In the AWS IAM service, use AWSCertificateManagerFullAccess from AWS-managed policies or create a customer-managed policy with at least the following permissions.
GetCertificate
ImportCertificate
RenewCertificate
ListCertificates.
- AddTagsToCertificate