Resource: awsAcmpcaPermission
Provides a resource to manage an AWS Certificate Manager Private Certificate Authorities Permission. Currently, this is only required in order to allow the ACM service to automatically renew certificates issued by a PCA.
Example Usage
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsAcmpcaCertificateAuthorityExample =
new aws.acmpcaCertificateAuthority.AcmpcaCertificateAuthority(
this,
"example",
{
certificateAuthorityConfiguration: {
keyAlgorithm: "RSA_4096",
signingAlgorithm: "SHA512WITHRSA",
subject: {
commonName: "example.com",
},
},
}
);
const awsAcmpcaPermissionExample = new aws.acmpcaPermission.AcmpcaPermission(
this,
"example_1",
{
actions: ["IssueCertificate", "GetCertificate", "ListPermissions"],
certificateAuthorityArn: awsAcmpcaCertificateAuthorityExample.arn,
principal: "acm.amazonaws.com",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsAcmpcaPermissionExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
certificateAuthorityArn- (Required) ARN of the CA that grants the permissions.actions- (Required) Actions that the specified AWS service principal can use. These includeissueCertificate,getCertificate, andlistPermissions. Note that in order for ACM to automatically rotate certificates issued by a PCA, it must be granted permission on all 3 actions, as per the example above.principal- (Required) AWS service or identity that receives the permission. At this time, the only valid principal isacmAmazonawsCom.sourceAccount- (Optional) ID of the calling account
Attributes Reference
In addition to all arguments above, the following attributes are exported:
policy- IAM policy that is associated with the permission.