apigateway:AddCertificateToDomain

Permissions management

apigateway:AddCertificateToDomain is a Permissions management access-level action in the apigateway service. Grants permission to add certificates for mutual TLS authentication to a domain name. This is an additional authorization control for managing the DomainName resource due to the sensitive nature of mTLS

Resource types

ARNs that apigateway:AddCertificateToDomain can be scoped to in an IAM policy.

arn:${Partition}:apigateway:${Region}::/domainnames/${DomainName}
DomainName
arn:${Partition}:apigateway:${Region}::/domainnames
DomainNames

Condition keys

Keys you can use in the Condition block of a policy that grants apigateway:AddCertificateToDomain.

apigateway:Request/EndpointType ArrayOfString

Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateRestApi, and UpdateRestApi operations

apigateway:Request/MtlsTrustStoreUri String

Filters access by URI of the truststore used for mutual TLS authentication. Available during the CreateDomainName and UpdateDomainName operations

apigateway:Request/MtlsTrustStoreVersion String

Filters access by version of the truststore used for mutual TLS authentication. Available during the CreateDomainName and UpdateDomainName operations

apigateway:Request/SecurityPolicy ArrayOfString

Filters access by TLS version. Available during the CreateDomain and UpdateDomain operations

apigateway:Resource/EndpointType ArrayOfString

Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateRestApi, and DeleteRestApi operations

apigateway:Resource/MtlsTrustStoreUri String

Filters access by URI of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations

apigateway:Resource/MtlsTrustStoreVersion String

Filters access by version of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations

apigateway:Resource/RoutingMode String

Filters access by routing mode of the domain name. Available during the UpdateDomainName and DeleteDomainName operations

apigateway:Resource/SecurityPolicy ArrayOfString

Filters access by TLS version. Available during UpdateDomain and DeleteDomain operations

aws:ResourceTag/${TagKey} String

Filters access by the tags attached to the resource

Example IAM policy

A minimal policy that allows apigateway:AddCertificateToDomain. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowApigatewayAddCertificateToDomain",
      "Effect": "Allow",
      "Action": "apigateway:AddCertificateToDomain",
      "Resource": "*"
    }
  ]
}

Related actions in apigateway

View all apigateway actions →