Amazon Private CA API operations and permissions
When you set up access control and permissions policies that you plan to attach to an
IAM identity (identity-based policies), use the following table as a reference. The
first column in the table lists each Amazon Private CA API operation. You specify actions in a
policy's Action
element. The remaining columns provide the additional
information.
Amazon Private CA API operations | Required permissions | Resources |
---|---|---|
|
|
|
|
|
|
CreatePermission | acm-pca:CreatePermission |
arn: |
|
|
|
DeletePermission | acm-pca:DeletePermission |
arn: |
DeletePolicy | acm-pca:DeletePolicy |
arn: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
GetPolicy | acm-pca:GetPolicy |
arn: |
|
|
|
|
|
|
|
N/A |
|
ListPermissions | acm-pca:ListPermissions |
arn: |
|
N/A |
|
PutPolicy | acm-pca:PutPolicy |
arn: |
|
|
|
|
|
|
|
|
|
|
|
To provide access, add permissions to your users, groups, or roles:
-
Users managed in IAM through an identity provider:
Create a role for identity federation. Follow the instructions in Create a role for a third-party identity provider (federation) in the IAM User Guide.
-
IAM users:
-
Create a role that your user can assume. Follow the instructions in Create a role for an IAM user in the IAM User Guide.
-
(Not recommended) Attach a policy directly to a user or add a user to a user group. Follow the instructions in Adding permissions to a user (console) in the IAM User Guide.
-