2025/03/10 - PcaConnectorAd - 5 updated api methods
Changes PrivateCA Connector for Active Directory now supports dual stack endpoints. This release adds the IpAddressType option to the VpcInformation on a Connector which determines whether the endpoint supports IPv4 only or IPv4 and IPv6 traffic.
{'VpcInformation': {'IpAddressType': 'IPV4 | DUALSTACK'}}
Creates a connector between Amazon Web Services Private CA and an Active Directory. You must specify the private CA, directory ID, and security groups.
See also: AWS API Documentation
Request Syntax
client.create_connector(
CertificateAuthorityArn='string',
ClientToken='string',
DirectoryId='string',
Tags={
'string': 'string'
},
VpcInformation={
'IpAddressType': 'IPV4'|'DUALSTACK',
'SecurityGroupIds': [
'string',
]
}
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the certificate authority being used.
string
Idempotency token.
This field is autopopulated if not provided.
string
[REQUIRED]
The identifier of the Active Directory.
dict
Metadata assigned to a connector consisting of a key-value pair.
(string) --
(string) --
dict
[REQUIRED]
Information about your VPC and security groups used with the connector.
IpAddressType (string) --
The VPC IP address type.
SecurityGroupIds (list) -- [REQUIRED]
The security groups used with the connector. You can use a maximum of 4 security groups with a connector.
(string) --
dict
Response Syntax
{
'ConnectorArn': 'string'
}
Response Structure
(dict) --
ConnectorArn (string) --
If successful, the Amazon Resource Name (ARN) of the connector for Active Directory.
{'Connector': {'StatusReason': {'CA_CERTIFICATE_REGISTRATION_FAILED',
'INSUFFICIENT_FREE_ADDRESSES',
'INVALID_SUBNET_IP_PROTOCOL'},
'VpcInformation': {'IpAddressType': 'IPV4 | DUALSTACK'}}}
Lists information about your connector. You specify the connector on input by its ARN (Amazon Resource Name).
See also: AWS API Documentation
Request Syntax
client.get_connector(
ConnectorArn='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
dict
Response Syntax
{
'Connector': {
'Arn': 'string',
'CertificateAuthorityArn': 'string',
'CertificateEnrollmentPolicyServerEndpoint': 'string',
'CreatedAt': datetime(2015, 1, 1),
'DirectoryId': 'string',
'Status': 'CREATING'|'ACTIVE'|'DELETING'|'FAILED',
'StatusReason': 'CA_CERTIFICATE_REGISTRATION_FAILED'|'DIRECTORY_ACCESS_DENIED'|'INTERNAL_FAILURE'|'INSUFFICIENT_FREE_ADDRESSES'|'INVALID_SUBNET_IP_PROTOCOL'|'PRIVATECA_ACCESS_DENIED'|'PRIVATECA_RESOURCE_NOT_FOUND'|'SECURITY_GROUP_NOT_IN_VPC'|'VPC_ACCESS_DENIED'|'VPC_ENDPOINT_LIMIT_EXCEEDED'|'VPC_RESOURCE_NOT_FOUND',
'UpdatedAt': datetime(2015, 1, 1),
'VpcInformation': {
'IpAddressType': 'IPV4'|'DUALSTACK',
'SecurityGroupIds': [
'string',
]
}
}
}
Response Structure
(dict) --
Connector (dict) --
A structure that contains information about your connector.
Arn (string) --
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
CertificateAuthorityArn (string) --
The Amazon Resource Name (ARN) of the certificate authority being used.
CertificateEnrollmentPolicyServerEndpoint (string) --
Certificate enrollment endpoint for Active Directory domain-joined objects reach out to when requesting certificates.
CreatedAt (datetime) --
The date and time that the connector was created.
DirectoryId (string) --
The identifier of the Active Directory.
Status (string) --
Status of the connector. Status can be creating, active, deleting, or failed.
StatusReason (string) --
Additional information about the connector status if the status is failed.
UpdatedAt (datetime) --
The date and time that the connector was updated.
VpcInformation (dict) --
Information of the VPC and security group(s) used with the connector.
IpAddressType (string) --
The VPC IP address type.
SecurityGroupIds (list) --
The security groups used with the connector. You can use a maximum of 4 security groups with a connector.
(string) --
{'ServicePrincipalName': {'StatusReason': {'SPN_LIMIT_EXCEEDED'}}}
Lists the service principal name that the connector uses to authenticate with Active Directory.
See also: AWS API Documentation
Request Syntax
client.get_service_principal_name(
ConnectorArn='string',
DirectoryRegistrationArn='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
string
[REQUIRED]
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
dict
Response Syntax
{
'ServicePrincipalName': {
'ConnectorArn': 'string',
'CreatedAt': datetime(2015, 1, 1),
'DirectoryRegistrationArn': 'string',
'Status': 'CREATING'|'ACTIVE'|'DELETING'|'FAILED',
'StatusReason': 'DIRECTORY_ACCESS_DENIED'|'DIRECTORY_NOT_REACHABLE'|'DIRECTORY_RESOURCE_NOT_FOUND'|'SPN_EXISTS_ON_DIFFERENT_AD_OBJECT'|'SPN_LIMIT_EXCEEDED'|'INTERNAL_FAILURE',
'UpdatedAt': datetime(2015, 1, 1)
}
}
Response Structure
(dict) --
ServicePrincipalName (dict) --
The service principal name that the connector uses to authenticate with Active Directory.
