AWS::RolesAnywhere::TrustAnchor
Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA). You can define a trust anchor by uploading a CA certificate. Your Amazon workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary Amazon credentials.
Required permissions: rolesanywhere:CreateTrustAnchor.
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::RolesAnywhere::TrustAnchor", "Properties" : { "Enabled" :Boolean, "Name" :String, "Source" :Source, "Tags" :[ Tag, ... ]} }
YAML
Type: AWS::RolesAnywhere::TrustAnchor Properties: Enabled:BooleanName:StringSource:SourceTags:- Tag
Properties
Enabled-
Indicates whether the trust anchor is enabled.
Required: No
Type: Boolean
Update requires: No interruption
Name-
The name of the trust anchor.
Required: Yes
Type: String
Minimum:
1Maximum:
255Pattern:
^[ a-zA-Z0-9-_]*$Update requires: No interruption
Source-
The trust anchor type and its related certificate data.
Required: Yes
Type: Source
Update requires: No interruption
Tags-
The tags to attach to the trust anchor.
Required: No
Type: List of Tag
Maximum:
200Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Reffunction, Refreturns TrustAnchorId.
Fn::GetAtt
The Fn::GetAttintrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the Fn::GetAttintrinsic function, see Fn::GetAtt.