AWS::PCAConnectorAD::TemplateGroupAccessControlEntry
Create a group access control entry. Allow or deny Active Directory groups from enrolling and/or autoenrolling with the template based on the group security identifiers (SIDs).
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::PCAConnectorAD::TemplateGroupAccessControlEntry", "Properties" : { "AccessRights" :
AccessRights
, "GroupDisplayName" :String
, "GroupSecurityIdentifier" :String
, "TemplateArn" :String
} }
YAML
Type: AWS::PCAConnectorAD::TemplateGroupAccessControlEntry Properties: AccessRights:
AccessRights
GroupDisplayName:String
GroupSecurityIdentifier:String
TemplateArn:String
Properties
AccessRights
-
Permissions to allow or deny an Active Directory group to enroll or autoenroll certificates issued against a template.
Required: Yes
Type: AccessRights
Update requires: No interruption
GroupDisplayName
-
Name of the Active Directory group. This name does not need to match the group name in Active Directory.
Required: Yes
Type: String
Pattern:
^[\x20-\x7E]+$
Minimum:
0
Maximum:
256
Update requires: No interruption
GroupSecurityIdentifier
-
Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
Required: No
Type: String
Pattern:
^S-[0-9]-([0-9]+-){1,14}[0-9]+$
Minimum:
7
Maximum:
256
Update requires: Replacement
TemplateArn
-
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
Required: No
Type: String
Pattern:
^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector(\/[\w-]+)\/template(\/[\w-]+)$
Minimum:
5
Maximum:
200
Update requires: Replacement