Stack Parameters
The following table describes the stack parameters that are used to configure the Privitar AWS stack. The bold parameters are mandatory.
Parameter | Description |
|---|---|
BootstrapVersion | The version of the CDK Bootstrap resources in this environment, automatically retrieved from SSM Parameter Store. |
CdkInfrastructureZipBucket | The Amazon S3 bucket name of the S3 bucket containing the Privitar AWS infrastructure zip file. The AWS CodePipeline deployed by the CloudFormation template will look for the Privacy Platform infrastructure zip file in this bucket. |
CdkInfrastructureZipKey | The Amazon S3 key for the S3 object that is the Privitar AWS infrastructure zip file. |
CreateTenantInstrumentationBucket | Whether or not to create a separate S3 bucket for storing the Privitar AWS instrumentation events. |
DeploymentID | A unique identifier for the Privitar AWS deployment. |
DeploymentGlobalID | Across all of AWS, uniquely identify global entities; for example S3 buckets must have a unique name across all accounts. Global resources created by Privitar CloudFormation will include the value of this parameter in their name. |
GlueDataBucketKeys | The IDs of AWS KMS customer managed keys (CMK) that Privitar AWS Glue ETL jobs are allowed to use. |
GlueDataDestinationBuckets | Specifies what S3 buckets Privitar AWS Glue ETL jobs are allowed to write data to, as a comma delimited list. |
GlueDataSourceBuckets | Specifies what S3 buckets Privitar AWS Glue ETL jobs are allowed to read data from, as a comma delimited list. |
HadoopUserName | The username to use to read or write HDFS files, if running jobs against an AWS EMR cluster. |
HostedZoneID | The AWS Route 53 public hosted zone ID to use to generate a domain name and certificate that can be used by Privitar AWS. |
HostedZoneName | The AWS Route 53 hosted zone domain name of the public hosted zone specified in the |
LicenceKeySecret (Provided by Privitar) | The ARN of a plaintext AWS Secrets Manager secret that contains the platform license key file contents. |
MutualTlsCertificateAuthorityPath | Full path to Mutual Transport Layer Security (MTLS) certificate authority. |
PrivitarInstrumentationBucket (Provided by Privitar) | The name of the S3 bucket location to store Privitar AWS instrumentation events. |
RdsSnapshotID | If creating a new deployment from an existing Privitar Policy Manager configuration database, specify an AWS RDS snapshot to restore from. |
RdsSnapshotSecret | If RdsSnapshotID is specified then this option is required. This is the ARN of a plaintext AWS Secrets Manager secret, that contains the AWS RDS snapshot database password. |
SsoSamlIdpMetadataS3Uri | The S3 location of the SAML Identity Provider metadata file. Required when using SSO_SAML as User Management Provider. |
SsoSamlSuperuserGroup | This parameter should contain the name of the group which maps on to superuser privilege. Required when using SSO_SAML as User Management Provider. |
SsoSamlUserAttribute | The name of the SAML attribute representing a unique username that can be used by the platform to manage the user. The identity provider will give a SAML assertion containing this attribute. Required when using SSO_SAML as User Management Provider. |
SsoSamlUserDisplayNameAttribute | The name of the saml attribute representing a display name for the user which is used as the user's name in the policy manager UI. Required when using SSO_SAML as User Management Provider. |
SsoSamlUserGroupsAttribute | A list of permissions groups to which the user belongs. These can be mapped on the teams and roles in the platform UI. Note: Privitar is case insensitive with regards to group names. Required when using SSO_SAML as User Management Provider. |
Tags | This parameter controls what AWS tags will be applied to resources created by Privitar CloudFormation. |
TrustedAdminRoles | A comma delimited list of trusted AWS IAM roles. The platform infrastructure includes strict security controls that may prevent AWS users from reading or writing to certain resources. |
UserManagementProvider | This parameter defines the Identity Provider used by The platform. Possible values are |
VpcPeerings | This parameter allows The platform control plane VPC to be automatically peered with other VPCs. |
WhatfixMode | Enable or disable the Help and Training Center (in-app user guidance) on the platform. FULL (the default) enables Help and Training Center content and analytics collection. CONTENT_ONLY enables Help and Training Center content only, with no analytics collection. |
WhatfixUrl | This is a Privitar-supplied URL that is required to enable Help and Training Center content. |