Issue and manage certificates in AWS Private CA
After you have created and activated a private certificate authority (CA) and configured access to it, you or your authorized users can issue and manage certificates. If you have not yet set up AWS Identity and Access Management (IAM) policies for the CA, you can learn more about configuring them in the Identity and Access Management section of this guide. For information about configuring CA access in single-account and cross-account scenarios, see Control access to the private CA.