-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathterraform-aws-iam-roles-anywhere-example.drawio
255 lines (255 loc) · 36.1 KB
/
terraform-aws-iam-roles-anywhere-example.drawio
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
<mxfile host="Electron" agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/25.0.2 Chrome/128.0.6613.186 Electron/32.2.5 Safari/537.36" version="25.0.2">
<diagram name="Page-1" id="tJTTxUrJRq8FTXFW8xN4">
<mxGraphModel dx="1711" dy="1917" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="1100" pageHeight="850" background="#ffffff" math="0" shadow="0">
<root>
<mxCell id="0" />
<mxCell id="1" parent="0" />
<mxCell id="GsRnU1VMPK_G7D8Tim-P-98" value="Highlight" parent="0" />
<mxCell id="GsRnU1VMPK_G7D8Tim-P-87" value="One-to-One Relationship<br style="font-size: 25px;">Among All Resources<br>(i.e. one set of resources for each role)" style="verticalLabelPosition=middle;verticalAlign=top;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;fontFamily=Helvetica;fontSize=25;labelBackgroundColor=none;fillColor=#b0e3e6;fillOpacity=25;strokeColor=#0e8088;labelPosition=center;align=center;" parent="GsRnU1VMPK_G7D8Tim-P-98" vertex="1">
<mxGeometry x="540" y="-300" width="1120" height="290" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-88" value="Certificate and<div>Key&nbsp;<span style="background-color: initial;">for Each</span><div>Individual User</div></div>" style="verticalLabelPosition=middle;verticalAlign=top;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;fontFamily=Helvetica;fontSize=25;fillOpacity=25;fillColor=#fad9d5;strokeColor=#ae4132;labelPosition=center;align=center;" parent="GsRnU1VMPK_G7D8Tim-P-98" vertex="1">
<mxGeometry x="710" y="270" width="180" height="350" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-122" value="<font style="font-size: 25px;">Certificate Revocation Process</font>" style="verticalLabelPosition=top;verticalAlign=bottom;html=1;shape=mxgraph.basic.rect;fillColor2=none;strokeWidth=1;size=20;indent=5;fontFamily=Helvetica;fontSize=11;fillColor=#d0cee2;labelPosition=center;align=center;spacingTop=0;fillOpacity=25;strokeColor=#56517e;spacingBottom=-40;" parent="GsRnU1VMPK_G7D8Tim-P-98" vertex="1">
<mxGeometry x="500" y="650" width="1190" height="230" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-97" value="Resources" parent="0" />
<mxCell id="GsRnU1VMPK_G7D8Tim-P-61" style="edgeStyle=orthogonalEdgeStyle;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;exitX=0;exitY=1;exitDx=0;exitDy=0;endArrow=none;endFill=0;startArrow=classic;startFill=1;strokeWidth=2;curved=0;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-1" target="GsRnU1VMPK_G7D8Tim-P-2" edge="1">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="1100" y="200" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-62" value="<font style="font-size: 14px;"><i>Roles Anywhere<br>retrieves credentials<br>from STS</i></font>" style="edgeLabel;html=1;align=center;verticalAlign=bottom;resizable=0;points=[];labelPosition=left;verticalLabelPosition=top;spacingBottom=6;" parent="GsRnU1VMPK_G7D8Tim-P-61" vertex="1" connectable="0">
<mxGeometry x="0.0294" relative="1" as="geometry">
<mxPoint x="-21" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-83" style="edgeStyle=orthogonalEdgeStyle;shape=connector;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;exitX=1;exitY=1;exitDx=0;exitDy=0;labelBackgroundColor=default;strokeColor=default;align=left;verticalAlign=middle;fontFamily=Helvetica;fontSize=14;fontColor=#000000;endArrow=classic;endFill=1;entryX=1;entryY=0;entryDx=0;entryDy=0;labelPosition=right;verticalLabelPosition=middle;strokeWidth=2;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-1" target="GsRnU1VMPK_G7D8Tim-P-14" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-84" value="<font style="font-size: 14px;"><i>Roles Anywhere<br><div style=""><i>returns credentials</i></div></i></font>" style="edgeLabel;html=1;align=left;verticalAlign=middle;resizable=0;points=[];fontSize=11;fontFamily=Helvetica;fontColor=default;" parent="GsRnU1VMPK_G7D8Tim-P-83" vertex="1" connectable="0">
<mxGeometry x="0.0941" y="-4" relative="1" as="geometry">
