AWS::RolesAnywhere::CRL
Imports the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the CRL before issuing credentials.
Required permissions: rolesanywhere:ImportCrl.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::RolesAnywhere::CRL", "Properties" : { "CrlData" :String, "Enabled" :Boolean, "Name" :String, "Tags" :[ Tag, ... ], "TrustAnchorArn" :String} }
YAML
Type: AWS::RolesAnywhere::CRL Properties: CrlData:StringEnabled:BooleanName:StringTags:- TagTrustAnchorArn:String
Properties
CrlData-
The x509 v3 specified certificate revocation list (CRL).
Required: Yes
Type: String
Update requires: No interruption
Enabled-
Specifies whether the certificate revocation list (CRL) is enabled.
Required: No
Type: Boolean
Update requires: No interruption
Name-
The name of the certificate revocation list (CRL).
Required: Yes
Type: String
Minimum:
1Maximum:
255Pattern:
^[ a-zA-Z0-9-_]*$Update requires: No interruption
Tags-
A list of tags to attach to the certificate revocation list (CRL).
Required: No
Type: List of Tag
Maximum:
200Update requires: No interruption
TrustAnchorArn-
The ARN of the TrustAnchor the certificate revocation list (CRL) will provide revocation for.
Required: No
Type: String
Minimum:
1Maximum:
1011Pattern:
^arn:aws(-[^:]+)?:rolesanywhere(:.*){2}(:trust-anchor.*)$Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Reffunction, Refreturns CrlId.
Fn::GetAtt
The Fn::GetAttintrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAttintrinsic function, see Fn::GetAtt.