Connector for SCEP creates a connector between Amazon Web Services Private CA and your SCEP-enabled clients and devices. For more information, see Connector for SCEP in the Amazon Web Services Private CA User Guide.
", "operations": { "CreateChallenge": "For general-purpose connectors. Creates a challenge password for the specified connector. The SCEP protocol uses a challenge password to authenticate a request before issuing a certificate from a certificate authority (CA). Your SCEP clients include the challenge password as part of their certificate request to Connector for SCEP. To retrieve the connector Amazon Resource Names (ARNs) for the connectors in your account, call ListConnectors.
To create additional challenge passwords for the connector, call CreateChallenge again. We recommend frequently rotating your challenge passwords.
Creates a SCEP connector. A SCEP connector links Amazon Web Services Private Certificate Authority to your SCEP-compatible devices and mobile device management (MDM) systems. Before you create a connector, you must complete a set of prerequisites, including creation of a private certificate authority (CA) to use with this connector. For more information, see Connector for SCEP prerequisites.
", "DeleteChallenge": "Deletes the specified Challenge.
", "DeleteConnector": "Deletes the specified Connector. This operation also deletes any challenges associated with the connector.
", "GetChallengeMetadata": "Retrieves the metadata for the specified Challenge.
", "GetChallengePassword": "Retrieves the challenge password for the specified Challenge.
", "GetConnector": "Retrieves details about the specified Connector. Calling this action returns important details about the connector, such as the public SCEP URL where your clients can request certificates.
", "ListChallengeMetadata": "Retrieves the challenge metadata for the specified ARN.
", "ListConnectors": "Lists the connectors belonging to your Amazon Web Services account.
", "ListTagsForResource": "Retrieves the tags associated with the specified resource. Tags are key-value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to \"customer\" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
", "TagResource": "Adds one or more tags to your resource.
", "UntagResource": "Removes one or more tags from your resource.
" }, "shapes": { "AccessDeniedException": { "base": "You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
", "refs": { } }, "AzureApplicationId": { "base": null, "refs": { "IntuneConfiguration$AzureApplicationId": "The directory (tenant) ID from your Microsoft Entra ID app registration.
" } }, "AzureDomain": { "base": null, "refs": { "IntuneConfiguration$Domain": "The primary domain from your Microsoft Entra ID app registration.
" } }, "BadRequestException": { "base": "The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
", "refs": { } }, "CertificateAuthorityArn": { "base": null, "refs": { "Connector$CertificateAuthorityArn": "The Amazon Resource Name (ARN) of the certificate authority associated with the connector.
", "ConnectorSummary$CertificateAuthorityArn": "The Amazon Resource Name (ARN) of the connector's associated certificate authority.
", "CreateConnectorRequest$CertificateAuthorityArn": "The Amazon Resource Name (ARN) of the Amazon Web Services Private Certificate Authority certificate authority to use with this connector. Due to security vulnerabilities present in the SCEP protocol, we recommend using a private CA that's dedicated for use with the connector.
To retrieve the private CAs associated with your account, you can call ListCertificateAuthorities using the Amazon Web Services Private CA API.
" } }, "Challenge": { "base": "For Connector for SCEP for general-purpose. An object containing information about the specified connector's SCEP challenge passwords.
", "refs": { "CreateChallengeResponse$Challenge": "Returns the challenge details for the specified connector.
" } }, "ChallengeArn": { "base": null, "refs": { "Challenge$Arn": "The Amazon Resource Name (ARN) of the challenge.
", "ChallengeMetadata$Arn": "The Amazon Resource Name (ARN) of the challenge.
", "ChallengeMetadataSummary$Arn": "The Amazon Resource Name (ARN) of the challenge.
", "DeleteChallengeRequest$ChallengeArn": "The Amazon Resource Name (ARN) of the challenge password to delete.
", "GetChallengeMetadataRequest$ChallengeArn": "The Amazon Resource Name (ARN) of the challenge.
", "GetChallengePasswordRequest$ChallengeArn": "The Amazon Resource Name (ARN) of the challenge.
" } }, "ChallengeMetadata": { "base": "Contains details about the connector's challenge.
