Manage ACM PCA CA Permissions

[joshuabaird]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

PCA requires you to assign "permissions" to the PCA CA in order to grant access that allows ACM to perform automated renewals of PCA certificates.

See the AWS documentation here: https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaRenewalPermissions.html

New or Affected Resource(s)

• aws_acmpca_certificate_authority

Potential Terraform Configuration

Perhaps create a new aws_acmpca_certificate_authority_permission resource that allows a user to define permissions on the PCA CA.

References

• https://docs.aws.amazon.com/acm-pca/latest/userguide/PcaRenewalPermissions.html

[github-actions]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[nitrocode]

@breathingdust should this be open ? it seems like this was closed accidentally by the github-actions bot.

[breathingdust]

@nitrocode thanks for the bump, the stale bot is doing what it should in this case. Reopening.

[markjandejong]

New reference links as the issue notes are stale:
I believe this is in reference to one of the two below:

ACM PCA Resource-based policy
https://docs.aws.amazon.com/acm-pca/latest/userguide/pca-rbp.html

Using a service-linked role (SLR) with ACM
https://docs.aws.amazon.com/acm/latest/userguide/acm-slr.html

Either case, both should be implemented.

[breathingdust]

Hi all 👋 Just letting you know that this is issue is featured on this quarters roadmap. If a PR exists to close the issue a maintainer will review and either make changes directly, or work with the original author to get the contribution merged. If you have written a PR to resolve the issue please ensure the "Allow edits from maintainers" box is checked. Thanks for your patience and we are looking forward to getting this merged soon!

[github-actions]

This functionality has been released in v4.24.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.