We recommend new projects start with resources from the AWS provider.
aws-native.kms.ReplicaKey
Explore with Pulumi AI
We recommend new projects start with resources from the AWS provider.
The AWS::KMS::ReplicaKey resource specifies a multi-region replica AWS KMS key in AWS Key Management Service (AWS KMS).
Create ReplicaKey Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ReplicaKey(name: string, args: ReplicaKeyArgs, opts?: CustomResourceOptions);
@overload
def ReplicaKey(resource_name: str,
args: ReplicaKeyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ReplicaKey(resource_name: str,
opts: Optional[ResourceOptions] = None,
key_policy: Optional[Any] = None,
primary_key_arn: Optional[str] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
pending_window_in_days: Optional[int] = None,
tags: Optional[Sequence[_root_inputs.TagArgs]] = None)
func NewReplicaKey(ctx *Context, name string, args ReplicaKeyArgs, opts ...ResourceOption) (*ReplicaKey, error)
public ReplicaKey(string name, ReplicaKeyArgs args, CustomResourceOptions? opts = null)
public ReplicaKey(String name, ReplicaKeyArgs args)
public ReplicaKey(String name, ReplicaKeyArgs args, CustomResourceOptions options)
type: aws-native:kms:ReplicaKey
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ReplicaKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ReplicaKeyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ReplicaKeyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ReplicaKeyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ReplicaKeyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
ReplicaKey Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ReplicaKey resource accepts the following input properties:
- Key
Policy object The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.
Search the CloudFormation User Guide for
AWS::KMS::ReplicaKey
for more information about the expected schema for this property.- Primary
Key stringArn - Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
- Description string
- A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.
- Enabled bool
- Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.
- Pending
Window intIn Days - Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.
- List<Pulumi.
Aws Native. Inputs. Tag> - An array of key-value pairs to apply to this resource.
- Key
Policy interface{} The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.
Search the CloudFormation User Guide for
AWS::KMS::ReplicaKey
for more information about the expected schema for this property.- Primary
Key stringArn - Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
- Description string
- A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.
- Enabled bool
- Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.
- Pending
Window intIn Days - Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.
- Tag
Args - An array of key-value pairs to apply to this resource.
- key
Policy Object The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.
Search the CloudFormation User Guide for
AWS::KMS::ReplicaKey
for more information about the expected schema for this property.- primary
Key StringArn - Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
- description String
- A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.
- enabled Boolean
- Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.
- pending
Window IntegerIn Days - Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.
- List<Tag>
- An array of key-value pairs to apply to this resource.
- key
Policy any The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.
Search the CloudFormation User Guide for
AWS::KMS::ReplicaKey
for more information about the expected schema for this property.- primary
Key stringArn - Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
- description string
- A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.
- enabled boolean
- Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.
- pending
Window numberIn Days - Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.
- Tag[]
- An array of key-value pairs to apply to this resource.
- key_
policy Any The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.
Search the CloudFormation User Guide for
AWS::KMS::ReplicaKey
for more information about the expected schema for this property.- primary_
key_ strarn - Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
- description str
- A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.
- enabled bool
- Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.
- pending_
window_ intin_ days - Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.
- Sequence[Tag
Args] - An array of key-value pairs to apply to this resource.
- key
Policy Any The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.
Search the CloudFormation User Guide for
AWS::KMS::ReplicaKey
for more information about the expected schema for this property.- primary
Key StringArn - Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
- description String
- A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.
- enabled Boolean
- Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.
- pending
Window NumberIn Days - Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.
- List<Property Map>
- An array of key-value pairs to apply to this resource.
Outputs
All input properties are implicitly available as output properties. Additionally, the ReplicaKey resource produces the following output properties:
- Arn string
The Amazon Resource Name (ARN) of the replica key, such as
arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
.The key ARNs of related multi-Region keys differ only in the Region value. For information about the key ARNs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Id string The key ID of the replica key, such as
mrk-1234abcd12ab34cd56ef1234567890ab
.Related multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .
- Arn string
The Amazon Resource Name (ARN) of the replica key, such as
arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
.The key ARNs of related multi-Region keys differ only in the Region value. For information about the key ARNs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .
- Id string
- The provider-assigned unique ID for this managed resource.
- Key
Id string The key ID of the replica key, such as
mrk-1234abcd12ab34cd56ef1234567890ab
.Related multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .
- arn String
The Amazon Resource Name (ARN) of the replica key, such as
arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
.The key ARNs of related multi-Region keys differ only in the Region value. For information about the key ARNs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .
- id String
- The provider-assigned unique ID for this managed resource.
- key
Id String The key ID of the replica key, such as
mrk-1234abcd12ab34cd56ef1234567890ab
.Related multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .
- arn string
The Amazon Resource Name (ARN) of the replica key, such as
arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
.The key ARNs of related multi-Region keys differ only in the Region value. For information about the key ARNs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .
- id string
- The provider-assigned unique ID for this managed resource.
- key
Id string The key ID of the replica key, such as
mrk-1234abcd12ab34cd56ef1234567890ab
.Related multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .
- arn str
The Amazon Resource Name (ARN) of the replica key, such as
arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
.The key ARNs of related multi-Region keys differ only in the Region value. For information about the key ARNs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .
- id str
- The provider-assigned unique ID for this managed resource.
- key_
id str The key ID of the replica key, such as
mrk-1234abcd12ab34cd56ef1234567890ab
.Related multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .
- arn String
The Amazon Resource Name (ARN) of the replica key, such as
arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
.The key ARNs of related multi-Region keys differ only in the Region value. For information about the key ARNs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .
- id String
- The provider-assigned unique ID for this managed resource.
- key
Id String The key ID of the replica key, such as
mrk-1234abcd12ab34cd56ef1234567890ab
.Related multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .
Supporting Types
Tag, TagArgs
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.