创建策略 - Amazon Private Certificate Authority
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

创建策略

以下 CloudTrail 示例显示了调用PutPolicy操作的结果。

{
   "eventVersion":"1.08",
   "userIdentity":{ 
      },
      "invokedBy":"agent"
   },
   "eventTime":"2021-02-26T21:25:36Z",
   "eventSource":"acm-pca.amazonaws.com",
   "eventName":"PutPolicy",
   "awsRegion":"region",
   "sourceIPAddress":"xx.xx.xx.xx",
   "userAgent":"agent",
   "requestParameters":{
      "resourceArn":"arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566",
      "policy":"{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"01234567-89ab-cdef-0123-456789abcdef4-external-principals\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"account\"},\"Action\":\"acm-pca:IssueCertificate\",\"Resource\":\"arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566\",\"Condition\":{\"StringEquals\":{\"acm-pca:TemplateArn\":\"arn:aws:acm-pca:::template/EndEntityCertificate/V1\"}}},{\"Sid\":\"01234567-89ab-cdef-0123-456789abcdef-external-principals\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"account\"},\"Action\":[\"acm-pca:DescribeCertificateAuthority\",\"acm-pca:GetCertificate\",\"acm-pca:GetCertificateAuthorityCertificate\",\"acm-pca:ListPermissions\",\"acm-pca:ListTags\"],\"Resource\":\"arn:aws:acm-pca:us-east-1:111122223333:certificate-authority/11223344-1234-1122-2233-112233445566\"}]}"
   },
   "responseElements":null,
   "requestID":"01234567-89ab-cdef-0123-456789abcdef",
   "eventID":"01234567-89ab-cdef-0123-456789abcdef",
   "readOnly":false,
   "eventType":"AwsApiCall",
   "managementEvent":true,
   "eventCategory":"Management",
   "recipientAccountId":"account"
}