awscc.kms_key¶
Filters¶
event
reduce
value
Actions¶
delete¶
Parent base class for filters and actions.
properties:
type:
enum:
- delete
required:
- type
Permissions - kms:DescribeKey, kms:ScheduleKeyDeletion
update¶
Parent base class for filters and actions.
definitions:
Tag:
additionalProperties: false
description: A key-value pair to associate with a resource.
properties:
Key:
description: 'The key name of the tag. You can specify a value that is 1 to
128 Unicode characters in length and cannot be prefixed with aws:. You can
use any of the following characters: the set of Unicode letters, digits,
whitespace, _, ., /, =, +, and -.'
maxLength: 128
minLength: 1
type: string
Value:
description: 'The value for the tag. You can specify a value that is 0 to
256 Unicode characters in length and cannot be prefixed with aws:. You can
use any of the following characters: the set of Unicode letters, digits,
whitespace, _, ., /, =, +, and -.'
maxLength: 256
minLength: 0
type: string
required:
- Key
- Value
type: object
properties:
Description:
description: A description of the CMK. Use a description that helps you to distinguish
this CMK from others in the account, such as its intended use.
maxLength: 8192
minLength: 0
type: string
EnableKeyRotation:
description: Enables automatic rotation of the key material for the specified
customer master key (CMK). By default, automation key rotation is not enabled.
type: boolean
Enabled:
description: Specifies whether the customer master key (CMK) is enabled. Disabled
CMKs cannot be used in cryptographic operations.
type: boolean
KeyPolicy:
description: The key policy that authorizes use of the CMK. The key policy must
observe the following rules.
type:
- object
- string
KeySpec:
default: SYMMETRIC_DEFAULT
description: Specifies the type of CMK to create. The default value is SYMMETRIC_DEFAULT.
This property is required only for asymmetric CMKs. You can't change the KeySpec
value after the CMK is created.
enum:
- SYMMETRIC_DEFAULT
- RSA_2048
- RSA_3072
- RSA_4096
- ECC_NIST_P256
- ECC_NIST_P384
- ECC_NIST_P521
- ECC_SECG_P256K1
type: string
KeyUsage:
default: ENCRYPT_DECRYPT
description: Determines the cryptographic operations for which you can use the
CMK. The default value is ENCRYPT_DECRYPT. This property is required only for
asymmetric CMKs. You can't change the KeyUsage value after the CMK is created.
enum:
- ENCRYPT_DECRYPT
- SIGN_VERIFY
type: string
MultiRegion:
default: false
description: Specifies whether the CMK should be Multi-Region. You can't change
the MultiRegion value after the CMK is created.
type: boolean
PendingWindowInDays:
description: Specifies the number of days in the waiting period before AWS KMS
deletes a CMK that has been removed from a CloudFormation stack. Enter a value
between 7 and 30 days. The default value is 30 days.
maximum: 30
minimum: 7
type: integer
Tags:
description: An array of key-value pairs to apply to this resource.
insertionOrder: false
items:
additionalProperties: false
description: A key-value pair to associate with a resource.
properties:
Key:
description: 'The key name of the tag. You can specify a value that is 1
to 128 Unicode characters in length and cannot be prefixed with aws:.
You can use any of the following characters: the set of Unicode letters,
digits, whitespace, _, ., /, =, +, and -.'
maxLength: 128
minLength: 1
type: string
Value:
description: 'The value for the tag. You can specify a value that is 0 to
256 Unicode characters in length and cannot be prefixed with aws:. You
can use any of the following characters: the set of Unicode letters, digits,
whitespace, _, ., /, =, +, and -.'
maxLength: 256
minLength: 0
type: string
required:
- Key
- Value
type: object
type: array
uniqueItems: true
type:
enum:
- update
Permissions - kms:DescribeKey, kms:DisableKey, kms:DisableKeyRotation, kms:EnableKey, kms:EnableKeyRotation, kms:PutKeyPolicy, kms:TagResource, kms:UntagResource, kms:UpdateKeyDescription