AWS Private CA Connector for SCEP (pca-connector-scep)

2024-06-12

12 new actions, 2 new resources, 3 new conditions

Additions

    Actions
  • CreateChallenge
    • Description:  Grants permission to create a Challenge for a Connector
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • CreateConnector
    • Description:  Grants permission to create a SCEP Connector in your account
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

    • Dependents: 

      acm-pca:DescribeCertificateAuthority

      acm-pca:GetCertificate

      acm-pca:GetCertificateAuthorityCertificate

      acm-pca:IssueCertificate

  • DeleteChallenge
    • Description:  Grants permission to delete a Challenge for a Connector
    • Access:  Write
    • Resources: 

      Name: Challenge

      Required: Yes

  • DeleteConnector
    • Description:  Grants permission to delete a SCEP Connector in your account
    • Access:  Write
    • Resources: 

      Name: Connector

      Required: Yes

  • GetChallengeMetadata
    • Description:  Grants permission to get a Challenge for a Connector
    • Access:  Read
    • Resources: 

      Name: Challenge

      Required: Yes

  • GetChallengePassword
    • Description:  Grants permission to get a Challenge password for a Connector
    • Access:  Read
    • Resources: 

      Name: Challenge

      Required: Yes

  • GetConnector
    • Description:  Grants permission to get a SCEP Connector in your account
    • Access:  Read
    • Resources: 

      Name: Connector

      Required: Yes

  • ListChallengeMetadata
    • Description:  Grants permission to list Challenges for a Connector
    • Access:  List
  • ListConnectors
    • Description:  Grants permission to list the SCEP Connectors in your account
    • Access:  List
  • ListTagsForResource
    • Description:  Grants permission to list the tags for a pca-connector-scep resource in your account
    • Access:  Read
  • TagResource
    • Description:  Grants permission to tag a pca-connector-scep resource in your account
    • Access:  Tagging
    • Resources: 

      Name: Challenge

      Required: No

      Name: Connector

      Required: No

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys

  • UntagResource
    • Description:  Grants permission to untag a pca-connector-scep resource in your account
    • Access:  Tagging
    • Resources: 

      Name: Challenge

      Required: No

      Name: Connector

      Required: No

    • Conditions: 

      aws:TagKeys

    Resources
  • Challenge
    • Arn:  arn:${Partition}:pca-connector-scep:${Region}:${Account}:connector/${ConnectorId}/challenge/${ChallengeId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

  • Connector
    • Arn:  arn:${Partition}:pca-connector-scep:${Region}:${Account}:connector/${ConnectorId}
    • Conditions: 

      aws:ResourceTag/${TagKey}

    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters access by the tags that are passed in the request
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access by the tags associated with the resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access by the tag keys that are passed in the request
    • Type:  ArrayOfString