<mxPoint x="14" y="-17" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-1" value="<font color="#000000" style="font-size: 14px;"><b>IAM<br>Roles Anywhere</b></font>" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#DD344C;strokeColor=none;dashed=0;verticalLabelPosition=top;verticalAlign=bottom;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.identity_access_management_iam_roles_anywhere;labelPosition=center;points=[[0,1],[1,1]];" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="1100" y="40" width="80" height="80" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-2" value="<font color="#000000" style="font-size: 14px;"><b>Security<br>Token<br>Service</b></font>" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#DD344C;strokeColor=none;dashed=0;verticalLabelPosition=top;verticalAlign=bottom;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.sts_alternate;labelPosition=center;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="820.05" y="160" width="69.95" height="88" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-4" value="<font style="font-size: 14px;"><b>Root<br>Private<br style="font-size: 14px;">Certificate<br style="font-size: 14px;">Authority</b></font>" style="points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#000000;fillColor=#DD344C;strokeColor=#ffffff;dashed=0;verticalLabelPosition=top;verticalAlign=bottom;align=center;html=1;fontSize=14;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.private_certificate_authority;labelPosition=center;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="20" y="-140" width="78" height="78" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-5" value="<font color="#000000" style="font-size: 14px;"><b>Temporary<br>Security<br>Credentials</b></font>" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#DD344C;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.temporary_security_credential;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="1356.5" y="400" width="77" height="78" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-30" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Helvetica;fontSize=14;fontColor=#000000;endArrow=none;endFill=0;strokeWidth=2;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-6" target="GsRnU1VMPK_G7D8Tim-P-11" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-6" value="<font color="#000000" style="font-size: 14px;"><b>IAM Role</b></font>" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#DD344C;strokeColor=none;dashed=0;verticalLabelPosition=top;verticalAlign=bottom;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.role;fontFamily=Helvetica;labelPosition=center;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="1160" y="-123" width="78" height="44" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-104" value="<i style="border-color: var(--border-color); font-size: 14px; text-align: right;">Key is necessary<br style="border-color: var(--border-color);">to use certificate</i>" style="edgeStyle=orthogonalEdgeStyle;shape=connector;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=1;entryDx=0;entryDy=0;labelBackgroundColor=none;strokeColor=default;align=center;verticalAlign=bottom;fontFamily=Helvetica;fontSize=11;fontColor=default;endArrow=classic;labelPosition=center;verticalLabelPosition=top;strokeWidth=2;curved=0;spacingLeft=0;spacingBottom=5;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-9" target="GsRnU1VMPK_G7D8Tim-P-14" edge="1">
<mxGeometry x="0.0003" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-9" value="<font style="font-size: 14px;"><b>Private Key</b></font>" style="outlineConnect=0;fontColor=#000000;gradientColor=none;fillColor=#DD344C;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=14;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.data_encryption_key;fontFamily=Helvetica;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="770" y="510" width="62" height="78" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-25" value="<i>Anchor trusts<br>any valid certificate<br>issued by<br>signing PCA</i>" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Helvetica;fontSize=14;fontColor=#000000;endArrow=none;endFill=0;labelPosition=center;verticalLabelPosition=top;align=center;verticalAlign=middle;labelBackgroundColor=none;strokeWidth=2;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-10" target="GsRnU1VMPK_G7D8Tim-P-16" edge="1">
<mxGeometry x="-0.1765" y="40" relative="1" as="geometry">
<Array as="points">
<mxPoint x="740" y="-100" />
<mxPoint x="740" y="-100" />
</Array>
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-28" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Helvetica;fontSize=14;fontColor=#000000;endArrow=none;endFill=0;verticalAlign=bottom;labelPosition=center;verticalLabelPosition=top;align=center;strokeWidth=2;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-10" target="GsRnU1VMPK_G7D8Tim-P-11" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-29" value="<i>Policy trusts<br>anchor to<br>assume role</i>" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=14;fontFamily=Helvetica;fontColor=#000000;labelBackgroundColor=none;" parent="GsRnU1VMPK_G7D8Tim-P-28" vertex="1" connectable="0">
<mxGeometry x="-0.072" y="1" relative="1" as="geometry">
