Private CA Connector for SCEP 2018-05-10
- Client: Aws\PcaConnectorScep\PcaConnectorScepClient
- Service ID: pca-connector-scep
- Version: 2018-05-10
This page describes the parameters and results for the operations of the Private CA Connector for SCEP (2018-05-10), and shows how to use the Aws\PcaConnectorScep\PcaConnectorScepClient object to call the described operations. This documentation is specific to the 2018-05-10 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName')
, where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */)
.
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */)
.
- CreateChallenge ( array $params = [] )
- For general-purpose connectors.
- CreateConnector ( array $params = [] )
- Creates a SCEP connector.
- DeleteChallenge ( array $params = [] )
- Deletes the specified Challenge.
- DeleteConnector ( array $params = [] )
- Deletes the specified Connector.
- GetChallengeMetadata ( array $params = [] )
- Retrieves the metadata for the specified Challenge.
- GetChallengePassword ( array $params = [] )
- Retrieves the challenge password for the specified Challenge.
- GetConnector ( array $params = [] )
- Retrieves details about the specified Connector.
- ListChallengeMetadata ( array $params = [] )
- Retrieves the challenge metadata for the specified ARN.
- ListConnectors ( array $params = [] )
- Lists the connectors belonging to your Amazon Web Services account.
- ListTagsForResource ( array $params = [] )
- Retrieves the tags associated with the specified resource.
- TagResource ( array $params = [] )
- Adds one or more tags to your resource.
- UntagResource ( array $params = [] )
- Removes one or more tags from your resource.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
Operations
CreateChallenge
$result = $client->createChallenge
([/* ... */]); $promise = $client->createChallengeAsync
([/* ... */]);
For general-purpose connectors. Creates a challenge password for the specified connector. The SCEP protocol uses a challenge password to authenticate a request before issuing a certificate from a certificate authority (CA). Your SCEP clients include the challenge password as part of their certificate request to Connector for SCEP. To retrieve the connector Amazon Resource Names (ARNs) for the connectors in your account, call ListConnectors.
To create additional challenge passwords for the connector, call CreateChallenge
again. We recommend frequently rotating your challenge passwords.
Parameter Syntax
$result = $client->createChallenge([ 'ClientToken' => '<string>', 'ConnectorArn' => '<string>', // REQUIRED 'Tags' => ['<string>', ...], ]);
Parameter Details
Members
- ClientToken
-
- Type: string
Custom string that can be used to distinguish between calls to the CreateChallenge action. Client tokens for
CreateChallenge
time out after five minutes. Therefore, if you callCreateChallenge
multiple times with the same client token within five minutes, Connector for SCEP recognizes that you are requesting only one challenge and will only respond with one. If you change the client token for each call, Connector for SCEP recognizes that you are requesting multiple challenge passwords. - ConnectorArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the connector that you want to create a challenge for.
- Tags
-
- Type: Associative array of custom strings keys (String) to strings
The key-value pairs to associate with the resource.
Result Syntax
[ 'Challenge' => [ 'Arn' => '<string>', 'ConnectorArn' => '<string>', 'CreatedAt' => <DateTime>, 'Password' => '<string>', 'UpdatedAt' => <DateTime>, ], ]
Result Details
Members
- Challenge
-
- Type: Challenge structure
Returns the challenge details for the specified connector.
Errors
- ResourceNotFoundException:
The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than
ACTIVE
.- BadRequestException:
The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- AccessDeniedException:
You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
- ConflictException:
This request can't be completed for one of the following reasons because the requested resource was being concurrently modified by another request.
- ServiceQuotaExceededException:
The request would cause a service quota to be exceeded.
CreateConnector
$result = $client->createConnector
([/* ... */]); $promise = $client->createConnectorAsync
([/* ... */]);
Creates a SCEP connector. A SCEP connector links Amazon Web Services Private Certificate Authority to your SCEP-compatible devices and mobile device management (MDM) systems. Before you create a connector, you must complete a set of prerequisites, including creation of a private certificate authority (CA) to use with this connector. For more information, see Connector for SCEP prerequisites.
Parameter Syntax
$result = $client->createConnector([ 'CertificateAuthorityArn' => '<string>', // REQUIRED 'ClientToken' => '<string>', 'MobileDeviceManagement' => [ 'Intune' => [ 'AzureApplicationId' => '<string>', // REQUIRED 'Domain' => '<string>', // REQUIRED ], ], 'Tags' => ['<string>', ...], ]);
Parameter Details
Members
- CertificateAuthorityArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the Amazon Web Services Private Certificate Authority certificate authority to use with this connector. Due to security vulnerabilities present in the SCEP protocol, we recommend using a private CA that's dedicated for use with the connector.
