Struct aws_sdk_acmpca::client::fluent_builders::CreatePermission

pub struct CreatePermission { /* private fields */ }

Fluent builder constructing a request to CreatePermission.

Grants one or more permissions on a private CA to the AWS Certificate Manager (ACM) service principal (acm.amazonaws.com). These permissions allow ACM to issue and renew ACM certificates that reside in the same AWS account as the CA.

You can list current permissions with the ListPermissions action and revoke them with the DeletePermission action.

About Permissions

• If the private CA and the certificates it issues reside in the same account, you can use CreatePermission to grant permissions for ACM to carry out automatic certificate renewals.

• For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve, and list certificates.

• If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable cross-account issuance and renewals. For more information, see Using a Resource Based Policy with ACM Private CA.

Implementations

impl CreatePermission

pub async fn send(
    self
) -> Result<CreatePermissionOutput, SdkError<CreatePermissionError>>

Sends the request and returns the response.

If an error occurs, an SdkError will be returned with additional details that can be matched against.

By default, any retryable failures will be retried twice. Retry behavior is configurable with the RetryConfig, which can be set when configuring the client.

pub fn certificate_authority_arn(self, input: impl Into<String>) -> Self

The Amazon Resource Name (ARN) of the CA that grants the permissions. You can find the ARN by calling the ListCertificateAuthorities action. This must have the following form:

arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .

pub fn set_certificate_authority_arn(self, input: Option<String>) -> Self

The Amazon Resource Name (ARN) of the CA that grants the permissions. You can find the ARN by calling the ListCertificateAuthorities action. This must have the following form:

arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .

pub fn principal(self, input: impl Into<String>) -> Self

The AWS service or identity that receives the permission. At this time, the only valid principal is acm.amazonaws.com.

pub fn set_principal(self, input: Option<String>) -> Self

The AWS service or identity that receives the permission. At this time, the only valid principal is acm.amazonaws.com.

pub fn source_account(self, input: impl Into<String>) -> Self

The ID of the calling account.

pub fn set_source_account(self, input: Option<String>) -> Self

The ID of the calling account.

pub fn actions(self, input: ActionType) -> Self

Appends an item to Actions.

To override the contents of this collection use set_actions.

The actions that the specified AWS service principal can use. These include IssueCertificate, GetCertificate, and ListPermissions.

pub fn set_actions(self, input: Option<Vec<ActionType>>) -> Self

The actions that the specified AWS service principal can use. These include IssueCertificate, GetCertificate, and ListPermissions.

Trait Implementations

impl Clone for CreatePermission

fn clone(&self) -> CreatePermission

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for CreatePermission

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.