trust_anchors
Creates, updates, deletes or gets a trust_anchor resource or lists trust_anchors in a region
Overview
| Name | trust_anchors |
| Type | Resource |
| Description | Definition of AWS::RolesAnywhere::TrustAnchor Resource Type. |
| Id | aws.rolesanywhere.trust_anchors |
Fields
| Name | Datatype | Description |
|---|---|---|
enabled | boolean | |
name | string | |
notification_settings | array | |
source | object | |
tags | array | |
trust_anchor_id | string | |
trust_anchor_arn | string | |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | Name, Source, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all trust_anchors in a region.
SELECT
region,
enabled,
name,
notification_settings,
source,
tags,
trust_anchor_id,
trust_anchor_arn
FROM aws.rolesanywhere.trust_anchors
WHERE region = 'us-east-1';
Gets all properties from an individual trust_anchor.
SELECT
region,
enabled,
name,
notification_settings,
source,
tags,
trust_anchor_id,
trust_anchor_arn
FROM aws.rolesanywhere.trust_anchors
WHERE region = 'us-east-1' AND data__Identifier = '<TrustAnchorId>';
INSERT example
Use the following StackQL query and manifest file to create a new trust_anchor resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.rolesanywhere.trust_anchors (
Name,
Source,
region
)
SELECT
'{{ Name }}',
'{{ Source }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.rolesanywhere.trust_anchors (
Enabled,
Name,
NotificationSettings,
Source,
Tags,
region
)
SELECT
'{{ Enabled }}',
'{{ Name }}',
'{{ NotificationSettings }}',
'{{ Source }}',
'{{ Tags }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: trust_anchor
props:
- name: Enabled
value: '{{ Enabled }}'
- name: Name
value: '{{ Name }}'
- name: NotificationSettings
value:
- Enabled: '{{ Enabled }}'
Event: '{{ Event }}'
Threshold: null
Channel: '{{ Channel }}'
- name: Source
value:
SourceType: '{{ SourceType }}'
SourceData: null
- name: Tags
value:
- Key: '{{ Key }}'
Value: '{{ Value }}'
DELETE example
/*+ delete */
DELETE FROM aws.rolesanywhere.trust_anchors
WHERE data__Identifier = '<TrustAnchorId>'
AND region = 'us-east-1';
Permissions
To operate on the trust_anchors resource, the following permissions are required:
Create
iam:CreateServiceLinkedRole,
rolesanywhere:CreateTrustAnchor,
rolesanywhere:TagResource,
rolesanywhere:ListTagsForResource
Read
rolesanywhere:GetTrustAnchor,
rolesanywhere:ListTagsForResource
Update
acm-pca:GetCertificateAuthorityCertificate,
rolesanywhere:ListTagsForResource,
rolesanywhere:TagResource,
rolesanywhere:UntagResource,
rolesanywhere:EnableTrustAnchor,
rolesanywhere:DisableTrustAnchor,
rolesanywhere:UpdateTrustAnchor,
rolesanywhere:GetTrustAnchor,
rolesanywhere:PutNotificationSettings,
rolesanywhere:ResetNotificationSettings
Delete
rolesanywhere:DeleteTrustAnchor
List
rolesanywhere:ListTrustAnchors,
rolesanywhere:ListTagsForResource