aws::kms-key¶
Example¶
aws::kms-key kms-example
aliases: ["alias/kmsExample", "alias/kmsSecondExample"]
bypass-policy-lockout-safety-check: "false"
description: "sample kms key"
enabled: "true"
key-manager: "CUSTOMER"
key-rotation: "false"
key-usage: "ENCRYPT_DECRYPT"
multi-region: "false"
origin: "AWS_KMS"
pending-window: "7"
policy: "gyro-providers/gyro-aws-provider/examples/kms/kms-policy.json"
tags: {
Name: "kms-example"
}
end
Attributes¶
| Attribute | Description |
|---|---|
| aliases set | The set of aliases associated with the key. (Required) |
| bypass-policy-lockout-safety-check | Determines whether to bypass the key policy lockout safety check. Defaults to false. |
| description | The description of the key. |
| enabled | Determines whether the key is enabled. Defaults to enabled. |
| key-rotation | Determines whether the backing key is rotated each year. Defaults to false. Cannot be set if primary-kms-key is set. |
| key-usage | The usage of the key. Defaults to Required when not using Primary KMS Key field. Cannot be set if |
| key-spec | The spec for the key. Cannot be set if primary-kms-key is set. Valid values are RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, ECC_SECG_P256K1, SYMMETRIC_DEFAULT, HMAC_224, HMAC_256, HMAC_384, HMAC_512 or SM2. |
| multi-region | The capability of cross-region replication of the key. Defaults to false Cannot be set if primary-kms-key is set. |
| origin | The source of the key material. Defaults to AWS_KMS. Cannot be set if primary-kms-key is set. |
| pending-window | The number of days until the key will be deleted. Defaults to 30. |
| policy | The path to the policy associated with the key. |
| primary-kms-key | The primary KMS key associated with this resource. Can only be set if primary-key-region is set. |
| primary-key-region | The primary region of the KMS key associated with this resource. Can only be set if primary-kms-key is set. |
| tags map | The tags associated with the key. |
Outputs¶
| Attribute | Description |
|---|---|
| arn | The arn for this key. |
| id | The id for this key. |
| key-manager | The manager of the key, either AWS or customer. |
| key-state | The current state of the key. |
| multi-region-configuration | The Multi-Region configuration associated with the KMS key. |