Change log of AWS IAM permissions

2024-06-12

12 new actions, 2 new resources, 3 new conditions

Additions

Actions

CreateChallenge
- Description: Grants permission to create a Challenge for a Connector
- Access: Write
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
CreateConnector
- Description: Grants permission to create a SCEP Connector in your account
- Access: Write
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
- Dependents:
  acm-pca:DescribeCertificateAuthority
  
  acm-pca:GetCertificate
  
  acm-pca:GetCertificateAuthorityCertificate
  
  acm-pca:IssueCertificate
DeleteChallenge
- Description: Grants permission to delete a Challenge for a Connector
- Access: Write
- Resources:
  Name: Challenge
  
  Required: Yes
DeleteConnector
- Description: Grants permission to delete a SCEP Connector in your account
- Access: Write
- Resources:
  Name: Connector
  
  Required: Yes
GetChallengeMetadata
- Description: Grants permission to get a Challenge for a Connector
- Access: Read
- Resources:
  Name: Challenge
  
  Required: Yes
GetChallengePassword
- Description: Grants permission to get a Challenge password for a Connector
- Access: Read
- Resources:
  Name: Challenge
  
  Required: Yes
GetConnector
- Description: Grants permission to get a SCEP Connector in your account
- Access: Read
- Resources:
  Name: Connector
  
  Required: Yes
ListChallengeMetadata
- Description: Grants permission to list Challenges for a Connector
- Access: List
ListConnectors
- Description: Grants permission to list the SCEP Connectors in your account
- Access: List
ListTagsForResource
- Description: Grants permission to list the tags for a pca-connector-scep resource in your account
- Access: Read
TagResource
- Description: Grants permission to tag a pca-connector-scep resource in your account
- Access: Tagging
- Resources:
  Name: Challenge
  
  Required: No
  
  Name: Connector
  
  Required: No
- Conditions:
  aws:RequestTag/${TagKey}
  
  aws:TagKeys
UntagResource
- Description: Grants permission to untag a pca-connector-scep resource in your account
- Access: Tagging
- Resources:
  Name: Challenge
  
  Required: No
  
  Name: Connector
  
  Required: No
- Conditions:
  aws:TagKeys

Resources

Challenge
- Arn: arn:${Partition}:pca-connector-scep:${Region}:${Account}:connector/${ConnectorId}/challenge/${ChallengeId}
- Conditions:
  aws:ResourceTag/${TagKey}
Connector
- Arn: arn:${Partition}:pca-connector-scep:${Region}:${Account}:connector/${ConnectorId}
- Conditions:
  aws:ResourceTag/${TagKey}

Conditions

aws:RequestTag/${TagKey}
- Description: Filters access by the tags that are passed in the request
- Type: String
aws:ResourceTag/${TagKey}
- Description: Filters access by the tags associated with the resource
- Type: String
aws:TagKeys
- Description: Filters access by the tag keys that are passed in the request
- Type: ArrayOfString

AWS Private CA Connector for SCEP (pca-connector-scep)

Additions