pulumi-aws-kotlin/com.pulumi.aws.kms.kotlin/ReplicaExternalKeyArgs

ReplicaExternalKeyArgs

data class ReplicaExternalKeyArgs(val bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null, val deletionWindowInDays: Output<Int>? = null, val description: Output<String>? = null, val enabled: Output<Boolean>? = null, val keyMaterialBase64: Output<String>? = null, val policy: Output<String>? = null, val primaryKeyArn: Output<String>? = null, val tags: Output<Map<String, String>>? = null, val validTo: Output<String>? = null) : ConvertibleToJava<ReplicaExternalKeyArgs>

Manages a KMS multi-Region replica key that uses external key material. See the AWS KMS Developer Guide for more information on importing key material into multi-Region keys.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const primary = new aws.kms.ExternalKey("primary", {
    description: "Multi-Region primary key",
    deletionWindowInDays: 30,
    multiRegion: true,
    enabled: true,
    keyMaterialBase64: "...",
});
const replica = new aws.kms.ReplicaExternalKey("replica", {
    description: "Multi-Region replica key",
    deletionWindowInDays: 7,
    primaryKeyArn: primaryAwsKmsExternal.arn,
    keyMaterialBase64: "...",
});
Content copied to clipboard
import pulumi
import pulumi_aws as aws
primary = aws.kms.ExternalKey("primary",
    description="Multi-Region primary key",
    deletion_window_in_days=30,
    multi_region=True,
    enabled=True,
    key_material_base64="...")
replica = aws.kms.ReplicaExternalKey("replica",
    description="Multi-Region replica key",
    deletion_window_in_days=7,
    primary_key_arn=primary_aws_kms_external["arn"],
    key_material_base64="...")
Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
    var primary = new Aws.Kms.ExternalKey("primary", new()
    {
        Description = "Multi-Region primary key",
        DeletionWindowInDays = 30,
        MultiRegion = true,
        Enabled = true,
        KeyMaterialBase64 = "...",
    });
    var replica = new Aws.Kms.ReplicaExternalKey("replica", new()
    {
        Description = "Multi-Region replica key",
        DeletionWindowInDays = 7,
        PrimaryKeyArn = primaryAwsKmsExternal.Arn,
        KeyMaterialBase64 = "...",
    });
});
Content copied to clipboard
package main
import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewExternalKey(ctx, "primary", &kms.ExternalKeyArgs{
			Description:          pulumi.String("Multi-Region primary key"),
			DeletionWindowInDays: pulumi.Int(30),
			MultiRegion:          pulumi.Bool(true),
			Enabled:              pulumi.Bool(true),
			KeyMaterialBase64:    pulumi.String("..."),
		})
		if err != nil {
			return err
		}
		_, err = kms.NewReplicaExternalKey(ctx, "replica", &kms.ReplicaExternalKeyArgs{
			Description:          pulumi.String("Multi-Region replica key"),
			DeletionWindowInDays: pulumi.Int(7),
			PrimaryKeyArn:        pulumi.Any(primaryAwsKmsExternal.Arn),
			KeyMaterialBase64:    pulumi.String("..."),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.kms.ExternalKey;
import com.pulumi.aws.kms.ExternalKeyArgs;
import com.pulumi.aws.kms.ReplicaExternalKey;
import com.pulumi.aws.kms.ReplicaExternalKeyArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var primary = new ExternalKey("primary", ExternalKeyArgs.builder()
            .description("Multi-Region primary key")
            .deletionWindowInDays(30)
            .multiRegion(true)
            .enabled(true)
            .keyMaterialBase64("...")
            .build());
        var replica = new ReplicaExternalKey("replica", ReplicaExternalKeyArgs.builder()
            .description("Multi-Region replica key")
            .deletionWindowInDays(7)
            .primaryKeyArn(primaryAwsKmsExternal.arn())
            .keyMaterialBase64("...")
            .build());
    }
}
Content copied to clipboard
resources:
  primary:
    type: aws:kms:ExternalKey
    properties:
      description: Multi-Region primary key
      deletionWindowInDays: 30
      multiRegion: true
      enabled: true
      keyMaterialBase64: '...'
  replica:
    type: aws:kms:ReplicaExternalKey
    properties:
      description: Multi-Region replica key
      deletionWindowInDays: 7
      primaryKeyArn: ${primaryAwsKmsExternal.arn}
      keyMaterialBase64: '...'
Content copied to clipboard

Import

Using pulumi import, import KMS multi-Region replica keys using the id. For example:

$ pulumi import aws:kms/replicaExternalKey:ReplicaExternalKey example 1234abcd-12ab-34cd-56ef-1234567890ab
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null, deletionWindowInDays: Output<Int>? = null, description: Output<String>? = null, enabled: Output<Boolean>? = null, keyMaterialBase64: Output<String>? = null, policy: Output<String>? = null, primaryKeyArn: Output<String>? = null, tags: Output<Map<String, String>>? = null, validTo: Output<String>? = null)

Properties

Link copied to clipboard
val bypassPolicyLockoutSafetyCheck: Output<Boolean>? = null

A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide. The default value is false.

Link copied to clipboard
val deletionWindowInDays: Output<Int>? = null

The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between 7 and 30, inclusive. If you do not specify a value, it defaults to 30.

Link copied to clipboard
val description: Output<String>? = null

A description of the KMS key.

Link copied to clipboard
val enabled: Output<Boolean>? = null

Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. Keys pending import can only be false. Imported keys default to true unless expired.

Link copied to clipboard
val keyMaterialBase64: Output<String>? = null

Base64 encoded 256-bit symmetric encryption key material to import. The KMS key is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.

Link copied to clipboard
val policy: Output<String>? = null

The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the default key policy to the KMS key.

Link copied to clipboard
val primaryKeyArn: Output<String>? = null

The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region.

Link copied to clipboard
val tags: Output<Map<String, String>>? = null

A map of tags to assign to the replica key. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Link copied to clipboard
val validTo: Output<String>? = null

Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the key becomes unusable. If not specified, key material does not expire. Valid values: RFC3339 time string (YYYY-MM-DDTHH:MM:SSZ)

Functions

Link copied to clipboard
open override fun toJava(): ReplicaExternalKeyArgs