ACM API Permissions: Actions and Resources Reference - AWS Certificate Manager

ACM API Permissions: Actions and Resources Reference

When you set up access control and write permissions policies that you can attach to an IAM identity (identity-based policies), you can use the following table as a reference. The first column in the table lists each AWS Certificate Manager API operation. You specify actions in a policy's Action element. The remaining columns provide the additional information:

You can use the IAM policy elements in your ACM policies to express conditions. For a complete list, see Available Keys in the IAM User Guide.

Note

To specify an action, use the acm: prefix followed by the API operation name (for example, acm:RequestCertificate).

Use the scroll bars to see the rest of the table.

ACM API Operations and Permissions
ACM API Operations Required Permissions (API Operations) Resources

AddTagsToCertificate

acm:AddTagsToCertificate

arn:aws:acm:AWS_region:AWS_account_ID:certificate/certificate_authority_ID

DeleteCertificate

acm:DeleteCertificate

arn:aws:acm:AWS_region:AWS_account_ID:certificate/certificate_authority_ID

DescribeCertificate

acm:DescribeCertificate

arn:aws:acm:AWS_region:AWS_account_ID:certificate/certificate_authority_ID

ExportCertificate

acm:ExportCertificate

arn:aws:acm:AWS_region:AWS_account_ID:certificate/certificate_authority_ID

GetCertificate

acm:GetCertificate

arn:aws:acm:AWS_region:AWS_account_ID:certificate/certificate_authority_ID

ImportCertificate

acm:ImportCertificate

arn:aws:acm:AWS_region:AWS_account_ID:certificate/certificate_authority_ID

ListCertificates

acm:ListCertificates

arn:aws:acm:AWS_region:AWS_account_ID:certificate/certificate_authority_ID

ListTagsForCertificate

acm:ListTagsForCertificate

arn:aws:acm:AWS_region:AWS_account_ID:certificate/certificate_authority_ID

RemoveTagsFromCertificate

acm:RemoveTagsFromCertificate

arn:aws:acm:AWS_region:AWS_account_ID:certificate/certificate_authority_ID

RequestCertificate

acm:RequestCertificate

arn:aws:acm:AWS_region:AWS_account_ID:certificate/certificate_authority_ID

ResendValidationEmail

acm:ResendValidationEmail

arn:aws:acm:AWS_region:AWS_account_ID:certificate/certificate_authority_ID