interface CfnTemplateProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.aws_pcaconnectorad.CfnTemplateProps |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awspcaconnectorad#CfnTemplateProps |
 Java | software.amazon.awscdk.services.pcaconnectorad.CfnTemplateProps |
 Python | aws_cdk.aws_pcaconnectorad.CfnTemplateProps |
 TypeScript | aws-cdk-lib » aws_pcaconnectorad » CfnTemplateProps |
Properties for defining a CfnTemplate.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_pcaconnectorad as pcaconnectorad } from 'aws-cdk-lib';
const cfnTemplateProps: pcaconnectorad.CfnTemplateProps = {
connectorArn: 'connectorArn',
definition: {
templateV2: {
certificateValidity: {
renewalPeriod: {
period: 123,
periodType: 'periodType',
},
validityPeriod: {
period: 123,
periodType: 'periodType',
},
},
enrollmentFlags: {
enableKeyReuseOnNtTokenKeysetStorageFull: false,
includeSymmetricAlgorithms: false,
noSecurityExtension: false,
removeInvalidCertificateFromPersonalStore: false,
userInteractionRequired: false,
},
extensions: {
keyUsage: {
usageFlags: {
dataEncipherment: false,
digitalSignature: false,
keyAgreement: false,
keyEncipherment: false,
nonRepudiation: false,
},
// the properties below are optional
critical: false,
},
// the properties below are optional
applicationPolicies: {
policies: [{
policyObjectIdentifier: 'policyObjectIdentifier',
policyType: 'policyType',
}],
// the properties below are optional
critical: false,
},
},
generalFlags: {
autoEnrollment: false,
machineType: false,
},
privateKeyAttributes: {
keySpec: 'keySpec',
minimalKeyLength: 123,
// the properties below are optional
cryptoProviders: ['cryptoProviders'],
},
privateKeyFlags: {
clientVersion: 'clientVersion',
// the properties below are optional
exportableKey: false,
strongKeyProtectionRequired: false,
},
subjectNameFlags: {
requireCommonName: false,
requireDirectoryPath: false,
requireDnsAsCn: false,
requireEmail: false,
sanRequireDirectoryGuid: false,
sanRequireDns: false,
sanRequireDomainDns: false,
sanRequireEmail: false,
sanRequireSpn: false,
sanRequireUpn: false,
},
// the properties below are optional
supersededTemplates: ['supersededTemplates'],
},
templateV3: {
certificateValidity: {
renewalPeriod: {
period: 123,
periodType: 'periodType',
},
validityPeriod: {
period: 123,
periodType: 'periodType',
},
},
enrollmentFlags: {
enableKeyReuseOnNtTokenKeysetStorageFull: false,
includeSymmetricAlgorithms: false,
noSecurityExtension: false,
removeInvalidCertificateFromPersonalStore: false,
userInteractionRequired: false,
},
extensions: {
keyUsage: {
usageFlags: {
dataEncipherment: false,
digitalSignature: false,
keyAgreement: false,
keyEncipherment: false,
nonRepudiation: false,
},
// the properties below are optional
critical: false,
},
// the properties below are optional
applicationPolicies: {
policies: [{
policyObjectIdentifier: 'policyObjectIdentifier',
policyType: 'policyType',
}],
// the properties below are optional
critical: false,
},
},
generalFlags: {
autoEnrollment: false,
machineType: false,
},
hashAlgorithm: 'hashAlgorithm',
privateKeyAttributes: {
algorithm: 'algorithm',
keySpec: 'keySpec',
keyUsageProperty: {
propertyFlags: {
decrypt: false,
keyAgreement: false,
sign: false,
},
propertyType: 'propertyType',
},
minimalKeyLength: 123,
// the properties below are optional
cryptoProviders: ['cryptoProviders'],
},
privateKeyFlags: {
clientVersion: 'clientVersion',
// the properties below are optional
exportableKey: false,
requireAlternateSignatureAlgorithm: false,
strongKeyProtectionRequired: false,
},
subjectNameFlags: {
requireCommonName: false,
requireDirectoryPath: false,
requireDnsAsCn: false,
requireEmail: false,
sanRequireDirectoryGuid: false,
sanRequireDns: false,
sanRequireDomainDns: false,
sanRequireEmail: false,
sanRequireSpn: false,
sanRequireUpn: false,
},
// the properties below are optional
supersededTemplates: ['supersededTemplates'],
},
templateV4: {
certificateValidity: {
renewalPeriod: {
period: 123,
periodType: 'periodType',
},
validityPeriod: {
period: 123,
periodType: 'periodType',
},
},
enrollmentFlags: {
enableKeyReuseOnNtTokenKeysetStorageFull: false,
includeSymmetricAlgorithms: false,
noSecurityExtension: false,
removeInvalidCertificateFromPersonalStore: false,
userInteractionRequired: false,
},
extensions: {
keyUsage: {
usageFlags: {
dataEncipherment: false,
digitalSignature: false,
keyAgreement: false,
keyEncipherment: false,
nonRepudiation: false,
},
// the properties below are optional
critical: false,
},
// the properties below are optional
applicationPolicies: {
policies: [{
policyObjectIdentifier: 'policyObjectIdentifier',
policyType: 'policyType',
}],
// the properties below are optional
critical: false,
},
},
generalFlags: {
autoEnrollment: false,
machineType: false,
},
privateKeyAttributes: {
keySpec: 'keySpec',
minimalKeyLength: 123,
// the properties below are optional
algorithm: 'algorithm',
cryptoProviders: ['cryptoProviders'],
keyUsageProperty: {
propertyFlags: {
decrypt: false,
keyAgreement: false,
sign: false,
},
propertyType: 'propertyType',
},
},
privateKeyFlags: {
clientVersion: 'clientVersion',
// the properties below are optional
exportableKey: false,
requireAlternateSignatureAlgorithm: false,
requireSameKeyRenewal: false,
strongKeyProtectionRequired: false,
useLegacyProvider: false,
},
subjectNameFlags: {
requireCommonName: false,
requireDirectoryPath: false,
requireDnsAsCn: false,
requireEmail: false,
sanRequireDirectoryGuid: false,
sanRequireDns: false,
sanRequireDomainDns: false,
sanRequireEmail: false,
sanRequireSpn: false,
sanRequireUpn: false,
},
// the properties below are optional
hashAlgorithm: 'hashAlgorithm',
supersededTemplates: ['supersededTemplates'],
},
},
name: 'name',
// the properties below are optional
reenrollAllCertificateHolders: false,
tags: {
tagsKey: 'tags',
},
};
Properties
| Name | Type | Description |
|---|---|---|
| connector | string | The Amazon Resource Name (ARN) that was returned when you called CreateConnector . |
| definition | IResolvable | Template | Template configuration to define the information included in certificates. |
| name | string | Name of the templates. |
| reenroll | boolean | IResolvable | This setting allows the major version of a template to be increased automatically. |
| tags? | { [string]: string } | Metadata assigned to a template consisting of a key-value pair. |
connectorArn
Type:
string
The Amazon Resource Name (ARN) that was returned when you called CreateConnector .
definition
Type:
IResolvable | Template
Template configuration to define the information included in certificates.
Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings.
name
Type:
string
Name of the templates.
Template names must be unique.
reenrollAllCertificateHolders?
Type:
boolean | IResolvable
(optional)
This setting allows the major version of a template to be increased automatically.
All members of Active Directory groups that are allowed to enroll with a template will receive a new certificate issued using that template.
tags?
Type:
{ [string]: string }
(optional)
Metadata assigned to a template consisting of a key-value pair.