", "refs": { "GetChallengeMetadataResponse$ChallengeMetadata": "The metadata for the challenge.
" } }, "ChallengeMetadataList": { "base": null, "refs": { "ListChallengeMetadataResponse$Challenges": "The challenge metadata for the challenges belonging to your Amazon Web Services account.
" } }, "ChallengeMetadataSummary": { "base": "Details about the specified challenge, returned by the GetChallengeMetadata action.
", "refs": { "ChallengeMetadataList$member": null } }, "ClientToken": { "base": null, "refs": { "CreateChallengeRequest$ClientToken": "Custom string that can be used to distinguish between calls to the CreateChallenge action. Client tokens for CreateChallenge time out after five minutes. Therefore, if you call CreateChallenge multiple times with the same client token within five minutes, Connector for SCEP recognizes that you are requesting only one challenge and will only respond with one. If you change the client token for each call, Connector for SCEP recognizes that you are requesting multiple challenge passwords.
Custom string that can be used to distinguish between calls to the CreateChallenge action. Client tokens for CreateChallenge time out after five minutes. Therefore, if you call CreateChallenge multiple times with the same client token within five minutes, Connector for SCEP recognizes that you are requesting only one challenge and will only respond with one. If you change the client token for each call, Connector for SCEP recognizes that you are requesting multiple challenge passwords.
This request can't be completed for one of the following reasons because the requested resource was being concurrently modified by another request.
", "refs": { } }, "Connector": { "base": "Connector for SCEP is a service that links Amazon Web Services Private Certificate Authority to your SCEP-enabled devices. The connector brokers the exchange of certificates from Amazon Web Services Private CA to your SCEP-enabled devices and mobile device management systems. The connector is a complex type that contains the connector's configuration settings.
", "refs": { "GetConnectorResponse$Connector": "The properties of the connector.
" } }, "ConnectorArn": { "base": null, "refs": { "Challenge$ConnectorArn": "The Amazon Resource Name (ARN) of the connector.
", "ChallengeMetadata$ConnectorArn": "The Amazon Resource Name (ARN) of the connector.
", "ChallengeMetadataSummary$ConnectorArn": "The Amazon Resource Name (ARN) of the connector.
", "Connector$Arn": "The Amazon Resource Name (ARN) of the connector.
", "ConnectorSummary$Arn": "The Amazon Resource Name (ARN) of the connector.
", "CreateChallengeRequest$ConnectorArn": "The Amazon Resource Name (ARN) of the connector that you want to create a challenge for.
", "CreateConnectorResponse$ConnectorArn": "Returns the Amazon Resource Name (ARN) of the connector.
", "DeleteConnectorRequest$ConnectorArn": "The Amazon Resource Name (ARN) of the connector to delete.
", "GetConnectorRequest$ConnectorArn": "The Amazon Resource Name (ARN) of the connector.
", "ListChallengeMetadataRequest$ConnectorArn": "The Amazon Resource Name (ARN) of the connector.
" } }, "ConnectorList": { "base": null, "refs": { "ListConnectorsResponse$Connectors": "The connectors belonging to your Amazon Web Services account.
" } }, "ConnectorStatus": { "base": null, "refs": { "Connector$Status": "The connector's status.
", "ConnectorSummary$Status": "The connector's status. Status can be creating, active, deleting, or failed.
" } }, "ConnectorStatusReason": { "base": null, "refs": { "Connector$StatusReason": "Information about why connector creation failed, if status is FAILED.
Information about why connector creation failed, if status is FAILED.
Lists the Amazon Web Services Private CA SCEP connectors belonging to your Amazon Web Services account.
", "refs": { "ConnectorList$member": null } }, "ConnectorType": { "base": null, "refs": { "Connector$Type": "The connector type.
", "ConnectorSummary$Type": "The connector type.
