CfnTemplateProps
- class aws_cdk.aws_pcaconnectorad.CfnTemplateProps(*, connector_arn, definition, name, reenroll_all_certificate_holders=None, tags=None)
Bases:
objectProperties for defining a
CfnTemplate.- Parameters:
connector_arn (
str) – The Amazon Resource Name (ARN) that was returned when you called CreateConnector .definition (
Union[IResolvable,TemplateDefinitionProperty,Dict[str,Any]]) – Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.name (
str) – Name of the templates. Template names must be unique.reenroll_all_certificate_holders (
Union[bool,IResolvable,None]) – This setting allows the major version of a template to be increased automatically. All members of Active Directory groups that are allowed to enroll with a template will receive a new certificate issued using that template.tags (
Optional[Mapping[str,str]]) – Metadata assigned to a template consisting of a key-value pair.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_pcaconnectorad as pcaconnectorad cfn_template_props = pcaconnectorad.CfnTemplateProps( connector_arn="connectorArn", definition=pcaconnectorad.CfnTemplate.TemplateDefinitionProperty( template_v2=pcaconnectorad.CfnTemplate.TemplateV2Property( certificate_validity=pcaconnectorad.CfnTemplate.CertificateValidityProperty( renewal_period=pcaconnectorad.CfnTemplate.ValidityPeriodProperty( period=123, period_type="periodType" ), validity_period=pcaconnectorad.CfnTemplate.ValidityPeriodProperty( period=123, period_type="periodType" ) ), enrollment_flags=pcaconnectorad.CfnTemplate.EnrollmentFlagsV2Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False ), extensions=pcaconnectorad.CfnTemplate.ExtensionsV2Property( key_usage=pcaconnectorad.CfnTemplate.KeyUsageProperty( usage_flags=pcaconnectorad.CfnTemplate.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ), # the properties below are optional critical=False ), # the properties below are optional application_policies=pcaconnectorad.CfnTemplate.ApplicationPoliciesProperty( policies=[pcaconnectorad.CfnTemplate.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )], # the properties below are optional critical=False ) ), general_flags=pcaconnectorad.CfnTemplate.GeneralFlagsV2Property( auto_enrollment=False, machine_type=False ), private_key_attributes=pcaconnectorad.CfnTemplate.PrivateKeyAttributesV2Property( key_spec="keySpec", minimal_key_length=123, # the properties below are optional crypto_providers=["cryptoProviders"] ), private_key_flags=pcaconnectorad.CfnTemplate.PrivateKeyFlagsV2Property( client_version="clientVersion", # the properties below are optional exportable_key=False, strong_key_protection_required=False ), subject_name_flags=pcaconnectorad.CfnTemplate.SubjectNameFlagsV2Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False ), # the properties below are optional superseded_templates=["supersededTemplates"] ), template_v3=pcaconnectorad.CfnTemplate.TemplateV3Property( certificate_validity=pcaconnectorad.CfnTemplate.CertificateValidityProperty( renewal_period=pcaconnectorad.CfnTemplate.ValidityPeriodProperty( period=123, period_type="periodType" ), validity_period=pcaconnectorad.CfnTemplate.ValidityPeriodProperty( period=123, period_type="periodType" ) ), enrollment_flags=pcaconnectorad.CfnTemplate.EnrollmentFlagsV3Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False ), extensions=pcaconnectorad.CfnTemplate.ExtensionsV3Property( key_usage=pcaconnectorad.CfnTemplate.KeyUsageProperty( usage_flags=pcaconnectorad.CfnTemplate.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ), # the properties below are optional critical=False ), # the properties below are optional application_policies=pcaconnectorad.CfnTemplate.ApplicationPoliciesProperty( policies=[pcaconnectorad.CfnTemplate.