<mxPoint y="35" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-10" value="<b>Roles Anywhere<br>Trust Anchor</b>" style="shape=mxgraph.signs.transportation.anchor_1;html=1;pointerEvents=1;fillColor=#000000;strokeColor=none;verticalLabelPosition=top;verticalAlign=bottom;align=center;dashed=0;fontFamily=Helvetica;fontSize=14;fontColor=#000000;labelPosition=center;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="810" y="-141" width="82" height="80" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-11" value="<font color="#000000" style="font-size: 14px;"><b>IAM Role<br>Trust Policy</b></font>" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#7AA116;strokeColor=none;dashed=0;verticalLabelPosition=top;verticalAlign=bottom;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.policy;fontFamily=Helvetica;labelPosition=center;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="1040" y="-134.5" width="78" height="67" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-12" value="<font style="font-size: 14px;"><b>Session Policy</b></font>" style="outlineConnect=0;fontColor=#000000;gradientColor=none;fillColor=#7AA116;strokeColor=none;dashed=0;verticalLabelPosition=top;verticalAlign=bottom;align=center;html=1;fontSize=14;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.policy;fontFamily=Helvetica;labelPosition=center;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="1560" y="-134.5" width="78" height="67" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-42" style="edgeStyle=orthogonalEdgeStyle;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Helvetica;fontSize=14;fontColor=#000000;startArrow=classic;startFill=1;endArrow=none;endFill=0;entryX=1;entryY=1;entryDx=0;entryDy=0;strokeWidth=2;curved=0;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-13" target="GsRnU1VMPK_G7D8Tim-P-16" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-43" value="<i>Signing PCA<br>signs end-entity<br>certificate</i>" style="edgeLabel;html=1;align=left;verticalAlign=middle;resizable=0;points=[];fontSize=14;fontFamily=Helvetica;fontColor=#000000;labelPosition=right;verticalLabelPosition=middle;" parent="GsRnU1VMPK_G7D8Tim-P-42" vertex="1" connectable="0">
<mxGeometry x="0.232" y="1" relative="1" as="geometry">
<mxPoint x="10" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-78" value="<meta charset="utf-8"><i style="border-color: var(--border-color); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 14px; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: center; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial;">Certificate is<br style="border-color: var(--border-color);">necessary to<br style="border-color: var(--border-color);">sign request</i>" style="edgeStyle=orthogonalEdgeStyle;shape=connector;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;labelBackgroundColor=default;strokeColor=default;align=center;verticalAlign=middle;fontFamily=Helvetica;fontSize=14;fontColor=#000000;endArrow=classic;endFill=1;labelPosition=center;verticalLabelPosition=top;strokeWidth=2;spacingLeft=84;spacingBottom=6;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-13" target="GsRnU1VMPK_G7D8Tim-P-14" edge="1">
<mxGeometry x="-0.0763" y="27" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-13" value="<font color="#000000" style="font-size: 14px;"><b>Certificate</b></font>" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#7AA116;strokeColor=none;dashed=0;verticalLabelPosition=top;verticalAlign=bottom;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.certificate_manager;fontFamily=Helvetica;labelPosition=center;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="771.5" y="407" width="59" height="78" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-63" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;strokeWidth=2;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-14" target="GsRnU1VMPK_G7D8Tim-P-1" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-64" value="<font style="font-size: 14px;"><i>Credential helper<br>sends signed request<br>to Roles Anywhere,<br>specifying trust<br>anchor and profile</i><br></font>" style="edgeLabel;html=1;align=right;verticalAlign=middle;resizable=0;points=[];labelPosition=left;verticalLabelPosition=middle;spacingTop=44;" parent="GsRnU1VMPK_G7D8Tim-P-63" vertex="1" connectable="0">
<mxGeometry x="-0.0036" y="-4" relative="1" as="geometry">
<mxPoint x="-14" y="-4" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-67" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;verticalAlign=top;labelPosition=center;verticalLabelPosition=top;align=center;strokeWidth=2;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-14" target="GsRnU1VMPK_G7D8Tim-P-5" edge="1">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="1260" y="440" />
