-- Hoogle documentation, generated by Haddock
-- See Hoogle, http://www.haskell.org/hoogle/


-- | Amazon Certificate Manager SDK.
--   
--   The types from this library are intended to be used with
--   <a>amazonka</a>, which provides mechanisms for specifying AuthN/AuthZ
--   information, sending requests, and receiving responses.
--   
--   Lenses are used for constructing and manipulating types, due to the
--   depth of nesting of AWS types and transparency regarding
--   de/serialisation into more palatable Haskell values. The provided
--   lenses should be compatible with any of the major lens libraries such
--   as <a>lens</a> or <a>lens-family-core</a>.
--   
--   See <a>Network.AWS.CertificateManager</a> or <a>the AWS
--   documentation</a> to get started.
@package amazonka-certificatemanager
@version 1.4.5


module Network.AWS.CertificateManager.Types

-- | API version <tt>2015-12-08</tt> of the Amazon Certificate Manager SDK
--   configuration.
certificateManager :: Service

-- | One or both of the values that make up the key-value pair is not
--   valid. For example, you cannot specify a tag value that begins with
--   <tt>aws:</tt> .
_InvalidTagException :: AsError a => Getting (First ServiceError) a ServiceError

-- | One or more values in the <a>DomainValidationOption</a> structure is
--   incorrect.
_InvalidDomainValidationOptionsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request contains too many tags. Try the request again with fewer
--   tags.
_TooManyTagsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The certificate request is in process and the certificate in your
--   account has not yet been issued.
_RequestInProgressException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The requested Amazon Resource Name (ARN) does not refer to an existing
--   resource.
_InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The specified certificate cannot be found in the caller's account, or
--   the caller's account cannot be found.
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Processing has reached an invalid state. For example, this exception
--   can occur if the specified domain is not using email validation, or
--   the current certificate status does not permit the requested
--   operation. See the exception message returned by ACM to determine
--   which state is not valid.
_InvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError

-- | An ACM limit has been exceeded. For example, you may have input more
--   domains than are allowed or you've requested too many certificates for
--   your account. See the exception message returned by ACM to determine
--   which limit you have violated. For more information about ACM limits,
--   see the <a>Limits</a> topic.
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The certificate is in use by another AWS service in the caller's
--   account. Remove the association and try again.
_ResourceInUseException :: AsError a => Getting (First ServiceError) a ServiceError
data CertificateStatus
Expired :: CertificateStatus
Failed :: CertificateStatus
Inactive :: CertificateStatus
Issued :: CertificateStatus
PendingValidation :: CertificateStatus
Revoked :: CertificateStatus
ValidationTimedOut :: CertificateStatus
data CertificateType
AmazonIssued :: CertificateType
Imported :: CertificateType
data FailureReason
AdditionalVerificationRequired :: FailureReason
DomainNotAllowed :: FailureReason
InvalidPublicDomain :: FailureReason
NoAvailableContacts :: FailureReason
Other :: FailureReason
data KeyAlgorithm
EcPRIME256V1 :: KeyAlgorithm
Rsa1024 :: KeyAlgorithm
Rsa2048 :: KeyAlgorithm
data RevocationReason
AACompromise :: RevocationReason
AffiliationChanged :: RevocationReason
CaCompromise :: RevocationReason
CertificateHold :: RevocationReason
CessationOfOperation :: RevocationReason
KeyCompromise :: RevocationReason
PrivilegeWithdrawn :: RevocationReason
RemoveFromCrl :: RevocationReason
Superceded :: RevocationReason
Unspecified :: RevocationReason

-- | Contains detailed metadata about an ACM Certificate. This structure is
--   returned in the response to a <tt>DescribeCertificate</tt> request.
--   
--   <i>See:</i> <a>certificateDetail</a> smart constructor.
data CertificateDetail

-- | Creates a value of <a>CertificateDetail</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cdSubject</a> - The name of the entity that is associated with
--   the public key contained in the certificate.</li>
--   <li><a>cdStatus</a> - The status of the certificate.</li>
--   <li><a>cdFailureReason</a> - The reason the certificate request
--   failed. This value exists only when the certificate status is
--   <tt>FAILED</tt> . For more information, see <a>Certificate Request
--   Failed</a> in the <i>AWS Certificate Manager User Guide</i> .</li>
--   <li><a>cdSubjectAlternativeNames</a> - One or more domain names
--   (subject alternative names) included in the certificate. This list
--   contains the domain names that are bound to the public key that is
--   contained in the certificate. The subject alternative names include
--   the canonical domain name (CN) of the certificate and additional
--   domain names that can be used to connect to the website.</li>
--   <li><a>cdInUseBy</a> - A list of ARNs for the AWS resources that are
--   using the certificate. A certificate can be used by multiple AWS
--   resources.</li>
--   <li><a>cdCreatedAt</a> - The time at which the certificate was
--   requested. This value exists only when the certificate type is
--   <tt>AMAZON_ISSUED</tt> .</li>
--   <li><a>cdCertificateARN</a> - The Amazon Resource Name (ARN) of the
--   certificate. For more information about ARNs, see <a>Amazon Resource
--   Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS General
--   Reference</i> .</li>
--   <li><a>cdSerial</a> - The serial number of the certificate.</li>
--   <li><a>cdImportedAt</a> - The date and time at which the certificate
--   was imported. This value exists only when the certificate type is
--   <tt>IMPORTED</tt> .</li>
--   <li><a>cdRevokedAt</a> - The time at which the certificate was
--   revoked. This value exists only when the certificate status is
--   <tt>REVOKED</tt> .</li>
--   <li><a>cdNotBefore</a> - The time before which the certificate is not
--   valid.</li>
--   <li><a>cdRevocationReason</a> - The reason the certificate was
--   revoked. This value exists only when the certificate status is
--   <tt>REVOKED</tt> .</li>
--   <li><a>cdDomainName</a> - The fully qualified domain name for the
--   certificate, such as www.example.com or example.com.</li>
--   <li><a>cdKeyAlgorithm</a> - The algorithm that was used to generate
--   the key pair (the public and private key).</li>
--   <li><a>cdType</a> - The source of the certificate. For certificates
--   provided by ACM, this value is <tt>AMAZON_ISSUED</tt> . For
--   certificates that you imported with <tt>ImportCertificate</tt> , this
--   value is <tt>IMPORTED</tt> . ACM does not provide <a>managed
--   renewal</a> for imported certificates. For more information about the
--   differences between certificates that you import and those that ACM
--   provides, see <a>Importing Certificates</a> in the <i>AWS Certificate
--   Manager User Guide</i> .</li>
--   <li><a>cdIssuedAt</a> - The time at which the certificate was issued.
--   This value exists only when the certificate type is
--   <tt>AMAZON_ISSUED</tt> .</li>
--   <li><a>cdSignatureAlgorithm</a> - The algorithm that was used to sign
--   the certificate.</li>
--   <li><a>cdDomainValidationOptions</a> - Contains information about the
--   email address or addresses used for domain validation. This field
--   exists only when the certificate type is <tt>AMAZON_ISSUED</tt> .</li>
--   <li><a>cdIssuer</a> - The name of the certificate authority that
--   issued and signed the certificate.</li>
--   <li><a>cdNotAfter</a> - The time after which the certificate is not
--   valid.</li>
--   </ul>
certificateDetail :: CertificateDetail

-- | The name of the entity that is associated with the public key
--   contained in the certificate.
cdSubject :: Lens' CertificateDetail (Maybe Text)

-- | The status of the certificate.
cdStatus :: Lens' CertificateDetail (Maybe CertificateStatus)

-- | The reason the certificate request failed. This value exists only when
--   the certificate status is <tt>FAILED</tt> . For more information, see
--   <a>Certificate Request Failed</a> in the <i>AWS Certificate Manager
--   User Guide</i> .
cdFailureReason :: Lens' CertificateDetail (Maybe FailureReason)

