verified_access_trust_providers

Creates, updates, deletes or gets a verified_access_trust_provider resource or lists verified_access_trust_providers in a region

Overview

Name	verified_access_trust_providers
Type	Resource
Description	The AWS::EC2::VerifiedAccessTrustProvider type describes a verified access trust provider
Id	aws.ec2.verified_access_trust_providers

Fields

Name	Datatype	Description
trust_provider_type	string	Type of trust provider. Possible values: user|device
device_trust_provider_type	string	The type of device-based trust provider. Possible values: jamf|crowdstrike
user_trust_provider_type	string	The type of device-based trust provider. Possible values: oidc|iam-identity-center
oidc_options	object	The OpenID Connect details for an oidc -type, user-identity based trust provider.
device_options	object	The options for device identity based trust providers.
policy_reference_name	string	The identifier to be used when working with policy rules.
creation_time	string	The creation time.
last_updated_time	string	The last updated time.
verified_access_trust_provider_id	string	The ID of the Amazon Web Services Verified Access trust provider.
description	string	A description for the Amazon Web Services Verified Access trust provider.
tags	array	An array of key-value pairs to apply to this resource.
sse_specification	object	The configuration options for customer provided KMS encryption.
region	string	AWS region.

Methods

Name	Accessible by	Required Params
create_resource	INSERT	TrustProviderType, PolicyReferenceName, region
delete_resource	DELETE	data__Identifier, region
update_resource	UPDATE	data__Identifier, data__PatchDocument, region
list_resources	SELECT	region
get_resource	SELECT	data__Identifier, region

SELECT examples

Gets all verified_access_trust_providers in a region.

SELECT
region,
trust_provider_type,
device_trust_provider_type,
user_trust_provider_type,
oidc_options,
device_options,
policy_reference_name,
creation_time,
last_updated_time,
verified_access_trust_provider_id,
description,
tags,
sse_specification
FROM aws.ec2.verified_access_trust_providers
WHERE region = 'us-east-1';

Gets all properties from an individual verified_access_trust_provider.

SELECT
region,
trust_provider_type,
device_trust_provider_type,
user_trust_provider_type,
oidc_options,
device_options,
policy_reference_name,
creation_time,
last_updated_time,
verified_access_trust_provider_id,
description,
tags,
sse_specification
FROM aws.ec2.verified_access_trust_providers
WHERE region = 'us-east-1' AND data__Identifier = '<VerifiedAccessTrustProviderId>';

INSERT example

Use the following StackQL query and manifest file to create a new verified_access_trust_provider resource, using stack-deploy.

Required Properties

/*+ create */
INSERT INTO aws.ec2.verified_access_trust_providers (
 TrustProviderType,
 PolicyReferenceName,
 region
)
SELECT 
'{{ TrustProviderType }}',
 '{{ PolicyReferenceName }}',
'{{ region }}';

All Properties

/*+ create */
INSERT INTO aws.ec2.verified_access_trust_providers (
 TrustProviderType,
 DeviceTrustProviderType,
 UserTrustProviderType,
 OidcOptions,
 DeviceOptions,
 PolicyReferenceName,
 Description,
 Tags,
 SseSpecification,
 region
)
SELECT 
 '{{ TrustProviderType }}',
 '{{ DeviceTrustProviderType }}',
 '{{ UserTrustProviderType }}',
 '{{ OidcOptions }}',
 '{{ DeviceOptions }}',
 '{{ PolicyReferenceName }}',
 '{{ Description }}',
 '{{ Tags }}',
 '{{ SseSpecification }}',
 '{{ region }}';

Manifest

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: verified_access_trust_provider
    props:
      - name: TrustProviderType
        value: '{{ TrustProviderType }}'
      - name: DeviceTrustProviderType
        value: '{{ DeviceTrustProviderType }}'
      - name: UserTrustProviderType
        value: '{{ UserTrustProviderType }}'
      - name: OidcOptions
        value:
          Issuer: '{{ Issuer }}'
          AuthorizationEndpoint: '{{ AuthorizationEndpoint }}'
          TokenEndpoint: '{{ TokenEndpoint }}'
          UserInfoEndpoint: '{{ UserInfoEndpoint }}'
          ClientId: '{{ ClientId }}'
          ClientSecret: '{{ ClientSecret }}'
          Scope: '{{ Scope }}'
      - name: DeviceOptions
        value:
          TenantId: '{{ TenantId }}'
          PublicSigningKeyUrl: '{{ PublicSigningKeyUrl }}'
      - name: PolicyReferenceName
        value: '{{ PolicyReferenceName }}'
      - name: Description
        value: '{{ Description }}'
      - name: Tags
        value:
          - Key: '{{ Key }}'
            Value: '{{ Value }}'
      - name: SseSpecification
        value:
          KmsKeyArn: '{{ KmsKeyArn }}'
          CustomerManagedKeyEnabled: '{{ CustomerManagedKeyEnabled }}'

DELETE example

/*+ delete */
DELETE FROM aws.ec2.verified_access_trust_providers
WHERE data__Identifier = '<VerifiedAccessTrustProviderId>'
AND region = 'us-east-1';

Permissions

To operate on the verified_access_trust_providers resource, the following permissions are required:

Create

ec2:CreateVerifiedAccessTrustProvider,
ec2:DescribeVerifiedAccessTrustProviders,
ec2:CreateTags,
ec2:DescribeTags,
sso:GetSharedSsoConfiguration,
kms:DescribeKey,
kms:RetireGrant,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt

Read

ec2:DescribeVerifiedAccessTrustProviders,
ec2:DescribeTags,
kms:DescribeKey,
kms:GenerateDataKey,
kms:Decrypt

Update

ec2:ModifyVerifiedAccessTrustProvider,
ec2:DescribeVerifiedAccessTrustProviders,
ec2:DescribeTags,
ec2:DeleteTags,
ec2:CreateTags,
kms:DescribeKey,
kms:RetireGrant,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt

Delete

ec2:DeleteVerifiedAccessTrustProvider,
ec2:DeleteTags,
ec2:DescribeVerifiedAccessTrustProviders,
ec2:DescribeTags,
kms:DescribeKey,
kms:RetireGrant,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt

List

ec2:DescribeVerifiedAccessTrustProviders,
ec2:DescribeTags,
kms:DescribeKey,
kms:GenerateDataKey,
kms:Decrypt