" } }, "CreateChallengeRequest": { "base": null, "refs": { } }, "CreateChallengeResponse": { "base": null, "refs": { } }, "CreateConnectorRequest": { "base": null, "refs": { } }, "CreateConnectorResponse": { "base": null, "refs": { } }, "DeleteChallengeRequest": { "base": null, "refs": { } }, "DeleteConnectorRequest": { "base": null, "refs": { } }, "GetChallengeMetadataRequest": { "base": null, "refs": { } }, "GetChallengeMetadataResponse": { "base": null, "refs": { } }, "GetChallengePasswordRequest": { "base": null, "refs": { } }, "GetChallengePasswordResponse": { "base": null, "refs": { } }, "GetConnectorRequest": { "base": null, "refs": { } }, "GetConnectorResponse": { "base": null, "refs": { } }, "InternalServerException": { "base": "The request processing has failed because of an unknown error, exception or failure with an internal server.
", "refs": { } }, "IntuneConfiguration": { "base": "Contains configuration details for use with Microsoft Intune. For information about using Connector for SCEP for Microsoft Intune, see Using Connector for SCEP for Microsoft Intune.
When you use Connector for SCEP for Microsoft Intune, certain functionalities are enabled by accessing Microsoft Intune through the Microsoft API. Your use of the Connector for SCEP and accompanying Amazon Web Services services doesn't remove your need to have a valid license for your use of the Microsoft Intune service. You should also review the Microsoft IntuneĀ® App Protection Policies.
", "refs": { "MobileDeviceManagement$Intune": "Configuration settings for use with Microsoft Intune. For information about using Connector for SCEP for Microsoft Intune, see Using Connector for SCEP for Microsoft Intune.
" } }, "ListChallengeMetadataRequest": { "base": null, "refs": { } }, "ListChallengeMetadataResponse": { "base": null, "refs": { } }, "ListConnectorsRequest": { "base": null, "refs": { } }, "ListConnectorsResponse": { "base": null, "refs": { } }, "ListTagsForResourceRequest": { "base": null, "refs": { } }, "ListTagsForResourceResponse": { "base": null, "refs": { } }, "MaxResults": { "base": null, "refs": { "ListChallengeMetadataRequest$MaxResults": "The maximum number of objects that you want Connector for SCEP to return for this request. If more objects are available, in the response, Connector for SCEP provides a NextToken value that you can use in a subsequent call to get the next batch of objects.
The maximum number of objects that you want Connector for SCEP to return for this request. If more objects are available, in the response, Connector for SCEP provides a NextToken value that you can use in a subsequent call to get the next batch of objects.
If you don't supply a value, by default Connector for SCEP creates a connector for general-purpose use. A general-purpose connector is designed to work with clients or endpoints that support the SCEP protocol, except Connector for SCEP for Microsoft Intune. For information about considerations and limitations with using Connector for SCEP, see Considerations and Limitations.
If you provide an IntuneConfiguration, Connector for SCEP creates a connector for use with Microsoft Intune, and you manage the challenge passwords using Microsoft Intune. For more information, see Using Connector for SCEP for Microsoft Intune.
Contains settings relevant to the mobile device management system that you chose for the connector. If you didn't configure MobileDeviceManagement, then the connector is for general-purpose use and this object is empty.
Contains settings relevant to the mobile device management system that you chose for the connector. If you didn't configure MobileDeviceManagement, then the connector is for general-purpose use and this object is empty.
If you don't supply a value, by default Connector for SCEP creates a connector for general-purpose use. A general-purpose connector is designed to work with clients or endpoints that support the SCEP protocol, except Connector for SCEP for Microsoft Intune. With connectors for general-purpose use, you manage SCEP challenge passwords using Connector for SCEP. For information about considerations and limitations with using Connector for SCEP, see Considerations and Limitations.
If you provide an IntuneConfiguration, Connector for SCEP creates a connector for use with Microsoft Intune, and you manage the challenge passwords using Microsoft Intune. For more information, see Using Connector for SCEP for Microsoft Intune.
When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Connector for SCEP returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Connector for SCEP returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Connector for SCEP returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Connector for SCEP returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
Contains OpenID Connect (OIDC) parameters for use with Microsoft Intune. For more information about using Connector for SCEP for Microsoft Intune, see Using Connector for SCEP for Microsoft Intune.
", "refs": { "Connector$OpenIdConfiguration": "Contains OpenID Connect (OIDC) parameters for use with Connector for SCEP for Microsoft Intune. For more information about using Connector for SCEP for Microsoft Intune, see Using Connector for SCEP for Microsoft Intune.
