The Amazon Resource Name (ARN) of the CA that grants the permissions. You can find the ARN by calling the ListCertificateAuthorities action. This must have the following form:
The Amazon Web Services service or identity that receives the permission. At this time, the only
valid principal is
The ID of the calling account.
The actions that the specified Amazon Web Services service principal can use. These include