pulumi-aws-native-kotlin/com.pulumi.awsnative.kms.kotlin/KeyArgs

KeyArgs

data class KeyArgs(val bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null, val description: Output<String>? = null, val enableKeyRotation: Output<Boolean>? = null, val enabled: Output<Boolean>? = null, val keyPolicy: Output<Any>? = null, val keySpec: Output<KeySpec>? = null, val keyUsage: Output<KeyUsage>? = null, val multiRegion: Output<Boolean>? = null, val origin: Output<KeyOrigin>? = null, val pendingWindowInDays: Output<Int>? = null, val tags: Output<List<KeyTagArgs>>? = null) : ConvertibleToJava<KeyArgs>

The AWS::KMS::Key resource specifies an AWS KMS key in AWS Key Management Service (AWS KMS). Authorized users can use the AWS KMS key to encrypt and decrypt small amounts of data (up to 4096 bytes), but they are more commonly used to generate data keys. You can also use AWS KMS keys to encrypt data stored in AWS services that are integrated with AWS KMS or within their applications.

Constructors

Link copied to clipboard
fun KeyArgs(bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null, description: Output<String>? = null, enableKeyRotation: Output<Boolean>? = null, enabled: Output<Boolean>? = null, keyPolicy: Output<Any>? = null, keySpec: Output<KeySpec>? = null, keyUsage: Output<KeyUsage>? = null, multiRegion: Output<Boolean>? = null, origin: Output<KeyOrigin>? = null, pendingWindowInDays: Output<Int>? = null, tags: Output<List<KeyTagArgs>>? = null)

Functions

Link copied to clipboard
open override fun toJava(): KeyArgs

Properties

Link copied to clipboard
val bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null

Skips ("bypasses") the key policy lockout safety check. The default value is false.

Link copied to clipboard
val description: Output<String>? = null

A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.

Link copied to clipboard
val enabled: Output<Boolean>? = null

Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.

Link copied to clipboard
val enableKeyRotation: Output<Boolean>? = null

Enables automatic rotation of the key material for the specified AWS KMS key. By default, automation key rotation is not enabled.

Link copied to clipboard
val keyPolicy: Output<Any>? = null

The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.

Link copied to clipboard
val keySpec: Output<KeySpec>? = null

Specifies the type of AWS KMS key to create. The default value is SYMMETRIC_DEFAULT. This property is required only for asymmetric AWS KMS keys. You can't change the KeySpec value after the AWS KMS key is created.

Link copied to clipboard
val keyUsage: Output<KeyUsage>? = null

Determines the cryptographic operations for which you can use the AWS KMS key. The default value is ENCRYPT_DECRYPT. This property is required only for asymmetric AWS KMS keys. You can't change the KeyUsage value after the AWS KMS key is created.

Link copied to clipboard
val multiRegion: Output<Boolean>? = null

Specifies whether the AWS KMS key should be Multi-Region. You can't change the MultiRegion value after the AWS KMS key is created.

Link copied to clipboard
val origin: Output<KeyOrigin>? = null

The source of the key material for the KMS key. You cannot change the origin after you create the KMS key. The default is AWS_KMS, which means that AWS KMS creates the key material.

Link copied to clipboard
val pendingWindowInDays: Output<Int>? = null

Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.

Link copied to clipboard
val tags: Output<List<KeyTagArgs>>? = null

An array of key-value pairs to apply to this resource.