The Amazon Resource Name (ARN) of the CA that grants the permissions. You can find the ARN by calling the ListCertificateAuthorities action. This must have the following form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.
The Amazon Web Services service or identity that receives the permission. At this time, the only
valid principal is acm.amazonaws.com
.
Optional
SourceThe ID of the calling account.
The actions that the specified Amazon Web Services service principal can use. These include
IssueCertificate
,GetCertificate
, andListPermissions
.