software.amazon.awscdk.services.acmpca

Class CfnPermission

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.CfnElement

software.amazon.awscdk.core.CfnRefElement

software.amazon.awscdk.core.CfnResource

software.amazon.awscdk.services.acmpca.CfnPermission

All Implemented Interfaces:

IConstruct, IDependable, IInspectable

@Generated(value="jsii-pacmak/1.74.0 (build 6d08790)",
           date="2023-03-22T19:35:35.190Z")
public class CfnPermission
extends CfnResource
implements IInspectable

A CloudFormation `AWS::ACMPCA::Permission`.

Grants permissions to the AWS Certificate Manager ( ACM ) service principal ( acm.amazonaws.com ) to perform IssueCertificate , GetCertificate , and ListPermissions actions on a CA. These actions are needed for the ACM principal to renew private PKI certificates requested through ACM and residing in the same AWS account as the CA.

About permissions - If the private CA and the certificates it issues reside in the same account, you can use AWS::ACMPCA::Permission to grant permissions for ACM to carry out automatic certificate renewals.

• For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve, and list permissions.
• If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable cross-account issuance and renewals. For more information, see Using a Resource Based Policy with AWS Private CA .

To update an AWS::ACMPCA::Permission resource, you must first delete the existing permission resource from the CloudFormation stack and then create a new permission resource with updated properties.

Example:

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.acmpca.*;
 CfnPermission cfnPermission = CfnPermission.Builder.create(this, "MyCfnPermission")
         .actions(List.of("actions"))
         .certificateAuthorityArn("certificateAuthorityArn")
         .principal("principal")
         // the properties below are optional
         .sourceAccount("sourceAccount")
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	CfnPermission.Builder A fluent builder for CfnPermission.

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable

IInspectable.Jsii$Default, IInspectable.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct

IConstruct.Jsii$Default

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CFN_RESOURCE_TYPE_NAME The CloudFormation resource type name for this resource class.

Constructor Summary

Constructors

Modifier	Constructor and Description
	CfnPermission(Construct scope, java.lang.String id, CfnPermissionProps props) Create a new `AWS::ACMPCA::Permission`.
protected	CfnPermission(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	CfnPermission(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
java.util.List<java.lang.String>	getActions() The private CA actions that can be performed by the designated AWS service.
java.lang.String	getCertificateAuthorityArn() The Amazon Resource Number (ARN) of the private CA from which the permission was issued.
protected java.util.Map<java.lang.String,java.lang.Object>	getCfnProperties()
java.lang.String	getPrincipal() The AWS service or entity that holds the permission.
java.lang.String	getSourceAccount() The ID of the account that assigned the permission.
void	inspect(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.
protected java.util.Map<java.lang.String,java.lang.Object>	renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)
void	setActions(java.util.List<java.lang.String> value) The private CA actions that can be performed by the designated AWS service.
void	setCertificateAuthorityArn(java.lang.String value) The Amazon Resource Number (ARN) of the private CA from which the permission was issued.
void	setPrincipal(java.lang.String value) The AWS service or entity that holds the permission.
void	setSourceAccount(java.lang.String value) The ID of the account that assigned the permission.

Methods inherited from class software.amazon.awscdk.core.CfnResource

addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties

Methods inherited from class software.amazon.awscdk.core.CfnRefElement

getRef

Methods inherited from class software.amazon.awscdk.core.CfnElement

getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

CFN_RESOURCE_TYPE_NAME

public static final java.lang.String CFN_RESOURCE_TYPE_NAME

The CloudFormation resource type name for this resource class.

Constructor Detail

CfnPermission

protected CfnPermission(software.amazon.jsii.JsiiObjectRef objRef)

CfnPermission

protected CfnPermission(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

CfnPermission

public CfnPermission(Construct scope,
                     java.lang.String id,
                     CfnPermissionProps props)

Create a new `AWS::ACMPCA::Permission`.

Parameters:

scope - - scope in which this resource is defined. This parameter is required.

id - - scoped id of the resource. This parameter is required.

props - - resource properties. This parameter is required.

Method Detail

inspect

public void inspect(TreeInspector inspector)

Examines the CloudFormation resource and discloses attributes.

Specified by:

inspect in interface IInspectable

Parameters:

inspector - - tree inspector to collect and process attributes. This parameter is required.

renderProperties

protected java.util.Map<java.lang.String,java.lang.Object> renderProperties(java.util.Map<java.lang.String,java.lang.Object> props)

Overrides:

renderProperties in class CfnResource

Parameters:

props - This parameter is required.

getCfnProperties

protected java.util.Map<java.lang.String,java.lang.Object> getCfnProperties()

Overrides:

getCfnProperties in class CfnResource

getActions

public java.util.List<java.lang.String> getActions()

The private CA actions that can be performed by the designated AWS service.

Supported actions are IssueCertificate , GetCertificate , and ListPermissions .

setActions

public void setActions(java.util.List<java.lang.String> value)

The private CA actions that can be performed by the designated AWS service.

Supported actions are IssueCertificate , GetCertificate , and ListPermissions .

getCertificateAuthorityArn

public java.lang.String getCertificateAuthorityArn()

The Amazon Resource Number (ARN) of the private CA from which the permission was issued.

setCertificateAuthorityArn

public void setCertificateAuthorityArn(java.lang.String value)

The Amazon Resource Number (ARN) of the private CA from which the permission was issued.

getPrincipal

public java.lang.String getPrincipal()

The AWS service or entity that holds the permission.

At this time, the only valid principal is acm.amazonaws.com .

setPrincipal

public void setPrincipal(java.lang.String value)

The AWS service or entity that holds the permission.

At this time, the only valid principal is acm.amazonaws.com .

getSourceAccount

public java.lang.String getSourceAccount()

The ID of the account that assigned the permission.

setSourceAccount

public void setSourceAccount(java.lang.String value)

The ID of the account that assigned the permission.