TagCertificateAuthority
Adds one or more tags to your private CA. Tags are labels that you can use to identify and organize your AWS resources. Each tag consists of a key and an optional value. You specify the private CA on input by its Amazon Resource Name (ARN). You specify the tag by using a key-value pair. You can apply a tag to just one private CA if you want to identify a specific characteristic of that CA, or you can apply the same tag to multiple private CAs if you want to filter for a common relationship among those CAs. To remove one or more tags, use the UntagCertificateAuthority action. Call the ListTags action to see what tags are associated with your CA.
Note
To attach tags to a private CA during the creation procedure, a CA administrator
must first associate an inline IAM policy with the
CreateCertificateAuthority
action and explicitly allow tagging. For
more information, see Attaching tags to a CA
at the time of creation.
Request Syntax
{
"CertificateAuthorityArn": "string
",
"Tags": [
{
"Key": "string
",
"Value": "string
"
}
]
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- CertificateAuthorityArn
-
The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
Type: String
Length Constraints: Minimum length of 5. Maximum length of 200.
Pattern:
arn:[\w+=/,.@-]+:acm-pca:[\w+=/,.@-]*:[0-9]*:[\w+=,.@-]+(/[\w+=,.@-]+)*
Required: Yes
- Tags
-
List of tags to be associated with the CA.
Type: Array of Tag objects
Array Members: Minimum number of 1 item. Maximum number of 50 items.
Required: Yes
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidArnException
-
The requested Amazon Resource Name (ARN) does not refer to an existing resource.
HTTP Status Code: 400
- InvalidStateException
-
The state of the private CA does not allow this action to occur.
HTTP Status Code: 400
- InvalidTagException
-
The tag associated with the CA is not valid. The invalid argument is contained in the message field.
HTTP Status Code: 400
- ResourceNotFoundException
-
A resource such as a private CA, S3 bucket, certificate, audit report, or policy cannot be found.
HTTP Status Code: 400
- TooManyTagsException
-
You can associate up to 50 tags with a private CA. Exception information is contained in the exception message field.
HTTP Status Code: 400
Examples
Example
This example illustrates one usage of TagCertificateAuthority.
Sample Request
POST / HTTP/1.1
Host: acm-pca.amazonaws.com
Accept-Encoding: identity
Content-Length: 180
X-Amz-Target: ACMPrivateCA.TagCertificateAuthority
X-Amz-Date: 20180226T170330Z
User-Agent: aws-cli/1.14.28 Python/2.7.9 Windows/8 botocore/1.8.32
Content-Type: application/x-amz-json-1.1
Authorization: AWS4-HMAC-SHA256 Credential=Access_Key_ID/20180226/AWS_Region/acm-pca/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=823508ca59a8620ec0981fada8b14a1b85e1db9938103e1fe2a7c394e70b1d0b
{
"CertificateAuthorityArn": "arn:aws:acm-pca:AWS_Region:AWS_Account:certificate-authority/12345678-1234-1234-1234-123456789012",
"Tags": [{
"Key": "Bob",
"Value": "DatabaseAdmin"
}]
}
Example
This example illustrates one usage of TagCertificateAuthority.
Sample Response
This function does not return a value.
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: