acmpca_create_permission: Assigns permissions from a private CA to a designated AWS...

Description Usage Arguments Details Request syntax

View source: R/acmpca_operations.R

Description

Assigns permissions from a private CA to a designated AWS service. Services are specified by their service principals and can be given permission to create and retrieve certificates on a private CA. Services can also be given permission to list the active permissions that the private CA has granted. For ACM to automatically renew your private CA\'s certificates, you must assign all possible permissions from the CA to the ACM service principal.

Usage

1
2
acmpca_create_permission(CertificateAuthorityArn, Principal,
  SourceAccount, Actions)

Arguments

CertificateAuthorityArn

[required] The Amazon Resource Name (ARN) of the CA that grants the permissions. You can find the ARN by calling the ListCertificateAuthorities action. This must have the following form:

arn:aws:acm-pca:<i>region</i>:<i>account</i>:certificate-authority/<i>12345678-1234-1234-1234-123456789012</i> .

Principal

[required] The AWS service or identity that receives the permission. At this time, the only valid principal is acm.amazonaws.com.

SourceAccount

The ID of the calling account.

Actions

[required] The actions that the specified AWS service principal can use. These include IssueCertificate, GetCertificate, and ListPermissions.

Details

At this time, you can only assign permissions to ACM (acm.amazonaws.com). Permissions can be revoked with the DeletePermission action and listed with the ListPermissions action.

Request syntax

1
2
3
4
5
6
7
8
svc$create_permission(
  CertificateAuthorityArn = "string",
  Principal = "string",
  SourceAccount = "string",
  Actions = list(
    "IssueCertificate"|"GetCertificate"|"ListPermissions"
  )
)

paws.security.identity documentation built on Jan. 14, 2020, 5:08 p.m.