pulumi-aws-native-kotlin/com.pulumi.awsnative.kms.kotlin/KeyArgsBuilder/keyPolicy

keyPolicy

@JvmName(name = "murvaetqwstexhvv")
suspend fun keyPolicy(value: Output<Any>)
@JvmName(name = "mhkiiycjusgiyfmn")
suspend fun keyPolicy(value: Any?)

Parameters

value

The key policy to attach to the KMS key. If you provide a key policy, it must meet the following criteria:

  • The key policy must allow the caller to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see Default key policy in the Developer Guide. (To omit this condition, set `BypassPolicyLockoutSafetyCheck` to true.)

  • Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the User Guide. If you do not provide a key policy, KMS attaches a default key policy to the KMS key. For more information, see Default key policy in the Developer Guide. A key policy document can include only the following characters:

  • Printable ASCII characters

  • Printable characters in the Basic Latin and Latin-1 Supplement character set

  • The tab (`\u0009`), line feed (`\u000A`), and carriage return (`\u000D`) special characters Minimum: `1` Maximum: `32768` Search the CloudFormation User Guide for AWS::KMS::Key for more information about the expected schema for this property.