Documentation

Permissions designate which private CA actions can be performed by an AWS service or entity. In order for ACM to automatically renew private certificates, you must give the ACM service principal all available permissions (IssueCertificate, GetCertificate, and ListPermissions). Permissions can be assigned with the CreatePermission action, removed with the DeletePermission action, and listed with the ListPermissions action.

See: newPermission smart constructor.

Create a value of Permission with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:sourceAccount:Permission', permission_sourceAccount - The ID of the account that assigned the permission.

$sel:actions:Permission', permission_actions - The private CA actions that can be performed by the designated AWS service.

$sel:createdAt:Permission', permission_createdAt - The time at which the permission was created.

$sel:principal:Permission', permission_principal - The AWS service or entity that holds the permission. At this time, the only valid principal is acm.amazonaws.com.

$sel:policy:Permission', permission_policy - The name of the policy that is associated with the permission.

$sel:certificateAuthorityArn:Permission', permission_certificateAuthorityArn - The Amazon Resource Number (ARN) of the private CA from which the permission was issued.

The ID of the account that assigned the permission.

The private CA actions that can be performed by the designated AWS service.

The time at which the permission was created.

The AWS service or entity that holds the permission. At this time, the only valid principal is acm.amazonaws.com.

The name of the policy that is associated with the permission.

The Amazon Resource Number (ARN) of the private CA from which the permission was issued.