CreateTemplateGroupAccessControlEntry
Create a group access control entry. Allow or deny Active Directory groups from enrolling and/or autoenrolling with the template based on the group security identifiers (SIDs).
Request Syntax
POST /templates/TemplateArn
/accessControlEntries HTTP/1.1
Content-type: application/json
{
"AccessRights": {
"AutoEnroll": "string
",
"Enroll": "string
"
},
"ClientToken": "string
",
"GroupDisplayName": "string
",
"GroupSecurityIdentifier": "string
"
}
URI Request Parameters
The request uses the following URI parameters.
- TemplateArn
-
The Amazon Resource Name (ARN) that was returned when you called CreateTemplate.
Length Constraints: Minimum length of 5. Maximum length of 200.
Pattern:
^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\/template\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$
Required: Yes
Request Body
The request accepts the following data in JSON format.
- AccessRights
-
Allow or deny permissions for an Active Directory group to enroll or autoenroll certificates for a template.
Type: AccessRights object
Required: Yes
- ClientToken
-
Idempotency token.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
^[!-~]+$
Required: No
- GroupDisplayName
-
Name of the Active Directory group. This name does not need to match the group name in Active Directory.
Type: String
Length Constraints: Minimum length of 0. Maximum length of 256.
Pattern:
^[\x20-\x7E]+$
Required: Yes
- GroupSecurityIdentifier
-
Security identifier (SID) of the group object from Active Directory. The SID starts with "S-".
Type: String
Length Constraints: Minimum length of 7. Maximum length of 256.
Pattern:
^S-[0-9]-([0-9]+-){1,14}[0-9]+$
Required: Yes
Response Syntax
HTTP/1.1 200
Response Elements
If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
You can receive this error if you attempt to create a resource share when you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your AWS Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an AWS Organizations service control policy (SCP) that affects your AWS account.
HTTP Status Code: 403
- ConflictException
-
This request cannot be completed for one of the following reasons because the requested resource was being concurrently modified by another request.
HTTP Status Code: 409
- InternalServerException
-
The request processing has failed because of an unknown error, exception or failure with an internal server.
HTTP Status Code: 500
- ResourceNotFoundException
-
The operation tried to access a nonexistent resource. The resource might not be specified correctly, or its status might not be ACTIVE.
HTTP Status Code: 404
- ServiceQuotaExceededException
-
Request would cause a service quota to be exceeded.
HTTP Status Code: 402
- ThrottlingException
-
The limit on the number of requests per second was exceeded.
HTTP Status Code: 429
- ValidationException
-
An input validation error occurred. For example, invalid characters in a template name, or if a pagination token is invalid.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: