Put attribute mappings
Put attribute mappings (command line interface)
put-attribute-mapping
enables you to attach new mapping rules to your profile.
When using that profile, the certificate mapping behavior changes according to your customized rules.
To put a mapping rule, using the following command:
$
aws rolesanywhere put-attribute-mapping \ --certificate-fieldCERTIFICATE_FIELD
\ --mapping-rules specifier=SPECIFIER
\ --profile-idPROFILE_ID
The CERTIFICATE_FIELD
can be in one of x509Subject
,
x509Issuer
and x509SAN
. The SPECIFIER
is a string enforced by a standard (e.g., OID) that can map to a piece of information encoded in the certificate.
For example, to add mapping rules for x509Subject/CN
and x509Subject/OU
,
use the following command:
$
aws rolesanywhere put-attribute-mapping \ --certificate-field x509Subject \ --mapping-rules specifier=CN specifier=OU \ --profile-idPROFILE_ID
Put attribute mappings (console)
-
Sign in to IAM Roles Anywhere console
. -
Scroll to find profile table and choose the profile to add certificate attribute mappings.
-
Within profile detail page scroll towards Certificate attribute mappings section and choose Manage mappings.
-
Scroll to find the Add mappings button and click on it.
-
Choose a certificate field from either
Subject
,Issuer
, orSubject Alternative Name
in the dropdown list, and enter the specifier -
Select Save changes to add attribute mappings.