Permission

Permissions designate which private CA actions can be performed by an AWS service or entity. In order for ACM to automatically renew private certificates, you must give the ACM service principal all available permissions (IssueCertificate, GetCertificate, and ListPermissions). Permissions can be assigned with the CreatePermission action, removed with the DeletePermission action, and listed with the ListPermissions action.

Contents

Actions

The private CA actions that can be performed by the designated AWS service.

Type: Array of strings

Array Members: Minimum number of 1 item. Maximum number of 3 items.

Valid Values: IssueCertificate | GetCertificate | ListPermissions

Required: No

CertificateAuthorityArn

The Amazon Resource Number (ARN) of the private CA from which the permission was issued.

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: arn:[\w+=/,.@-]+:acm-pca:[\w+=/,.@-]*:[0-9]*:[\w+=,.@-]+(/[\w+=,.@-]+)*

Required: No

CreatedAt

The time at which the permission was created.

Type: Timestamp

Required: No

Policy

The name of the policy that is associated with the permission.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 20480.

Pattern: [\u0009\u000A\u000D\u0020-\u00FF]+

Required: No

Principal

The AWS service or entity that holds the permission. At this time, the only valid principal is acm.amazonaws.com.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 128.

Pattern: ^[^*]+$

Required: No

SourceAccount

The ID of the account that assigned the permission.

Type: String

Length Constraints: Fixed length of 12.

Pattern: [0-9]+

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++

• AWS SDK for Go

• AWS SDK for Java V2

• AWS SDK for Ruby V3