pulumi-aws-kotlin/com.pulumi.aws.acmpca.kotlin/PermissionArgs

PermissionArgs

data class PermissionArgs(val actions: Output<List<String>>? = null, val certificateAuthorityArn: Output<String>? = null, val principal: Output<String>? = null, val sourceAccount: Output<String>? = null) : ConvertibleToJava<PermissionArgs>

Provides a resource to manage an AWS Certificate Manager Private Certificate Authorities Permission. Currently, this is only required in order to allow the ACM service to automatically renew certificates issued by a PCA.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.acmpca.CertificateAuthority;
import com.pulumi.aws.acmpca.CertificateAuthorityArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs;
import com.pulumi.aws.acmpca.inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs;
import com.pulumi.aws.acmpca.Permission;
import com.pulumi.aws.acmpca.PermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleCertificateAuthority = new CertificateAuthority("exampleCertificateAuthority", CertificateAuthorityArgs.builder()
            .certificateAuthorityConfiguration(CertificateAuthorityCertificateAuthorityConfigurationArgs.builder()
                .keyAlgorithm("RSA_4096")
                .signingAlgorithm("SHA512WITHRSA")
                .subject(CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs.builder()
                    .commonName("example.com")
                    .build())
                .build())
            .build());
        var examplePermission = new Permission("examplePermission", PermissionArgs.builder()
            .certificateAuthorityArn(exampleCertificateAuthority.arn())
            .actions(
                "IssueCertificate",
                "GetCertificate",
                "ListPermissions")
            .principal("acm.amazonaws.com")
            .build());
    }
}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(actions: Output<List<String>>? = null, certificateAuthorityArn: Output<String>? = null, principal: Output<String>? = null, sourceAccount: Output<String>? = null)

Properties

Link copied to clipboard
val actions: Output<List<String>>? = null

Actions that the specified AWS service principal can use. These include IssueCertificate, GetCertificate, and ListPermissions. Note that in order for ACM to automatically rotate certificates issued by a PCA, it must be granted permission on all 3 actions, as per the example above.

Link copied to clipboard
val certificateAuthorityArn: Output<String>? = null

ARN of the CA that grants the permissions.

Link copied to clipboard
val principal: Output<String>? = null

AWS service or identity that receives the permission. At this time, the only valid principal is acm.amazonaws.com.

Link copied to clipboard
val sourceAccount: Output<String>? = null

ID of the calling account

Functions

Link copied to clipboard
open override fun toJava(): PermissionArgs