Interface IKey

A KMS Key, either managed by this CDK app, or imported.

Inherited Members

IResource.ApplyRemovalPolicy(RemovalPolicy)

IResource.Stack

IKeyRef.KeyRef

IEnvironmentAware.Env

Namespace: Amazon.CDK.AWS.KMS

Assembly: Amazon.CDK.Lib.dll

Syntax (csharp)

public interface IKey : IResource, IKeyRef, IConstruct, IDependable, IEnvironmentAware

Syntax (vb)

Public Interface IKey Inherits IResource, IKeyRef, IConstruct, IDependable, IEnvironmentAware

Remarks

This interface does double duty: it represents an actual KMS keys, but it also represents things that can behave like KMS keys, like a key alias.

Synopsis

Properties

KeyArn	The ARN of the key.
KeyId	The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).

Methods

AddAlias(string)	Defines a new alias for the key.
AddToResourcePolicy(PolicyStatement, bool?)	Adds a statement to the KMS key resource policy.
Grant(IGrantable, params string[])	Grant the indicated permissions on this key to the given principal.
GrantDecrypt(IGrantable)	Grant decryption permissions using this key to the given principal.
GrantEncrypt(IGrantable)	Grant encryption permissions using this key to the given principal.
GrantEncryptDecrypt(IGrantable)	Grant encryption and decryption permissions using this key to the given principal.
GrantGenerateMac(IGrantable)	Grant permissions to generating MACs to the given principal.
GrantSign(IGrantable)	Grant sign permissions using this key to the given principal.
GrantSignVerify(IGrantable)	Grant sign and verify permissions using this key to the given principal.
GrantVerify(IGrantable)	Grant verify permissions using this key to the given principal.
GrantVerifyMac(IGrantable)	Grant permissions to verifying MACs to the given principal.

Properties

KeyArn

The ARN of the key.

string KeyArn { get; }

Property Value

string

Remarks

Attribute: true

KeyId

The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).

string KeyId { get; }

Property Value

string

Remarks

Attribute: true

Methods

AddAlias(string)

Defines a new alias for the key.

Alias AddAlias(string alias)

Parameters

alias string

Returns

Alias

Remarks

This interface does double duty: it represents an actual KMS keys, but it also represents things that can behave like KMS keys, like a key alias.

AddToResourcePolicy(PolicyStatement, bool?)

Adds a statement to the KMS key resource policy.

IAddToResourcePolicyResult AddToResourcePolicy(PolicyStatement statement, bool? allowNoOp = null)

Parameters

statement PolicyStatement

The policy statement to add.

allowNoOp bool?

If this is set to false and there is no policy defined (i.e. external key), the operation will fail. Otherwise, it will no-op.

Returns

IAddToResourcePolicyResult

Remarks

This interface does double duty: it represents an actual KMS keys, but it also represents things that can behave like KMS keys, like a key alias.

Grant(IGrantable, params string[])

Grant the indicated permissions on this key to the given principal.

Grant Grant(IGrantable grantee, params string[] actions)

Parameters

grantee IGrantable

actions string[]

Returns

Grant

Remarks

This interface does double duty: it represents an actual KMS keys, but it also represents things that can behave like KMS keys, like a key alias.

GrantDecrypt(IGrantable)

Grant decryption permissions using this key to the given principal.

Grant GrantDecrypt(IGrantable grantee)

Parameters

grantee IGrantable

Returns

Grant

Remarks

This interface does double duty: it represents an actual KMS keys, but it also represents things that can behave like KMS keys, like a key alias.

GrantEncrypt(IGrantable)

Grant encryption permissions using this key to the given principal.

Grant GrantEncrypt(IGrantable grantee)

Parameters

grantee IGrantable

Returns

Grant

Remarks

This interface does double duty: it represents an actual KMS keys, but it also represents things that can behave like KMS keys, like a key alias.

GrantEncryptDecrypt(IGrantable)

Grant encryption and decryption permissions using this key to the given principal.

Grant GrantEncryptDecrypt(IGrantable grantee)

Parameters

grantee IGrantable

Returns

Grant

Remarks

This interface does double duty: it represents an actual KMS keys, but it also represents things that can behave like KMS keys, like a key alias.

GrantGenerateMac(IGrantable)

Grant permissions to generating MACs to the given principal.

Grant GrantGenerateMac(IGrantable grantee)

Parameters

grantee IGrantable

Returns

Grant

Remarks

This interface does double duty: it represents an actual KMS keys, but it also represents things that can behave like KMS keys, like a key alias.

GrantSign(IGrantable)

Grant sign permissions using this key to the given principal.

Grant GrantSign(IGrantable grantee)

Parameters

grantee IGrantable

Returns

Grant

Remarks

This interface does double duty: it represents an actual KMS keys, but it also represents things that can behave like KMS keys, like a key alias.

GrantSignVerify(IGrantable)

Grant sign and verify permissions using this key to the given principal.

Grant GrantSignVerify(IGrantable grantee)

Parameters

grantee IGrantable

Returns

Grant

Remarks

This interface does double duty: it represents an actual KMS keys, but it also represents things that can behave like KMS keys, like a key alias.

GrantVerify(IGrantable)

Grant verify permissions using this key to the given principal.

Grant GrantVerify(IGrantable grantee)

Parameters

grantee IGrantable

Returns

Grant

Remarks

This interface does double duty: it represents an actual KMS keys, but it also represents things that can behave like KMS keys, like a key alias.

GrantVerifyMac(IGrantable)

Grant permissions to verifying MACs to the given principal.

Grant GrantVerifyMac(IGrantable grantee)

Parameters

grantee IGrantable

Returns

Grant

Remarks

This interface does double duty: it represents an actual KMS keys, but it also represents things that can behave like KMS keys, like a key alias.