EC2 / Client / disassociate_enclave_certificate_iam_role



Disassociates an IAM role from an Certificate Manager (ACM) certificate. Disassociating an IAM role from an ACM certificate removes the Amazon S3 object that contains the certificate, certificate chain, and encrypted private key from the Amazon S3 bucket. It also revokes the IAM role’s permission to use the KMS key used to encrypt the private key. This effectively revokes the role’s permission to use the certificate.

See also: AWS API Documentation

Request Syntax

response = client.disassociate_enclave_certificate_iam_role(
  • CertificateArn (string) –


    The ARN of the ACM certificate from which to disassociate the IAM role.

  • RoleArn (string) –


    The ARN of the IAM role to disassociate.

  • DryRun (boolean) – Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Return type:



Response Syntax

    'Return': True|False

Response Structure

  • (dict) –

    • Return (boolean) –

      Returns true if the request succeeds; otherwise, it returns an error.