AWS::AppStream::DirectoryConfig CertificateBasedAuthProperties - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::AppStream::DirectoryConfig CertificateBasedAuthProperties

The certificate-based authentication properties used to authenticate SAML 2.0 Identity Provider (IdP) user identities to Active Directory domain-joined streaming instances.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "CertificateAuthorityArn" : String,
  "Status" : String
}

YAML

  CertificateAuthorityArn: String
  Status: String

Properties

CertificateAuthorityArn

The ARN of the Amazon Certificate Manager Private CA resource.

Required: No

Type: String

Pattern: ^arn:aws(?:\-cn|\-iso\-b|\-iso|\-us\-gov)?:[A-Za-z0-9][A-Za-z0-9_/.-]{0,62}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9_/.-]{0,63}:[A-Za-z0-9][A-Za-z0-9:_/+=,@.\\-]{0,1023}$

Update requires: No interruption

Status

The status of the certificate-based authentication properties. Fallback is turned on by default when certificate-based authentication is Enabled. Fallback allows users to log in using their AD domain password if certificate-based authentication is unsuccessful, or to unlock a desktop lock screen. Enabled_no_directory_login_fallback enables certificate-based authentication, but does not allow users to log in using their AD domain password. Users will be disconnected to re-authenticate using certificates.

Required: No

Type: String

Allowed values: DISABLED | ENABLED | ENABLED_NO_DIRECTORY_LOGIN_FALLBACK

Update requires: No interruption