{"slug":"iam-aws-acm","cloud":"aws","service":"acm","title":"AWS Certificate Manager (IAM)","description":"AWS Certificate Manager (ACM) handles the complexity of creating, storing, and renewing public and private SSL/TLS X.509 certificates.","category":"security","common_permissions":["acm:ListCertificates","acm:DescribeCertificate","acm:GetCertificate","acm:ListTagsForCertificate","acm:GetAccountConfiguration","acm:UpdateCertificateOptions"],"least_privilege_example":"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"acm:ListCertificates\",\n        \"acm:DescribeCertificate\",\n        \"acm:GetCertificate\",\n        \"acm:ListTagsForCertificate\",\n        \"acm:GetAccountConfiguration\",\n        \"acm:UpdateCertificateOptions\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}","warnings":["Avoid acm:* — grants full control including certificate deletion","Avoid acm:DeleteCertificate — can break TLS/SSL for services using the certificate"],"docs":"https://servicereference.us-east-1.amazonaws.com/v1/acm/acm.json","tags":["iam","aws"],"last_verified":"2026-06-14T00:00:00.000Z","next_check":"2026-12-11T00:00:00.000Z","created_at":"2026-06-14T04:49:42.270Z","updated_at":"2026-06-14T04:49:42.270Z"}