<mxPoint x="1260" y="440" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-68" value="<font style="font-size: 14px;"><i>Credential helper<br>delivers credentials</i></font>" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];labelPosition=center;verticalLabelPosition=top;spacingBottom=6;" parent="GsRnU1VMPK_G7D8Tim-P-67" vertex="1" connectable="0">
<mxGeometry x="-0.0812" y="-1" relative="1" as="geometry">
<mxPoint y="-21" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-14" value="<font color="#000000" style="font-size: 14px;"><b>AWS<br>Credential<br>Helper</b></font>" style="outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#232F3D;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.generic_application;fontFamily=Helvetica;points=[[0,1],[1,0]];" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="1099.98" y="406" width="80" height="80" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-15" value="<font style="font-size: 14px;"><b>Intermediate<br>Private<br style="font-size: 14px;">Certificate<br style="font-size: 14px;">Authority</b></font>" style="points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#000000;fillColor=#DD344C;strokeColor=#ffffff;dashed=0;verticalLabelPosition=top;verticalAlign=bottom;align=center;html=1;fontSize=14;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.private_certificate_authority;labelPosition=center;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="250" y="-140" width="78" height="78" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-112" style="edgeStyle=orthogonalEdgeStyle;shape=connector;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;labelBackgroundColor=default;strokeColor=default;align=center;verticalAlign=top;fontFamily=Helvetica;fontSize=11;fontColor=default;endArrow=classic;labelPosition=center;verticalLabelPosition=top;strokeWidth=2;curved=0;" parent="GsRnU1VMPK_G7D8Tim-P-97" target="GsRnU1VMPK_G7D8Tim-P-107" edge="1">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="601" y="780" />
</Array>
<mxPoint x="600.99" y="-76" as="sourcePoint" />
<mxPoint x="909.9982725615316" y="785.9999999999995" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-113" value="<font style="font-size: 14px;"><i>PCA publishes CRL to S3 bucket</i></font>" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=11;fontFamily=Helvetica;fontColor=default;labelBackgroundColor=none;spacingBottom=6;" parent="GsRnU1VMPK_G7D8Tim-P-112" vertex="1" connectable="0">
<mxGeometry x="0.6774" y="3" relative="1" as="geometry">
<mxPoint x="-1" y="-10" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-16" value="<font style="font-size: 14px;"><b>Signing<br>Private<br style="font-size: 14px;">Certificate<br style="font-size: 14px;">Authority</b></font>" style="points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#000000;fillColor=#DD344C;strokeColor=#ffffff;dashed=0;verticalLabelPosition=top;verticalAlign=bottom;align=center;html=1;fontSize=14;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.private_certificate_authority;labelPosition=center;points=[[0,1],[1,1]];" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="561" y="-140" width="78" height="78" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-31" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;fontFamily=Helvetica;fontSize=14;fontColor=#000000;endArrow=none;endFill=0;strokeWidth=2;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-18" target="GsRnU1VMPK_G7D8Tim-P-6" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-32" value="<i>Profile is<br>associated with<br>only one role</i>" style="edgeLabel;html=1;align=center;verticalAlign=top;resizable=0;points=[];fontSize=14;fontFamily=Helvetica;fontColor=#000000;labelPosition=center;verticalLabelPosition=top;labelBackgroundColor=none;" parent="GsRnU1VMPK_G7D8Tim-P-31" vertex="1" connectable="0">
<mxGeometry x="0.0425" y="3" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-18" value="<b>Roles Anywhere<br>Profile</b>" style="verticalLabelPosition=top;html=1;fillColor=#6ABD46;strokeColor=#ffffff;verticalAlign=bottom;align=center;points=[[0.085,0.085,0],[0.915,0.085,0],[0.915,0.915,0],[0.085,0.915,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0.25,0],[1,0.5,0],[1,0.75,0],[0.75,1,0],[0.5,1,0],[0.25,1,0],[0,0.75,0],[0,0.5,0],[0,0.25,0]];pointerEvents=1;shape=mxgraph.cisco_safe.compositeIcon;bgIcon=mxgraph.cisco_safe.architecture.generic_appliance;resIcon=mxgraph.cisco_safe.architecture.policy;dashed=0;fontFamily=Helvetica;fontSize=14;fontColor=#000000;labelPosition=center;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="1370" y="-126" width="50" height="50" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-21" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;fontFamily=Helvetica;fontSize=14;fontColor=#000000;strokeWidth=2;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-4" target="GsRnU1VMPK_G7D8Tim-P-15" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-22" value="<i>Root PCA<br>signs certificate<br>for subordinate CA <br>(path length: 1)</i>" style="edgeLabel;html=1;align=center;verticalAlign=top;resizable=0;points=[];fontSize=14;fontFamily=Helvetica;fontColor=#000000;labelPosition=center;verticalLabelPosition=top;" parent="GsRnU1VMPK_G7D8Tim-P-21" vertex="1" connectable="0">
