AWS Certificate Manager Private Certificate Authority
AWS Private Certificate Authority Documentation (API Version 2017-08-22)

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

DeletePermission

Revokes permissions that a private CA assigned to a designated AWS service. Permissions can be created with the CreatePermission action and listed with the ListPermissions action.

Request Syntax

{ "CertificateAuthorityArn": "string", "Principal": "string", "SourceAccount": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

CertificateAuthorityArn

The Amazon Resource Number (ARN) of the private CA that issued the permissions. You can find the CA's ARN by calling the ListCertificateAuthorities action. This must have the following form:

arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: arn:[\w+=/,.@-]+:[\w+=/,.@-]+:[\w+=/,.@-]*:[0-9]*:[\w+=,.@-]+(/[\w+=/,.@-]+)*

Required: Yes

Principal

The AWS service or identity that will have its CA permissions revoked. At this time, the only valid service principal is acm.amazonaws.com

Type: String

Length Constraints: Minimum length of 0. Maximum length of 128.

Pattern: ^[^*]+$

Required: Yes

SourceAccount

The AWS account that calls this action.

Type: String

Length Constraints: Fixed length of 12.

Pattern: [0-9]+

Required: No

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

InvalidArnException

The requested Amazon Resource Name (ARN) does not refer to an existing resource.

HTTP Status Code: 400

InvalidStateException

The private CA is in a state during which a report or certificate cannot be generated.

HTTP Status Code: 400

RequestFailedException

The request has failed for an unspecified reason.

HTTP Status Code: 400

ResourceNotFoundException

A resource such as a private CA, S3 bucket, certificate, or audit report cannot be found.

HTTP Status Code: 400

Examples

Example

Sample Request

POST / HTTP/1.1 Host: acm.us-east-1.amazonaws.com X-Amz-Target: CertificateManager.DeletePermission X-Amz-Date: 20190213T171121Z User-Agent: aws-cli/1.10.20 Python/2.7.3 Linux/3.13.0-83-generic botocore/1.4.11 Content-Type: application/x-amz-json-1.1 Authorization: AUTHPARAMS, SignedHeaders=content-type;host;user-agent;x-amz-date;x-amz-target, Signature=3c9429306c5e89b9b4be5b35e29c26cc1da32a215d8055a5ed0bdda57bcc881cc { "Actions": { "GetCertificate", "CreateCertificate", "ListPermissions" }, "CertificateArn": "arn:aws:acm:us-east-1:111122223333:certificate/12345678-1234-1234-1234-123456789012", "Principal": "acm.amazonaws.com", "SourceAccount": "012345678901" }

Example

Sample Response

HTTP/1.1 200 OK x-amzn-RequestId: 3c8d676d-025e-11e6-8823-93164b47113c Content-Type: application/x-amz-json-1.1 Content-Length: 0 Date: Thu, Feb 13 2019 17:11:22 GMT

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: