docs(client-acm-pca): Doc-only update that adds name constraints as an allowed extension for ImportCertificateAuthorityCertificate.

awstools · awstools · commit d3f9d15002ac · 2024-06-17T18:23:16.000Z
diff --git a/clients/client-acm-pca/src/commands/CreateCertificateAuthorityCommand.ts b/clients/client-acm-pca/src/commands/CreateCertificateAuthorityCommand.ts
@@ -47,7 +47,7 @@ export interface CreateCertificateAuthorityCommandOutput extends CreateCertifica
  * 						policies for CRLs in Amazon S3</a>.</p>
  *          </note>
  *          <p>Amazon Web Services Private CA assets that are stored in Amazon S3 can be protected with encryption.
- *   For more information, see <a href="https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption">Encrypting Your
+ *   For more information, see <a href="https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#crl-encryption">Encrypting Your
  * 			CRLs</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
diff --git a/clients/client-acm-pca/src/commands/ImportCertificateAuthorityCertificateCommand.ts b/clients/client-acm-pca/src/commands/ImportCertificateAuthorityCertificateCommand.ts
@@ -102,64 +102,62 @@ export interface ImportCertificateAuthorityCertificateCommandOutput extends __Me
  * 			certificate or chain.</p>
  *          <ul>
  *             <li>
- *                <p>Basic constraints (<i>must</i> be marked critical)</p>
+ *                <p>Authority key identifier</p>
  *             </li>
  *             <li>
- *                <p>Subject alternative names</p>
+ *                <p>Basic constraints (<i>must</i> be marked critical)</p>
  *             </li>
  *             <li>
- *                <p>Key usage</p>
+ *                <p>Certificate policies</p>
  *             </li>
  *             <li>
  *                <p>Extended key usage</p>
  *             </li>
  *             <li>
- *                <p>Authority key identifier</p>
+ *                <p>Inhibit anyPolicy</p>
  *             </li>
  *             <li>
- *                <p>Subject key identifier</p>
+ *                <p>Issuer alternative name</p>
  *             </li>
  *             <li>
- *                <p>Issuer alternative name</p>
+ *                <p>Key usage</p>
  *             </li>
  *             <li>
- *                <p>Subject directory attributes</p>
+ *                <p>Name constraints</p>
  *             </li>
  *             <li>
- *                <p>Subject information access</p>
+ *                <p>Policy mappings</p>
  *             </li>
  *             <li>
- *                <p>Certificate policies</p>
+ *                <p>Subject alternative name</p>
  *             </li>
  *             <li>
- *                <p>Policy mappings</p>
+ *                <p>Subject directory attributes</p>
  *             </li>
  *             <li>
- *                <p>Inhibit anyPolicy</p>
+ *                <p>Subject key identifier</p>
+ *             </li>
+ *             <li>
+ *                <p>Subject information access</p>
  *             </li>
  *          </ul>
  *          <p>Amazon Web Services Private CA rejects the following extensions when they are marked critical in an
  * 			imported CA certificate or chain.</p>
  *          <ul>
  *             <li>
- *                <p>Name constraints</p>
- *             </li>
- *             <li>
- *                <p>Policy constraints</p>
+ *                <p>Authority information access</p>
  *             </li>
  *             <li>
  *                <p>CRL distribution points</p>
  *             </li>
  *             <li>
- *                <p>Authority information access</p>
- *             </li>
- *             <li>
  *                <p>Freshest CRL</p>
  *             </li>
  *             <li>
- *                <p>Any other extension</p>
+ *                <p>Policy constraints</p>
  *             </li>
  *          </ul>
+ *          <p>Amazon Web Services Private Certificate Authority will also reject any other extension marked as critical not contained on the preceding list of allowed extensions.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
diff --git a/clients/client-acm-pca/src/models/models_0.ts b/clients/client-acm-pca/src/models/models_0.ts
@@ -531,7 +531,7 @@ export type S3ObjectAcl = (typeof S3ObjectAcl)[keyof typeof S3ObjectAcl];
  * 				parameter. Your S3
  * 			bucket policy must give write permission to Amazon Web Services Private CA. </p>
  *          <p>Amazon Web Services Private CA assets that are stored in Amazon S3 can be protected with encryption.
- *   For more information, see <a href="https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#crl-encryption">Encrypting Your
+ *   For more information, see <a href="https://docs.aws.amazon.com/privateca/latest/userguide/crl-planning.html#crl-encryption">Encrypting Your
  * 			CRLs</a>.</p>
  *          <p>Your private CA uses the value in the <b>ExpirationInDays</b> parameter to calculate the <b>nextUpdate</b> field in the CRL. The CRL is refreshed prior to a
  * 			certificate's expiration date or when a certificate is revoked. When a certificate is
diff --git a/codegen/sdk-codegen/aws-models/acm-pca.json b/codegen/sdk-codegen/aws-models/acm-pca.json
