CfnVerifiedAccessTrustProviderPropsMixin

class aws_cdk.mixins_preview.aws_ec2.mixins.CfnVerifiedAccessTrustProviderPropsMixin(props, *, strategy=None)

Bases: Mixin

A trust provider is a third-party entity that creates, maintains, and manages identity information for users and devices.

When an application request is made, the identity information sent by the trust provider is evaluated by Verified Access before allowing or denying the application request.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-verifiedaccesstrustprovider.html

CloudformationResource:

AWS::EC2::VerifiedAccessTrustProvider

Mixin:

true

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview import mixins
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

cfn_verified_access_trust_provider_props_mixin = ec2_mixins.CfnVerifiedAccessTrustProviderPropsMixin(ec2_mixins.CfnVerifiedAccessTrustProviderMixinProps(
    description="description",
    device_options=ec2_mixins.CfnVerifiedAccessTrustProviderPropsMixin.DeviceOptionsProperty(
        public_signing_key_url="publicSigningKeyUrl",
        tenant_id="tenantId"
    ),
    device_trust_provider_type="deviceTrustProviderType",
    native_application_oidc_options=ec2_mixins.CfnVerifiedAccessTrustProviderPropsMixin.NativeApplicationOidcOptionsProperty(
        authorization_endpoint="authorizationEndpoint",
        client_id="clientId",
        client_secret="clientSecret",
        issuer="issuer",
        public_signing_key_endpoint="publicSigningKeyEndpoint",
        scope="scope",
        token_endpoint="tokenEndpoint",
        user_info_endpoint="userInfoEndpoint"
    ),
    oidc_options=ec2_mixins.CfnVerifiedAccessTrustProviderPropsMixin.OidcOptionsProperty(
        authorization_endpoint="authorizationEndpoint",
        client_id="clientId",
        client_secret="clientSecret",
        issuer="issuer",
        scope="scope",
        token_endpoint="tokenEndpoint",
        user_info_endpoint="userInfoEndpoint"
    ),
    policy_reference_name="policyReferenceName",
    sse_specification=ec2_mixins.CfnVerifiedAccessTrustProviderPropsMixin.SseSpecificationProperty(
        customer_managed_key_enabled=False,
        kms_key_arn="kmsKeyArn"
    ),
    tags=[CfnTag(
        key="key",
        value="value"
    )],
    trust_provider_type="trustProviderType",
    user_trust_provider_type="userTrustProviderType"
),
    strategy=mixins.PropertyMergeStrategy.OVERRIDE
)

Create a mixin to apply properties to AWS::EC2::VerifiedAccessTrustProvider.

Parameters:

• props (Union[CfnVerifiedAccessTrustProviderMixinProps, Dict[str, Any]]) – L1 properties to apply.

• strategy (Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE

Methods

apply_to(construct)

Apply the mixin properties to the construct.

Parameters:

construct (IConstruct)

Return type:

IConstruct

supports(construct)

Check if this mixin supports the given construct.

Parameters:

construct (IConstruct)

Return type:

bool

Attributes

CFN_PROPERTY_KEYS = ['description', 'deviceOptions', 'deviceTrustProviderType', 'nativeApplicationOidcOptions', 'oidcOptions', 'policyReferenceName', 'sseSpecification', 'tags', 'trustProviderType', 'userTrustProviderType']

Static Methods

classmethod is_mixin(x)

(experimental) Checks if x is a Mixin.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Mixin.

Stability:

experimental

DeviceOptionsProperty

class CfnVerifiedAccessTrustProviderPropsMixin.DeviceOptionsProperty(*, public_signing_key_url=None, tenant_id=None)

Bases: object

Describes the options for an AWS Verified Access device-identity based trust provider.

Parameters:

• public_signing_key_url (Optional[str]) – The URL AWS Verified Access will use to verify the authenticity of the device tokens.

• tenant_id (Optional[str]) – The ID of the tenant application with the device-identity provider.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-deviceoptions.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

device_options_property = ec2_mixins.CfnVerifiedAccessTrustProviderPropsMixin.DeviceOptionsProperty(
    public_signing_key_url="publicSigningKeyUrl",
    tenant_id="tenantId"
)

Attributes

public_signing_key_url

The URL AWS Verified Access will use to verify the authenticity of the device tokens.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-deviceoptions.html#cfn-ec2-verifiedaccesstrustprovider-deviceoptions-publicsigningkeyurl

tenant_id

The ID of the tenant application with the device-identity provider.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-deviceoptions.html#cfn-ec2-verifiedaccesstrustprovider-deviceoptions-tenantid

NativeApplicationOidcOptionsProperty

class CfnVerifiedAccessTrustProviderPropsMixin.NativeApplicationOidcOptionsProperty(*, authorization_endpoint=None, client_id=None, client_secret=None, issuer=None, public_signing_key_endpoint=None, scope=None, token_endpoint=None, user_info_endpoint=None)

Bases: object

Describes the OpenID Connect (OIDC) options.

Parameters:

• authorization_endpoint (Optional[str]) – The authorization endpoint of the IdP.