-- | One or more domain names (subject alternative names) included in the
--   certificate. This list contains the domain names that are bound to the
--   public key that is contained in the certificate. The subject
--   alternative names include the canonical domain name (CN) of the
--   certificate and additional domain names that can be used to connect to
--   the website.
cdSubjectAlternativeNames :: Lens' CertificateDetail (Maybe (NonEmpty Text))

-- | A list of ARNs for the AWS resources that are using the certificate. A
--   certificate can be used by multiple AWS resources.
cdInUseBy :: Lens' CertificateDetail [Text]

-- | The time at which the certificate was requested. This value exists
--   only when the certificate type is <tt>AMAZON_ISSUED</tt> .
cdCreatedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | The Amazon Resource Name (ARN) of the certificate. For more
--   information about ARNs, see <a>Amazon Resource Names (ARNs) and AWS
--   Service Namespaces</a> in the <i>AWS General Reference</i> .
cdCertificateARN :: Lens' CertificateDetail (Maybe Text)

-- | The serial number of the certificate.
cdSerial :: Lens' CertificateDetail (Maybe Text)

-- | The date and time at which the certificate was imported. This value
--   exists only when the certificate type is <tt>IMPORTED</tt> .
cdImportedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | The time at which the certificate was revoked. This value exists only
--   when the certificate status is <tt>REVOKED</tt> .
cdRevokedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | The time before which the certificate is not valid.
cdNotBefore :: Lens' CertificateDetail (Maybe UTCTime)

-- | The reason the certificate was revoked. This value exists only when
--   the certificate status is <tt>REVOKED</tt> .
cdRevocationReason :: Lens' CertificateDetail (Maybe RevocationReason)

-- | The fully qualified domain name for the certificate, such as
--   www.example.com or example.com.
cdDomainName :: Lens' CertificateDetail (Maybe Text)

-- | The algorithm that was used to generate the key pair (the public and
--   private key).
cdKeyAlgorithm :: Lens' CertificateDetail (Maybe KeyAlgorithm)

-- | The source of the certificate. For certificates provided by ACM, this
--   value is <tt>AMAZON_ISSUED</tt> . For certificates that you imported
--   with <tt>ImportCertificate</tt> , this value is <tt>IMPORTED</tt> .
--   ACM does not provide <a>managed renewal</a> for imported certificates.
--   For more information about the differences between certificates that
--   you import and those that ACM provides, see <a>Importing
--   Certificates</a> in the <i>AWS Certificate Manager User Guide</i> .
cdType :: Lens' CertificateDetail (Maybe CertificateType)

-- | The time at which the certificate was issued. This value exists only
--   when the certificate type is <tt>AMAZON_ISSUED</tt> .
cdIssuedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | The algorithm that was used to sign the certificate.
cdSignatureAlgorithm :: Lens' CertificateDetail (Maybe Text)

-- | Contains information about the email address or addresses used for
--   domain validation. This field exists only when the certificate type is
--   <tt>AMAZON_ISSUED</tt> .
cdDomainValidationOptions :: Lens' CertificateDetail (Maybe (NonEmpty DomainValidation))

-- | The name of the certificate authority that issued and signed the
--   certificate.
cdIssuer :: Lens' CertificateDetail (Maybe Text)

-- | The time after which the certificate is not valid.
cdNotAfter :: Lens' CertificateDetail (Maybe UTCTime)

-- | This structure is returned in the response object of
--   <tt>ListCertificates</tt> action.
--   
--   <i>See:</i> <a>certificateSummary</a> smart constructor.
data CertificateSummary

-- | Creates a value of <a>CertificateSummary</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>csCertificateARN</a> - Amazon Resource Name (ARN) of the
--   certificate. This is of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   <li><a>csDomainName</a> - Fully qualified domain name (FQDN), such as
--   www.example.com or example.com, for the certificate.</li>
--   </ul>
certificateSummary :: CertificateSummary

-- | Amazon Resource Name (ARN) of the certificate. This is of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
csCertificateARN :: Lens' CertificateSummary (Maybe Text)

-- | Fully qualified domain name (FQDN), such as www.example.com or
--   example.com, for the certificate.
csDomainName :: Lens' CertificateSummary (Maybe Text)

-- | Structure that contains the domain name, the base validation domain to
--   which validation email is sent, and the email addresses used to
--   validate the domain identity.
--   
--   <i>See:</i> <a>domainValidation</a> smart constructor.
data DomainValidation

-- | Creates a value of <a>DomainValidation</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dvValidationEmails</a> - A list of contact address for the
--   domain registrant.</li>
--   <li><a>dvValidationDomain</a> - The base validation domain that acts
--   as the suffix of the email addresses that are used to send the
--   emails.</li>
--   <li><a>dvDomainName</a> - Fully Qualified Domain Name (FQDN) of the
--   form <tt>www.example.com or </tt> <tt>example.com</tt> .</li>
--   </ul>
domainValidation :: Text -> DomainValidation

-- | A list of contact address for the domain registrant.
dvValidationEmails :: Lens' DomainValidation [Text]

-- | The base validation domain that acts as the suffix of the email
--   addresses that are used to send the emails.
dvValidationDomain :: Lens' DomainValidation (Maybe Text)

-- | Fully Qualified Domain Name (FQDN) of the form <tt>www.example.com or
--   </tt> <tt>example.com</tt> .
dvDomainName :: Lens' DomainValidation Text

-- | This structure is used in the request object of the
--   <tt>RequestCertificate</tt> action.
--   
--   <i>See:</i> <a>domainValidationOption</a> smart constructor.
data DomainValidationOption

-- | Creates a value of <a>DomainValidationOption</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dvoDomainName</a> - Fully Qualified Domain Name (FQDN) of the
--   certificate being requested.</li>
--   <li><a>dvoValidationDomain</a> - The domain to which validation email
--   is sent. This is the base validation domain that will act as the
--   suffix of the email addresses. This must be the same as the
--   <tt>DomainName</tt> value or a superdomain of the <tt>DomainName</tt>
--   value. For example, if you requested a certificate for
--   <tt>site.subdomain.example.com</tt> and specify a
--   <b>ValidationDomain</b> of <tt>subdomain.example.com</tt> , ACM sends
--   email to the domain registrant, technical contact, and administrative
--   contact in WHOIS for the base domain and the following five addresses:
--   * admin<tt>subdomain.example.com *
--   administrator</tt>subdomain.example.com *
--   hostmaster<tt>subdomain.example.com *
--   postmaster</tt>subdomain.example.com *
--   webmaster@subdomain.example.com</li>
--   </ul>
domainValidationOption :: Text -> Text -> DomainValidationOption

-- | Fully Qualified Domain Name (FQDN) of the certificate being requested.
dvoDomainName :: Lens' DomainValidationOption Text

-- | The domain to which validation email is sent. This is the base
--   validation domain that will act as the suffix of the email addresses.
--   This must be the same as the <tt>DomainName</tt> value or a
--   superdomain of the <tt>DomainName</tt> value. For example, if you
--   requested a certificate for <tt>site.subdomain.example.com</tt> and
--   specify a <b>ValidationDomain</b> of <tt>subdomain.example.com</tt> ,
--   ACM sends email to the domain registrant, technical contact, and
--   administrative contact in WHOIS for the base domain and the following
--   five addresses: * admin<tt>subdomain.example.com *
--   administrator</tt>subdomain.example.com *
--   hostmaster<tt>subdomain.example.com *
--   postmaster</tt>subdomain.example.com * webmaster@subdomain.example.com
dvoValidationDomain :: Lens' DomainValidationOption Text

-- | A key-value pair that identifies or specifies metadata about an ACM
--   resource.
--   
--   <i>See:</i> <a>tag</a> smart constructor.
data Tag

-- | Creates a value of <a>Tag</a> with the minimum fields required to make
--   a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>tagValue</a> - The value of the tag.</li>
--   <li><a>tagKey</a> - The key of the tag.</li>
--   </ul>
tag :: Text -> Tag