To retrieve the private CAs associated with your account, you can call ListCertificateAuthorities using the Amazon Web Services Private CA API.
- ClientToken
-
- Type: string
Custom string that can be used to distinguish between calls to the CreateChallenge action. Client tokens for
CreateChallenge
time out after five minutes. Therefore, if you callCreateChallenge
multiple times with the same client token within five minutes, Connector for SCEP recognizes that you are requesting only one challenge and will only respond with one. If you change the client token for each call, Connector for SCEP recognizes that you are requesting multiple challenge passwords. - MobileDeviceManagement
-
- Type: MobileDeviceManagement structure
If you don't supply a value, by default Connector for SCEP creates a connector for general-purpose use. A general-purpose connector is designed to work with clients or endpoints that support the SCEP protocol, except Connector for SCEP for Microsoft Intune. With connectors for general-purpose use, you manage SCEP challenge passwords using Connector for SCEP. For information about considerations and limitations with using Connector for SCEP, see Considerations and Limitations.
If you provide an
IntuneConfiguration
, Connector for SCEP creates a connector for use with Microsoft Intune, and you manage the challenge passwords using Microsoft Intune. For more information, see Using Connector for SCEP for Microsoft Intune. - Tags
-
- Type: Associative array of custom strings keys (String) to strings
The key-value pairs to associate with the resource.
Result Syntax
[ 'ConnectorArn' => '<string>', ]
Result Details
Members
- ConnectorArn
-
- Type: string
Returns the Amazon Resource Name (ARN) of the connector.
Errors
- ResourceNotFoundException:
The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than
ACTIVE
.- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- AccessDeniedException:
You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
- ConflictException:
This request can't be completed for one of the following reasons because the requested resource was being concurrently modified by another request.
- ServiceQuotaExceededException:
The request would cause a service quota to be exceeded.
DeleteChallenge
$result = $client->deleteChallenge
([/* ... */]); $promise = $client->deleteChallengeAsync
([/* ... */]);
Deletes the specified Challenge.
Parameter Syntax
$result = $client->deleteChallenge([ 'ChallengeArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ChallengeArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the challenge password to delete.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than
ACTIVE
.- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- AccessDeniedException:
You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
- ConflictException:
This request can't be completed for one of the following reasons because the requested resource was being concurrently modified by another request.
DeleteConnector
$result = $client->deleteConnector
([/* ... */]); $promise = $client->deleteConnectorAsync
([/* ... */]);
Deletes the specified Connector. This operation also deletes any challenges associated with the connector.
Parameter Syntax
$result = $client->deleteConnector([ 'ConnectorArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ConnectorArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the connector to delete.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than
ACTIVE
.- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- AccessDeniedException:
You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
- ConflictException:
This request can't be completed for one of the following reasons because the requested resource was being concurrently modified by another request.
GetChallengeMetadata
$result = $client->getChallengeMetadata
([/* ... */]); $promise = $client->getChallengeMetadataAsync
([/* ... */]);
Retrieves the metadata for the specified Challenge.
Parameter Syntax
$result = $client->getChallengeMetadata([ 'ChallengeArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ChallengeArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the challenge.
Result Syntax
[ 'ChallengeMetadata' => [ 'Arn' => '<string>', 'ConnectorArn' => '<string>', 'CreatedAt' => <DateTime>, 'UpdatedAt' => <DateTime>, ], ]
Result Details
Members
- ChallengeMetadata
-
- Type: ChallengeMetadata structure
The metadata for the challenge.
Errors
- ResourceNotFoundException:
The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than
ACTIVE
.- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- AccessDeniedException:
You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
GetChallengePassword
$result = $client->getChallengePassword
([/* ... */]); $promise = $client->getChallengePasswordAsync
([/* ... */]);
Retrieves the challenge password for the specified Challenge.
Parameter Syntax
$result = $client->getChallengePassword([ 'ChallengeArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ChallengeArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the challenge.
Result Syntax
[ 'Password' => '<string>', ]
Result Details
Members
- Password
-
- Type: string
The SCEP challenge password.
Errors
- ResourceNotFoundException:
The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than
ACTIVE
.- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- AccessDeniedException:
You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
GetConnector
$result = $client->getConnector
([/* ... */]); $promise = $client->getConnectorAsync
([/* ... */]);
Retrieves details about the specified Connector. Calling this action returns important details about the connector, such as the public SCEP URL where your clients can request certificates.
