AWS::PCAConnectorAD::TemplateGroupAccessControlEntry - Amazon CloudFormation
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::PCAConnectorAD::TemplateGroupAccessControlEntry

Create a group access control entry. Allow or deny Active Directory groups from enrolling and/or autoenrolling with the template based on the group security identifiers (SIDs).

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::PCAConnectorAD::TemplateGroupAccessControlEntry", "Properties" : { "AccessRights" : AccessRights, "GroupDisplayName" : String, "GroupSecurityIdentifier" : String, "TemplateArn" : String } }

YAML

Type: AWS::PCAConnectorAD::TemplateGroupAccessControlEntry Properties: AccessRights: AccessRights GroupDisplayName: String GroupSecurityIdentifier: String TemplateArn: String

Properties

AccessRights

Permissions to allow or deny an Active Directory group to enroll or autoenroll certificates issued against a template.

Required: Yes

Type: AccessRights

Update requires: No interruption

GroupDisplayName

Name of the Active Directory group. This name does not need to match the group name in Active Directory.

Required: Yes

Type: String

Pattern: ^[\x20-\x7E]+$

Minimum: 0

Maximum: 256

Update requires: No interruption

GroupSecurityIdentifier

Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".

Required: No

Type: String

Pattern: ^S-[0-9]-([0-9]+-){1,14}[0-9]+$

Minimum: 7

Maximum: 256

Update requires: Replacement

TemplateArn

The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.

Required: No

Type: String

Pattern: ^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector(\/[\w-]+)\/template(\/[\w-]+)$

Minimum: 5

Maximum: 200

Update requires: Replacement