-- | The value of the tag.
tagValue :: Lens' Tag (Maybe Text)

-- | The key of the tag.
tagKey :: Lens' Tag Text


module Network.AWS.CertificateManager.Waiters


-- | Resends the email that requests domain ownership validation. The
--   domain owner or an authorized representative must approve the ACM
--   Certificate before it can be issued. The certificate can be approved
--   by clicking a link in the mail to navigate to the Amazon certificate
--   approval website and then clicking <b>I Approve</b> . However, the
--   validation email can be blocked by spam filters. Therefore, if you do
--   not receive the original mail, you can request that the mail be resent
--   within 72 hours of requesting the ACM Certificate. If more than 72
--   hours have elapsed since your original request or since your last
--   attempt to resend validation mail, you must request a new certificate.
module Network.AWS.CertificateManager.ResendValidationEmail

-- | Creates a value of <a>ResendValidationEmail</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rveCertificateARN</a> - String that contains the ARN of the
--   requested certificate. The certificate ARN is generated and returned
--   by the <tt>RequestCertificate</tt> action as soon as the request is
--   made. By default, using this parameter causes email to be sent to all
--   top-level domains you specified in the certificate request. The ARN
--   must be of the form:
--   <tt>arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt></li>
--   <li><a>rveDomain</a> - The Fully Qualified Domain Name (FQDN) of the
--   certificate that needs to be validated.</li>
--   <li><a>rveValidationDomain</a> - The base validation domain that will
--   act as the suffix of the email addresses that are used to send the
--   emails. This must be the same as the <tt>Domain</tt> value or a
--   superdomain of the <tt>Domain</tt> value. For example, if you
--   requested a certificate for <tt>site.subdomain.example.com</tt> and
--   specify a <b>ValidationDomain</b> of <tt>subdomain.example.com</tt> ,
--   ACM sends email to the domain registrant, technical contact, and
--   administrative contact in WHOIS and the following five addresses: *
--   admin<tt>subdomain.example.com *
--   administrator</tt>subdomain.example.com *
--   hostmaster<tt>subdomain.example.com *
--   postmaster</tt>subdomain.example.com *
--   webmaster@subdomain.example.com</li>
--   </ul>
resendValidationEmail :: Text -> Text -> Text -> ResendValidationEmail

-- | <i>See:</i> <a>resendValidationEmail</a> smart constructor.
data ResendValidationEmail

-- | String that contains the ARN of the requested certificate. The
--   certificate ARN is generated and returned by the
--   <tt>RequestCertificate</tt> action as soon as the request is made. By
--   default, using this parameter causes email to be sent to all top-level
--   domains you specified in the certificate request. The ARN must be of
--   the form:
--   <tt>arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
rveCertificateARN :: Lens' ResendValidationEmail Text

-- | The Fully Qualified Domain Name (FQDN) of the certificate that needs
--   to be validated.
rveDomain :: Lens' ResendValidationEmail Text

-- | The base validation domain that will act as the suffix of the email
--   addresses that are used to send the emails. This must be the same as
--   the <tt>Domain</tt> value or a superdomain of the <tt>Domain</tt>
--   value. For example, if you requested a certificate for
--   <tt>site.subdomain.example.com</tt> and specify a
--   <b>ValidationDomain</b> of <tt>subdomain.example.com</tt> , ACM sends
--   email to the domain registrant, technical contact, and administrative
--   contact in WHOIS and the following five addresses: *
--   admin<tt>subdomain.example.com *
--   administrator</tt>subdomain.example.com *
--   hostmaster<tt>subdomain.example.com *
--   postmaster</tt>subdomain.example.com * webmaster@subdomain.example.com
rveValidationDomain :: Lens' ResendValidationEmail Text

-- | Creates a value of <a>ResendValidationEmailResponse</a> with the
--   minimum fields required to make a request.
resendValidationEmailResponse :: ResendValidationEmailResponse

-- | <i>See:</i> <a>resendValidationEmailResponse</a> smart constructor.
data ResendValidationEmailResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmailResponse
instance Data.Data.Data Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmailResponse
instance GHC.Show.Show Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmailResponse
instance GHC.Read.Read Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmailResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmailResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Data.Data.Data Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance GHC.Show.Show Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance GHC.Read.Read Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance GHC.Classes.Eq Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmail
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ResendValidationEmail.ResendValidationEmailResponse


-- | Requests an ACM Certificate for use with other AWS services. To
--   request an ACM Certificate, you must specify the fully qualified
--   domain name (FQDN) for your site. You can also specify additional
--   FQDNs if users can reach your site by using other names. For each
--   domain name you specify, email is sent to the domain owner to request
--   approval to issue the certificate. After receiving approval from the
--   domain owner, the ACM Certificate is issued. For more information, see
--   the <a>AWS Certificate Manager User Guide</a> .
module Network.AWS.CertificateManager.RequestCertificate

-- | Creates a value of <a>RequestCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rcIdempotencyToken</a> - Customer chosen string that can be
--   used to distinguish between calls to <tt>RequestCertificate</tt> .
--   Idempotency tokens time out after one hour. Therefore, if you call
--   <tt>RequestCertificate</tt> multiple times with the same idempotency
--   token within one hour, ACM recognizes that you are requesting only one
--   certificate and will issue only one. If you change the idempotency
--   token for each call, ACM recognizes that you are requesting multiple
--   certificates.</li>
--   <li><a>rcSubjectAlternativeNames</a> - Additional FQDNs to be included
--   in the Subject Alternative Name extension of the ACM Certificate. For
--   example, add the name www.example.net to a certificate for which the
--   <tt>DomainName</tt> field is www.example.com if users can reach your
--   site by using either name.</li>
--   <li><a>rcDomainValidationOptions</a> - The base validation domain that
--   will act as the suffix of the email addresses that are used to send
--   the emails. This must be the same as the <tt>Domain</tt> value or a
--   superdomain of the <tt>Domain</tt> value. For example, if you
--   requested a certificate for <tt>test.example.com</tt> and specify
--   <b>DomainValidationOptions</b> of <tt>example.com</tt> , ACM sends
--   email to the domain registrant, technical contact, and administrative
--   contact in WHOIS and the following five addresses: *
--   admin<tt>example.com * administrator</tt>example.com *
--   hostmaster<tt>example.com * postmaster</tt>example.com *
--   webmaster@example.com</li>
--   <li><a>rcDomainName</a> - Fully qualified domain name (FQDN), such as
--   www.example.com, of the site you want to secure with an ACM
--   Certificate. Use an asterisk (*) to create a wildcard certificate that
--   protects several sites in the same domain. For example, *.example.com
--   protects www.example.com, site.example.com, and
--   images.example.com.</li>
--   </ul>
requestCertificate :: Text -> RequestCertificate

-- | <i>See:</i> <a>requestCertificate</a> smart constructor.
data RequestCertificate

-- | Customer chosen string that can be used to distinguish between calls
--   to <tt>RequestCertificate</tt> . Idempotency tokens time out after one
--   hour. Therefore, if you call <tt>RequestCertificate</tt> multiple
--   times with the same idempotency token within one hour, ACM recognizes
--   that you are requesting only one certificate and will issue only one.
--   If you change the idempotency token for each call, ACM recognizes that
--   you are requesting multiple certificates.
rcIdempotencyToken :: Lens' RequestCertificate (Maybe Text)

-- | Additional FQDNs to be included in the Subject Alternative Name
--   extension of the ACM Certificate. For example, add the name
--   www.example.net to a certificate for which the <tt>DomainName</tt>
--   field is www.example.com if users can reach your site by using either
--   name.
rcSubjectAlternativeNames :: Lens' RequestCertificate (Maybe (NonEmpty Text))