Parameter Syntax
$result = $client->getConnector([ 'ConnectorArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ConnectorArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the connector.
Result Syntax
[ 'Connector' => [ 'Arn' => '<string>', 'CertificateAuthorityArn' => '<string>', 'CreatedAt' => <DateTime>, 'Endpoint' => '<string>', 'MobileDeviceManagement' => [ 'Intune' => [ 'AzureApplicationId' => '<string>', 'Domain' => '<string>', ], ], 'OpenIdConfiguration' => [ 'Audience' => '<string>', 'Issuer' => '<string>', 'Subject' => '<string>', ], 'Status' => 'CREATING|ACTIVE|DELETING|FAILED', 'StatusReason' => 'INTERNAL_FAILURE|PRIVATECA_ACCESS_DENIED|PRIVATECA_INVALID_STATE|PRIVATECA_RESOURCE_NOT_FOUND', 'Type' => 'GENERAL_PURPOSE|INTUNE', 'UpdatedAt' => <DateTime>, ], ]
Result Details
Members
- Connector
-
- Type: Connector structure
The properties of the connector.
Errors
- ResourceNotFoundException:
The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than
ACTIVE
.- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- AccessDeniedException:
You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
ListChallengeMetadata
$result = $client->listChallengeMetadata
([/* ... */]); $promise = $client->listChallengeMetadataAsync
([/* ... */]);
Retrieves the challenge metadata for the specified ARN.
Parameter Syntax
$result = $client->listChallengeMetadata([ 'ConnectorArn' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- ConnectorArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the connector.
- MaxResults
-
- Type: int
The maximum number of objects that you want Connector for SCEP to return for this request. If more objects are available, in the response, Connector for SCEP provides a
NextToken
value that you can use in a subsequent call to get the next batch of objects. - NextToken
-
- Type: string
When you request a list of objects with a
MaxResults
setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Connector for SCEP returns aNextToken
value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Result Syntax
[ 'Challenges' => [ [ 'Arn' => '<string>', 'ConnectorArn' => '<string>', 'CreatedAt' => <DateTime>, 'UpdatedAt' => <DateTime>, ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Challenges
-
- Type: Array of ChallengeMetadataSummary structures
The challenge metadata for the challenges belonging to your Amazon Web Services account.
- NextToken
-
- Type: string
When you request a list of objects with a
MaxResults
setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Connector for SCEP returns aNextToken
value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Errors
- ResourceNotFoundException:
The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than
ACTIVE
.- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- AccessDeniedException:
You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
ListConnectors
$result = $client->listConnectors
([/* ... */]); $promise = $client->listConnectorsAsync
([/* ... */]);
Lists the connectors belonging to your Amazon Web Services account.
Parameter Syntax
$result = $client->listConnectors([ 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of objects that you want Connector for SCEP to return for this request. If more objects are available, in the response, Connector for SCEP provides a
NextToken
value that you can use in a subsequent call to get the next batch of objects. - NextToken
-
- Type: string
When you request a list of objects with a
MaxResults
setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Connector for SCEP returns aNextToken
value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Result Syntax
[ 'Connectors' => [ [ 'Arn' => '<string>', 'CertificateAuthorityArn' => '<string>', 'CreatedAt' => <DateTime>, 'Endpoint' => '<string>', 'MobileDeviceManagement' => [ 'Intune' => [ 'AzureApplicationId' => '<string>', 'Domain' => '<string>', ], ], 'OpenIdConfiguration' => [ 'Audience' => '<string>', 'Issuer' => '<string>', 'Subject' => '<string>', ], 'Status' => 'CREATING|ACTIVE|DELETING|FAILED', 'StatusReason' => 'INTERNAL_FAILURE|PRIVATECA_ACCESS_DENIED|PRIVATECA_INVALID_STATE|PRIVATECA_RESOURCE_NOT_FOUND', 'Type' => 'GENERAL_PURPOSE|INTUNE', 'UpdatedAt' => <DateTime>, ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Connectors
-
- Type: Array of ConnectorSummary structures
The connectors belonging to your Amazon Web Services account.
- NextToken
-
- Type: string
When you request a list of objects with a
MaxResults
setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Connector for SCEP returns aNextToken
value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Errors
- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- AccessDeniedException:
You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
ListTagsForResource
$result = $client->listTagsForResource
([/* ... */]); $promise = $client->listTagsForResourceAsync
([/* ... */]);
Retrieves the tags associated with the specified resource. Tags are key-value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
Parameter Syntax
$result = $client->listTagsForResource([ 'ResourceArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource.
