExtendedKeyUsage</a> extension values.
fExtendedKeyUsage :: Lens' Filters [ExtendedKeyUsageName]

-- | The Key Usage X.509 v3 extension defines the purpose of the public key
--   contained in the certificate.
--   
--   <i>See:</i> <a>keyUsage</a> smart constructor.
data KeyUsage

-- | Creates a value of <a>KeyUsage</a> with the minimum fields required to
--   make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>kuName</a> - A string value that contains a Key Usage extension
--   name.</li>
--   </ul>
keyUsage :: KeyUsage

-- | A string value that contains a Key Usage extension name.
kuName :: Lens' KeyUsage (Maybe KeyUsageName)

-- | Contains information about the status of ACM's <a>managed renewal</a>
--   for the certificate. This structure exists only when the certificate
--   type is <tt>AMAZON_ISSUED</tt> .
--   
--   <i>See:</i> <a>renewalSummary</a> smart constructor.
data RenewalSummary

-- | Creates a value of <a>RenewalSummary</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rsRenewalStatus</a> - The status of ACM's <a>managed
--   renewal</a> of the certificate.</li>
--   <li><a>rsDomainValidationOptions</a> - Contains information about the
--   validation of each domain name in the certificate, as it pertains to
--   ACM's <a>managed renewal</a> . This is different from the initial
--   validation that occurs as a result of the <tt>RequestCertificate</tt>
--   request. This field exists only when the certificate type is
--   <tt>AMAZON_ISSUED</tt> .</li>
--   </ul>
renewalSummary :: RenewalStatus -> NonEmpty DomainValidation -> RenewalSummary

-- | The status of ACM's <a>managed renewal</a> of the certificate.
rsRenewalStatus :: Lens' RenewalSummary RenewalStatus

-- | Contains information about the validation of each domain name in the
--   certificate, as it pertains to ACM's <a>managed renewal</a> . This is
--   different from the initial validation that occurs as a result of the
--   <tt>RequestCertificate</tt> request. This field exists only when the
--   certificate type is <tt>AMAZON_ISSUED</tt> .
rsDomainValidationOptions :: Lens' RenewalSummary (NonEmpty DomainValidation)

-- | Contains a DNS record value that you can use to can use to validate
--   ownership or control of a domain. This is used by the
--   <tt>DescribeCertificate</tt> action.
--   
--   <i>See:</i> <a>resourceRecord</a> smart constructor.
data ResourceRecord

-- | Creates a value of <a>ResourceRecord</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rrName</a> - The name of the DNS record to create in your
--   domain. This is supplied by ACM.</li>
--   <li><a>rrType</a> - The type of DNS record. Currently this can be
--   <tt>CNAME</tt> .</li>
--   <li><a>rrValue</a> - The value of the CNAME record to add to your DNS
--   database. This is supplied by ACM.</li>
--   </ul>
resourceRecord :: Text -> RecordType -> Text -> ResourceRecord

-- | The name of the DNS record to create in your domain. This is supplied
--   by ACM.
rrName :: Lens' ResourceRecord Text

-- | The type of DNS record. Currently this can be <tt>CNAME</tt> .
rrType :: Lens' ResourceRecord RecordType

-- | The value of the CNAME record to add to your DNS database. This is
--   supplied by ACM.
rrValue :: Lens' ResourceRecord Text

-- | A key-value pair that identifies or specifies metadata about an ACM
--   resource.
--   
--   <i>See:</i> <a>tag</a> smart constructor.
data Tag

-- | Creates a value of <a>Tag</a> with the minimum fields required to make
--   a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>tagValue</a> - The value of the tag.</li>
--   <li><a>tagKey</a> - The key of the tag.</li>
--   </ul>
tag :: Text -> Tag

-- | The value of the tag.
tagValue :: Lens' Tag (Maybe Text)

-- | The key of the tag.
tagKey :: Lens' Tag Text