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )], # the properties below are optional critical=False ) ), general_flags=pcaconnectorad.CfnTemplate.GeneralFlagsV3Property( auto_enrollment=False, machine_type=False ), hash_algorithm="hashAlgorithm", private_key_attributes=pcaconnectorad.CfnTemplate.PrivateKeyAttributesV3Property( algorithm="algorithm", key_spec="keySpec", key_usage_property=pcaconnectorad.CfnTemplate.KeyUsagePropertyProperty( property_flags=pcaconnectorad.CfnTemplate.KeyUsagePropertyFlagsProperty( decrypt=False, key_agreement=False, sign=False ), property_type="propertyType" ), minimal_key_length=123, # the properties below are optional crypto_providers=["cryptoProviders"] ), private_key_flags=pcaconnectorad.CfnTemplate.PrivateKeyFlagsV3Property( client_version="clientVersion", # the properties below are optional exportable_key=False, require_alternate_signature_algorithm=False, strong_key_protection_required=False ), subject_name_flags=pcaconnectorad.CfnTemplate.SubjectNameFlagsV3Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False ), # the properties below are optional superseded_templates=["supersededTemplates"] ), template_v4=pcaconnectorad.CfnTemplate.TemplateV4Property( certificate_validity=pcaconnectorad.CfnTemplate.CertificateValidityProperty( renewal_period=pcaconnectorad.CfnTemplate.ValidityPeriodProperty( period=123, period_type="periodType" ), validity_period=pcaconnectorad.CfnTemplate.ValidityPeriodProperty( period=123, period_type="periodType" ) ), enrollment_flags=pcaconnectorad.CfnTemplate.EnrollmentFlagsV4Property( enable_key_reuse_on_nt_token_keyset_storage_full=False, include_symmetric_algorithms=False, no_security_extension=False, remove_invalid_certificate_from_personal_store=False, user_interaction_required=False ), extensions=pcaconnectorad.CfnTemplate.ExtensionsV4Property( key_usage=pcaconnectorad.CfnTemplate.KeyUsageProperty( usage_flags=pcaconnectorad.CfnTemplate.KeyUsageFlagsProperty( data_encipherment=False, digital_signature=False, key_agreement=False, key_encipherment=False, non_repudiation=False ), # the properties below are optional critical=False ), # the properties below are optional application_policies=pcaconnectorad.CfnTemplate.ApplicationPoliciesProperty( policies=[pcaconnectorad.CfnTemplate.ApplicationPolicyProperty( policy_object_identifier="policyObjectIdentifier", policy_type="policyType" )], # the properties below are optional critical=False ) ), general_flags=pcaconnectorad.CfnTemplate.GeneralFlagsV4Property( auto_enrollment=False, machine_type=False ), private_key_attributes=pcaconnectorad.CfnTemplate.PrivateKeyAttributesV4Property( key_spec="keySpec", minimal_key_length=123, # the properties below are optional algorithm="algorithm", crypto_providers=["cryptoProviders"], key_usage_property=pcaconnectorad.CfnTemplate.KeyUsagePropertyProperty( property_flags=pcaconnectorad.CfnTemplate.KeyUsagePropertyFlagsProperty( decrypt=False, key_agreement=False, sign=False ), property_type="propertyType" ) ), private_key_flags=pcaconnectorad.CfnTemplate.PrivateKeyFlagsV4Property( client_version="clientVersion", # the properties below are optional exportable_key=False, require_alternate_signature_algorithm=False, require_same_key_renewal=False, strong_key_protection_required=False, use_legacy_provider=False ), subject_name_flags=pcaconnectorad.CfnTemplate.SubjectNameFlagsV4Property( require_common_name=False, require_directory_path=False, require_dns_as_cn=False, require_email=False, san_require_directory_guid=False, san_require_dns=False, san_require_domain_dns=False, san_require_email=False, san_require_spn=False, san_require_upn=False ), # the properties below are optional hash_algorithm="hashAlgorithm", superseded_templates=["supersededTemplates"] ) ), name="name", # the properties below are optional reenroll_all_certificate_holders=False, tags={ "tags_key": "tags" } )
Attributes
- connector_arn
//docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateConnector.html>`_ .
- See:
- Type:
The Amazon Resource Name (ARN) that was returned when you called `CreateConnector <https
- definition
Template configuration to define the information included in certificates.
Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
- name
Name of the templates.
Template names must be unique.
- reenroll_all_certificate_holders
This setting allows the major version of a template to be increased automatically.
All members of Active Directory groups that are allowed to enroll with a template will receive a new certificate issued using that template.
- tags
Metadata assigned to a template consisting of a key-value pair.