Result Syntax
[ 'Tags' => ['<string>', ...], ]
Result Details
Members
- Tags
-
- Type: Associative array of custom strings keys (String) to strings
The key-value pairs to associate with the resource.
Errors
- ResourceNotFoundException:
The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than
ACTIVE
.- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- AccessDeniedException:
You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
TagResource
$result = $client->tagResource
([/* ... */]); $promise = $client->tagResourceAsync
([/* ... */]);
Adds one or more tags to your resource.
Parameter Syntax
$result = $client->tagResource([ 'ResourceArn' => '<string>', // REQUIRED 'Tags' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource.
- Tags
-
- Required: Yes
- Type: Associative array of custom strings keys (String) to strings
The key-value pairs to associate with the resource.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than
ACTIVE
.- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- AccessDeniedException:
You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
UntagResource
$result = $client->untagResource
([/* ... */]); $promise = $client->untagResourceAsync
([/* ... */]);
Removes one or more tags from your resource.
Parameter Syntax
$result = $client->untagResource([ 'ResourceArn' => '<string>', // REQUIRED 'TagKeys' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- ResourceArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the resource.
- TagKeys
-
- Required: Yes
- Type: Array of strings
Specifies a list of tag keys that you want to remove from the specified resources.
Result Syntax
[]
Result Details
Errors
- ResourceNotFoundException:
The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than
ACTIVE
.- InternalServerException:
The request processing has failed because of an unknown error, exception or failure with an internal server.
- ValidationException:
An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
- ThrottlingException:
The limit on the number of requests per second was exceeded.
- AccessDeniedException:
You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
Shapes
AccessDeniedException
Description
You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
Members
- Message
-
- Required: Yes
- Type: string
BadRequestException
Description
The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
Members
- Message
-
- Required: Yes
- Type: string
Challenge
Description
For Connector for SCEP for general-purpose. An object containing information about the specified connector's SCEP challenge passwords.
Members
- Arn
-
- Type: string
The Amazon Resource Name (ARN) of the challenge.
- ConnectorArn
-
- Type: string
The Amazon Resource Name (ARN) of the connector.
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the challenge was created.
- Password
-
- Type: string
The SCEP challenge password, in UUID format.
- UpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the challenge was updated.
ChallengeMetadata
Description
Contains details about the connector's challenge.
Members
- Arn
-
- Type: string
The Amazon Resource Name (ARN) of the challenge.
- ConnectorArn
-
- Type: string
The Amazon Resource Name (ARN) of the connector.
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the connector was created.
- UpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the connector was updated.
ChallengeMetadataSummary
Description
Details about the specified challenge, returned by the GetChallengeMetadata action.
Members
- Arn
-
- Type: string
The Amazon Resource Name (ARN) of the challenge.
- ConnectorArn
-
- Type: string
The Amazon Resource Name (ARN) of the connector.
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the challenge was created.
- UpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the challenge was updated.
ConflictException
Description
This request can't be completed for one of the following reasons because the requested resource was being concurrently modified by another request.
Members
- Message
-
- Required: Yes
- Type: string
- ResourceId
-
- Required: Yes
- Type: string
The identifier of the Amazon Web Services resource.
- ResourceType
-
- Required: Yes
- Type: string
The resource type, which can be either
Connector
orChallenge
.
Connector
Description
Connector for SCEP is a service that links Amazon Web Services Private Certificate Authority to your SCEP-enabled devices. The connector brokers the exchange of certificates from Amazon Web Services Private CA to your SCEP-enabled devices and mobile device management systems. The connector is a complex type that contains the connector's configuration settings.
Members
- Arn
-
- Type: string
The Amazon Resource Name (ARN) of the connector.
- CertificateAuthorityArn
-
- Type: string
The Amazon Resource Name (ARN) of the certificate authority associated with the connector.
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the connector was created.
- Endpoint
-
- Type: string
The connector's HTTPS public SCEP URL.
- MobileDeviceManagement
-
- Type: MobileDeviceManagement structure
Contains settings relevant to the mobile device management system that you chose for the connector. If you didn't configure
MobileDeviceManagement
, then the connector is for general-purpose use and this object is empty. - OpenIdConfiguration
-
- Type: OpenIdConfiguration structure
Contains OpenID Connect (OIDC) parameters for use with Connector for SCEP for Microsoft Intune. For more information about using Connector for SCEP for Microsoft Intune, see Using Connector for SCEP for Microsoft Intune.
- Status
-
- Type: string
The connector's status.
