Right now, the template is forcing the subordinate enterprise CA instance to launch in a private subnet. This is wrong, because in some cases, you need to make the CA reachable over the internet. For example, if you need to support smart card authentication for WorkSpaces, your AD Connector needs to be able to reach the OCSP URL via HTTP over the internet.
Right now, the template is forcing the subordinate enterprise CA instance to launch in a private subnet. This is wrong, because in some cases, you need to make the CA reachable over the internet. For example, if you need to support smart card authentication for WorkSpaces, your AD Connector needs to be able to reach the OCSP URL via HTTP over the internet.
CaServerSubnet: !GetAtt VPCStack.Outputs.PrivateSubnet1AID
This line needs to be modified, and a new parameter needs to be selected by the user