ListPermissions
The following Java sample shows how to use the ListPermissions operation.
This
operation
lists the permissions, if any, that your private CA has assigned. Permissions, including
IssueCertificate
, GetCertificate
, and
ListPermissions
, can be assigned to an AWS service principal with the CreatePermission
operation,
and revoked with the DeletePermissions
operation.
package com.amazonaws.samples; import com.amazonaws.auth.AWSCredentials; import com.amazonaws.auth.profile.ProfileCredentialsProvider; import com.amazonaws.client.builder.AwsClientBuilder; import com.amazonaws.client.builder.AwsClientBuilder.EndpointConfiguration; import com.amazonaws.auth.AWSStaticCredentialsProvider; import com.amazonaws.services.acmpca.AWSACMPCA; import com.amazonaws.services.acmpca.AWSACMPCAClientBuilder; import com.amazonaws.services.acmpca.model.ListPermissionsRequest; import com.amazonaws.services.acmpca.model.ListPermissionsResult; import com.amazonaws.AmazonClientException; import com.amazonaws.services.acmpca.model.InvalidArnException; import com.amazonaws.services.acmpca.model.InvalidNextTokenException; import com.amazonaws.services.acmpca.model.InvalidStateException; import com.amazonaws.services.acmpca.model.ResourceNotFoundException; import com.amazonaws.services.acmpca.model.RequestFailedException; public class ListPermissions { public static void main(String[] args) throws Exception { // Retrieve your credentials from the C:\Users\name\.aws\credentials file // in Windows or the .aws/credentials file in Linux. AWSCredentials credentials = null; try{ credentials = new ProfileCredentialsProvider("default").getCredentials(); } catch (Exception e) { throw new AmazonClientException("Cannot load your credentials from disk", e); } // Define the endpoint for your sample. String endpointProtocol = "https://acm-pca.region.amazonaws.com/"; String endpointRegion = "region"; EndpointConfiguration endpoint = new AwsClientBuilder.EndpointConfiguration(endpointProtocol, endpointRegion); // Create a client that you can use to make requests. AWSACMPCA client = AWSACMPCAClientBuilder.standard() .withEndpointConfiguration(endpoint) .withCredentials(new AWSStaticCredentialsProvider(credentials)) .build(); // Create a request object. ListPermissionsRequest req = new ListPermissionsRequest(); req.withCertificateAuthorityArn("arn:aws:acm-pca:region:account:" + "certificate-authority/12345678-1234-1234-1234-123456789012"); // List the tags. ListPermissionsResult result = null; try { result = client.listPermissions(req); } catch (InvalidArnException ex) { throw ex; } catch (InvalidStateException ex) { throw ex; } catch(RequestFailedException ex) { throw ex; } catch (ResourceNotFoundException ex) { throw ex; } // Retrieve and display the permissions. System.out.println(result); } }
If the designated private CA has assigned permissions to a service principal, your output should be similar to the following:
[{ Arn: arn:aws:acm-pca:
region
:account
:permission/12345678-1234-1234-1234-123456789012
, CreatedAt: WedFeb0317: 05: 39PST2019, Prinicpal: acm.amazonaws.com, Permissions: { ISSUE_CERTIFICATE, GET_CERTIFICATE, DELETE,CERTIFICATE }, SourceAccount:012345678901
}]