How to add Resource: aws_acmpca_permission

Provides a resource to manage an AWS Certificate Manager Private Certificate Authorities Permission. Currently, this is only required in order to allow the ACM service to automatically renew certificates issued by a PCA.

Example Usage

resource "aws_acmpca_permission" "example" {
certificate_authority_arn = aws_acmpca_certificate_authority.example.arn
actions = ["IssueCertificate", "GetCertificate", "ListPermissions"]
principal = ""
resource "aws_acmpca_certificate_authority" "example" {
certificate_authority_configuration {
key_algorithm = "RSA_4096"
signing_algorithm = "SHA512WITHRSA"
subject {
common_name = ""

Argument Reference

The following arguments are supported:

  • certificate_authority_arn - (Required) The Amazon Resource Name (ARN) of the CA that grants the permissions.
  • actions - (Required) The actions that the specified AWS service principal can use. These include IssueCertificate, GetCertificate, and ListPermissions. Note that in order for ACM to automatically rotate certificates issued by a PCA, it must be granted permission on all 3 actions, as per the example above.
  • principal - (Required) The AWS service or identity that receives the permission. At this time, the only valid principal is
  • source_account - (Optional) The ID of the calling account

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • policy - The IAM policy that is associated with the permission.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Rakesh Tripathi

Rakesh Tripathi

Consulting Engineer, Software Developer, Infra, Quora