Under properties, configure the following AWS CA-specific settings.

aws-api-url

The AWS CA API regional URL for the plugin to interact with AWS. For example:

Mandatory: Yes.

aws-assume-role-arn

The AWS ARN that uniquely identifies the IAM role. This is used when your AWS user configured above does not have the required permission under the AWS user. If this parameter is defined, the plugin will assume the AWS IAM role defined and obtain temporary security credentials in order to access the AWS resources needed. 

Mandatory: No.

aws-ca-arn

The AWS ARN that uniquely identifies the AWS CA. For example:

Mandatory: Yes.

aws-ca-audit-report-s3-bucket-name

The AWS S3 bucket name uniquely identifying the bucket for saving AWS Audit Reports. For example:

Mandatory: No.

aws-ca-s3-crl-arn

The AWS ARN uniquely identifying the bucket for saving the CRL. For example:

Mandatory: Yes.

aws-region

The AWS region of the CA. For example:

Mandatory: Yes.

aws-sts-token-duration-in-seconds

The duration in seconds that the STS temporary credential should remain valid. Default is 1200 seconds if not specified.

Mandatory: When defined together with properties.aws-ca-cert-template-arn in the AWS CA profile settings.

aws-user-access-key-id

The AWS API username. For example:

Mandatory: Yes.

aws-user-arn

The AWS ARN that uniquely identifies the IAM user

Mandatory: Yes.

aws-user-login-url

The AWS sign URL for the IAM user

Mandatory: Yes.

aws-user-secret-access-key

The AWS API password.

Mandatory: Yes.

certificate-events-storage-method

The storage type for recording events – for example:

Mandatory: No

dynamodb-table-name

The name of the Dynamo database for storing the events.

Mandatory: When the value of certificate-events-storage-method is "Dynamo DB".