Saltar al contenido
Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post
Acerca de re:Post

Can we export private certificate from ACM cross account?

0

When building a PKI with AWS PCA and AWS Certificate Manager, one requirement is to retrieve the certificate and associated private key from ACM, and store them in AWS Secrets Manager across accounts, as we deploy our applications that rely on the certificate in a cross-account manner.

I am not sure if ACM supports invoking the ExportCertificate API across accounts. Please help.

Temas
Seguridad, identidad y cumplimiento
Etiquetas
AWS Certificate ManagerSeguridad, identidad y cumplimiento
Idioma
English
preguntada hace 2 meses65 visualizaciones
1 Respuesta
0

Hello.

I think it is possible to export certificates across accounts by using AssumeRole to assume the IAM role of the AWS account that has ACM.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage-assume.html

By the way, it seems that resource-based policies can also be used, so I think it is possible to allow access by setting these.
https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html

EXPERTO
respondido hace 2 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Contenido relevante