PutPolicy - Amazon Private Certificate Authority
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

PutPolicy

The following Java sample shows how to use the PutPolicy operation.

The operation attaches a resource-based policy to a private CA, enabling cross-account sharing. When authorized by a policy, a principal residing in another Amazon account can issue and renew private end-entity certificates using a private CA that it does not own. You can find the ARN of a private CA by calling the ListCertificateAuthorities action. For examples of policies, see the Amazon Private CA guidance on Resource-Based Policies.

Once a policy is attached to a CA, you can inspect it with the GetPolicy action or delete it with the DeletePolicy action.

package com.amazonaws.samples; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.services.acmpca.AWSACMPCA; import com.amazonaws.services.acmpca.AWSACMPCAClientBuilder; import com.amazonaws.AmazonClientException; import com.amazonaws.services.acmpca.model.PutPolicyRequest; import com.amazonaws.services.acmpca.model.PutPolicyResult; import com.amazonaws.services.acmpca.model.AWSACMPCAException; import com.amazonaws.services.acmpca.model.ConcurrentModificationException; import com.amazonaws.services.acmpca.model.InvalidArnException; import com.amazonaws.services.acmpca.model.InvalidStateException; import com.amazonaws.services.acmpca.model.InvalidPolicyException; import com.amazonaws.services.acmpca.model.LockoutPreventedException; import com.amazonaws.services.acmpca.model.RequestFailedException; import com.amazonaws.services.acmpca.model.ResourceNotFoundException; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Paths; public class PutPolicy { public static void main(String[] args) throws Exception { // Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux. AWSCredentials credentials = null; try { credentials = new ProfileCredentialsProvider("default").getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load your credentials from file.", e); } // Define the endpoint for your sample. String endpointRegion = "region"; // Substitute your region here, e.g. "us-west-2" String endpointProtocol = "https://acm-pca." + endpointRegion + ".amazonaws.com/"; EndpointConfiguration endpoint = new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion); // Create a client that you can use to make requests. AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Create the request object. PutPolicyRequest req = new PutPolicyRequest(); // Set the resource ARN. req.withResourceArn("arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566"); // Import and set the policy. // Note: This code assumes the file "ShareResourceWithAccountPolicy.json" is in a folder titled policy. String policy = new String(Files.readAllBytes(Paths.get("policy", "ShareResourceWithAccountPolicy.json"))); req.withPolicy(policy); // Retrieve a list of your CAs. PutPolicyResult result = null; try { result = client.putPolicy(req); } catch (ConcurrentModificationException ex) { throw ex; } catch (InvalidArnException ex) { throw ex; } catch (InvalidStateException ex) { throw ex; } catch (InvalidPolicyException ex) { throw ex; } catch (LockoutPreventedException ex) { throw ex; } catch (RequestFailedException ex) { throw ex; } catch (ResourceNotFoundException ex) { throw ex; } catch (AWSACMPCAException ex) { throw ex; } } }