IKey

class aws_cdk.aws_kms.IKey(*args, **kwargs)

Bases: aws_cdk.core.IResource, typing_extensions.Protocol

A KMS Key, either managed by this CDK app, or imported.

__init__(*args, **kwargs)

Methods

add_alias(alias)

Defines a new alias for the key.

Parameters

alias (str) –

Return type

Alias

add_to_resource_policy(statement, allow_no_op=None)

Adds a statement to the KMS key resource policy.

Parameters
  • statement (PolicyStatement) – The policy statement to add.

  • allow_no_op (Optional[bool]) – If this is set to false and there is no policy defined (i.e. external key), the operation will fail. Otherwise, it will no-op.

Return type

AddToResourcePolicyResult

grant(grantee, *actions)

Grant the indicated permissions on this key to the given principal.

Parameters
Return type

Grant

grant_decrypt(grantee)

Grant decryption permisisons using this key to the given principal.

Parameters

grantee (IGrantable) –

Return type

Grant

grant_encrypt(grantee)

Grant encryption permisisons using this key to the given principal.

Parameters

grantee (IGrantable) –

Return type

Grant

grant_encrypt_decrypt(grantee)

Grant encryption and decryption permisisons using this key to the given principal.

Parameters

grantee (IGrantable) –

Return type

Grant

Attributes

key_arn

The ARN of the key.

attribute: :attribute:: true

Return type

str

key_id

1234abcd-12ab-34cd-56ef-1234567890ab).

attribute: :attribute:: true

Type

The ID of the key (the part that looks something like

Return type

str

node

The construct tree node for this construct.

Return type

ConstructNode

stack

The stack in which this resource is defined.

Return type

Stack