pulumi-aws-kotlin/com.pulumi.aws.kms.kotlin/KeyArgs

KeyArgs

data class KeyArgs(val bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null, val customKeyStoreId: Output<String>? = null, val customerMasterKeySpec: Output<String>? = null, val deletionWindowInDays: Output<Int>? = null, val description: Output<String>? = null, val enableKeyRotation: Output<Boolean>? = null, val isEnabled: Output<Boolean>? = null, val keyUsage: Output<String>? = null, val multiRegion: Output<Boolean>? = null, val policy: Output<String>? = null, val tags: Output<Map<String, String>>? = null) : ConvertibleToJava<KeyArgs>

Manages a single-Region or multi-Region primary KMS key.

NOTE on KMS Key Policy: KMS Key Policy can be configured in either the standalone resource aws.kms.KeyPolicy or with the parameter policy in this resource. Configuring with both will cause inconsistencies and may overwrite configuration.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var key = new Key("key", KeyArgs.builder()
            .deletionWindowInDays(10)
            .description("KMS key 1")
            .build());
    }
}
Content copied to clipboard

Import

KMS Keys can be imported using the id, e.g.,

$ pulumi import aws:kms/key:Key a 1234abcd-12ab-34cd-56ef-1234567890ab
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null, customKeyStoreId: Output<String>? = null, customerMasterKeySpec: Output<String>? = null, deletionWindowInDays: Output<Int>? = null, description: Output<String>? = null, enableKeyRotation: Output<Boolean>? = null, isEnabled: Output<Boolean>? = null, keyUsage: Output<String>? = null, multiRegion: Output<Boolean>? = null, policy: Output<String>? = null, tags: Output<Map<String, String>>? = null)

Properties

Link copied to clipboard
val bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null

A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide. The default value is false.

Link copied to clipboard
val customerMasterKeySpec: Output<String>? = null

Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, HMAC_256, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. Defaults to SYMMETRIC_DEFAULT. For help with choosing a key spec, see the AWS KMS Developer Guide.

Link copied to clipboard
val customKeyStoreId: Output<String>? = null

ID of the KMS Custom Key Store where the key will be stored instead of KMS (eg CloudHSM).

Link copied to clipboard
val deletionWindowInDays: Output<Int>? = null

The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between 7 and 30, inclusive. If you do not specify a value, it defaults to 30. If the KMS key is a multi-Region primary key with replicas, the waiting period begins when the last of its replica keys is deleted. Otherwise, the waiting period begins immediately.

Link copied to clipboard
val description: Output<String>? = null

The description of the key as viewed in AWS console.

Link copied to clipboard
val enableKeyRotation: Output<Boolean>? = null

Specifies whether key rotation is enabled. Defaults to false.

Link copied to clipboard
val isEnabled: Output<Boolean>? = null

Specifies whether the key is enabled. Defaults to true.

Link copied to clipboard
val keyUsage: Output<String>? = null

Specifies the intended use of the key. Valid values: ENCRYPT_DECRYPT, SIGN_VERIFY, or GENERATE_VERIFY_MAC. Defaults to ENCRYPT_DECRYPT.

Link copied to clipboard
val multiRegion: Output<Boolean>? = null

Indicates whether the KMS key is a multi-Region (true) or regional (false) key. Defaults to false.

Link copied to clipboard
val policy: Output<String>? = null

A valid policy JSON document. Although this is a key policy, not an IAM policy, an aws.iam.getPolicyDocument, in the form that designates a principal, can be used.

Link copied to clipboard
val tags: Output<Map<String, String>>? = null

A map of tags to assign to the object. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Functions

Link copied to clipboard
open override fun toJava(): KeyArgs