KeyProps

class aws_cdk.aws_kms.KeyProps(*, alias=None, description=None, enabled=None, enable_key_rotation=None, policy=None, removal_policy=None)

Bases: object

__init__(*, alias=None, description=None, enabled=None, enable_key_rotation=None, policy=None, removal_policy=None)

Construction properties for a KMS Key object.

Parameters

  • alias (Optional[str]) – Initial alias to add to the key. More aliases can be added later by calling addAlias. Default: - No alias is added for the key.

  • description (Optional[str]) – A description of the key. Use a description that helps your users decide whether the key is appropriate for a particular task. Default: - No description.

  • enabled (Optional[bool]) – Indicates whether the key is available for use. Default: - Key is enabled.

  • enable_key_rotation (Optional[bool]) – Indicates whether AWS KMS rotates the key. Default: false

  • policy (Optional[PolicyDocument]) – Custom policy document to attach to the KMS key. Default: - A policy document with permissions for the account root to administer the key will be created.

  • removal_policy (Optional[RemovalPolicy]) – Whether the encryption key should be retained when it is removed from the Stack. This is useful when one wants to retain access to data that was encrypted with a key that is being retired. Default: RemovalPolicy.Retain

Attributes

alias

Initial alias to add to the key.

More aliases can be added later by calling addAlias.

default :default: - No alias is added for the key.

Return type

Optional[str]

description

A description of the key.

Use a description that helps your users decide whether the key is appropriate for a particular task.

default :default: - No description.

Return type

Optional[str]

enable_key_rotation

Indicates whether AWS KMS rotates the key.

default :default: false

Return type

Optional[bool]

enabled

Indicates whether the key is available for use.

default :default: - Key is enabled.

Return type

Optional[bool]

policy

Custom policy document to attach to the KMS key.

default :default:

  • A policy document with permissions for the account root to administer the key will be created.

Return type

Optional[PolicyDocument]

removal_policy

Whether the encryption key should be retained when it is removed from the Stack.

This is useful when one wants to retain access to data that was encrypted with a key that is being retired.

default :default: RemovalPolicy.Retain

Return type

Optional[RemovalPolicy]