Salta al contenuto
Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post
Informazioni su re:Post

Can we export private certificate from ACM cross account?

0

When building a PKI with AWS PCA and AWS Certificate Manager, one requirement is to retrieve the certificate and associated private key from ACM, and store them in AWS Secrets Manager across accounts, as we deploy our applications that rely on the certificate in a cross-account manner.

I am not sure if ACM supports invoking the ExportCertificate API across accounts. Please help.

Argomenti
Sicurezza, identità e conformità
Tag
Gestore certificati AWSSicurezza, identità e conformità
Lingua
English
posta 2 mesi fa64 visualizzazioni
1 Risposta
0

Hello.

I think it is possible to export certificates across accounts by using AssumeRole to assume the IAM role of the AWS account that has ACM.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_manage-assume.html

By the way, it seems that resource-based policies can also be used, so I think it is possible to allow access by setting these.
https://docs.aws.amazon.com/privateca/latest/userguide/pca-rbp.html

ESPERTO
con risposta 2 mesi fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Contenuto pertinente