Replica
Manages a KMS multi-Region replica key.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const primary = new aws.kms.Key("primary", {
description: "Multi-Region primary key",
deletionWindowInDays: 30,
multiRegion: true,
});
const replica = new aws.kms.ReplicaKey("replica", {
description: "Multi-Region replica key",
deletionWindowInDays: 7,
primaryKeyArn: primary.arn,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
primary = aws.kms.Key("primary",
description="Multi-Region primary key",
deletion_window_in_days=30,
multi_region=True)
replica = aws.kms.ReplicaKey("replica",
description="Multi-Region replica key",
deletion_window_in_days=7,
primary_key_arn=primary.arn)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var primary = new Aws.Kms.Key("primary", new()
{
Description = "Multi-Region primary key",
DeletionWindowInDays = 30,
MultiRegion = true,
});
var replica = new Aws.Kms.ReplicaKey("replica", new()
{
Description = "Multi-Region replica key",
DeletionWindowInDays = 7,
PrimaryKeyArn = primary.Arn,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
primary, err := kms.NewKey(ctx, "primary", &kms.KeyArgs{
Description: pulumi.String("Multi-Region primary key"),
DeletionWindowInDays: pulumi.Int(30),
MultiRegion: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = kms.NewReplicaKey(ctx, "replica", &kms.ReplicaKeyArgs{
Description: pulumi.String("Multi-Region replica key"),
DeletionWindowInDays: pulumi.Int(7),
PrimaryKeyArn: primary.Arn,
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.Key;
import com.pulumi.aws.kms.KeyArgs;
import com.pulumi.aws.kms.ReplicaKey;
import com.pulumi.aws.kms.ReplicaKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var primary = new Key("primary", KeyArgs.builder()
.description("Multi-Region primary key")
.deletionWindowInDays(30)
.multiRegion(true)
.build());
var replica = new ReplicaKey("replica", ReplicaKeyArgs.builder()
.description("Multi-Region replica key")
.deletionWindowInDays(7)
.primaryKeyArn(primary.arn())
.build());
}
}Content copied to clipboard
resources:
primary:
type: aws:kms:Key
properties:
description: Multi-Region primary key
deletionWindowInDays: 30
multiRegion: true
replica:
type: aws:kms:ReplicaKey
properties:
description: Multi-Region replica key
deletionWindowInDays: 7
primaryKeyArn: ${primary.arn}Content copied to clipboard
Import
Using pulumi import, import KMS multi-Region replica keys using the id. For example:
$ pulumi import aws:kms/replicaKey:ReplicaKey example 1234abcd-12ab-34cd-56ef-1234567890abContent copied to clipboard
Properties
Link copied to clipboard
A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide. The default value is false.
Link copied to clipboard
Link copied to clipboard
The cryptographic operations for which you can use the KMS key. This is a shared property of multi-Region keys.
Link copied to clipboard
The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the default key policy to the KMS key.