| Copyright | (c) 2013-2021 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
Amazonka.CertificateManagerPCA.DeleteCertificateAuthority
Description
Deletes a private certificate authority (CA). You must provide the Amazon Resource Name (ARN) of the private CA that you want to delete. You can find the ARN by calling the ListCertificateAuthorities action.
Deleting a CA will invalidate other CAs and certificates below it in your CA hierarchy.
Before you can delete a CA that you have created and activated, you must
disable it. To do this, call the
UpdateCertificateAuthority
action and set the CertificateAuthorityStatus parameter to
DISABLED.
Additionally, you can delete a CA if you are waiting for it to be
created (that is, the status of the CA is CREATING). You can also
delete it if the CA has been created but you haven't yet imported the
signed certificate into ACM Private CA (that is, the status of the CA is
PENDING_CERTIFICATE).
When you successfully call
DeleteCertificateAuthority,
the CA's status changes to DELETED. However, the CA won't be
permanently deleted until the restoration period has passed. By default,
if you do not set the PermanentDeletionTimeInDays parameter, the CA
remains restorable for 30 days. You can set the parameter from 7 to 30
days. The
DescribeCertificateAuthority
action returns the time remaining in the restoration window of a private
CA in the DELETED state. To restore an eligible CA, call the
RestoreCertificateAuthority
action.
Synopsis
- data DeleteCertificateAuthority = DeleteCertificateAuthority' {}
- newDeleteCertificateAuthority :: Text -> DeleteCertificateAuthority
- deleteCertificateAuthority_permanentDeletionTimeInDays :: Lens' DeleteCertificateAuthority (Maybe Natural)
- deleteCertificateAuthority_certificateAuthorityArn :: Lens' DeleteCertificateAuthority Text
- data DeleteCertificateAuthorityResponse = DeleteCertificateAuthorityResponse' {
- newDeleteCertificateAuthorityResponse :: DeleteCertificateAuthorityResponse
Creating a Request
data DeleteCertificateAuthority Source #
See: newDeleteCertificateAuthority smart constructor.
Constructors
| DeleteCertificateAuthority' | |
Fields
| |
Instances
newDeleteCertificateAuthority Source #
Arguments
| :: Text | |
| -> DeleteCertificateAuthority |
Create a value of DeleteCertificateAuthority with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:permanentDeletionTimeInDays:DeleteCertificateAuthority', deleteCertificateAuthority_permanentDeletionTimeInDays - The number of days to make a CA restorable after it has been deleted.
This can be anywhere from 7 to 30 days, with 30 being the default.
$sel:certificateAuthorityArn:DeleteCertificateAuthority', deleteCertificateAuthority_certificateAuthorityArn - The Amazon Resource Name (ARN) that was returned when you called
CreateCertificateAuthority.
This must have the following form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
Request Lenses
deleteCertificateAuthority_permanentDeletionTimeInDays :: Lens' DeleteCertificateAuthority (Maybe Natural) Source #
The number of days to make a CA restorable after it has been deleted. This can be anywhere from 7 to 30 days, with 30 being the default.
deleteCertificateAuthority_certificateAuthorityArn :: Lens' DeleteCertificateAuthority Text Source #
The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must have the following form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
Destructuring the Response
data DeleteCertificateAuthorityResponse Source #
See: newDeleteCertificateAuthorityResponse smart constructor.
Constructors
| DeleteCertificateAuthorityResponse' | |
Instances
newDeleteCertificateAuthorityResponse :: DeleteCertificateAuthorityResponse Source #
Create a value of DeleteCertificateAuthorityResponse with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.