AWS::PCAConnectorAD::Template - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Creates an Active Directory compatible certificate template. The connectors issues certificates using these templates based on the requester’s Active Directory group membership.


To declare this entity in your Amazon CloudFormation template, use the following syntax:


{ "Type" : "AWS::PCAConnectorAD::Template", "Properties" : { "ConnectorArn" : String, "Definition" : TemplateDefinition, "Name" : String, "ReenrollAllCertificateHolders" : Boolean, "Tags" : {Key: Value, ...} } }


Type: AWS::PCAConnectorAD::Template Properties: ConnectorArn: String Definition: TemplateDefinition Name: String ReenrollAllCertificateHolders: Boolean Tags: Key: Value



The Amazon Resource Name (ARN) that was returned when you called CreateConnector.

Required: Yes

Type: String

Pattern: ^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$

Minimum: 5

Maximum: 200

Update requires: Replacement


Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.

Required: Yes

Type: TemplateDefinition

Update requires: No interruption


Name of the templates. Template names must be unique.

Required: Yes

Type: String

Pattern: ^(?!^\s+$)((?![\x5c'\x2b,;<=>#\x22])([\x20-\x7E]))+$

Minimum: 1

Maximum: 64

Update requires: Replacement


This setting allows the major version of a template to be increased automatically. All members of Active Directory groups that are allowed to enroll with a template will receive a new certificate issued using that template.

Required: No

Type: Boolean

Update requires: No interruption


Metadata assigned to a template consisting of a key-value pair.

Required: No

Type: Object of String

Pattern: .+

Update requires: No interruption

Return values



The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.


The Amazon Resource Name (ARN) that was returned when you called CreateTemplate .