AWS::RolesAnywhere::Profile

Creates a Profile.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::RolesAnywhere::Profile",
  "Properties" : {
      "AcceptRoleSessionName" : Boolean,
      "AttributeMappings" : [ AttributeMapping, ... ],
      "DurationSeconds" : Number,
      "Enabled" : Boolean,
      "ManagedPolicyArns" : [ String, ... ],
      "Name" : String,
      "RequireInstanceProperties" : Boolean,
      "RoleArns" : [ String, ... ],
      "SessionPolicy" : String,
      "Tags" : [ Tag, ... ]
    }
}

YAML


Type: AWS::RolesAnywhere::Profile
Properties:
  AcceptRoleSessionName: Boolean
  AttributeMappings: 
    - AttributeMapping
  DurationSeconds: Number
  Enabled: Boolean
  ManagedPolicyArns: 
    - String
  Name: String
  RequireInstanceProperties: Boolean
  RoleArns: 
    - String
  SessionPolicy: String
  Tags: 
    - Tag

Properties

AcceptRoleSessionName

Used to determine if a custom role session name will be accepted in a temporary credential request.

Required: No

Type: Boolean

Update requires: No interruption

AttributeMappings

A mapping applied to the authenticating end-entity certificate.

Required: No

Type: Array of AttributeMapping

Update requires: No interruption

DurationSeconds

The number of seconds vended session credentials will be valid for

Required: No

Type: Number

Minimum: 900

Maximum: 43200

Update requires: No interruption

Enabled

The enabled status of the resource.

Required: No

Type: Boolean

Update requires: No interruption

ManagedPolicyArns

A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.

Required: No

Type: Array of String

Minimum: 0

Maximum: 50

Update requires: No interruption

Name

The customer specified name of the resource.

Required: Yes

Type: String

Pattern: [ a-zA-Z0-9-_]*

Minimum: 1

Maximum: 255

Update requires: No interruption

RequireInstanceProperties

Specifies whether instance properties are required in CreateSession requests with this profile.

Required: No

Type: Boolean

Update requires: No interruption

RoleArns

A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.

Required: Yes

Type: Array of String

Minimum: 1

Maximum: 1011

Update requires: No interruption

SessionPolicy

A session policy that will applied to the trust boundary of the vended session credentials.

Required: No

Type: String

Update requires: No interruption

Tags

A list of Tags.

Required: No

Type: Array of Tag

Minimum: 0

Maximum: 200

Update requires: No interruption

Return values

Ref

The name of the Profile

Fn::GetAtt

ProfileArn: The ARN of the profile.
ProfileId: The unique primary identifier of the Profile

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Tag

AttributeMapping