AWS::PCAConnectorAD::Template TemplateV4 - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::PCAConnectorAD::Template TemplateV4

v4 template schema that can use either Legacy Cryptographic Providers or Key Storage Providers.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

Properties

CertificateValidity

Certificate validity describes the validity and renewal periods of a certificate.

Required: Yes

Type: CertificateValidity

Update requires: No interruption

EnrollmentFlags

Enrollment flags describe the enrollment settings for certificates using the existing private key and deleting expired or revoked certificates.

Required: Yes

Type: EnrollmentFlagsV4

Update requires: No interruption

Extensions

Extensions describe the key usage extensions and application policies for a template.

Required: Yes

Type: ExtensionsV4

Update requires: No interruption

GeneralFlags

General flags describe whether the template is used for computers or users and if the template can be used with autoenrollment.

Required: Yes

Type: GeneralFlagsV4

Update requires: No interruption

HashAlgorithm

Specifies the hash algorithm used to hash the private key. Hash algorithm can only be specified when using Key Storage Providers.

Required: No

Type: String

Allowed values: SHA256 | SHA384 | SHA512

Update requires: No interruption

PrivateKeyAttributes

Private key attributes allow you to specify the minimal key length, key spec, key usage, and cryptographic providers for the private key of a certificate for v4 templates. V4 templates allow you to use either Key Storage Providers or Legacy Cryptographic Service Providers. You specify the cryptography provider category in private key flags.

Required: Yes

Type: PrivateKeyAttributesV4

Update requires: No interruption

PrivateKeyFlags

Private key flags for v4 templates specify the client compatibility, if the private key can be exported, if user input is required when using a private key, if an alternate signature algorithm should be used, and if certificates are renewed using the same private key.

Required: Yes

Type: PrivateKeyFlagsV4

Update requires: No interruption

SubjectNameFlags

Subject name flags describe the subject name and subject alternate name that is included in a certificate.

Required: Yes

Type: SubjectNameFlagsV4

Update requires: No interruption

SupersededTemplates

List of templates in Active Directory that are superseded by this template.

Required: No

Type: Array of String

Minimum: 1 | 1

Maximum: 64 | 100

Update requires: No interruption