verified_access_trust_providers
Used to retrieve a list of verified_access_trust_providers
in a region or to create or delete a verified_access_trust_providers
resource, use verified_access_trust_provider
to read or update an individual resource.
Overview
Name | verified_access_trust_providers |
Type | Resource |
Description | The AWS::EC2::VerifiedAccessTrustProvider type describes a verified access trust provider |
Id | aws.ec2.verified_access_trust_providers |
Fields
Name | Datatype | Description |
---|---|---|
verified_access_trust_provider_id | string | The ID of the Amazon Web Services Verified Access trust provider. |
region | string | AWS region. |
Methods
Name | Accessible by | Required Params |
---|---|---|
create_resource | INSERT | TrustProviderType, PolicyReferenceName, region |
delete_resource | DELETE | data__Identifier, region |
list_resource | SELECT | region |
SELECT
Example
SELECT
region,
verified_access_trust_provider_id
FROM aws.ec2.verified_access_trust_providers
WHERE region = 'us-east-1';
INSERT
Example
Use the following StackQL query and manifest file to create a new verified_access_trust_provider
resource, using stack-deploy
.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.ec2.verified_access_trust_providers (
TrustProviderType,
PolicyReferenceName,
region
)
SELECT
'{{ TrustProviderType }}',
'{{ PolicyReferenceName }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.ec2.verified_access_trust_providers (
TrustProviderType,
DeviceTrustProviderType,
UserTrustProviderType,
OidcOptions,
DeviceOptions,
PolicyReferenceName,
Description,
Tags,
SseSpecification,
region
)
SELECT
'{{ TrustProviderType }}',
'{{ DeviceTrustProviderType }}',
'{{ UserTrustProviderType }}',
'{{ OidcOptions }}',
'{{ DeviceOptions }}',
'{{ PolicyReferenceName }}',
'{{ Description }}',
'{{ Tags }}',
'{{ SseSpecification }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: verified_access_trust_provider
props:
- name: TrustProviderType
value: '{{ TrustProviderType }}'
- name: DeviceTrustProviderType
value: '{{ DeviceTrustProviderType }}'
- name: UserTrustProviderType
value: '{{ UserTrustProviderType }}'
- name: OidcOptions
value:
Issuer: '{{ Issuer }}'
AuthorizationEndpoint: '{{ AuthorizationEndpoint }}'
TokenEndpoint: '{{ TokenEndpoint }}'
UserInfoEndpoint: '{{ UserInfoEndpoint }}'
ClientId: '{{ ClientId }}'
ClientSecret: '{{ ClientSecret }}'
Scope: '{{ Scope }}'
- name: DeviceOptions
value:
TenantId: '{{ TenantId }}'
PublicSigningKeyUrl: '{{ PublicSigningKeyUrl }}'
- name: PolicyReferenceName
value: '{{ PolicyReferenceName }}'
- name: Description
value: '{{ Description }}'
- name: Tags
value:
- Key: '{{ Key }}'
Value: '{{ Value }}'
- name: SseSpecification
value:
KmsKeyArn: '{{ KmsKeyArn }}'
CustomerManagedKeyEnabled: '{{ CustomerManagedKeyEnabled }}'
DELETE
Example
/*+ delete */
DELETE FROM aws.ec2.verified_access_trust_providers
WHERE data__Identifier = '<VerifiedAccessTrustProviderId>'
AND region = 'us-east-1';
Permissions
To operate on the verified_access_trust_providers
resource, the following permissions are required:
Create
ec2:CreateVerifiedAccessTrustProvider,
ec2:DescribeVerifiedAccessTrustProviders,
ec2:CreateTags,
ec2:DescribeTags,
sso:GetSharedSsoConfiguration,
kms:DescribeKey,
kms:RetireGrant,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt
Delete
ec2:DeleteVerifiedAccessTrustProvider,
ec2:DeleteTags,
ec2:DescribeVerifiedAccessTrustProviders,
ec2:DescribeTags,
kms:DescribeKey,
kms:RetireGrant,
kms:CreateGrant,
kms:GenerateDataKey,
kms:Decrypt
List
ec2:DescribeVerifiedAccessTrustProviders,
ec2:DescribeTags,
kms:DescribeKey,
kms:GenerateDataKey,
kms:Decrypt