EnableCAEnrollmentPolicy

Enables certificate authority (CA) enrollment policy for the specified directory. This allows domain-joined clients to automatically request and receive certificates from the specified AWS Private Certificate Authority.

Note

Before enabling CA enrollment, ensure that the PCA connector is properly configured and accessible from the directory. The connector must be in an active state and have the necessary permissions.

Request Syntax

{
   "DirectoryId": "string",
   "PcaConnectorArn": "string"
}

Request Parameters

The request accepts the following data in JSON format.

DirectoryId

The identifier of the directory for which to enable the CA enrollment policy.

Type: String

Pattern: ^d-[0-9a-f]{10}$

Required: Yes

PcaConnectorArn

The Amazon Resource Name (ARN) of the Private Certificate Authority (PCA) connector to use for automatic certificate enrollment. This connector must be properly configured and accessible from the directory.

The ARN format is: arn:aws:pca-connector-ad:region:account-id:connector/connector-id

Type: String

Pattern: ^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 400

ClientException

A client exception has occurred.

HTTP Status Code: 400

DirectoryDoesNotExistException

The specified directory does not exist in the system.

HTTP Status Code: 400

DirectoryUnavailableException

The specified directory is unavailable.

HTTP Status Code: 400

EnableAlreadyInProgressException

An enable operation for CA enrollment policy is already in progress for this directory.

HTTP Status Code: 400

EntityAlreadyExistsException

The specified entity already exists.

HTTP Status Code: 400

EntityDoesNotExistException

The specified entity could not be found.

HTTP Status Code: 400

InvalidParameterException

One or more parameters are not valid.

HTTP Status Code: 400

ServiceException

An exception has occurred in AWS Directory Service.

HTTP Status Code: 500

Examples

The following examples are formatted for legibility.

Enable CA enrollment policy

The following example enables the CA enrollment policy for a directory with a specified PCA connector.

Sample Request

POST / HTTP/1.1
Host: ds.us-west-2.amazonaws.com
Accept-Encoding: identity
Content-Length: 156
X-Amz-Target: DirectoryService_20150416.EnableCAEnrollmentPolicy
X-Amz-Date: 20230815T143000Z
User-Agent: aws-cli/2.0.0 Python/3.8.0 Linux/5.4.0 botocore/2.0.0
Authorization: AWS4-HMAC-SHA256
  Credential=AKIAIOSFODNN7EXAMPLE/20230815/us-west-2/ds/aws4_request,
  SignedHeaders=host;x-amz-date;x-amz-target,
  Signature=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

{
  "DirectoryId": "d-926example",
  "PcaConnectorArn": "arn:aws:pca-connector-ad:us-east-1:123456789012:connector/c-123456789abcdef01"
}

Sample Response

HTTP/1.1 200 OK
Date: Tue, 15 Aug 2023 14:30:00 GMT
Content-Type: application/x-amz-json-1.1
Content-Length: 2
x-amzn-RequestId: 12345678-1234-1234-1234-123456789012

{}

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS Command Line Interface

• AWS SDK for .NET

• AWS SDK for C++

• AWS SDK for Go v2

• AWS SDK for Java V2

• AWS SDK for JavaScript V3

• AWS SDK for Kotlin

• AWS SDK for PHP V3

• AWS SDK for Python

• AWS SDK for Ruby V3