本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# ACM API 許可:動作和資源參考
當您設定存取控制並撰寫可連接到 IAM 使用者或角色的許可政策時,可以使用以下表格做為參考。表格中的第一欄會列出每個 AWS Certificate Manager API 操作。您可以在政策的 `Action` 元素中指定動作。其餘欄位提供其他資訊:
您可以在 ACM 政策中使用 IAM 政策元素來表達條件。如需完整的清單,請參閱 *IAM 使用者指南*中的[可用金鑰](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#AvailableKeys)。
**注意**
若要指定動作,請使用後接 API 操作名稱的 `acm:` 字首 (例如,`acm:RequestCertificate`)。
使用捲軸查看資料表的其餘部分。
**ACM API 作業與許可**
| ACM API 作業 | 必要許可 (API 操作) | Resources |
| --- | --- | --- |
| [AddTagsToCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_AddTagsToCertificate.html) | `acm:AddTagsToCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` |
| [DeleteCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DeleteCertificate.html) | `acm:DeleteCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` |
| [DescribeCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_DescribeCertificate.html) | `acm:DescribeCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` |
| [ExportCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ExportCertificate.html) | `acm:ExportCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` |
| [GetAccountConfiguration](https://docs.aws.amazon.com/acm/latest/APIReference/API_GetAccountConfiguration.html) | `acm:GetAccountConfiguration` | `*` |
| [GetCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_GetCertificate.html) | `acm:GetCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` |
| [ImportCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ImportCertificate.html) | `acm:ImportCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/*`
或
`*` |
| [ListCertificates](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListCertificates.html) | `acm:ListCertificates` | `*` |
| [ListTagsForCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_ListTagsForCertificate.html) | `acm:ListTagsForCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` |
| [PutAccountConfiguration](https://docs.aws.amazon.com/acm/latest/APIReference/API_PutAccountConfiguration.html) | `acm:PutAccountConfiguration` | `*` |
| [RemoveTagsFromCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RemoveTagsFromCertificate.html) | `acm:RemoveTagsFromCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` |
| [RequestCertificate](https://docs.aws.amazon.com/acm/latest/APIReference/API_RequestCertificate.html) | `acm:RequestCertificate` | `arn:aws:acm:{{region}}:{{account}}:certificate/*`
或
`*` |
| [ResendValidationEmail](https://docs.aws.amazon.com/acm/latest/APIReference/API_ResendValidationEmail.html) | `acm:ResendValidationEmail` | arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate\_ID}} |
| [SearchCertificates](https://docs.aws.amazon.com/acm/latest/APIReference/API_SearchCertificates.html) | `acm:SearchCertificates` | `*` |
| [UpdateCertificateOptions](https://docs.aws.amazon.com/acm/latest/APIReference/API_UpdateCertificateOptions.html) | `acm:UpdateCertificateOptions` | `arn:aws:acm:{{region}}:{{account}}:certificate/{{certificate_ID}}` |