Skip to main content

verified_access_trust_providers

Creates, updates, deletes or gets a verified_access_trust_provider resource or lists verified_access_trust_providers in a region

Overview

Nameverified_access_trust_providers
TypeResource
DescriptionThe AWS::EC2::VerifiedAccessTrustProvider type describes a verified access trust provider
Idawscc.ec2.verified_access_trust_providers

Fields

NameDatatypeDescription
trust_provider_typestringType of trust provider. Possible values: user|device
device_trust_provider_typestringThe type of device-based trust provider. Possible values: jamf|crowdstrike
user_trust_provider_typestringThe type of device-based trust provider. Possible values: oidc|iam-identity-center
oidc_optionsobjectThe OpenID Connect details for an oidc -type, user-identity based trust provider.
device_optionsobjectThe options for device identity based trust providers.
policy_reference_namestringThe identifier to be used when working with policy rules.
creation_timestringThe creation time.
last_updated_timestringThe last updated time.
verified_access_trust_provider_idstringThe ID of the Amazon Web Services Verified Access trust provider.
descriptionstringA description for the Amazon Web Services Verified Access trust provider.
tagsarrayAn array of key-value pairs to apply to this resource.
sse_specificationobjectThe configuration options for customer provided KMS encryption.
native_application_oidc_optionsobjectThe OpenID Connect details for an oidc -type, user-identity based trust provider for L4.
regionstringAWS region.

For more information, see AWS::EC2::VerifiedAccessTrustProvider.

Methods

NameResourceAccessible byRequired Params
create_resourceverified_access_trust_providersINSERTTrustProviderType, PolicyReferenceName, region
delete_resourceverified_access_trust_providersDELETEIdentifier, region
update_resourceverified_access_trust_providersUPDATEIdentifier, PatchDocument, region
list_resourcesverified_access_trust_providers_list_onlySELECTregion
get_resourceverified_access_trust_providersSELECTIdentifier, region

SELECT examples

Gets all properties from an individual verified_access_trust_provider.

SELECT
  region,
  trust_provider_type,
  device_trust_provider_type,
  user_trust_provider_type,
  oidc_options,
  device_options,
  policy_reference_name,
  creation_time,
  last_updated_time,
  verified_access_trust_provider_id,
  description,
  tags,
  sse_specification,
  native_application_oidc_options
FROM awscc.ec2.verified_access_trust_providers
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ verified_access_trust_provider_id }}';

INSERT example

Use the following StackQL query and manifest file to create a new verified_access_trust_provider resource, using stack-deploy.

/*+ create */
INSERT INTO awscc.ec2.verified_access_trust_providers (
  TrustProviderType,
  PolicyReferenceName,
  region
)
SELECT
  '{{ trust_provider_type }}',
  '{{ policy_reference_name }}',
  '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

UPDATE example

Use the following StackQL query and manifest file to update a verified_access_trust_provider resource, using stack-deploy.

/*+ update */
UPDATE awscc.ec2.verified_access_trust_providers
SET PatchDocument = string('{{ {
    "OidcOptions": oidc_options,
    "Description": description,
    "Tags": tags,
    "SseSpecification": sse_specification,
    "NativeApplicationOidcOptions": native_application_oidc_options
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ verified_access_trust_provider_id }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

DELETE example

/*+ delete */
DELETE FROM awscc.ec2.verified_access_trust_providers
WHERE
  Identifier = '{{ verified_access_trust_provider_id }}' AND
  region = '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

Additional Parameters

Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:

ParameterDescription
ClientToken
A unique identifier to ensure the idempotency of the resource request.This allows the provider to accurately distinguish between retries and new requests.
A client token is valid for 36 hours once used.
After that, a resource request with the same client token is treated as a new request.
If you do not specify a client token, one is generated for inclusion in the request.
RoleArn
The ARN of the IAM role used to perform this resource operation.The role specified must have the permissions required for this operation.
If you do not specify a role, a temporary session is created using your AWS user credentials.
TypeVersionId
For private resource types, the type version to use in this resource operation.If you do not specify a resource version, the default version is used.

Permissions

To operate on the verified_access_trust_providers resource, the following permissions are required:

ec2:CreateVerifiedAccessTrustProvider,
ec2:DescribeVerifiedAccessTrustProviders,
ec2:CreateTags,
ec2:DescribeTags,
sso:GetSharedSsoConfiguration,
kms:DescribeKey,
kms:RetireGrant,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt