multiRegion

Creates a multi-Region primary key that you can replicate in other AWS-Regions. You can't change the `MultiRegion` value after the KMS key is created. For a list of AWS-Regions in which multi-Region keys are supported, see Multi-Region keys in in the **. If you change the value of the `MultiRegion` property on an existing KMS key, the update request fails, regardless of the value of the UpdateReplacePolicy attribute. This prevents you from accidentally deleting a KMS key by changing an immutable property value. For a multi-Region key, set to this property to `true`. For a single-Region key, omit this property or set it to `false`. The default value is `false`. Multi-Region keys are an KMS feature that lets you create multiple interoperable KMS keys in different AWS-Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS-Region and decrypt it in a different AWS-Region without making a cross-Region call or exposing the plaintext data. For more information, see Multi-Region keys in the Developer Guide. You can create a symmetric encryption, HMAC, or asymmetric multi-Region KMS key, and you can create a multi-Region key with imported key material. However, you cannot create a multi-Region key in a custom key store. To create a replica of this primary key in a different AWS-Region , create an AWS::KMS::ReplicaKey resource in a CloudFormation stack in the replica Region. Specify the key ARN of this primary key.