pulumi-aws-kotlin/com.pulumi.aws.acmpca.kotlin/Permission

Permission

Provides a resource to manage an AWS Certificate Manager Private Certificate Authorities Permission. Currently, this is only required in order to allow the ACM service to automatically renew certificates issued by a PCA.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.CertificateAuthority;
import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
import com.pulumi.aws.acmpca.Permission;
import com.pulumi.aws.acmpca.PermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleCertificateAuthority = new CertificateAuthority("exampleCertificateAuthority", CertificateAuthorityArgs.builder()
            .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
                .keyAlgorithm("RSA_4096")
                .signingAlgorithm("SHA512WITHRSA")
                .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
                    .commonName("example.com")
                    .build())
                .build())
            .build());
        var examplePermission = new Permission("examplePermission", PermissionArgs.builder()
            .certificateAuthorityArn(exampleCertificateAuthority.arn())
            .actions(
                "IssueCertificate",
                "GetCertificate",
                "ListPermissions")
            .principal("acm.amazonaws.com")
            .build());
    }
}

Properties

actions

val actions: Output<List<String>>

Actions that the specified AWS service principal can use. These include IssueCertificate, GetCertificate, and ListPermissions. Note that in order for ACM to automatically rotate certificates issued by a PCA, it must be granted permission on all 3 actions, as per the example above.

certificateAuthorityArn

val certificateAuthorityArn: Output<String>

ARN of the CA that grants the permissions.