Updated on 2024-03-15 GMT+08:00

Overview

Introduction

SCM allows you to share an SSL certificate of account A with all member accounts, such as accounts B and C, in the same organization unit. These accounts can deploy the shared certificate on services such as ELB, WAF, and CDN to enable HTTPS.

  • Account A is the SSL certificate owner (owner for short).
  • Accounts B and C are SSL certificate recipients (recipient for short).

SSL Certificate Owner and Recipient Permissions

Owners can perform all operations on SSL certificates, while recipients can only perform certain operations. For details, see Table 1.

Table 1 Operations supported for SSL certificate recipients

Role

Operation Supported

Description

Recipient

scm:cert:get

Access through the console or API

scm:cert:getApplicationInfo

Access through the console or API

scm:cert:getDomainValidation

Access through the console or API

scm:cert:listDeployedResources

Access through the console or API

scm:cert:listCertificatesByTag

Access through the console or API

scm:cert:listTagsByCertificate

Access through the console or API

scm:cert:listAllTags

Access through the console or API

scm:cert:push

Access through the console or API

scm:cert:listPushHistory

Access through the console or API

scm:cert:enableAutoDeploy

Access through the console or API

scm:cert:listAutoDeployedResources

Access through the console or API

scm:cert:deployResources

Access through the console or API

scm:cert:listDeployResourcesHistory

Access through the console or API

scm:cert:getDeployQuota

Access through the console or API

Supported Resource Types and Regions

Table 2 lists the resource types and regions can be shared in SCM.

Table 2 Resources and regions supported by SCM

Cloud Service

Resource Type

Supported Region

SCM

cert: SSL certificate

ALL

Billing Description

For details about SCM billing, see Billing Items.

The certificate owner pays for the shared certificates. So, only the resource owner will be charged for shared resources.