Assigns permissions from a private CA to a designated AWS service. Services are specified by their service principals and can be given permission to create and retrieve certificates on a private CA. Services can also be given permission to list the active permissions that the private CA has granted. For ACM to automatically renew your private CA's certificates, you must assign all possible permissions from the CA to the ACM service principal.
acmpca_create_permission(CertificateAuthorityArn, Principal,
SourceAccount, Actions)[required] The Amazon Resource Name (ARN) of the CA that grants the permissions. You can find the ARN by calling the ListCertificateAuthorities operation. This must have the following form:
arn:aws:acm-pca:<i>region</i>:<i>account</i>:certificate-authority/<i>12345678-1234-1234-1234-123456789012</i> .
[required] The AWS service or identity that receives the permission. At this time,
the only valid principal is acm.amazonaws.com.
The ID of the calling account.
[required] The actions that the specified AWS service principal can use. These
include IssueCertificate, GetCertificate, and ListPermissions.
svc$create_permission(
CertificateAuthorityArn = "string",
Principal = "string",
SourceAccount = "string",
Actions = list(
"IssueCertificate"|"GetCertificate"|"ListPermissions"
)
)
At this time, you can only assign permissions to ACM
(acm.amazonaws.com). Permissions can be revoked with the
DeletePermission operation and listed with the ListPermissions
operation.