pulumi-aws-kotlin/com.pulumi.aws.kms.kotlin/ReplicaKeyArgs

ReplicaKeyArgs

data class ReplicaKeyArgs(val bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null, val deletionWindowInDays: Output<Int>? = null, val description: Output<String>? = null, val enabled: Output<Boolean>? = null, val policy: Output<String>? = null, val primaryKeyArn: Output<String>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<ReplicaKeyArgs>

Manages a KMS multi-Region replica key.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.Provider;
import com.pulumi.aws.ProviderArgs;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.kms.ReplicaKey;
import com.pulumi.aws.kms.ReplicaKeyArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var primary = new Provider("primary", ProviderArgs.builder()
            .region("us-east-1")
            .build());
        var primaryKey = new Key("primaryKey", KeyArgs.builder()
            .description("Multi-Region primary key")
            .deletionWindowInDays(30)
            .multiRegion(true)
            .build(), CustomResourceOptions.builder()
                .provider(aws.primary())
                .build());
        var replica = new ReplicaKey("replica", ReplicaKeyArgs.builder()
            .description("Multi-Region replica key")
            .deletionWindowInDays(7)
            .primaryKeyArn(primaryKey.arn())
            .build());
    }
}

Import

KMS multi-Region replica keys can be imported using the id, e.g.,

$ pulumi import aws:kms/replicaKey:ReplicaKey example 1234abcd-12ab-34cd-56ef-1234567890ab

Constructors

ReplicaKeyArgs

fun ReplicaKeyArgs(bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null, deletionWindowInDays: Output<Int>? = null, description: Output<String>? = null, enabled: Output<Boolean>? = null, policy: Output<String>? = null, primaryKeyArn: Output<String>? = null, tags: Output<Map<String, String>>? = null)

Functions

toJava

open override fun toJava(): ReplicaKeyArgs

Properties

bypassPolicyLockoutSafetyCheck

val bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null

A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide. The default value is false.

deletionWindowInDays

val deletionWindowInDays: Output<Int>? = null

The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between 7 and 30, inclusive. If you do not specify a value, it defaults to 30.

description

val description: Output<String>? = null

A description of the KMS key.

enabled

val enabled: Output<Boolean>? = null

Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. The default value is true.

policy

val policy: Output<String>? = null

The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the default key policy to the KMS key.

primaryKeyArn

val primaryKeyArn: Output<String>? = null

The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region.