CreateConnector - AWS Private CA Connector for SCEP

CreateConnector

Creates a SCEP connector. A SCEP connector links AWS Private Certificate Authority to your SCEP-compatible devices and mobile device management (MDM) systems. Before you create a connector, you must complete a set of prerequisites, including creation of a private certificate authority (CA) to use with this connector. For more information, see Connector for SCEP prerequisites.

Request Syntax

POST /connectors HTTP/1.1 Content-type: application/json { "CertificateAuthorityArn": "string", "ClientToken": "string", "MobileDeviceManagement": { ... }, "Tags": { "string" : "string" } }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

CertificateAuthorityArn

The Amazon Resource Name (ARN) of the AWS Private Certificate Authority certificate authority to use with this connector. Due to security vulnerabilities present in the SCEP protocol, we recommend using a private CA that's dedicated for use with the connector.

To retrieve the private CAs associated with your account, you can call ListCertificateAuthorities using the AWS Private CA API.

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: arn:aws(-[a-z]+)*:acm-pca:[a-z]+(-[a-z]+)+-[1-9]\d*:\d{12}:certificate-authority\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}

Required: Yes

ClientToken

Custom string that can be used to distinguish between calls to the CreateChallenge action. Client tokens for CreateChallenge time out after five minutes. Therefore, if you call CreateChallenge multiple times with the same client token within five minutes, Connector for SCEP recognizes that you are requesting only one challenge and will only respond with one. If you change the client token for each call, Connector for SCEP recognizes that you are requesting multiple challenge passwords.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [!-~]+

Required: No

MobileDeviceManagement

If you don't supply a value, by default Connector for SCEP creates a connector for general-purpose use. A general-purpose connector is designed to work with clients or endpoints that support the SCEP protocol, except Connector for SCEP for Microsoft Intune. With connectors for general-purpose use, you manage SCEP challenge passwords using Connector for SCEP. For information about considerations and limitations with using Connector for SCEP, see Considerations and Limitations.

If you provide an IntuneConfiguration, Connector for SCEP creates a connector for use with Microsoft Intune, and you manage the challenge passwords using Microsoft Intune. For more information, see Using Connector for SCEP for Microsoft Intune.

Type: MobileDeviceManagement object

Note: This object is a Union. Only one member of this object can be specified or returned.

Required: No

Tags

The key-value pairs to associate with the resource.

Type: String to string map

Required: No

Response Syntax

HTTP/1.1 202 Content-type: application/json { "ConnectorArn": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 202 response.

The following data is returned in JSON format by the service.

ConnectorArn

Returns the Amazon Resource Name (ARN) of the connector.

Type: String

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: arn:aws(-[a-z]+)*:pca-connector-scep:[a-z]+(-[a-z]+)+-[1-9]\d*:\d{12}:connector\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your AWS Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an AWS Organizations service control policy (SCP) that affects your AWS account.

HTTP Status Code: 403

ConflictException

This request can't be completed for one of the following reasons because the requested resource was being concurrently modified by another request.

HTTP Status Code: 409

InternalServerException

The request processing has failed because of an unknown error, exception or failure with an internal server.

HTTP Status Code: 500

ResourceNotFoundException

The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than ACTIVE.

HTTP Status Code: 404

ServiceQuotaExceededException

The request would cause a service quota to be exceeded.

HTTP Status Code: 402

ThrottlingException

The limit on the number of requests per second was exceeded.

HTTP Status Code: 429

ValidationException

An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: