CfnPermissionPropsMixin

class aws_cdk.mixins_preview.aws_acmpca.mixins.CfnPermissionPropsMixin(props, *, strategy=None)

Bases: Mixin

Grants permissions to the Certificate Manager ( ACM ) service principal ( acm.amazonaws.com ) to perform IssueCertificate , GetCertificate , and ListPermissions actions on a CA. These actions are needed for the ACM principal to renew private PKI certificates requested through ACM and residing in the same AWS account as the CA.

About permissions - If the private CA and the certificates it issues reside in the same account, you can use AWS::ACMPCA::Permission to grant permissions for ACM to carry out automatic certificate renewals.

For automatic certificate renewal to succeed, the ACM service principal needs permissions to create, retrieve, and list permissions.
If the private CA and the ACM certificates reside in different accounts, then permissions cannot be used to enable automatic renewals. Instead, the ACM certificate owner must set up a resource-based policy to enable cross-account issuance and renewals. For more information, see Using a Resource Based Policy with AWS Private CA .

To update an AWS::ACMPCA::Permission resource, you must first delete the existing permission resource from the CloudFormation stack and then create a new permission resource with updated properties.

See:: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-acmpca-permission.html
CloudformationResource:: AWS::ACMPCA::Permission
Mixin:: true
ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview import mixins
from aws_cdk.mixins_preview.aws_acmpca import mixins as acmpca_mixins

cfn_permission_props_mixin = acmpca_mixins.CfnPermissionPropsMixin(acmpca_mixins.CfnPermissionMixinProps(
    actions=["actions"],
    certificate_authority_arn="certificateAuthorityArn",
    principal="principal",
    source_account="sourceAccount"
),
    strategy=mixins.PropertyMergeStrategy.OVERRIDE
)

Create a mixin to apply properties to AWS::ACMPCA::Permission.

Parameters:

props (Union[CfnPermissionMixinProps, Dict[str, Any]]) – L1 properties to apply.
strategy (Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE

Methods

apply_to(construct)

Apply the mixin properties to the construct.

Parameters:: construct (IConstruct)
Return type:: IConstruct

supports(construct)

Check if this mixin supports the given construct.

Parameters:: construct (IConstruct)
Return type:: bool

Attributes

CFN_PROPERTY_KEYS = ['actions', 'certificateAuthorityArn', 'principal', 'sourceAccount']

Static Methods

classmethod is_mixin(x)

(experimental) Checks if x is a Mixin.

Parameters:: x (Any) – Any object.
Return type:: bool
Returns:: true if x is an object created from a class which extends Mixin.
Stability:: experimental