Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account
Connector - AWS Private CA Connector for Active Directory
ContentsSee Also

Connector

PDF

AWS Private CA Connector for Active Directory is a service that links your Active Directory with AWS Private CA. The connector brokers the exchange of certificates from AWS Private CA to domain-joined users and machines managed with Active Directory.

Contents

Arn

The Amazon Resource Name (ARN) that was returned when you called CreateConnector.

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: ^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$

Required: No

CertificateAuthorityArn

The Amazon Resource Name (ARN) of the certificate authority being used.

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: ^arn:[\w-]+:acm-pca:[\w-]+:[0-9]+:certificate-authority\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$

Required: No

CertificateEnrollmentPolicyServerEndpoint

Certificate enrollment endpoint for Active Directory domain-joined objects reach out to when requesting certificates.

Type: String

Required: No

CreatedAt

The date and time that the connector was created.

Type: Timestamp

Required: No

DirectoryId

The identifier of the Active Directory.

Type: String

Pattern: ^d-[0-9a-f]{10}$

Required: No

Status

Status of the connector. Status can be creating, active, deleting, or failed.

Type: String

Valid Values: CREATING | ACTIVE | DELETING | FAILED

Required: No

StatusReason

Additional information about the connector status if the status is failed.

Type: String

Valid Values: DIRECTORY_ACCESS_DENIED | INTERNAL_FAILURE | PRIVATECA_ACCESS_DENIED | PRIVATECA_RESOURCE_NOT_FOUND | SECURITY_GROUP_NOT_IN_VPC | VPC_ACCESS_DENIED | VPC_ENDPOINT_LIMIT_EXCEEDED | VPC_RESOURCE_NOT_FOUND

Required: No

UpdatedAt

The date and time that the connector was updated.

Type: Timestamp

Required: No

VpcInformation

Information of the VPC and security group(s) used with the connector.

Type: VpcInformation object

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

Next topic:

ConnectorSummary

Previous topic:

CertificateValidity

Need help?

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.