Permissions for @turbot/aws-acm
Taking a look at permissions and associated grant levels for each permission for ACM:
Permission | Grant Level | Help |
---|---|---|
acm-pca:CreateCertificateAuthority | Admin | Admins can create a private subordinate certificate authority (CA). |
acm-pca:CreateCertificateAuthorityAuditReport | Operator | Operators can create an audit report for an certificate authority that lists every time that CA private key is used. |
acm-pca:CreatePermission | Admin | |
acm-pca:DeleteCertificateAuthority | Admin | |
acm-pca:DeletePermission | Admin | |
acm-pca:DeletePolicy | Admin | |
acm-pca:DescribeCertificateAuthority | Admin | Lists information about private certificate authority (CA). |
acm-pca:DescribeCertificateAuthorityAuditReport | Admin | |
acm-pca:GetCertificate | ReadOnly | |
acm-pca:GetCertificateAuthorityCertificate | ReadOnly | |
acm-pca:GetCertificateAuthorityCsr | ReadOnly | |
acm-pca:GetPolicy | Metadata | |
acm-pca:ImportCertificateAuthorityCertificate | Admin | Admins can import signed private CA certificate into ACM PCA. |
acm-pca:IssueCertificate | Admin | Admins use private certificate authority (CA) to issue a client certificate. |
acm-pca:ListCertificateAuthorities | Metadata | |
acm-pca:ListPermissions | Metadata | |
acm-pca:ListTags | Metadata | |
acm-pca:PutPolicy | Admin | |
acm-pca:RestoreCertificateAuthority | Admin | |
acm-pca:RevokeCertificate | Admin | Admins can revoke a issued certificate. |
acm-pca:TagCertificateAuthority | Operator | |
acm-pca:UntagCertificateAuthority | Operator | |
acm-pca:UpdateCertificateAuthority | Admin | |
acm:AddTagsToCertificate | Operator | Operators can manage tag metadata for certificates. |
acm:DeleteCertificate | Admin | |
acm:DescribeCertificate | Metadata | Certificate contains no private keys or other sensitive data. |
acm:ExportCertificate | Admin | Admins can export a private certificate issued by a private certificate authority (CA) for use anywhere. |
acm:GetAccountConfiguration | Metadata | |
acm:GetCertificate | Metadata | Certificate contains no private keys or other sensitive data. |
acm:ImportCertificate | Admin | |
acm:ListCertificates | Metadata | Certificate contains no private keys or other sensitive data. |
acm:ListTagsForCertificate | Metadata | Certificate tags contain no sensitive data. |
acm:PutAccountConfiguration | Admin | |
acm:RemoveTagsFromCertificate | Operator | Operators can manage tag metadata for certificates. |
acm:RenewCertificate | Admin | |
acm:RequestCertificate | Admin | |
acm:ResendValidationEmail | Admin | |
acm:UpdateCertificateOptions | Admin |