Skip to content

Create Verified Access Trust Provider

ec2_create_verified_access_trust_provider R Documentation

A trust provider is a third-party entity that creates, maintains, and manages identity information for users and devices

Description

A trust provider is a third-party entity that creates, maintains, and manages identity information for users and devices. When an application request is made, the identity information sent by the trust provider is evaluated by Verified Access before allowing or denying the application request.

Usage

ec2_create_verified_access_trust_provider(TrustProviderType,
  UserTrustProviderType, DeviceTrustProviderType, OidcOptions,
  DeviceOptions, PolicyReferenceName, Description, TagSpecifications,
  ClientToken, DryRun, SseSpecification)

Arguments

TrustProviderType

[required] The type of trust provider.

UserTrustProviderType

The type of user-based trust provider. This parameter is required when the provider type is user.

DeviceTrustProviderType

The type of device-based trust provider. This parameter is required when the provider type is device.

OidcOptions

The options for a OpenID Connect-compatible user-identity trust provider. This parameter is required when the provider type is user.

DeviceOptions

The options for a device-based trust provider. This parameter is required when the provider type is device.

PolicyReferenceName

[required] The identifier to be used when working with policy rules.

Description

A description for the Verified Access trust provider.

TagSpecifications

The tags to assign to the Verified Access trust provider.

ClientToken

A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see Ensuring idempotency.

DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

SseSpecification

The options for server side encryption.

Value

A list with the following syntax:

list(
  VerifiedAccessTrustProvider = list(
    VerifiedAccessTrustProviderId = "string",
    Description = "string",
    TrustProviderType = "user"|"device",
    UserTrustProviderType = "iam-identity-center"|"oidc",
    DeviceTrustProviderType = "jamf"|"crowdstrike"|"jumpcloud",
    OidcOptions = list(
      Issuer = "string",
      AuthorizationEndpoint = "string",
      TokenEndpoint = "string",
      UserInfoEndpoint = "string",
      ClientId = "string",
      ClientSecret = "string",
      Scope = "string"
    ),
    DeviceOptions = list(
      TenantId = "string",
      PublicSigningKeyUrl = "string"
    ),
    PolicyReferenceName = "string",
    CreationTime = "string",
    LastUpdatedTime = "string",
    Tags = list(
      list(
        Key = "string",
        Value = "string"
      )
    ),
    SseSpecification = list(
      CustomerManagedKeyEnabled = TRUE|FALSE,
      KmsKeyArn = "string"
    )
  )
)

Request syntax

svc$create_verified_access_trust_provider(
  TrustProviderType = "user"|"device",
  UserTrustProviderType = "iam-identity-center"|"oidc",
  DeviceTrustProviderType = "jamf"|"crowdstrike"|"jumpcloud",
  OidcOptions = list(
    Issuer = "string",
    AuthorizationEndpoint = "string",
    TokenEndpoint = "string",
    UserInfoEndpoint = "string",
    ClientId = "string",
    ClientSecret = "string",
    Scope = "string"
  ),
  DeviceOptions = list(
    TenantId = "string",
    PublicSigningKeyUrl = "string"
  ),
  PolicyReferenceName = "string",
  Description = "string",
  TagSpecifications = list(
    list(
      ResourceType = "capacity-reservation"|"client-vpn-endpoint"|"customer-gateway"|"carrier-gateway"|"coip-pool"|"dedicated-host"|"dhcp-options"|"egress-only-internet-gateway"|"elastic-ip"|"elastic-gpu"|"export-image-task"|"export-instance-task"|"fleet"|"fpga-image"|"host-reservation"|"image"|"import-image-task"|"import-snapshot-task"|"instance"|"instance-event-window"|"internet-gateway"|"ipam"|"ipam-pool"|"ipam-scope"|"ipv4pool-ec2"|"ipv6pool-ec2"|"key-pair"|"launch-template"|"local-gateway"|"local-gateway-route-table"|"local-gateway-virtual-interface"|"local-gateway-virtual-interface-group"|"local-gateway-route-table-vpc-association"|"local-gateway-route-table-virtual-interface-group-association"|"natgateway"|"network-acl"|"network-interface"|"network-insights-analysis"|"network-insights-path"|"network-insights-access-scope"|"network-insights-access-scope-analysis"|"placement-group"|"prefix-list"|"replace-root-volume-task"|"reserved-instances"|"route-table"|"security-group"|"security-group-rule"|"snapshot"|"spot-fleet-request"|"spot-instances-request"|"subnet"|"subnet-cidr-reservation"|"traffic-mirror-filter"|"traffic-mirror-session"|"traffic-mirror-target"|"transit-gateway"|"transit-gateway-attachment"|"transit-gateway-connect-peer"|"transit-gateway-multicast-domain"|"transit-gateway-policy-table"|"transit-gateway-route-table"|"transit-gateway-route-table-announcement"|"volume"|"vpc"|"vpc-endpoint"|"vpc-endpoint-connection"|"vpc-endpoint-service"|"vpc-endpoint-service-permission"|"vpc-peering-connection"|"vpn-connection"|"vpn-gateway"|"vpc-flow-log"|"capacity-reservation-fleet"|"traffic-mirror-filter-rule"|"vpc-endpoint-connection-device-type"|"verified-access-instance"|"verified-access-group"|"verified-access-endpoint"|"verified-access-policy"|"verified-access-trust-provider"|"vpn-connection-device-type"|"vpc-block-public-access-exclusion"|"ipam-resource-discovery"|"ipam-resource-discovery-association"|"instance-connect-endpoint"|"ipam-external-resource-verification-token",
      Tags = list(
        list(
          Key = "string",
          Value = "string"
        )
      )
    )
  ),
  ClientToken = "string",
  DryRun = TRUE|FALSE,
  SseSpecification = list(
    CustomerManagedKeyEnabled = TRUE|FALSE,
    KmsKeyArn = "string"
  )
)