", "ConnectorSummary$OpenIdConfiguration": "Contains OpenID Connect (OIDC) parameters for use with Microsoft Intune.
" } }, "ResourceNotFoundException": { "base": "The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than ACTIVE.
The SCEP challenge password, in UUID format.
", "GetChallengePasswordResponse$Password": "The SCEP challenge password.
" } }, "ServiceQuotaExceededException": { "base": "The request would cause a service quota to be exceeded.
", "refs": { } }, "String": { "base": null, "refs": { "AccessDeniedException$Message": null, "BadRequestException$Message": null, "ConflictException$Message": null, "ConflictException$ResourceId": "The identifier of the Amazon Web Services resource.
", "ConflictException$ResourceType": "The resource type, which can be either Connector or Challenge.
The connector's HTTPS public SCEP URL.
", "ConnectorSummary$Endpoint": "The connector's HTTPS public SCEP URL.
", "InternalServerException$Message": null, "ListTagsForResourceRequest$ResourceArn": "The Amazon Resource Name (ARN) of the resource.
", "OpenIdConfiguration$Issuer": "The issuer value to copy into your Microsoft Entra app registration's OIDC.
", "OpenIdConfiguration$Subject": "The subject value to copy into your Microsoft Entra app registration's OIDC.
", "OpenIdConfiguration$Audience": "The audience value to copy into your Microsoft Entra app registration's OIDC.
", "ResourceNotFoundException$Message": null, "ResourceNotFoundException$ResourceId": "The identifier of the Amazon Web Services resource.
", "ResourceNotFoundException$ResourceType": "The resource type, which can be either Connector or Challenge.
The resource type, which can be either Connector or Challenge.
Identifies the originating service.
", "ServiceQuotaExceededException$QuotaCode": "The quota identifier.
", "TagKeyList$member": null, "TagResourceRequest$ResourceArn": "The Amazon Resource Name (ARN) of the resource.
", "Tags$key": null, "Tags$value": null, "ThrottlingException$Message": null, "UntagResourceRequest$ResourceArn": "The Amazon Resource Name (ARN) of the resource.
", "ValidationException$Message": null } }, "TagKeyList": { "base": null, "refs": { "UntagResourceRequest$TagKeys": "Specifies a list of tag keys that you want to remove from the specified resources.
" } }, "TagResourceRequest": { "base": null, "refs": { } }, "Tags": { "base": null, "refs": { "CreateChallengeRequest$Tags": "The key-value pairs to associate with the resource.
", "CreateConnectorRequest$Tags": "The key-value pairs to associate with the resource.
", "ListTagsForResourceResponse$Tags": "The key-value pairs to associate with the resource.
", "TagResourceRequest$Tags": "The key-value pairs to associate with the resource.
" } }, "ThrottlingException": { "base": "The limit on the number of requests per second was exceeded.
", "refs": { } }, "Timestamp": { "base": null, "refs": { "Challenge$CreatedAt": "The date and time that the challenge was created.
", "Challenge$UpdatedAt": "The date and time that the challenge was updated.
", "ChallengeMetadata$CreatedAt": "The date and time that the connector was created.
", "ChallengeMetadata$UpdatedAt": "The date and time that the connector was updated.
", "ChallengeMetadataSummary$CreatedAt": "The date and time that the challenge was created.
", "ChallengeMetadataSummary$UpdatedAt": "The date and time that the challenge was updated.
", "Connector$CreatedAt": "The date and time that the connector was created.
", "Connector$UpdatedAt": "The date and time that the connector was updated.
", "ConnectorSummary$CreatedAt": "The date and time that the challenge was created.
", "ConnectorSummary$UpdatedAt": "The date and time that the challenge was updated.
" } }, "UntagResourceRequest": { "base": null, "refs": { } }, "ValidationException": { "base": "An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
", "refs": { } }, "ValidationExceptionReason": { "base": null, "refs": { "ValidationException$Reason": "The reason for the validation error, if available. The service doesn't return a reason for every validation exception.
" } } } }