AWS privateca documentation change
Summary
Added documentation about audit report generation limitation for CAs with over 100 million certificates and corresponding exception handling in Java code example
Security assessment
This change adds documentation about a service limitation for audit report generation, which is a security/compliance feature. While it documents a limitation that could impact auditability for large-scale CAs, there is no evidence this addresses a specific security vulnerability or incident. The change enhances transparency about security feature capabilities.
Diff
diff --git a/privateca/latest/userguide/JavaApi-CreateCertificateAuthorityAuditReport.md b/privateca/latest/userguide/JavaApi-CreateCertificateAuthorityAuditReport.md index 4ea129038..e37ebde5a 100644 --- a//privateca/latest/userguide/JavaApi-CreateCertificateAuthorityAuditReport.md +++ b//privateca/latest/userguide/JavaApi-CreateCertificateAuthorityAuditReport.md @@ -10,0 +11,4 @@ The operation creates an audit report that lists every time a certificate is iss +###### Note + +Audit report generation is not supported for certificate authorities that have issued more than 100 million certificates. If you call this operation for such a CA, the service returns a `LimitExceededException`. + @@ -32,0 +37 @@ The operation creates an audit report that lists every time a certificate is iss + import com.amazonaws.services.acmpca.model.LimitExceededException; @@ -87,0 +93,2 @@ The operation creates an audit report that lists every time a certificate is iss + } catch (LimitExceededException ex) { + throw ex;