<mxGeometry x="-0.022" y="-3" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-23" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;fontFamily=Helvetica;fontSize=14;fontColor=#000000;strokeWidth=2;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-15" target="GsRnU1VMPK_G7D8Tim-P-16" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-24" value="<i>Intermediate PCA<br>signs certificate<br>for subordinate CA<br>(path length: 0)</i>" style="edgeLabel;html=1;align=center;verticalAlign=top;resizable=0;points=[];fontSize=14;fontFamily=Helvetica;fontColor=#000000;labelPosition=center;verticalLabelPosition=top;" parent="GsRnU1VMPK_G7D8Tim-P-23" vertex="1" connectable="0">
<mxGeometry x="-0.0152" y="-2" relative="1" as="geometry">
<mxPoint x="-13" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-33" style="edgeStyle=orthogonalEdgeStyle;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=1;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;fontFamily=Helvetica;fontSize=14;fontColor=#000000;endArrow=none;endFill=0;strokeWidth=2;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-12" target="GsRnU1VMPK_G7D8Tim-P-18" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-34" value="<i>Policy restricts<br>use of profile<br>by source IP</i>" style="edgeLabel;html=1;align=center;verticalAlign=top;resizable=0;points=[];fontSize=14;fontFamily=Helvetica;fontColor=#000000;labelPosition=center;verticalLabelPosition=top;labelBackgroundColor=none;" parent="GsRnU1VMPK_G7D8Tim-P-33" vertex="1" connectable="0">
<mxGeometry x="-0.0416" y="1" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-37" style="edgeStyle=orthogonalEdgeStyle;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;entryPerimeter=0;fontFamily=Helvetica;fontSize=14;fontColor=#000000;endArrow=none;endFill=0;strokeWidth=2;curved=0;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-1" target="GsRnU1VMPK_G7D8Tim-P-18" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-38" style="edgeStyle=orthogonalEdgeStyle;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;entryPerimeter=0;fontFamily=Helvetica;fontSize=14;fontColor=#000000;endArrow=none;endFill=0;strokeWidth=2;curved=0;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-1" target="GsRnU1VMPK_G7D8Tim-P-10" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-118" style="edgeStyle=orthogonalEdgeStyle;shape=connector;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;entryX=1;entryY=1;entryDx=0;entryDy=0;labelBackgroundColor=default;strokeColor=default;align=left;verticalAlign=middle;fontFamily=Helvetica;fontSize=11;fontColor=default;endArrow=classic;labelPosition=right;verticalLabelPosition=middle;strokeWidth=2;curved=0;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-106" target="GsRnU1VMPK_G7D8Tim-P-1" edge="1">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="1530" y="120" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-121" value="<font style="font-size: 14px;"><i>Lambda function<br>uploads CRL to<br>Roles Anywhere<br></i></font>" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=11;fontFamily=Helvetica;fontColor=default;" parent="GsRnU1VMPK_G7D8Tim-P-118" vertex="1" connectable="0">
<mxGeometry x="-0.3478" y="3" relative="1" as="geometry">
<mxPoint x="63" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-106" value="<i><font style="font-size: 14px;">Lambda function<br>converts CRL<br><div style="text-align: left;"><i style="background-color: initial; font-size: 11px;"><font style="font-size: 14px;">to PEM format</font></i></div></font></i>" style="outlineConnect=0;dashed=0;verticalLabelPosition=middle;verticalAlign=middle;align=left;html=1;shape=mxgraph.aws3.lambda_function;fillColor=#F58534;gradientColor=none;fontFamily=Helvetica;fontSize=11;fontColor=default;labelPosition=right;spacingLeft=6;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="1500" y="743" width="69" height="72" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-107" value="<b><font style="font-size: 14px;">S3 Bucket</font></b>" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#7AA116;strokeColor=none;dashed=0;verticalLabelPosition=top;verticalAlign=bottom;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.bucket_with_objects;fontFamily=Helvetica;labelPosition=center;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="910" y="740" width="75" height="78" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-108" value="<b><font style="font-size: 