-- | The base validation domain that will act as the suffix of the email
--   addresses that are used to send the emails. This must be the same as
--   the <tt>Domain</tt> value or a superdomain of the <tt>Domain</tt>
--   value. For example, if you requested a certificate for
--   <tt>test.example.com</tt> and specify <b>DomainValidationOptions</b>
--   of <tt>example.com</tt> , ACM sends email to the domain registrant,
--   technical contact, and administrative contact in WHOIS and the
--   following five addresses: * admin<tt>example.com *
--   administrator</tt>example.com * hostmaster<tt>example.com *
--   postmaster</tt>example.com * webmaster@example.com
rcDomainValidationOptions :: Lens' RequestCertificate (Maybe (NonEmpty DomainValidationOption))

-- | Fully qualified domain name (FQDN), such as www.example.com, of the
--   site you want to secure with an ACM Certificate. Use an asterisk (*)
--   to create a wildcard certificate that protects several sites in the
--   same domain. For example, *.example.com protects www.example.com,
--   site.example.com, and images.example.com.
rcDomainName :: Lens' RequestCertificate Text

-- | Creates a value of <a>RequestCertificateResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rcrsCertificateARN</a> - String that contains the ARN of the
--   issued certificate. This must be of the form:
--   <tt>arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt></li>
--   <li><a>rcrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
requestCertificateResponse :: Int -> RequestCertificateResponse

-- | <i>See:</i> <a>requestCertificateResponse</a> smart constructor.
data RequestCertificateResponse

-- | String that contains the ARN of the issued certificate. This must be
--   of the form:
--   <tt>arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
rcrsCertificateARN :: Lens' RequestCertificateResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
rcrsResponseStatus :: Lens' RequestCertificateResponse Int
instance GHC.Generics.Generic Network.AWS.CertificateManager.RequestCertificate.RequestCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.RequestCertificate.RequestCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.RequestCertificate.RequestCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.RequestCertificate.RequestCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.RequestCertificate.RequestCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Data.Data.Data Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.RequestCertificate.RequestCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.RequestCertificate.RequestCertificateResponse


-- | Remove one or more tags from an ACM Certificate. A tag consists of a
--   key-value pair. If you do not specify the value portion of the tag
--   when calling this function, the tag will be removed regardless of
--   value. If you specify a value, the tag is removed only if it is
--   associated with the specified value.
--   
--   To add tags to a certificate, use the <tt>AddTagsToCertificate</tt>
--   action. To view all of the tags that have been applied to a specific
--   ACM Certificate, use the <tt>ListTagsForCertificate</tt> action.
module Network.AWS.CertificateManager.RemoveTagsFromCertificate

-- | Creates a value of <a>RemoveTagsFromCertificate</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>rtfcCertificateARN</a> - String that contains the ARN of the
--   ACM Certificate with one or more tags that you want to remove. This
--   must be of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   <li><a>rtfcTags</a> - The key-value pair that defines the tag to
--   remove.</li>
--   </ul>
removeTagsFromCertificate :: Text -> NonEmpty Tag -> RemoveTagsFromCertificate

-- | <i>See:</i> <a>removeTagsFromCertificate</a> smart constructor.
data RemoveTagsFromCertificate

-- | String that contains the ARN of the ACM Certificate with one or more
--   tags that you want to remove. This must be of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
rtfcCertificateARN :: Lens' RemoveTagsFromCertificate Text

-- | The key-value pair that defines the tag to remove.
rtfcTags :: Lens' RemoveTagsFromCertificate (NonEmpty Tag)

-- | Creates a value of <a>RemoveTagsFromCertificateResponse</a> with the
--   minimum fields required to make a request.
removeTagsFromCertificateResponse :: RemoveTagsFromCertificateResponse

-- | <i>See:</i> <a>removeTagsFromCertificateResponse</a> smart
--   constructor.
data RemoveTagsFromCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Data.Data.Data Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.RemoveTagsFromCertificate.RemoveTagsFromCertificateResponse


-- | Lists the tags that have been applied to the ACM Certificate. Use the
--   certificate ARN to specify the certificate. To add a tag to an ACM
--   Certificate, use the <tt>AddTagsToCertificate</tt> action. To delete a
--   tag, use the <tt>RemoveTagsFromCertificate</tt> action.
module Network.AWS.CertificateManager.ListTagsForCertificate

-- | Creates a value of <a>ListTagsForCertificate</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ltfcCertificateARN</a> - String that contains the ARN of the
--   ACM Certificate for which you want to list the tags. This must be of
--   the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   </ul>
listTagsForCertificate :: Text -> ListTagsForCertificate

-- | <i>See:</i> <a>listTagsForCertificate</a> smart constructor.
data ListTagsForCertificate

-- | String that contains the ARN of the ACM Certificate for which you want
--   to list the tags. This must be of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
ltfcCertificateARN :: Lens' ListTagsForCertificate Text

-- | Creates a value of <a>ListTagsForCertificateResponse</a> with the
--   minimum fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>ltfcrsTags</a> - The key-value pairs that define the applied
--   tags.</li>
--   <li><a>ltfcrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listTagsForCertificateResponse :: Int -> ListTagsForCertificateResponse

-- | <i>See:</i> <a>listTagsForCertificateResponse</a> smart constructor.
data ListTagsForCertificateResponse

-- | The key-value pairs that define the applied tags.
ltfcrsTags :: Lens' ListTagsForCertificateResponse (Maybe (NonEmpty Tag))

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
ltfcrsResponseStatus :: Lens' ListTagsForCertificateResponse Int
instance GHC.Generics.Generic Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Data.Data.Data Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ListTagsForCertificate.ListTagsForCertificateResponse


-- | Retrieves a list of ACM Certificates and the domain name for each. You
--   can optionally filter the list to return only the certificates that
--   match the specified status.
--   
--   This operation returns paginated results.
module Network.AWS.CertificateManager.ListCertificates

-- | Creates a value of <a>ListCertificates</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lcCertificateStatuses</a> - The status or statuses on which to
--   filter the list of ACM Certificates.</li>
--   <li><a>lcNextToken</a> - Use this parameter only when paginating
--   results and only in a subsequent request after you receive a response
--   with truncated results. Set it to the value of <tt>NextToken</tt> from
--   the response you just received.</li>
--   <li><a>lcMaxItems</a> - Use this parameter when paginating results to
--   specify the maximum number of items to return in the response. If
--   additional items exist beyond the number you specify, the
--   <tt>NextToken</tt> element is sent in the response. Use this
--   <tt>NextToken</tt> value in a subsequent request to retrieve
--   additional items.</li>
--   </ul>
listCertificates :: ListCertificates

-- | <i>See:</i> <a>listCertificates</a> smart constructor.
data ListCertificates

-- | The status or statuses on which to filter the list of ACM
--   Certificates.
lcCertificateStatuses :: Lens' ListCertificates [CertificateStatus]

-- | Use this parameter only when paginating results and only in a
--   subsequent request after you receive a response with truncated
--   results. Set it to the value of <tt>NextToken</tt> from the response
--   you just received.
lcNextToken :: Lens' ListCertificates (Maybe Text)

-- | Use this parameter when paginating results to specify the maximum
--   number of items to return in the response. If additional items exist
--   beyond the number you specify, the <tt>NextToken</tt> element is sent
--   in the response. Use this <tt>NextToken</tt> value in a subsequent
--   request to retrieve additional items.
lcMaxItems :: Lens' ListCertificates (Maybe Natural)

-- | Creates a value of <a>ListCertificatesResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>lcrsCertificateSummaryList</a> - A list of ACM
--   Certificates.</li>
--   <li><a>lcrsNextToken</a> - When the list is truncated, this value is
--   present and contains the value to use for the <tt>NextToken</tt>
--   parameter in a subsequent pagination request.</li>
--   <li><a>lcrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
listCertificatesResponse :: Int -> ListCertificatesResponse

-- | <i>See:</i> <a>listCertificatesResponse</a> smart constructor.
data ListCertificatesResponse

