本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。 # ACM API 权限:操作和资源参考 在设置和编写您可附加到 IAM 用户或角色的访问控制和写入权限策略,可以使用下表作为参考。表中的第一列列出了每个 AWS Certificate Manager API 操作。您可以在策略的 `Action` 元素中指定操作。剩余的列将提供额外的信息: 可以在您的 ACM 策略中使用 IAM policy 元素来表达条件。有关完整列表,请参阅 [IAM 用户指南](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#AvailableKeys)中的*可用键*。 **注意** 要指定操作,请在 API 操作名称之前使用 `acm:` 前缀(例如,`acm:RequestCertificate`)。 使用滚动条查看表的其余部分。 **ACM API 操作和权限** | ACM API 操作 | 必需的权限(API 操作) | 资源 | | --- | --- | --- | | [AddTagsToCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_AddTagsToCertificate.html) | `acm:AddTagsToCertificate` | `arn:aws:acm:region:account:certificate/certificate_ID` | | [DeleteCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DeleteCertificate.html) | `acm:DeleteCertificate` | `arn:aws:acm:region:account:certificate/certificate_ID` | | [DescribeCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html) | `acm:DescribeCertificate` | `arn:aws:acm:region:account:certificate/certificate_ID` | | [ExportCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ExportCertificate.html) | `acm:ExportCertificate` | `arn:aws:acm:region:account:certificate/certificate_ID` | | [GetAccountConfiguration](https://docs.aws.amazon.com/acm/latest/APIReference/API_GetAccountConfiguration.html) | `acm:GetAccountConfiguration` | `*` | | [GetCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_GetCertificate.html) | `acm:GetCertificate` | `arn:aws:acm:region:account:certificate/certificate_ID` | | [ImportCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ImportCertificate.html) | `acm:ImportCertificate` | `arn:aws:acm:region:account:certificate/*` 或者 `*` | | [ListCertificates](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListCertificates.html) | `acm:ListCertificates` | `*` | | [ListTagsForCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListTagsForCertificate.html) | `acm:ListTagsForCertificate` | `arn:aws:acm:region:account:certificate/certificate_ID` | | [PutAccountConfiguration](https://docs.aws.amazon.com/acm/latest/APIReference/API_PutAccountConfiguration.html) | `acm:PutAccountConfiguration` | `*` | | [RemoveTagsFromCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RemoveTagsFromCertificate.html) | `acm:RemoveTagsFromCertificate` | `arn:aws:acm:region:account:certificate/certificate_ID` | | [RequestCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RequestCertificate.html) | `acm:RequestCertificate` | `arn:aws:acm:region:account:certificate/*` 或者 `*` | | [ResendValidationEmail](https://docs.aws.amazon.com/acm/latest/APIReference/API_ResendValidationEmail.html) | `acm:ResendValidationEmail` | arn:aws:acm:region:account:certificate/certificate\$1ID | | [UpdateCertificateOptions](https://docs.aws.amazon.com/acm/latest/APIReference/API_UpdateCertificateOptions.html) | `acm:UpdateCertificateOptions` | `arn:aws:acm:region:account:certificate/certificate_ID` |