1 Answer
- Newest
- Most votes
- Most comments
0
You will need permission in ACM to create a certificate for sub.domain.com
. You will also need permissions in CloudFront to add the certificate to the distribution and add alternate domain of sub.domain.com
to the distribution. See: Using alternate domain names and HTTPS.
In response to the comment below: There are a couple of AWS Manage policies that they could assign to you. See: CloudFrontFullAccess and AWSCertificateManagerFullAccess.
Those two policies are not least privileged but they could start with these and add Resources and Conditions to restrict you to your specific task by creating a customer-managed policy.
Relevant content
- asked 5 years ago
- asked 2 years ago
- asked 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 22 days ago
Hello, may I bother you a little bit more?
It seems like my client is still having trouble setting it up themselves, and also in providing permissions to other users.
I once had an ECS account, but that was more than a decade ago. I haven't used AWS since then, so I'm quite unfamiliar with it.
My client gave me 'database admin' permission. I have a feeling, that the permissions you mentioned can't be set-up in the same easy way as setting up that 'database admin' permission?
If that's the case, could you suggest a simpler way for my client to provide me with the necessary permissions? Perhaps an easy to set-up, broader permission, that doesn't include access to billing, etc.?
Thanks in advance!