-- | A list of ACM Certificates.
lcrsCertificateSummaryList :: Lens' ListCertificatesResponse [CertificateSummary]

-- | When the list is truncated, this value is present and contains the
--   value to use for the <tt>NextToken</tt> parameter in a subsequent
--   pagination request.
lcrsNextToken :: Lens' ListCertificatesResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
lcrsResponseStatus :: Lens' ListCertificatesResponse Int
instance GHC.Generics.Generic Network.AWS.CertificateManager.ListCertificates.ListCertificatesResponse
instance Data.Data.Data Network.AWS.CertificateManager.ListCertificates.ListCertificatesResponse
instance GHC.Show.Show Network.AWS.CertificateManager.ListCertificates.ListCertificatesResponse
instance GHC.Read.Read Network.AWS.CertificateManager.ListCertificates.ListCertificatesResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.ListCertificates.ListCertificatesResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Data.Data.Data Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance GHC.Show.Show Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance GHC.Read.Read Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance GHC.Classes.Eq Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Network.AWS.Pager.AWSPager Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.ListCertificates.ListCertificates
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ListCertificates.ListCertificatesResponse


-- | Imports an SSL<i>TLS certificate into AWS Certificate Manager (ACM) to
--   use with
--   &lt;http:</i><i>docs.aws.amazon.com</i>acm<i>latest</i>userguide/acm-services.html
--   ACM's integrated AWS services&gt; .
--   
--   For more information about importing certificates into ACM, including
--   the differences between certificates that you import and those that
--   ACM provides, see <a>Importing Certificates</a> in the <i>AWS
--   Certificate Manager User Guide</i> .
--   
--   To import a certificate, you must provide the certificate and the
--   matching private key. When the certificate is not self-signed, you
--   must also provide a certificate chain. You can omit the certificate
--   chain when importing a self-signed certificate.
--   
--   The certificate, private key, and certificate chain must be
--   PEM-encoded. For more information about converting these items to PEM
--   format, see <a>Importing Certificates Troubleshooting</a> in the
--   <i>AWS Certificate Manager User Guide</i> .
--   
--   To import a new certificate, omit the <tt>CertificateArn</tt> field.
--   Include this field only when you want to replace a previously imported
--   certificate.
--   
--   This operation returns the <a>Amazon Resource Name (ARN)</a> of the
--   imported certificate.
module Network.AWS.CertificateManager.ImportCertificate

-- | Creates a value of <a>ImportCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>icCertificateARN</a> - The <a>Amazon Resource Name (ARN)</a> of
--   an imported certificate to replace. To import a new certificate, omit
--   this field.</li>
--   <li><a>icCertificateChain</a> - The certificate chain. It must be
--   PEM-encoded.-- <i>Note:</i> This <tt>Lens</tt> automatically encodes
--   and decodes Base64 data. The underlying isomorphism will encode to
--   Base64 representation during serialisation, and decode from Base64
--   representation during deserialisation. This <tt>Lens</tt> accepts and
--   returns only raw unencoded data.</li>
--   <li><a>icCertificate</a> - The certificate to import. It must meet the
--   following requirements: * Must be PEM-encoded. * Must contain a
--   1024-bit or 2048-bit RSA public key. * Must be valid at the time of
--   import. You cannot import a certificate before its validity period
--   begins (the certificate's <tt>NotBefore</tt> date) or after it expires
--   (the certificate's <tt>NotAfter</tt> date).-- <i>Note:</i> This
--   <tt>Lens</tt> automatically encodes and decodes Base64 data. The
--   underlying isomorphism will encode to Base64 representation during
--   serialisation, and decode from Base64 representation during
--   deserialisation. This <tt>Lens</tt> accepts and returns only raw
--   unencoded data.</li>
--   <li><a>icPrivateKey</a> - The private key that matches the public key
--   in the certificate. It must meet the following requirements: * Must be
--   PEM-encoded. * Must be unencrypted. You cannot import a private key
--   that is protected by a password or passphrase.-- <i>Note:</i> This
--   <tt>Lens</tt> automatically encodes and decodes Base64 data. The
--   underlying isomorphism will encode to Base64 representation during
--   serialisation, and decode from Base64 representation during
--   deserialisation. This <tt>Lens</tt> accepts and returns only raw
--   unencoded data.</li>
--   </ul>
importCertificate :: ByteString -> ByteString -> ImportCertificate

-- | <i>See:</i> <a>importCertificate</a> smart constructor.
data ImportCertificate

-- | The <a>Amazon Resource Name (ARN)</a> of an imported certificate to
--   replace. To import a new certificate, omit this field.
icCertificateARN :: Lens' ImportCertificate (Maybe Text)

-- | The certificate chain. It must be PEM-encoded.-- <i>Note:</i> This
--   <tt>Lens</tt> automatically encodes and decodes Base64 data. The
--   underlying isomorphism will encode to Base64 representation during
--   serialisation, and decode from Base64 representation during
--   deserialisation. This <tt>Lens</tt> accepts and returns only raw
--   unencoded data.
icCertificateChain :: Lens' ImportCertificate (Maybe ByteString)

-- | The certificate to import. It must meet the following requirements: *
--   Must be PEM-encoded. * Must contain a 1024-bit or 2048-bit RSA public
--   key. * Must be valid at the time of import. You cannot import a
--   certificate before its validity period begins (the certificate's
--   <tt>NotBefore</tt> date) or after it expires (the certificate's
--   <tt>NotAfter</tt> date).-- <i>Note:</i> This <tt>Lens</tt>
--   automatically encodes and decodes Base64 data. The underlying
--   isomorphism will encode to Base64 representation during serialisation,
--   and decode from Base64 representation during deserialisation. This
--   <tt>Lens</tt> accepts and returns only raw unencoded data.
icCertificate :: Lens' ImportCertificate ByteString

-- | The private key that matches the public key in the certificate. It
--   must meet the following requirements: * Must be PEM-encoded. * Must be
--   unencrypted. You cannot import a private key that is protected by a
--   password or passphrase.-- <i>Note:</i> This <tt>Lens</tt>
--   automatically encodes and decodes Base64 data. The underlying
--   isomorphism will encode to Base64 representation during serialisation,
--   and decode from Base64 representation during deserialisation. This
--   <tt>Lens</tt> accepts and returns only raw unencoded data.
icPrivateKey :: Lens' ImportCertificate ByteString

-- | Creates a value of <a>ImportCertificateResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>icrsCertificateARN</a> - The <a>Amazon Resource Name (ARN)</a>
--   of the imported certificate.</li>
--   <li><a>icrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
importCertificateResponse :: Int -> ImportCertificateResponse

-- | <i>See:</i> <a>importCertificateResponse</a> smart constructor.
data ImportCertificateResponse

-- | The <a>Amazon Resource Name (ARN)</a> of the imported certificate.
icrsCertificateARN :: Lens' ImportCertificateResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
icrsResponseStatus :: Lens' ImportCertificateResponse Int
instance GHC.Generics.Generic Network.AWS.CertificateManager.ImportCertificate.ImportCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.ImportCertificate.ImportCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.ImportCertificate.ImportCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.ImportCertificate.ImportCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.ImportCertificate.ImportCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Data.Data.Data Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.ImportCertificate.ImportCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.ImportCertificate.ImportCertificateResponse


-- | Retrieves an ACM Certificate and certificate chain for the certificate
--   specified by an ARN. The chain is an ordered list of certificates that
--   contains the root certificate, intermediate certificates of
--   subordinate CAs, and the ACM Certificate. The certificate and
--   certificate chain are base64 encoded. If you want to decode the
--   certificate chain to see the individual certificate fields, you can
--   use OpenSSL.
module Network.AWS.CertificateManager.GetCertificate

-- | Creates a value of <a>GetCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gcCertificateARN</a> - String that contains a certificate ARN
--   in the following format:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   </ul>
getCertificate :: Text -> GetCertificate

