Put attribute mappings (command line interface)Put attribute mappings (console)

Put attribute mappings

Put attribute mappings (command line interface)

put-attribute-mapping enables you to attach new mapping rules to your profile. When using that profile, the certificate mapping behavior changes according to your customized rules.

To put a mapping rule, using the following command:


$aws rolesanywhere put-attribute-mapping \
        --certificate-field CERTIFICATE_FIELD \
        --mapping-rules specifier=SPECIFIER \
        --profile-id PROFILE_ID

The CERTIFICATE_FIELD can be in one of x509Subject, x509Issuer and x509SAN. The SPECIFIER is a string enforced by a standard (for example, OID) that can map to a piece of information encoded in the certificate.

For example, to add mapping rules for x509Subject/CN and x509Subject/OU, use the following command:


$aws rolesanywhere put-attribute-mapping \
        --certificate-field x509Subject \
        --mapping-rules specifier=CN specifier=OU \
        --profile-id PROFILE_ID

Put attribute mappings (console)

Sign in to IAM Roles Anywhere console.
Scroll to find profile table and choose the profile to add certificate attribute mappings.
Within profile detail page scroll towards Certificate attribute mappings section and choose Manage mappings.
Scroll to find the Add mappings button and click on it.
Choose a certificate field from either Subject, Issuer, or Subject Alternative Name in the dropdown list, and enter the specifier
Select Save changes to add attribute mappings.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Certificate attribute mapping

Delete attribute mappings