Class CfnEnclaveCertificateIamRoleAssociation
Associates an AWS Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate.
Implements
Inherited Members
Namespace: Amazon.CDK.AWS.EC2
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnEnclaveCertificateIamRoleAssociation : CfnResource, IInspectable, IEnclaveCertificateIamRoleAssociationRef, IConstruct, IDependable, IEnvironmentAwareSyntax (vb)
Public Class CfnEnclaveCertificateIamRoleAssociation Inherits CfnResource Implements IInspectable, IEnclaveCertificateIamRoleAssociationRef, IConstruct, IDependable, IEnvironmentAwareRemarks
This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide .
When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 location that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS managed key that has an attached attestation-based key policy.
To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide .
CloudformationResource: AWS::EC2::EnclaveCertificateIamRoleAssociation
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.EC2;
var cfnEnclaveCertificateIamRoleAssociation = new CfnEnclaveCertificateIamRoleAssociation(this, "MyCfnEnclaveCertificateIamRoleAssociation", new CfnEnclaveCertificateIamRoleAssociationProps {
CertificateArn = "certificateArn",
RoleArn = "roleArn"
});Synopsis
Constructors
| CfnEnclaveCertificateIamRoleAssociation(Construct, string, ICfnEnclaveCertificateIamRoleAssociationProps) | Create a new |
Properties
| AttrCertificateS3BucketName | The name of the Amazon S3 bucket to which the certificate was uploaded. |
| AttrCertificateS3ObjectKey | The Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored. |
| AttrEncryptionKmsKeyId | The ID of the AWS KMS key used to encrypt the private key of the certificate. |
| CFN_RESOURCE_TYPE_NAME | The CloudFormation resource type name for this resource class. |
| CertificateArn | The ARN of the ACM certificate with which to associate the IAM role. |
| CfnProperties | Associates an AWS Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate. |
| EnclaveCertificateIamRoleAssociationRef | A reference to a EnclaveCertificateIamRoleAssociation resource. |
| RoleArn | The ARN of the IAM role to associate with the ACM certificate. |
Methods
| Inspect(TreeInspector) | Examines the CloudFormation resource and discloses attributes. |
| IsCfnEnclaveCertificateIamRoleAssociation(object) | Checks whether the given object is a CfnEnclaveCertificateIamRoleAssociation. |
| RenderProperties(IDictionary<string, object>) | Associates an AWS Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate. |
Constructors
CfnEnclaveCertificateIamRoleAssociation(Construct, string, ICfnEnclaveCertificateIamRoleAssociationProps)
Create a new AWS::EC2::EnclaveCertificateIamRoleAssociation.
public CfnEnclaveCertificateIamRoleAssociation(Construct scope, string id, ICfnEnclaveCertificateIamRoleAssociationProps props)Parameters
- scope Construct
Scope in which this resource is defined.
- id string
Construct identifier for this resource (unique in its scope).
- props ICfnEnclaveCertificateIamRoleAssociationProps
Resource properties.
Remarks
This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide .
When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 location that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS managed key that has an attached attestation-based key policy.
To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide .
CloudformationResource: AWS::EC2::EnclaveCertificateIamRoleAssociation
ExampleMetadata: fixture=_generated
Properties
AttrCertificateS3BucketName
The name of the Amazon S3 bucket to which the certificate was uploaded.
public virtual string AttrCertificateS3BucketName { get; }Property Value
Remarks
CloudformationAttribute: CertificateS3BucketName
AttrCertificateS3ObjectKey
The Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored.
public virtual string AttrCertificateS3ObjectKey { get; }Property Value
Remarks
The object key is formatted as follows: role_arn / certificate_arn .
CloudformationAttribute: CertificateS3ObjectKey
AttrEncryptionKmsKeyId
The ID of the AWS KMS key used to encrypt the private key of the certificate.
public virtual string AttrEncryptionKmsKeyId { get; }Property Value
Remarks
CloudformationAttribute: EncryptionKmsKeyId
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
public static string CFN_RESOURCE_TYPE_NAME { get; }Property Value
Remarks
This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide .
When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 location that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS managed key that has an attached attestation-based key policy.
To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide .
CloudformationResource: AWS::EC2::EnclaveCertificateIamRoleAssociation
ExampleMetadata: fixture=_generated
CertificateArn
The ARN of the ACM certificate with which to associate the IAM role.
public virtual string CertificateArn { get; set; }Property Value
Remarks
This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide .
When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 location that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS managed key that has an attached attestation-based key policy.
To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide .
CloudformationResource: AWS::EC2::EnclaveCertificateIamRoleAssociation
ExampleMetadata: fixture=_generated
CfnProperties
Associates an AWS Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate.
protected override IDictionary<string, object> CfnProperties { get; }Property Value
Overrides
Remarks
This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide .
When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 location that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS managed key that has an attached attestation-based key policy.
To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide .
CloudformationResource: AWS::EC2::EnclaveCertificateIamRoleAssociation
ExampleMetadata: fixture=_generated
EnclaveCertificateIamRoleAssociationRef
A reference to a EnclaveCertificateIamRoleAssociation resource.
public virtual IEnclaveCertificateIamRoleAssociationReference EnclaveCertificateIamRoleAssociationRef { get; }Property Value
IEnclaveCertificateIamRoleAssociationReference
Remarks
This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide .
When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 location that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS managed key that has an attached attestation-based key policy.
To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide .
CloudformationResource: AWS::EC2::EnclaveCertificateIamRoleAssociation
ExampleMetadata: fixture=_generated
RoleArn
The ARN of the IAM role to associate with the ACM certificate.
public virtual string RoleArn { get; set; }Property Value
Remarks
This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide .
When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 location that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS managed key that has an attached attestation-based key policy.
To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide .
CloudformationResource: AWS::EC2::EnclaveCertificateIamRoleAssociation
ExampleMetadata: fixture=_generated
Methods
Inspect(TreeInspector)
Examines the CloudFormation resource and discloses attributes.
public virtual void Inspect(TreeInspector inspector)Parameters
- inspector TreeInspector
tree inspector to collect and process attributes.
Remarks
This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide .
When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 location that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS managed key that has an attached attestation-based key policy.
To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide .
CloudformationResource: AWS::EC2::EnclaveCertificateIamRoleAssociation
ExampleMetadata: fixture=_generated
IsCfnEnclaveCertificateIamRoleAssociation(object)
Checks whether the given object is a CfnEnclaveCertificateIamRoleAssociation.
public static bool IsCfnEnclaveCertificateIamRoleAssociation(object x)Parameters
- x object
Returns
Remarks
This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide .
When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 location that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS managed key that has an attached attestation-based key policy.
To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide .
CloudformationResource: AWS::EC2::EnclaveCertificateIamRoleAssociation
ExampleMetadata: fixture=_generated
RenderProperties(IDictionary<string, object>)
Associates an AWS Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate.
protected override IDictionary<string, object> RenderProperties(IDictionary<string, object> props)Parameters
- props IDictionary<string, object>
Returns
Overrides
Remarks
This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the AWS Nitro Enclaves User Guide .
When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 location that only the associated IAM role can access. The private key of the certificate is encrypted with an AWS managed key that has an attached attestation-based key policy.
To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the AWS Nitro Enclaves User Guide .
CloudformationResource: AWS::EC2::EnclaveCertificateIamRoleAssociation
ExampleMetadata: fixture=_generated