pulumi-aws-kotlin/com.pulumi.aws.kms.kotlin/ExternalKeyArgs

ExternalKeyArgs

data class ExternalKeyArgs(val bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null, val deletionWindowInDays: Output<Int>? = null, val description: Output<String>? = null, val enabled: Output<Boolean>? = null, val keyMaterialBase64: Output<String>? = null, val multiRegion: Output<Boolean>? = null, val policy: Output<String>? = null, val tags: Output<Map<String, String>>? = null, val validTo: Output<String>? = null) : ConvertibleToJava<ExternalKeyArgs>

Manages a single-Region or multi-Region primary KMS key that uses external key material. To instead manage a single-Region or multi-Region primary KMS key where AWS automatically generates and potentially rotates key material, see the aws.kms.Key resource.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.ExternalKey;
import com.pulumi.aws.kms.ExternalKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new ExternalKey("example", ExternalKeyArgs.builder()
            .description("KMS EXTERNAL for AMI encryption")
            .build());
    }
}

Import

KMS External Keys can be imported using the id, e.g.,

$ pulumi import aws:kms/externalKey:ExternalKey a arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

Constructors

ExternalKeyArgs

constructor(bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null, deletionWindowInDays: Output<Int>? = null, description: Output<String>? = null, enabled: Output<Boolean>? = null, keyMaterialBase64: Output<String>? = null, multiRegion: Output<Boolean>? = null, policy: Output<String>? = null, tags: Output<Map<String, String>>? = null, validTo: Output<String>? = null)

Properties

bypassPolicyLockoutSafetyCheck

val bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null

Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to true increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide. Defaults to false.

deletionWindowInDays

val deletionWindowInDays: Output<Int>? = null

Duration in days after which the key is deleted after destruction of the resource. Must be between 7 and 30 days. Defaults to 30.

description

val description: Output<String>? = null

Description of the key.

enabled

val enabled: Output<Boolean>? = null

Specifies whether the key is enabled. Keys pending import can only be false. Imported keys default to true unless expired.

keyMaterialBase64

val keyMaterialBase64: Output<String>? = null

Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.

multiRegion

val multiRegion: Output<Boolean>? = null

Indicates whether the KMS key is a multi-Region (true) or regional (false) key. Defaults to false.

policy

val policy: Output<String>? = null

A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.

Functions

toJava

open override fun toJava(): ExternalKeyArgs