-- | <i>See:</i> <a>getCertificate</a> smart constructor.
data GetCertificate

-- | String that contains a certificate ARN in the following format:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
gcCertificateARN :: Lens' GetCertificate Text

-- | Creates a value of <a>GetCertificateResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>gcrsCertificate</a> - String that contains the ACM Certificate
--   represented by the ARN specified at input.</li>
--   <li><a>gcrsCertificateChain</a> - The certificate chain that contains
--   the root certificate issued by the certificate authority (CA).</li>
--   <li><a>gcrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
getCertificateResponse :: Int -> GetCertificateResponse

-- | <i>See:</i> <a>getCertificateResponse</a> smart constructor.
data GetCertificateResponse

-- | String that contains the ACM Certificate represented by the ARN
--   specified at input.
gcrsCertificate :: Lens' GetCertificateResponse (Maybe Text)

-- | The certificate chain that contains the root certificate issued by the
--   certificate authority (CA).
gcrsCertificateChain :: Lens' GetCertificateResponse (Maybe Text)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
gcrsResponseStatus :: Lens' GetCertificateResponse Int
instance GHC.Generics.Generic Network.AWS.CertificateManager.GetCertificate.GetCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.GetCertificate.GetCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.GetCertificate.GetCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.GetCertificate.GetCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.GetCertificate.GetCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Data.Data.Data Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.GetCertificate.GetCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.GetCertificate.GetCertificateResponse


-- | Returns a list of the fields contained in the specified ACM
--   Certificate. For example, this action returns the certificate status,
--   a flag that indicates whether the certificate is associated with any
--   other AWS service, and the date at which the certificate request was
--   created. You specify the ACM Certificate on input by its Amazon
--   Resource Name (ARN).
module Network.AWS.CertificateManager.DescribeCertificate

-- | Creates a value of <a>DescribeCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dCertificateARN</a> - String that contains an ACM Certificate
--   ARN. The ARN must be of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   </ul>
describeCertificate :: Text -> DescribeCertificate

-- | <i>See:</i> <a>describeCertificate</a> smart constructor.
data DescribeCertificate

-- | String that contains an ACM Certificate ARN. The ARN must be of the
--   form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
dCertificateARN :: Lens' DescribeCertificate Text

-- | Creates a value of <a>DescribeCertificateResponse</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dcrsCertificate</a> - Contains a <a>CertificateDetail</a>
--   structure that lists the fields of an ACM Certificate.</li>
--   <li><a>dcrsResponseStatus</a> - -- | The response status code.</li>
--   </ul>
describeCertificateResponse :: Int -> DescribeCertificateResponse

-- | <i>See:</i> <a>describeCertificateResponse</a> smart constructor.
data DescribeCertificateResponse

-- | Contains a <a>CertificateDetail</a> structure that lists the fields of
--   an ACM Certificate.
dcrsCertificate :: Lens' DescribeCertificateResponse (Maybe CertificateDetail)

-- | <ul>
--   <li>- | The response status code.</li>
--   </ul>
dcrsResponseStatus :: Lens' DescribeCertificateResponse Int
instance GHC.Generics.Generic Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Data.Data.Data Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.DescribeCertificate.DescribeCertificateResponse


-- | Deletes an ACM Certificate and its associated private key. If this
--   action succeeds, the certificate no longer appears in the list of ACM
--   Certificates that can be displayed by calling the
--   <tt>ListCertificates</tt> action or be retrieved by calling the
--   <tt>GetCertificate</tt> action. The certificate will not be available
--   for use by other AWS services.
module Network.AWS.CertificateManager.DeleteCertificate

-- | Creates a value of <a>DeleteCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dcCertificateARN</a> - String that contains the ARN of the ACM
--   Certificate to be deleted. This must be of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   </ul>
deleteCertificate :: Text -> DeleteCertificate

-- | <i>See:</i> <a>deleteCertificate</a> smart constructor.
data DeleteCertificate

-- | String that contains the ARN of the ACM Certificate to be deleted.
--   This must be of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
dcCertificateARN :: Lens' DeleteCertificate Text

-- | Creates a value of <a>DeleteCertificateResponse</a> with the minimum
--   fields required to make a request.
deleteCertificateResponse :: DeleteCertificateResponse

-- | <i>See:</i> <a>deleteCertificateResponse</a> smart constructor.
data DeleteCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Data.Data.Data Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.DeleteCertificate.DeleteCertificateResponse


-- | Adds one or more tags to an ACM Certificate. Tags are labels that you
--   can use to identify and organize your AWS resources. Each tag consists
--   of a <tt>key</tt> and an optional <tt>value</tt> . You specify the
--   certificate on input by its Amazon Resource Name (ARN). You specify
--   the tag by using a key-value pair.
--   
--   You can apply a tag to just one certificate if you want to identify a
--   specific characteristic of that certificate, or you can apply the same
--   tag to multiple certificates if you want to filter for a common
--   relationship among those certificates. Similarly, you can apply the
--   same tag to multiple resources if you want to specify a relationship
--   among those resources. For example, you can add the same tag to an ACM
--   Certificate and an Elastic Load Balancing load balancer to indicate
--   that they are both used by the same website. For more information, see
--   <a>Tagging ACM Certificates</a> .
--   
--   To remove one or more tags, use the <tt>RemoveTagsFromCertificate</tt>
--   action. To view all of the tags that have been applied to the
--   certificate, use the <tt>ListTagsForCertificate</tt> action.
module Network.AWS.CertificateManager.AddTagsToCertificate

-- | Creates a value of <a>AddTagsToCertificate</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>attcCertificateARN</a> - String that contains the ARN of the
--   ACM Certificate to which the tag is to be applied. This must be of the
--   form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   <li><a>attcTags</a> - The key-value pair that defines the tag. The tag
--   value is optional.</li>
--   </ul>
addTagsToCertificate :: Text -> NonEmpty Tag -> AddTagsToCertificate

-- | <i>See:</i> <a>addTagsToCertificate</a> smart constructor.
data AddTagsToCertificate

-- | String that contains the ARN of the ACM Certificate to which the tag
--   is to be applied. This must be of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
attcCertificateARN :: Lens' AddTagsToCertificate Text

-- | The key-value pair that defines the tag. The tag value is optional.
attcTags :: Lens' AddTagsToCertificate (NonEmpty Tag)

-- | Creates a value of <a>AddTagsToCertificateResponse</a> with the
--   minimum fields required to make a request.
addTagsToCertificateResponse :: AddTagsToCertificateResponse

-- | <i>See:</i> <a>addTagsToCertificateResponse</a> smart constructor.
data AddTagsToCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificateResponse
instance Data.Data.Data Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificateResponse
instance GHC.Show.Show Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificateResponse
instance GHC.Read.Read Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificateResponse
instance GHC.Classes.Eq Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificateResponse
instance GHC.Generics.Generic Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Data.Data.Data Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance GHC.Show.Show Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance GHC.Read.Read Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance GHC.Classes.Eq Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Network.AWS.Types.AWSRequest Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Data.Hashable.Class.Hashable Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Network.AWS.Data.Headers.ToHeaders Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Network.AWS.Data.Path.ToPath Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Network.AWS.Data.Query.ToQuery Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificate
instance Control.DeepSeq.NFData Network.AWS.CertificateManager.AddTagsToCertificate.AddTagsToCertificateResponse


-- | <b>AWS Certificate Manager</b>
--   
--   Welcome to the AWS Certificate Manager (ACM) API documentation.
--   
--   You can use ACM to manage SSL<i>TLS certificates for your AWS-based
--   websites and applications. For general information about using ACM,
--   see the
--   &lt;http:</i><i>docs.aws.amazon.com</i>acm<i>latest</i>userguide<i>
--   </i>AWS Certificate Manager User Guide/ &gt; .
module Network.AWS.CertificateManager

