Permission
Permissions designate which private CA actions can be performed by an Amazon service or
entity. In order for ACM to automatically renew private certificates, you must give
the ACM service principal all available permissions (IssueCertificate,
GetCertificate, and ListPermissions). Permissions can be
assigned with the CreatePermission action,
removed with the DeletePermission action, and
listed with the ListPermissions action.
Contents
- Actions
-
The private CA actions that can be performed by the designated Amazon service.
Type: Array of strings
Array Members: Minimum number of 1 item. Maximum number of 3 items.
Valid Values:
IssueCertificate | GetCertificate | ListPermissionsRequired: No
- CertificateAuthorityArn
-
The Amazon Resource Number (ARN) of the private CA from which the permission was issued.
Type: String
Length Constraints: Minimum length of 5. Maximum length of 200.
Pattern:
arn:[\w+=/,.@-]+:acm-pca:[\w+=/,.@-]*:[0-9]*:[\w+=,.@-]+(/[\w+=,.@-]+)*Required: No
- CreatedAt
-
The time at which the permission was created.
Type: Timestamp
Required: No
- Policy
-
The name of the policy that is associated with the permission.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 81920.
Pattern:
[\u0009\u000A\u000D\u0020-\u00FF]+Required: No
- Principal
-
The Amazon service or entity that holds the permission. At this time, the only valid principal is
acm.amazonaws.com.Type: String
Length Constraints: Minimum length of 0. Maximum length of 128.
Pattern:
[^*]+Required: No
- SourceAccount
-
The ID of the account that assigned the permission.
Type: String
Length Constraints: Fixed length of 12.
Pattern:
[0-9]+Required: No
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: