TemplateGroupAccessControlEntry

The TemplateGroupAccessControlEntry resource allows you to manage access control entries (ACEs) for templates in AWS PCAConnectorAD, enabling fine-grained access control to your template resources. For more information, refer to the AWS PCAConnectorAD TemplateGroupAccessControlEntrys.

Minimal Example

This example demonstrates how to create a basic TemplateGroupAccessControlEntry with required properties and one optional property.

import AWS from "alchemy/aws/control";

const accessControlEntry = await AWS.PCAConnectorAD.TemplateGroupAccessControlEntry("basicAccessControlEntry", {
  AccessRights: {
    "Create": true,
    "Read": true,
    "Update": false,
    "Delete": false
  },
  GroupDisplayName: "Developers",
  TemplateArn: "arn:aws:pcaconnectorad:us-west-2:123456789012:template/DevCertTemplate"
});

Advanced Configuration

In this example, we configure a TemplateGroupAccessControlEntry with all properties, including the optional GroupSecurityIdentifier and adopt flag.

const advancedAccessControlEntry = await AWS.PCAConnectorAD.TemplateGroupAccessControlEntry("advancedAccessControlEntry", {
  AccessRights: {
    "Create": true,
    "Read": true,
    "Update": true,
    "Delete": true
  },
  GroupDisplayName: "Admins",
  GroupSecurityIdentifier: "S-1-5-21-1234567890-0987654321-1234567890-1001",
  TemplateArn: "arn:aws:pcaconnectorad:us-west-2:123456789012:template/AdminCertTemplate",
  adopt: true
});

Example with Restricted Access

This example shows how to set up a TemplateGroupAccessControlEntry that restricts access to only read permissions.

const restrictedAccessControlEntry = await AWS.PCAConnectorAD.TemplateGroupAccessControlEntry("restrictedAccessControlEntry", {
  AccessRights: {
    "Create": false,
    "Read": true,
    "Update": false,
    "Delete": false
  },
  GroupDisplayName: "ReadOnlyUsers",
  TemplateArn: "arn:aws:pcaconnectorad:us-west-2:123456789012:template/ReadOnlyCertTemplate"
});

Example for Group Security Identifier

In this example, we create a TemplateGroupAccessControlEntry with a specific GroupSecurityIdentifier for better tracking of access control.

const securityIdentifierAccessControlEntry = await AWS.PCAConnectorAD.TemplateGroupAccessControlEntry("securityIdentifierAccessControlEntry", {
  AccessRights: {
    "Create": true,
    "Read": true,
    "Update": true,
    "Delete": false
  },
  GroupDisplayName: "SecurityAdmins",
  GroupSecurityIdentifier: "S-1-5-21-1234567890-0987654321-1234567890-1002",
  TemplateArn: "arn:aws:pcaconnectorad:us-west-2:123456789012:template/SecurityCertTemplate"
});