Passer au contenu
En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post
À propos de re:Post

Can we export private certificate from ACM cross account?

0

When building a PKI with AWS PCA and AWS Certificate Manager, one requirement is to retrieve the certificate and associated private key from ACM, and store them in AWS Secrets Manager across accounts, as we deploy our applications that rely on the certificate in a cross-account manner.

I am not sure if ACM supports invoking the ExportCertificate API across accounts. Please help.

Sujets
Sécurité, identité et conformité
Balises
Gestionnaire de certificats AWSSécurité, identité et conformité
Langue
English
demandé il y a 2 mois64 vues
1 réponse
0

Hello.

I think it is possible to export certificates across accounts by using AssumeRole to assume the IAM role of the AWS account that has ACM.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage-assume.html

By the way, it seems that resource-based policies can also be used, so I think it is possible to allow access by setting these.
https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html

EXPERT
répondu il y a 2 mois

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Contenus pertinents