CreateConnector - AWS Private CA Connector for Active Directory


Creates a connector between AWS Private CA and an Active Directory. You must specify the private CA, directory ID, and security groups.

Request Syntax

POST /connectors HTTP/1.1 Content-type: application/json { "CertificateAuthorityArn": "string", "ClientToken": "string", "DirectoryId": "string", "Tags": { "string" : "string" }, "VpcInformation": { "SecurityGroupIds": [ "string" ] } }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.


The Amazon Resource Name (ARN) of the certificate authority being used.

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: ^arn:[\w-]+:acm-pca:[\w-]+:[0-9]+:certificate-authority\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$

Required: Yes


Idempotency token.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: ^[!-~]+$

Required: No


The identifier of the Active Directory.

Type: String

Pattern: ^d-[0-9a-f]{10}$

Required: Yes


Metadata assigned to a connector consisting of a key-value pair.

Type: String to string map

Required: No


Security group IDs that describe the inbound and outbound rules.

Type: VpcInformation object

Required: Yes

Response Syntax

HTTP/1.1 202 Content-type: application/json { "ConnectorArn": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 202 response.

The following data is returned in JSON format by the service.


If successful, the Amazon Resource Name (ARN) of the connector for Active Directory.

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: ^arn:[\w-]+:pca-connector-ad:[\w-]+:[0-9]+:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}$


For information about the errors that are common to all actions, see Common Errors.


You can receive this error if you attempt to create a resource share when you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your AWS Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an AWS Organizations service control policy (SCP) that affects your AWS account.

HTTP Status Code: 403


This request cannot be completed for one of the following reasons because the requested resource was being concurrently modified by another request.

HTTP Status Code: 409


The request processing has failed because of an unknown error, exception or failure with an internal server.

HTTP Status Code: 500


The operation tried to access a nonexistent resource. The resource might not be specified correctly, or its status might not be ACTIVE.

HTTP Status Code: 404


Request would cause a service quota to be exceeded.

HTTP Status Code: 402


The limit on the number of requests per second was exceeded.

HTTP Status Code: 429


An input validation error occurred. For example, invalid characters in a template name, or if a pagination token is invalid.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: