class Aws::ACMPCA::Types::Permission

Permissions designate which private CA actions can be performed by an AWS service or entity. In order for ACM to automatically renew private certificates, you must give the ACM service principal all available permissions (`IssueCertificate`, `GetCertificate`, and `ListPermissions`). Permissions can be assigned with the

CreatePermission][1

action, removed with the [DeletePermission]

action, and listed with the [ListPermissions] action.

[1]: docs.aws.amazon.com/acm-pca/latest/APIReference/API_CreatePermission.html [2]: docs.aws.amazon.com/acm-pca/latest/APIReference/API_DeletePermission.html [3]: docs.aws.amazon.com/acm-pca/latest/APIReference/API_ListPermissions.html

@!attribute [rw] certificate_authority_arn

The Amazon Resource Number (ARN) of the private CA from which the
permission was issued.
@return [String]

@!attribute [rw] created_at

The time at which the permission was created.
@return [Time]

@!attribute [rw] principal

The AWS service or entity that holds the permission. At this time,
the only valid principal is `acm.amazonaws.com`.
@return [String]

@!attribute [rw] source_account

The ID of the account that assigned the permission.
@return [String]

@!attribute [rw] actions

The private CA actions that can be performed by the designated AWS
service.
@return [Array<String>]

@!attribute [rw] policy

The name of the policy that is associated with the permission.
@return [String]

@see docs.aws.amazon.com/goto/WebAPI/acm-pca-2017-08-22/Permission AWS API Documentation

Constants

SENSITIVE