Skip to content
Alchemy
GitHubXDiscord

CRL

The CRL (Certificate Revocation List) resource allows you to manage AWS RolesAnywhere CRLs for validating certificate-based identities in AWS. This resource is essential for maintaining security by ensuring that revoked certificates are not used for authentication.

Minimal Example

Section titled “Minimal Example”

Create a basic CRL with the required properties along with some common optional settings.

import AWS from "alchemy/aws/control";


const basicCrl = await AWS.RolesAnywhere.CRL("basicCrl", {
  name: "MyBasicCRL",
  crlData: "MIIC...yourCrlDataHere...",
  trustAnchorArn: "arn:aws:rolesanywhere:us-east-1:123456789012:trust-anchor/TA123456",
  enabled: true
});

This example demonstrates how to create a simple CRL with a name, CRL data, and associated trust anchor ARN, while enabling it for use.

Advanced Configuration

Section titled “Advanced Configuration”

Configure a CRL with additional settings like tags and adoption of existing resources.

const advancedCrl = await AWS.RolesAnywhere.CRL("advancedCrl", {
  name: "MyAdvancedCRL",
  crlData: "MIIC...yourCrlDataHere...",
  trustAnchorArn: "arn:aws:rolesanywhere:us-east-1:123456789012:trust-anchor/TA123456",
  enabled: true,
  tags: [
    { Key: "Environment", Value: "Production" },
    { Key: "Department", Value: "Security" }
  ],
  adopt: true
});

In this example, we create an advanced CRL that includes tags for better organization and resource tracking, and we enable the adoption of an existing resource.

Using a Disabled CRL

Section titled “Using a Disabled CRL”

Create a CRL that is disabled, which can be useful for testing or staging purposes.

const disabledCrl = await AWS.RolesAnywhere.CRL("disabledCrl", {
  name: "MyDisabledCRL",
  crlData: "MIIC...yourCrlDataHere...",
  trustAnchorArn: "arn:aws:rolesanywhere:us-east-1:123456789012:trust-anchor/TA123456",
  enabled: false
});

This example illustrates the creation of a CRL that is initially disabled, allowing for later enabling as needed.

Updating an Existing CRL

Section titled “Updating an Existing CRL”

Demonstrate how to update an existing CRL’s properties.

const updatedCrl = await AWS.RolesAnywhere.CRL("existingCrl", {
  name: "MyUpdatedCRL",
  crlData: "MIIC...newCrlDataHere...",
  enabled: true
});

This example shows how you can update the CRL data and enable the CRL, reflecting changes to improve security or compliance.