pulumi-aws-kotlin/com.pulumi.aws.acmpca.kotlin/PolicyArgs

PolicyArgs

data class PolicyArgs(val policy: Output<String>? = null, val resourceArn: Output<String>? = null) : ConvertibleToJava<PolicyArgs>

Attaches a resource based policy to a private CA.

Example Usage

Basic

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.IamFunctions;
import com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;
import com.pulumi.aws.acmpca.Policy;
import com.pulumi.aws.acmpca.PolicyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var examplePolicyDocument = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()
            .statements(
                GetPolicyDocumentStatementArgs.builder()
                    .sid("1")
                    .effect("Allow")
                    .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                        .type("AWS")
                        .identifiers(data.aws_caller_identity().current().account_id())
                        .build())
                    .actions(
                        "acm-pca:DescribeCertificateAuthority",
                        "acm-pca:GetCertificate",
                        "acm-pca:GetCertificateAuthorityCertificate",
                        "acm-pca:ListPermissions",
                        "acm-pca:ListTags")
                    .resources(aws_acmpca_certificate_authority.example().arn())
                    .build(),
                GetPolicyDocumentStatementArgs.builder()
                    .sid("2")
                    .effect(Allow)
                    .principals(GetPolicyDocumentStatementPrincipalArgs.builder()
                        .type("AWS")
                        .identifiers(data.aws_caller_identity().current().account_id())
                        .build())
                    .actions("acm-pca:IssueCertificate")
                    .resources(aws_acmpca_certificate_authority.example().arn())
                    .conditions(GetPolicyDocumentStatementConditionArgs.builder()
                        .test("StringEquals")
                        .variable("acm-pca:TemplateArn")
                        .values("arn:aws:acm-pca:::template/EndEntityCertificate/V1")
                        .build())
                    .build())
            .build());
        var examplePolicy = new Policy("examplePolicy", PolicyArgs.builder()
            .resourceArn(aws_acmpca_certificate_authority.example().arn())
            .policy(examplePolicyDocument.applyValue(getPolicyDocumentResult -> getPolicyDocumentResult.json()))
            .build());
    }
}
Content copied to clipboard

Import

aws_acmpca_policy can be imported using the resource_arn value.

$ pulumi import aws:acmpca/policy:Policy example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(policy: Output<String>? = null, resourceArn: Output<String>? = null)

Properties

Link copied to clipboard
val policy: Output<String>? = null

JSON-formatted IAM policy to attach to the specified private CA resource.

Link copied to clipboard
val resourceArn: Output<String>? = null

ARN of the private CA to associate with the policy.

Functions

Link copied to clipboard
open override fun toJava(): PolicyArgs