-- | API version <tt>2015-12-08</tt> of the Amazon Certificate Manager SDK
--   configuration.
certificateManager :: Service

-- | One or both of the values that make up the key-value pair is not
--   valid. For example, you cannot specify a tag value that begins with
--   <tt>aws:</tt> .
_InvalidTagException :: AsError a => Getting (First ServiceError) a ServiceError

-- | One or more values in the <a>DomainValidationOption</a> structure is
--   incorrect.
_InvalidDomainValidationOptionsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The request contains too many tags. Try the request again with fewer
--   tags.
_TooManyTagsException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The certificate request is in process and the certificate in your
--   account has not yet been issued.
_RequestInProgressException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The requested Amazon Resource Name (ARN) does not refer to an existing
--   resource.
_InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The specified certificate cannot be found in the caller's account, or
--   the caller's account cannot be found.
_ResourceNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError

-- | Processing has reached an invalid state. For example, this exception
--   can occur if the specified domain is not using email validation, or
--   the current certificate status does not permit the requested
--   operation. See the exception message returned by ACM to determine
--   which state is not valid.
_InvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError

-- | An ACM limit has been exceeded. For example, you may have input more
--   domains than are allowed or you've requested too many certificates for
--   your account. See the exception message returned by ACM to determine
--   which limit you have violated. For more information about ACM limits,
--   see the <a>Limits</a> topic.
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError

-- | The certificate is in use by another AWS service in the caller's
--   account. Remove the association and try again.
_ResourceInUseException :: AsError a => Getting (First ServiceError) a ServiceError
data CertificateStatus
Expired :: CertificateStatus
Failed :: CertificateStatus
Inactive :: CertificateStatus
Issued :: CertificateStatus
PendingValidation :: CertificateStatus
Revoked :: CertificateStatus
ValidationTimedOut :: CertificateStatus
data CertificateType
AmazonIssued :: CertificateType
Imported :: CertificateType
data FailureReason
AdditionalVerificationRequired :: FailureReason
DomainNotAllowed :: FailureReason
InvalidPublicDomain :: FailureReason
NoAvailableContacts :: FailureReason
Other :: FailureReason
data KeyAlgorithm
EcPRIME256V1 :: KeyAlgorithm
Rsa1024 :: KeyAlgorithm
Rsa2048 :: KeyAlgorithm
data RevocationReason
AACompromise :: RevocationReason
AffiliationChanged :: RevocationReason
CaCompromise :: RevocationReason
CertificateHold :: RevocationReason
CessationOfOperation :: RevocationReason
KeyCompromise :: RevocationReason
PrivilegeWithdrawn :: RevocationReason
RemoveFromCrl :: RevocationReason
Superceded :: RevocationReason
Unspecified :: RevocationReason

-- | Contains detailed metadata about an ACM Certificate. This structure is
--   returned in the response to a <tt>DescribeCertificate</tt> request.
--   
--   <i>See:</i> <a>certificateDetail</a> smart constructor.
data CertificateDetail

-- | Creates a value of <a>CertificateDetail</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>cdSubject</a> - The name of the entity that is associated with
--   the public key contained in the certificate.</li>
--   <li><a>cdStatus</a> - The status of the certificate.</li>
--   <li><a>cdFailureReason</a> - The reason the certificate request
--   failed. This value exists only when the certificate status is
--   <tt>FAILED</tt> . For more information, see <a>Certificate Request
--   Failed</a> in the <i>AWS Certificate Manager User Guide</i> .</li>
--   <li><a>cdSubjectAlternativeNames</a> - One or more domain names
--   (subject alternative names) included in the certificate. This list
--   contains the domain names that are bound to the public key that is
--   contained in the certificate. The subject alternative names include
--   the canonical domain name (CN) of the certificate and additional
--   domain names that can be used to connect to the website.</li>
--   <li><a>cdInUseBy</a> - A list of ARNs for the AWS resources that are
--   using the certificate. A certificate can be used by multiple AWS
--   resources.</li>
--   <li><a>cdCreatedAt</a> - The time at which the certificate was
--   requested. This value exists only when the certificate type is
--   <tt>AMAZON_ISSUED</tt> .</li>
--   <li><a>cdCertificateARN</a> - The Amazon Resource Name (ARN) of the
--   certificate. For more information about ARNs, see <a>Amazon Resource
--   Names (ARNs) and AWS Service Namespaces</a> in the <i>AWS General
--   Reference</i> .</li>
--   <li><a>cdSerial</a> - The serial number of the certificate.</li>
--   <li><a>cdImportedAt</a> - The date and time at which the certificate
--   was imported. This value exists only when the certificate type is
--   <tt>IMPORTED</tt> .</li>
--   <li><a>cdRevokedAt</a> - The time at which the certificate was
--   revoked. This value exists only when the certificate status is
--   <tt>REVOKED</tt> .</li>
--   <li><a>cdNotBefore</a> - The time before which the certificate is not
--   valid.</li>
--   <li><a>cdRevocationReason</a> - The reason the certificate was
--   revoked. This value exists only when the certificate status is
--   <tt>REVOKED</tt> .</li>
--   <li><a>cdDomainName</a> - The fully qualified domain name for the
--   certificate, such as www.example.com or example.com.</li>
--   <li><a>cdKeyAlgorithm</a> - The algorithm that was used to generate
--   the key pair (the public and private key).</li>
--   <li><a>cdType</a> - The source of the certificate. For certificates
--   provided by ACM, this value is <tt>AMAZON_ISSUED</tt> . For
--   certificates that you imported with <tt>ImportCertificate</tt> , this
--   value is <tt>IMPORTED</tt> . ACM does not provide <a>managed
--   renewal</a> for imported certificates. For more information about the
--   differences between certificates that you import and those that ACM
--   provides, see <a>Importing Certificates</a> in the <i>AWS Certificate
--   Manager User Guide</i> .</li>
--   <li><a>cdIssuedAt</a> - The time at which the certificate was issued.
--   This value exists only when the certificate type is
--   <tt>AMAZON_ISSUED</tt> .</li>
--   <li><a>cdSignatureAlgorithm</a> - The algorithm that was used to sign
--   the certificate.</li>
--   <li><a>cdDomainValidationOptions</a> - Contains information about the
--   email address or addresses used for domain validation. This field
--   exists only when the certificate type is <tt>AMAZON_ISSUED</tt> .</li>
--   <li><a>cdIssuer</a> - The name of the certificate authority that
--   issued and signed the certificate.</li>
--   <li><a>cdNotAfter</a> - The time after which the certificate is not
--   valid.</li>
--   </ul>
certificateDetail :: CertificateDetail

-- | The name of the entity that is associated with the public key
--   contained in the certificate.
cdSubject :: Lens' CertificateDetail (Maybe Text)

-- | The status of the certificate.
cdStatus :: Lens' CertificateDetail (Maybe CertificateStatus)

-- | The reason the certificate request failed. This value exists only when
--   the certificate status is <tt>FAILED</tt> . For more information, see
--   <a>Certificate Request Failed</a> in the <i>AWS Certificate Manager
--   User Guide</i> .
cdFailureReason :: Lens' CertificateDetail (Maybe FailureReason)

-- | One or more domain names (subject alternative names) included in the
--   certificate. This list contains the domain names that are bound to the
--   public key that is contained in the certificate. The subject
--   alternative names include the canonical domain name (CN) of the
--   certificate and additional domain names that can be used to connect to
--   the website.
cdSubjectAlternativeNames :: Lens' CertificateDetail (Maybe (NonEmpty Text))

-- | A list of ARNs for the AWS resources that are using the certificate. A
--   certificate can be used by multiple AWS resources.
cdInUseBy :: Lens' CertificateDetail [Text]

