acm-pca:GetCertificateAuthorityCertificate

Literal appearances in AWS managed IAM policies. Statements that use wildcards (for example s3:*) are not counted here. This is not an IAM authorization simulation.

Policies (any)

Allow (Action)

Deny (Action)

NotAction

Index generated 4/7/2026, 3:29:24 AM. 559 policies include at least one wildcard action string (any service).

Action reference

SAR-style (unofficial)

Service: AWS Private Certificate Authority

Access level

Read

Description

Grants permission to retrieve an AWS Private CA certificate and certificate chain for the certificate authority specified by an ARN

Resource types

certificate-authority*

Allow (Action)

AIDevOpsAgentAccessPolicy
AIOpsAssistantPolicy
AWSCertificateManagerPrivateCAAuditor
AWSCertificateManagerPrivateCAReadOnly
AWSConfigServiceRolePolicy
AWSPrivateCAAuditor
AWSPrivateCAReadOnly
AWSRolesAnywhereServicePolicy
AWS_ConfigRole
AmazonECSInfrastructureRolePolicyForServiceConnectTransportLayerSecurity
KafkaServiceRolePolicy

Deny (Action)

None

NotAction

None

Thanks to Ian McKay for iam-dataset (MIT), structured data derived from the AWS Service Authorization Reference. Not maintained by AWS and not guaranteed current. IAMTrail's managed policy archive is separate.

Definitions bundle generated 4/7/2026, 3:29:24 AM