list_trust_anchors

IAMRolesAnywhere.Client.list_trust_anchors(**kwargs)

Lists the trust anchors in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListTrustAnchors .

See also: AWS API Documentation

Request Syntax

response = client.list_trust_anchors(
    nextToken='string',
    pageSize=123
)
Parameters
  • nextToken (string) -- A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.
  • pageSize (integer) -- The number of resources in the paginated list.
Return type

dict

Returns

Response Syntax

{
    'nextToken': 'string',
    'trustAnchors': [
        {
            'createdAt': datetime(2015, 1, 1),
            'enabled': True|False,
            'name': 'string',
            'source': {
                'sourceData': {
                    'acmPcaArn': 'string',
                    'x509CertificateData': 'string'
                },
                'sourceType': 'AWS_ACM_PCA'|'CERTIFICATE_BUNDLE'|'SELF_SIGNED_REPOSITORY'
            },
            'trustAnchorArn': 'string',
            'trustAnchorId': 'string',
            'updatedAt': datetime(2015, 1, 1)
        },
    ]
}

Response Structure

  • (dict) --

    • nextToken (string) --

      A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.

    • trustAnchors (list) --

      A list of trust anchors.

      • (dict) --

        The state of the trust anchor after a read or write operation.

        • createdAt (datetime) --

          The ISO-8601 timestamp when the trust anchor was created.

        • enabled (boolean) --

          Indicates whether the trust anchor is enabled.

        • name (string) --

          The name of the trust anchor.

        • source (dict) --

          The trust anchor type and its related certificate data.

          • sourceData (dict) --

            The data field of the trust anchor depending on its type.

            Note

            This is a Tagged Union structure. Only one of the following top level keys will be set: acmPcaArn, x509CertificateData. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

            'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
            
            • acmPcaArn (string) --

              The root certificate of the Certificate Manager Private Certificate Authority specified by this ARN is used in trust validation for CreateSession operations. Included for trust anchors of type AWS_ACM_PCA .

            • x509CertificateData (string) --

              The PEM-encoded data for the certificate anchor. Included for trust anchors of type CERTIFICATE_BUNDLE .

          • sourceType (string) --

            The type of the trust anchor.

        • trustAnchorArn (string) --

          The ARN of the trust anchor.

        • trustAnchorId (string) --

          The unique identifier of the trust anchor.

        • updatedAt (datetime) --

          The ISO-8601 timestamp when the trust anchor was last updated.

Exceptions

  • IAMRolesAnywhere.Client.exceptions.ValidationException
  • IAMRolesAnywhere.Client.exceptions.AccessDeniedException