- StatusReason
-
- Type: string
Information about why connector creation failed, if status is
FAILED
. - Type
-
- Type: string
The connector type.
- UpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the connector was updated.
ConnectorSummary
Description
Lists the Amazon Web Services Private CA SCEP connectors belonging to your Amazon Web Services account.
Members
- Arn
-
- Type: string
The Amazon Resource Name (ARN) of the connector.
- CertificateAuthorityArn
-
- Type: string
The Amazon Resource Name (ARN) of the connector's associated certificate authority.
- CreatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the challenge was created.
- Endpoint
-
- Type: string
The connector's HTTPS public SCEP URL.
- MobileDeviceManagement
-
- Type: MobileDeviceManagement structure
Contains settings relevant to the mobile device management system that you chose for the connector. If you didn't configure
MobileDeviceManagement
, then the connector is for general-purpose use and this object is empty. - OpenIdConfiguration
-
- Type: OpenIdConfiguration structure
Contains OpenID Connect (OIDC) parameters for use with Microsoft Intune.
- Status
-
- Type: string
The connector's status. Status can be creating, active, deleting, or failed.
- StatusReason
-
- Type: string
Information about why connector creation failed, if status is
FAILED
. - Type
-
- Type: string
The connector type.
- UpdatedAt
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that the challenge was updated.
InternalServerException
Description
The request processing has failed because of an unknown error, exception or failure with an internal server.
Members
- Message
-
- Required: Yes
- Type: string
IntuneConfiguration
Description
Contains configuration details for use with Microsoft Intune. For information about using Connector for SCEP for Microsoft Intune, see Using Connector for SCEP for Microsoft Intune.
When you use Connector for SCEP for Microsoft Intune, certain functionalities are enabled by accessing Microsoft Intune through the Microsoft API. Your use of the Connector for SCEP and accompanying Amazon Web Services services doesn't remove your need to have a valid license for your use of the Microsoft Intune service. You should also review the Microsoft IntuneĀ® App Protection Policies.
Members
- AzureApplicationId
-
- Required: Yes
- Type: string
The directory (tenant) ID from your Microsoft Entra ID app registration.
- Domain
-
- Required: Yes
- Type: string
The primary domain from your Microsoft Entra ID app registration.
MobileDeviceManagement
Description
If you don't supply a value, by default Connector for SCEP creates a connector for general-purpose use. A general-purpose connector is designed to work with clients or endpoints that support the SCEP protocol, except Connector for SCEP for Microsoft Intune. For information about considerations and limitations with using Connector for SCEP, see Considerations and Limitations.
If you provide an IntuneConfiguration
, Connector for SCEP creates a connector for use with Microsoft Intune, and you manage the challenge passwords using Microsoft Intune. For more information, see Using Connector for SCEP for Microsoft Intune.
Members
- Intune
-
- Type: IntuneConfiguration structure
Configuration settings for use with Microsoft Intune. For information about using Connector for SCEP for Microsoft Intune, see Using Connector for SCEP for Microsoft Intune.
OpenIdConfiguration
Description
Contains OpenID Connect (OIDC) parameters for use with Microsoft Intune. For more information about using Connector for SCEP for Microsoft Intune, see Using Connector for SCEP for Microsoft Intune.
Members
- Audience
-
- Type: string
The audience value to copy into your Microsoft Entra app registration's OIDC.
- Issuer
-
- Type: string
The issuer value to copy into your Microsoft Entra app registration's OIDC.
- Subject
-
- Type: string
The subject value to copy into your Microsoft Entra app registration's OIDC.
ResourceNotFoundException
Description
The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than ACTIVE
.
Members
- Message
-
- Required: Yes
- Type: string
- ResourceId
-
- Required: Yes
- Type: string
The identifier of the Amazon Web Services resource.
- ResourceType
-
- Required: Yes
- Type: string
The resource type, which can be either
Connector
orChallenge
.
ServiceQuotaExceededException
Description
The request would cause a service quota to be exceeded.
Members
- Message
-
- Required: Yes
- Type: string
- QuotaCode
-
- Required: Yes
- Type: string
The quota identifier.
- ResourceType
-
- Required: Yes
- Type: string
The resource type, which can be either
Connector
orChallenge
. - ServiceCode
-
- Required: Yes
- Type: string
Identifies the originating service.
ThrottlingException
Description
The limit on the number of requests per second was exceeded.
Members
- Message
-
- Required: Yes
- Type: string
ValidationException
Description
An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
Members
- Message
-
- Required: Yes
- Type: string
- Reason
-
- Type: string
The reason for the validation error, if available. The service doesn't return a reason for every validation exception.