:doc:`IAMRolesAnywhere <../../rolesanywhere>` / Client / list_trust_anchors

******************
list_trust_anchors
******************



.. py:method:: IAMRolesAnywhere.Client.list_trust_anchors(**kwargs)

  

  Lists the trust anchors in the authenticated account and Amazon Web Services Region.

   

  **Required permissions:** ``rolesanywhere:ListTrustAnchors``.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ListTrustAnchors>`_  


  **Request Syntax**
  ::

    response = client.list_trust_anchors(
        nextToken='string',
        pageSize=123
    )
    
  :type nextToken: string
  :param nextToken: 

    A token that indicates where the output should continue from, if a previous request did not show all results. To get the next results, make the request again with this value.

    

  
  :type pageSize: integer
  :param pageSize: 

    The number of resources in the paginated list.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'nextToken': 'string',
          'trustAnchors': [
              {
                  'trustAnchorId': 'string',
                  'trustAnchorArn': 'string',
                  'name': 'string',
                  'source': {
                      'sourceType': 'AWS_ACM_PCA'|'CERTIFICATE_BUNDLE'|'SELF_SIGNED_REPOSITORY',
                      'sourceData': {
                          'x509CertificateData': 'string',
                          'acmPcaArn': 'string'
                      }
                  },
                  'enabled': True|False,
                  'createdAt': datetime(2015, 1, 1),
                  'updatedAt': datetime(2015, 1, 1),
                  'notificationSettings': [
                      {
                          'enabled': True|False,
                          'event': 'CA_CERTIFICATE_EXPIRY'|'END_ENTITY_CERTIFICATE_EXPIRY',
                          'threshold': 123,
                          'channel': 'ALL',
                          'configuredBy': 'string'
                      },
                  ]
              },
          ]
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **nextToken** *(string) --* 

        A token that indicates where the output should continue from, if a previous request did not show all results. To get the next results, make the request again with this value.

        
      

      - **trustAnchors** *(list) --* 

        A list of trust anchors.

        
        

        - *(dict) --* 

          The state of the trust anchor after a read or write operation.

          
          

          - **trustAnchorId** *(string) --* 

            The unique identifier of the trust anchor.

            
          

          - **trustAnchorArn** *(string) --* 

            The ARN of the trust anchor.

            
          

          - **name** *(string) --* 

            The name of the trust anchor.

            
          

          - **source** *(dict) --* 

            The trust anchor type and its related certificate data.

            
            

            - **sourceType** *(string) --* 

              The type of the trust anchor.

              
            

            - **sourceData** *(dict) --* 

              The data field of the trust anchor depending on its type.

              .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``x509CertificateData``, ``acmPcaArn``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                            'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


            
              

              - **x509CertificateData** *(string) --* 

                The PEM-encoded data for the certificate anchor. Included for trust anchors of type ``CERTIFICATE_BUNDLE``.

                
              

              - **acmPcaArn** *(string) --* 

                The root certificate of the Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. Included for trust anchors of type ``AWS_ACM_PCA``.

                
          
        
          

          - **enabled** *(boolean) --* 

            Indicates whether the trust anchor is enabled.

            
          

          - **createdAt** *(datetime) --* 

            The ISO-8601 timestamp when the trust anchor was created.

            
          

          - **updatedAt** *(datetime) --* 

            The ISO-8601 timestamp when the trust anchor was last updated.

            
          

          - **notificationSettings** *(list) --* 

            A list of notification settings to be associated to the trust anchor.

            
            

            - *(dict) --* 

              The state of a notification setting.

               

              A notification setting includes information such as event name, threshold, status of the notification setting, and the channel to notify.

              
              

              - **enabled** *(boolean) --* 

                Indicates whether the notification setting is enabled.

                
              

              - **event** *(string) --* 

                The event to which this notification setting is applied.

                
              

              - **threshold** *(integer) --* 

                The number of days before a notification event.

                
              

              - **channel** *(string) --* 

                The specified channel of notification. IAM Roles Anywhere uses CloudWatch metrics, EventBridge, and Health Dashboard to notify for an event.

                 

                .. note::

                  

                  In the absence of a specific channel, IAM Roles Anywhere applies this setting to 'ALL' channels.

                  

                
              

              - **configuredBy** *(string) --* 

                The principal that configured the notification setting. For default settings configured by IAM Roles Anywhere, the value is ``rolesanywhere.amazonaws.com``, and for customized notifications settings, it is the respective account ID.

                
          
        
      
    
  
  **Exceptions**
  
  *   :py:class:`IAMRolesAnywhere.Client.exceptions.ValidationException`

  
  *   :py:class:`IAMRolesAnywhere.Client.exceptions.AccessDeniedException`

  