1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. kms
  5. ReplicaKey

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

aws-native.kms.ReplicaKey

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

    The AWS::KMS::ReplicaKey resource specifies a multi-region replica AWS KMS key in AWS Key Management Service (AWS KMS).

    Create ReplicaKey Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ReplicaKey(name: string, args: ReplicaKeyArgs, opts?: CustomResourceOptions);
    @overload
    def ReplicaKey(resource_name: str,
                   args: ReplicaKeyArgs,
                   opts: Optional[ResourceOptions] = None)
    
    @overload
    def ReplicaKey(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   key_policy: Optional[Any] = None,
                   primary_key_arn: Optional[str] = None,
                   description: Optional[str] = None,
                   enabled: Optional[bool] = None,
                   pending_window_in_days: Optional[int] = None,
                   tags: Optional[Sequence[_root_inputs.TagArgs]] = None)
    func NewReplicaKey(ctx *Context, name string, args ReplicaKeyArgs, opts ...ResourceOption) (*ReplicaKey, error)
    public ReplicaKey(string name, ReplicaKeyArgs args, CustomResourceOptions? opts = null)
    public ReplicaKey(String name, ReplicaKeyArgs args)
    public ReplicaKey(String name, ReplicaKeyArgs args, CustomResourceOptions options)
    
    type: aws-native:kms:ReplicaKey
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ReplicaKeyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ReplicaKeyArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ReplicaKeyArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ReplicaKeyArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ReplicaKeyArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    ReplicaKey Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The ReplicaKey resource accepts the following input properties:

    KeyPolicy object

    The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.

    Search the CloudFormation User Guide for AWS::KMS::ReplicaKey for more information about the expected schema for this property.

    PrimaryKeyArn string
    Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
    Description string
    A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.
    Enabled bool
    Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.
    PendingWindowInDays int
    Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.
    Tags List<Pulumi.AwsNative.Inputs.Tag>
    An array of key-value pairs to apply to this resource.
    KeyPolicy interface{}

    The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.

    Search the CloudFormation User Guide for AWS::KMS::ReplicaKey for more information about the expected schema for this property.

    PrimaryKeyArn string
    Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
    Description string
    A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.
    Enabled bool
    Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.
    PendingWindowInDays int
    Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.
    Tags TagArgs
    An array of key-value pairs to apply to this resource.
    keyPolicy Object

    The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.

    Search the CloudFormation User Guide for AWS::KMS::ReplicaKey for more information about the expected schema for this property.

    primaryKeyArn String
    Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
    description String
    A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.
    enabled Boolean
    Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.
    pendingWindowInDays Integer
    Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.
    tags List<Tag>
    An array of key-value pairs to apply to this resource.
    keyPolicy any

    The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.

    Search the CloudFormation User Guide for AWS::KMS::ReplicaKey for more information about the expected schema for this property.

    primaryKeyArn string
    Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
    description string
    A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.
    enabled boolean
    Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.
    pendingWindowInDays number
    Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.
    tags Tag[]
    An array of key-value pairs to apply to this resource.
    key_policy Any

    The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.

    Search the CloudFormation User Guide for AWS::KMS::ReplicaKey for more information about the expected schema for this property.

    primary_key_arn str
    Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
    description str
    A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.
    enabled bool
    Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.
    pending_window_in_days int
    Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.
    tags Sequence[TagArgs]
    An array of key-value pairs to apply to this resource.
    keyPolicy Any

    The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.

    Search the CloudFormation User Guide for AWS::KMS::ReplicaKey for more information about the expected schema for this property.

    primaryKeyArn String
    Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
    description String
    A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.
    enabled Boolean
    Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.
    pendingWindowInDays Number
    Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.
    tags List<Property Map>
    An array of key-value pairs to apply to this resource.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ReplicaKey resource produces the following output properties:

    Arn string

    The Amazon Resource Name (ARN) of the replica key, such as arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab .

    The key ARNs of related multi-Region keys differ only in the Region value. For information about the key ARNs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .

    Id string
    The provider-assigned unique ID for this managed resource.
    KeyId string

    The key ID of the replica key, such as mrk-1234abcd12ab34cd56ef1234567890ab .

    Related multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .

    Arn string

    The Amazon Resource Name (ARN) of the replica key, such as arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab .

    The key ARNs of related multi-Region keys differ only in the Region value. For information about the key ARNs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .

    Id string
    The provider-assigned unique ID for this managed resource.
    KeyId string

    The key ID of the replica key, such as mrk-1234abcd12ab34cd56ef1234567890ab .

    Related multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .

    arn String

    The Amazon Resource Name (ARN) of the replica key, such as arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab .

    The key ARNs of related multi-Region keys differ only in the Region value. For information about the key ARNs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .

    id String
    The provider-assigned unique ID for this managed resource.
    keyId String

    The key ID of the replica key, such as mrk-1234abcd12ab34cd56ef1234567890ab .

    Related multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .

    arn string

    The Amazon Resource Name (ARN) of the replica key, such as arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab .

    The key ARNs of related multi-Region keys differ only in the Region value. For information about the key ARNs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .

    id string
    The provider-assigned unique ID for this managed resource.
    keyId string

    The key ID of the replica key, such as mrk-1234abcd12ab34cd56ef1234567890ab .

    Related multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .

    arn str

    The Amazon Resource Name (ARN) of the replica key, such as arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab .

    The key ARNs of related multi-Region keys differ only in the Region value. For information about the key ARNs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .

    id str
    The provider-assigned unique ID for this managed resource.
    key_id str

    The key ID of the replica key, such as mrk-1234abcd12ab34cd56ef1234567890ab .

    Related multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .

    arn String

    The Amazon Resource Name (ARN) of the replica key, such as arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab .

    The key ARNs of related multi-Region keys differ only in the Region value. For information about the key ARNs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .

    id String
    The provider-assigned unique ID for this managed resource.
    keyId String

    The key ID of the replica key, such as mrk-1234abcd12ab34cd56ef1234567890ab .

    Related multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .

    Supporting Types

    Tag, TagArgs

    Key string
    The key name of the tag
    Value string
    The value of the tag
    Key string
    The key name of the tag
    Value string
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag
    key string
    The key name of the tag
    value string
    The value of the tag
    key str
    The key name of the tag
    value str
    The value of the tag
    key String
    The key name of the tag
    value String
    The value of the tag

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi