Amazon Web Services application object
Defines the data necessary for Trust Protection Foundation to provision certificates and keys to an Amazon Web Services (AWS), Elastic Load Balancing (ELB) service, or CloudFront distribution service. Unlike most Trust Protection Foundation applications, AWS does not make use of any of the settings from its parent device, even though one is required for consistency. This is because AWS is an Internet-based service with a public interface that is the same for all customers.
- Class Name: Amazon App
- Driver Name: appamazon
- Inheritance: HTTP CA Base
|
Attribute |
Description |
|---|---|
|
Access Key ID UI: NA
Required: No
|
Policy Definable: No. Default: NA The first of the two password credentials required to authenticate with the AWS API; Secret Access Key is the other. The value format is similar to an Object DN. For more information, see Amazon credentials access keys. |
|
Aws Credentials UI: AWS Credentials
Required: Yes
|
Policy Definable: Yes. Default: NA The Distinguished Name (DN) where the AWS credential is stored in the Policy tree. |
|
Binding Target UI: Binding Target
Required: No
|
Policy Definable: Yes. Default: NA The service category or destination that will manage the certificate for devices:
|
|
Certificate ARN UI: NA
Required: No
|
Policy Definable: No. Default: NA The Amazon Resource Name (ARN) format that the driver sets for internal use and storage in AWS. For more information, see Amazon ARN syntax and Amazon ARN syntax for IAM |
|
Certificate Name UI: NA
Required: No
|
Policy Definable: No. Default: NA The automatically generated name under which the certificate is installed into the IAM certificate store. |
|
CloudFront Distribution ID UI: Distribution ID
Required: Yes
|
Policy Definable: No. Default: NA Required for Cloud Front. The CloudFront Distribution ID that binds to the certificate during provisioning. |
|
Create Binding UI: Create Listener
Required: No
|
Policy Definable: Yes. Default: 0 0: The listener must exist before provisioning. 1: Create a listener on the load balancer. Use the load balancer name and port. Then bind the certificate to the listener. |
|
File Validation Disabled UI: NA
Required: No
|
Policy Definable: No. Default: 0 The setting for certificate file validation:
|
|
IAM Certificate ID UI: NA
Required: No
|
Policy Definable: No. Default: NA The unique certificate Id that AWS automatically assigns when the driver provisions the certificate to the IAM store. For more information, see Amazon unique IDs |
|
Initial Binding Attempt UI: NA
Required: No
|
Policy Definable: No. Default: NA The timestamp when Trust Protection Foundation first attempted to bind the certificate to ELB or CloudFront. The driver sets the value for internal use. Certificates provision to IAM. Then, IAM uses replication to distribute them from the us-east-1 region to other regions. As a result, certificates may not be immediate available for binding to ELB. This variable records the time of the first attempt to enable termination of retries after 15 minutes. |
|
Install Path UI: IAM Path for Certificate Upload
Required: No
|
Policy Definable: Yes. Default: NA The IAM certificate store path where the certificate is to be provisioned. This value is optional except when provisioning to CloudFront. The path must begin with /cloudfront/. When the value is empty, the certificate provisions to the root of the IAM certificate store. |
|
Issued By AWS UI: Certificate Issued By AWS Certificate Manager:
Required: No
|
Policy Definable: Yes. Default: 0 Indicates whether AWS Certificate Manager (ACM) enrolled the certificate being provisioned:
|
|
Load Balancer Name UI: Load Balancer Name
Required: Yes
|
Policy Definable: No. Default: NA Only required if there is a ELB instance. |
|
Load Balancer Port UI: Listener Port
Required: No
|
Policy Definable: Yes. Default: 443 The TCP port of the ELB listener. |
|
Load Balancer Region Code UI: NA
Required: No
|
Policy Definable: No. Default: NA The identifier for the AWS region in where the Elastic Load Balancer is located. For example, us-east-1. For more information, see Amazon region |
|
Minimum Protocol Version |
The default SSL/TSL validation version. Default is TLSv1. |
|
Network Validation Disabled UI: NA
Required: No
|
Policy Definable: No. Default: 0 The setting for SSL/TLS validation of the certificate using settings of this application object.
|
|
Provisioning To UI: Provision To
Required: No
|
Policy Definable: Yes. Default: Standalone The cloud service to use for provisioning. Valid values are: ACM = AWS Certificate Manager (ACM), IAM = Identity and Access Management. |
|
Region Code UI: Region
Required: No
|
Policy Definable: Yes. Default: NA The setting to override the default region us-east-1 that will be used by the driver. |
|
Replace Store UI: Replace Existing
Required: No
|
Policy Definable: Yes. Default: False The way to manage certificate renewal:
|
|
Secret Access Key UI: NA
Required: NA
|
Policy Definable: NA. Default: NA Second of the two password credentials required to authenticate with the AWS API; Access Key ID is the other. The value format is similar to an Object DN. For more information, see Amazon Access keys |
| Target Group UI: Default Target Group Required: Yes |
Policy Definable: Yes. Default: NA Only required if there is a Elastic Load Balancer. The group name that identifies a set of load balancers. |
|
Timeout UI: NA
Required: No
|
Policy Definable: No. Default: 60 The number of seconds that Trust Protection Foundation will wait to connect to a remote host before reporting a connection failure. This value can be increased for slower systems or decreased to fail earlier. |
|
Timeout UI: NA
Required: No
|
Policy Definable: No. Default: NA The setting to override the default HTTP client timeout for driver interactions with the Amazon Web Services API. The default value is 100000 (which is 100 seconds). The value is measured in milliseconds. |