apigateway:RemoveCertificateFromDomain is a Permissions management access-level action in the apigateway service. Grants permission to remove certificates for mutual TLS authentication from a domain name. This is an additional authorization control for managing the DomainName resource due to the sensitive nature of mTLS
ARNs that apigateway:RemoveCertificateFromDomain can be scoped to in an IAM policy.
Keys you can use in the Condition block of a policy that grants apigateway:RemoveCertificateFromDomain.
Filters access by endpoint type. Available during the CreateDomainName, UpdateDomainName, CreateRestApi, and UpdateRestApi operations
Filters access by URI of the truststore used for mutual TLS authentication. Available during the CreateDomainName and UpdateDomainName operations
Filters access by version of the truststore used for mutual TLS authentication. Available during the CreateDomainName and UpdateDomainName operations
Filters access by TLS version. Available during the CreateDomain and UpdateDomain operations
Filters access by endpoint type. Available during the UpdateDomainName, DeleteDomainName, UpdateRestApi, and DeleteRestApi operations
Filters access by URI of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations
Filters access by version of the truststore used for mutual TLS authentication. Available during UpdateDomainName and DeleteDomainName operations
Filters access by routing mode of the domain name. Available during the UpdateDomainName and DeleteDomainName operations
Filters access by TLS version. Available during UpdateDomain and DeleteDomain operations
Filters access by the tags attached to the resource
A minimal policy that allows apigateway:RemoveCertificateFromDomain. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowApigatewayRemoveCertificateFromDomain",
"Effect": "Allow",
"Action": "apigateway:RemoveCertificateFromDomain",
"Resource": "*"
}
]
}