Policy
Attaches a resource based policy to a private CA.
Example Usage
Basic
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.Policy;
import com.pulumi.aws.acmpca.PolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Policy("example", PolicyArgs.builder()
.resourceArn(aws_acmpca_certificate_authority.example().arn())
.policy("""
{
"Version":"2012-10-17",
"Statement":[
{
"Sid":"1",
"Effect":"Allow",
"Principal":{
"AWS":"%s"
},
"Action":[
"acm-pca:DescribeCertificateAuthority",
"acm-pca:GetCertificate",
"acm-pca:GetCertificateAuthorityCertificate",
"acm-pca:ListPermissions",
"acm-pca:ListTags"
],
"Resource":"%s"
},
{
"Sid":"1",
"Effect":"Allow",
"Principal":{
"AWS":"%s"
},
"Action":[
"acm-pca:IssueCertificate"
],
"Resource":"%s",
"Condition":{
"StringEquals":{
"acm-pca:TemplateArn":"arn:aws:acm-pca:::template/EndEntityCertificate/V1"
}
}
}
]
}
", data.aws_caller_identity().current().account_id(),aws_acmpca_certificate_authority.example().arn(),data.aws_caller_identity().current().account_id(),aws_acmpca_certificate_authority.example().arn()))
.build());
}
}Content copied to clipboard
Import
aws_acmpca_policy can be imported using the resource_arn value.
$ pulumi import aws:acmpca/policy:Policy example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012Content copied to clipboard