This is the new CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the AWS CloudFormation User Guide.
AWS::PCAConnectorAD::TemplateGroupAccessControlEntry
Create a group access control entry. Allow or deny Active Directory groups from enrolling and/or autoenrolling with the template based on the group security identifiers (SIDs).
Syntax
To declare this entity in your CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::PCAConnectorAD::TemplateGroupAccessControlEntry", "Properties" : { "AccessRights" :AccessRights, "GroupDisplayName" :String, "GroupSecurityIdentifier" :String, "TemplateArn" :String} }
YAML
Type: AWS::PCAConnectorAD::TemplateGroupAccessControlEntry Properties: AccessRights:AccessRightsGroupDisplayName:StringGroupSecurityIdentifier:StringTemplateArn:String
Properties
AccessRights-
Permissions to allow or deny an Active Directory group to enroll or autoenroll certificates issued against a template.
Required: Yes
Type: AccessRights
Update requires: No interruption
GroupDisplayName-
Name of the Active Directory group. This name does not need to match the group name in Active Directory.
Required: Yes
Type: String
Pattern:
^[\x20-\x7E]+$Minimum:
0Maximum:
256Update requires: No interruption
GroupSecurityIdentifier-
Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
Required: No
Type: String
Pattern:
^S-[0-9]-([0-9]+-){1,14}[0-9]+$Minimum:
7Maximum:
256Update requires: Replacement
TemplateArn-
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
Required: No
Type: String
Pattern:
^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector(\/[\w-]+)\/template(\/[\w-]+)$Minimum:
5Maximum:
200Update requires: Replacement