AWS Security ChangesHomeSearch

AWS privateca documentation change

Service: privateca · 2026-04-07 · Documentation medium

File: privateca/latest/userguide/JavaApi-CreateCertificateAuthorityAuditReport.md

Summary

Added documentation about audit report generation limitation for CAs with over 100 million certificates and corresponding exception handling in Java code example

Security assessment

This change adds documentation about a service limitation for audit report generation, which is a security/compliance feature. While it documents a limitation that could impact auditability for large-scale CAs, there is no evidence this addresses a specific security vulnerability or incident. The change enhances transparency about security feature capabilities.

Diff

diff --git a/privateca/latest/userguide/JavaApi-CreateCertificateAuthorityAuditReport.md b/privateca/latest/userguide/JavaApi-CreateCertificateAuthorityAuditReport.md
index 4ea129038..e37ebde5a 100644
--- a//privateca/latest/userguide/JavaApi-CreateCertificateAuthorityAuditReport.md
+++ b//privateca/latest/userguide/JavaApi-CreateCertificateAuthorityAuditReport.md
@@ -10,0 +11,4 @@ The operation creates an audit report that lists every time a certificate is iss
+###### Note
+
+Audit report generation is not supported for certificate authorities that have issued more than 100 million certificates. If you call this operation for such a CA, the service returns a `LimitExceededException`.
+    
@@ -32,0 +37 @@ The operation creates an audit report that lists every time a certificate is iss
+    import com.amazonaws.services.acmpca.model.LimitExceededException;
@@ -87,0 +93,2 @@ The operation creates an audit report that lists every time a certificate is iss
+          } catch (LimitExceededException ex) {
+             throw ex;