Creates a Profile.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{
"Type" : "AWS::RolesAnywhere::Profile",
"Properties" : {
"AcceptRoleSessionName" : Boolean
,
"AttributeMappings" : [ AttributeMapping, ... ]
,
"DurationSeconds" : Number
,
"Enabled" : Boolean
,
"ManagedPolicyArns" : [ String, ... ]
,
"Name" : String
,
"RequireInstanceProperties" : Boolean
,
"RoleArns" : [ String, ... ]
,
"SessionPolicy" : String
,
"Tags" : [ Tag, ... ]
}
}
YAML
Type: AWS::RolesAnywhere::Profile
Properties:
AcceptRoleSessionName: Boolean
AttributeMappings:
- AttributeMapping
DurationSeconds: Number
Enabled: Boolean
ManagedPolicyArns:
- String
Name: String
RequireInstanceProperties: Boolean
RoleArns:
- String
SessionPolicy: String
Tags:
- Tag
Properties
AcceptRoleSessionName
-
Used to determine if a custom role session name will be accepted in a temporary credential request.
Required: No
Type: Boolean
Update requires: No interruption
AttributeMappings
-
A mapping applied to the authenticating end-entity certificate.
Required: No
Type: Array of AttributeMapping
Update requires: No interruption
DurationSeconds
-
The number of seconds vended session credentials will be valid for
Required: No
Type: Number
Minimum:
900
Maximum:
43200
Update requires: No interruption
Enabled
-
The enabled status of the resource.
Required: No
Type: Boolean
Update requires: No interruption
ManagedPolicyArns
-
A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.
Required: No
Type: Array of String
Minimum:
0
Maximum:
50
Update requires: No interruption
Name
-
The customer specified name of the resource.
Required: Yes
Type: String
Pattern:
[ a-zA-Z0-9-_]*
Minimum:
1
Maximum:
255
Update requires: No interruption
RequireInstanceProperties
-
Specifies whether instance properties are required in CreateSession requests with this profile.
Required: No
Type: Boolean
Update requires: Replacement
RoleArns
-
A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.
Required: Yes
Type: Array of String
Minimum:
1
Maximum:
1011
Update requires: No interruption
SessionPolicy
-
A session policy that will applied to the trust boundary of the vended session credentials.
Required: No
Type: String
Update requires: No interruption
-
A list of Tags.
Required: No
Type: Array of Tag
Minimum:
0
Maximum:
200
Update requires: No interruption
Return values
Ref
The name of the Profile
Fn::GetAtt
ProfileArn
-
The ARN of the profile.
ProfileId
-
The unique primary identifier of the Profile