本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。 # ACM API 許可:動作和資源參考 當您設定存取控制並撰寫可連接到 IAM 使用者或角色的許可政策時,可以使用以下表格做為參考。表格中的第一欄會列出每個 AWS Certificate Manager API 操作。您可以在政策的 `Action` 元素中指定動作。其餘欄位提供其他資訊: 您可以在 ACM 政策中使用 IAM 政策元素來表達條件。如需完整的清單,請參閱 *IAM 使用者指南*中的[可用金鑰](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#AvailableKeys)。 **注意** 若要指定動作,請使用後接 API 操作名稱的 `acm:` 字首 (例如,`acm:RequestCertificate`)。 使用捲軸查看資料表的其餘部分。 **ACM API 作業與許可** | ACM API 作業 | 必要許可 (API 操作) | Resources | | --- | --- | --- | | [AddTagsToCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_AddTagsToCertificate.html) | `acm:AddTagsToCertificate` | `arn:aws:acm:region:account:certificate/certificate_ID` | | [DeleteCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DeleteCertificate.html) | `acm:DeleteCertificate` | `arn:aws:acm:region:account:certificate/certificate_ID` | | [DescribeCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html) | `acm:DescribeCertificate` | `arn:aws:acm:region:account:certificate/certificate_ID` | | [ExportCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ExportCertificate.html) | `acm:ExportCertificate` | `arn:aws:acm:region:account:certificate/certificate_ID` | | [GetAccountConfiguration](https://docs.aws.amazon.com/acm/latest/APIReference/API_GetAccountConfiguration.html) | `acm:GetAccountConfiguration` | `*` | | [GetCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_GetCertificate.html) | `acm:GetCertificate` | `arn:aws:acm:region:account:certificate/certificate_ID` | | [ImportCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ImportCertificate.html) | `acm:ImportCertificate` | `arn:aws:acm:region:account:certificate/*` 或 `*` | | [ListCertificates](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListCertificates.html) | `acm:ListCertificates` | `*` | | [ListTagsForCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListTagsForCertificate.html) | `acm:ListTagsForCertificate` | `arn:aws:acm:region:account:certificate/certificate_ID` | | [PutAccountConfiguration](https://docs.aws.amazon.com/acm/latest/APIReference/API_PutAccountConfiguration.html) | `acm:PutAccountConfiguration` | `*` | | [RemoveTagsFromCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RemoveTagsFromCertificate.html) | `acm:RemoveTagsFromCertificate` | `arn:aws:acm:region:account:certificate/certificate_ID` | | [RequestCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RequestCertificate.html) | `acm:RequestCertificate` | `arn:aws:acm:region:account:certificate/*` 或 `*` | | [ResendValidationEmail](https://docs.aws.amazon.com/acm/latest/APIReference/API_ResendValidationEmail.html) | `acm:ResendValidationEmail` | arn:aws:acm:region:account:certificate/certificate\$1ID | | [UpdateCertificateOptions](https://docs.aws.amazon.com/acm/latest/APIReference/API_UpdateCertificateOptions.html) | `acm:UpdateCertificateOptions` | `arn:aws:acm:region:account:certificate/certificate_ID` |