Resource: awsAcmpcaPolicy
Attaches a resource based policy to a private CA.
Example Usage
Basic
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const dataAwsIamPolicyDocumentExample =
new aws.dataAwsIamPolicyDocument.DataAwsIamPolicyDocument(this, "example", {
statement: [
{
actions: [
"acm-pca:DescribeCertificateAuthority",
"acm-pca:GetCertificate",
"acm-pca:GetCertificateAuthorityCertificate",
"acm-pca:ListPermissions",
"acm-pca:ListTags",
],
effect: "Allow",
principals: [
{
identifiers: ["${data.aws_caller_identity.current.account_id}"],
type: "AWS",
},
],
resources: ["${aws_acmpca_certificate_authority.example.arn}"],
sid: "1",
},
{
actions: ["acm-pca:IssueCertificate"],
condition: [
{
test: "StringEquals",
values: ["arn:aws:acm-pca:::template/EndEntityCertificate/V1"],
variable: "acm-pca:TemplateArn",
},
],
effect: "${Allow}",
principals: [
{
identifiers: ["${data.aws_caller_identity.current.account_id}"],
type: "AWS",
},
],
resources: ["${aws_acmpca_certificate_authority.example.arn}"],
sid: "2",
},
],
});
const awsAcmpcaPolicyExample = new aws.acmpcaPolicy.AcmpcaPolicy(
this,
"example_1",
{
policy: dataAwsIamPolicyDocumentExample.json,
resourceArn: "${aws_acmpca_certificate_authority.example.arn}",
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsAcmpcaPolicyExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
resourceArn- (Required) ARN of the private CA to associate with the policy.policy- (Required) JSON-formatted IAM policy to attach to the specified private CA resource.
Attributes Reference
No additional attributes are exported.
Import
awsAcmpcaPolicy can be imported using the resourceArn value.
$ terraform import aws_acmpca_policy.example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012