AWS::EC2::EnclaveCertificateIamRoleAssociation

EC2 EnclaveCertificateIamRoleAssociation

Associates an AWS Identity and Access Management (IAM) role with an AWS Certificate Manager (ACM) certificate. This association is based on Amazon Resource Names and it enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave.

Properties

2 configurable properties. 2 required. Click a row to see details.

Filter:

Property	Type	Flags
`CertificateArn`	`string`	RequiredCreate-only
`RoleArn`	`string`	RequiredCreate-only

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`CertificateS3BucketName`	`string`	The name of the Amazon S3 bucket to which the certificate was uploaded.
`CertificateS3ObjectKey`	`string`	The Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored.
`EncryptionKmsKeyId`	`string`	The ID of the AWS KMS CMK used to encrypt the private key of the certificate.

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::EC2::EnclaveCertificateIamRoleAssociation

Resources:
  MyResource:
    Type: AWS::EC2::EnclaveCertificateIamRoleAssociation
    Properties:
      CertificateArn: "arn:aws:service:region:account:resource"
      RoleArn: "arn:aws:service:region:account:resource"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

ec2:AssociateEnclaveCertificateIamRoleec2:GetAssociatedEnclaveCertificateIamRoles

read

ec2:GetAssociatedEnclaveCertificateIamRoles

delete

ec2:DisassociateEnclaveCertificateIamRoleec2:GetAssociatedEnclaveCertificateIamRoles

list

ec2:GetAssociatedEnclaveCertificateIamRoles

Get the EC2 Cheat Sheet

Everything you need to know about EC2 on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

ServiceEC2

Properties5

Required2

TaggingNot supported

Primary IDCertificateArn

Supported Operations

CreateReadDeleteList

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

CertificateArnRoleArn

Related Resources

External Links

AWS Documentation