本文属于机器翻译版本。若本译文内容与英语原文存在差异，则一律以英文原文为准。

# ACM API 权限：操作和资源参考
<a name="authen-apipermissions"></a>

在设置和编写您可附加到 IAM 用户或角色的访问控制和写入权限策略，可以使用下表作为参考。表中的第一列列出了每个 Amazon Certificate Manager API 操作。您可以在策略的 `Action` 元素中指定操作。剩余的列将提供额外的信息：

 可以在您的 ACM 策略中使用 IAM policy 元素来表达条件。有关完整列表，请参阅 [IAM 用户指南](https://docs.amazonaws.cn/IAM/latest/UserGuide/reference_policies_elements.html#AvailableKeys)中的*可用键*。

**注意**  
 要指定操作，请在 API 操作名称之前使用 `acm:` 前缀（例如，`acm:RequestCertificate`）。

使用滚动条查看表的其余部分。


**ACM API 操作和权限**  

| ACM API 操作 | 必需的权限（API 操作） | 资源 | 
| --- | --- | --- | 
| [AddTagsToCertificate](https://docs.amazonaws.cn/acm/latest/APIReference/API_AddTagsToCertificate.html) | `acm:AddTagsToCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` | 
| [DeleteCertificate](https://docs.amazonaws.cn/acm/latest/APIReference/API_DeleteCertificate.html) | `acm:DeleteCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` | 
| [DescribeCertificate](https://docs.amazonaws.cn/acm/latest/APIReference/API_DescribeCertificate.html) | `acm:DescribeCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` | 
| [ExportCertificate](https://docs.amazonaws.cn/acm/latest/APIReference/API_ExportCertificate.html) | `acm:ExportCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` | 
| [GetAccountConfiguration](https://docs.amazonaws.cn/acm/latest/APIReference/API_GetAccountConfiguration.html) | `acm:GetAccountConfiguration` | `*` | 
| [GetCertificate](https://docs.amazonaws.cn/acm/latest/APIReference/API_GetCertificate.html) | `acm:GetCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` | 
| [ImportCertificate](https://docs.amazonaws.cn/acm/latest/APIReference/API_ImportCertificate.html) | `acm:ImportCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/*`<br />或者<br />`*` | 
| [ListCertificates](https://docs.amazonaws.cn/acm/latest/APIReference/API_ListCertificates.html) | `acm:ListCertificates` | `*` | 
| [ListTagsForCertificate](https://docs.amazonaws.cn/acm/latest/APIReference/API_ListTagsForCertificate.html) | `acm:ListTagsForCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` | 
| [PutAccountConfiguration](https://docs.amazonaws.cn/acm/latest/APIReference/API_PutAccountConfiguration.html) | `acm:PutAccountConfiguration` | `*` | 
| [RemoveTagsFromCertificate](https://docs.amazonaws.cn/acm/latest/APIReference/API_RemoveTagsFromCertificate.html) | `acm:RemoveTagsFromCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` | 
| [RequestCertificate](https://docs.amazonaws.cn/acm/latest/APIReference/API_RequestCertificate.html) | `acm:RequestCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/*`<br />或者<br />`*` | 
| [ResendValidationEmail](https://docs.amazonaws.cn/acm/latest/APIReference/API_ResendValidationEmail.html) | `acm:ResendValidationEmail` | arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate\_ID}} | 
| [SearchCertificates](https://docs.amazonaws.cn/acm/latest/APIReference/API_SearchCertificates.html) | `acm:SearchCertificates` | `*` | 
| [UpdateCertificateOptions](https://docs.amazonaws.cn/acm/latest/APIReference/API_UpdateCertificateOptions.html) | `acm:UpdateCertificateOptions` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` |