AWS::RolesAnywhere::Profile - Amazon CloudFormation
SyntaxPropertiesReturn values
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::RolesAnywhere::Profile

Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:CreateProfile.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::RolesAnywhere::Profile",
  "Properties" : {
      "DurationSeconds" : Double,
      "Enabled" : Boolean,
      "ManagedPolicyArns" : [ String, ... ],
      "Name" : String,
      "RequireInstanceProperties" : Boolean,
      "RoleArns" : [ String, ... ],
      "SessionPolicy" : String,
      "Tags" : [ Tag, ... ]
    }
}

YAML

Type: AWS::RolesAnywhere::Profile
Properties: 
  DurationSeconds: Double
  Enabled: Boolean
  ManagedPolicyArns: 
    - String
  Name: String
  RequireInstanceProperties: Boolean
  RoleArns: 
    - String
  SessionPolicy: String
  Tags: 
    - Tag

Properties

DurationSeconds

Sets the maximum number of seconds that vended temporary credentials through CreateSession will be valid for, between 900 and 3600.

Required: No

Type: Double

Update requires: No interruption

Enabled

Indicates whether the profile is enabled.

Required: No

Type: Boolean

Update requires: No interruption

ManagedPolicyArns

A list of managed policy ARNs that apply to the vended session credentials.

Required: No

Type: List of String

Maximum: 50

Update requires: No interruption

Name

The name of the profile.

Required: Yes

Type: String

Minimum: 1

Maximum: 255

Pattern: ^[ a-zA-Z0-9-_]*$

Update requires: No interruption

RequireInstanceProperties

Specifies whether instance properties are required in temporary credential requests with this profile.

Required: No

Type: Boolean

Update requires: No interruption

RoleArns

A list of IAM role ARNs. During CreateSession, if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.

Required: Yes

Type: List of String

Maximum: 50

Update requires: No interruption

SessionPolicy

A session policy that applies to the trust boundary of the vended session credentials.

Required: No

Type: String

Update requires: No interruption

Tags

The tags to attach to the profile.

Required: No

Type: List of Tag

Maximum: 200

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns ProfileId.

Fn::GetAtt

The Fn::GetAtt intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAtt intrinsic function, see Fn::GetAtt.

ProfileArn

The ARN of the profile.

ProfileId

The unique primary identifier of the Profile