Custom
data class CustomKeyStoreArgs(val cloudHsmClusterId: Output<String>? = null, val customKeyStoreName: Output<String>? = null, val customKeyStoreType: Output<String>? = null, val keyStorePassword: Output<String>? = null, val trustAnchorCertificate: Output<String>? = null, val xksProxyAuthenticationCredential: Output<CustomKeyStoreXksProxyAuthenticationCredentialArgs>? = null, val xksProxyConnectivity: Output<String>? = null, val xksProxyUriEndpoint: Output<String>? = null, val xksProxyUriPath: Output<String>? = null, val xksProxyVpcEndpointServiceName: Output<String>? = null) : ConvertibleToJava<CustomKeyStoreArgs>
Resource for managing an AWS KMS (Key Management) Custom Key Store.
Example Usage
CloudHSM
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as std from "@pulumi/std";
const test = new aws.kms.CustomKeyStore("test", {
cloudHsmClusterId: cloudHsmClusterId,
customKeyStoreName: "kms-custom-key-store-test",
keyStorePassword: "noplaintextpasswords1",
trustAnchorCertificate: std.file({
input: "anchor-certificate.crt",
}).then(invoke => invoke.result),
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
import pulumi_std as std
test = aws.kms.CustomKeyStore("test",
cloud_hsm_cluster_id=cloud_hsm_cluster_id,
custom_key_store_name="kms-custom-key-store-test",
key_store_password="noplaintextpasswords1",
trust_anchor_certificate=std.file(input="anchor-certificate.crt").result)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var test = new Aws.Kms.CustomKeyStore("test", new()
{
CloudHsmClusterId = cloudHsmClusterId,
CustomKeyStoreName = "kms-custom-key-store-test",
KeyStorePassword = "noplaintextpasswords1",
TrustAnchorCertificate = Std.File.Invoke(new()
{
Input = "anchor-certificate.crt",
}).Apply(invoke => invoke.Result),
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
invokeFile, err := std.File(ctx, &std.FileArgs{
Input: "anchor-certificate.crt",
}, nil)
if err != nil {
return err
}
_, err = kms.NewCustomKeyStore(ctx, "test", &kms.CustomKeyStoreArgs{
CloudHsmClusterId: pulumi.Any(cloudHsmClusterId),
CustomKeyStoreName: pulumi.String("kms-custom-key-store-test"),
KeyStorePassword: pulumi.String("noplaintextpasswords1"),
TrustAnchorCertificate: pulumi.String(invokeFile.Result),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.CustomKeyStore;
import com.pulumi.aws.kms.CustomKeyStoreArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var test = new CustomKeyStore("test", CustomKeyStoreArgs.builder()
.cloudHsmClusterId(cloudHsmClusterId)
.customKeyStoreName("kms-custom-key-store-test")
.keyStorePassword("noplaintextpasswords1")
.trustAnchorCertificate(StdFunctions.file(FileArgs.builder()
.input("anchor-certificate.crt")
.build()).result())
.build());
}
}Content copied to clipboard
resources:
test:
type: aws:kms:CustomKeyStore
properties:
cloudHsmClusterId: ${cloudHsmClusterId}
customKeyStoreName: kms-custom-key-store-test
keyStorePassword: noplaintextpasswords1
trustAnchorCertificate:
fn::invoke:
function: std:file
arguments:
input: anchor-certificate.crt
return: resultContent copied to clipboard
External Key Store (VPC)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.kms.CustomKeyStore("example", {
customKeyStoreName: "example-vpc-xks",
customKeyStoreType: "EXTERNAL_KEY_STORE",
xksProxyAuthenticationCredential: {
accessKeyId: ephemeralAccessKeyId,
rawSecretAccessKey: ephemeralSecretAccessKey,
},
xksProxyConnectivity: "VPC_ENDPOINT_SERVICE",
xksProxyUriEndpoint: "https://myproxy-private.xks.example.com",
xksProxyUriPath: "/kms/xks/v1",
xksProxyVpcEndpointServiceName: "com.amazonaws.vpce.us-east-1.vpce-svc-example",
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.kms.CustomKeyStore("example",
custom_key_store_name="example-vpc-xks",