• client_id (Optional[str]) – The OAuth 2.0 client identifier.

• client_secret (Optional[str]) – The OAuth 2.0 client secret.

• issuer (Optional[str]) – The OIDC issuer identifier of the IdP.

• public_signing_key_endpoint (Optional[str]) – The public signing key endpoint.

• scope (Optional[str]) – The set of user claims to be requested from the IdP.

• token_endpoint (Optional[str]) – The token endpoint of the IdP.

• user_info_endpoint (Optional[str]) – The user info endpoint of the IdP.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

native_application_oidc_options_property = ec2_mixins.CfnVerifiedAccessTrustProviderPropsMixin.NativeApplicationOidcOptionsProperty(
    authorization_endpoint="authorizationEndpoint",
    client_id="clientId",
    client_secret="clientSecret",
    issuer="issuer",
    public_signing_key_endpoint="publicSigningKeyEndpoint",
    scope="scope",
    token_endpoint="tokenEndpoint",
    user_info_endpoint="userInfoEndpoint"
)

Attributes

authorization_endpoint

The authorization endpoint of the IdP.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-authorizationendpoint

client_id

The OAuth 2.0 client identifier.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-clientid

client_secret

The OAuth 2.0 client secret.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-clientsecret

issuer

The OIDC issuer identifier of the IdP.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-issuer

public_signing_key_endpoint

The public signing key endpoint.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-publicsigningkeyendpoint

scope

The set of user claims to be requested from the IdP.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-scope

token_endpoint

The token endpoint of the IdP.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-tokenendpoint

user_info_endpoint

The user info endpoint of the IdP.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-nativeapplicationoidcoptions-userinfoendpoint

OidcOptionsProperty

class CfnVerifiedAccessTrustProviderPropsMixin.OidcOptionsProperty(*, authorization_endpoint=None, client_id=None, client_secret=None, issuer=None, scope=None, token_endpoint=None, user_info_endpoint=None)

Bases: object

Describes the options for an OpenID Connect-compatible user-identity trust provider.

Parameters:

• authorization_endpoint (Optional[str]) – The OIDC authorization endpoint.

• client_id (Optional[str]) – The client identifier.

• client_secret (Optional[str]) – The client secret.

• issuer (Optional[str]) – The OIDC issuer.

• scope (Optional[str]) – The OpenID Connect (OIDC) scope specified.

• token_endpoint (Optional[str]) – The OIDC token endpoint.

• user_info_endpoint (Optional[str]) – The OIDC user info endpoint.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-oidcoptions.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

oidc_options_property = ec2_mixins.CfnVerifiedAccessTrustProviderPropsMixin.OidcOptionsProperty(
    authorization_endpoint="authorizationEndpoint",
    client_id="clientId",
    client_secret="clientSecret",
    issuer="issuer",
    scope="scope",
    token_endpoint="tokenEndpoint",
    user_info_endpoint="userInfoEndpoint"
)

Attributes

authorization_endpoint

The OIDC authorization endpoint.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-oidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-oidcoptions-authorizationendpoint

client_id

The client identifier.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-oidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-oidcoptions-clientid

client_secret

The client secret.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-oidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-oidcoptions-clientsecret

issuer

The OIDC issuer.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-oidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-oidcoptions-issuer

scope

The OpenID Connect (OIDC) scope specified.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-oidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-oidcoptions-scope

token_endpoint

The OIDC token endpoint.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-oidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-oidcoptions-tokenendpoint

user_info_endpoint

The OIDC user info endpoint.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-oidcoptions.html#cfn-ec2-verifiedaccesstrustprovider-oidcoptions-userinfoendpoint

SseSpecificationProperty

class CfnVerifiedAccessTrustProviderPropsMixin.SseSpecificationProperty(*, customer_managed_key_enabled=None, kms_key_arn=None)

Bases: object

AWS Verified Access provides server side encryption by default to data at rest using AWS -owned KMS keys.

You also have the option of using customer managed KMS keys, which can be specified using the options below.

Parameters:

• customer_managed_key_enabled (Union[bool, IResolvable, None]) – Enable or disable the use of customer managed KMS keys for server side encryption. Valid values: True | False

• kms_key_arn (Optional[str]) – The ARN of the KMS key.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-ssespecification.html

ExampleMetadata:

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview.aws_ec2 import mixins as ec2_mixins

sse_specification_property = ec2_mixins.CfnVerifiedAccessTrustProviderPropsMixin.SseSpecificationProperty(
    customer_managed_key_enabled=False,
    kms_key_arn="kmsKeyArn"
)

Attributes

customer_managed_key_enabled

Enable or disable the use of customer managed KMS keys for server side encryption.

Valid values: True | False

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-ssespecification.html#cfn-ec2-verifiedaccesstrustprovider-ssespecification-customermanagedkeyenabled

kms_key_arn

The ARN of the KMS key.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-verifiedaccesstrustprovider-ssespecification.html#cfn-ec2-verifiedaccesstrustprovider-ssespecification-kmskeyarn