Permissions for @turbot/aws-acm
Taking a look at permissions and associated grant levels for each permission for ACM:
| Permission | Grant Level | Help |
|---|---|---|
| acm-pca:CreateCertificateAuthority | Admin | Admins can create a private subordinate certificate authority (CA). |
| acm-pca:CreateCertificateAuthorityAuditReport | Operator | Operators can create an audit report for an certificate authority that lists every time that CA private key is used. |
| acm-pca:CreatePermission | Admin | |
| acm-pca:DeleteCertificateAuthority | Admin | |
| acm-pca:DeletePermission | Admin | |
| acm-pca:DeletePolicy | Admin | |
| acm-pca:DescribeCertificateAuthority | Admin | Lists information about private certificate authority (CA). |
| acm-pca:DescribeCertificateAuthorityAuditReport | Admin | |
| acm-pca:GetCertificate | ReadOnly | |
| acm-pca:GetCertificateAuthorityCertificate | ReadOnly | |
| acm-pca:GetCertificateAuthorityCsr | ReadOnly | |
| acm-pca:GetPolicy | Metadata | |
| acm-pca:ImportCertificateAuthorityCertificate | Admin | Admins can import signed private CA certificate into ACM PCA. |
| acm-pca:IssueCertificate | Admin | Admins use private certificate authority (CA) to issue a client certificate. |
| acm-pca:ListCertificateAuthorities | Metadata | |
| acm-pca:ListPermissions | Metadata | |
| acm-pca:ListTags | Metadata | |
| acm-pca:PutPolicy | Admin | |
| acm-pca:RestoreCertificateAuthority | Admin | |
| acm-pca:RevokeCertificate | Admin | Admins can revoke a issued certificate. |
| acm-pca:TagCertificateAuthority | Operator | |
| acm-pca:UntagCertificateAuthority | Operator | |
| acm-pca:UpdateCertificateAuthority | Admin | |
| acm:AddTagsToCertificate | Operator | Operators can manage tag metadata for certificates. |
| acm:DeleteCertificate | Admin | |
| acm:DescribeCertificate | Metadata | Certificate contains no private keys or other sensitive data. |
| acm:ExportCertificate | Admin | Admins can export a private certificate issued by a private certificate authority (CA) for use anywhere. |
| acm:GetAccountConfiguration | Metadata | |
| acm:GetCertificate | Metadata | Certificate contains no private keys or other sensitive data. |
| acm:ImportCertificate | Admin | |
| acm:ListCertificates | Metadata | Certificate contains no private keys or other sensitive data. |
| acm:ListTagsForCertificate | Metadata | Certificate tags contain no sensitive data. |
| acm:PutAccountConfiguration | Admin | |
| acm:RemoveTagsFromCertificate | Operator | Operators can manage tag metadata for certificates. |
| acm:RenewCertificate | Admin | |
| acm:RequestCertificate | Admin | |
| acm:ResendValidationEmail | Admin | |
| acm:UpdateCertificateOptions | Admin |