CreateConnector

The Amazon Resource Name (ARN) of the AWS Private Certificate Authority certificate authority to use with this connector. Due to security vulnerabilities present in the SCEP protocol, we recommend using a private CA that's dedicated for use with the connector.

To retrieve the private CAs associated with your account, you can call ListCertificateAuthorities using the AWS Private CA API.

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: arn:aws(-[a-z]+)*:acm-pca:[a-z]+(-[a-z]+)+-[1-9]\d*:\d{12}:certificate-authority\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}

Required: Yes

Custom string that can be used to distinguish between calls to the CreateChallenge action. Client tokens for CreateChallenge time out after five minutes. Therefore, if you call CreateChallenge multiple times with the same client token within five minutes, Connector for SCEP recognizes that you are requesting only one challenge and will only respond with one. If you change the client token for each call, Connector for SCEP recognizes that you are requesting multiple challenge passwords.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [!-~]+

Required: No

If you don't supply a value, by default Connector for SCEP creates a connector for general-purpose use. A general-purpose connector is designed to work with clients or endpoints that support the SCEP protocol, except Connector for SCEP for Microsoft Intune. With connectors for general-purpose use, you manage SCEP challenge passwords using Connector for SCEP. For information about considerations and limitations with using Connector for SCEP, see Considerations and Limitations.

If you provide an IntuneConfiguration, Connector for SCEP creates a connector for use with Microsoft Intune, and you manage the challenge passwords using Microsoft Intune. For more information, see Using Connector for SCEP for Microsoft Intune.

Type: MobileDeviceManagement object

Note: This object is a Union. Only one member of this object can be specified or returned.

Required: No

The key-value pairs to associate with the resource.

Type: String to string map

Required: No

Returns the Amazon Resource Name (ARN) of the connector.

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: arn:aws(-[a-z]+)*:pca-connector-scep:[a-z]+(-[a-z]+)+-[1-9]\d*:\d{12}:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}

You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your AWS Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an AWS Organizations service control policy (SCP) that affects your AWS account.

HTTP Status Code: 403

This request can't be completed for one of the following reasons because the requested resource was being concurrently modified by another request.

HTTP Status Code: 409

The request processing has failed because of an unknown error, exception or failure with an internal server.

HTTP Status Code: 500

The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than ACTIVE.

HTTP Status Code: 404

The request would cause a service quota to be exceeded.

HTTP Status Code: 402

The limit on the number of requests per second was exceeded.

HTTP Status Code: 429

An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.

HTTP Status Code: 400