custom_key_store_type="EXTERNAL_KEY_STORE",
xks_proxy_authentication_credential={
"access_key_id": ephemeral_access_key_id,
"raw_secret_access_key": ephemeral_secret_access_key,
},
xks_proxy_connectivity="VPC_ENDPOINT_SERVICE",
xks_proxy_uri_endpoint="https://myproxy-private.xks.example.com",
xks_proxy_uri_path="/kms/xks/v1",
xks_proxy_vpc_endpoint_service_name="com.amazonaws.vpce.us-east-1.vpce-svc-example")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Kms.CustomKeyStore("example", new()
{
CustomKeyStoreName = "example-vpc-xks",
CustomKeyStoreType = "EXTERNAL_KEY_STORE",
XksProxyAuthenticationCredential = new Aws.Kms.Inputs.CustomKeyStoreXksProxyAuthenticationCredentialArgs
{
AccessKeyId = ephemeralAccessKeyId,
RawSecretAccessKey = ephemeralSecretAccessKey,
},
XksProxyConnectivity = "VPC_ENDPOINT_SERVICE",
XksProxyUriEndpoint = "https://myproxy-private.xks.example.com",
XksProxyUriPath = "/kms/xks/v1",
XksProxyVpcEndpointServiceName = "com.amazonaws.vpce.us-east-1.vpce-svc-example",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := kms.NewCustomKeyStore(ctx, "example", &kms.CustomKeyStoreArgs{
CustomKeyStoreName: pulumi.String("example-vpc-xks"),
CustomKeyStoreType: pulumi.String("EXTERNAL_KEY_STORE"),
XksProxyAuthenticationCredential: &kms.CustomKeyStoreXksProxyAuthenticationCredentialArgs{
AccessKeyId: pulumi.Any(ephemeralAccessKeyId),
RawSecretAccessKey: pulumi.Any(ephemeralSecretAccessKey),
},
XksProxyConnectivity: pulumi.String("VPC_ENDPOINT_SERVICE"),
XksProxyUriEndpoint: pulumi.String("https://myproxy-private.xks.example.com"),
XksProxyUriPath: pulumi.String("/kms/xks/v1"),
XksProxyVpcEndpointServiceName: pulumi.String("com.amazonaws.vpce.us-east-1.vpce-svc-example"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.CustomKeyStore;
import com.pulumi.aws.kms.CustomKeyStoreArgs;
import com.pulumi.aws.kms.inputs.CustomKeyStoreXksProxyAuthenticationCredentialArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new CustomKeyStore("example", CustomKeyStoreArgs.builder()
.customKeyStoreName("example-vpc-xks")
.customKeyStoreType("EXTERNAL_KEY_STORE")
.xksProxyAuthenticationCredential(CustomKeyStoreXksProxyAuthenticationCredentialArgs.builder()
.accessKeyId(ephemeralAccessKeyId)
.rawSecretAccessKey(ephemeralSecretAccessKey)
.build())
.xksProxyConnectivity("VPC_ENDPOINT_SERVICE")
.xksProxyUriEndpoint("https://myproxy-private.xks.example.com")
.xksProxyUriPath("/kms/xks/v1")
.xksProxyVpcEndpointServiceName("com.amazonaws.vpce.us-east-1.vpce-svc-example")
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:kms:CustomKeyStore
properties:
customKeyStoreName: example-vpc-xks
customKeyStoreType: EXTERNAL_KEY_STORE
xksProxyAuthenticationCredential:
accessKeyId: ${ephemeralAccessKeyId}
rawSecretAccessKey: ${ephemeralSecretAccessKey}
xksProxyConnectivity: VPC_ENDPOINT_SERVICE
xksProxyUriEndpoint: https://myproxy-private.xks.example.com
xksProxyUriPath: /kms/xks/v1
xksProxyVpcEndpointServiceName: com.amazonaws.vpce.us-east-1.vpce-svc-exampleContent copied to clipboard
External Key Store (Public)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.kms.CustomKeyStore("example", {
customKeyStoreName: "example-public-xks",
customKeyStoreType: "EXTERNAL_KEY_STORE",
xksProxyAuthenticationCredential: {
accessKeyId: ephemeralAccessKeyId,
rawSecretAccessKey: ephemeralSecretAccessKey,
},
xksProxyConnectivity: "PUBLIC_ENDPOINT",
xksProxyUriEndpoint: "https://myproxy.xks.example.com",
xksProxyUriPath: "/kms/xks/v1",
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
example = aws.kms.CustomKeyStore("example",
custom_key_store_name="example-public-xks",
custom_key_store_type="EXTERNAL_KEY_STORE",
xks_proxy_authentication_credential={
"access_key_id": ephemeral_access_key_id,
