IKey¶
-
class
aws_cdk.aws_kms.IKey(*args, **kwds)¶ Bases:
aws_cdk.core.IResource,typing_extensions.ProtocolA KMS Key, either managed by this CDK app, or imported.
Methods
-
add_to_resource_policy(statement, allow_no_op=None)¶ Adds a statement to the KMS key resource policy.
- Parameters
statement (
PolicyStatement) – The policy statement to add.allow_no_op (
Optional[bool]) – If this is set tofalseand there is no policy defined (i.e. external key), the operation will fail. Otherwise, it will no-op.
- Return type
-
grant(grantee, *actions)¶ Grant the indicated permissions on this key to the given principal.
- Parameters
grantee (
IGrantable) –actions (
str) –
- Return type
-
grant_decrypt(grantee)¶ Grant decryption permisisons using this key to the given principal.
- Parameters
grantee (
IGrantable) –- Return type
-
grant_encrypt(grantee)¶ Grant encryption permisisons using this key to the given principal.
- Parameters
grantee (
IGrantable) –- Return type
-
grant_encrypt_decrypt(grantee)¶ Grant encryption and decryption permisisons using this key to the given principal.
- Parameters
grantee (
IGrantable) –- Return type
Attributes
-
env¶ The environment this resource belongs to.
For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.
- Return type
-
key_arn¶ The ARN of the key.
- Attribute
true
- Return type
str
-
key_id¶ 1234abcd-12ab-34cd-56ef-1234567890ab).
- Attribute
true
- Type
The ID of the key (the part that looks something like
- Return type
str
-
node¶ The construct tree node for this construct.
- Return type
-