-- | The time at which the certificate was requested. This value exists
--   only when the certificate type is <tt>AMAZON_ISSUED</tt> .
cdCreatedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | The Amazon Resource Name (ARN) of the certificate. For more
--   information about ARNs, see <a>Amazon Resource Names (ARNs) and AWS
--   Service Namespaces</a> in the <i>AWS General Reference</i> .
cdCertificateARN :: Lens' CertificateDetail (Maybe Text)

-- | The serial number of the certificate.
cdSerial :: Lens' CertificateDetail (Maybe Text)

-- | The date and time at which the certificate was imported. This value
--   exists only when the certificate type is <tt>IMPORTED</tt> .
cdImportedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | The time at which the certificate was revoked. This value exists only
--   when the certificate status is <tt>REVOKED</tt> .
cdRevokedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | The time before which the certificate is not valid.
cdNotBefore :: Lens' CertificateDetail (Maybe UTCTime)

-- | The reason the certificate was revoked. This value exists only when
--   the certificate status is <tt>REVOKED</tt> .
cdRevocationReason :: Lens' CertificateDetail (Maybe RevocationReason)

-- | The fully qualified domain name for the certificate, such as
--   www.example.com or example.com.
cdDomainName :: Lens' CertificateDetail (Maybe Text)

-- | The algorithm that was used to generate the key pair (the public and
--   private key).
cdKeyAlgorithm :: Lens' CertificateDetail (Maybe KeyAlgorithm)

-- | The source of the certificate. For certificates provided by ACM, this
--   value is <tt>AMAZON_ISSUED</tt> . For certificates that you imported
--   with <tt>ImportCertificate</tt> , this value is <tt>IMPORTED</tt> .
--   ACM does not provide <a>managed renewal</a> for imported certificates.
--   For more information about the differences between certificates that
--   you import and those that ACM provides, see <a>Importing
--   Certificates</a> in the <i>AWS Certificate Manager User Guide</i> .
cdType :: Lens' CertificateDetail (Maybe CertificateType)

-- | The time at which the certificate was issued. This value exists only
--   when the certificate type is <tt>AMAZON_ISSUED</tt> .
cdIssuedAt :: Lens' CertificateDetail (Maybe UTCTime)

-- | The algorithm that was used to sign the certificate.
cdSignatureAlgorithm :: Lens' CertificateDetail (Maybe Text)

-- | Contains information about the email address or addresses used for
--   domain validation. This field exists only when the certificate type is
--   <tt>AMAZON_ISSUED</tt> .
cdDomainValidationOptions :: Lens' CertificateDetail (Maybe (NonEmpty DomainValidation))

-- | The name of the certificate authority that issued and signed the
--   certificate.
cdIssuer :: Lens' CertificateDetail (Maybe Text)

-- | The time after which the certificate is not valid.
cdNotAfter :: Lens' CertificateDetail (Maybe UTCTime)

-- | This structure is returned in the response object of
--   <tt>ListCertificates</tt> action.
--   
--   <i>See:</i> <a>certificateSummary</a> smart constructor.
data CertificateSummary

-- | Creates a value of <a>CertificateSummary</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>csCertificateARN</a> - Amazon Resource Name (ARN) of the
--   certificate. This is of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .</li>
--   <li><a>csDomainName</a> - Fully qualified domain name (FQDN), such as
--   www.example.com or example.com, for the certificate.</li>
--   </ul>
certificateSummary :: CertificateSummary

-- | Amazon Resource Name (ARN) of the certificate. This is of the form:
--   <tt>arn:aws:acm:region:123456789012:certificate/12345678-1234-1234-1234-123456789012</tt>
--   For more information about ARNs, see <a>Amazon Resource Names (ARNs)
--   and AWS Service Namespaces</a> .
csCertificateARN :: Lens' CertificateSummary (Maybe Text)

-- | Fully qualified domain name (FQDN), such as www.example.com or
--   example.com, for the certificate.
csDomainName :: Lens' CertificateSummary (Maybe Text)

-- | Structure that contains the domain name, the base validation domain to
--   which validation email is sent, and the email addresses used to
--   validate the domain identity.
--   
--   <i>See:</i> <a>domainValidation</a> smart constructor.
data DomainValidation

-- | Creates a value of <a>DomainValidation</a> with the minimum fields
--   required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dvValidationEmails</a> - A list of contact address for the
--   domain registrant.</li>
--   <li><a>dvValidationDomain</a> - The base validation domain that acts
--   as the suffix of the email addresses that are used to send the
--   emails.</li>
--   <li><a>dvDomainName</a> - Fully Qualified Domain Name (FQDN) of the
--   form <tt>www.example.com or </tt> <tt>example.com</tt> .</li>
--   </ul>
domainValidation :: Text -> DomainValidation

-- | A list of contact address for the domain registrant.
dvValidationEmails :: Lens' DomainValidation [Text]

-- | The base validation domain that acts as the suffix of the email
--   addresses that are used to send the emails.
dvValidationDomain :: Lens' DomainValidation (Maybe Text)

-- | Fully Qualified Domain Name (FQDN) of the form <tt>www.example.com or
--   </tt> <tt>example.com</tt> .
dvDomainName :: Lens' DomainValidation Text

-- | This structure is used in the request object of the
--   <tt>RequestCertificate</tt> action.
--   
--   <i>See:</i> <a>domainValidationOption</a> smart constructor.
data DomainValidationOption

-- | Creates a value of <a>DomainValidationOption</a> with the minimum
--   fields required to make a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>dvoDomainName</a> - Fully Qualified Domain Name (FQDN) of the
--   certificate being requested.</li>
--   <li><a>dvoValidationDomain</a> - The domain to which validation email
--   is sent. This is the base validation domain that will act as the
--   suffix of the email addresses. This must be the same as the
--   <tt>DomainName</tt> value or a superdomain of the <tt>DomainName</tt>
--   value. For example, if you requested a certificate for
--   <tt>site.subdomain.example.com</tt> and specify a
--   <b>ValidationDomain</b> of <tt>subdomain.example.com</tt> , ACM sends
--   email to the domain registrant, technical contact, and administrative
--   contact in WHOIS for the base domain and the following five addresses:
--   * admin<tt>subdomain.example.com *
--   administrator</tt>subdomain.example.com *
--   hostmaster<tt>subdomain.example.com *
--   postmaster</tt>subdomain.example.com *
--   webmaster@subdomain.example.com</li>
--   </ul>
domainValidationOption :: Text -> Text -> DomainValidationOption

-- | Fully Qualified Domain Name (FQDN) of the certificate being requested.
dvoDomainName :: Lens' DomainValidationOption Text

-- | The domain to which validation email is sent. This is the base
--   validation domain that will act as the suffix of the email addresses.
--   This must be the same as the <tt>DomainName</tt> value or a
--   superdomain of the <tt>DomainName</tt> value. For example, if you
--   requested a certificate for <tt>site.subdomain.example.com</tt> and
--   specify a <b>ValidationDomain</b> of <tt>subdomain.example.com</tt> ,
--   ACM sends email to the domain registrant, technical contact, and
--   administrative contact in WHOIS for the base domain and the following
--   five addresses: * admin<tt>subdomain.example.com *
--   administrator</tt>subdomain.example.com *
--   hostmaster<tt>subdomain.example.com *
--   postmaster</tt>subdomain.example.com * webmaster@subdomain.example.com
dvoValidationDomain :: Lens' DomainValidationOption Text

-- | A key-value pair that identifies or specifies metadata about an ACM
--   resource.
--   
--   <i>See:</i> <a>tag</a> smart constructor.
data Tag

-- | Creates a value of <a>Tag</a> with the minimum fields required to make
--   a request.
--   
--   Use one of the following lenses to modify other fields as desired:
--   
--   <ul>
--   <li><a>tagValue</a> - The value of the tag.</li>
--   <li><a>tagKey</a> - The key of the tag.</li>
--   </ul>
tag :: Text -> Tag

-- | The value of the tag.
tagValue :: Lens' Tag (Maybe Text)

-- | The key of the tag.
tagKey :: Lens' Tag Text