"raw_secret_access_key": ephemeral_secret_access_key,
},
xks_proxy_connectivity="PUBLIC_ENDPOINT",
xks_proxy_uri_endpoint="https://myproxy.xks.example.com",
xks_proxy_uri_path="/kms/xks/v1")Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Kms.CustomKeyStore("example", new()
{
CustomKeyStoreName = "example-public-xks",
CustomKeyStoreType = "EXTERNAL_KEY_STORE",
XksProxyAuthenticationCredential = new Aws.Kms.Inputs.CustomKeyStoreXksProxyAuthenticationCredentialArgs
{
AccessKeyId = ephemeralAccessKeyId,
RawSecretAccessKey = ephemeralSecretAccessKey,
},
XksProxyConnectivity = "PUBLIC_ENDPOINT",
XksProxyUriEndpoint = "https://myproxy.xks.example.com",
XksProxyUriPath = "/kms/xks/v1",
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := kms.NewCustomKeyStore(ctx, "example", &kms.CustomKeyStoreArgs{
CustomKeyStoreName: pulumi.String("example-public-xks"),
CustomKeyStoreType: pulumi.String("EXTERNAL_KEY_STORE"),
XksProxyAuthenticationCredential: &kms.CustomKeyStoreXksProxyAuthenticationCredentialArgs{
AccessKeyId: pulumi.Any(ephemeralAccessKeyId),
RawSecretAccessKey: pulumi.Any(ephemeralSecretAccessKey),
},
XksProxyConnectivity: pulumi.String("PUBLIC_ENDPOINT"),
XksProxyUriEndpoint: pulumi.String("https://myproxy.xks.example.com"),
XksProxyUriPath: pulumi.String("/kms/xks/v1"),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.CustomKeyStore;
import com.pulumi.aws.kms.CustomKeyStoreArgs;
import com.pulumi.aws.kms.inputs.CustomKeyStoreXksProxyAuthenticationCredentialArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new CustomKeyStore("example", CustomKeyStoreArgs.builder()
.customKeyStoreName("example-public-xks")
.customKeyStoreType("EXTERNAL_KEY_STORE")
.xksProxyAuthenticationCredential(CustomKeyStoreXksProxyAuthenticationCredentialArgs.builder()
.accessKeyId(ephemeralAccessKeyId)
.rawSecretAccessKey(ephemeralSecretAccessKey)
.build())
.xksProxyConnectivity("PUBLIC_ENDPOINT")
.xksProxyUriEndpoint("https://myproxy.xks.example.com")
.xksProxyUriPath("/kms/xks/v1")
.build());
}
}Content copied to clipboard
resources:
example:
type: aws:kms:CustomKeyStore
properties:
customKeyStoreName: example-public-xks
customKeyStoreType: EXTERNAL_KEY_STORE
xksProxyAuthenticationCredential:
accessKeyId: ${ephemeralAccessKeyId}
rawSecretAccessKey: ${ephemeralSecretAccessKey}
xksProxyConnectivity: PUBLIC_ENDPOINT
xksProxyUriEndpoint: https://myproxy.xks.example.com
xksProxyUriPath: /kms/xks/v1Content copied to clipboard
Import
Using pulumi import, import KMS (Key Management) Custom Key Store using the id. For example:
$ pulumi import aws:kms/customKeyStore:CustomKeyStore example cks-5ebd4ef395a96288eContent copied to clipboard
Constructors
Link copied to clipboard
constructor(cloudHsmClusterId: Output<String>? = null, customKeyStoreName: Output<String>? = null, customKeyStoreType: Output<String>? = null, keyStorePassword: Output<String>? = null, trustAnchorCertificate: Output<String>? = null, xksProxyAuthenticationCredential: Output<CustomKeyStoreXksProxyAuthenticationCredentialArgs>? = null, xksProxyConnectivity: Output<String>? = null, xksProxyUriEndpoint: Output<String>? = null, xksProxyUriPath: Output<String>? = null, xksProxyVpcEndpointServiceName: Output<String>? = null)
Properties
Link copied to clipboard
Link copied to clipboard
Unique name for Custom Key Store. The following arguments are optional:
Link copied to clipboard
Specifies the type of key store to create. Valid values are AWS_CLOUDHSM and EXTERNAL_KEY_STORE. If omitted, AWS will default the value to AWS_CLOUDHSM.
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val xksProxyAuthenticationCredential: Output<CustomKeyStoreXksProxyAuthenticationCredentialArgs>? = null
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard