Amazon managed policies
Amazon Private CA includes a set of predefined Amazon managed policies for Amazon Private CA administrators, users, and auditors. Understanding these policies can help you implement Customer managed policies.
Choose any of the policies listed below to see details and sample policy code.
Grants unrestricted administrative control.
For a JSON listing of the policy details, see AWSPrivateCAFullAccess.
Grants access limited to read-only API operations.
For a JSON listing of the policy details, see AWSPrivateCAReadOnly.
Grants ability to issue and revoke CA certificates. This policy has no other administrative capabilities and no ability to issue end-entity certificates. Permissions are mutually exclusive with the User policy.
For a JSON listing of the policy details, see AWSPrivateCAPrivilegedUser.
Grant ability to issue and revoke end-entity certificates. This policy has no administrative capabilities and no ability to issue CA certificates. Permissions are mutually exclusive with the PrivilegedUser policy.
For a JSON listing of the policy details, see AWSPrivateCAUser.
Grant access to read-only API operations and permission to generate a CA audit report.
For a JSON listing of the policy details, see AWSPrivateCAAuditor.
Grants essential permissions for the Amazon Private CA Connector for Kubernetes.
For a JSON listing of the policy details, see AWSPrivateCAConnectorForKubernetesPolicy.
Updates to Amazon managed policies for Amazon Private CA
In the following table, view details about updates to Amazon managed policies for Amazon Private CA since the service began tracking these changes. For automatic alerts about all changes to Amazon Private CA, subscribe to the RSS feed on the Document History page.
Change | Description | Date |
---|---|---|
New Policy: AmazonPrivateCAConnectorForKubernetesPolicy |
New managed policy introduced for use with Amazon Private CA Connector for Kubernetes. |
May 19, 2025 |
AmazonPrivateCAPrivilegedUser and AmazonPrivateCAUser - Updated policy |
Replaced Updated template arn to include wild cards
|
January 22, 2025 |
New policy names:
|
Policy name prefixes were changed from
Functionality remains unchanged. |
February 13, 2023 |