IAMRolesAnywhere / Client / update_trust_anchor
update_trust_anchor¶
- IAMRolesAnywhere.Client.update_trust_anchor(**kwargs)¶
- Updates a trust anchor. You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. You can define a trust anchor as a reference to an Private Certificate Authority (Private CA) or by uploading a CA certificate. Your Amazon Web Services workloads can authenticate with the trust anchor using certificates issued by the CA in exchange for temporary Amazon Web Services credentials. - Required permissions: - rolesanywhere:UpdateTrustAnchor.- See also: AWS API Documentation - Request Syntax- response = client.update_trust_anchor( name='string', source={ 'sourceData': { 'acmPcaArn': 'string', 'x509CertificateData': 'string' }, 'sourceType': 'AWS_ACM_PCA'|'CERTIFICATE_BUNDLE'|'SELF_SIGNED_REPOSITORY' }, trustAnchorId='string' ) - Parameters:
- name (string) – The name of the trust anchor. 
- source (dict) – - The trust anchor type and its related certificate data. - sourceData (dict) – - The data field of the trust anchor depending on its type. - Note- This is a Tagged Union structure. Only one of the following top level keys can be set: - acmPcaArn,- x509CertificateData.- acmPcaArn (string) – - The root certificate of the Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. Included for trust anchors of type - AWS_ACM_PCA.
- x509CertificateData (string) – - The PEM-encoded data for the certificate anchor. Included for trust anchors of type - CERTIFICATE_BUNDLE.
 
- sourceType (string) – - The type of the trust anchor. 
 
- trustAnchorId (string) – - [REQUIRED] - The unique identifier of the trust anchor. 
 
- Return type:
- dict 
- Returns:
- Response Syntax- { 'trustAnchor': { 'createdAt': datetime(2015, 1, 1), 'enabled': True|False, 'name': 'string', 'notificationSettings': [ { 'channel': 'ALL', 'configuredBy': 'string', 'enabled': True|False, 'event': 'CA_CERTIFICATE_EXPIRY'|'END_ENTITY_CERTIFICATE_EXPIRY', 'threshold': 123 }, ], 'source': { 'sourceData': { 'acmPcaArn': 'string', 'x509CertificateData': 'string' }, 'sourceType': 'AWS_ACM_PCA'|'CERTIFICATE_BUNDLE'|'SELF_SIGNED_REPOSITORY' }, 'trustAnchorArn': 'string', 'trustAnchorId': 'string', 'updatedAt': datetime(2015, 1, 1) } } - Response Structure- (dict) – - trustAnchor (dict) – - The state of the trust anchor after a read or write operation. - createdAt (datetime) – - The ISO-8601 timestamp when the trust anchor was created. 
- enabled (boolean) – - Indicates whether the trust anchor is enabled. 
- name (string) – - The name of the trust anchor. 
- notificationSettings (list) – - A list of notification settings to be associated to the trust anchor. - (dict) – - The state of a notification setting. - A notification setting includes information such as event name, threshold, status of the notification setting, and the channel to notify. - channel (string) – - The specified channel of notification. IAM Roles Anywhere uses CloudWatch metrics, EventBridge, and Health Dashboard to notify for an event. - Note- In the absence of a specific channel, IAM Roles Anywhere applies this setting to ‘ALL’ channels. 
- configuredBy (string) – - The principal that configured the notification setting. For default settings configured by IAM Roles Anywhere, the value is - rolesanywhere.amazonaws.com, and for customized notifications settings, it is the respective account ID.
- enabled (boolean) – - Indicates whether the notification setting is enabled. 
- event (string) – - The event to which this notification setting is applied. 
- threshold (integer) – - The number of days before a notification event. 
 
 
- source (dict) – - The trust anchor type and its related certificate data. - sourceData (dict) – - The data field of the trust anchor depending on its type. - Note- This is a Tagged Union structure. Only one of the following top level keys will be set: - acmPcaArn,- x509CertificateData. If a client receives an unknown member it will set- SDK_UNKNOWN_MEMBERas the top level key, which maps to the name or tag of the unknown member. The structure of- SDK_UNKNOWN_MEMBERis as follows:- 'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'} - acmPcaArn (string) – - The root certificate of the Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. Included for trust anchors of type - AWS_ACM_PCA.
- x509CertificateData (string) – - The PEM-encoded data for the certificate anchor. Included for trust anchors of type - CERTIFICATE_BUNDLE.
 
- sourceType (string) – - The type of the trust anchor. 
 
- trustAnchorArn (string) – - The ARN of the trust anchor. 
- trustAnchorId (string) – - The unique identifier of the trust anchor. 
- updatedAt (datetime) – - The ISO-8601 timestamp when the trust anchor was last updated. 
 
 
 
 - Exceptions