ReplicaKey

The Amazon Resource Name (ARN) of the replica key, such as arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab . The key ARNs of related multi-Region keys differ only in the Region value. For information about the key ARNs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .

A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.

Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.

The key ID of the replica key, such as mrk-1234abcd12ab34cd56ef1234567890ab . Related multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .

The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules. Search the CloudFormation User Guide for AWS::KMS::ReplicaKey for more information about the expected schema for this property.

Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.

Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.

An array of key-value pairs to apply to this resource.