Amazon Private CA · Schema

Permission

Permissions designate which private CA actions can be performed by an Amazon Web Services service or entity. In order for ACM to automatically renew private certificates, you must give the ACM service principal all available permissions (IssueCertificate, GetCertificate, and ListPermissions). Permissions can be assigned with the CreatePermission action, removed with the DeletePermission action, and listed with the ListPermissions action.

Certificate AuthorityCertificatesPKISecurityX.509TLSIoT

Properties

Name Type Description
CertificateAuthorityArn object
CreatedAt object
Principal object
SourceAccount object
Actions object
Policy object
View JSON Schema on GitHub

JSON Schema

amazon-private-ca-permission-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-private-ca/refs/heads/main/json-schema/amazon-private-ca-permission-schema.json",
  "title": "Permission",
  "description": "Permissions designate which private CA actions can be performed by an Amazon Web Services service or entity. In order for ACM to automatically renew private certificates, you must give the ACM service principal all available permissions (<code>IssueCertificate</code>, <code>GetCertificate</code>, and <code>ListPermissions</code>). Permissions can be assigned with the <a href=\"https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreatePermission.html\">CreatePermission</a> action, removed with the <a href=\"https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePermission.html\">DeletePermission</a> action, and listed with the <a href=\"https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListPermissions.html\">ListPermissions</a> action.",
  "type": "object",
  "properties": {
    "CertificateAuthorityArn": {
      "allOf": [
        {
          "$ref": "#/components/schemas/Arn"
        },
        {
          "description": "The Amazon Resource Number (ARN) of the private CA from which the permission was issued."
        }
      ]
    },
    "CreatedAt": {
      "allOf": [
        {
          "$ref": "#/components/schemas/TStamp"
        },
        {
          "description": "The time at which the permission was created."
        }
      ]
    },
    "Principal": {
      "allOf": [
        {
          "$ref": "#/components/schemas/Principal"
        },
        {
          "description": "The Amazon Web Services service or entity that holds the permission. At this time, the only valid principal is <code>acm.amazonaws.com</code>."
        }
      ]
    },
    "SourceAccount": {
      "allOf": [
        {
          "$ref": "#/components/schemas/AccountId"
        },
        {
          "description": "The ID of the account that assigned the permission."
        }
      ]
    },
    "Actions": {
      "allOf": [
        {
          "$ref": "#/components/schemas/ActionList"
        },
        {
          "description": "The private CA actions that can be performed by the designated Amazon Web Services service."
        }
      ]
    },
    "Policy": {
      "allOf": [
        {
          "$ref": "#/components/schemas/AWSPolicy"
        },
        {
          "description": "The name of the policy that is associated with the permission."
        }
      ]
    }
  }
}