[ aws . rolesanywhere ]
Updates the trust anchor.You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. A Trust Anchor is defined either as a reference to a AWS Certificate Manager Private Certificate Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the trusted Certificate Authority (CA) in exchange for temporary AWS credentials.
Required permissions:
rolesanywhere:UpdateTrustAnchor
.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
update-trust-anchor
[--name <value>]
[--source <value>]
--trust-anchor-id <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--name
(string)
The name of the trust anchor.
--source
(structure)
The trust anchor type and its related certificate data.
sourceData -> (structure)
The data field of the trust anchor depending on its type.
acmPcaArn -> (string)
The root certificate of the Certificate Manager Private Certificate Authority specified by this ARN is used in trust validation for CreateSession operations. Included for trust anchors of type
AWS_ACM_PCA
.x509CertificateData -> (string)
The PEM-encoded data for the certificate anchor. Included for trust anchors of type
CERTIFICATE_BUNDLE
.sourceType -> (string)
The type of the trust anchor.
Shorthand Syntax:
sourceData={acmPcaArn=string,x509CertificateData=string},sourceType=string
JSON Syntax:
{
"sourceData": {
"acmPcaArn": "string",
"x509CertificateData": "string"
},
"sourceType": "AWS_ACM_PCA"|"CERTIFICATE_BUNDLE"|"SELF_SIGNED_REPOSITORY"
}
--trust-anchor-id
(string)
The unique identifier of the trust anchor.
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command. The generated JSON skeleton is not stable between versions of the AWS CLI and there are no backwards compatibility guarantees in the JSON skeleton generated.
See ‘aws help’ for descriptions of global parameters.
trustAnchor -> (structure)
The state of the trust anchor after a read or write operation.
createdAt -> (timestamp)
The ISO-8601 timestamp when the trust anchor was created.
enabled -> (boolean)
Indicates whether the trust anchor is enabled.
name -> (string)
The name of the trust anchor.
source -> (structure)
The trust anchor type and its related certificate data.
sourceData -> (structure)
The data field of the trust anchor depending on its type.
acmPcaArn -> (string)
The root certificate of the Certificate Manager Private Certificate Authority specified by this ARN is used in trust validation for CreateSession operations. Included for trust anchors of type
AWS_ACM_PCA
.x509CertificateData -> (string)
The PEM-encoded data for the certificate anchor. Included for trust anchors of type
CERTIFICATE_BUNDLE
.sourceType -> (string)
The type of the trust anchor.
trustAnchorArn -> (string)
The ARN of the trust anchor.
trustAnchorId -> (string)
The unique identifier of the trust anchor.
updatedAt -> (timestamp)
The ISO-8601 timestamp when the trust anchor was last updated.