Amazon Private CA · JSON Structure

Amazon Private Ca Permission Structure

Permissions designate which private CA actions can be performed by an Amazon Web Services service or entity. In order for ACM to automatically renew private certificates, you must give the ACM service principal all available permissions (IssueCertificate, GetCertificate, and ListPermissions). Permissions can be assigned with the CreatePermission action, removed with the DeletePermission action, and listed with the ListPermissions action.

Type: object Properties: 6
Certificate AuthorityCertificatesPKISecurityX.509TLSIoT

Permission is a JSON Structure definition published by Amazon Private CA, describing 6 properties. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

CertificateAuthorityArn CreatedAt Principal SourceAccount Actions Policy

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-private-ca/refs/heads/main/json-structure/amazon-private-ca-permission-structure.json",
  "name": "Permission",
  "description": "Permissions designate which private CA actions can be performed by an Amazon Web Services service or entity. In order for ACM to automatically renew private certificates, you must give the ACM service principal all available permissions (<code>IssueCertificate</code>, <code>GetCertificate</code>, and <code>ListPermissions</code>). Permissions can be assigned with the <a href=\"https://docs.aws.amazon.com/privateca/latest/APIReference/API_CreatePermission.html\">CreatePermission</a> action, removed with the <a href=\"https://docs.aws.amazon.com/privateca/latest/APIReference/API_DeletePermission.html\">DeletePermission</a> action, and listed with the <a href=\"https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListPermissions.html\">ListPermissions</a> action.",
  "type": "object",
  "properties": {
    "CertificateAuthorityArn": {
      "allOf": [
        {
          "$ref": "#/components/schemas/Arn"
        },
        {
          "description": "The Amazon Resource Number (ARN) of the private CA from which the permission was issued."
        }
      ]
    },
    "CreatedAt": {
      "allOf": [
        {
          "$ref": "#/components/schemas/TStamp"
        },
        {
          "description": "The time at which the permission was created."
        }
      ]
    },
    "Principal": {
      "allOf": [
        {
          "$ref": "#/components/schemas/Principal"
        },
        {
          "description": "The Amazon Web Services service or entity that holds the permission. At this time, the only valid principal is <code>acm.amazonaws.com</code>."
        }
      ]
    },
    "SourceAccount": {
      "allOf": [
        {
          "$ref": "#/components/schemas/AccountId"
        },
        {
          "description": "The ID of the account that assigned the permission."
        }
      ]
    },
    "Actions": {
      "allOf": [
        {
          "$ref": "#/components/schemas/ActionList"
        },
        {
          "description": "The private CA actions that can be performed by the designated Amazon Web Services service."
        }
      ]
    },
    "Policy": {
      "allOf": [
        {
          "$ref": "#/components/schemas/AWSPolicy"
        },
        {
          "description": "The name of the policy that is associated with the permission."
        }
      ]
    }
  }
}