/AWS1/IF_IOT=>TRANSFERCERTIFICATE()¶
About TransferCertificate¶
Transfers the specified certificate to the specified Amazon Web Services account.
Requires permission to access the TransferCertificate action.
You can cancel the transfer until it is accepted by the recipient.
No notification is sent to the transfer destination's account. The caller is responsible for notifying the transfer target.
The certificate being transferred must not be in the ACTIVE state. You can use the
UpdateCertificate action to deactivate it.
The certificate must not have any policies attached to it. You can use the DetachPolicy action to detach them.
Customer managed key behavior: When you use a customer managed key to encrypt your data and then transfer
the certificate to a customer in a different account using the TransferCertificate operation, the certificates will no longer be encrypted by their
customer managed key configuration. During the transfer process, certificates are encrypted using Amazon Web Services IoT Core owned keys.
While a certificate is in the PENDING_TRANSFER state, it's always protected by Amazon Web Services IoT Core owned keys, regardless of the customer managed key configuration of either the source or destination account.
Once the transfer is completed through AcceptCertificateTransfer, RejectCertificateTransfer, or CancelCertificateTransfer, the certificate will be protected by the customer managed key configuration of the account that owns the certificate after the transfer operation:
-
If the transfer is accepted: The certificate is encrypted by the target account's customer managed key configuration.
-
If the transfer is rejected or cancelled: The certificate is protected by the source account's customer managed key configuration.
Method Signature¶
METHODS /AWS1/IF_IOT~TRANSFERCERTIFICATE
IMPORTING
!IV_CERTIFICATEID TYPE /AWS1/IOTCERTIFICATEID OPTIONAL
!IV_TARGETAWSACCOUNT TYPE /AWS1/IOTAWSACCOUNTID OPTIONAL
!IV_TRANSFERMESSAGE TYPE /AWS1/IOTMESSAGE OPTIONAL
RETURNING
VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_iotxfercertresponse
RAISING
/AWS1/CX_IOTCERTSTATEEXCEPTION
/AWS1/CX_IOTINTERNALFAILUREEX
/AWS1/CX_IOTINVALIDREQUESTEX
/AWS1/CX_IOTRESOURCENOTFOUNDEX
/AWS1/CX_IOTSERVICEUNAVAILEX
/AWS1/CX_IOTTHROTTLINGEX
/AWS1/CX_IOTTRANSFERCONFLICTEX
/AWS1/CX_IOTUNAUTHORIZEDEX
/AWS1/CX_IOTCLIENTEXC
/AWS1/CX_IOTSERVEREXC
/AWS1/CX_RT_TECHNICAL_GENERIC
/AWS1/CX_RT_SERVICE_GENERIC.
IMPORTING¶
Required arguments:¶
iv_certificateid TYPE /AWS1/IOTCERTIFICATEID /AWS1/IOTCERTIFICATEID¶
The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)
iv_targetawsaccount TYPE /AWS1/IOTAWSACCOUNTID /AWS1/IOTAWSACCOUNTID¶
The Amazon Web Services account.
Optional arguments:¶
iv_transfermessage TYPE /AWS1/IOTMESSAGE /AWS1/IOTMESSAGE¶
The transfer message.
RETURNING¶
oo_output TYPE REF TO /aws1/cl_iotxfercertresponse /AWS1/CL_IOTXFERCERTRESPONSE¶
Examples¶
Syntax Example¶
This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.
DATA(lo_result) = lo_client->transfercertificate(
iv_certificateid = |string|
iv_targetawsaccount = |string|
iv_transfermessage = |string|
).
This is an example of reading all possible response values
lo_result = lo_result.
IF lo_result IS NOT INITIAL.
lv_certificatearn = lo_result->get_transferredcertarn( ).
ENDIF.