awscc.kms_key

Filters

  • event

  • reduce

  • value

Actions

delete

Parent base class for filters and actions.

properties:
  type:
    enum:
    - delete
required:
- type

Permissions - kms:DescribeKey, kms:ScheduleKeyDeletion

update

Parent base class for filters and actions.

definitions:
  Tag:
    additionalProperties: false
    description: A key-value pair to associate with a resource.
    properties:
      Key:
        description: 'The key name of the tag. You can specify a value that is 1 to
          128 Unicode characters in length and cannot be prefixed with aws:. You can
          use any of the following characters: the set of Unicode letters, digits,
          whitespace, _, ., /, =, +, and -.'
        maxLength: 128
        minLength: 1
        type: string
      Value:
        description: 'The value for the tag. You can specify a value that is 0 to
          256 Unicode characters in length and cannot be prefixed with aws:. You can
          use any of the following characters: the set of Unicode letters, digits,
          whitespace, _, ., /, =, +, and -.'
        maxLength: 256
        minLength: 0
        type: string
    required:
    - Key
    - Value
    type: object
properties:
  Description:
    description: A description of the CMK. Use a description that helps you to distinguish
      this CMK from others in the account, such as its intended use.
    maxLength: 8192
    minLength: 0
    type: string
  EnableKeyRotation:
    description: Enables automatic rotation of the key material for the specified
      customer master key (CMK). By default, automation key rotation is not enabled.
    type: boolean
  Enabled:
    description: Specifies whether the customer master key (CMK) is enabled. Disabled
      CMKs cannot be used in cryptographic operations.
    type: boolean
  KeyPolicy:
    description: The key policy that authorizes use of the CMK. The key policy must
      observe the following rules.
    type:
    - object
    - string
  KeySpec:
    default: SYMMETRIC_DEFAULT
    description: Specifies the type of CMK to create. The default value is SYMMETRIC_DEFAULT.
      This property is required only for asymmetric CMKs. You can't change the KeySpec
      value after the CMK is created.
    enum:
    - SYMMETRIC_DEFAULT
    - RSA_2048
    - RSA_3072
    - RSA_4096
    - ECC_NIST_P256
    - ECC_NIST_P384
    - ECC_NIST_P521
    - ECC_SECG_P256K1
    type: string
  KeyUsage:
    default: ENCRYPT_DECRYPT
    description: Determines the cryptographic operations for which you can use the
      CMK. The default value is ENCRYPT_DECRYPT. This property is required only for
      asymmetric CMKs. You can't change the KeyUsage value after the CMK is created.
    enum:
    - ENCRYPT_DECRYPT
    - SIGN_VERIFY
    type: string
  MultiRegion:
    default: false
    description: Specifies whether the CMK should be Multi-Region. You can't change
      the MultiRegion value after the CMK is created.
    type: boolean
  PendingWindowInDays:
    description: Specifies the number of days in the waiting period before AWS KMS
      deletes a CMK that has been removed from a CloudFormation stack. Enter a value
      between 7 and 30 days. The default value is 30 days.
    maximum: 30
    minimum: 7
    type: integer
  Tags:
    description: An array of key-value pairs to apply to this resource.
    insertionOrder: false
    items:
      additionalProperties: false
      description: A key-value pair to associate with a resource.
      properties:
        Key:
          description: 'The key name of the tag. You can specify a value that is 1
            to 128 Unicode characters in length and cannot be prefixed with aws:.
            You can use any of the following characters: the set of Unicode letters,
            digits, whitespace, _, ., /, =, +, and -.'
          maxLength: 128
          minLength: 1
          type: string
        Value:
          description: 'The value for the tag. You can specify a value that is 0 to
            256 Unicode characters in length and cannot be prefixed with aws:. You
            can use any of the following characters: the set of Unicode letters, digits,
            whitespace, _, ., /, =, +, and -.'
          maxLength: 256
          minLength: 0
          type: string
      required:
      - Key
      - Value
      type: object
    type: array
    uniqueItems: true
  type:
    enum:
    - update

Permissions - kms:DescribeKey, kms:DisableKey, kms:DisableKeyRotation, kms:EnableKey, kms:EnableKeyRotation, kms:PutKeyPolicy, kms:TagResource, kms:UntagResource, kms:UpdateKeyDescription