pulumi-aws-kotlin/com.pulumi.aws.kms.kotlin/ExternalKey

ExternalKey

class ExternalKey : KotlinCustomResource

Manages a single-Region or multi-Region primary KMS key that uses external key material. To instead manage a single-Region or multi-Region primary KMS key where AWS automatically generates and potentially rotates key material, see the aws.kms.Key resource.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.ExternalKey;
import com.pulumi.aws.kms.ExternalKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var example = new ExternalKey("example", ExternalKeyArgs.builder()
            .description("KMS EXTERNAL for AMI encryption")
            .build());
    }
}

Import

KMS External Keys can be imported using the id, e.g.,

$ pulumi import aws:kms/externalKey:ExternalKey a arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

Properties

arn

val arn: Output<String>

The Amazon Resource Name (ARN) of the key.

bypassPolicyLockoutSafetyCheck

val bypassPolicyLockoutSafetyCheck: Output<Boolean>?

Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to true increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide. Defaults to false.

deletionWindowInDays

val deletionWindowInDays: Output<Int>?

Duration in days after which the key is deleted after destruction of the resource. Must be between 7 and 30 days. Defaults to 30.

description

val description: Output<String>?

Description of the key.

enabled

val enabled: Output<Boolean>

Specifies whether the key is enabled. Keys pending import can only be false. Imported keys default to true unless expired.

expirationModel

val expirationModel: Output<String>

Whether the key material expires. Empty when pending key material import, otherwise KEY_MATERIAL_EXPIRES or KEY_MATERIAL_DOES_NOT_EXPIRE.

val id: Output<String>

keyMaterialBase64

val keyMaterialBase64: Output<String>?

Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.

keyState

val keyState: Output<String>

The state of the CMK.

keyUsage

val keyUsage: Output<String>

The cryptographic operations for which you can use the CMK.

multiRegion

val multiRegion: Output<Boolean>

Indicates whether the KMS key is a multi-Region (true) or regional (false) key. Defaults to false.

policy

val policy: Output<String>

A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.