Constructor and Description |
---|
Builder() |
public KeyProps.Builder admins(java.util.List<? extends IPrincipal> admins)
KeyProps.getAdmins()
admins
- A list of principals to add as key administrators to the key policy.
Key administrators have permissions to manage the key (e.g., change permissions, revoke), but do not have permissions
to use the key in cryptographic operations (e.g., encrypt, decrypt).
These principals will be added to the default key policy (if none specified), or to the specified policy (if provided).
this
public KeyProps.Builder alias(java.lang.String alias)
KeyProps.getAlias()
alias
- Initial alias to add to the key.
More aliases can be added later by calling addAlias
.this
public KeyProps.Builder description(java.lang.String description)
KeyProps.getDescription()
description
- A description of the key.
Use a description that helps your users decide
whether the key is appropriate for a particular task.this
public KeyProps.Builder enabled(java.lang.Boolean enabled)
KeyProps.getEnabled()
enabled
- Indicates whether the key is available for use.this
public KeyProps.Builder enableKeyRotation(java.lang.Boolean enableKeyRotation)
KeyProps.getEnableKeyRotation()
enableKeyRotation
- Indicates whether AWS KMS rotates the key.this
public KeyProps.Builder keySpec(KeySpec keySpec)
KeyProps.getKeySpec()
keySpec
- The cryptographic configuration of the key. The valid value depends on usage of the key.
IMPORTANT: If you change this property of an existing key, the existing key is scheduled for deletion
and a new key is created with the specified value.this
public KeyProps.Builder keyUsage(KeyUsage keyUsage)
KeyProps.getKeyUsage()
keyUsage
- The cryptographic operations for which the key can be used.
IMPORTANT: If you change this property of an existing key, the existing key is scheduled for deletion
and a new key is created with the specified value.this
public KeyProps.Builder pendingWindow(Duration pendingWindow)
KeyProps.getPendingWindow()
pendingWindow
- Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack.
When you remove a customer master key (CMK) from a CloudFormation stack, AWS KMS schedules the CMK for deletion
and starts the mandatory waiting period. The PendingWindowInDays property determines the length of waiting period.
During the waiting period, the key state of CMK is Pending Deletion, which prevents the CMK from being used in
cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the CMK.
Enter a value between 7 and 30 days.
this
public KeyProps.Builder policy(PolicyDocument policy)
KeyProps.getPolicy()
policy
- Custom policy document to attach to the KMS key.
NOTE - If the @aws-cdk/aws-kms:defaultKeyPolicies
feature flag is set (the default for new projects),
this policy will override the default key policy and become the only key policy for the key. If the
feature flag is not set, this policy will be appended to the default key policy.this
public KeyProps.Builder removalPolicy(RemovalPolicy removalPolicy)
KeyProps.getRemovalPolicy()
removalPolicy
- Whether the encryption key should be retained when it is removed from the Stack.
This is useful when one wants to
retain access to data that was encrypted with a key that is being retired.this
@Deprecated public KeyProps.Builder trustAccountIdentities(java.lang.Boolean trustAccountIdentities)
KeyProps.getTrustAccountIdentities()
trustAccountIdentities
- Whether the key usage can be granted by IAM policies.
Setting this to true adds a default statement which delegates key
access control completely to the identity's IAM policy (similar
to how it works for other AWS resources). This matches the default behavior
when creating KMS keys via the API or console.
If the @aws-cdk/aws-kms:defaultKeyPolicies
feature flag is set (the default for new projects),
this flag will always be treated as 'true' and does not need to be explicitly set.
this