CreateTrustAnchor - IAM Roles Anywhere

CreateTrustAnchor

Creates a trust anchor to establish trust between IAM Roles Anywhere and your certificate authority (CA). You can define a trust anchor as a reference to an AWS Private Certificate Authority (AWS Private CA) or by uploading a CA certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary AWS credentials.

Required permissions: rolesanywhere:CreateTrustAnchor.

Request Syntax

POST /trustanchors HTTP/1.1 Content-type: application/json { "enabled": boolean, "name": "string", "source": { "sourceData": { "acmPcaArn": "string", "x509CertificateData": "string" }, "sourceType": "string" }, "tags": [ { "key": "string", "value": "string" } ] }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

enabled

Specifies whether the trust anchor is enabled.

Type: Boolean

Required: No

name

The name of the trust anchor.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 255.

Pattern: ^[ a-zA-Z0-9-_]*$

Required: Yes

source

The trust anchor type and its related certificate data.

Type: Source object

Required: Yes

tags

The tags to attach to the trust anchor.

Type: Array of Tag objects

Array Members: Minimum number of 0 items. Maximum number of 50 items.

Required: No

Response Syntax

HTTP/1.1 201 Content-type: application/json { "trustAnchor": { "createdAt": number, "enabled": boolean, "name": "string", "source": { "sourceData": { "acmPcaArn": "string", "x509CertificateData": "string" }, "sourceType": "string" }, "trustAnchorArn": "string", "trustAnchorId": "string", "updatedAt": number } }

Response Elements

If the action is successful, the service sends back an HTTP 201 response.

The following data is returned in JSON format by the service.

trustAnchor

The state of the trust anchor after a read or write operation.

Type: TrustAnchorDetail object

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You do not have sufficient access to perform this action.

HTTP Status Code: 403

ValidationException

Validation exception error.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: