:doc:`EC2 <../../ec2>` / Client / modify_verified_access_trust_provider

*************************************
modify_verified_access_trust_provider
*************************************



.. py:method:: EC2.Client.modify_verified_access_trust_provider(**kwargs)

  

  Modifies the configuration of the specified Amazon Web Services Verified Access trust provider.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVerifiedAccessTrustProvider>`_  


  **Request Syntax**
  ::

    response = client.modify_verified_access_trust_provider(
        VerifiedAccessTrustProviderId='string',
        OidcOptions={
            'Issuer': 'string',
            'AuthorizationEndpoint': 'string',
            'TokenEndpoint': 'string',
            'UserInfoEndpoint': 'string',
            'ClientId': 'string',
            'ClientSecret': 'string',
            'Scope': 'string'
        },
        DeviceOptions={
            'PublicSigningKeyUrl': 'string'
        },
        Description='string',
        DryRun=True|False,
        ClientToken='string',
        SseSpecification={
            'CustomerManagedKeyEnabled': True|False,
            'KmsKeyArn': 'string'
        },
        NativeApplicationOidcOptions={
            'PublicSigningKeyEndpoint': 'string',
            'Issuer': 'string',
            'AuthorizationEndpoint': 'string',
            'TokenEndpoint': 'string',
            'UserInfoEndpoint': 'string',
            'ClientId': 'string',
            'ClientSecret': 'string',
            'Scope': 'string'
        }
    )
    
  :type VerifiedAccessTrustProviderId: string
  :param VerifiedAccessTrustProviderId: **[REQUIRED]** 

    The ID of the Verified Access trust provider.

    

  
  :type OidcOptions: dict
  :param OidcOptions: 

    The options for an OpenID Connect-compatible user-identity trust provider.

    

  
    - **Issuer** *(string) --* 

      The OIDC issuer.

      

    
    - **AuthorizationEndpoint** *(string) --* 

      The OIDC authorization endpoint.

      

    
    - **TokenEndpoint** *(string) --* 

      The OIDC token endpoint.

      

    
    - **UserInfoEndpoint** *(string) --* 

      The OIDC user info endpoint.

      

    
    - **ClientId** *(string) --* 

      The client identifier.

      

    
    - **ClientSecret** *(string) --* 

      The client secret.

      

    
    - **Scope** *(string) --* 

      OpenID Connect (OIDC) scopes are used by an application during authentication to authorize access to a user's details. Each scope returns a specific set of user attributes.

      

    
  
  :type DeviceOptions: dict
  :param DeviceOptions: 

    The options for a device-based trust provider. This parameter is required when the provider type is ``device``.

    

  
    - **PublicSigningKeyUrl** *(string) --* 

      The URL Amazon Web Services Verified Access will use to verify the authenticity of the device tokens.

      

    
  
  :type Description: string
  :param Description: 

    A description for the Verified Access trust provider.

    

  
  :type DryRun: boolean
  :param DryRun: 

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ``DryRunOperation``. Otherwise, it is ``UnauthorizedOperation``.

    

  
  :type ClientToken: string
  :param ClientToken: 

    A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see `Ensuring idempotency <https://docs.aws.amazon.com/ec2/latest/devguide/ec2-api-idempotency.html>`__.

    This field is autopopulated if not provided.

  
  :type SseSpecification: dict
  :param SseSpecification: 

    The options for server side encryption.

    

  
    - **CustomerManagedKeyEnabled** *(boolean) --* 

      Enable or disable the use of customer managed KMS keys for server side encryption.

       

      Valid values: ``True`` | ``False``

      

    
    - **KmsKeyArn** *(string) --* 

      The ARN of the KMS key.

      

    
  
  :type NativeApplicationOidcOptions: dict
  :param NativeApplicationOidcOptions: 

    The OpenID Connect (OIDC) options.

    

  
    - **PublicSigningKeyEndpoint** *(string) --* 

      The public signing key endpoint.

      

    
    - **Issuer** *(string) --* 

      The OIDC issuer identifier of the IdP.

      

    
    - **AuthorizationEndpoint** *(string) --* 

      The authorization endpoint of the IdP.

      

    
    - **TokenEndpoint** *(string) --* 

      The token endpoint of the IdP.

      

    
    - **UserInfoEndpoint** *(string) --* 

      The user info endpoint of the IdP.

      

    
    - **ClientId** *(string) --* 

      The OAuth 2.0 client identifier.

      

    
    - **ClientSecret** *(string) --* 

      The OAuth 2.0 client secret.

      

    
    - **Scope** *(string) --* 

      The set of user claims to be requested from the IdP.

      

    
  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'VerifiedAccessTrustProvider': {
              'VerifiedAccessTrustProviderId': 'string',
              'Description': 'string',
              'TrustProviderType': 'user'|'device',
              'UserTrustProviderType': 'iam-identity-center'|'oidc',
              'DeviceTrustProviderType': 'jamf'|'crowdstrike'|'jumpcloud',
              'OidcOptions': {
                  'Issuer': 'string',
                  'AuthorizationEndpoint': 'string',
                  'TokenEndpoint': 'string',
                  'UserInfoEndpoint': 'string',
                  'ClientId': 'string',
                  'ClientSecret': 'string',
                  'Scope': 'string'
              },
              'DeviceOptions': {
                  'TenantId': 'string',
                  'PublicSigningKeyUrl': 'string'
              },
              'PolicyReferenceName': 'string',
              'CreationTime': 'string',
              'LastUpdatedTime': 'string',
              'Tags': [
                  {
                      'Key': 'string',
                      'Value': 'string'
                  },
              ],
              'SseSpecification': {
                  'CustomerManagedKeyEnabled': True|False,
                  'KmsKeyArn': 'string'
              },
              'NativeApplicationOidcOptions': {
                  'PublicSigningKeyEndpoint': 'string',
                  'Issuer': 'string',
                  'AuthorizationEndpoint': 'string',
                  'TokenEndpoint': 'string',
                  'UserInfoEndpoint': 'string',
                  'ClientId': 'string',
                  'Scope': 'string'
              }
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **VerifiedAccessTrustProvider** *(dict) --* 

        Details about the Verified Access trust provider.

        
        

        - **VerifiedAccessTrustProviderId** *(string) --* 

          The ID of the Amazon Web Services Verified Access trust provider.

          
        

        - **Description** *(string) --* 

          A description for the Amazon Web Services Verified Access trust provider.

          
        

        - **TrustProviderType** *(string) --* 

          The type of Verified Access trust provider.

          
        

        - **UserTrustProviderType** *(string) --* 

          The type of user-based trust provider.

          
        

        - **DeviceTrustProviderType** *(string) --* 

          The type of device-based trust provider.

          
        

        - **OidcOptions** *(dict) --* 

          The options for an OpenID Connect-compatible user-identity trust provider.

          
          

          - **Issuer** *(string) --* 

            The OIDC issuer.

            
          

          - **AuthorizationEndpoint** *(string) --* 

            The OIDC authorization endpoint.

            
          

          - **TokenEndpoint** *(string) --* 

            The OIDC token endpoint.

            
          

          - **UserInfoEndpoint** *(string) --* 

            The OIDC user info endpoint.

            
          

          - **ClientId** *(string) --* 

            The client identifier.

            
          

          - **ClientSecret** *(string) --* 

            The client secret.

            
          

          - **Scope** *(string) --* 

            The OpenID Connect (OIDC) scope specified.

            
      
        

        - **DeviceOptions** *(dict) --* 

          The options for device-identity trust provider.

          
          

          - **TenantId** *(string) --* 

            The ID of the tenant application with the device-identity provider.

            
          

          - **PublicSigningKeyUrl** *(string) --* 

            The URL Amazon Web Services Verified Access will use to verify the authenticity of the device tokens.

            
      
        

        - **PolicyReferenceName** *(string) --* 

          The identifier to be used when working with policy rules.

          
        

        - **CreationTime** *(string) --* 

          The creation time.

          
        

        - **LastUpdatedTime** *(string) --* 

          The last updated time.

          
        

        - **Tags** *(list) --* 

          The tags.

          
          

          - *(dict) --* 

            Describes a tag.

            
            

            - **Key** *(string) --* 

              The key of the tag.

               

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.

              
            

            - **Value** *(string) --* 

              The value of the tag.

               

              Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

              
        
      
        

        - **SseSpecification** *(dict) --* 

          The options in use for server side encryption.

          
          

          - **CustomerManagedKeyEnabled** *(boolean) --* 

            Indicates whether customer managed KMS keys are in use for server side encryption.

             

            Valid values: ``True`` | ``False``

            
          

          - **KmsKeyArn** *(string) --* 

            The ARN of the KMS key.

            
      
        

        - **NativeApplicationOidcOptions** *(dict) --* 

          The OpenID Connect (OIDC) options.

          
          

          - **PublicSigningKeyEndpoint** *(string) --* 

            The public signing key endpoint.

            
          

          - **Issuer** *(string) --* 

            The OIDC issuer identifier of the IdP.

            
          

          - **AuthorizationEndpoint** *(string) --* 

            The authorization endpoint of the IdP.

            
          

          - **TokenEndpoint** *(string) --* 

            The token endpoint of the IdP.

            
          

          - **UserInfoEndpoint** *(string) --* 

            The user info endpoint of the IdP.

            
          

          - **ClientId** *(string) --* 

            The OAuth 2.0 client identifier.

            
          

          - **Scope** *(string) --* 

            The set of user claims to be requested from the IdP.

            
      
    
  