pulumi-aws-kotlin/com.pulumi.aws.kms.kotlin/KeyPolicyArgs

KeyPolicyArgs

data class KeyPolicyArgs(val bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null, val keyId: Output<String>? = null, val policy: Output<String>? = null) : ConvertibleToJava<KeyPolicyArgs>

Attaches a policy to a KMS Key.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.kms.KeyPolicy;
import com.pulumi.aws.kms.KeyPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var exampleKey = new Key("exampleKey", KeyArgs.builder()
            .description("example")
            .build());
        var exampleKeyPolicy = new KeyPolicy("exampleKeyPolicy", KeyPolicyArgs.builder()
            .keyId(exampleKey.id())
            .policy(serializeJson(
                jsonObject(
                    jsonProperty("Id", "example"),
                    jsonProperty("Statement", jsonArray(jsonObject(
                        jsonProperty("Action", "kms:*"),
                        jsonProperty("Effect", "Allow"),
                        jsonProperty("Principal", jsonObject(
                            jsonProperty("AWS", "*")
                        )),
                        jsonProperty("Resource", "*"),
                        jsonProperty("Sid", "Enable IAM User Permissions")
                    ))),
                    jsonProperty("Version", "2012-10-17")
                )))
            .build());
    }
}
Content copied to clipboard

Import

KMS Key Policies can be imported using the key_id, e.g.,

$ pulumi import aws:kms/keyPolicy:KeyPolicy a 1234abcd-12ab-34cd-56ef-1234567890ab
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null, keyId: Output<String>? = null, policy: Output<String>? = null)

Properties

Link copied to clipboard
val bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null

A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. If this value is set, and the resource is destroyed, a warning will be shown, and the resource will be removed from state. For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.

Link copied to clipboard
val keyId: Output<String>? = null

The ID of the KMS Key to attach the policy.

Link copied to clipboard
val policy: Output<String>? = null

A valid policy JSON document. Although this is a key policy, not an IAM policy, an aws.iam.getPolicyDocument, in the form that designates a principal, can be used. For more information about building policy documents, see the AWS IAM Policy Document Guide.

Functions

Link copied to clipboard
open override fun toJava(): KeyPolicyArgs