Class CfnReplicaKey
The AWS::KMS::ReplicaKey
resource specifies a multi-Region replica key that is based on a multi-Region primary key.
Inherited Members
Namespace: Amazon.CDK.AWS.KMS
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class CfnReplicaKey : CfnResource, IInspectable, ITaggable
Syntax (vb)
Public Class CfnReplicaKey
Inherits CfnResource
Implements IInspectable, ITaggable
Remarks
Multi-Region keys are an AWS KMS feature that lets you create multiple interoperable KMS keys in different AWS Regions . Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information, see Multi-Region keys in the AWS Key Management Service Developer Guide .
A multi-Region primary key is a fully functional symmetric encryption KMS key, HMAC KMS key, or asymmetric KMS key that is also the model for replica keys in other AWS Regions . To create a multi-Region primary key, add an AWS::KMS::Key resource to your CloudFormation stack. Set its MultiRegion
property to true.
A multi-Region replica key is a fully functional KMS key that has the same key ID and key material as a multi-Region primary key, but is located in a different AWS Region of the same AWS partition. There can be multiple replicas of a primary key, but each must be in a different AWS Region .
When you create a replica key in AWS CloudFormation , the replica key is created in the AWS Region represented by the endpoint you use for the request. If you try to replicate a multi-Region key into a Region in which the key type is not supported, the request will fail.
A primary key and its replicas have the same key ID and key material. They also have the same key spec, key usage, key material origin, and automatic key rotation status. These properties are known as shared properties . If they change, AWS KMS synchronizes the change to all related multi-Region keys. All other properties of a replica key can differ, including its key policy, tags, aliases, and key state. AWS KMS does not synchronize these properties.
Regions
AWS KMS CloudFormation resources are available in all AWS Regions in which AWS KMS and AWS CloudFormation are supported. You can use the AWS::KMS::ReplicaKey
resource to create replica keys in all Regions that support multi-Region KMS keys. For details, see Multi-Region keys in AWS KMS in the ** .
See: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html
CloudformationResource: AWS::KMS::ReplicaKey
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.KMS;
var keyPolicy;
var cfnReplicaKey = new CfnReplicaKey(this, "MyCfnReplicaKey", new CfnReplicaKeyProps {
KeyPolicy = keyPolicy,
PrimaryKeyArn = "primaryKeyArn",
// the properties below are optional
Description = "description",
Enabled = false,
PendingWindowInDays = 123,
Tags = new [] { new CfnTag {
Key = "key",
Value = "value"
} }
});
Synopsis
Constructors
CfnReplicaKey(ByRefValue) | Used by jsii to construct an instance of this class from a Javascript-owned object reference |
CfnReplicaKey(DeputyBase.DeputyProps) | Used by jsii to construct an instance of this class from DeputyProps |
CfnReplicaKey(Construct, String, ICfnReplicaKeyProps) |
Properties
AttrArn | The Amazon Resource Name (ARN) of the replica key, such as |
AttrKeyId | The key ID of the replica key, such as |
CFN_RESOURCE_TYPE_NAME | The CloudFormation resource type name for this resource class. |
CfnProperties | |
Description | A description of the KMS key. |
Enabled | Specifies whether the replica key is enabled. |
KeyPolicy | The key policy that authorizes use of the replica key. |
PendingWindowInDays | Specifies the number of days in the waiting period before AWS KMS deletes a replica key that has been removed from a CloudFormation stack. |
PrimaryKeyArn | Specifies the multi-Region primary key to replicate. |
Tags | Tag Manager which manages the tags for this resource. |
TagsRaw | Assigns one or more tags to the replica key. |
Methods
Inspect(TreeInspector) | Examines the CloudFormation resource and discloses attributes. |
RenderProperties(IDictionary<String, Object>) |
Constructors
CfnReplicaKey(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected CfnReplicaKey(ByRefValue reference)
Parameters
- reference Amazon.JSII.Runtime.Deputy.ByRefValue
The Javascript-owned object reference
CfnReplicaKey(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected CfnReplicaKey(DeputyBase.DeputyProps props)
Parameters
- props Amazon.JSII.Runtime.Deputy.DeputyBase.DeputyProps
The deputy props
CfnReplicaKey(Construct, String, ICfnReplicaKeyProps)
public CfnReplicaKey(Construct scope, string id, ICfnReplicaKeyProps props)
Parameters
- scope Constructs.Construct
Scope in which this resource is defined.
- id System.String
Construct identifier for this resource (unique in its scope).
- props ICfnReplicaKeyProps
Resource properties.
Properties
AttrArn
The Amazon Resource Name (ARN) of the replica key, such as arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
.
public virtual string AttrArn { get; }
Property Value
System.String
Remarks
The key ARNs of related multi-Region keys differ only in the Region value. For information about the key ARNs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .
CloudformationAttribute: Arn
AttrKeyId
The key ID of the replica key, such as mrk-1234abcd12ab34cd56ef1234567890ab
.
public virtual string AttrKeyId { get; }
Property Value
System.String
Remarks
Related multi-Region keys have the same key ID. For information about the key IDs of multi-Region keys, see How multi-Region keys work in the AWS Key Management Service Developer Guide .
CloudformationAttribute: KeyId
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
public static string CFN_RESOURCE_TYPE_NAME { get; }
Property Value
System.String
CfnProperties
protected override IDictionary<string, object> CfnProperties { get; }
Property Value
System.Collections.Generic.IDictionary<System.String, System.Object>
Overrides
Description
A description of the KMS key.
public virtual string Description { get; set; }
Property Value
System.String
Enabled
Specifies whether the replica key is enabled.
public virtual object Enabled { get; set; }
Property Value
System.Object
Remarks
Disabled KMS keys cannot be used in cryptographic operations.
KeyPolicy
The key policy that authorizes use of the replica key.
public virtual object KeyPolicy { get; set; }
Property Value
System.Object
PendingWindowInDays
Specifies the number of days in the waiting period before AWS KMS deletes a replica key that has been removed from a CloudFormation stack.
public virtual Nullable<double> PendingWindowInDays { get; set; }
Property Value
System.Nullable<System.Double>
PrimaryKeyArn
Specifies the multi-Region primary key to replicate.
public virtual string PrimaryKeyArn { get; set; }
Property Value
System.String
Tags
Tag Manager which manages the tags for this resource.
public virtual TagManager Tags { get; }
Property Value
TagsRaw
Assigns one or more tags to the replica key.
public virtual ICfnTag[] TagsRaw { get; set; }
Property Value
ICfnTag[]
Methods
Inspect(TreeInspector)
Examines the CloudFormation resource and discloses attributes.
public virtual void Inspect(TreeInspector inspector)
Parameters
- inspector TreeInspector
tree inspector to collect and process attributes.
RenderProperties(IDictionary<String, Object>)
protected override IDictionary<string, object> RenderProperties(IDictionary<string, object> props)
Parameters
- props System.Collections.Generic.IDictionary<System.String, System.Object>
Returns
System.Collections.Generic.IDictionary<System.String, System.Object>