14px;">EventBridge</font></b><div><b><font style="font-size: 14px;">Rule</font></b></div>" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;fillColor=#E7157B;strokeColor=#ffffff;dashed=0;verticalLabelPosition=top;verticalAlign=bottom;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.eventbridge;fontFamily=Helvetica;labelPosition=center;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="1210" y="740" width="78" height="78" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-110" style="edgeStyle=orthogonalEdgeStyle;shape=connector;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=1;entryDx=0;entryDy=0;labelBackgroundColor=default;strokeColor=default;align=right;verticalAlign=middle;fontFamily=Helvetica;fontSize=11;fontColor=default;endArrow=classic;labelPosition=left;verticalLabelPosition=middle;strokeWidth=2;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-109" target="GsRnU1VMPK_G7D8Tim-P-16" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-111" value="<font style="font-size: 14px;"><i>User<br>revokes<br><div style="">certificate</div></i></font>" style="edgeLabel;html=1;align=right;verticalAlign=middle;resizable=0;points=[];fontSize=11;fontFamily=Helvetica;fontColor=default;" parent="GsRnU1VMPK_G7D8Tim-P-110" vertex="1" connectable="0">
<mxGeometry x="0.0855" y="6" relative="1" as="geometry">
<mxPoint x="-6" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-109" value="<font style="font-size: 14px;"><b>User</b></font>" style="sketch=0;outlineConnect=0;fontColor=#232F3E;gradientColor=none;fillColor=#232F3D;strokeColor=none;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;pointerEvents=1;shape=mxgraph.aws4.user;fontFamily=Helvetica;" parent="GsRnU1VMPK_G7D8Tim-P-97" vertex="1">
<mxGeometry x="522" y="740" width="78" height="78" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-114" style="edgeStyle=orthogonalEdgeStyle;shape=connector;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;labelBackgroundColor=default;strokeColor=default;align=center;verticalAlign=bottom;fontFamily=Helvetica;fontSize=11;fontColor=default;endArrow=classic;labelPosition=center;verticalLabelPosition=top;strokeWidth=2;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-107" target="GsRnU1VMPK_G7D8Tim-P-108" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-115" value="<font style="font-size: 14px;"><i>EventBridge captures<br>PutObject call</i></font>" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=11;fontFamily=Helvetica;fontColor=default;labelBackgroundColor=none;spacingBottom=6;" parent="GsRnU1VMPK_G7D8Tim-P-114" vertex="1" connectable="0">
<mxGeometry x="-0.0171" y="-1" relative="1" as="geometry">
<mxPoint x="-2" y="-20" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-116" style="edgeStyle=orthogonalEdgeStyle;shape=connector;rounded=0;orthogonalLoop=1;jettySize=auto;html=1;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;labelBackgroundColor=default;strokeColor=default;align=center;verticalAlign=middle;fontFamily=Helvetica;fontSize=11;fontColor=default;endArrow=classic;strokeWidth=2;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-108" target="GsRnU1VMPK_G7D8Tim-P-106" edge="1">
<mxGeometry relative="1" as="geometry" />
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-117" value="<font style="font-size: 14px;"><i>EventBridge triggers<br>Lambda function<br></i></font>" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=11;fontFamily=Helvetica;fontColor=default;labelBackgroundColor=none;spacingBottom=6;" parent="GsRnU1VMPK_G7D8Tim-P-116" vertex="1" connectable="0">
<mxGeometry x="-0.038" y="-1" relative="1" as="geometry">
<mxPoint y="-20" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-119" style="edgeStyle=orthogonalEdgeStyle;shape=connector;rounded=1;orthogonalLoop=1;jettySize=auto;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;entryPerimeter=0;labelBackgroundColor=default;strokeColor=default;align=center;verticalAlign=middle;fontFamily=Helvetica;fontSize=11;fontColor=default;endArrow=classic;strokeWidth=2;curved=0;" parent="GsRnU1VMPK_G7D8Tim-P-97" source="GsRnU1VMPK_G7D8Tim-P-107" target="GsRnU1VMPK_G7D8Tim-P-106" edge="1">
<mxGeometry relative="1" as="geometry">
<Array as="points">
<mxPoint x="948" y="860" />
<mxPoint x="1535" y="860" />
</Array>
</mxGeometry>
</mxCell>
<mxCell id="GsRnU1VMPK_G7D8Tim-P-120" value="<font style="font-size: 14px;"><i>Lambda function downloads CRL</i></font>" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=11;fontFamily=Helvetica;fontColor=default;labelBackgroundColor=none;spacingBottom=6;" parent="GsRnU1VMPK_G7D8Tim-P-119" vertex="1" connectable="0">
<mxGeometry x="-0.0082" y="1" relative="1" as="geometry">
<mxPoint x="-1" y="-9" as="offset" />
</mxGeometry>
</mxCell>
</root>
</mxGraphModel>
</diagram>
</mxfile>