AWS::RolesAnywhere::Profile

Creates a profile, a list of the roles that Roles Anywhere service is trusted to assume. You use profiles to intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:CreateProfile.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Type" : "AWS::RolesAnywhere::Profile",
  "Properties" : {
      "DurationSeconds" : Double,
      "Enabled" : Boolean,
      "ManagedPolicyArns" : [ String, ... ],
      "Name" : String,
      "RequireInstanceProperties" : Boolean,
      "RoleArns" : [ String, ... ],
      "SessionPolicy" : String,
      "Tags" : [ Tag, ... ]
    }
}

YAML


Type: AWS::RolesAnywhere::Profile
Properties: 
  DurationSeconds: Double
  Enabled: Boolean
  ManagedPolicyArns: 
    - String
  Name: String
  RequireInstanceProperties: Boolean
  RoleArns: 
    - String
  SessionPolicy: String
  Tags: 
    - Tag

Properties

DurationSeconds

Sets the maximum number of seconds that vended temporary credentials through CreateSession will be valid for, between 900 and 3600.

Required: No

Type: Double

Update requires: No interruption

Enabled

Indicates whether the profile is enabled.

Required: No

Type: Boolean

Update requires: No interruption

ManagedPolicyArns

A list of managed policy ARNs that apply to the vended session credentials.

Required: No

Type: List of String

Maximum: 50

Update requires: No interruption

Name

The name of the profile.

Required: Yes

Type: String

Minimum: 1

Maximum: 255

Pattern: ^[ a-zA-Z0-9-_]*$

Update requires: No interruption

RequireInstanceProperties

Specifies whether instance properties are required in temporary credential requests with this profile.

Required: No

Type: Boolean

Update requires: No interruption

RoleArns

A list of IAM role ARNs. During CreateSession, if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.

Required: Yes

Type: List of String

Maximum: 50

Update requires: No interruption

SessionPolicy

A session policy that applies to the trust boundary of the vended session credentials.

Required: No

Type: String

Update requires: No interruption

Tags

The tags to attach to the profile.

Required: No

Type: List of Tag

Maximum: 200

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Reffunction, Refreturns ProfileId.

Fn::GetAtt

The Fn::GetAttintrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the Fn::GetAttintrinsic function, see Fn::GetAtt.

ProfileArn: The ARN of the profile.
ProfileId: The unique primary identifier of the Profile

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS::RolesAnywhere::CRL

AWS::RolesAnywhere::TrustAnchor