{
  "createcertificateauthority": {
    "name": "CreateCertificateAuthority",
    "description": "Grants permission to create an AWS Private CA and its associated private key and configuration",
    "accessLevel": "Write",
    "resourceTypes": [],
    "conditionKeys": [
      "aws:RequestTag/${TagKey}",
      "aws:ResourceTag/${TagKey}",
      "aws:TagKeys"
    ],
    "dependentActions": []
  },
  "createcertificateauthorityauditreport": {
    "name": "CreateCertificateAuthorityAuditReport",
    "description": "Grants permission to create an audit report for an AWS Private CA",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "createpermission": {
    "name": "CreatePermission",
    "description": "Grants permission to create a permission for an AWS Private CA",
    "accessLevel": "Permissions management",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "deletecertificateauthority": {
    "name": "DeleteCertificateAuthority",
    "description": "Grants permission to delete an AWS Private CA and its associated private key and configuration",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "deletepermission": {
    "name": "DeletePermission",
    "description": "Grants permission to delete a permission for an AWS Private CA",
    "accessLevel": "Permissions management",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "deletepolicy": {
    "name": "DeletePolicy",
    "description": "Grants permission to delete the policy for an AWS Private CA",
    "accessLevel": "Permissions management",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "describecertificateauthority": {
    "name": "DescribeCertificateAuthority",
    "description": "Grants permission to return a list of the configuration and status fields contained in the specified AWS Private CA",
    "accessLevel": "Read",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "describecertificateauthorityauditreport": {
    "name": "DescribeCertificateAuthorityAuditReport",
    "description": "Grants permission to return the status and information about an AWS Private CA audit report",
    "accessLevel": "Read",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "getcertificate": {
    "name": "GetCertificate",
    "description": "Grants permission to retrieve an AWS Private CA certificate and certificate chain for the certificate authority specified by an ARN",
    "accessLevel": "Read",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "getcertificateauthoritycertificate": {
    "name": "GetCertificateAuthorityCertificate",
    "description": "Grants permission to retrieve an AWS Private CA certificate and certificate chain for the certificate authority specified by an ARN",
    "accessLevel": "Read",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "getcertificateauthoritycsr": {
    "name": "GetCertificateAuthorityCsr",
    "description": "Grants permission to retrieve an AWS Private CA certificate signing request (CSR) for the certificate-authority specified by an ARN",
    "accessLevel": "Read",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "getpolicy": {
    "name": "GetPolicy",
    "description": "Grants permission to retrieve the policy on an AWS Private CA",
    "accessLevel": "Read",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "importcertificateauthoritycertificate": {
    "name": "ImportCertificateAuthorityCertificate",
    "description": "Grants permission to import an SSL/TLS certificate into AWS Private CA for use as the CA certificate of an AWS Private CA",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "issuecertificate": {
    "name": "IssueCertificate",
    "description": "Grants permission to issue an AWS Private CA certificate",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [
      "acm-pca:TemplateArn"
    ],
    "dependentActions": []
  },
  "listcertificateauthorities": {
    "name": "ListCertificateAuthorities",
    "description": "Grants permission to retrieve a list of the AWS Private CA certificate authority ARNs, and a summary of the status of each CA in the calling account",
    "accessLevel": "List",
    "resourceTypes": [],
    "conditionKeys": [],
    "dependentActions": []
  },
  "listpermissions": {
    "name": "ListPermissions",
    "description": "Grants permission to list the permissions that have been applied to the AWS Private CA certificate authority",
    "accessLevel": "Read",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "listtags": {
    "name": "ListTags",
    "description": "Grants permission to list the tags that have been applied to the AWS Private CA certificate authority",
    "accessLevel": "Read",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "putpolicy": {
    "name": "PutPolicy",
    "description": "Grants permission to put a policy on an AWS Private CA",
    "accessLevel": "Permissions management",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "restorecertificateauthority": {
    "name": "RestoreCertificateAuthority",
    "description": "Grants permission to restore an AWS Private CA from the deleted state to the state it was in when deleted",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "revokecertificate": {
    "name": "RevokeCertificate",
    "description": "Grants permission to revoke a certificate issued by an AWS Private CA",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  },
  "tagcertificateauthority": {
    "name": "TagCertificateAuthority",
    "description": "Grants permission to add one or more tags to an AWS Private CA",
    "accessLevel": "Tagging",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [
      "aws:TagKeys",
      "aws:RequestTag/${TagKey}"
    ],
    "dependentActions": []
  },
  "untagcertificateauthority": {
    "name": "UntagCertificateAuthority",
    "description": "Grants permission to remove one or more tags from an AWS Private CA",
    "accessLevel": "Tagging",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [
          "aws:RequestTag/${TagKey}"
        ],
        "dependentActions": []
      }
    ],
    "conditionKeys": [
      "aws:TagKeys"
    ],
    "dependentActions": []
  },
  "updatecertificateauthority": {
    "name": "UpdateCertificateAuthority",
    "description": "Grants permission to update the configuration of an AWS Private CA",
    "accessLevel": "Write",
    "resourceTypes": [
      {
        "name": "certificate-authority",
        "required": true,
        "conditionKeys": [],
        "dependentActions": []
      }
    ],
    "conditionKeys": [],
    "dependentActions": []
  }
}