AWS::PCAConnectorAD::TemplateGroupAccessControlEntry

Create a group access control entry. Allow or deny Active Directory groups from enrolling and/or autoenrolling with the template based on the group security identifiers (SIDs).

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::PCAConnectorAD::TemplateGroupAccessControlEntry",
  "Properties" : {
      "AccessRights" : AccessRights,
      "GroupDisplayName" : String,
      "GroupSecurityIdentifier" : String,
      "TemplateArn" : String
    }
}

YAML


Type: AWS::PCAConnectorAD::TemplateGroupAccessControlEntry
Properties:
  AccessRights: 
    AccessRights
  GroupDisplayName: String
  GroupSecurityIdentifier: String
  TemplateArn: String

Properties

AccessRights

Permissions to allow or deny an Active Directory group to enroll or autoenroll certificates issued against a template.

Required: Yes

Type: AccessRights

Update requires: No interruption

GroupDisplayName

Name of the Active Directory group. This name does not need to match the group name in Active Directory.

Required: Yes

Type: String

Pattern: ^[\x20-\x7E]+$

Minimum: 0

Maximum: 256

Update requires: No interruption

GroupSecurityIdentifier

Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".

Required: No

Type: String

Pattern: ^S-[0-9]-([0-9]+-){1,14}[0-9]+$

Minimum: 7

Maximum: 256

Update requires: Replacement

TemplateArn

The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.

Required: No

Type: String

Pattern: ^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector(\/[\w-]+)\/template(\/[\w-]+)$

Minimum: 5

Maximum: 200

Update requires: Replacement

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

ValidityPeriod

AccessRights