ConnectorArn (string) --
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.html.
CreatedAt (datetime) --
The date and time that the service principal name was created.
DirectoryRegistrationArn (string) --
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
Status (string) --
The status of a service principal name.
StatusReason (string) --
Additional information for the status of a service principal name if the status is failed.
UpdatedAt (datetime) --
The date and time that the service principal name was updated.
{'Connectors': {'StatusReason': {'CA_CERTIFICATE_REGISTRATION_FAILED',
'INSUFFICIENT_FREE_ADDRESSES',
'INVALID_SUBNET_IP_PROTOCOL'},
'VpcInformation': {'IpAddressType': 'IPV4 | DUALSTACK'}}}
Lists the connectors that you created by using the https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateConnector action.
See also: AWS API Documentation
Request Syntax
client.list_connectors(
MaxResults=123,
NextToken='string'
)
integer
Use this parameter when paginating results to specify the maximum number of items to return in the response on each page. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.
string
Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
dict
Response Syntax
{
'Connectors': [
{
'Arn': 'string',
'CertificateAuthorityArn': 'string',
'CertificateEnrollmentPolicyServerEndpoint': 'string',
'CreatedAt': datetime(2015, 1, 1),
'DirectoryId': 'string',
'Status': 'CREATING'|'ACTIVE'|'DELETING'|'FAILED',
'StatusReason': 'CA_CERTIFICATE_REGISTRATION_FAILED'|'DIRECTORY_ACCESS_DENIED'|'INTERNAL_FAILURE'|'INSUFFICIENT_FREE_ADDRESSES'|'INVALID_SUBNET_IP_PROTOCOL'|'PRIVATECA_ACCESS_DENIED'|'PRIVATECA_RESOURCE_NOT_FOUND'|'SECURITY_GROUP_NOT_IN_VPC'|'VPC_ACCESS_DENIED'|'VPC_ENDPOINT_LIMIT_EXCEEDED'|'VPC_RESOURCE_NOT_FOUND',
'UpdatedAt': datetime(2015, 1, 1),
'VpcInformation': {
'IpAddressType': 'IPV4'|'DUALSTACK',
'SecurityGroupIds': [
'string',
]
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Connectors (list) --
Summary information about each connector you have created.
(dict) --
Summary description of the Amazon Web Services Private CA AD connectors belonging to an Amazon Web Services account.
Arn (string) --
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
CertificateAuthorityArn (string) --
The Amazon Resource Name (ARN) of the certificate authority being used.
CertificateEnrollmentPolicyServerEndpoint (string) --
Certificate enrollment endpoint for Active Directory domain-joined objects to request certificates.
CreatedAt (datetime) --
The date and time that the connector was created.
DirectoryId (string) --
The identifier of the Active Directory.
Status (string) --
Status of the connector. Status can be creating, active, deleting, or failed.
StatusReason (string) --
Additional information about the connector status if the status is failed.
UpdatedAt (datetime) --
The date and time that the connector was updated.
VpcInformation (dict) --
Information of the VPC and security group(s) used with the connector.
IpAddressType (string) --
The VPC IP address type.
SecurityGroupIds (list) --
The security groups used with the connector. You can use a maximum of 4 security groups with a connector.
(string) --
NextToken (string) --
Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
{'ServicePrincipalNames': {'StatusReason': {'SPN_LIMIT_EXCEEDED'}}}
Lists the service principal names that the connector uses to authenticate with Active Directory.
See also: AWS API Documentation
Request Syntax
client.list_service_principal_names(
DirectoryRegistrationArn='string',
MaxResults=123,
NextToken='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
integer
Use this parameter when paginating results to specify the maximum number of items to return in the response on each page. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.
string
Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
dict
Response Syntax
{
'NextToken': 'string',
'ServicePrincipalNames': [
{
'ConnectorArn': 'string',
'CreatedAt': datetime(2015, 1, 1),
'DirectoryRegistrationArn': 'string',
'Status': 'CREATING'|'ACTIVE'|'DELETING'|'FAILED',
'StatusReason': 'DIRECTORY_ACCESS_DENIED'|'DIRECTORY_NOT_REACHABLE'|'DIRECTORY_RESOURCE_NOT_FOUND'|'SPN_EXISTS_ON_DIFFERENT_AD_OBJECT'|'SPN_LIMIT_EXCEEDED'|'INTERNAL_FAILURE',
'UpdatedAt': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
NextToken (string) --
Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of the NextToken parameter from the response you just received.
ServicePrincipalNames (list) --
The service principal name, if any, that the connector uses to authenticate with Active Directory.
(dict) --
The service principal name that the connector uses to authenticate with Active Directory.
ConnectorArn (string) --
The Amazon Resource Name (ARN) that was returned when you called CreateConnector.
CreatedAt (datetime) --
The date and time that the service principal name was created.
DirectoryRegistrationArn (string) --
The Amazon Resource Name (ARN) that was returned when you called CreateDirectoryRegistration.
Status (string) --
The status of a service principal name.
StatusReason (string) --
Additional information for the status of a service principal name if the status is failed.
UpdatedAt (datetime) --
Time when the service principal name was updated.