This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::EC2::VerifiedAccessGroup An AWS Verified Access group is a collection of AWS Verified Access endpoints who's associated applications have similar security requirements. Each instance within a Verified Access group shares an Verified Access policy. For example, you can group all Verified Access instances associated with "sales" applications together and use one common Verified Access policy. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::EC2::VerifiedAccessGroup", "Properties" : { "[Description](#cfn-ec2-verifiedaccessgroup-description)" : String, "[PolicyDocument](#cfn-ec2-verifiedaccessgroup-policydocument)" : String, "[PolicyEnabled](#cfn-ec2-verifiedaccessgroup-policyenabled)" : Boolean, "[SseSpecification](#cfn-ec2-verifiedaccessgroup-ssespecification)" : SseSpecification, "[Tags](#cfn-ec2-verifiedaccessgroup-tags)" : [ Tag, ... ], "[VerifiedAccessInstanceId](#cfn-ec2-verifiedaccessgroup-verifiedaccessinstanceid)" : String } } ``` ### YAML ``` Type: AWS::EC2::VerifiedAccessGroup Properties: [Description](#cfn-ec2-verifiedaccessgroup-description): String [PolicyDocument](#cfn-ec2-verifiedaccessgroup-policydocument): String [PolicyEnabled](#cfn-ec2-verifiedaccessgroup-policyenabled): Boolean [SseSpecification](#cfn-ec2-verifiedaccessgroup-ssespecification): SseSpecification [Tags](#cfn-ec2-verifiedaccessgroup-tags): - Tag [VerifiedAccessInstanceId](#cfn-ec2-verifiedaccessgroup-verifiedaccessinstanceid): String ``` ## Properties `Description` A description for the AWS Verified Access group. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PolicyDocument` The Verified Access policy document. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PolicyEnabled` The status of the Verified Access policy. *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SseSpecification` The options for additional server side encryption. *Required*: No *Type*: [SseSpecification](aws-properties-ec2-verifiedaccessgroup-ssespecification.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Tags` The tags. *Required*: No *Type*: Array of [Tag](aws-properties-ec2-verifiedaccessgroup-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `VerifiedAccessInstanceId` The ID of the AWS Verified Access instance. *Required*: Yes *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the ID of the Verified Access group. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `CreationTime` The creation time. `LastUpdatedTime` The last updated time. `Owner` The ID of the AWS account that owns the group. `VerifiedAccessGroupArn` The ARN of the Verified Access group. `VerifiedAccessGroupId` The ID of the Verified Access group. # AWS::EC2::VerifiedAccessGroup SseSpecification AWS Verified Access provides server side encryption by default to data at rest using AWS-owned KMS keys. You also have the option of using customer managed KMS keys, which can be specified using the options below. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[CustomerManagedKeyEnabled](#cfn-ec2-verifiedaccessgroup-ssespecification-customermanagedkeyenabled)" : Boolean, "[KmsKeyArn](#cfn-ec2-verifiedaccessgroup-ssespecification-kmskeyarn)" : String } ``` ### YAML ``` [CustomerManagedKeyEnabled](#cfn-ec2-verifiedaccessgroup-ssespecification-customermanagedkeyenabled): Boolean [KmsKeyArn](#cfn-ec2-verifiedaccessgroup-ssespecification-kmskeyarn): String ``` ## Properties `CustomerManagedKeyEnabled` Enable or disable the use of customer managed KMS keys for server side encryption. Valid values: `True` \$1 `False` *Required*: No *Type*: Boolean *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `KmsKeyArn` The ARN of the KMS key. *Required*: No *Type*: String *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) # AWS::EC2::VerifiedAccessGroup Tag Specifies a tag. For more information, see [Resource tags](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html). ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "[Key](#cfn-ec2-verifiedaccessgroup-tag-key)" : String, "[Value](#cfn-ec2-verifiedaccessgroup-tag-value)" : String } ``` ### YAML ``` [Key](#cfn-ec2-verifiedaccessgroup-tag-key): String [Value](#cfn-ec2-verifiedaccessgroup-tag-value): String ``` ## Properties `Key` The tag key. *Required*: Yes *Type*: String *Minimum*: `1` *Maximum*: `128` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `Value` The tag value. *Required*: Yes *Type*: String *Minimum*: `0` *Maximum*: `256` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Examples ### This example specifies two tags for the Verified Access group. #### JSON ``` "Tags" : [ { "Key" : "key1", "Value" : "value1" }, { "Key" : "key2", "Value" : "value2" } ] ``` #### YAML ``` Tags: - Key: "key1" Value: "value1" - Key: "key2" Value: "value2" ```